Combining Garbage Collection and Safe Manual Memory

Management

Michael HicksUniversity of Maryland, College Park

Joint work with

Greg Morrisett - Harvard,

Dan Grossman - Uwash, and

Trevor Jim - AT&T

Cyclone

• Derived from C, having similar goals– Exposes low-level data representations,

provides fine-grained operations

• But memory safe– Restrictions to C (e.g., (int *)1 not allowed)– Additions and types to regain flexibility

Goal: Programmer Control

• Many reasonable MM choices– Garbage collection– Stack allocation

– malloc/free– Reference counting

• Linux, COM

– Arenas (individual allocation, bulk free)• Apache, LCC

• Depends on the application

Unifying Theme: Region types

• Conceptually divide memory into regions– Different kinds of regions (e.g., not just bulk-free)

• Associate every pointer with a region

• Prevent dereferencing pointers into dead regions

int *`r x; // x points into region `r *x = 3; // deref allowed if `r is live

(inference often obviates annotations `r)

Regions Summary (PLDI 02)

Region Variety

Allocation

(objects)

Deallocation

(what) (when)

Aliasing

(objects)

Stack static whole region

exit of scope

free

Lexical dynamic

Heap single objects

GC

Regions Summary (now)

Region Variety

Allocation

(objects)

Deallocation

(what) (when)

Aliasing

(objects)

Stack static whole region

exit of scope

free

Lexical dynamic

Dynamic manual

Heap single objects

GC

Unique manual

restricted

Refcounted

Enabled by Linearity (Affinity)

• Pointers whose state is carefully tracked• To simplify programming:

– Polymorphism– Temporary aliasing– Atomic swap (e.g., destructive reads)

• Main ideas close to Walker & Watkins• Key contribution: extension and integration

into realistic low-level language

Programming Experience

• Optimize for memory use– Important for embedded systems, OSs

• Optimize for speed– Servers, OSs, etc.

• Applications– Event-based webserver (only unique pointers)– MediaNet: Streaming data overlay network

• All six region varieties; packet data is unique or reference-counted

Memory Usage: webserver

MediaNet: gc (4 KB packets)

MediaNet: gc+free (4 KB packets)

MediaNet: throughput

Future Work

• Further generalization– Type-safe Reaps (Berger et al.)

• More programming experience• Better inference (e.g. for alias)• Formal model• …

Conclusions

• High degree of control, safely:

• Sound mechanisms for programmer-controlled memory management– Region-based vs. object-based deallocation– Manual vs. automatic reclamation

• Region-annotated pointers within a simple framework– Lexical regions as unifying theme (alias,open)– Region polymorphism, for code reuse

More Information

• Cyclone homepage– http://www.cs.cornell.edu/projects/cyclone/

• Has papers and free distribution– Read about it, write some code!

Related Work (incomplete)

• Regions– ML-Kit (foundation for Cyclone’s type system)– RC– Reaps– Walker/Watkins

• Uniqueness– Wadler, Walker/Watkins, Clean– Alias types, Calculus of Capabilities, Vault– Destructive reads (e.g., Boyland)