Changes

Recommended Property Tree Enhancements

10,028 bytes added, 15:13, 9 March 2016
Switch to {{flightgear url}} and {{simgear url}} to fix the broken Gitorious links.
{{Out of date}}
{{Template:RFC Navigation}}
 
== Intro ==
While FlightGear's powerful PropertyTree implementation can be considered to be the core of FlightGear's dynamic, flexible and open nature (and thus also FlightGear's success in the first place) it is more and more often getting obvious that the PropertyTree itself could benefit from an -at least optionally- more structural approach to processing (reading/writing) certain data (property tree variables), whose integrity may be directly critical for the simulator's integrity itself. This applies in particular in an increasingly parallel, multi-threaded and possibly distributed environment. Where data flow dependencies and relationships need to be made as explicit and obvious as possible.
=== Today's Practice ===
Simply put: property tree use in many places in FlightGear today is often following a very simple pattern, where the property tree is simply used as a (very) powerful and easy-to-use "dump space" for all sorts of data and runtime state stored in property tree variables, most of which often being completely typeless or at least very losely-typed, so that access to this state is at most also very losely-organized due to the lack of integrity-enforcing and access-limiting mechanisms.
While this flexibility can be tremendously appreciated from a user's point of view (because it makes it so much more intuitive and easy to use the property tree) this very flexibility (that is, the lack of typing-requirements and data-integrity enforcement mechanisms) can be considered to be a troublesome factor when it comes to ensuring (and optionally also enforcing) proper internal sim state to guarantee valid state for critical variables that may seriously impact simulator performance. Thus, data flow dependencies need to be formalized and made '''explicit''' [http://www.mail-archive.com/flightgear-devel@lists.sourceforge.net/msg18066.html] in order to help FlightGear become more structured in its housekeeping department. Implementing these suggestions will automatically also help in other areas that are currently limited by FlightGear's current model of internal state management, such as for example by making it easier to implement support for dynamically switchable aircraft (for details, see [[FlightGear Sessions]] or [[Reset & re-init]]). In addition, this very meta information will also help make FlightGear more easily parallelizable:  "In general, FG has quite a few data dependencies internally which make multi-threading challenging right now - there's groundwork to make the data-dependencies more explicit (i.e, via the property tree) that has to happen before pieces can easily move to other threads."[http://www.mail-archive.com/flightgear-devel@lists.sourceforge.net/msg18066.html]
== Problems ==
=== No access control taking place ===
Currently, it is possible -and common practice- for '''all''' properties to be easily accessed (read) and written to from arbitrary FlightGear subsystems and components. In fact, it is even possible for aircraft configuration files and scripts to affect/overwrite crucial internal state.
 Encapsulation is basically non-existent for many properties. This is a theoretical nightmare from an data integrity point of view, because state may be mutated from places and by components that may -strictly spoken- have no business exercising write access for certain properties or even whole subtrees of the property tree. In addition, such losely structured and organized write access to properties also raises the question of housekeeping and cleanup responsibility, once data needs to be cleaned up for example, i.e. when re-initializing a specific subsystem or possibly the whole simulator. As of 05/2009 this is an issue that has also been discussed on the jsbsim developers mailing list, because there is currently no clear policy whether distinct components (such as an FDM) should generally only mutate internal/private state (i.e. state that is at least conceptually 'owned' by the component) or whether components should also be allowed to mutate outside state outside their own branch of the private property tree (see [[FDM engine feature standardization#Constraining Property Tree Access|Constraining Property Tree Access for FDMs]] for details).
=== No concept of (exclusive) property ownership ===
In fact, it is unfortunately even possible to easily register multiple ''writing'' property listeners for the very same property [http://www.mail-archive.com/flightgear-devel@lists.sourceforge.net/msg02422.html] (for example, it would be possible -and has been the case in the past- that registered listeners are exercising write access to properties exclusively owned (at least conceptually) by other components, such as the FDM, whose state would then be automatically invalidated due to its registered listeners each time a property is updated).
So that, one change (write access) to such a property may result in multiple subsequent write accesses '''to the same property''' by its registered listeners.
This is problematic in that property tree state may be mutated and invalidated by its own registered listeners [http://www.mail-archive.com/flightgear-devel@lists.sourceforge.net/msg02423.html]. And for the majority of FlightGear components relying on tied property listeners, this would indeed result in undefined behavior and can be considered troublesome, because conceptually components such as an FDM engine will normally require exclusive write access to certain output properties, i.e. it will require the right to full '''owernship'''. === Concerning the Concept of Property Ownership ===It's pretty obvious that this might probably also be very useful to help prepare FlightGear for a more modular and parallelized (multithreaded) future (as discussed and proposed in [http://wiki.flightgear.org/flightgear_wiki/images/1/1e/New_FG_architecture.pdf]), where it would be of paramount importance to provide very finely-grained access to data that may possibly require locking in a threaded environment, so that FG components would no longer directly write to properties (that are conceptually owned by other subsystems) but rather write their requests [=new values] to a blocking, component-specific queue, which would in turn be processed (validated, checked for integrity) by the owning component in a sequential fashion to ensure valid internal state. Basically, resembling/emulating queue-based [http://en.wikipedia.org/wiki/Software_transactional_memory Software Transactional Memory]. FlightGear components would then publish a public getter method which could be accessed by all other components to read arbitrary component-specific state, unlike updates (write access) to properties, which would only take place using a well-defined component-specific interface. To enforce property ownership, component-specific properties could be generally maintained in a dedicated SGPropertyNode container for each component, so that components (i.e. currently SGSubsystems) would feature their own private property tree, rather than following the current approach of having one global dump space for all properties (which is understandably hard to provide properly synchronized access for) That way, subsystems (or components) could automatically "mirror" all private component-specific properties within the global property space (for easy accessing), however write access could easily be made totally optional, and could be tunneled through a synchronized, component-specific queue that contains all update requests. It can be assumed that implementing such or similar mechanisms to improve data [http://en.wikipedia.org/wiki/Information_hiding encapsulation] would help improve and modularize the overall architecture. From a usability point of view, it would also still be possible to provide abstract wrappers in the form of the fgGet*/Set* utility functions that internally rewire transactions properly. In addition, subsystems that provide and maintain their own private property tree, can be easily run in different threads or even as different processes without requiring thread-level sychronization (locks, mutexes/semaphores) To quote [http://sourceforge.net/tracker/?func=detail&aid=1323262&group_id=19399&atid=369399]:"This is in fact in line with the approach David Megginson (designer and developer of the property tree implementation in FlightGear) proposed in a discussion about possible ways to prepare FlightGear for a multi-threaded future: subsystems would all have their own instances of a property tree so that reading/writing (subsystem-specific) values could happen in an organized fashion where each read/write request is dispatched to the corresponding subsystem in order to ensure that these requests are happening in a coordinated fashion. Still, each subsystem could publish "pointers" (or aliases) to a global property tree which would be accessible to all other subsystems, yet accesses would be dispatched so that subsystems could be arbitrarily threaded because each subsystem would handle its own property tree internally. Thus, the locking overhead would also be extremely minimized because the property tree would be partitioned into subsystem-specific toplevel nodes, where access to anyone property doesn't necessarily require other nodes to be inaccessible/locked (see [http://www.mail-archive.com/flightgear-devel@flightgear.org/msg00891.html] and [http://www.mail-archive.com/flightgear-devel@lists.sourceforge.net/msg18063.html]"
=== Differentiating between "active" and "passive" listeners ===
* values outside of valid range being written to/read from a node
* "0" values read from nodes that must not be 0
* type of a property changed, that shouldn't be changed
* crucial runtime constants being changed at runtime
* mis-spelled property names [http://www.mail-archive.com/flightgear-devel@lists.sourceforge.net/msg06222.html] - this could be easily addressed by extending the current fgSet*/fgGet* API functions to also take an optional parameter indicating whether a node MUST_EXIST, NOT_NULL etc.
...
== Introducing "Managed Properties" ==
{{FGCquote
|1= Making the property tree thread-safe is an interesting but a very daunting task since properties are (ab)used in so many ways.. :) I have a soft spot for using multi-buffering to support concurrent readers with concurrent writers, but for something as unstructured (in terms of who writes where) as this I'm at a loss to see how or if it could be applied.
|2= {{cite web
| url = http://sourceforge.net/p/flightgear/mailman/message/34797127/
| title = <nowiki>Re: [Flightgear-devel] Designing a thread-safe property tree API
(was Re: A FGPythonSys implementation: ...)</nowiki>
| author = <nowiki>Anders Gidenstam</nowiki>
| date = Jan 26th, 2016
| added = Jan 26th, 2016
| script_version = 0.23
}}
}}
The idea {{FGCquote|1= the property tree as it is currently is to introduce so called "managed properties" for crucial runtime state, in order to ensure, enforce need of some rework because of the ownship (single desktop aircraft) approach. This is easier than it sounds - basically most of the property tree becomes part of the aircraft and maintain integrity only a few items are shared. This will also allow the switching of such state variables by using additional meta information aircraft. The reason to apply data-integrity requirementsconsider this now, as well as access privileges and maybe not implement it, is to prevent important runtime state from being mutated by nonensure that the design will support this when it is time to implement it.|2= {{cite web | url = http://sourceforge.net/p/flightgear/mailman/message/34631875/ | title = <nowiki>Re: [Flightgear-authorized components or invalid datadevel] HLA developments</nowiki> | author = <nowiki>Richard Harrison</nowiki> | date = Nov 19th, 2015 | added = Nov 19th, 2015 | script_version = 0.23 }}}}
The idea is to introduce so called "managed properties" for crucial runtime state, in order to optionally ensure, enforce and maintain integrity of such state variables by using additional meta information to apply data-integrity requirements, as well as access privileges to prevent important runtime state from being mutated by non-authorized components or invalid data. == Recommended new 'types' for nodes ==Currently, there is no clear distinction taking place between arbitrary strings, filenames, paths, property paths or property nodes - this makes it increasingly complicated to keep track of what sort of data is represented by a particular node /string in the tree and makes it basically impossible to provide validation routines, or even come up with XML schemas [http://www.mail-archive.com/flightgear-devel@lists.sourceforge.net/msg21404.html] that might help validating PropertyList-encoded XML files.
Thus, it is suggested to start differentiating clearly between these different types of strings:
=== File handling related ===
* type="string:path" - value to be specified is a path
* type="string:filename" - value to be specified is a filename, this would help tremendously in tracking file dependencies among FlightGear base package XML files (see [http://sourceforge.net/tracker/index.php?func=detail&aid=1905712&group_id=583&atid=350583]).
=== Property Tree related ===
* type="string:property-node" - value to be specified is a property node
== Suggested new attributes in PropertyList XML files==
* "scope" or "lifetime" to formally describe the scope of a node as discussed in [[FlightGear Sessions]]* "live" (or similar, jsbsim these properties are called "interface properties" [http://sourceforge.net/mailarchive/forum.php?thread_name=004001c9e8b2%248bb8da20%24a32a8e60%24%40net&forum_name=jsbsim-devel]) - to indicate dynamically updated (at runtime) node data, i.e. automatically register a corresponding listener for such properties, rather than just using the static value obtained during parse time and treat it as const then, this is likely to be useful for a number of scenarios: right now, each individual FG component requiring this feature, needs to implement it separately, i.e. the autopilot code now features support for dynamically modifiable properties, as well [http://sourceforge.net/mailarchive/message.php?msg_id=47F0027F.6080304%40telus.net], the same applies to the gui/dialog code, which may also make use of "live" properties [http://mail.flightgear.org/pipermail/flightgear-cvslogs/2004-May/007871.html], whose values may change at runtime. Increasingly, it is getting obvious that other FlightGear components may also benefit from such a feature [http://sourceforge.net/mailarchive/forum.php?thread_name=483C054B.5010305%40g2ms.com&forum_name=flightgear-devel] or [http://www.mail-archive.com/flightgear-devel@lists.sourceforge.net/msg22403.html], [http://www.mail-archive.com/flightgear-devel@lists.sourceforge.net/msg10688.html]. Thus, it would seem appropriate to generalize the concept of "live properties", whose values may be changed and ought to take effect accordingly. This attribute might come from another attribute to indicate the corresponding listener-bound property, i.e.:
<PropertyList>
<foo type="double" live="true" property="/foo/myfoo/value"/>
</PropertyList>
* "default-value" - to enable contributors to provide sensible default values in XML files(jsbsim has this already in the form of an initial value [http://sourceforge.net/tracker/?func=detail&aid=1796992&group_id=19399&atid=369399], [http://sourceforge.net/mailarchive/forum.php?thread_name=004001c9e8b2%248bb8da20%24a32a8e60%24%40net&forum_name=jsbsim-devel])
* "value" attribute - to directly provide node values as attributes more easily in the form of "<node type="string" value="foo"/> instead of the currently required form "<node type="string">foo</node>"
* "description" attribute - to directly document the purpose of a node, so that documentation can be automatically created by walking the property tree
(validation optional: runtime-configurable)
* "unit" to directly keep track of the unit of a numeric value and optionally ensure that only values of same unit are written to a variable(currently, units are merely by convention tracked using a corresponding suffix) (also see: [http://sourceforge.net/tracker/?func=detail&aid=1241948&group_id=19399&atid=369399])* "min"/"max" attributes to define valid ranges for numeric values[http://www.mail-archive.com/flightgear-devel@flightgear.org/msg10993.html]
* "stepping" attribute to define valid stepping for numeric values
* "enum" for textual multi-state variables, to ensure that only valid state can be written to such a variable
* "enum-values" - store valid values for enum type
* "flip-aroundwrap/mod" - to specify whether a value overflow means to flip back to the 1st valid state[http://www.mail-archive.com/flightgear-devel@flightgear.org/msg10993.html]
* "notnil" - value may never be empty/unset
* tie restrictions?[http://www.mail-archive.com/flightgear-devel@lists.sourceforge.net/msg00717.html]
* listener restrictions (max/none)?
* max simultaneously registered active (writing) listeners
=== Permission handling related ===
* <del>"readonly/constant" for constant values that may not change during runtime (or currently: whose changes won't take effect until restart?)</del> [http://www.mail-archive.com/flightgear-devel@lists.sourceforge.net/msg19312.html] {{Done}} (by TheTom [{{simgear url|commit=0b197501e1cc611606b9c3728613530714539717}}] [{{flightgear url|commit=771586854b84f6824112f10f854488979e960094}}])
===File handling related === * "filetype:" to explicitly highlight type of file being expected/provided (i.e. "texture/rgb") - this should probably make use of standard MIME types
* "default-working-dir" - default cwd if only filename specified without path info
== Additional Ideas Introducing Variables in PropertyList XML Files ==
* introducing the concept of "base/frame pointers" for property nodes (and possibly attributes) as described in [http://www.mail-archive.com/flightgear-devel@lists.sourceforge.net/msg11307.html] would surely simplify PropertyList XML files tremendously and make them much more intuitive to work with (this is in fact conceptually pretty much identical to another suggestion, to provide basically the same facility for (non-relative, file system) paths and filenames provided in aircraft/PropertyList XML files, as posted in response[http://mail.flightgear.org/pipermail/flightgear-devel/2004-November/032299.html] to a request by C. Olson to enable aircraft to become more easily relocatable [http://mail.flightgear.org/pipermail/flightgear-devel/2004-November/032294.html] [http://mail.flightgear.org/pipermail/flightgear-devel/2004-November/032295.html]). This could for example be achieved by generalizing the current concept of aliases or by introducing a possibility to set file-specific (or possibly just global) variables in XML files that can later on be referenced and resolved in attributes or nodes in the XML file, i.e. along the lines of (the details might still need to be discussed, though):
<!-- making use of "base pointers" to directly refer to the proper location instead of using lots of nested relative path specs -->
<aircraft-filename type="string">%[[$FG_ROOT%]]/myAircraft/myAc-set.xml</aircraft-filename> <some-property type="string">%$ROOT_TREE%/gui/
</PropertyList>
</pre>
Implementation-wise, it would be possible to add support for this by either extending the current XMLVisitor code in simgear, or by sub-classing it, so that a static std::map<std::string,std::string> could be used to store variable/value pairs, and automatically parse each encountered attribute or node value for a corresponding variable identifier token that should normally not show up in common use scenarios (such as i.e. '%'). That way, all such occurrences could be automatically looked up in the std::map and resolved to their corresponding equivalents at runtime. So that users would then be able to easily refer to "short hands" for well-defined locations (it might make sense to differentiate between local and global xml variables, the latter of which could automatically take effect for all parsed XML files, while the former would only use a lookup map for the root XML file or any files it references using the include directive).
[[Category:RFC]]
[[Category:Property Tree]]