safe systems programming
play

Safe Systems Programming in C# and .NET Joe Duffy - PowerPoint PPT Presentation

Dec 06, 2023 •47 likes •537 views

Safe Systems Programming in C# and .NET Joe Duffy joeduffyblog.com @xjoeduffyx joeduffy@acm.org Introduction Systems? Anywhere youre apt to think about bits, bytes, instructions, and cycles Demanding performance

  1. Safe Systems Programming in C# and .NET Joe Duffy joeduffyblog.com · @xjoeduffyx · joeduffy@acm.org

  2. Introduction

  3. “Systems”? • Anywhere you’re apt to think about “bits, bytes, instructions, and cycles” • Demanding performance and reliability requirements • Classically meant “interacts with hardware,” requiring C and unsafe code • Abstraction has shifted upwards thanks to concurrency and cloud; security is more important now than ever • Many scenarios: operating systems, drivers, tools, libraries, cloud infrastructure, web servers, micro services and their frameworks, …

  4. Why C#? • Productivity and ease of use • Built-in safety: fewer inherent security and reliability risks • Powerful async and concurrency models • Momentum, mature ecosystem of tools and libraries

  5. Why Not C#? • Garbage collection • Allocation-rich APIs and patterns • Error model that makes reliability challenging • Concurrency is based on unsafe multithreading

  6. This Talk • We are making progress on all of the above • New C# and library features • Patterns that you can apply today, enforce w/ Roslyn Analyzers • Advances in code generation technologies • All open source, on GitHub, and developed with the community

  7. Performance

  8. Code Generation • A spectrum of code generation Just In Time • JIT: fast compile times, simple, decent code quality • AOT: best code quality, slower compile times, more complex deployment model • Hybrid: pick and choose, let the system Ahead of Time adaptively recompile (future)

  9. Code Generation R2R x86 RyuJIT JIT C# AOT IL Compiler x64 AOT LLILC ARM32 LLVM LIR ARM64 CoreCLR CoreRT Windows Mac OS X Linux …

  10. Optimizations • Inlining • SSA and global value numbering • Flowgraph and loop analysis • Common subexpression elimination • Copy/constant propagation • Dead code elimination • Range analysis • Devirtualization • Loop invariant code hoisting • Generic sharing • SIMD and vectorization • Stack allocation (work in progress)

  11. Ex. Inlining int a = …, b = …; Swap<int>(ref a, ref b); static void Swap<T>(ref T a, ref T b) { T tmp = a; a = b; b = tmp; } Calls are not cheap: new stack frame, save return address, save registers that might be overwritten, call, restore Adds a lot of waste to leaf-level functions (10s of cycles)

  12. Ex. Inlining int a = …, b = …; int tmp = a; a = b; b = tmp;

  13. Ex. Range Analysis int[] elems = …; for (int i = 0; i < elems.Length ; i++) { elems[i] ++; } Loop “obviously” never goes out of bounds But a naive compiler will do an induction check (i < elems.Length) plus a bounds check (elems[i]) on every iteration!

  14. Ex. Range Analysis int[] elems = …; for (int i = 0; i < elems.Length ; i++) { elems[i] ++; ; Initialize induction variable to 0: } 3D45: 33 C0 xor eax,eax ; Put bounds into EDX: 3D58: 8B 51 08 mov edx,dword ptr [rcx+8] ; Check that EAX is still within bounds; jump if not: 3D5B: 3B C2 cmp eax,edx 3D5D: 73 13 jae 3D72 ; Compute the element address and store into it: 3D5F: 48 63 D0 movsxd rdx,eax 3D62: 89 44 91 10 mov dword ptr [rcx+rdx*4+10h],eax ; Increment the loop induction variable: 3D66: FF C0 inc eax ; If still in bounds, then jump back to the loop beginning: 3D68: 83 F8 64 cmp eax,64h 3D6B: 7C EB jl 3D58 ; ... ; Error routine: 3D72: E8 B9 E2 FF FF call 2030

  15. Ex. Range Analysis int[] elems = …; for (int i = 0; i < elems.Length ; i++) { elems[i]++; ; Initialize induction variable to 0: } 3D95: 33 C0 xor eax,eax ; Compute the element address and store into it: 3D97: 48 63 D0 movsxd rdx,eax 3D9A: 89 04 91 mov dword ptr [rcx+rdx*4],eax ; Increment the loop induction variable: 3D9D: FF C0 inc eax ; If still in bounds, then jump back to the loop beginning: 3D9F: 83 F8 64 cmp eax,64h 3DA2: 7C F3 jl 3D97

  16. Ex. Stack Allocation string name = "Alexander Hamilton"; List<Customer> custs = …; int index = custs.IndexOf(c => c.Name == name); int IndexOf(Func<T, bool> p) { for (int i = 0; i < this.count; i++) { if (p(this[i])) return i; } return -1; }

  17. Ex. Stack Allocation string name = "Alexander Hamilton"; List<Customer> custs = …; int index = custs.IndexOf( c => c.Name == name ); Stack Heap p <lambda> int IndexOf(Func<T, bool> p) { <closure> name for (int i = 0; i < this.count; i++) { if (p(this[i])) <func> return i; } return -1; Allocates up to 2 objects (lambda+captured stack frame) }

  18. Ex. Stack Allocation string name = "Alexander Hamilton"; List<Customer> custs = …; int index = custs.IndexOf(c => c.Name == name); Stack p int IndexOf(Func<T, bool> p) { <lambda> for (int i = 0; i < this.count; i++) { <closure> name if (p(this[i])) return i; <func> } return -1; Allocates up to 2 objects (lambda+captured stack frame) Automatic escape analysis can determine ‘p’ doesn’t escape IndexOf }

  19. Ex. Stack Allocation string name = "Alexander Hamilton"; List<Customer> custs = …; int index = custs.IndexOf(c => c.Name == name); Stack p int IndexOf(Func<T, bool> p) { <lambda> for (int i = 0; i < this.count; i++) { <closure> name if (p(this[i])) return i; <func> } return -1; Allocates up to 2 objects (lambda+captured stack frame) Automatic escape analysis can determine ‘p’ doesn’t escape IndexOf }

  20. Ex. Stack Allocation string name = "Alexander Hamilton"; List<Customer> custs = …; int index = custs.IndexOf(c => c.Name == name); Stack p int IndexOf( [Scoped] Func<T, bool> p) { <lambda> for (int i = 0; i < this.count; i++) { <closure> name if (p(this[i])) return i; <func> } return -1; Allocates up to 2 objects (lambda+captured stack frame) Automatic escape analysis can determine ‘p’ doesn’t escape IndexOf }

  21. Ex. Stack Allocation string name = "Alexander Hamilton"; List<Customer> custs = …; int index = -1; Stack for (int i = 0; i < custs.count; i++) { name if (custs[i].Name == name) { index = i; break; } } Allocates up to 2 objects (lambda+captured stack frame) Automatic escape analysis can determine ‘p’ doesn’t escape IndexOf Best case, IndexOf is inlined, zero allocations, no virtual call!

  22. Memory

  23. CPU, Cache, Memory Latency numbers every programmer should know L1 cache reference ......................... 0.5 ns Branch mispredict ............................ 5 ns L2 cache reference ........................... 7 ns Mutex lock/unlock ........................... 25 ns Main memory reference ...................... 100 ns Compress 1K bytes with Zippy ............. 3,000 ns = 3 µs Send 2K bytes over 1 Gbps network ....... 20,000 ns = 20 µs SSD random read ........................ 150,000 ns = 150 µs Read 1 MB sequentially from memory ..... 250,000 ns = 250 µs Round trip within same datacenter ...... 500,000 ns = 0.5 ms Read 1 MB sequentially from SSD* ..... 1,000,000 ns = 1 ms Disk seek ........................... 10,000,000 ns = 10 ms Read 1 MB sequentially from disk .... 20,000,000 ns = 20 ms Send packet CA->Netherlands->CA .... 150,000,000 ns = 150 ms L1i/d$: 32KB, L2: 256KB, L3: 8MB* Summary: Instructions matter; memory matters more (and I/O dwarfs them all…) * Intel i7 “Haswell” processor cache sizes

  24. CPU, Cache, Memory Latency numbers every programmer should know L1 cache reference ......................... 0.5 ns Branch mispredict ............................ 5 ns L2 cache reference ........................... 7 ns Mutex lock/unlock ........................... 25 ns Main memory reference ...................... 100 ns Compress 1K bytes with Zippy ............. 3,000 ns = 3 µs Send 2K bytes over 1 Gbps network ....... 20,000 ns = 20 µs SSD random read ........................ 150,000 ns = 150 µs Read 1 MB sequentially from memory ..... 250,000 ns = 250 µs Round trip within same datacenter ...... 500,000 ns = 0.5 ms Read 1 MB sequentially from SSD* ..... 1,000,000 ns = 1 ms } GC Pause Disk seek ........................... 10,000,000 ns = 10 ms Read 1 MB sequentially from disk .... 20,000,000 ns = 20 ms Send packet CA->Netherlands->CA .... 150,000,000 ns = 150 ms L1i/d$: 32KB, L2: 256KB, L3: 8MB* Summary: Instructions matter; memory matters more (and I/O dwarfs them all…; and so does GC) * Intel i7 “Haswell” processor cache sizes

  25. Garbage Collection • Generational, compacting garbage collector • Concurrent background scanning for automatically reduced pause times • Manual “low pause” regions (LowLatency) • Parallel collector for server workloads; in .NET 4.5, concurrent+parallel in harmony * https://blogs.msdn.microsoft.com/dotnet/2012/07/20/the-net-framework-4-5-includes-new-garbage-collector-enhancements-for-client-and-server-apps/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Flexible and Type-Safe Skeleton Programming for Heterogeneous Parallel Systems August Ernstsson Lu

Flexible and Type-Safe Skeleton Programming for Heterogeneous Parallel Systems August Ernstsson Lu

EXCESS workshop August 26, 2016 (From HLPP 2016, updated) Flexible and Type-Safe Skeleton Programming for Heterogeneous Parallel Systems August Ernstsson Lu Li Christoph Kessler {firstname.lastname}@liu.se Linkping University, Sweden

554 views • 37 slides
Aaron Turon Mozilla Research C/C++ ML/Haskell Rust Safe systems programming Why

Aaron Turon Mozilla Research C/C++ ML/Haskell Rust Safe systems programming Why

Aaron Turon Mozilla Research C/C++ ML/Haskell Rust Safe systems programming Why Mozilla? Browsers need control . Browsers need safety . Servo: Next-generation browser built in Rust. C++ What is control? void example() {

2.01k views • 174 slides
Systems Programming Programming Systems First steps in Java Telematics Engineering M. Carmen

Systems Programming Programming Systems First steps in Java Telematics Engineering M. Carmen

Systems Programming Programming Systems First steps in Java Telematics Engineering M. Carmen Fernndez Panadero &lt;mcfp@it.uc3m.es&gt; Scenary I: Install and configure the environment Today is your first day at work in the programming

1.04k views • 75 slides
1 Rust A new systems programming language 1.0 was released on May 15th been in

1 Rust A new systems programming language 1.0 was released on May 15th been in

1 Rust A new systems programming language 1.0 was released on May 15th been in development 5+ years releases every 6 weeks Pursuing the trifecta: safe, concurrent, fast Gone through many radical iterations Development is

2.6k views • 107 slides
Introduction Systems Design &amp; Programming CMPE 310 CMPE 310: Systems Design and Programming

Introduction Systems Design &amp; Programming CMPE 310 CMPE 310: Systems Design and Programming

Introduction Systems Design &amp; Programming CMPE 310 CMPE 310: Systems Design and Programming Instructor: Chintan Patel Text: Barry B. Brey, 'The Intel Microprocessors' Eighth Edition, Pearson/Prentice Hall (2009). Supplementary text:

551 views • 18 slides
CMPSC 311- Introduction to Systems Programming Module: Systems Programming Professor Patrick

CMPSC 311- Introduction to Systems Programming Module: Systems Programming Professor Patrick

CMPSC 311- Introduction to Systems Programming Module: Systems Programming Professor Patrick McDaniel Fall 2015 CMPSC 311 - Introduction to Systems Programming WARNING Warning: for those not in the class, there is an unusually large number

762 views • 29 slides
CMPSC 311- Introduction to Systems Programming Module: Systems Programming Professor Patrick

CMPSC 311- Introduction to Systems Programming Module: Systems Programming Professor Patrick

CMPSC 311- Introduction to Systems Programming Module: Systems Programming Professor Patrick McDaniel Fall 2016 CMPSC 311 - Introduction to Systems Programming Assignment #0 See it, do it CMPSC 311 - Introduction to Systems Programming

427 views • 30 slides
DATABASE SYSTEMS Introduction to web programming Database Systems Course, 2016 AGENDA FOR TODAY

DATABASE SYSTEMS Introduction to web programming Database Systems Course, 2016 AGENDA FOR TODAY

DATABASE SYSTEMS Introduction to web programming Database Systems Course, 2016 AGENDA FOR TODAY Client side programming HTML CSS Javascript Server side programming: PHP Installing a local web-server Basic PHP usage DB programming with PHP

1.04k views • 63 slides
1 Outline Orbital Insertion Example Model-based Programming Turn camera off and engine on

1 Outline Orbital Insertion Example Model-based Programming Turn camera off and engine on

Programming Long-lived Embedded Systems With Complex Autonomic Processes Model-based Programming: Controlling Embedded Systems by Reasoning about Hidden State Brian C. Williams And Michel Ingham Artificial Intelligence and Space Systems Labs

551 views • 7 slides
Real Real- -Time Systems Time Systems Low- Low -level programming level programming Low-

Real Real- -Time Systems Time Systems Low- Low -level programming level programming Low-

EDA222/DIT160 Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #6 Updated 2009-02-01 Real Real- -Time Systems Time Systems Low- Low -level programming level programming Low- Low -level programming in Ada 95 enables writing level

223 views • 7 slides
Network Programming Network Programming as Programming across Machine Boundaries The

Network Programming Network Programming as Programming across Machine Boundaries The

CPSC-313: Introduction to Computer Systems Networking Programming Network Programming Network Programming as Programming across Machine Boundaries The Sockets API Reliable Communication Channels: TCP Dangerous at any Speed;

552 views • 14 slides
DATABASE SYSTEMS The very basics of Web programming Database Systems Course BEFORE WE START

DATABASE SYSTEMS The very basics of Web programming Database Systems Course BEFORE WE START

DATABASE SYSTEMS The very basics of Web programming Database Systems Course BEFORE WE START This lecture is an overview of the very complicated world of web programming. If you are a (very) experienced web developer - take a 2.5hr break

1.43k views • 74 slides
Real- Real -time systems time systems Real- Real -time programming time programming

Real- Real -time systems time systems Real- Real -time programming time programming

EDA222/DIT160 Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #2 Updated 2009-01-18 Real- Real -time systems time systems Real- Real -time programming time programming Recommended programming method: Recommended programming method:

251 views • 8 slides
Lecture 2/3 : Standard ML A type-safe language that embodies many innovative ideas in language

Lecture 2/3 : Standard ML A type-safe language that embodies many innovative ideas in language

CS6202: Advanced Topics in Programming Languages and Systems Lecture 2/3 : Standard ML A type-safe language that embodies many innovative ideas in language design. CS6202 ML 1 Standard ML Standard ML Great programming language

1.35k views • 76 slides
Cyclone: Safe Programming at the C Level of Abstraction Dan Grossman Cornell University Joint

Cyclone: Safe Programming at the C Level of Abstraction Dan Grossman Cornell University Joint

Cyclone: Safe Programming at the C Level of Abstraction Dan Grossman Cornell University Joint work with: Trevor Jim (AT&amp;T), Greg Morrisett, Michael Hicks (Maryland), James Cheney, Yanling Wang A safe C-level language Cyclone is a

860 views • 83 slides
Internet Systems Programming NFS: Protocols, Programming, and Implementation Erez Zadok

Internet Systems Programming NFS: Protocols, Programming, and Implementation Erez Zadok

Internet Systems Programming NFS: Protocols, Programming, and Implementation Erez Zadok ezk@cs.columbia.edu October 25, 1999 The BIG Picture portmap biod NFS Client (kernel) mountd process lockd NFS_READ read() RPC XDR XDR RPC

469 views • 15 slides
2016 Investor Day AerCap Holdings N.V. November 16, 2016 Disclaimer Incl. Forward Looking

2016 Investor Day AerCap Holdings N.V. November 16, 2016 Disclaimer Incl. Forward Looking

2016 Investor Day AerCap Holdings N.V. November 16, 2016 Disclaimer Incl. Forward Looking Statements &amp; Safe Harbor This presentation contains certain statements, estimates and forecasts with correct. In light of these risks, uncertainties

1.16k views • 76 slides
FINCANTIERI Investor Presentation Trieste, February 2017 Safe Harbor Statement This

FINCANTIERI Investor Presentation Trieste, February 2017 Safe Harbor Statement This

FINCANTIERI Investor Presentation Trieste, February 2017 Safe Harbor Statement This Presentation contains certain forward-looking statements. Forward-looking statements concern future circumstances and results and other statements that are not

954 views • 51 slides
Chorus Aviation Overview November 19, 2019 D e l i v e r i n g r e g i o n a l a v i a t i o n

Chorus Aviation Overview November 19, 2019 D e l i v e r i n g r e g i o n a l a v i a t i o n

Chorus Aviation Overview November 19, 2019 D e l i v e r i n g r e g i o n a l a v i a t i o n t o t h e w o r l d TSX: CHR Caution regarding forward-looking information This presentation contains forward-looking information as

929 views • 46 slides
Chorus Aviation Overview June 25, 2019 D e l i v e r i n g r e g i o n a l a v i a t i o n t o

Chorus Aviation Overview June 25, 2019 D e l i v e r i n g r e g i o n a l a v i a t i o n t o

Chorus Aviation Overview June 25, 2019 D e l i v e r i n g r e g i o n a l a v i a t i o n t o t h e w o r l d TSX: CHR Caution regarding forward-looking information This presentation contains forward-looking information as

844 views • 41 slides
FLY Leasing Limited May 2015 Caution Concerning Forward-Looking Statements This presentation

FLY Leasing Limited May 2015 Caution Concerning Forward-Looking Statements This presentation

FLY Leasing Limited May 2015 Caution Concerning Forward-Looking Statements This presentation contains &quot;forward-looking statements&quot; within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements

643 views • 17 slides
HEALTH AND AGING IN ALL POLICIES : EXPERIENCES AND CHALLENGEs MERI Koivusalo, Prof Global

HEALTH AND AGING IN ALL POLICIES : EXPERIENCES AND CHALLENGEs MERI Koivusalo, Prof Global

HEALTH AND AGING IN ALL POLICIES : EXPERIENCES AND CHALLENGEs MERI Koivusalo, Prof Global Health and Development, Tampere University CHANGING POPULATION-LEVEL RIS K GEOFFREY ROS E S PREVENTION THEOR Y S ource for picture:https:/

466 views • 11 slides
The Secondary Market: A Panacea for the I lliquidity in Private Equity I nvestm ents? Peter

The Secondary Market: A Panacea for the I lliquidity in Private Equity I nvestm ents? Peter

For the exclusive use of attendees at the CFA Conference and m ay not be redistributed. The Secondary Market: A Panacea for the I lliquidity in Private Equity I nvestm ents? Peter Cornelius October 23, 2014 Trade Secret and Strictly

824 views • 47 slides
A Mentorship Program, But Way Sicker Than Your Average About the Company Founders New Girl On The

A Mentorship Program, But Way Sicker Than Your Average About the Company Founders New Girl On The

A Mentorship Program, But Way Sicker Than Your Average About the Company Founders New Girl On The Block: From Shy Girl to Fly Girl is a mentorship program, but way Life &amp; Career Strategist sicker than your average. Its a go -to resource

412 views • 12 slides

More recommend