Type Systems for Region-based Memory Management

Matthew Fluet

Greg Morrisett & Amal Ahmed

Harvard University

Memory Management

Dynamic allocation pervasive in computation

Memory Management

Dynamic allocation pervasive in computation Range of methods for managing memory

Memory Management

– malloc/free efficient, but tedious and error prone

Memory Management

– garbage collection transparent and safe, but (can be) inefficient

Memory Management

– regions

– garbage collection transparent and safe, but (can be) inefficient

Region-based Memory Management

Operationally– Memory is divided regions (denoted by r, , …)– Objects are individually allocated in a region– All objects in a region are deallocated together

Region-based Memory Management

Runtime Organization– Regions are linked lists of pages– Arbitrary intra- and inter-region references– Similar to arena-style allocators

Region handles

Application: Cyclone

Cyclone Safe-C Project– type-safety– with the “virtues” of C

low-level interface with manifest cost model

Cyclone Safe-C Project– type-safety– with the “virtues” of C

low-level interface with manifest cost model

– range of memory management options regions are an organizing principle

MediaNET– TCP benchmark (packet forwarding)– Cyclone v.0.1

High water mark: 840 KB 130 collections Basic throughput: 50 MB/s

– Cyclone v.0.5 High water mark: 8 KB 0 collections Basic throughput: 74MB/s

Cyclone: Regions

Region varietyAllocation

(objects)

DeallocationAliasing

(objects)(what) (when)

Stack static

whole region

exit of lexical scope

unrestricted

Lexical

dynamic

Dynamic manual

Heap (`H)

single objects

automatic(BDW GC)

Unique (`U)manual restricted

Ref-counted (`RC)

Cyclone: Regions

(objects)

Stack static

whole region

unrestricted

Lexical

dynamic

Dynamic manual

Heap (`H)

single objects

automatic (BDW GC)

Ref-counted (`RC)

Meta-theory of Cyclone is a nightmare!!

Cyclone: Regions

(objects)

Stack static

whole region

unrestricted

Lexical

dynamic

Dynamic manual

Heap (`H)

single objects

automatic (BDW GC)

Ref-counted (`RC)

Ultimate Goal: simple model where we can easily encode the key features of Cyclone in a target

language with simpler meta-theory

Cyclone: Regions

(objects)

Stack static

whole region

unrestricted

Lexical

dynamic

Dynamic manual

Heap (`H)

single objects

automatic (BDW GC)

Ref-counted (`RC)

Today’s Goal: Three type systems for region-based languages,

culminating with a fairly good approximation of Cyclone’s features

Outline

Introduction Type-and-Effect System (Tofte-Talpin) Monadic Type System (FRGN)

– Translation Sketch

Substructural Type System (rgnURAL)– Translation Sketch

Conclusion

Type Systems for Regions

Memory is divided into regions– type of handle for region r

Type Systems for Regions

Memory is divided into regions– type of handle for region r

Objects are individually allocated in a region– operations: new, read, write– type of object of type allocated in region r

Tofte-Talpin Region Calculus [’94]

Regions are created and destroyedwith a lexically scoped construct:

letregion ,h in e All objects in region are deallocated

together at the end of ’s scope

Regions are created and destroyedwith a lexically scoped construct:

letregion ,h in e All objects in region are deallocated

together at the end of ’s scope

Regions have LIFO lifetimes Live regions can be organized as a stack

Regions are created and destroyedwith a lexically scoped construct

letregion 1,h1 in

let a = new h1 1 in

let c = letregion 2,h2 in

let b = new h2 7 in

new h1 (read a + read b) in

… c …

1 a : 1

letregion 1,h1 in

let a = new h1 1 in

let b = new h2 7 in

… c … input allocated in first region

1 a : 1

letregion 1,h1 in

let a = new h1 1 in

let b = new h2 7 in

… c … input allocated in first region

1 a : 1

2 b : 7letregion 1,h1 in

let a = new h1 1 in

let b = new h2 7 in

… c …

temporary allocated in second region

inputallocated in first region

b : 7letregion 1,h1 in

let a = new h1 1 in

let b = new h2 7 in

… c …

input and outputallocated in first region

1 a : 1

input and outputallocated in first region

letregion 1,h1 in

let a = new h1 1 in

let b = new h2 7 in

… c …

Type-and-Effect System

Track the set of regions accessed by a computation:

` e : ,

Function types include a latent effect:

The role of is to tell us when it is not safe to deallocate a region

Typing rule for letregion is subtle:

,h:hnd ` e : , ∉ frv(,) ` letregion ,h in e : , \ {}

Typing rule for letregion is subtle:

,h:hnd ` e : , ∉ frv(,) ` letregion ,h in e : , \ {}

Typing rule for effect weakening:

` e : , µ ’

` e : , ’

Effects are pervasive in typing rules:

` e1 : int, 1 ` e2 : int, 2

` e1 + e2 : int, 1 [ 2

` eh : hnd , h ` e : ,

` new eh e : ref , h [ [ {}

Type-and-effects system ensures safety

Type-and-effects system ensures safety But adds complications:

– Typing rule for letregion is subtle(due to the interplay of dangling pointers and effects)

– Effect weakening and region subtyping– Effects correspond to sets of regions

(term equality no longer suffices for type checking)

Monadic Type Systems

Monadic encapsulation of effects [L-PJ 94]– Embed imperative features in pure languages

ST s STRef s Operations

returnST :: 8s,. ! ST s thenST :: 8s,, ST s ! ( ! ST s !ST s newSTRef :: 8s,. ! ST s (STRef s )

readSTRef :: 8s,. STRef s ! ST s writeSTRef :: 8s,. STRef s ! ! ST s 1

runST :: 8. (8s. ST s ) !

Polymorphism over store index type ensures that the computation (and the result) are independent of the initial (and final) store

Monadic encapsulation of effects [L-PJ 94]– Embed imperative features in pure languages– Polymorphic type system ensures safety

Well understood meta-theory Simplicity of System F type system

FRGN = System F + RGN monad

System F

Monadic sub-language

RGN monad: Types

Monadic types

RGN monad: Types

Monadic types

RGN –

computations in stack of regions returning values of type ;a “stack” transformer

RGN monad: Types

Monadic types

Hnd –

handles for the region

at the top of the stack of regions

RGN monad: Types

Monadic types

Ref –

values of type allocated in region

at the top of the stack of regions

RGN monad: Operations

Monadic unit and bind

returnRGN ::

8,. ! RGN

thenRGN ::

8,,. RGN ! ( ! RGN ) ! RGN

returnRGN ::

8,. ! RGN

thenRGN ::

8,,. RGN ! ( ! RGN ) ! RGN

returnRGN ::

8,. ! RGN

thenRGN ::

8,,. RGN ! ( ! RGN ) ! RGN

Create and read region allocated values

new ::

8,. Hnd ! ! RGN (Ref )

read ::

8,. Ref ! RGN

Create and read region allocated values

new ::

8,. Hnd ! ! RGN (Ref )

read ::

8,. Ref ! RGN

RGN monad: Encapsulation

Encapsulate and run a monadic computation

runRGN ::

8. (8. RGN ) !

runRGN ::

8. (8. RGN ) !

runRGN ::

8. (8. RGN ) !

“for all stacks” ) no assumptions about

stack of regions

runRGN ::

8. (8. RGN ) !

stack of regions

runRGN ::

8. (8. RGN ) !

result is independent of stack ) 62 frv() )

region values don’t escape

stack of regions

RGN monad: Regions

letRGN ::

81,. (82. Hnd 2 ! RGN 2 ) ! RGN 1

RGN monad: Regions

letRGN ::

81,. (82. Hnd 2 ! RGN 2 ) ! RGN 1

result is independent of stack ) 2 62 frv(RGN 1 ) )

stack of regions

RGN monad: Regions

letRGN ::

81,. (82. Hnd 2 ! RGN 2 ) ! RGN 1

result is independent of stack ) 2 62 frv(RGN 1 ) )

stack of regions

But, want to assume that 1 · 2 (1:: == 2)

RGN monad: Witnesses

Witness type

Pf(1 · 2) –

proof that the stack of regions 1

is a substack of the stack of regions 2

RGN monad: Witnesses

Witness operations

coerceRGN ::

81,2,. Pf(1 · 2) ! RGN 1 ! RGN 2

transSub ::

81,2,3. Pf(1 · 2) ! Pf(2 · 3)

! Pf(1 · 3)

RGN monad: Regions

letRGN ::

81,. (82. Pf(1 · 2) ! Hnd 2 ! RGN 2 )! RGN 1

RGN monad: Regions

letRGN ::

81,. (82. Pf(1 · 2) ! Hnd 2 ! RGN 2 )! RGN 1

Translation: TTRC to FRGN

Type- and meaning-preserving translation from Tofte-Talpin Region Calculus to FRGN

« (ref 1 int) ! (ref 3 int) ¬ )