region based memory management in cyclone
play

Region-Based Memory Management in Cyclone Dan Grossman Cornell - PowerPoint PPT Presentation

Sep 08, 2023 •135 likes •442 views

Region-Based Memory Management in Cyclone Dan Grossman Cornell University June 2002 Joint work with: Greg Morrisett, Trevor Jim (AT&T), Michael Hicks, James Cheney, Yanling Wang Cyclone A safe C-level language Safe: Memory

  1. Region-Based Memory Management in Cyclone Dan Grossman Cornell University June 2002 Joint work with: Greg Morrisett, Trevor Jim (AT&T), Michael Hicks, James Cheney, Yanling Wang

  2. Cyclone • A safe C-level language • Safe: Memory safety, abstract data types must forbid dereferencing dangling pointers • C-Level: User controlled data representation and resource management cannot always resort to extra tags and checks for legacy and low-level systems June 2002 Cyclone Regions, PLDI 2

  3. Dangling pointers unsafe void bad() { int* x; • Access after lifetime if(1){ “undefined” int y; • Notorious problem int* z = &y; x = z; • Re-user of memory cannot } maintain invariants *x = 123; } High-level language solution: • Language definition: infinite lifetimes • Implementation: sound garbage collection (GC) June 2002 Cyclone Regions, PLDI 3

  4. Cyclone memory management • Flexible: GC, stack allocation, region allocation • Uniform: Same library code regardless of strategy • Static: no “has it been deallocated” run-time checks • Convenient: few explicit annotations • Exposed: users control lifetime of objects • Scalable: all analysis intraprocedural • Sound: programs never follow dangling pointers June 2002 Cyclone Regions, PLDI 4

  5. The plan from here • Cyclone regions • Basic type system – Restricting pointers – Increasing expressiveness – Avoiding annotations • Interaction with abstract types • Experience • Related and future work June 2002 Cyclone Regions, PLDI 5

  6. Regions • a.k.a. zones, arenas, … • Every object is in exactly one region • Allocation via a region handle • All objects in a region are deallocated simultaneously (no free on an object) An old idea with recent support in languages and implementations June 2002 Cyclone Regions, PLDI 6

  7. Cyclone regions • heap region: one, lives forever, conservatively GC’d • stack regions: correspond to local-declaration blocks {int x; int y; s } • dynamic regions: scoped lifetime, but growable region r { s } • allocation: rnew(r,3) , where r is a handle • handles are first-class – caller decides where, callee decides how much – no handles for stack regions June 2002 Cyclone Regions, PLDI 7

  8. The big restriction • Annotate all pointer types with a region name a (compile-time) type variable of region kind • int*`r means “pointer into the region created by the construct that introduced `r ” – heap introduces `H – L:… introduces `L – region r { s } introduces `r r has type region_t<`r> June 2002 Cyclone Regions, PLDI 8

  9. So what? Perhaps the scope of type variables suffices void bad() { • What region name for int*`?? x; type of x? if(1){ L:{int y; • `L is not in scope at int*`L z = &y; allocation point x = z; • good intuition for now } } • but simple scoping does *x = 123; not suffice in general } June 2002 Cyclone Regions, PLDI 9

  10. The plan from here • Cyclone regions • Basic type system – Restricting pointers – Increasing expressiveness – Avoiding annotations • Interaction with abstract types • Experience • Related and future work June 2002 Cyclone Regions, PLDI 10

  11. Region polymorphism Use parametric polymorphism just like you would for other type variables void swap<`r1,`r2>(int*`r1 x, int*`r2 y){ int tmp = *x; *x = *y; *y = tmp; } int*`r newsum<`r>(region_t<`r> r, int x, int y){ return rnew(r) (x+y); } June 2002 Cyclone Regions, PLDI 11

  12. Type definitions struct ILst<`r1,`r2> { int*`r1 hd; struct ILst<`r1,`r2> *`r2 tl; }; 10 11 0 81 June 2002 Cyclone Regions, PLDI 12

  13. Region subtyping If p points to an int in a region with name `r1 , is it ever sound to give p type int* `r2 ? • If so, let int*`r1 < int*`r2 • Region subtyping is the outlives relationship region r1 {… region r2 {…}…} • LIFO makes subtyping common • Function preconditions can include outlives constraints: void f(int*`r1, int*`r2 :`r1 > `r2); June 2002 Cyclone Regions, PLDI 13

  14. The plan from here • Cyclone regions • Basic type system – Restricting pointers – Increasing expressiveness – Avoiding annotations • Interaction with abstract types • Experience • Related and future work June 2002 Cyclone Regions, PLDI 14

  15. Who wants to write all that? • Intraprocedural inference – Determine region annotation based on uses – Same for polymorphic instantiation – Based on unification (as usual) – So we don’t need L: • Rest is by defaults – Parameter types get fresh region names (default is region-polymorphic with no equalities) – Everything else gets `H (return types, globals, struct fields) June 2002 Cyclone Regions, PLDI 15

  16. Example You write: void fact(int* result, int n) { int x = 1; if(n > 1) fact(&x,n-1); *result = x*n; } Which means: void fact<`r>(int*`r result, int n) { L: int x = 1; if(n > 1) fact<`L>(&x,n-1); *result = x*n; } June 2002 Cyclone Regions, PLDI 16

  17. Annotations for equalities void g(int*`r* pp, int*`r p) { *pp = p; } • Callee writes the equalities the caller must know • Caller writes nothing June 2002 Cyclone Regions, PLDI 17

  18. The plan from here • Cyclone regions • Basic type system – Restricting pointers – Increasing expressiveness – Avoiding annotations • Interaction with abstract types • Experience • Related and future work June 2002 Cyclone Regions, PLDI 18

  19. Existential types • Programs need first-class abstract types struct T { void (*f)(void*, int); void* env; }; • We use an existential type: // ∃α … struct T { <`a> void (*f)(`a, int); `a env; }; • struct T mkT(); could make a dangling pointer! Same problem occurs with closures or objects June 2002 Cyclone Regions, PLDI 19

  20. Our solution • “leak a region bound” struct T<`r> { <`a> :regions(`a) > `r void (*f)(`a, int); `a env; }; • Dangling pointers never dereferenced • Really we have a powerful effect system, but – Without using ∃ , no effect errors – With ∃ , use region bounds to avoid effect errors • See the paper June 2002 Cyclone Regions, PLDI 20

  21. Region-system summary • Restrict pointer types via region names • Add polymorphism, constructors, and subtyping for expressiveness • Well-chosen defaults to make it palatable • A bit more work for safe first-class abstract types • Validation: – Rigorous proof of type safety – 100KLOC of experience… June 2002 Cyclone Regions, PLDI 21

  22. Writing libraries • Client chooses GC, region, or stack • Adapted OCaml libraries (List, Set, Hashtable, …) struct L<`a,`r> {`a hd; struct L<`a,`r>*`r tl;}; typedef struct L<`a,`r>*`r l_t<`a,`r>; l_t<`b,`r> rmap(region_t<`r>,`b f(`a),l_t<`a>); l_t<`a,`r> imp_append(l_t<`a,`r>, l_t<`a,`r>); void app(`b f(`a), l_t<`a>); bool cmp(bool f(`a,`b), l_t<`a>, l_t<`b>); June 2002 Cyclone Regions, PLDI 22

  23. Porting code • about 1 region annotation per 200 lines • regions can work well (mini web server without GC) • other times LIFO is a bad match • other limitations (e.g., stack pointers in globals) June 2002 Cyclone Regions, PLDI 23

  24. Running code • No slowdown for networking applications • 1x to 3x slowdown for numeric applications – Not our target domain – Largely due to array-bounds checking (and we found bugs) • We use the bootstrapped compiler every day – GC for abstract syntax – Regions where natural – Address-of-locals where convenient – Extensive library use June 2002 Cyclone Regions, PLDI 24

  25. The plan from here • Cyclone regions • Basic type system – Restricting pointers – Increasing expressiveness – Avoiding annotations • Interaction with abstract types • Experience • Related and future work June 2002 Cyclone Regions, PLDI 25

  26. Related: regions • ML Kit [Tofte, Talpin, et al], GC integration [Hallenberg et al] – full inference (no programmer control) – effect variables for ∃ (not at source level) • Capability Calculus [Walker et al] – for low-level machine-generated code • Vault [DeLine, Fähndrich] – restricted region aliasing allows “must deallocate” • Direct control-flow sensitivity [Henglein et al.] – first-order types only • RC [Gay, Aiken] – run-time reference counts for inter-region pointers – still have dangling stack, heap pointers June 2002 Cyclone Regions, PLDI 26

  27. Related: safer C • LCLint [Evans], metal [Engler et al] – sacrifice soundness for fewer false-positives • SLAM [Ball et al], ESP [Das et al], Cqual [Foster] – verify user-specified safety policy with little/no annotation – assumes data objects are infinitely far apart • CCured [Necula et al] – essentially GC (limited support for stack pointers) – better array-bounds elimination, less support for polymorphism, changes data representation • Safe-C, Purify, Stackguard, … June 2002 Cyclone Regions, PLDI 27

  28. Future work • Beyond LIFO ordering • Integrate more dynamic checking (“is this a handle for a deallocated region”) • Integrate threads • More experience where GC is frowned upon June 2002 Cyclone Regions, PLDI 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Runtime support for region-based memory management in Mercury Quan Phan*, Zoltan Somogyi**,

Runtime support for region-based memory management in Mercury Quan Phan*, Zoltan Somogyi**,

Runtime support for region-based memory management in Mercury Quan Phan*, Zoltan Somogyi**, Gerda Janssens* * DTAI, KU Leuven, Belgium. ** Computer Science and Software Engineering Department, University of Melbourne, Australia. ISMM 2008

364 views • 25 slides
Towards Region-Based Memory Management for Go Matt Davis Peter Schachte, Zoltan Somogyi, and

Towards Region-Based Memory Management for Go Matt Davis Peter Schachte, Zoltan Somogyi, and

Towards Region-Based Memory Management for Go Matt Davis Peter Schachte, Zoltan Somogyi, and Harald Sndergaard mattdavis9@gmail.com, { schachte,zs,harald } @unimelb.edu.au Department of Computing and Information Systems and NICTA Victoria

403 views • 24 slides
Fast Escape Analysis for Region-Based Memory Management Guillaume Salagnac 1 , Sergio Yovine 1 ,

Fast Escape Analysis for Region-Based Memory Management Guillaume Salagnac 1 , Sergio Yovine 1 ,

Fast Escape Analysis for Region-Based Memory Management Guillaume Salagnac 1 , Sergio Yovine 1 , Diego Garbervetsky 2 salagnac@imag.fr, yovine@imag.fr, diegog@dc.uba.ar (1) Laboratoire Vrimag Grenoble France (2) School of Computer Science

525 views • 27 slides
Type and effect systems, Region-based memory management: Type technology for reasoning about

Type and effect systems, Region-based memory management: Type technology for reasoning about

+ + Type and effect systems, Region-based memory management: Type technology for reasoning about resources Fritz Henglein henglein@ { it.edu,diku.dk } The IT University of Copenhagen (from Aug. 1, 2002: DIKU, Univ. of Copenhagen) Slides

787 views • 64 slides
Semi-Automatic Region-Based Memory Management for Real-Time Java Embedded Systems G. Salagnac,

Semi-Automatic Region-Based Memory Management for Real-Time Java Embedded Systems G. Salagnac,

Semi-Automatic Region-Based Memory Management for Real-Time Java Embedded Systems G. Salagnac, C. Rippert, S. Yovine Verimag Lab. Universit Joseph Fourier Grenoble, France http://www-verimag.imag.fr/~salagnac salagnac@imag.fr G. Salagnac

1.19k views • 72 slides
Memory Management Memory Management 5A. Memory Management and Address Spaces 1. allocate/assign

Memory Management Memory Management 5A. Memory Management and Address Spaces 1. allocate/assign

4/12/2017 Memory Management Memory Management 5A. Memory Management and Address Spaces 1. allocate/assign physical memory to processes 5B. Simple Memory Allocation explicit requests: malloc (sbrk) implicit: program loading, stack

205 views • 8 slides
Memory Management Memory Management 5A. Memory Management and Address Spaces 1. allocate/assign

Memory Management Memory Management 5A. Memory Management and Address Spaces 1. allocate/assign

4/14/2018 Memory Management Memory Management 5A. Memory Management and Address Spaces 1. allocate/assign physical memory to processes 5B. Memory Allocation explicit requests: malloc (sbrk) implicit: program loading, stack extension

555 views • 9 slides
Lecture 5: Memory Management 1 / 54 Memory Management Administrivia Assignment 1 is due on

Lecture 5: Memory Management 1 / 54 Memory Management Administrivia Assignment 1 is due on

Memory Management Lecture 5: Memory Management 1 / 54 Memory Management Administrivia Assignment 1 is due on September 7th @ 11:59pm 2 / 54 Memory Management Poll https: // www.strawpoll.me / 20863490 3 / 54 Memory Management Recap

952 views • 54 slides
Memory management Part I Michel Schinz based on Erik Stenmans slides 20070330

Memory management Part I Michel Schinz based on Erik Stenmans slides 20070330

Memory management Part I Michel Schinz based on Erik Stenmans slides 20070330 Memory management The memory of a computer is a finite resource. Typical programs use a lot of memory over their lifetime, but not all of it at the

1.68k views • 149 slides
Memory management Part I Michel Schinz (based on Erik Stenmans slides) Advanced Compiler

Memory management Part I Michel Schinz (based on Erik Stenmans slides) Advanced Compiler

Memory management Part I Michel Schinz (based on Erik Stenmans slides) Advanced Compiler Construction / 2006-04-01 Why memory management? The memory of a computer is a finite resource. Typical programs use a lot of memory over their

582 views • 47 slides
28.05.04 09:50 Memory Management The computer memory is a limited resource so the Memory

28.05.04 09:50 Memory Management The computer memory is a limited resource so the Memory

28.05.04 09:50 Memory Management The computer memory is a limited resource so the Memory Management memory use of programs has to be managed in some way. Memory Management The memory management is usually performed by a runtime system

782 views • 13 slides
JMA/ WMO WORKSHOP ON EFFECTI VE TROPI CAL CYCLONE WARNI NG I N SOUTHEAST ASI A TROPI CAL CYCLONE

JMA/ WMO WORKSHOP ON EFFECTI VE TROPI CAL CYCLONE WARNI NG I N SOUTHEAST ASI A TROPI CAL CYCLONE

JMA/ WMO WORKSHOP ON EFFECTI VE TROPI CAL CYCLONE WARNI NG I N SOUTHEAST ASI A TROPI CAL CYCLONE MONI TORI NG I N LAO PDR TOKYO, JAPAN 11 14 March 2014 Ministry of Natural Resource and Environment (MONRE) Department of Meteorology and

225 views • 18 slides
Cyclone A Very Short Introduction Dan Grossman Cornell University Computer Science Cyclone

Cyclone A Very Short Introduction Dan Grossman Cornell University Computer Science Cyclone

Cyclone A Very Short Introduction Dan Grossman Cornell University Computer Science Cyclone Very Short Introduction, June 2001 Cyclone in One Slide A safe, convenient, and modern language/compiler at the C level of abstraction Safe:

69 views • 6 slides
Memory Management Memory Management Memory a linear array of bits, bytes, words, pages ... -

Memory Management Memory Management Memory a linear array of bits, bytes, words, pages ... -

CS510 Operating System Foundations Jonathan Walpole Memory Management Memory Management Memory a linear array of bits, bytes, words, pages ... - Each byte is named by a unique memory address - Holds instructions and data for OS and user

761 views • 56 slides
Dynamic Memory Faculty of Computer Science Dalhousie University Management Winter 2019 The

Dynamic Memory Faculty of Computer Science Dalhousie University Management Winter 2019 The

CSCI 2132: Software Development Norbert Zeh Dynamic Memory Faculty of Computer Science Dalhousie University Management Winter 2019 The Heap Memory region where we can freely request memory malloc : Request a chunk of heap memory free :

1.03k views • 17 slides
Kernel level memory management 1. The very base on boot vs memory management 2. Memory Nodes

Kernel level memory management 1. The very base on boot vs memory management 2. Memory Nodes

Advanced Operating Systems MS degree in Computer Engineering University of Rome Tor Vergata Lecturer: Francesco Quaglia Kernel level memory management 1. The very base on boot vs memory management 2. Memory Nodes (UMA vs NUMA) 3. x86

1.17k views • 115 slides
Opposite hemispheric asymmetries observed in the ionospheric F- and topside regions Elvira

Opposite hemispheric asymmetries observed in the ionospheric F- and topside regions Elvira

Opposite hemispheric asymmetries observed in the ionospheric F- and topside regions Elvira Astafyeva 1 Irina Zakharenkova 1 Eelco Doornbos 2 1 Institut de Physique du Globe de Paris, Paris, France astafyeva@ipgp.fr 2 Delft University of

577 views • 18 slides
Human Factors in the Coming Age of Driverless Vehicle Jibo He, Ph.D., Associate Professor

Human Factors in the Coming Age of Driverless Vehicle Jibo He, Ph.D., Associate Professor

Human Factors in the Coming Age of Driverless Vehicle Jibo He, Ph.D., Associate Professor Department of Psychology Investment Partner, iBeeHub Incubator Jibo.He@Wichita.edu 1 2 2 About Jibo He 3 4 4 About Human Automation Interaction

567 views • 29 slides
Interest points CSE 576 Ali Farhadi Many slides from

Interest points CSE 576 Ali Farhadi Many slides from

Interest points CSE 576 Ali Farhadi Many slides from Steve Seitz, Larry Zitnick How can we find corresponding points? Not always easy NASA Mars Rover images Answer below (look for

602 views • 34 slides
Software development for iblink Yuyichen 2017.May Contents Iblink 1 2

Software development for iblink Yuyichen 2017.May Contents Iblink 1 2

Software development for iblink Yuyichen 2017.May Contents Iblink 1 2 Existing program Advanced design 3 4 Future work Q&amp;A 5 https://learn.adafruit.com/diy-wearable-pi-near-eye-kopin-video-glasses Iblin blink Acqu

413 views • 17 slides
The Mobile Money Revolution in Kenya: Can the Promise be Fulfilled? An Efficient Financial

The Mobile Money Revolution in Kenya: Can the Promise be Fulfilled? An Efficient Financial

The Mobile Money Revolution in Kenya: Can the Promise be Fulfilled? An Efficient Financial System Decades of research: efficient financial systems are key to economic growth and poverty reduction One major reason financial markets in the

899 views • 23 slides
Lecture 27: Pot-Pourri Todays topics: Consistency Models Shared memory vs

Lecture 27: Pot-Pourri Todays topics: Consistency Models Shared memory vs

Lecture 27: Pot-Pourri Todays topics: Consistency Models Shared memory vs message-passing Simultaneous multi-threading (SMT) GPUs Accelerators Disks and reliability 1 Coherence Vs. Consistency Recall that

630 views • 31 slides
Statistical Methods and State of the Techniques in Exposure Modeling Howard Chang Department of

Statistical Methods and State of the Techniques in Exposure Modeling Howard Chang Department of

Statistical Methods and State of the Techniques in Exposure Modeling Howard Chang Department of Biostatistics and Bioinformatics Emory University howard.chang@emory.edu Different Exposure Modeling Goals Estimate exposure retrospectively

261 views • 22 slides
Dependently Typed Programming with Finite Sets Denis Firsov and Tarmo Uustalu Institute of

Dependently Typed Programming with Finite Sets Denis Firsov and Tarmo Uustalu Institute of

Dependently Typed Programming with Finite Sets Denis Firsov and Tarmo Uustalu Institute of Cybernetics at TUT November 13, 2015 1 / 67 Outline The problem and motivation Different notions of finiteness Pragmatic finite subsets Approaches to

860 views • 57 slides

More recommend