Experience with Safe Memory Management in Cyclone Michael Hicks University of Maryland, College Park Joint work with Greg Morrisett - Harvard Dan Grossman.

Slides:



Advertisements
Similar presentations
Garbage Collection in the Next C++ Standard Hans-J. Boehm, Mike Spertus, Symantec.
Advertisements

Dynamic Memory Management
The Interface Definition Language for Fail-Safe C Kohei Suenaga, Yutaka Oiwa, Eijiro Sumii, Akinori Yonezawa University of Tokyko.
CMSC 330: Organization of Programming Languages Memory and Garbage Collection.
Lecture 10: Heap Management CS 540 GMU Spring 2009.
Garbage Collection What is garbage and how can we deal with it?
CMSC 330: Organization of Programming Languages Memory and Garbage Collection.
Implementation and Evaluation of a Safe Runtime in Cyclone Matthew Fluet Cornell University Daniel Wang Princeton University.
Hastings Purify: Fast Detection of Memory Leaks and Access Errors.
SAFECode Memory Safety Without Runtime Checks or Garbage Collection By Dinakar Dhurjati Joint work with Sumant Kowshik, Vikram Adve and Chris Lattner University.
CS 326 Programming Languages, Concepts and Implementation Instructor: Mircea Nicolescu Lecture 18.
CPSC 388 – Compiler Design and Construction
Chapter 8 Runtime Support. How program structures are implemented in a computer memory? The evolution of programming language design has led to the creation.
Checking and Inferring Local Non-Aliasing Alex AikenJeffrey S. Foster UC BerkeleyUMD College Park John KodumalTachio Terauchi UC Berkeley.
Summer School on Language-Based Techniques for Integrating with the External World Types for Safe C-Level Programming Part 3: Basic Cyclone-Style Region-
Memory Allocation. Three kinds of memory Fixed memory Stack memory Heap memory.
CS 536 Spring Run-time organization Lecture 19.
OOP in Java Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
3/17/2008Prof. Hilfinger CS 164 Lecture 231 Run-time organization Lecture 23.
1 Names, Scopes and Bindings. 2 Names Kinds of names Kinds of names Variables, functions, classes, types, labels, blocks, operators, tasks, etc. Variables,
Typed Memory Management in a Calculus of Capabilities David Walker (with Karl Crary and Greg Morrisett)
CS510 Advanced OS Seminar Class 10 A Methodology for Implementing Highly Concurrent Data Objects by Maurice Herlihy.
JVM-1 Introduction to Java Virtual Machine. JVM-2 Outline Java Language, Java Virtual Machine and Java Platform Organization of Java Virtual Machine Garbage.
Compile-Time Deallocation of Individual Objects Sigmund Cherem and Radu Rugina International Symposium on Memory Management June, 2006.
Region-Based Memory Management in Cyclone Dan Grossman Cornell University June 2002 Joint work with: Greg Morrisett, Trevor Jim (AT&T), Michael Hicks,
C and Data Structures Baojian Hua
Run-time Environment and Program Organization
Advanced Type Systems for Low-Level Languages Greg Morrisett Cornell University.
Memory Layout C and Data Structures Baojian Hua
1 Software Testing and Quality Assurance Lecture 31 – SWE 205 Course Objective: Basics of Programming Languages & Software Construction Techniques.
Programming Languages and Paradigms Object-Oriented Programming.
COP4020 Programming Languages
CS 403: Programming Languages Lecture 2 Fall 2003 Department of Computer Science University of Alabama Joel Jones.
Lecture 10 : Introduction to Java Virtual Machine
1 Names, Scopes and Bindings Aaron Bloomfield CS 415 Fall
Chapter 3.5 Memory and I/O Systems. 2 Memory Management Memory problems are one of the leading causes of bugs in programs (60-80%) MUCH worse in languages.
Implications of Inheritance COMP204, Bernhard Pfahringer.
C++ Memory Overview 4 major memory segments Key differences from Java
Cyclone Memory Management Greg Morrisett Cornell University & Microsoft Research.
Implementation and Evaluation of a Safe Runtime in Cyclone Matthew Fluet Cornell University Greg Morrisett Harvard University Daniel Wang Princeton University.
COMP3190: Principle of Programming Languages
11/26/2015IT 3271 Memory Management (Ch 14) n Dynamic memory allocation Language systems provide an important hidden player: Runtime memory manager – Activation.
Combining Garbage Collection and Safe Manual Memory Management Michael Hicks University of Maryland, College Park Joint work with Greg Morrisett - Harvard,
CSE 425: Control Abstraction I Functions vs. Procedures It is useful to differentiate functions vs. procedures –Procedures have side effects but usually.
Lecture 10 Concepts of Programming Languages Arne Kutzner Hanyang University / Seoul Korea.
Object-Oriented Programming Chapter Chapter
Programming Languages and Design Lecture 6 Names, Scopes and Binding Instructor: Li Ma Department of Computer Science Texas Southern University, Houston.
Object Oriented Software Development 4. C# data types, objects and references.
1 Lecture07: Memory Model 5/2/2012 Slides modified from Yin Lou, Cornell CS2022: Introduction to C.
Consider Starting with 160 k of memory do: Starting with 160 k of memory do: Allocate p1 (50 k) Allocate p1 (50 k) Allocate p2 (30 k) Allocate p2 (30 k)
LECTURE 13 Names, Scopes, and Bindings: Memory Management Schemes.
Records type city is record -- Ada Name: String (1..10); Country : String (1..20); Population: integer; Capital : Boolean; end record; struct city { --
Memory Management What if pgm mem > main mem ?. Memory Management What if pgm mem > main mem ? Overlays – program controlled.
Automatic Memory Management Without Run-time Overhead Brian Brooks.
C11, Implications of Inheritance
Object Lifetime and Pointers
Overview 4 major memory segments Key differences from Java stack
Seminar in automatic tools for analyzing programs with dynamic memory
Storage.
Overview 4 major memory segments Key differences from Java stack
Programming with Regions
Dan Grossman University of Washington 26 July 2007
Memory Allocation CS 217.
Closure Representations in Higher-Order Programming Languages
Cyclone: A safe dialect of C
Implementation and Evaluation of a Safe Runtime in Cyclone
CS703 - Advanced Operating Systems
Lecture 10 Concepts of Programming Languages
Implementation and Evaluation of a Safe Runtime in Cyclone
Gradual Memory Management
Presentation transcript:

Experience with Safe Memory Management in Cyclone Michael Hicks University of Maryland, College Park Joint work with Greg Morrisett - Harvard Dan Grossman - UW Trevor Jim - AT&T

Cyclone Derived from C, having similar goals –Exposes low-level data representations, provides fine-grained operations But safe –Restrictions to C (e.g., (int *)1 not allowed) –Additions and types to regain flexibility Today: balancing safety and flexibility when managing memory

Goal: Programmer Control Many memory management choices –Garbage collection –Stack allocation –malloc/free –Reference counting (Linux, COM) –Arenas (bulk free) (Apache, LCC) Depends on the application

Unifying Theme: Region types Conceptually divide memory into regions –Different kinds of regions (e.g., not just bulk-free) Associate every pointer with a region Prevent dereferencing pointers into dead regions int *`r x; // x points into region `r *x = 3; // deref allowed if `r is live (inference often obviates annotations `r) Liveness by type & effects system (Tofte&Talpin)

Outline Motivation and basic approach Regions description –Basics: LIFO arenas, stack and heap regions –Unique and reference-counted pointers –Dynamic arenas Programming experience Experimental measurements Conclusions

LIFO Arenas Dynamic allocation mechanism Lifetime of entire arena is scoped –At conclusion of scope, all data allocated in the arena is freed.

LIFO Arena Example FILE *infile = … Image *i; if (tag(infile) == HUFFMAN) { region h; // region `r created struct hnode *`r huff_tree; huff_tree = read_tree(h,infile); // allocates with h i = decode_image(infile,huff_tree,…); // region `r deallocated upon exit of scope } else …

Stack and Heap Regions Stack regions –Degenerate case of LIFO arena which does not allow dynamic allocation –Essentially activation records Heap region –A global region `H that is always live –Like a LIFO arena that never dies; objects reclaimed by a garbage collector

Scoped Regions Summary See PLDI `02 paper for more details Region Variety Allocation (objects) Deallocation (what) (when) Aliasing (objects) Stackstaticwhole region exit of scope free LIFO Arenadynamic Heapsingle objects GC

Benefits No runtime access checks Arena/stacks –costs are constant-time region allocation region deallocation object creation –useful for Temporary data (e.g., local variables) Callee-allocates data (rprintf) Lots of C-style code

Limitations Lack of control over memory usage –Spurious retention of regions and their objects –Fragmentation –Extra space required by the garbage collector Lack of control over CPU usage –Garbage collection is “one-size-fits-all” Hard to tune –Cannot avoid GC in some cases: LIFO arenas not expressive enough E.g., objects with overlapping lifetimes

Overcoming the Limitations Allow greater control over lifetimes –Object lifetimes Unique pointers and reference-counted pointers –Arena lifetimes Dynamic arenas But not for nothing... –Restrictions on aliasing –Possibility of memory leaks

Unique Region Distinguished region name `U Individual objects can be freed manually An intraprocedural, flow-sensitive analysis –ensures that a unique pointer is not used after it is consumed (i.e. freed) –treats copies as destructive; i.e. only one usable copy of a pointer to the same memory –Loosely based on affine type systems

Unique Pointer Example void foo() { int *`U x = malloc(sizeof(int)); int *`U y = x; // consumes x *x = 5; // disallowed free(y); // consumes y *y = 7;// disallowed }

Temporary Aliasing Problem: Non-aliasing too restrictive Partial solution: Allow temporary, lexically- scoped aliasing under acceptable conditions –Makes unique pointers easier to use –Increases code reuse

Alias construct extern void f(int *`r x); // `r any scoped region void foo() { int *`U x = malloc(sizeof(int)); *x = 3; { alias int *`r y = x; // `r fresh f(y); // y aliasable, but x consumed } // x unconsumed free(x); }

Alias inference extern void f(int *`r x); // `r any scoped region void foo() { int *`U x = malloc(sizeof(int)); *x = 3; f(x); // alias inserted here automatically free(x); }

Reference-counted Pointers Distinguished region `RC Objects allocated in `RC have hidden reference-count field Aliasing tracked as with unique pointers. Explicit aliasing/freeing via `a *`RC alias_refptr(`a *`RC); void drop_refptr(`a *`RC);

Reference-counting Example struct conn * `RC cmd_pasv(struct conn * `RC c) { struct ftran * `RC f; int sock = socket(...); f = alloc_new_ftran(sock,alias_refptr(c)); c->transfer = alias_refptr(f); listen(f->sock, 1); f->state = 1; drop_refptr(f); return c; }

Regions Summary Region Variety Allocation (objects) Deallocation (what) (when) Aliasing (objects) Stackstaticwhole region exit of scope free LIFOdynamic Dynamicmanual Heapsingle objects GC Uniquemanual restricted Refcounted

Ensuring Uniformity and Reuse Many different idioms could be hard to use –Duplicated library functions –Hard-to-change application code We have solved this problem by –Using region types as a unifying theme –Region polymorphism with kinds E.g., functions independent of arguments’ regions –All regions can be treated as if lexical Temporarily, under correct circumstances Using alias and open constructs

Boa web server BetaFTPDftp server Epic image compression Kiss-FFTportable fourier transform MediaNetstreaming overlay network CycWebweb server CycSchemescheme interpreter Programming Experience

Application Characteristics

MediaNet Datastructures

Platform –Dual 1.6 GHz AMD Athlon MP GB RAM Switched Myrinet –Linux (RedHat) Software –C code: gcc –Cyclone code: cyclone 0.8 –GC: BDW conservative collector 6.2  4 –malloc/free: Lea allocator Experimental Measurements

CPU time –Most applications do not benefit from switching from BDW GC to manual approach –MediaNet is the exception Memory usage –Can reduce memory footprint and working set size by 2 to 10 times by using manual techniques Bottom Line

Throughput: Webservers

Throughput: MediaNet

Memory Usage: Web (I)

Memory Usage: Web (II)

Memory Usage: Web (III)

Memory Usage: MediaNet (4 KB packets)

Related Work Regions –ML-Kit (foundation for Cyclone’s type system) –RC –Reaps –Walker/Watkins Uniqueness –Wadler, Walker/Watkins, Clean –Alias types, Calculus of Capabilities, Vault –Destructive reads (e.g., Boyland)

Future Work Tracked pointers sometimes painful; want –Better inference (e.g. for alias) –Richer API (restrict; autorelease) Prevent leaks –unique and reference-counted pointers Specified aliasing –for doubly-linked lists, etc. Concurrency

Conclusions High degree of control, safely: Sound mechanisms for programmer- controlled memory management –Region-based vs. object-based deallocation –Manual vs. automatic reclamation Region-annotated pointers within a simple framework –Scoped regions unifying theme (alias,open) –Region polymorphism, for code reuse

More Information Cyclone homepage – Has papers, benchmarks from this paper, and free distribution –Read about it, write some code!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.