750 likes | 763 Views
Linear Regions Are All You Need. Matthew Fluet Cornell University Greg Morrisett & Amal Ahmed Harvard University. Memory Management. Dynamic allocation pervasive in computation. Memory Management. Dynamic allocation pervasive in computation Region-based Memory Management
E N D
Linear Regions Are All You Need Matthew Fluet Cornell University Greg Morrisett & Amal Ahmed Harvard University
Memory Management • Dynamic allocation pervasive in computation
Memory Management • Dynamic allocation pervasive in computation • Region-based Memory Management • Memory is divided into regions • Objects are individually allocated in a region • constant-time operation • All objects in a region are deallocated together • constant-time operation
Application: Cyclone • Cyclone Safe-C Project • type-safety • with the “virtues” of C • low-level interface with manifest cost model • range of memory management options • regions are an organizing principle
Application: Cyclone • MediaNET • TCP benchmark (packet forwarding) • Cyclone v.0.1 (lexical regions & garbage collector) • High water mark: 840 KB • 130 collections • Basic throughput: 50 MB/s • Cyclone v.0.5 (unique pointers & dynamic regions) • High water mark: 8 KB • 0 collections • Basic throughput: 74MB/s
Application: Cyclone • MediaNET • TCP benchmark (packet forwarding) • Cyclone v.0.1 (lexical regions & garbage collector) • High water mark: 840 KB • 130 collections • Basic throughput: 50 MB/s • Cyclone v.0.5 (unique pointers & dynamic regions) • High water mark: 8 KB • 0 collections • Basic throughput: 74MB/s
Cyclone: Regions Proving type safety of Cyclone is a nightmare!!
Cyclone: Regions Goal: simple model where we can easily encode the key features of Cyclone in a target language witha simpler type system.
Cyclone: Regions Linear RegionsAre All You Need
Outline • Introduction • Monadic Type System (FRGN) [ICFP’04] • Substructural Type System (lrgnUL) • Translation Sketch • Conclusion
Monadic Type System for Regions [ICFP’04] • Extend the runST “trick” to nested regions [L-PJ ’94] • Polymorphic type system ensures safety • Key insights (FRGN): • Effects map to an indexed monadic type • Region subtyping witnessed by types • Sufficient for encoding Tofte-Talpin region calculusand “core” Cyclone region features
RGN monad: Types • Monadic type RGNst computations in stack of regions s returning values of type t; a “stack” transformer
RGN monad: Operations • Monadic unit and bind returnRGN :: 8s,a. a!RGNsa thenRGN :: 8s,a,b. RGNsa! (a!RGNsb) !RGNsb
RGN monad: Operations • Monadic unit and bind returnRGN :: 8s,a. a!RGNsa thenRGN :: 8s,a,b. RGNsa! (a!RGNsb) !RGNsb
RGN monad: Operations • Monadic unit and bind returnRGN :: 8s,a. a!RGNsa thenRGN :: 8s,a,b. RGNsa! (a!RGNsb) !RGNsb
RGN monad: Types • Reference type Refst values of type t allocated in region at the top of the stack of regions s
RGN monad: Operations • Create and read region allocated values new :: 8s,a. a!RGNs (Refsa) read :: 8s,a. Refsa!RGNsa
RGN monad: Operations • Create and read region allocated values new :: 8s,a. a!RGNs (Refsa) read :: 8s,a. Refsa!RGNsa
RGN monad: Encapsulation • Encapsulate and run a monadic computation runRGN :: 8a. (8s. RGNsa) !a
RGN monad: Encapsulation • Encapsulate and run a monadic computation runRGN :: 8a. (8s. RGNsa) !a
RGN monad: Encapsulation • Encapsulate and run a monadic computation runRGN :: 8a. (8s. RGNsa) !a “for all stacks” )no assumptions about stack of regions
RGN monad: Encapsulation • Encapsulate and run a monadic computation runRGN :: 8a. (8s. RGNsa) !a “for all stacks” )no assumptions about stack of regions
RGN monad: Encapsulation • Encapsulate and run a monadic computation runRGN :: 8a. (8s. RGNsa) !a result is independent of stack )s62 frv(a) )region values don’t escape “for all stacks” )no assumptions about stack of regions
RGN monad: Example runRGN ( Ls1. do a Ãnew [s1] 1 c ÃrunRGN ( Ls2. do b Ãnew [s2] 7 … z = … new [s1] z ) … c … ) r1
RGN monad: Example runRGN ( Ls1. do a Ãnew [s1] 1 c ÃrunRGN ( Ls2. do b Ãnew [s2] 7 … z = … new [s1] z ) … c … ) r1 a : 1 inputallocated in first region
RGN monad: Example runRGN ( Ls1. do a Ãnew [s1] 1 c ÃrunRGN ( Ls2. do b Ãnew [s2] 7 … z = … new [s1] z ) … c … ) r2 r1 a : 1 input allocated in first region
RGN monad: Example temporary allocated in second region runRGN ( Ls1. do a Ãnew [s1] 1 c ÃrunRGN ( Ls2. do b Ãnew [s2] 7 … z = … new [s1] z ) … c … ) r2 b : 7 r1 a : 1 inputallocated in first region
RGN monad: Example temporary allocated in second region runRGN ( Ls1. do a Ãnew [s1] 1 c ÃrunRGN ( Ls2. do b Ãnew [s2] 7 … z = … new [s1] z ) … c … ) r2 b : 7 r1 a : 1 input and outputallocated in first region c : 8
RGN monad: Example temporary allocated in second region runRGN ( Ls1. do a Ãnew [s1] 1 c ÃrunRGN ( Ls2. do b Ãnew [s2] 7 … z = … new [s1] z ) … c … ) r1 a : 1 input and outputallocated in first region c : 8
RGN monad: Example runRGN ( Ls1. do a Ãnew [s1] 1 c ÃrunRGN ( Ls2. do b Ãnew [s2] 7 … z = … new [s1] z ) … c … ) allocating in younger region requires RGNs2t type allocating in older region requires RGNs1t type
RGN monad: Witnesses • Witness type Pf(s1·s2) – type-level proof that the stack of regions s1 is a substack of the stack of regions s2
RGN monad: Witnesses • Witness operations coerceRGN :: 8s1,s2,a. Pf(s1·s2) !RGNs1a!RGNs2a transSub :: 8s1,s2,s3. Pf(s1·s2) !Pf(s2·s3) ! Pf(s1·s3)
RGN monad: Regions • Regions are created and destroyedwith a lexically scoped construct letRGN :: 8s1,a. (8s2. Pf(s1·s2) !RGNs2a) !RGNs1a
RGN monad: Regions • Regions are created and destroyedwith a lexically scoped construct letRGN :: 8s1,a. (8s2. Pf(s1·s2) !RGNs2a) !RGNs1a
RGN monad: Example letRGN ( Ls1. lpf1. do a Ãnew [s1] 1 c ÃletRGN ( Ls2. lpf2. do b Ãnew [s2] 7 … z = … coerceRgn pf (new [s1] z )) … c … ) r2 b : 7 r1 a : 1 c : 8
Limitations of LIFO Regions • Lexical scope is ill-suited for • iterative computations • Conway’s Game of Life; copying GC • CPS-based computations • event-based computations
Limitations of LIFO Regions • Lexical scope is ill-suited for • iterative computations • Conway’s Game of Life; copying GC • CPS-based computations • event-based computations • But, lexical scope was ensuring that the stack of regions was used in a single-threaded manner
Substructural Type Systems • Provide core mechanisms to restrict the number and order of uses of data and operations • generalization of linear type systems
Substructural Type System: lUL • Qualifiers q ::= UjL • PreTypes t::= 1jt1£t2jt1!t2 j8a.tj9a.t • Types t::= qt
Substructural Type System: lUL • Qualifiers q ::= UjL • PreTypes t::= 1jt1£t2jt1!t2 j8a.tj9a.t • Types t::= qt How maythe value be used?
Substructural Type System: lUL • Qualifiers q ::= UjL • PreTypes t::= 1jt1£t2jt1!t2 j8a.tj9a.t • Types t::= qt How often maythe value be used? How maythe value be used?
Substructural Qualifiers Linear must be “used” exactly once Unrestricted DropCopy may be “used” an arbitrary # of times
Substructural Type System for Regions • Provide core mechanisms to restrict the number and order of uses of data and operations • generalization of linear type systems • Key insights (lrgnUL): • Separate region names from region liveness • Region liveness witnessed by types • Sufficient for encoding FRGN calculusand “advanced” Cyclone region features
lrgnUL = lUL + Regions • PreTypes t::= … jcaprjrefrtj8r.tj9r.t “capability” for region r;mediates all access to a regionfor allocating, reading, and writing
lrgnUL: Region Primitives • Regions are created and destroyedwith separate operations newrgn :: U1 ! (9r. Lcapr) freergn :: 8r. (Lcapr!U1)
lrgnUL: Region Primitives • Regions are created and destroyedwith separate operations newrgn :: U1 ! (9r. Lcapr) freergn :: 8r. (Lcapr!U1) Produces a capability. Consumes a capability.
lrgnUL: Region Primitives • Regions are created and destroyedwith separate operations newrgn :: U1! (9r. Lcapr) freergn :: 8r. (Lcapr!U1)
lrgnUL: Region Primitives new :: 8r,a. ((Lcapr£Ua) !(Lcapr£Urefr Ua)) read :: 8r,a. ((Lcapr£Urefr Ua) ! (Lcapr£Ua))
lrgnUL: Region Primitives new :: 8r,a. ((Lcapr£Ua) !(Lcapr£Urefr Ua)) read :: 8r,a. ((Lcapr£Urefr Ua) ! (Lcapr£Ua)) Requires a capability. Returns a capability.