Combining Garbage Collection and Safe Manual Memory
Management
Michael HicksUniversity of Maryland, College Park
Joint work with
Greg Morrisett - Harvard,
Dan Grossman - Uwash, and
Trevor Jim - AT&T
Cyclone
• Derived from C, having similar goals– Exposes low-level data representations,
provides fine-grained operations
• But memory safe– Restrictions to C (e.g., (int *)1 not allowed)– Additions and types to regain flexibility
Goal: Programmer Control
• Many reasonable MM choices– Garbage collection– Stack allocation
– malloc/free– Reference counting
• Linux, COM
– Arenas (individual allocation, bulk free)• Apache, LCC
• Depends on the application
Unifying Theme: Region types
• Conceptually divide memory into regions– Different kinds of regions (e.g., not just bulk-free)
• Associate every pointer with a region
• Prevent dereferencing pointers into dead regions
int *`r x; // x points into region `r *x = 3; // deref allowed if `r is live
(inference often obviates annotations `r)
Regions Summary (PLDI 02)
Region Variety
Allocation
(objects)
Deallocation
(what) (when)
Aliasing
(objects)
Stack static whole region
exit of scope
free
Lexical dynamic
Heap single objects
GC
Regions Summary (now)
Region Variety
Allocation
(objects)
Deallocation
(what) (when)
Aliasing
(objects)
Stack static whole region
exit of scope
free
Lexical dynamic
Dynamic manual
Heap single objects
GC
Unique manual
restricted
Refcounted
Enabled by Linearity (Affinity)
• Pointers whose state is carefully tracked• To simplify programming:
– Polymorphism– Temporary aliasing– Atomic swap (e.g., destructive reads)
• Main ideas close to Walker & Watkins• Key contribution: extension and integration
into realistic low-level language
Programming Experience
• Optimize for memory use– Important for embedded systems, OSs
• Optimize for speed– Servers, OSs, etc.
• Applications– Event-based webserver (only unique pointers)– MediaNet: Streaming data overlay network
• All six region varieties; packet data is unique or reference-counted
Memory Usage: webserver
MediaNet: gc (4 KB packets)
MediaNet: gc+free (4 KB packets)
MediaNet: throughput
Future Work
• Further generalization– Type-safe Reaps (Berger et al.)
• More programming experience• Better inference (e.g. for alias)• Formal model• …
Conclusions
• High degree of control, safely:
• Sound mechanisms for programmer-controlled memory management– Region-based vs. object-based deallocation– Manual vs. automatic reclamation
• Region-annotated pointers within a simple framework– Lexical regions as unifying theme (alias,open)– Region polymorphism, for code reuse
More Information
• Cyclone homepage– http://www.cs.cornell.edu/projects/cyclone/
• Has papers and free distribution– Read about it, write some code!
Related Work (incomplete)
• Regions– ML-Kit (foundation for Cyclone’s type system)– RC– Reaps– Walker/Watkins
• Uniqueness– Wadler, Walker/Watkins, Clean– Alias types, Calculus of Capabilities, Vault– Destructive reads (e.g., Boyland)
Top Related