Combining Garbage Collection and Safe Manual Memory Management

Combining Garbage Collection and Safe Manual Memory Management Michael Hicks University of Maryland, College Park Joint work with Greg Morrisett - Harvard, Dan Grossman - Uwash, and Trevor Jim - AT&T

Cyclone • Derived from C, having similar goals – Exposes low-level data representations, provides fine-grained operations • But memory safe – Restrictions to C (e. g. , (int *)1 not allowed) – Additions and types to regain flexibility

Goal: Programmer Control • Many reasonable MM choices – Garbage collection – Stack allocation – malloc/free – Reference counting • Linux, COM – Arenas (individual allocation, bulk free) • Apache, LCC • Depends on the application

Unifying Theme: Region types • Conceptually divide memory into regions – Different kinds of regions (e. g. , not just bulk-free) • Associate every pointer with a region • Prevent dereferencing pointers into dead regions int *`r x; // x points into region `r *x = 3; // deref allowed if `r is live (inference often obviates annotations `r)

Regions Summary (PLDI 02) Region Variety Stack Lexical Heap Allocatio Deallocation Aliasing n (what) (when) (objects) static whole exit of free region scope dynamic single objects GC

Regions Summary (now) Region Variety Stack Lexical Dynamic Heap Unique Refcounted Allocatio Deallocation Aliasing n (what) (when) (objects) static whole exit of free dynamic region scope manual single GC objects manual restricted

Enabled by Linearity (Affinity) • Pointers whose state is carefully tracked • To simplify programming: – Polymorphism – Temporary aliasing – Atomic swap (e. g. , destructive reads) • Main ideas close to Walker & Watkins • Key contribution: extension and integration into realistic low-level language

Programming Experience • Optimize for memory use – Important for embedded systems, OSs • Optimize for speed – Servers, OSs, etc. • Applications – Event-based webserver (only unique pointers) – Media. Net: Streaming data overlay network • All six region varieties; packet data is unique or reference-counted

Memory Usage: webserver

Media. Net: gc (4 KB packets)

Media. Net: gc+free (4 KB packets)

Media. Net: throughput

Future Work • Further generalization – Type-safe Reaps (Berger et al. ) • • More programming experience Better inference (e. g. for alias) Formal model …

Conclusions • High degree of control, safely: • Sound mechanisms for programmercontrolled memory management – Region-based vs. object-based deallocation – Manual vs. automatic reclamation • Region-annotated pointers within a simple framework – Lexical regions as unifying theme (alias, open) – Region polymorphism, for code reuse

More Information • Cyclone homepage – http: //www. cs. cornell. edu/projects/cyclone/ • Has papers and free distribution – Read about it, write some code!

Related Work (incomplete) • Regions – ML-Kit (foundation for Cyclone’s type system) – RC – Reaps – Walker/Watkins • Uniqueness – Wadler, Walker/Watkins, Clean – Alias types, Calculus of Capabilities, Vault – Destructive reads (e. g. , Boyland)