pony co designing a type system and a runtime
play

Pony: Co-Designing a Type System and a Runtime Sylvan Clebsch - PowerPoint PPT Presentation

Sep 06, 2022 •379 likes •990 views

Pony: Co-Designing a Type System and a Runtime Sylvan Clebsch March 8th, 2017 Presenting at QCon London My background 25 years of industry programming Electronic trading, online video games, crypto tools, physics modelling, rendering

  1. Pony: Co-Designing a Type System and a Runtime Sylvan Clebsch March 8th, 2017 Presenting at QCon London

  2. My background 25 years of industry programming Electronic trading, online video games, crypto tools, physics modelling, rendering engines, military sims, VOIP, peer routing, embedded operating systems.

  3. These all have something in common Performance critical Bene�t from concurrency Most are actually distributed systems... ...even if I didn't realise that when writing them

  4. Pony An actor-model capabilities-secure general-purpose native language Designed to "scratch my own itch" actor Main new create(env: Env) => env.out.print("Hello, QCon!")

  5. Goals Statically data-race free, with mutability No-stop-the-world garbage collection Formally speci�ed Single node performance competitive with C/C++ Distributed computing

  6. Some good domains for Pony Financial systems Video games Stream processing Machine learning Low-power devices (speed is energy e�ciency) Operating systems

  7. There's a lot in Pony Today will be an overview of the features most interesting for distributed computing: data-race freedom and GC Some of the things that won't get mentioned: generics, intersection types, nominal and structural subtyping, pattern matching, queue design, scheduling and work-stealing, and more

  8. Let's walk through that example actor Main new create(env: Env) => env.out.print("Hello, QCon!") env is an immutable environment that encapsulates command line arguments, environment variables, stdin , stdout , stderr There are no globals, as globals represent ambient authority Access to stdout must be passed to any function that needs it

  9. Capabilities security Originally operating system based: KeyKOS, EROS, Coyotos, seL4 Expanded to programming languages with object capabilities (ocaps): E, AmbientTalk, Caja Pony is an ocap language: env is an ocap for the initial environment

  10. Reference capabilities Pony extends ocaps with reference capabilities (rcaps) For example, the immutability of env is an rcap: more on this later!

  11. Actor model actor Main new create(env: Env) => env.out.print("Hello, QCon!") env.out is an actor that encapsulates stdout Instead of locking stdout to print, the env.out actor is send a message that contains what is to be printed Here, the message is print and we print "Hello, QCon!"

  12. Actor model history Starts with Carl Hewitt in 1973 Gul Agha's 1985 thesis provided a foundational model Closely connected to CSP, pi-calculus, join-calculus Some other actor languages: Erlang, E, AmbientTalk Some actor libraries: Akka, Orleans, ActorFoundry, CAF

  13. Why is it safe to send a String in a message? actor Main new create(env: Env) => env.out.print("Hello, QCon!") Here, we are passing a string literal, which has the type String val The val means it is a globally immutable String : there can be no writeable aliases to the object It's safe to send val references in messages: there will be no data races val is a reference capability (rcap)

  14. What about sending mutable data in messages? actor TCPConnection new create(notify: TCPConnectionNotify iso, host: String, service: String, from: String = "") When creating a TCPConnection , we attach a TCPConnectionNotify that will be called when events occur on the connection notify may need to mutate its state: for example, it may do stateful protocol decoding

  15. Isolation for data-race free mutability actor TCPConnection new create(notify: TCPConnectionNotify iso, host: String, service: String, from: String = "") To make this safe, TCPConnection requires that notify is isolated ( iso ). iso guarantees there are no readable or writeable aliases to the object It's safe to send iso references in messages

  16. Using tag to express identity actor Timers be apply(timer: Timer iso) be cancel(timer: Timer tag) When setting up a Timer , a Timers actor represents a set of hierarchical timing wheels and manages the underlying OS timer mechanism A Timer is mutable, not only to change when it next �res, but because it holds a mutable TimerNotify that is informed of events that may in turn hold mutable state

  17. tag is compatible with iso actor Timers be apply(timer: Timer iso) be cancel(timer: Timer tag) We can send a Timer iso to another actor while safely keeping a tag alias: tag is opaque, allowing neither reading from nor writing to the object Sending a tag in a message is also safe: an opaque reference can't be the source of data races

  18. Using tag to type actors actor Main new create(env: Env) => env.out.print("Hello, QCon!") Here, the env.out actor is a StdStream tag Sending an asynchronous message involves neither reading from nor writing to the receiver's state

  19. Actors are part of the rcap system actor Timers be apply(timer: Timer iso) => """ Sets a timer. Fire it if need be, schedule it on the correct timing wheel, then rearm the timer. """ let timer': Timer ref = consume timer _map(timer') = timer' timer'._slop(_slop) _fire(timer') _advance() Here we see a behaviour ( be ) that handles the apply message When a behaviour executes, the receiver ( this ) is typed as ref : the actor can freely mutate its own state

  20. Data-race freedom "If I can write to it, nobody else can read from it" Corollary: "If I can read from it, nobody else can write to it"

  21. Existing data-race freedom work Gordon, Parkinson, Parsons, Brom�eld, Du�y: Uniqueness and reference immutability for safe parallelism Östlund, Wrigstad, Clarke, Åkerblom: Ownership, uniqueness, and immutability Haller, Odersky: Capabilities for uniqueness and borrowing Srinivasan, Mycroft: Kilim: Isolation-typed actors for java Wadler: Linear types can change the world Rust: mixed static/dynamic data race freedom

  22. Deny rather than allow Pony's reference capabilities (rcaps) express what other aliases cannot exist, both locally and globally Alias denial appears to be more fundamental than permissions

  23. Deny matrix Deny global aliases Deny local aliases Read/Write Write None Read/Write iso Write trn val None ref box tag mutable immutable opaque

  24. Rcaps and viewpoint adaptation class HashMap[K, V, H: HashFunction[K] val] fun apply(key: box->K!): this->V ? Here, key is any alias ( ! ) of how a readable ( box ) type would see the unconstrained type variable K The return value is how the receiver sees the type variable V apply is a partial function ( ? ): this is how exceptions work in Pony

  25. Rcaps, ephemerality, algebraic data types class HashMap[K, V, H: HashFunction[K] val] fun ref update(key: K, value: V): (V^ | None) => In contrast, in update an actual K is required, as the HashMap will store it The return value is either an ephemeral ( ^ ) V , indicating that one alias has been removed (the one the HashMap previously held, if any), or None if no value was previously associated with the key

  26. An example of ephemerality let ant: Ant val = ... let map: HashMap[String, Aardvark iso] = ... map("bob").eat(ant) // ok let bob1: Aardvark iso = map("bob") // bad! let bob2: Aardvark tag = map("bob") // ok let bob3: Aardvark iso = map.remove("bob") // ok We can lookup Bob the Aardvark and call iso -safe functions on the result But we can't take an alias to Bob, except as a tag But we could remove Bob from the map entirely

  27. Formalism at the root There has been a tight feedback loop between research and development The formalism has improved the implementation The implementation has improved the formalism

  28. Operational semantics

  29. Type system

  30. Leveraging the type system in the runtime Types as guarantees help reasoning Those same guarantees can be used in the runtime implementation Type systems can improve performance

  31. What parts of the runtime are faster due to the type system? Memory allocator Garbage collector Message queues Work-stealing scheduler Asynchronous I/O

  32. Garbage collection How can we leverage the actor-model and data-race freedom to build a highly e�cient, no-stop-the-world GC?

  33. Per-actor heaps Start with a separate heap per actor, like Erlang Use a mark-and-don't-sweep, non-incremental, non-generational, non-copying collector No read or write barriers, no card table marking, no pointer �xups Don't touch unreachable memory, avoiding cache pollution Handle fragmentation with a size-classed pooled memory allocator

  34. Sharing references across actors Data-race freedom allows zero-copy messaging How do we prevent premature collection of objects sent to other actors? With no synchronisation, including no round-trip message passing?

  35. ORCA: fully concurrent object GC for actors A variant of deferred distributed weighted reference counting Ref counts do not depend on the shape of the heap, only on how many times an object has been sent or received by an actor

  36. How it works 1. When an actor sends a reference to an object in a message, it increments its own reference count for that object 2. When an actor receives a reference to an object in a message, it decrements its own reference count for that object 3. Increments and decrements are reversed if the object was not allocated on the actor's heap

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Contents pony The occam- What is pony? Network Environment Why do we need a

Contents pony The occam- What is pony? Network Environment Why do we need a

Contents pony The occam- What is pony? Network Environment Why do we need a unified concurrency model? Mario Schweigler and Adam Sampson Using pony Computing Laboratory, University of Kent Benchmarks Canterbury, UK

116 views • 7 slides
Solid Type System vs Runtime Checks and Unit Tests Vladimir Pavkin Plan Fail Fast concept

Solid Type System vs Runtime Checks and Unit Tests Vladimir Pavkin Plan Fail Fast concept

Solid Type System vs Runtime Checks and Unit Tests Vladimir Pavkin Plan Fail Fast concept Type Safe Patterns Fail Fast Immediate and visible failure Where can it fail? Handled runtime exceptions & assertions Unhandled runtime failure

1.2k views • 62 slides
Pony A Brief Programming Language Overview! October 2017 Disclaimer! I am a fan of some of the

Pony A Brief Programming Language Overview! October 2017 Disclaimer! I am a fan of some of the

Pony A Brief Programming Language Overview! October 2017 Disclaimer! I am a fan of some of the ideas in Pony! I am not a Pony programmer Pony contributor etc Disclaimer! Most of the content of these slides is from Deny

1.01k views • 31 slides
pony The occam- Network Environment Mario Schweigler and Adam Sampson Computing

pony The occam- Network Environment Mario Schweigler and Adam Sampson Computing

pony The occam- Network Environment Mario Schweigler and Adam Sampson Computing Laboratory, University of Kent Canterbury, UK Contents What is pony? Why do we need a unified concurrency model? Using pony Benchmarks

590 views • 42 slides
Pony How I learned to stop worrying and embrace an unproven technology Sean T Allen Author of

Pony How I learned to stop worrying and embrace an unproven technology Sean T Allen Author of

Pony How I learned to stop worrying and embrace an unproven technology Sean T Allen Author of Storm Applied Member of the Pony core team VP of Engineering at Sendence Pony Open-source, object-oriented, actor-model, capabilities- secure,

484 views • 27 slides
Bluffdale 14600 South (SR140) Bicycle/Shoulder Lanes Project Type Bicycle From Pony

Bluffdale 14600 South (SR140) Bicycle/Shoulder Lanes Project Type Bicycle From Pony

Bluffdale 14600 South (SR140) Bicycle/Shoulder Lanes Project Type Bicycle From Pony Express to UPRR Bridge over SR-140 Project Cost $ 669,700 Funds Request $ 624,361 To build bicycle/shoulder lanes on SR-140. SR-140 is an

325 views • 15 slides
Runtime System COMP 524: Programming Languages Based in part on slides and notes by J. Erickson,

Runtime System COMP 524: Programming Languages Based in part on slides and notes by J. Erickson,

Runtime System COMP 524: Programming Languages Based in part on slides and notes by J. Erickson, S. Krishnan, B. Brandenburg, S. Olivier, A. Block, and others What is the Runtime System (RTS)? Language runtime environment. OS view : RTS

962 views • 69 slides
15-150 Fall 2020 Lecture 10 Stephen Brookes Type checking Type inference Polymorphism

15-150 Fall 2020 Lecture 10 Stephen Brookes Type checking Type inference Polymorphism

15-150 Fall 2020 Lecture 10 Stephen Brookes Type checking Type inference Polymorphism type benefits ... a static check provides a runtime guarantee static property runtime guarantee e has type t if e =>* v then v : t d

775 views • 49 slides
Pony for Fintech or How I Stopped Worrying and Learned to Love an Exotic Product Sylvan Clebsch

Pony for Fintech or How I Stopped Worrying and Learned to Love an Exotic Product Sylvan Clebsch

Pony for Fintech or How I Stopped Worrying and Learned to Love an Exotic Product Sylvan Clebsch QCon London 2016 What is Pony? Pony is an actor-model capabilities-secure native language @ponylang Freenode: #ponylang http://ponylang.org

735 views • 71 slides
Designing an ultra low-overhead multithreading runtime for Nim Mamy Ratsimbazafy Weave

Designing an ultra low-overhead multithreading runtime for Nim Mamy Ratsimbazafy Weave

Designing an ultra low-overhead multithreading runtime for Nim Mamy Ratsimbazafy Weave mamy@numforge.co https://github.com/mratsim/weave Hello! I am Mamy Ratsimbazafy During the day blockchain/Ethereum 2 developer (in Nim) During the night,

388 views • 37 slides
Scalable XQuery Type Matching Jens Teubner IBM T. J. Watson Research Center teubner@us.ibm.com

Scalable XQuery Type Matching Jens Teubner IBM T. J. Watson Research Center teubner@us.ibm.com

Scalable XQuery Type Matching Jens Teubner IBM T. J. Watson Research Center teubner@us.ibm.com Scalable XQuery Type Matching Type matching: Inspection of dynamic type information at runtime. 1 Compare runtime types of ( x 1 , . . . , x k )

299 views • 19 slides
Running PEPPHER benchmarks on top of the StarPU runtime system Cdric Augonnet Nicolas Collin

Running PEPPHER benchmarks on top of the StarPU runtime system Cdric Augonnet Nicolas Collin

1 Running PEPPHER benchmarks on top of the StarPU runtime system Cdric Augonnet Nicolas Collin Nathalie Furmento Raymond Namyst Samuel Thibault INRIA Bordeaux, LaBRI, Universit de Bordeaux 22 th January 2011 2 The StarPU runtime system

469 views • 23 slides
Type Introduction for Runtime Complexity Analysis Scienza e Ingegneria Universit degli Studi di

Type Introduction for Runtime Complexity Analysis Scienza e Ingegneria Universit degli Studi di

Type Introduction for Runtime Complexity Analysis Scienza e Ingegneria Universit degli Studi di Bologna University of Innsbruck Workshop on Termination, October 27, 2014 Martin Avanzini 1 (Joint work with Bertram Felgenhauer 2 ) 1 Dipartimento

935 views • 49 slides
Mixminion Designing a Type-III Anonymous Remailer Protocol Nick Mathewson nickm@freehaven.net

Mixminion Designing a Type-III Anonymous Remailer Protocol Nick Mathewson nickm@freehaven.net

Mixminion Designing a Type-III Anonymous Remailer Protocol Nick Mathewson nickm@freehaven.net Our Goals Fix holes in Mixmaster (Type-II) remailers Conservative design Working implementation; deployed network Our Adversary

447 views • 9 slides
Announcing the 2019 Pony Club WA Gear Checking Manual 2019 Bridging Document The manual is

Announcing the 2019 Pony Club WA Gear Checking Manual 2019 Bridging Document The manual is

Announcing the 2019 Pony Club WA Gear Checking Manual 2019 Bridging Document The manual is available for download (free) from Pony Club WA Gear Checking page Follow these steps to get there: 1. Pony Club WA website 2. Resources 3. Club

461 views • 10 slides
Celebrate and The Manton Foundation Matching Gift Campaign 1956 unmounted Pony Club Meeting

Celebrate and The Manton Foundation Matching Gift Campaign 1956 unmounted Pony Club Meeting

Celebrate and The Manton Foundation Matching Gift Campaign 1956 unmounted Pony Club Meeting The United States Pony Clubs, Inc. We must always remember that USPC is a non-profit educational organization and relies on the generosity of donors,

287 views • 10 slides
Le Learnin ings of f a Psychosocia ial l Approach when work rkin ing with ith Tort rture

Le Learnin ings of f a Psychosocia ial l Approach when work rkin ing with ith Tort rture

Le Learnin ings of f a Psychosocia ial l Approach when work rkin ing with ith Tort rture Vict ictim ims Heal ealin ing in in Exile ile . QPASTT March 27-28, 2018 argarcia@fordham.edu & Carlos M. Beistin Journeys Proposal/

817 views • 58 slides
CEMENTOS ARGOS First Half 2010 Results July 30 th , 2010 DISCLOSURE This document contains

CEMENTOS ARGOS First Half 2010 Results July 30 th , 2010 DISCLOSURE This document contains

CEMENTOS ARGOS First Half 2010 Results July 30 th , 2010 DISCLOSURE This document contains forward-looking statements relating to Cementos Argos S.A. and its subsidiaries (Argos) based upon management projections. These projections reflect

412 views • 23 slides
university of la rioja university of la rioja The University of La Rioja (UR) currently It is

university of la rioja university of la rioja The University of La Rioja (UR) currently It is

university of la rioja university of la rioja The University of La Rioja (UR) currently It is the only Higher Education institution teaches 7,500 students enrolled in one in the Autonomous Region of La Rioja of its 26 officially recognised

583 views • 12 slides
Essential Ingredients for Building a Shared Agent Network DAVID PORTEOUS EFINA Agent Banking

Essential Ingredients for Building a Shared Agent Network DAVID PORTEOUS EFINA Agent Banking

Essential Ingredients for Building a Shared Agent Network DAVID PORTEOUS EFINA Agent Banking Breakfast Series 19 September 2013 Outline What is a shared agent network? Different models Pros and cons A way forward for scale in Nigeria? 2

284 views • 26 slides
Practice Petals Zigzag Tip 16 (smaller star tip) Fill in outlines or cover entire side of

Practice Petals Zigzag Tip 16 (smaller star tip) Fill in outlines or cover entire side of

Practice Petals Zigzag Tip 16 (smaller star tip) Fill in outlines or cover entire side of cake or top of cupcake Works well with red velvet cupcakes because the crumbs stay away http://www.bakedecoratecelebrate.com/t

326 views • 4 slides
SuperMoneyFunTime Presents: What-Are-The-Statements-Palooza With Alex (DFS) and Ana (VP Finance)

SuperMoneyFunTime Presents: What-Are-The-Statements-Palooza With Alex (DFS) and Ana (VP Finance)

Cheesy Clip- (Its a party) Art SuperMoneyFunTime Presents: What-Are-The-Statements-Palooza With Alex (DFS) and Ana (VP Finance) What are Financial Statements? Cake! Lots of Cake! Explain it with Lets imagine You and your

472 views • 11 slides
How to Build a Transit Community: Engagement Tools Hendy D. Satya Marketing and Communications

How to Build a Transit Community: Engagement Tools Hendy D. Satya Marketing and Communications

How to Build a Transit Community: Engagement Tools Hendy D. Satya Marketing and Communications Strategist Foothill Transit H E N D Y S A T Y A Importance of Engagement H E N D Y S A T Y A Importance of Engagement ATTENTION POSITIVE LIGHT

309 views • 17 slides
FilterPresses TITANautomaticfjlterpress Cakestorage

FilterPresses TITANautomaticfjlterpress Cakestorage

FilterPresses TITANautomaticfjlterpress Cakestorage Leadingmechanicaldewateringsystem: thefilterpress . Filtercakedischarge Advantages of filter presses: High

454 views • 4 slides

More recommend