SWI-Prolog -- Caveats

Documentation
- Reference manual
- Packages
  - SWI-Prolog C-library
    - library(udp_broadcast): A UDP broadcast proxy
      - Caveats
        
        udp_broadcast_close/1
        
        udp_broadcast_initialize/2
        
        udp_peer_add/2
        
        udp_peer_del/2
        
        udp_peer/2
        
        udp_term_string_hook/3
        
        udp_unicast_join_hook/3

19.1 Caveats

While the implementation is mostly transparent, there are some important and subtle differences that must be taken into consideration:

UDP broadcast requires an initialization step in order to launch the broadcast listener proxy. See udp_broadcast_initialize/2.
Prolog's broadcast_request/1 is nondet. It sends the request, then evaluates the replies synchronously, backtracking as needed until a satisfactory reply is received. The remaining potential replies are not evaluated. With UDP, all peers will send all answers to the query. The receiver may however stop listening.
A UDP broadcast/1 is completely asynchronous.
A UDP broadcast_request/1 is partially synchronous. A broadcast_request/1 is sent, then the sender balks for a period of time (default: 250 ms) while the replies are collected. Any reply that is received after this period is silently discarded. A optional second argument is provided so that a sender may specify more (or less) time for replies.
Replies are presented to the user as a choice point on arrival, until the broadcast request timer finally expires. This allows traffic to propagate through the system faster and provides the requestor with the opportunity to terminate a broadcast request early if desired, by simply cutting choice points.
Please beware that broadcast request transactions remain active and resources consumed until broadcast_request finally fails on backtracking, an uncaught exception occurs, or until choice points are cut. Failure to properly manage this will likely result in chronic exhaustion of UDP sockets.
If a listener is connected to a generator that always succeeds (e.g. a random number generator), then the broadcast request will never terminate and trouble is bound to ensue.
broadcast_request/1 with udp_subnet scope is not reentrant. If a listener performs a broadcast_request/1 with UDP scope recursively, then disaster looms certain. This caveat does not apply to a UDP scoped broadcast/1, which can safely be performed from a listener context.
UDP broadcast's capacity is not infinite. While it can tolerate substantial bursts of activity, it is designed for short bursts of small messages. Unlike TIPC, UDP is unreliable and has no QOS protections. Congestion is likely to cause trouble in the form of non-Byzantine failure. That is, late, lost (e.g. infinitely late), or duplicate datagrams. Caveat emptor.
A UDP broadcast_request/1 term that is grounded is considered to be a broadcast only. No replies are collected unless the there is at least one unbound variable to unify.
A UDP broadcast/1 always succeeds, even if there are no listeners.
A UDP broadcast_request/1 that receives no replies will fail.
Replies may be coming from many different places in the network (or none at all). No ordering of replies is implied.
Prolog terms are sent to others after first converting them to atoms using term_string/3. Serialization does not deal with cycles, attributes or sharing. The hook udp_term_string_hook/3 may be defined to change the message serialization and support different message formats and/or encryption.
The broadcast model is based on anonymity and a presumption of trust--a perfect recipe for compromise. UDP is an Internet protocol. A UDP broadcast listener exposes a public port, which is static and shared by all listeners, and a private port, which is semi-static and unique to the listener instance. Both can be seen from off-cluster nodes and networks. Usage of this module exposes the node and consequently, the cluster to significant security risks. So have a care when designing your application. You must talk only to those who share and contribute to your concerns using a carefully prescribed protocol.
UDP broadcast categorically and silently ignores all message traffic originating from or terminating on nodes that are not members of the local subnet. This security measure only keeps honest people honest!

udp_broadcast_close(+Scope)

Close a UDP broadcast scope.

[semidet]udp_broadcast_initialize(+IPAddress, +Options)

Initialized UDP broadcast bridge. IPAddress is the IP address on the network we want to broadcast on. IP addresses are terms ip(A,B,C,D) or an atom or string of the format A.B.C.D. Options processed:

scope(+ScopeName)

Name of the scope. Default is subnet.

subnet_mask(+SubNet)

Subnet to broadcast on. This uses the same syntax as IPAddress. Default classifies the network as class A, B or C depending on the the first octet and applies the default mask.

port(+Port)

Public port to use. Default is 20005.

method(+Method)

Method to send a message to multiple peers. One of

broadcast: Use UDP broadcast messages to the LAN. This is the default
multicast: Use UDP multicast messages. This can be used on WAN networks, provided the intermediate routers understand multicast.
unicast: Send the messages individually to all registered peers.

For compatibility reasons Options may be the subnet mask.

[det]udp_peer_add(+Scope, +Address)

[det]udp_peer_del(+Scope, ?Address)

[nondet]udp_peer(?Scope, ?Address)

Manage and query the set of known peers for a unicast network. Address is either a term IP:Port or a plain IP address. In the latter case the default port registered with the scope is used.

Address has canonical form ip(A,B,C,D):Port.

[det,multifile]udp_term_string_hook(+Scope, +Term, -String)

[semidet,multifile]udp_term_string_hook(+Scope, -Term, +String)

Hook for serializing the message Term. The default writes %prolog\n, followed by the Prolog term in quoted notation while ignoring operators. This hook may use alternative serialization such as fast_term_serialized/2, use library(ssl) to realise encrypted messages, etc.

Scope is the scope for which the message is broadcasted. This can be used to use different serialization for different scopes.

Term

encapsulates the term broadcasted by the application as follows:

send(ApplTerm): Is sent by broadcast(udp(Scope, ApplTerm))
request(Id, ApplTerm): Is sent by broadcast_request/1, where Id is a unique large (64 bit) integer.
reply(Id, ApplTerm): Is sent to reply on a broadcast_request/1 request that has been received. Arguments are the same as above.

throws: The hook may throw udp(invalid_message) to stop processing the message.

[semidet,multifile]udp_unicast_join_hook(+Scope, +From, +Data)

This multifile hook is called if an UDP package is received on the port of the unicast network identified by Scope. From is the origin IP and port and Data is the message data that is deserialized as defined for the scope (see udp_term_string/3).

This hook is intended to initiate a new node joining the network of peers. We could in theory also omit the in-scope test and use a normal broadcast to join. Using a different channal however provides a basic level of security. A possibe implementation is below. The first fragment is a hook added to the server, the second is a predicate added to a client and the last initiates the request in the client. The excanged term (join(X)) can be used to exchange a welcome handshake.

:- multifile udp_broadcast:udp_unicast_join_hook/3.
udp_broadcast:udp_unicast_join_hook(Scope, From, join(welcome)) :-
    udp_peer_add(Scope, From),

join_request(Scope, Address, Reply) :-
    udp_peer_add(Scope, Address),
    broadcast_request(udp(Scope, join(X))).

?- join_request(myscope, "1.2.3.4":10001, Reply).
Reply = welcome.