Questions: Message Passing IPC: Semantics and Guarantees

At-least-once delivery guarantees the message arrives but may deliver it multiple times (the sender retransmits when it doesn't receive an ack, even if the ack was lost after successful processing). The standard mitigation is idempotent handlers: assign each payment a unique transaction ID, and reject or ignore any message with an ID that has already been processed. This effectively achieves safe behavior equivalent to exactly-once without the implementation cost. Option B describes at-most-once (fire-and-forget), which would lose payments rather than duplicate them.

A blocking (synchronous) send means the sender waits until the receiver picks up the message — they rendezvous at the communication point. This provides natural flow control (the producer cannot generate more messages than the consumer can handle) but wastes sender CPU time waiting. A non-blocking (asynchronous) send deposits the message in a buffer and returns immediately, freeing the sender to continue. Options C and D are false — blocking behavior and delivery reliability are independent design axes.

Answer: True

Delivery semantics (at-most-once, at-least-once, exactly-once) are implementation choices inside the communication layer, not reflected in the API surface. Two systems might both expose send(msg) and receive() calls while one silently drops messages on failure (at-most-once) and the other retransmits until acknowledged (at-least-once). Application code looks the same; the behavior under failure is radically different. This is why understanding the semantic contract of a message queue is essential before relying on it.

Answer: False

At-least-once delivery can cause duplicate processing, which for non-idempotent operations is as harmful as data loss. Charging a credit card twice is a serious error; so is inserting a database record twice. Whether 'safer' depends entirely on the application: at-most-once is safer when duplicates are catastrophic and occasional loss is tolerable; at-least-once is safer when loss is catastrophic and the application can be made idempotent. Neither is universally safer — the choice must match the operation's properties.

The key insight is that 'exactly-once' is a guarantee that must be maintained across failures, including failures that happen after processing but before the ack is sent. This failure window is what makes it hard. Idempotent handlers sidestep the problem entirely: if duplicates are harmless, there's no need to prevent them, and the guarantee you actually need (each message has the correct effect once) is achieved with much simpler infrastructure.