the design of mezzo
play

The design of Mezzo Franois Pottier Jonathan Protzenko INRIA CMU, - PowerPoint PPT Presentation

Oct 30, 2023 •30 likes •960 views

The design of Mezzo Franois Pottier Jonathan Protzenko INRIA CMU, Sep 2013 1 / 51 Outline Motivation Design principles Algebraic data structures Extra examples Aliasing Project status 2 / 51 Premise The types of OCaml, Haskell,

  1. The design of Mezzo François Pottier Jonathan Protzenko INRIA CMU, Sep 2013 1 / 51

  2. Outline Motivation Design principles Algebraic data structures Extra examples Aliasing Project status 2 / 51

  3. Premise The types of OCaml, Haskell, Java, C#, etc.: 3 / 51 • describe the structure of data, • but do not distinguish trees and graphs , • and do not control who has permission to read or write.

  4. Question Could a more ambitious static discipline: 4 / 51 • rule out more programming errors, • and enable new programming idioms, • while remaining reasonably simple and flexible ?

  5. Goals 5 / 51 We would like to rule out : • representation exposure; • data races; • violations of object protocols; and to enable : • gradual initialization; • type changes along with state changes; • (in certain cases) explicit memory re-use.

  6. Outline Motivation Design principles Algebraic data structures Extra examples Aliasing Project status 6 / 51

  7. Principle 1. Nothing is fixed Instead, in certain ways. 7 / 51 A variable x does not have a fixed type throughout its lifetime. • at each program point in the scope of x , • one may have zero, one, or more (static) permissions to use x

  8. Layout and ownership go hand in hand and describes certain access rights for this memory. 8 / 51 As a consequence, permissions describe layout and ownership . A permission of the form “ x @ t ” allows using x at type t . It describes the shape and extent of a heap fragment, rooted at x , In short, “to know about x ” is “to have access to x ” is “to own x ”.

  9. Principle 2. Just two access modes The system imposes a global invariant: at any time, access it (for reading and writing); permissions to access it (for reading). No counting. No fractions. 9 / 51 • if x is a mutable object, there exists at most one permission to • if x is an immutable object, there may exist arbitrarily many

  10. Some syntax and examples For instance, read/write access to the elements, which are integer cells. 10 / 51 • “ x @ list int ” provides (read) access to an immutable list of integers, rooted at x . • “ x @ mlist int ” provides (exclusive, read/write) access to a mutable list of integers at x . • “ x @ list (ref int) ” offers read access to the spine and

  11. Principle 3. Any (known) alias is as good as any other No “borrowing”. 11 / 51 An equality “ x = y ” is a permission, sugar for “ x @ (=y) ”. In its presence, “ x @ t ” can be turned into “ y @ t ”, and vice-versa.

  12. Control of duplication A value can be copied (always). Can a permission be copied? copied, as they imply exclusive access to part of the heap. 12 / 51 • “ x @ list int ” can be copied: read access can be shared. • “ x = y ” can be copied: equalities are forever. • “ x @ mlist int ” and “ x @ list (ref int) ” must not be One can always tell whether a permission is duplicable or affine .

  13. Control of aliasing: the bad Aliasing of mutable data is restricted. 13 / 51 let x = 0 in let y = ref x in let z = ( y , y ) in ... We have “ x @ int ” and “ y @ ref (=x) ” and “ z @ (=y, =y) ”. Thus, we have “ x @ int ” and “ y @ ref int ” and “ z @ (=y, =y) ”. We cannot deduce “ z @ (ref int, ref int) ”, as this reasoning step would require duplicating “ y @ ref int ”.

  14. Control of aliasing: the good separation at mutable data and agreement at immutable data. 14 / 51 let z : ( ref int , ref int ) = ... in let ( x , y ) = z in ... We have “ z @ (ref int, ref int) ” and “ z @ (=x, =y) ”. I.e., “ z @ (=x, =y) ” and “ x @ ref int ” and “ y @ ref int ”. We have an exclusive access token for each of x and y . There follows that these addresses must be distinct . Technically, the word “and” above is a conjunction * that requires

  15. Summary so far: the good Why is this a useful discipline? The uniqueness of read/write permissions: 15 / 51 • rules out representation exposure and data races; • allows the type of an object to vary with time.

  16. Summary so far: the bad Isn't this a restrictive discipline? Yes, it is. In our defense, 16 / 51 • there is no restriction on the use of immutable data; • there is an escape hatch that involves dynamic checks.

  17. Outline Motivation Design principles Algebraic data structures Extra examples Aliasing Project status 17 / 51

  18. Immutable lists The algebraic data type of immutable lists is defined as in ML: 18 / 51 data list a = | Nil | Cons { head : a ; tail : list a }

  19. Mutable lists To define a type of mutable lists, one adds a keyword: 19 / 51 data mutable mlist a = | MNil | MCons { head : a ; tail : mlist a }

  20. Permission analysis & refinement . . . . ...... 20 / 51 match xs with | MNil -> ... | MCons -> let x = xs . head in ... end

  21. Permission analysis & refinement . . . . . ..... 20 / 51 xs @ mlist a match xs with | MNil -> ... | MCons -> let x = xs . head in ... end

  22. Permission analysis & refinement . .... . .. . 20 / 51 . . match xs with | MNil -> xs @ MNil ... | MCons -> let x = xs . head in ... end

  23. Permission analysis & refinement . ... . ... . 20 / 51 . . match xs with | MNil -> ... | MCons -> xs @ MCons { head: a; tail: mlist a } let x = xs . head in ... end

  24. Permission analysis & refinement . .. . .... . . . 20 / 51 match xs with | MNil -> xs @ MCons { head: (=h); tail: (=t) } ... * h @ a | MCons -> * t @ mlist a let x = xs . head in ... end

  25. Permission analysis & refinement . . . ..... . . . 20 / 51 match xs with | MNil -> xs @ MCons { head = h; tail = t } ... * h @ a | MCons -> * t @ mlist a let x = xs . head in ... end

  26. Permission analysis & refinement . . ...... . . 20 / 51 . match xs with | MNil -> ... | MCons -> let x = xs . head in ... xs @ MCons { head = h; tail = t } end * h @ a * t @ mlist a * x = h

  27. Principles This illustrates two mechanisms: structural one. conjunction of permissions for the fields. These reasoning steps are reversible. 21 / 51 • A nominal permission can be unfolded and refined to a • A structural permission can be decomposed into a This means that “ xs @ list (ref a) ” denotes a list of pairwise distinct references.

  28. A recursive function This type should be understood as follows: By convention, the permissions demanded by a function are also 22 / 51 val length : [ a ] mlist a -> int • length requires one argument xs , along with the static permission “ xs @ mlist a ”. • length returns one result n , along with the static permission “ xs @ mlist a * n @ int ”. returned, unless the “ consumes ” keyword is used.

  29. A recursive function . ........ 23 / 51 val rec length_aux [ a ] ( accu : int , xs : mlist a ) : int = match xs with . | MNil -> . accu . | MCons -> . length_aux ( accu + 1, xs . tail ) . end val length [ a ] ( xs : mlist a ) : int = length_aux (0, xs )

  30. A recursive function . . . ....... 23 / 51 val rec length_aux [ a ] ( accu : int , xs : mlist a ) : int = match xs with . | MNil -> . xs @ mlist a accu . | MCons -> . length_aux ( accu + 1, xs . tail ) . end val length [ a ] ( xs : mlist a ) : int = length_aux (0, xs )

  31. A recursive function . .. . ...... 23 / 51 val rec length_aux [ a ] ( accu : int , xs : mlist a ) : int = match xs with . | MNil -> . xs @ MNil accu . | MCons -> . length_aux ( accu + 1, xs . tail ) . end val length [ a ] ( xs : mlist a ) : int = length_aux (0, xs )

  32. A recursive function . ... . ..... 23 / 51 val rec length_aux [ a ] ( accu : int , xs : mlist a ) : int = match xs with . | MNil -> . xs @ MNil accu . | MCons -> . length_aux ( accu + 1, xs . tail ) . end val length [ a ] ( xs : mlist a ) : int = length_aux (0, xs )

  33. A recursive function . .... . .... 23 / 51 val rec length_aux [ a ] ( accu : int , xs : mlist a ) : int = match xs with . | MNil -> . xs @ mlist a accu . | MCons -> . length_aux ( accu + 1, xs . tail ) . end val length [ a ] ( xs : mlist a ) : int = length_aux (0, xs )

  34. A recursive function . ... . ..... 23 / 51 val rec length_aux [ a ] ( accu : int , xs : mlist a ) : int = match xs with . xs @ MCons { head = h; tail = t } | MNil -> . h @ a accu . t @ mlist a | MCons -> . length_aux ( accu + 1, xs . tail ) . end val length [ a ] ( xs : mlist a ) : int = length_aux (0, xs )

  35. A recursive function . .. . ...... 23 / 51 val rec length_aux [ a ] ( accu : int , xs : mlist a ) : int = match xs with . xs @ MCons { head = h; tail = t } | MNil -> . h @ a accu . t @ mlist a | MCons -> . length_aux ( accu + 1, xs . tail ) . end val length [ a ] ( xs : mlist a ) : int = length_aux (0, xs )

  36. A recursive function . ....... . . 23 / 51 val rec length_aux [ a ] ( accu : int , xs : mlist a ) : int = match xs with . | MNil -> . xs @ MCons { head: a; tail: mlist a } accu . | MCons -> . length_aux ( accu + 1, xs . tail ) . end val length [ a ] ( xs : mlist a ) : int = length_aux (0, xs )

  37. A recursive function . ........ . 23 / 51 val rec length_aux [ a ] ( accu : int , xs : mlist a ) : int = match xs with . | MNil -> . xs @ mlist a accu . | MCons -> . length_aux ( accu + 1, xs . tail ) . end val length [ a ] ( xs : mlist a ) : int = length_aux (0, xs )

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

An overview of Mezzo Franois Pottier INRIA Bertinoro, June 2015 1 / 91 Acknowledgements

An overview of Mezzo Franois Pottier INRIA Bertinoro, June 2015 1 / 91 Acknowledgements

An overview of Mezzo Franois Pottier INRIA Bertinoro, June 2015 1 / 91 Acknowledgements Jonathan Protzenko, Thibaut Balabonski, Henri Chataing, Armal Guneau, Cyprien Mangin. 2 / 91 What is Mezzo? Try it out in your browser: Or

1.73k views • 169 slides
First Visit 1987 From Irish-American Mezzo to Chu Tian Scholar Tour of Beijing, Chang

First Visit 1987 From Irish-American Mezzo to Chu Tian Scholar Tour of Beijing, Chang

2/16/2014 First Visit 1987 From Irish-American Mezzo to Chu Tian Scholar Tour of Beijing, Chang Sha, Guang Zhou with Seoirse Bodley Lecture-Recital Programmes of Irish Melodies and A GIRL with text by Brendan Kennelly Hugh Lane

914 views • 17 slides
Mezzo: an experience report Franois Pottier Inria Paris Lausanne, October 2016 At the present

Mezzo: an experience report Franois Pottier Inria Paris Lausanne, October 2016 At the present

Mezzo: an experience report Franois Pottier Inria Paris Lausanne, October 2016 At the present time I think we are on the verge of discovering at last what programming languages should really be like. [...] for a really good programming

379 views • 34 slides
DISCOVER WHO WE ARE Restaurant Introduction Catering & Other Services Events &

DISCOVER WHO WE ARE Restaurant Introduction Catering & Other Services Events &

DISCOVER WHO WE ARE Restaurant Introduction Catering & Other Services Events & Private Dining Previous Cooperations Contacts (Click on the index to visit page) RESTAURANT INTRODUCTION The Concept 8 Otto e Mezzo

429 views • 21 slides
Design Patterns Applications Programming What is design patterns? The design patterns are

Design Patterns Applications Programming What is design patterns? The design patterns are

10/26/2011 G52APR Design Patterns Applications Programming What is design patterns? The design patterns are language- Design Patterns 1 independent strategies for solving common object-oriented design problems. Jiawei Li (Michael)

316 views • 8 slides
Design Principle 10: Design for Vragen Testability Testability Waarom is design

Design Principle 10: Design for Vragen Testability Testability Waarom is design

Design Principle 10: Design for Vragen Testability Testability Waarom is design noodzakelijk? Take steps to make testing easier g j g Design a program to automatically test the software Is design hetzelfde als programmeren?

327 views • 4 slides
Intelligent Autonomous Robot used to Collect Hazardous Material Group 5 Ben Bishop Jibu Abraham

Intelligent Autonomous Robot used to Collect Hazardous Material Group 5 Ben Bishop Jibu Abraham

Intelligent Autonomous Robot used to Collect Hazardous Material Group 5 Ben Bishop Jibu Abraham Steve Mezzo Tracy Shigemura Presentation Agenda Overview Project Requirements Detailed Description Program Concepts Sensors

444 views • 33 slides
1 Design Pattern Description Design Pattern Observer Name Problem: We want to

1 Design Pattern Description Design Pattern Observer Name Problem: We want to

OBJECT ARCHITECTURE What Is Architectural Design? DESIGN These slides continue with our example Choices Made In Architectural Design: application, based on the simplified OMT-based Components technique. High-Level Design Patterns

483 views • 4 slides
Stefano Chessa Informazioni generali Introduzione (2 ore, Chessa) Reti ad hoc (6 ore,

Stefano Chessa Informazioni generali Introduzione (2 ore, Chessa) Reti ad hoc (6 ore,

Stefano Chessa Informazioni generali Introduzione (2 ore, Chessa) Reti ad hoc (6 ore, Pelagatti) Standard IEEE 802.11 Protocolli di Accesso al Mezzo Protocolli di Routing Reti di sensori (8 ore, Chessa) Tecnologie

574 views • 42 slides
Design Patterns in Eiffel Dr. Till Bay design patterns? [Design Patterns] are

Design Patterns in Eiffel Dr. Till Bay design patterns? [Design Patterns] are

Design Patterns in Eiffel Dr. Till Bay design patterns? [Design Patterns] are descriptions of communicating objects and classes that are customized to solve a general design problem in a particular context. Design Patterns,

1.44k views • 69 slides
ME 645: MEMS: ME 645: MEMS: Design Fabrication Design Fabrication Design, Fabrication Design,

ME 645: MEMS: ME 645: MEMS: Design Fabrication Design Fabrication Design, Fabrication Design,

Lecture 11_12_13: PolyMUMPS (Multi User MEMS process) + Flexure mechanisms for MEMS Comb drives ME 645: MEMS: ME 645: MEMS: Design Fabrication Design Fabrication Design, Fabrication Design, Fabrication and Characterization and

624 views • 21 slides
SI SI SIMPLIFYING DESIGN SIMPLIFYING DESIGN MPLIFYING DESIGN MPLIFYING DESIGN TO

SI SI SIMPLIFYING DESIGN SIMPLIFYING DESIGN MPLIFYING DESIGN MPLIFYING DESIGN TO

University Park Pennsylvania Jason Jason McFad McFadden en Cons nstru tructio tion Manag Management SI SI SIMPLIFYING DESIGN SIMPLIFYING DESIGN MPLIFYING DESIGN MPLIFYING DESIGN TO CONSTRUCTION TO CONSTRUCTION TO

988 views • 19 slides
Preliminary Design Review Agenda Overall Vehicle Design Recovery Design Stability

Preliminary Design Review Agenda Overall Vehicle Design Recovery Design Stability

Preliminary Design Review Agenda Overall Vehicle Design Recovery Design Stability Payload Design Motor Selection Requirement Compliance Thrust to Weight Ratio Education Vehicle Subsystem Timeline Design

806 views • 35 slides
Discover Who We are Catering Previous Cooperations Contacts (Click on the index to visit page)

Discover Who We are Catering Previous Cooperations Contacts (Click on the index to visit page)

Restaurant Introduction Events & Private Dining Terrace Chefs Table Discover Who We are Catering Previous Cooperations Contacts (Click on the index to visit page) RESTAURANT INTRODUCTION The Concept 8 1/2 Otto e Mezzo BOMBANA

474 views • 21 slides
Design Innovation in Complex Systems Design: Integrating Design Thinking and Systems Thinking

Design Innovation in Complex Systems Design: Integrating Design Thinking and Systems Thinking

ASME International Design Engineering Technical Conference, Design Theory and Methodology (DTM) Conference, Presentation and Extended Abstract, 52938, August 2020. Design Innovation in Complex Systems Design: Integrating Design Thinking and

646 views • 5 slides
More Design Patterns Horstmann ch.10.1,10.4 Design patterns Structural design patterns

More Design Patterns Horstmann ch.10.1,10.4 Design patterns Structural design patterns

More Design Patterns Horstmann ch.10.1,10.4 Design patterns Structural design patterns Adapter Composite Decorator Proxy Behavioral design patterns Iterator Observer Strategy Template method

777 views • 16 slides
CS 6280: Fall 2008 Algorithm Design Review Guozhang Wang September 25, 2010 1 Graph Algorithms

CS 6280: Fall 2008 Algorithm Design Review Guozhang Wang September 25, 2010 1 Graph Algorithms

CS 6280: Fall 2008 Algorithm Design Review Guozhang Wang September 25, 2010 1 Graph Algorithms 1.1 Depth-First Search In this section we present DFS and one of its applications: finding Strongly Connected Components of a directed graph. One

325 views • 19 slides
KDiff3 - Diff-icult? Benefits of KDiff3 usage for programmers and "civilians" KDiff3

KDiff3 - Diff-icult? Benefits of KDiff3 usage for programmers and "civilians" KDiff3

KDiff3 - Diff-icult? Benefits of KDiff3 usage for programmers and "civilians" KDiff3 is a tool for comparison, synchronisation and merge of files and directories By Joachim Eibl KDE Community World Summit 2004 . p.1/12 Other

248 views • 12 slides
Your simulator for Programmable Matter Benoit PIRANDA, Andr NAZ, Julien BOURGEOIS

Your simulator for Programmable Matter Benoit PIRANDA, Andr NAZ, Julien BOURGEOIS

VisibleSim: Your simulator for Programmable Matter Benoit PIRANDA, Andr NAZ, Julien BOURGEOIS github.com/claytronics/visiblesim Dagstuhl Seminar,"Algorithmic Foundations of Programmable Matter" (16271) Schloss Dagstuhl -

881 views • 21 slides
CMSC 206 Binary Heaps Priority Queues Priority Queues n Priority: some property of an object

CMSC 206 Binary Heaps Priority Queues Priority Queues n Priority: some property of an object

CMSC 206 Binary Heaps Priority Queues Priority Queues n Priority: some property of an object that allows it to be prioritized with respect to other objects of the same type n Min Priority Queue: homogeneous collection of Comparables with

679 views • 38 slides
Na6onal Disaster Resilience Compe66on (NDRC) Phase 2 Walkthrough U.S. Department of

Na6onal Disaster Resilience Compe66on (NDRC) Phase 2 Walkthrough U.S. Department of

Na6onal Disaster Resilience Compe66on (NDRC) Phase 2 Walkthrough U.S. Department of Housing and Urban Development 1 Welcome Purpose Familiarize you with Phase 2 at a general level, including

582 views • 40 slides
L ECTURE 6 Urban Economic History March 4, 2015 I. O VERVIEW Central Issues What determines

L ECTURE 6 Urban Economic History March 4, 2015 I. O VERVIEW Central Issues What determines

Economics 210A Christina Romer Spring 2015

1.14k views • 62 slides
Software Practitioner Perspectives on Merge Conflicts and Resolutions Nicholas Nelson Why

Software Practitioner Perspectives on Merge Conflicts and Resolutions Nicholas Nelson Why

Software Practitioner Perspectives on Merge Conflicts and Resolutions Nicholas Nelson Why practitioner perspectives matter You cannot combine tens of conflicting commits its not sane. I have to jump around between tools and copy

457 views • 35 slides
7/27/2017 E ARLY M ATHEMATICS : O PPORTUNITY IS K EY National Council of Teachers of

7/27/2017 E ARLY M ATHEMATICS : O PPORTUNITY IS K EY National Council of Teachers of

7/27/2017 S UPPORTING E ARLY M ATHEMATICS WITH C REATIVE I NVESTIGATIONS B ASED ON B EST P RACTICES Angela Eckhoff Email: aeckhoff@odu.edu I N THIS SESSION WE WILL EXPLORE HOW TO SUPPORT TEACHERS TO : Identify the links between mathematics

406 views • 12 slides

More recommend