implementation and evaluation of a safe runtime in cyclone
DESCRIPTION
Implementation and Evaluation of a Safe Runtime in Cyclone. Matthew Fluet Cornell University. Daniel Wang Princeton University. Introduction. Web-based applications Written in high-level, safe languages C#, Java, Perl, PHP, Python, Tcl Automatic memory management Application servers - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/1.jpg)
Implementation and Evaluation of a Safe Runtime
in Cyclone
Matthew FluetCornell University
Daniel WangPrinceton University
![Page 2: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/2.jpg)
Introduction
Web-based applications• Written in high-level, safe languages
• C#, Java, Perl, PHP, Python, Tcl
• Automatic memory management
Application servers• Written in unsafe languages
• Host applications via interpreters (written in C)
![Page 3: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/3.jpg)
Introduction
Long-term goal: a complete web-application server written in a safe language
Short-term goal: a complete interpreter written in a safe language• Implementing the core of an interpreter is not
in itself a significant challenge
• Implementing the runtime system is a challenge
![Page 4: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/4.jpg)
Outline
A Scheme interpreter in Cyclone• Why Scheme
• Key Features of Cyclone
• Core Scheme Interpreter
• Garbage Collector
Performance Evaluation Conclusion
![Page 5: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/5.jpg)
Why Scheme?
Ease of implementation• Core interpreter loop is only ~500 lines
• Rely on an external Scheme front-end to expand the full Scheme language into a core Scheme subset
• Features desirable for web programming
![Page 6: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/6.jpg)
Key Features of Cyclone
Safe, C-like language• Static type- and control-flow analysis
Intended for systems programming• Data representation
• Resource management
Region-based memory management• Static, lexical, dynamic, heap, unique, …
![Page 7: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/7.jpg)
Simple Copying Collector
From-space and To-space
Forwarding pointers
![Page 8: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/8.jpg)
Simple Copying Collector
From-space and To-space• Natural correspondence with regions
• LIFO discipline of lexical regions insufficient
• Dynamic regions appear to be sufficient
Forwarding pointers
![Page 9: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/9.jpg)
Dynamic Regions
Non-nested lifetimes Manual creation and deallocation Represented by unique pointer (key)
Unique pointer ≡ Capability• Access the region
![Page 10: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/10.jpg)
Dynamic Regions
Operations• new: create a fresh dynamic region
• Produces unique key
• open: open a dynamic region for allocation• Temporarily consumes key
• free: deallocate a dynamic region• Permanently consumes key
![Page 11: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/11.jpg)
GC and Dynamic Regions
. . .// create the to-space’s keylet NewDynamicRegion {<`to> to_key} = new_ukey();state_t<`to> = to_state;// open the from-space’s key{ region from_r = open_ukey(from_key); // open the to-space’s key { region to_r = open_ukey(to_key); // copy the state and reachable data to_state = copy_state(to_r, from_state); } }// free the from-spacefree_ukey(from_key);. . .
![Page 12: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/12.jpg)
GC and Dynamic Regions
. . .// create the to-space’s keylet NewDynamicRegion {<`to> to_key} = new_ukey();state_t<`to> = to_state;// open the from-space’s key{ region from_r = open_ukey(from_key); // open the to-space’s key { region to_r = open_ukey(to_key); // copy the state and reachable data to_state = copy_state(to_r, from_state); } }// free the from-spacefree_ukey(from_key);. . .
![Page 13: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/13.jpg)
GC and Dynamic Regions
. . .// create the to-space’s keylet NewDynamicRegion {<`to> to_key} = new_ukey();state_t<`to> = to_state;// open the from-space’s key{ region from_r = open_ukey(from_key); // open the to-space’s key { region to_r = open_ukey(to_key); // copy the state and reachable data to_state = copy_state(to_r, from_state); } }// free the from-spacefree_ukey(from_key);. . .
![Page 14: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/14.jpg)
GC and Dynamic Regions
. . .// create the to-space’s keylet NewDynamicRegion {<`to> to_key} = new_ukey();state_t<`to> = to_state;// open the from-space’s key{ region from_r = open_ukey(from_key); // open the to-space’s key { region to_r = open_ukey(to_key); // copy the state and reachable data to_state = copy_state(to_r, from_state); } }// free the from-spacefree_ukey(from_key);. . .
![Page 15: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/15.jpg)
GC and Dynamic Regions
. . .// create the to-space’s keylet NewDynamicRegion {<`to> to_key} = new_ukey();state_t<`to> = to_state;// open the from-space’s key{ region from_r = open_ukey(from_key); // open the to-space’s key { region to_r = open_ukey(to_key); // copy the state and reachable data to_state = copy_state(to_r, from_state); } }// free the from-spacefree_ukey(from_key);. . .
![Page 16: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/16.jpg)
Forwarding Pointers
What is the type of a forwarding pointer?
![Page 17: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/17.jpg)
Forwarding Pointers
What is the type of a forwarding pointer?
A pointer to a Value in To-space
![Page 18: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/18.jpg)
Forwarding Pointers
What is the type of a forwarding pointer?
A pointer to a Value in To-space, whose forwarding pointer is a pointer to a Value in To-space’s To-space
![Page 19: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/19.jpg)
Forwarding Pointers
What is the type of a forwarding pointer?
A pointer to a Value in To-space, whose forwarding pointer is a pointer to a Value in To-space’s To-space, whose forwarding pointer is a pointer to a Value in To-space’s To-space’s To-space, whose forwarding pointer is a pointer to a Value in To-space’s To-space’s To-space’s To-space, whose forwarding pointer is a pointer to a Value in To-space’s To-space’s To-space’s To-space’s To-space, whose forwarding pointer is a pointer to a Value in To-space’s To-space’s To-space’s To-space’s To-space’s To-space, whose forwarding pointer is a pointer to a Value in To-space’s To-space’s To-space’s To-space’s To-space’s To-space’s To-space, whose forwarding pointer is a pointer to a Value in To-space’s To-space’s To-space’s To-space’s To-space’s To-space’s To-space’s To-space, whose forwarding pointer is a pointer to a Value in To-space’s To-space’s To-space’s To-space’s To-space’s To-space’s To-space’s To-space’s To-space, whose forwarding pointer is a pointer to a Value in To-space’s To-space’s To-space’s To-space’s To-space’s To-space’s To-space’s To-space’s To-space’s To-space, whose forwarding pointer is a pointer to a Value in To-space’s To-space’s To-space’s To-space’s To-space’s To-space’s To-space’s To-space’s To-space’s To-space’s To-space, …
![Page 20: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/20.jpg)
Dynamic Region Sequences
Introduce a new type constructor mapping region names to region names
typedef _::R next_rgn<ρ::R>
Although the region names ρ and next_rgn<ρ> are related, the lifetimes of their corresponding regions are not
![Page 21: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/21.jpg)
Dynamic Region Sequences
Operations• new, open, free: as for dynamic regions
• next: create next_rgn<ρ> from ρ
![Page 22: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/22.jpg)
Dynamic Region Sequences
Operations• next: create next_rgn<ρ> from ρ
Have an infinite supply of region names• next will create a fresh dynamic region key
Need a linear supply of keys• Use Cyclone’s unique pointers
![Page 23: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/23.jpg)
Dynamic Region Sequences
Operations• next: create next_rgn<ρ> from ρ
A dynamic region sequence is a pair• key: a dynamic region key
• gen: a unique pointer Unique pointer ≡ Capability
• Produce the next_rgn<ρ> key and gen
• Consumed by next
![Page 24: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/24.jpg)
Dynamic Region Sequences
Operations• new: create a fresh dynamic region sequence
• Produces unique key and gen
• next: creates next dynamic region sequence• Produces unique key and gen
• Permanently consumes gen
![Page 25: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/25.jpg)
GC and Dynamic Region Sequences
gcstate_t doGC(gcstate_t gcs) { // unpack the gc state let GCState{<`r> DRSeq {from_key, from_gen}, from_state} = gcs; // generate the to-space let DRSeq{to_key, to_gen} = next_drseq(from_gen); state_t<next_rgn<`r>> to_state; // open the from-space { region from_r = open_ukey(from_key); // open the to-space { region to_r = open_ukey(to_key); // copy the state and reachable data to_state = copy_state(to_r, from_state); } // pack the new gc state gcs = GCState{DRSeq{to_key, to_gen}, to_state}; } // free the from space free_ukey(from_key); return gcs;}
![Page 26: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/26.jpg)
GC and Dynamic Region Sequences
gcstate_t doGC(gcstate_t gcs) { // unpack the gc state let GCState{<`r> DRSeq {from_key, from_gen}, from_state} = gcs; // generate the to-space let DRSeq{to_key, to_gen} = next_drseq(from_gen); state_t<next_rgn<`r>> to_state; // open the from-space { region from_r = open_ukey(from_key); // open the to-space { region to_r = open_ukey(to_key); // copy the state and reachable data to_state = copy_state(to_r, from_state); } // pack the new gc state gcs = GCState{DRSeq{to_key, to_gen}, to_state}; } // free the from space free_ukey(from_key); return gcs;}
![Page 27: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/27.jpg)
GC and Dynamic Region Sequences
gcstate_t doGC(gcstate_t gcs) { // unpack the gc state let GCState{<`r> DRSeq {from_key, from_gen}, from_state} = gcs; // generate the to-space let DRSeq{to_key, to_gen} = next_drseq(from_gen); state_t<next_rgn<`r>> to_state; // open the from-space { region from_r = open_ukey(from_key); // open the to-space { region to_r = open_ukey(to_key); // copy the state and reachable data to_state = copy_state(to_r, from_state); } // pack the new gc state gcs = GCState{DRSeq{to_key, to_gen}, to_state}; } // free the from space free_ukey(from_key); return gcs;}
![Page 28: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/28.jpg)
GC and Dynamic Region Sequences
gcstate_t doGC(gcstate_t gcs) { // unpack the gc state let GCState{<`r> DRSeq {from_key, from_gen}, from_state} = gcs; // generate the to-space let DRSeq{to_key, to_gen} = next_drseq(from_gen); state_t<next_rgn<`r>> to_state; // open the from-space { region from_r = open_ukey(from_key); // open the to-space { region to_r = open_ukey(to_key); // copy the state and reachable data to_state = copy_state(to_r, from_state); } // pack the new gc state gcs = GCState{DRSeq{to_key, to_gen}, to_state}; } // free the from space free_ukey(from_key); return gcs;}
![Page 29: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/29.jpg)
GC and Dynamic Region Sequences
gcstate_t doGC(gcstate_t gcs) { // unpack the gc state let GCState{<`r> DRSeq {from_key, from_gen}, from_state} = gcs; // generate the to-space let DRSeq{to_key, to_gen} = next_drseq(from_gen); state_t<next_rgn<`r>> to_state; // open the from-space { region from_r = open_ukey(from_key); // open the to-space { region to_r = open_ukey(to_key); // copy the state and reachable data to_state = copy_state(to_r, from_state); } // pack the new gc state gcs = GCState{DRSeq{to_key, to_gen}, to_state}; } // free the from space free_ukey(from_key); return gcs;}
![Page 30: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/30.jpg)
GC and Dynamic Region Sequences
Comparison with type-preserving GCs• Interpreter can be written in a trampoline
style, rather than continuation passing style
• Intuitive typing of forwarding pointers
![Page 31: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/31.jpg)
Performance Evaluation
Interpreter Runtime
Cyclone (Safe GC)
Safe Safe
Cyclone (BDW GC)
Safe Unsafe
SISC (Sun JVM)
Safe Unsafe
MzScheme (BDW GC)
Unsafe Unsafe
![Page 32: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/32.jpg)
Performance Evaluation
Normalized Execution Times
0
0.5
1
1.5
2
tak deriv puzzle fft traverse
Cyclone (Safe GC)
Cyclone (BDW GC)
SISC
MzScheme
![Page 33: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/33.jpg)
Performance Evaluation
Maximum Working Set
0
1000
2000
3000
4000
5000
6000
tak
deriv
puzzle fft
trave
rse
Vir
tual
Pag
es Cyclone (Safe GC)
Cyclone (BDW GC)
SISC
MzScheme
![Page 34: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/34.jpg)
Size of Unsafe Code
Interpreter
(lines of code)
Runtime System
(lines of code)
Cyclone
(Safe GC)0 1800
Cyclone
(BDW GC)0 9000
SISC
(Sun JVM)0 229,100
MzScheme
(BDW GC)31,000 9000
![Page 35: Implementation and Evaluation of a Safe Runtime in Cyclone](https://reader036.vdocument.in/reader036/viewer/2022062519/56814e6c550346895dbc0997/html5/thumbnails/35.jpg)
Conclusion
Significantly reduce amount of unsafe code needed to implement an interpreter
May incur a performance penalty for extra degree of safety
Future Work• Reduce performance penalty
• Per thread regions providing customization