Implementation and Evaluation of a Safe Runtime in Cyclone

1
Implementation and Evaluation of a Safe Runtime
in Cyclone

• Matthew Fluet

2
Introduction

• Web-based applications
• Written in high-level, safe languages
• C, Java, Perl, PHP, Phython, Tcl
• Automatic memory management
• Application servers
• Written in unsafe languages
• Host applications via interpreters (written in C)

3
Introduction

• Long-term goal a complete web-application server
  written in a safe language
• Short-term goal a complete interpreter written
  in a safe language
• Implementing the core of an interpreter is not in
  itself a significant challenge
• Implementing the runtime system is a challenge

4
Outline

• A Scheme interpreter in Cyclone
• Why Scheme
• Key Features of Cyclone
• Core Scheme Interpreter
• Garbage Collector
• Performance Evaluation
• Conclusion

5
Why Scheme?

• Ease of implementation
• Core interpreter loop is only 500 lines
• Rely on an external Scheme front-end to expand
  the full Scheme language into a core Scheme
  subset
• Features desirable for web programming

6
Key Features of Cyclone

• Pointers
• Nullable t
• Non-null t_at_notnull
• Fat t_at_fat
• Regions
• Region names r
• Pointers tr
• Polymorphism ltrRgt

7
Cyclone Regions
Region variety Allocation (objects) Deallocation Deallocation Aliasing (objects)
Region variety Allocation (objects) (what) (when) Aliasing (objects)
Stack static whole region exit of lexical scope unrestricted
Lexical dynamic whole region exit of lexical scope unrestricted
Dynamic dynamic whole region manual unrestricted
Heap (H) dynamic single objects automatic (BDW GC) unrestricted
Unique (U) dynamic single objects manual restricted
Ref-counted (RC) dynamic single objects manual restricted
8
Cyclone Regions
Region variety Allocation (objects) Deallocation Deallocation Aliasing (objects)
Region variety Allocation (objects) (what) (when) Aliasing (objects)
Stack static whole region exit of lexical scope unrestricted
Lexical dynamic whole region exit of lexical scope unrestricted
Dynamic dynamic whole region manual unrestricted
Heap (H) dynamic single objects automatic (BDW GC) unrestricted
Unique (U) dynamic single objects manual restricted
Ref-counted (RC) dynamic single objects manual restricted
9
Cyclone Regions
Region variety Allocation (objects) Deallocation Deallocation Aliasing (objects)
Region variety Allocation (objects) (what) (when) Aliasing (objects)
Stack static whole region exit of lexical scope unrestricted
Lexical dynamic whole region exit of lexical scope unrestricted
Dynamic dynamic whole region manual unrestricted
Heap (H) dynamic single objects automatic (BDW GC) unrestricted
Unique (U) dynamic single objects manual restricted
Ref-counted (RC) dynamic single objects manual restricted
10
Cyclone Regions
Region variety Allocation (objects) Deallocation Deallocation Aliasing (objects)
Region variety Allocation (objects) (what) (when) Aliasing (objects)
Stack static whole region exit of lexical scope unrestricted
Lexical dynamic whole region exit of lexical scope unrestricted
Dynamic dynamic whole region manual unrestricted
Heap (H) dynamic single objects automatic (BDW GC) unrestricted
Unique (U) dynamic single objects manual restricted
Ref-counted (RC) dynamic single objects manual restricted
11
Cyclone Regions
Region variety Allocation (objects) Deallocation Deallocation Aliasing (objects)
Region variety Allocation (objects) (what) (when) Aliasing (objects)
Stack static whole region exit of lexical scope unrestricted
Lexical dynamic whole region exit of lexical scope unrestricted
Dynamic dynamic whole region manual unrestricted
Heap (H) dynamic single objects automatic (BDW GC) unrestricted
Unique (U) dynamic single objects manual restricted
Ref-counted (RC) dynamic single objects manual restricted
12
Cyclone Dynamic Regions

• typedef struct DRegltrgt_at_notnullU
• uregion_key_tltrRgt
• struct NewDReg ltrRgt
• uregion_key_tltrgt key
• struct NewDReg new_ukey()
• void free_ukey(uregion_key_tltrgt k)
• region r open(k)
• . . .

13
Core Scheme Interpreter

• Simplified expression language
• Variables given as deBruijn indices
• Values heap allocated data
• Small-step operational semantics
• ltH,S,?,rgt ? ltH,S,?,rgt

14
Core Scheme Interpreter Values

• struct ValueltrRgt
• typedef struct Valueltrgtr value_tltrRgt
• datatype ValueDltrgt
• Const_v(const_tltrgt K)
• Primop_v(primop_t p)
• Closure_v(unsigned int n,
• env_tltrgt rho, exp_tltrgt e)
• Vector_v(value_tltrgt_at_fatr ls)
• struct ValueltrRgt
• datatype ValueDltrgt value

15
Heap Allocated Interpreter

• void scheme(exp_tltrgt progltrgt(region_tltrgt))
• // load the program into the Cyclone heap
• exp_tltHgt e prog(heap_region)
• // load the initial environment
• env_tltHgt env initial_env(heap_region)
• // construct the initial state
• state_tltHgt state StateNULL,env,.expr
  e
• // take an unbounded number of steps
• bool done stepi(-1,heap_region,state)

16
Simple Stop-and-Copy Collector
17
GC and Regions

• Separation of From-space and To-space suggests a
  natural correspondence with Cyclones regions
• LIFO discipline of lexical regions insufficient
• Dynamic regions appear to be sufficient

18
GC in Spirit

• . . .
• // create the to-spaces key
• let NewDynamicRegion lttogt to_key new_ukey()
• state_tlttogt to_state
• // open the from-spaces key
• region from_r open(from_key)
• // open the to-spaces key
• region to_r open(to_key)
• // copy the state and reachable data
• to_state copy_state(to_r, from_state)
• // free the from-space
• free_ukey(from_key)
• . . .

19
GC and Forwarding Pointers

• What is the type of a forwarding pointer?

20
GC and Forwarding Pointers

• What is the type of a forwarding pointer?
• A pointer to a struct Value in To-space

21
GC and Forwarding Pointers

• What is the type of a forwarding pointer?
• A pointer to a struct Value in To-space, whose
  forwarding pointer is a pointer to a struct Value
  in To-spaces To-space

22
GC and Forwarding Pointers

• What is the type of a forwarding pointer?
• A pointer to a struct Value in To-space, whose
  forwarding pointer is a pointer to a struct Value
  in To-spaces To-space, whose forwarding pointer
  is a pointer to a struct Value in To-spaces
  To-spaces To-space, whose forwarding pointer is
  a pointer to a struct Value in To-spaces
  To-spaces To-spaces To-space, whose forwarding
  pointer is a pointer to a struct Value in
  To-spaces To-spaces To-spaces To-spaces
  To-space, whose forwarding pointer is a pointer
  to a struct Value in To-spaces To-spaces
  To-spaces To-spaces To-spaces To-space, whose
  forwarding pointer is a pointer to a struct Value
  in To-spaces To-spaces To-spaces To-spaces
  To-spaces To-spaces To-space, whose forwarding
  pointer is a pointer to a struct Value in
  To-spaces To-spaces To-spaces To-spaces
  To-spaces To-spaces To-spaces To-space, whose
  forwarding pointer is a pointer to a struct Value
  in To-spaces To-spaces To-spaces To-spaces
  To-spaces To-spaces To-spaces To-spaces
  To-space, whose forwarding pointer is a pointer
  to a struct Value in To-spaces To-spaces
  To-spaces To-spaces To-spaces To-spaces
  To-spaces To-spaces To-spaces To-space, whose
  forwarding pointer is a pointer to a struct Value
  in To-spaces To-spaces To-spaces To-spaces
  To-spaces To-spaces To-spaces To-spaces
  To-spaces To-spaces To-space, whose forwarding
  pointer is a pointer to a struct Value in
  To-spaces To-spaces To-spaces To-spaces
  To-spaces To-spaces To-spaces To-spaces
  To-spaces To-spaces To-spaces To-space

23
Dynamic Region Sequences

• Need a name for all the unwindings
• Type constructor mapping region names to region
  names
• typedef _R next_rgnltrRgt
• Forwarding pointers
• value_tltnext_rgnltrgtgt
• Although the region names r and next_rgnltrgt are
  related, the lifetimes of their corresponding
  regions are not.

24
Dynamic Region Sequences

• Have an infinite supply of region names
• Need to ensure an infinite linear supply
• Use Cyclones unique pointers
• struct DRGenltrRgt
• typedef struct DRGenltrgt_at_notnullU
  uregion_gen_tltrgt

25
Dynamic Region Sequences

• struct DRSeqltrgt
• uregion_key_tltrgt key
• uregion_gen_tltrgt gen
• typedef struct DRSeqltrgt drseq_tltrgt
• struct NewDRSeq ltrRgt
• drseq_tltrgt drseq
• struct NewDRSeq new_drseq()
• drseq_tltnext_rgnltrgtgt next_drseq(uregion_gen_tltrgt
  gen)

26
GC and Dynamic Region Sequences

• gcstate_t doGC(gcstate_t gcs)
• // unpack the gc state
• let GCStateltrgt DRSeq from_key, from_gen,
• from_state gcs
• // generate the to-space
• let DRSto_key, to_gen next_drseq(from_gen)
• state_tltnext_rgnltrgtgt to_state
• region from_r open(from_key)
• region to_r open(to_key)
• to_state copy_state(to_r, from_state)
• // pack the new gc state
• gcs GCStateDRSto_key, to_gen, to_state
  
• free_ukey(from_key)
• return gcs

27
GC and Dynamic Region Sequesces

• Comparison with type-preserving GCs
• Interpreter can be written in a trampoline,
  rather than continuation passing, style
• Intuitive typing of forwarding pointers

28
Performance Evaluation
Interpreter Runtime
Cyclone (Safe GC) Safe Safe
Cyclone (BDW GC) Safe Unsafe
SISC (Sun JVM) Safe Unsafe
MzScheme (BDW GC) Unsafe Unsafe
29
Performance Evaluation
30
Performance Evaluation
31
Size of Unsafe Code
Interpreter (lines of code) Runtime System (lines of code)
Cyclone (Safe GC) 0 1800
Cyclone (BDW GC) 0 9000
SISC (Sun JVM) 0 229,100
MzScheme (BDW GC) 31,000 9000
32
Conclusion

• Significantly reduce amount of unsafe code needed
  to implement an interpreter
• May incur a performance penalty for extra degree
  of safety
• Future Work
• Reduce performance penalty
• Per thread regions providing customization