Presentation is loading. Please wait.

Presentation is loading. Please wait.

Feudal C Automatic memory management with zero runtime overhead CS263 - Spring 1999 Scott McPeak Dan Bonachea Carol Hurwitz C.

Published byGabriel Atkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Feudal C Automatic memory management with zero runtime overhead CS263 - Spring 1999 Scott McPeak Dan Bonachea Carol Hurwitz C."— Presentation transcript:

1 Feudal C Automatic memory management with zero runtime overhead CS263 - Spring 1999 Scott McPeak Dan Bonachea Carol Hurwitz C

2 Outline Introduction - Ownership and the Owner Tree Goals of Feudal C Syntax, Type Rules, and Operational Semantics Examples Memory Safety Theorem and Proof Outline

3 The Basic Idea Designate some pointers as "owners" –Obligation to delete the pointed-at object: no memory leaks The rest of the pointers are "serfs" –No deletion obligation (or capability) –Must stop pointing at an object before it is deleted: no dangling pointers Use the type system –Enforce the distinction (type soundness) –Enforce properties of both kinds

4 Ownership and the Owner Tree Globals main() foo() bar() bigArray ABC localObj dl1dl2dl3dl4 owner serf

5 Flavors Owners: Serfs: This project: –Prove memory safety of restricted versions No leaks No dangling references –Simplify language exclusiverestricted normal efficientflexible restricted static dynamicfull RC efficientflexible

6 Goals of Feudal C Provide memory safety (no leaks, no dangling references) through static typing Promote clear design practices Enable passing memory out of a function Still have a language that’s useful

7 Language Syntax Types TypeAux ::= int | t owner * t  TypeAux Type::= t | t serf * t  TypeAux Typical Imperative Commands & Expressions –if-then-else– Assignment (copy & transfer) –while – Arithmetic & Boolean Expressions (no side effects) –new / delete– Function call & return Rules of Thumb (enforced by typing) –No serf pointers stored in the heap or returned from functions –No owner pointers as parameters to functions –Dereferencing serf pointers gets only serf pointers Limitations: –No Arrays – No “Legacy” Pointers –No Records – No Function types or pointers –No address-of operator– No Recursive Types (*)

8 Small Example int owner* owner* allocSmallList(int val) { int owner* x; // variable declarations int owner* owner* y; x := new int; // allocate an integer on the heap *x = val; // store val there y := new int owner*; // create a pointer on the heap *y := x; // this nullifies x return y; // safely returns allocated space! }

9 Partial Typing Rules  |- v 1 :  owner *  |- v 2 :  owner *  |- F v 1 := v 2 Transfer Assign Command  |- v :  owner * serf *  |- *v :  serf * Serf Pointer Dereference  |- e : int  |- F c 1  |- F c 2  |- F if e then c 1 else c 2 Conditional Command  |- x :  serf *  |- e :  owner *  |- F x = e Copy Assign Command  |- x :  owner *  |- e :  serf *  |- F x = e Note: This rule does not exist!  f ( x 1 :  1,..., x n :  n ) x n+1 :  n+1,..., x m :  m c ; rc  F  = x 1 :  1,..., x m :  m  |- F c  |- rc :     ´ serf *  1  i  n.  i   i ´ owner * |- F f Function Definition

10 Partial Operational Semantics  n (x) = 0 ( hr newaddr )  dom( H )   1,...,  n | H | x := new ; c     1,...,  n [ ( ohr newaddr ) / x ] | H  { ( ( hr newaddr ), 0 ) } | c  Allocation Command f ( x 1,..., x m ) x m+1,..., x p c body  F op  1  i  m. eval( e i,  n, H )  v i  m+1  i  p. v i = 0   1,...,  n | H | x = f ( e 1,..., e m ) ; c     1,...,  n, Frame ( { (x 1, v 1 )..., (x p, v p ) }, c, x ) | H | c body  Function Call Command  y  dom(  n ). y  x   n (y)  (ohr z) val =  n (x)   1,...,  n-1,  n | H | return x     1,...,  n-1 [ val /  n.var ] | H |  n.cmd  Function Return Command Values =   (ohr  )  (shr  )0 or 4 or (ohr 37) or (shr 5) VarValueMap = P(Loc  Values)VVM = { (x, 5), (y, (shr 17)), (z, (ohr 17))} Frame = VarValueMap  Command  Loc  n = Frame(VVM, c, x) Heap = P ((hr  )  Values)H = { ((hr 16), 2), ((hr 30), (ohr 17)) } States = Frame list  Heap  CommandS =   1,...,  n | H | c  Framework

11 Memory Safety Roadmap

12 Single Owner, No Cycles Lemma Lemma 1: For every allocated element, there is exactly one owner pointing to it from the heap or from the stack, and there exist no cycles.  ( hr n)  dom(H). |owners((hr n))| = 1 and (hr n)  TC ((hr n)) Initial State: Since the heap is empty the lemma is vacuously true for the base case

13 Single Owner, No Cycles Lemma y  dom(  n )  n (y) = (ohr objaddr) eval( v,  n, H )  (ohr targetaddr) H((hr targetaddr)) = 0 (hr targetaddr)  TC( H, (hr objaddr) )   1,...,  n | H | *v := y ; c     1,...,  n [ 0 / y ] | H [ (ohr objaddr) / (hr targetaddr) ] | c  Transfer Assign Command

14 No Memory Leaks Defn: A memory leak is allocated memory which is not reachable from the stack, i.e., is not in the transitive closure of anything on the stack. –Theorem: Feudal C is safe with respect to memory leaks. Initial state: –The heap is empty when the program begins, so they is no allocated memory, and hence no memory leaks.

15 No Dangling References  n (x) = (ohr addr)  y  dom(  n ). y  x   n (y) = (shr z)  (hr z)  TC(H, (hr addr))   1,...,  n | H | delete ( x ) ; c     1,...,  n [ 0 / x ] | del ( H, (ohr addr) ) | c  DeAllocation Command

16 Conclusion Feudal C is memory safe The type system is a good place to put memory allocation information!

Download ppt "Feudal C Automatic memory management with zero runtime overhead CS263 - Spring 1999 Scott McPeak Dan Bonachea Carol Hurwitz C."

Similar presentations

Intermediate Code Generation

Intermediate Code Generation
Chapter 6 Data Types. 2 3 4 5 6 7 8 9 10.

Chapter 6 Data Types
Programming Languages and Paradigms

Programming Languages and Paradigms
ITEC 320 Lecture 11 Pointers(1). Pointers Review Packages –Generic –Child Homework 3 is posted.

ITEC 320 Lecture 11 Pointers(1). Pointers Review Packages –Generic –Child Homework 3 is posted.
CPS3340 COMPUTER ARCHITECTURE Fall Semester, 2013 10/17/2013 Lecture 12: Procedures Instructor: Ashraf Yaseen DEPARTMENT OF MATH & COMPUTER SCIENCE CENTRAL.

CPS3340 COMPUTER ARCHITECTURE Fall Semester, /17/2013 Lecture 12: Procedures Instructor: Ashraf Yaseen DEPARTMENT OF MATH & COMPUTER SCIENCE CENTRAL.
Lecture 10: Heap Management CS 540 GMU Spring 2009.

Lecture 10: Heap Management CS 540 GMU Spring 2009.
Prof. Necula CS 164 Lecture 141 Run-time Environments Lecture 8.

Prof. Necula CS 164 Lecture 141 Run-time Environments Lecture 8.
Pointer applications. Arrays and pointers Name of an array is a pointer constant to the first element whose value cannot be changed Address and name refer.

Pointer applications. Arrays and pointers Name of an array is a pointer constant to the first element whose value cannot be changed Address and name refer.
CS 326 Programming Languages, Concepts and Implementation Instructor: Mircea Nicolescu Lecture 18.

CS 326 Programming Languages, Concepts and Implementation Instructor: Mircea Nicolescu Lecture 18.
Engineering Problem Solving With C++ An Object Based Approach Chapter 9 Pointers and Creating Data Structures.

Engineering Problem Solving With C++ An Object Based Approach Chapter 9 Pointers and Creating Data Structures.
ECE 353: Lab C Pointers and Structs. Basics A pointer holds an address to some variable Notation: – Dereferencing operator: * int *x is a declaration.

ECE 353: Lab C Pointers and Structs. Basics A pointer holds an address to some variable Notation: – Dereferencing operator: * int *x is a declaration.
Introduction The Approach ’ s Overview A Language of Pointers The Type System Operational Semantics Type Safety Type Inference The Rest of C Experiments.

Introduction The Approach ’ s Overview A Language of Pointers The Type System Operational Semantics Type Safety Type Inference The Rest of C Experiments.
CSE 2501 Review Declaring a variable allocates space for the type of datum it is to store int x; // allocates space for an int int *px; // allocates space.

CSE 2501 Review Declaring a variable allocates space for the type of datum it is to store int x; // allocates space for an int int *px; // allocates space.
CS 536 Spring 20011 Run-time organization Lecture 19.

CS 536 Spring Run-time organization Lecture 19.
Run-Time Storage Organization

Run-Time Storage Organization
The environment of the computation Declarations introduce names that denote entities. At execution-time, entities are bound to values or to locations:

The environment of the computation Declarations introduce names that denote entities. At execution-time, entities are bound to values or to locations:
Memory and C++ Pointers.  C++ objects and memory  C++ primitive types and memory  Note: “primitive types” = int, long, float, double, char, … January.

Memory and C++ Pointers.  C++ objects and memory  C++ primitive types and memory  Note: “primitive types” = int, long, float, double, char, … January.
Run-time Environment and Program Organization

Run-time Environment and Program Organization
1 Pointers, Dynamic Data, and Reference Types Review on Pointers Reference Variables Dynamic Memory Allocation –The new operator –The delete operator –Dynamic.

1 Pointers, Dynamic Data, and Reference Types Review on Pointers Reference Variables Dynamic Memory Allocation –The new operator –The delete operator –Dynamic.
Pointers Applications

Pointers Applications

Similar presentations

Ads by Google