20051130-NortheasternPL.ppt
Download
Report
Transcript 20051130-NortheasternPL.ppt
Type Systems for Region-based
Memory Management
Matthew Fluet
Greg Morrisett & Amal Ahmed
Harvard University
Memory Management
Dynamic allocation pervasive in computation
2
Memory Management
Dynamic allocation pervasive in computation
Range of methods for managing memory
3
Memory Management
Dynamic allocation pervasive in computation
Range of methods for managing memory
–
4
malloc/free
efficient, but tedious and error prone
Memory Management
Dynamic allocation pervasive in computation
Range of methods for managing memory
5
–
malloc/free
efficient, but tedious and error prone
–
garbage collection
transparent and safe, but (can be) inefficient
Memory Management
Dynamic allocation pervasive in computation
Range of methods for managing memory
6
–
malloc/free
efficient, but tedious and error prone
–
regions
–
garbage collection
transparent and safe, but (can be) inefficient
Region-based Memory Management
Operationally
–
–
–
7
Memory is divided regions (denoted by r, r, …)
Objects are individually allocated in a region
All objects in a region are deallocated together
Region-based Memory Management
Runtime Organization
–
–
–
Regions are linked lists of pages
Arbitrary intra- and inter-region references
Similar to arena-style allocators
r1
Region
handles
r2
r3
8
Application: Cyclone
Cyclone Safe-C Project
–
–
9
type-safety
with the “virtues” of C
low-level interface with manifest cost model
Application: Cyclone
Cyclone Safe-C Project
–
–
–
10
type-safety
with the “virtues” of C
low-level interface with manifest cost model
range of memory management options
regions are an organizing principle
Application: Cyclone
MediaNET
–
–
–
11
TCP benchmark (packet forwarding)
Cyclone v.0.1
High water mark: 840 KB
130 collections
Basic throughput: 50 MB/s
Cyclone v.0.5
High water mark: 8 KB
0 collections
Basic throughput: 74MB/s
Cyclone: Regions
Region variety
Stack
Allocation
(objects)
Deallocation
(what)
static
Lexical
whole region
(when)
Aliasing
(objects)
exit of
lexical scope
unrestricted
Dynamic
Heap (`H)
Unique (`U)
manual
automatic
(BDW GC)
dynamic
single objects
manual
Ref-counted (`RC)
12
restricted
Cyclone: Regions
Allocation
(objects)
Region variety
Stack
Lexical
Dynamic
Deallocation
(what)
static
(when)
exit of
lexical scope
Meta-theory of Cyclone
is a nightmare!!
Heap (`H)
Unique (`U)
whole region
13
unrestricted
manual
automatic (BDW
GC)
dynamic
single objects
manual
Ref-counted (`RC)
Aliasing
(objects)
restricted
Cyclone: Regions
Allocation
(objects)
Region variety
Stack
Lexical
Dynamic
Heap (`H)
Deallocation
(what)
(when)
static
exit of
Ultimate Goal: simple model where
lexical scope
whole
region
we can easily encode the key
features of Cyclone in a target
manual
language with simpler meta-theory
automatic (BDW
Unique (`U)
dynamic
14
unrestricted
GC)
single objects
manual
Ref-counted (`RC)
Aliasing
(objects)
restricted
Cyclone: Regions
Region variety
Stack
Lexical
Dynamic
Heap (`H)
Allocation
(objects)
Deallocation
(what)
(when)
static
exit offor
Today’s Goal: Three type systems
lexical scope
whole
region
region-based languages,
culminating with a fairly good
manual
approximation of Cyclone’s automatic
features
(BDW
Unique (`U)
dynamic
15
unrestricted
GC)
single objects
manual
Ref-counted (`RC)
Aliasing
(objects)
restricted
Outline
Introduction
Type-and-Effect System (Tofte-Talpin)
Monadic Type System (FRGN)
–
Translation Sketch
Substructural Type System (lrgnURAL)
–
Translation Sketch
Conclusion
16
Type Systems for Regions
Memory is divided into regions
–
type of handle for region r
hnd r
17
Type Systems for Regions
Memory is divided into regions
–
type of handle for region r
hnd r
Objects are individually allocated in a region
–
–
operations: new, read, write
type of object of type t allocated in region r
ref r t
18
Tofte-Talpin Region Calculus [’94]
Regions are created and destroyed
with a lexically scoped construct:
letregion r,h in e
All objects in region r are deallocated
together at the end of r’s scope
19
Tofte-Talpin Region Calculus [’94]
Regions are created and destroyed
with a lexically scoped construct:
letregion r,h in e
All objects in region r are deallocated
together at the end of r’s scope
Regions have LIFO lifetimes
Live regions can be organized as a stack
20
Tofte-Talpin Region Calculus [’94]
Regions are created and destroyed
with a lexically scoped construct
21
Tofte-Talpin Region Calculus [’94]
Regions are created and destroyed
with a lexically scoped construct
r1
22
letregion r1,h1 in
let a = new h1 1 in
let c = letregion r2,h2 in
let b = new h2 7 in
new h1 (read a + read b) in
…c…
Tofte-Talpin Region Calculus [’94]
Regions are created and destroyed
with a lexically scoped construct
r1
a:1
letregion r1,h1 in
let a = new h1 1 in
let c = letregion r2,h2 in
let b = new h2 7 in
new h1 (read a + read b) in
…c…
input
allocated in
first region
23
Tofte-Talpin Region Calculus [’94]
Regions are created and destroyed
with a lexically scoped construct
r2
r1
a:1
letregion r1,h1 in
let a = new h1 1 in
let c = letregion r2,h2 in
let b = new h2 7 in
new h1 (read a + read b) in
…c…
input
allocated in
first region
24
Tofte-Talpin Region Calculus [’94]
Regions are created and destroyed
with a lexically scoped construct
r2
b:7
r1
a:1
letregion r1,h1 in
let a = new h1 1 in
temporary allocated
let c = letregion r2,h2 in
in second region
let b = new h2 7 in
new h1 (read a + read b) in
…c…
input
allocated in
first region
25
Tofte-Talpin Region Calculus [’94]
Regions are created and destroyed
with a lexically scoped construct
r2
b:7
r1
a:1
c:8
letregion r1,h1 in
let a = new h1 1 in
temporary allocated
let c = letregion r2,h2 in
in second region
let b = new h2 7 in
new h1 (read a + read b) in
…c…
input and output
allocated in
first region
26
Tofte-Talpin Region Calculus [’94]
Regions are created and destroyed
with a lexically scoped construct
r1
a:1
c:8
letregion r1,h1 in
let a = new h1 1 in
temporary allocated
let c = letregion r2,h2 in
in second region
let b = new h2 7 in
new h1 (read a + read b) in
…c…
input and output
allocated in
first region
27
Type-and-Effect System
Track the set f of regions accessed
by a computation:
G ` e : t, f
Function types include a latent effect:
f
t1 !
t2
The role of f is to tell us when it is not safe to
deallocate a region
28
Type-and-Effect System
Typing rule for letregion is subtle:
G,h:hnd r ` e : t, f r ∉ frv(G,t)
G ` letregion r,h in e : t, f \ {r}
29
Type-and-Effect System
Typing rule for letregion is subtle:
G,h:hnd r ` e : t, f r ∉ frv(G,t)
G ` letregion r,h in e : t, f \ {r}
Typing rule for effect weakening:
G ` e : t, f f µ f’
G ` e : t, f’
30
Type-and-Effect System
Effects are pervasive in typing rules:
G ` e1 : int, f1 G ` e2 : int, f2
G ` e1 + e2 : int, f1 [ f2
G ` eh : hnd r, fh G ` e : t, f
G ` new eh e : ref r t, fh [ f [ {r}
31
Type-and-Effect System
Type-and-effects system ensures safety
32
Type-and-Effect System
Type-and-effects system ensures safety
But adds complications:
–
–
–
33
Typing rule for letregion is subtle
(due to the interplay of dangling pointers and effects)
Effect weakening and region subtyping
Effects correspond to sets of regions
(term equality no longer suffices for type checking)
Monadic Type Systems
Monadic encapsulation of effects [L-PJ 94]
–
34
Embed imperative features in pure languages
Monadic Type Systems
Monadic encapsulation of effects [L-PJ 94]
–
Embed imperative features in pure languages
Types
ST s a
STRef s a
Operations
returnST :: 8s,a. a ! ST s a
thenST :: 8s,a,b. ST s a ! (a ! ST s b) ! ST s b
newSTRef :: 8s,a. a ! ST s (STRef s a)
readSTRef :: 8s,a. STRef s a ! ST s a
writeSTRef :: 8s,a. STRef s a ! a ! ST s 1
35
Monadic Type Systems
Monadic encapsulation of effects [L-PJ 94]
–
Embed imperative features in pure languages
runST :: 8a. (8s. ST s a) ! a
Polymorphism over store index type ensures that the
computation (and the result) are independent of the initial
(and final) store
36
Monadic Type Systems
Monadic encapsulation of effects [L-PJ 94]
–
–
37
Embed imperative features in pure languages
Polymorphic type system ensures safety
Well understood meta-theory
Simplicity of System F type system
FRGN = System F + RGN monad
System F
Monadic sub-language
38
RGN monad: Types
Monadic types
39
RGN monad: Types
Monadic types
RGN s t –
computations in stack of regions s
returning values of type t;
a “stack” transformer
40
RGN monad: Types
Monadic types
Hnd s –
handles for the region
at the top of the stack of regions s
41
RGN monad: Types
Monadic types
Ref s t –
values of type t allocated in region
at the top of the stack of regions s
42
RGN monad: Operations
Monadic unit and bind
returnRGN ::
8s,a. a ! RGN s a
thenRGN ::
8s,a,b. RGN s a ! (a ! RGN s b) ! RGN s b
43
RGN monad: Operations
Monadic unit and bind
returnRGN ::
8s,a. a ! RGN s a
thenRGN ::
8s,a,b. RGN s a ! (a ! RGN s b) ! RGN s b
44
RGN monad: Operations
Monadic unit and bind
returnRGN ::
8s,a. a ! RGN s a
thenRGN ::
8s,a,b. RGN s a ! (a ! RGN s b) ! RGN s b
45
RGN monad: Operations
Create and read region allocated values
new ::
8s,a. Hnd s ! a ! RGN s (Ref s a)
read ::
8s,a. Ref s a ! RGN s a
46
RGN monad: Operations
Create and read region allocated values
new ::
8s,a. Hnd s ! a ! RGN s (Ref s a)
read ::
8s,a. Ref s a ! RGN s a
47
RGN monad: Encapsulation
Encapsulate and run a monadic computation
runRGN ::
8a. (8s. RGN s a) ! a
48
RGN monad: Encapsulation
Encapsulate and run a monadic computation
runRGN ::
8a. (8s. RGN s a) ! a
49
RGN monad: Encapsulation
Encapsulate and run a monadic computation
runRGN ::
8a. (8s. RGN s a) ! a
“for all stacks” )
no assumptions about
stack of regions
50
RGN monad: Encapsulation
Encapsulate and run a monadic computation
runRGN ::
8a. (8s. RGN s a) ! a
“for all stacks” )
no assumptions about
stack of regions
51
RGN monad: Encapsulation
Encapsulate and run a monadic computation
runRGN ::
8a. (8s. RGN s a) ! a
“for all stacks” )
no assumptions about
stack of regions
52
result is independent of stack )
s 62 frv(a) )
region values don’t escape
RGN monad: Regions
Regions are created and destroyed
with a lexically scoped construct
letRGN ::
8s1,a. (8s2. Hnd s2 ! RGN s2 a) ! RGN s1 a
53
RGN monad: Regions
Regions are created and destroyed
with a lexically scoped construct
letRGN ::
8s1,a. (8s2. Hnd s2 ! RGN s2 a) ! RGN s1 a
“for all stacks” )
no assumptions about
stack of regions
54
result is independent of stack )
s2 62 frv(RGN s1 a) )
region values don’t escape
RGN monad: Regions
Regions are created and destroyed
with a lexically scoped construct
letRGN ::
But, want to assume that
8s1,a. (8s2. Hnd s2 ! RGN s2 a) ! RGN s1 a
s1 · s2
“for all stacks” )
no assumptions about
stack of regions
55
(s1::r == s2)
result is independent of stack )
s2 62 frv(RGN s1 a) )
region values don’t escape
RGN monad: Witnesses
Witness type
Pf(s1 · s2) –
proof that the stack of regions s1
is a substack of the stack of regions s2
56
RGN monad: Witnesses
Witness operations
coerceRGN ::
8s1,s2,a. Pf(s1 · s2) ! RGN s1 a ! RGN s2 a
transSub ::
8s1,s2,s3. Pf(s1 · s2) ! Pf(s2 · s3)
! Pf(s1 · s3)
57
RGN monad: Regions
Regions are created and destroyed
with a lexically scoped construct
letRGN ::
8s1,a. (8s2. Pf(s1 · s2) ! Hnd s2 ! RGN s2 a)
! RGN s1 a
58
RGN monad: Regions
Regions are created and destroyed
with a lexically scoped construct
letRGN ::
8s1,a. (8s2. Pf(s1 · s2) ! Hnd s2 ! RGN s2 a)
! RGN s1 a
59
Translation: TTRC to FRGN
Type- and meaning-preserving translation
from Tofte-Talpin Region Calculus to FRGN
60
Translation: TTRC to FRGN
Type- and meaning-preserving translation
from Tofte-Talpin Region Calculus to FRGN
« (ref r1 int)
{r1,r2,r3}
! (ref r3 int) ¬ )
8s. (Pf(s1 · s) £ Pf(s2 · s) £ Pf(s3 · s)) !
Ref s1 int ! RGN s (Ref s3 int)
61
Translation: TTRC to FRGN
Type- and meaning-preserving translation
from Tofte-Talpin Region Calculus to FRGN
« (ref r1 int)
{r1,r2,r3}
! (ref r3 int) ¬ )
8s. (Pf(s1 · s) £ Pf(s2 · s) £ Pf(s3 · s)) !
Ref s1 int ! RGN s (Ref s3 int)
62
Translation: TTRC to FRGN
Type- and meaning-preserving translation
from Tofte-Talpin Region Calculus to FRGN
« (ref r1 int)
{r1,r2,r3}
! (ref r3 int) ¬ )
8s. (Pf(s1 · s) £ Pf(s2 · s) £ Pf(s3 · s)) !
Ref s1 int ! RGN s (Ref s3 int)
63
Translation: TTRC to FRGN
Type- and meaning-preserving translation
from Tofte-Talpin Region Calculus to FRGN
« (ref r1 int)
{r1,r2,r3}
! (ref r3 int) ¬ )
8s. (Pf(s1 · s) £ Pf(s2 · s) £ Pf(s3 · s)) !
Ref s1 int ! RGN s (Ref s3 int)
64
Translation: TTRC to FRGN
Type- and meaning-preserving translation
from Tofte-Talpin Region Calculus to FRGN
« (ref r1 int)
{r1,r2,r3}
! (ref r3 int) ¬ )
8s. (Pf(s1 · s) £ Pf(s2 · s) £ Pf(s3 · s)) !
Ref s1 int ! RGN ?
s (Ref s3 int)
65
Translation: TTRC to FRGN
Type- and meaning-preserving translation
from Tofte-Talpin Region Calculus to FRGN
« (ref r1 int)
{r1,r2,r3}
! (ref r3 int) ¬ )
8s. (Pf(s1 · s) £ Pf(s2 · s) £ Pf(s3 · s)) !
Ref s1 int ! RGN s (Ref s3 int)
66
Translation: TTRC to FRGN
Type- and meaning-preserving translation
from Tofte-Talpin Region Calculus to FRGN
« (ref r1 int)
{r1,r2,r3}
! (ref r3 int) ¬ )
8s. (Pf(s1 · s) £ Pf(s2 · s) £ Pf(s3 · s)) !
Ref s1 int ! RGN s (Ref s3 int)
67
Translation: TTRC to FRGN
Type- and meaning-preserving translation
from Tofte-Talpin Region Calculus to FRGN
«letregion r,h in e¬ )
68
Translation: TTRC to FRGN
Type- and meaning-preserving translation
from Tofte-Talpin Region Calculus to FRGN
«letregion r,h in e¬ )
letRGN (Ls.lw.lh. «e¬)
69
Limitations of LIFO Regions
Lexical scope is ill-suited for
–
–
–
70
iterative computations
Conway’s Game of Life; copying GC
CPS-based computations
event-based computations
Limitations of LIFO Regions
Lexical scope is ill-suited for
–
–
–
iterative computations
Conway’s Game of Life; copying GC
CPS-based computations
event-based computations
But, lexical scope was ensuring that
the stack of regions was threaded linearly
71
Substructural Type Systems
Provide core mechanisms to restrict the number
and order of uses of data and operations
–
72
generalization of linear type systems
Structural Properties
Conventional type systems satisfy
73
–
Exchange
use typing assumptions in any order
–
Contraction
use typing assumptions more than once
–
Weakening
use typing assumptions less than once
Structural Properties
Conventional type systems satisfy
74
–
Exchange
use typing assumptions in any order
–
Contraction – Copy
use typing assumptions more than once
–
Weakening – Drop
use typing assumptions less than once
Structural Properties
Substructural type systems fail to satisfy
75
–
Exchange
use typing assumptions in any order
–
Contraction – Copy
use typing assumptions more than once
–
Weakening – Drop
use typing assumptions less than once
Structural Properties
Substructural type systems fail to satisfy
76
–
Exchange
use typing assumptions in any order
–
Contraction – Copy
use typing assumptions more than once
–
Weakening – Drop
use typing assumptions less than once
Substructural Qualifiers
Linear
Affine
Relevant
Drop
Copy
Unrestricted
77
Drop
Copy
Substructural Qualifiers
Unique objects –
may be “used”
at most once
Linear
Affine
Relevant
Drop
Copy
Unrestricted
78
Drop
Copy
Shared objects –
may be “used”
more than once
Substructural Qualifiers
Unique objects –
may be “used”
at most once
Linear
Affine
Relevant
Drop
Copy
Unrestricted
79
Drop
Copy
Shared objects –
may be “used”
more than once
Substructural Qualifiers
Unique objects –
may be “used”
at most once
Linear
Affine
Relevant
Drop
Copy
Unrestricted
80
Drop
Copy
Shared objects –
may be “used”
more than once
Substructural Qualifiers
Unique objects –
may be “used”
at most once
Linear
Affine
Relevant
Drop
Copy
Unrestricted
81
Drop
Copy
Shared objects –
may be “used”
more than once
Substructural Qualifiers
Linear
82
Essential objects –
must be “used”
at least once
Affine
Relevant
Drop
Copy
Inessential objects –
may be “used”
less than once
Unrestricted
Drop
Copy
Substructural Qualifiers
Linear
83
Essential objects –
must be “used”
at least once
Affine
Relevant
Drop
Copy
Inessential objects –
may be “used”
less than once
Unrestricted
Drop
Copy
Substructural Qualifiers
Linear
84
Essential objects –
must be “used”
at least once
Affine
Relevant
Drop
Copy
Inessential objects –
may be “used”
less than once
Unrestricted
Drop
Copy
Substructural Qualifiers
Linear
85
Essential objects –
must be “used”
at least once
Affine
Relevant
Drop
Copy
Inessential objects –
may be “used”
less than once
Unrestricted
Drop
Copy
Substructural Type System: lURAL
Qualifiers
q ::= U j R j A j L
PreTypes
t ::= 1 j t1 t2 j t1 ( t2 j 8a.t j 9a.t
Types
t ::= qt
86
Substructural Type System: lURAL
Qualifiers
q ::= U j R j A j L
PreTypes
t ::= 1 j t1 t2 j t1 ( t2 j 8a.t j 9a.t
How may
the value be used?
Types
t ::= qt
87
Substructural Type System: lURAL
Qualifiers
q ::= U j R j A j L
How often may
the value be used?
PreTypes
t ::= 1 j t1 t2 j t1 ( t2 j 8a.t j 9a.t
How may
the value be used?
Types
t ::= qt
88
lrgnURAL = lURAL + Regions
PreTypes
t ::= … j cap r j hnd r j ref r t j 8r.t j 9r.t
“capability” for
region r
89
lrgnURAL: Region Primitives
Regions are created and destroyed
with separate operations
newrgn ::
U(U1 ( L(9r.L(Lcap r
freergn ::
U8r.U(L(Lcap r
90
Uhnd
Uhnd
r))
r) ( U1)
lrgnURAL: Region Primitives
Regions are created and destroyed
with separate operations
newrgn ::
U(U1 ( L(9r.L(Lcap r
freergn ::
U8r.U(L(Lcap r
91
Uhnd
Uhnd
r))
r) ( U1)
lrgnURAL: Region Primitives
Regions are created and destroyed
with separate operations
newrgn ::
U(U1 ( L(9r.L(Lcap r
freergn ::
U8r.U(L(Lcap r
92
Uhnd
Uhnd
r))
r) ( U1)
lrgnURAL: Region Primitives
Regions are created and destroyed
with separate operations
newrgn ::
U(U1 ( L(9r.L(Lcap r
freergn ::
U8r.U(L(Lcap r
93
Uhnd
Uhnd
r))
r) ( U1)
lrgnURAL: Region Primitives
new ::
U8r,a.U(L(Lcap r Uhnd r Ua) (
L(Lcap r Uref r Ua)
read ::
U8r,a.U(L(Lcap r Uref r Ua) (
L(Lcap r Ua)
94
lrgnURAL: Region Primitives
new ::
U8r,a.U(L(Lcap r Uhnd r Ua) (
L(Lcap r Uref r Ua)
read ::
U8r,a.U(L(Lcap r Uref r Ua) (
L(Lcap r Ua)
95
lrgnURAL: Region Primitives
new ::
U8r,a.U(L(Lcap r Uhnd r Ua) (
L(Lcap r Uref r Ua)
read ::
U8r,a.U(L(Lcap r Uref r Ua) (
L(Lcap r Ua)
96
lrgnURAL: Region Primitives
Regions are created and destroyed
with separate operations
newrgn ::
U(U1 ( L(9r.L(Lcap r
freergn ::
U8r.U(L(Lcap r
97
Uhnd
Uhnd
r))
r) ( U1)
lrgnURAL: Region Primitives
Regions are created and destroyed
with separate operations
newrgn ::
U(U1 ( q(9r.q(qcap r
freergn ::
U8r.U(q(qcap r
98
Uhnd
Uhnd
r))
r) ( U1)
lrgnURAL: Region Primitives
Regions are created and destroyed
with separate operations
newrgn ::
U(U1 ( q(9r.q(qcap r
freergn :: A ¹ q
U8r.U(q(qcap r
99
Uhnd
Uhnd
r))
r) ( U1)
lrgnURAL: Region Primitives
new ::
U8r,a.U(q(qcap r Uhnd r Ua) (
q(qcap r Uref r Ua)
read ::
U8r,a.U(q(qcap r Uref r Ua) (
q(qcap r Ua)
100
Translation: FRGN to lrgnURAL, Types
« RGN s t ¬ = U(s ( L(s «t¬))
101
Translation: FRGN to lrgnURAL, Types
« RGN s t ¬ = U(s ( L(s «t¬))
–
102
operational behavior of monad is store-passing
Translation: FRGN to lrgnURAL, Types
« RGN s t ¬ = U(s ( L(s «t¬))
–
103
operational behavior of monad is store-passing
Translation: FRGN to lrgnURAL, Types
« RGN s t ¬ = U(s ( L(s «t¬))
–
104
operational behavior of monad is store-passing
Translation: FRGN to lrgnURAL, Types
« Pf(s1 · s2) ¬ = U(9s’. U(U(s2 ( L(s1 s’))
« Pf(s1 · s2) ¬ = U(9s’. U( U(L(s1 s’) ( s2))
–
105
Isomorphism between s2 and L(s1 s’),
for some “slack” s’
Translation: FRGN to lrgnURAL, Types
« Pf(s1 · s2) ¬ = U(9s’. U(U(s2 ( L(s1 s’))
« Pf(s1 · s2) ¬ = U(9s’. U( U(L(s1 s’) ( s2))
–
–
–
106
Isomorphism between s2 and L(s1 s’),
for some “slack” s’
Proof that s1 is a substack of s2 is persistent
Existence of s1 and s2 is ephemeral
Translation: FRGN to lrgnURAL, Types
« Pf(s1 · s2) ¬ = U(9s’. U(U(s2 ( L(s1 s’))
« Pf(s1 · s2) ¬ = U(9s’. U( U(L(s1 s’) ( s2))
–
–
–
107
Isomorphism between s2 and L(s1 s’),
for some “slack” s’
Proof that s1 is a substack of s2 is persistent
Existence of s1 and s2 is ephemeral
Translation: FRGN to lrgnURAL, Types
« Pf(s1 · s2) ¬ = U(9s’. Iso(s2, L(s1 s’))) (
« Pf(s1 · s2) ¬ = U(9s’. U(U(L(s1 s’) ( s2))
–
–
–
108
Isomorphism between s2 and L(s1 s’),
for some “slack” s’
Proof that s1 is a substack of s2 is persistent
Existence of s1 and s2 is ephemeral
Translation: FRGN to lrgnURAL, Types
« Hnd s ¬ = U(9r. U(U(9s’. Iso(s, L(s’ Lcap r)))
« Hnd s ¬ = U(9r. U( Uhnd r))
« Ref s t ¬ = U(9r. U(U(9s’. Iso(s, L(s’ Lcap r)))
« Ref s t ¬ = U(9r. U( Uref r «t¬))
109
Translation: FRGN to lrgnURAL, Types
« Hnd s ¬ = U(9r. U(U(9s’. Iso(s, L(s’ Lcap r)))
« Hnd s ¬ = U(9r. U( Uhnd r))
« Ref s t ¬ = U(9r. U(U(9s’. Iso(s, L(s’ Lcap r)))
« Ref s t ¬ = U(9r. U( Uref r «t¬))
Existential fixes region r
110
Translation: FRGN to lrgnURAL, Types
« Hnd s ¬ = U(9r. U(U(9s’. Iso(s, L(s’ Lcap r)))
« Hnd s ¬ = U(9r. U( Uhnd r))
« Ref s t ¬ = U(9r. U(U(9s’. Iso(s, L(s’ Lcap r)))
« Ref s t ¬ = U(9r. U( Uref r «t¬))
Existential fixes region r
Isomorphism witnesses membership of r in s
111
Translation: FRGN to lrgnURAL, Ops
« returnRGN [s] [t] e ¬ =
let res : «t¬ = «e¬ in
Ulstk:s. Lhstk,resi
« thenRGN [s] [ta] [tb] e1 e2 ¬ =
let f : «RGN s ta¬= «e1¬ in
let g : «ta ! RGN s tb¬ = «e2¬ in
Ulstk:s. let hstk,resi = f stk in g res stk
112
Translation: FRGN to lrgnURAL, Ops
« returnRGN [s] [t] e ¬ =
let res : «t¬ = «e¬ in
Ulstk:s. Lhstk,resi
Storepassing
encoding
« thenRGN [s] [ta] [tb] e1 e2 ¬ =
let f : «RGN s ta¬= «e1¬ in
let g : «ta ! RGN s tb¬ = «e2¬ in
Ulstk:s. let hstk,resi = f stk in g res stk
113
Translation: FRGN to lrgnURAL, Ops
« letRGN [s1] [t] e ¬ =
let f : «8s2. Pf(s1·s2) ! Hnd s2 ! RGN s2 t¬ = «e¬ in
Ulstk :s .let pack(r,hcap,hndi) = newrgn Lhi in
1 1
Ulstk :s .let stk = Lhstk ,capi in
1 1
2
1
Ulstk :s .let id = Ulstk: L(s Lcap r).stk in
1 1
1
Ulstk :s .let pwit = Upack(Lcap r,Uhid,idi) in
1 1
Ulstk :s .let phnd = Upack(r,UhUpack(s ,Uhid,idi),hndi) in
1 1
1
Ulstk :s .let hstk ,resi = f [L(s Lcap r)] pwit phnd stk in
1 1
2
1
2
Ulstk :s .let hstk ,capi = stk in
1 1
1
2
Ulstk :s .let hi = freergn [r] Lhcap,hndi in
1 1
Ulstk :s .Lhstk ,resi
1 1
1
114
Translation: FRGN to lrgnURAL, Ops
« letRGN [s1] [t] e ¬ =
let f : «8s2. Pf(s1·s2) ! Hnd s2 ! RGN s2 t¬ = «e¬ in
Ulstk :s .let pack(r,hcap,hndi) = newrgn Lhi in
1 1
Ulstk :s .let stk = Lhstk ,capi in
1 1
2
1
Ulstk :s .let id = Ulstk: L(s Lcap r).stk in
1 1
1
Ulstk :s .let pwit = Upack(Lcap r,Uhid,idi) in
1 1
Ulstk :s .let phnd = Upack(r,UhUpack(s ,Uhid,idi),hndi) in
1 1
1
Ulstk :s .let hstk ,resi = f [L(s Lcap r)] pwit phnd stk in
1 1
2
1
2
Ulstk :s .let hstk ,capi = stk in
1 1
1
2
Ulstk :s .let hi = freergn [r] Lhcap,hndi in
1 1
Ulstk :s .Lhstk ,resi
1 1
1
115
Translation: FRGN to lrgnURAL, Ops
« letRGN [s1] [t] e ¬ =
let f : «8s2. Pf(s1·s2) ! Hnd s2 ! RGN s2 t¬ = «e¬ in
Ulstk :s .let pack(r,hcap,hndi) = newrgn Uhi in
1 1
Ulstk :s .let stk = Lhstk ,capi in
1 1
2
1
Ulstk :s .let id = Ulstk: L(s Lcap r).stk in
1 1
1
Ulstk :s .let pwit = Upack(Lcap r,Uhid,idi) in
1 1
Ulstk :s .let phnd = Upack(r,UhUpack(s ,Uhid,idi),hndi) in
1 1
1
Ulstk :s .let hstk ,resi = f [L(s Lcap r)] pwit phnd stk in
1 1
2
1
2
Ulstk :s .let hstk ,capi = stk in
1 1
1
2
Ulstk :s .let hi = freergn [r] Lhcap,hndi in
1 1
Ulstk :s .Lhstk ,resi
1 1
1
116
Translation: FRGN to lrgnURAL, Ops
« letRGN [s1] [t] e ¬ =
let f : «8s2. Pf(s1·s2) ! Hnd s2 ! RGN s2 t¬ = «e¬ in
Ulstk :s .let pack(r,hcap,hndi) = newrgn Uhi in
1 1
Ulstk :s .let stk = Lhstk ,capi in
1 1
2
1
Ulstk :s .let id = Ulstk: L(s Lcap r).stk in
1 1
1
Ulstk :s .let pwit = Upack(Lcap r,Uhid,idi) in
1 1
Ulstk :s .let phnd = Upack(r,UhUpack(s ,Uhid,idi),hndi) in
1 1
1
Ulstk :s .let hstk ,resi = f [L(s Lcap r)] pwit phnd stk in
1 1
2
1
2
Ulstk :s .let hstk ,capi = stk in
1 1
1
2
Ulstk :s .let hi = freergn [r] Lhcap,hndi in
1 1
Ulstk :s .Lhstk ,resi
1 1
1
117
Translation: FRGN to lrgnURAL, Ops
« letRGN [s1] [t] e ¬ =
let f : «8s2. Pf(s1·s2) ! Hnd s2 ! RGN s2 t¬ = «e¬ in
Ulstk :s .let pack(r,hcap,hndi) = newrgn Uhi in
1 1
Ulstk :s .let stk = Lhstk ,capi in
1 1
2
1
Ulstk :s .let id = Ulstk: L(s Lcap r).stk in
1 1
1
Ulstk :s .let pwit = Upack(Lcap r,Uhid,idi) in
1 1
Ulstk :s .let phnd = Upack(r,UhUpack(s ,Uhid,idi),hndi) in
1 1
1
Ulstk :s .let hstk ,resi = f [L(s Lcap r)] pwit phnd stk in
1 1
2
1
2
Ulstk :s .let hstk ,capi = stk in
1 1
1
2
Ulstk :s .let hi = freergn [r] Lhcap,hndi in
1 1
Ulstk :s .Lhstk ,resi
1 1
1
118
Translation: FRGN to lrgnURAL, Ops
« letRGN [s1] [t] e ¬ =
let f : «8s2. Pf(s1·s2) ! Hnd s2 ! RGN s2 t¬ = «e¬ in
Ulstk :s .let pack(r,hcap,hndi) = newrgn Uhi in
1 1
Ulstk :s .let stk = Lhstk ,capi in
1 1
2
1
Ulstk :s .let id = Ulstk: L(s Lcap r).stk in
1 1
1
Ulstk :s .let pwit = Upack(Lcap r,Uhid,idi) in
1 1
Ulstk :s .let phnd = Upack(r,UhUpack(s ,Uhid,idi),hndi) in
1 1
1
Ulstk :s .let hstk ,resi = f [L(s Lcap r)] pwit phnd stk in
1 1
2
1
2
Ulstk :s .let hstk ,capi = stk in
1 1
1
2
Ulstk :s .let hi = freergn [r] Lhcap,hndi in
1 1
Ulstk :s .Lhstk ,resi
1 1
1
119
Translation: FRGN to lrgnURAL, Ops
« new [s] [t] eh e ¬ =
let phnd : «Hnd s¬ = «eh¬ in
let x : «t¬ = «e¬ in
Ulstk:s.let pack(r,hpack(s’,hprj,inji),hndi) = phnd in
Ulstk:s.let hstk’,capi = prj stk in
Ulstk:s.let hcap,refi = new [r] [«t¬] Lhcap,hnd,xi in
Ulstk:s.let pref = Upack(r,UhUpack(s’,Uhprj,inji),refi) in
Ulstk:s.let stk = inj Lhstk’,capi in
Ulstk:s.Lhstk,prefi
120
Cyclone Features
Dynamic Regions
–
–
–
121
1st class regions without LIFO restriction
represented by a linear/affine key:
L/Akey r = L/A(L/Acap r Uhnd r)
must be opened to allocate or access
openDRgn ::
8r,s,a. key r (
8r,s,a. (hnd r ( rgn (s cap r) a) (
8r,s,a. rgn s (a key r)
Cyclone Features
Heap
–
122
globally scoped, garbage collected region
Ucap r
Uhnd r
heap
heap
Cyclone Features
Heap
–
globally scoped, garbage collected region
Ucap r
Uhnd r
heap
heap
Reaps
–
123
regions with individual object deallocation
L/Aref r t
Cyclone Features
Unique Pointers
124
–
anonymous dynamic regions without the handle
Luptr t = L(9r. L(Lcap r Uref r t))
–
or, unique references in the heap
Luptr t = Lref r
heap t
Future Work
In practice, need to phase-split capabilities
Encode results of region analyses
–
Aiken et.al. [PLDI’95], Henglein et.al. [PPDP’01]
Modeling other language features
–
125
Cyclone, Cqual, Vault
Final Thoughts
Type-and-effect · Monadic · Substructural
–
126
would be a nice story
Final Thoughts
Type-and-effect · Monadic · Substructural
–
–
would be a nice story
better picture (??)
Type-and effect
Substructural
127
Monadic
Region-based
memory management
Final Thoughts
Advantage of Substructural TS for RBMM
–
–
–
128
Encode results of region analyses
Aiken et.al. [PLDI’95], Henglein et.al. [PPDP’01]
Previous work introduced features in type-system
exclusively for supporting non-LIFO regions
This work introduces primitives, but reuses features of
type-system to encode non-LIFO regions
Final Thoughts
Advantage of Substructural TS for RBMM
–
–
–
–
129
Encode results of region analyses
Aiken et.al. [PLDI’95], Henglein et.al. [PPDP’01]
Previous work introduced features in type-system
exclusively for supporting non-LIFO regions
This work introduces primitives, but reuses features of
type-system to encode non-LIFO regions
Substructural type-systems are good for supporting
other features, so it is an economical use
Final Thoughts
Scope vs. Lifetime
–
–
130
Lexical scope of region name
universal and existential quantification
Un-scoped lifetime of region capability
late allocation / early deallocation
Final Thoughts
Scope vs. Lifetime
–
–
Lexical scope of region name
universal and existential quantification
Un-scoped lifetime of region capability
late allocation / early deallocation
newrgn ::
U(U1 ( L(9r.L(Lcap r
131
Uhnd
r))
Final Thoughts
Scope vs. Lifetime
–
–
Lexical scope of region name
universal and existential quantification
Un-scoped lifetime of region capability
late allocation / early deallocation
newrgn ::
U(U1 ( L(9r.L(U1 ( L(Lcap r
132
Uhnd
r)))
References
http://www.cs.cornell.edu/People/fluet
133
–
FRGN : ICFP’04, JFP’06
–
lURAL and lrefURAL: ICFP’05
–
lrgnURAL : ESOP’06 (submitted)