Aaron Turon! Mozilla Research
Size: px
Start display at page:

Download "Aaron Turon! Mozilla Research"

Transcription

1 Aaron Turon Mozilla Research

2 C/C++ ML/Haskell Rust Safe systems programming

3 Why Mozilla? Browsers need control. Browsers need safety. Servo: Next-generation browser built in Rust.

4 C++ What is control? void example() { vector<string> vector; auto& elem = vector[0];

5 C++ What is control? void example() { vector<string> vector; auto& elem = vector[0]; Stack and inline layout. vector data length capacity [0] [] [n] string Stack Heap

6 C++ What is control? void example() { vector<string> vector; auto& elem = vector[0]; Stack and inline layout. vector data length capacity [0] [] [n] string H e Stack Heap

7 C++ What is control? void example() { vector<string> vector; auto& elem = vector[0]; Stack and inline layout. vector data length capacity [0] [] [n] string Stack Heap

8 C++ What is control? void example() { vector<string> vector; auto& elem = vector[0]; Stack and inline layout. Lightweight references vector data length capacity elem [0] [] [n] string Stack Heap

9 C++ What is control? void example() { vector<string> vector; auto& elem = vector[0]; Stack and inline layout. Lightweight references Deterministic destruction vector data length capacity elem [0] [] [n] string Stack Heap

10 Zero-cost abstraction Ability to define abstractions that optimize away to nothing.

11 Zero-cost abstraction Ability to define abstractions that optimize away to nothing. vector data cap. length [0] data cap. [] H e [] Java

12 Zero-cost abstraction Ability to define abstractions that optimize away to nothing. vector data cap. length [0] data cap. [] H e Not just memory layout: - Static dispatch [] - Template expansion - Java

13 Zero-cost abstraction safe Ability to define abstractions that optimize away to nothing. vector data cap. length [0] data cap. [] H e Not just memory layout: - Static dispatch [] - Template expansion - Java

14 C++ What is safety? void example() { vector<string> vector; auto& elem = vector[0]; vector.push_back(some_string); cout << elem; vector data length capacity elem [0]

15 C++ What is safety? void example() { vector<string> vector; auto& elem = vector[0]; vector.push_back(some_string); cout << elem; vector data length capacity elem [0]

16 C++ What is safety? void example() { vector<string> vector; auto& elem = vector[0]; vector.push_back(some_string); cout << elem; [0] [1] vector data length capacity elem [0]

17 C++ What is safety? void example() { vector<string> vector; auto& elem = vector[0]; vector.push_back(some_string); cout << elem; [0] [1] vector data length capacity elem [0]

18 C++ What is safety? void example() { vector<string> vector; auto& elem = vector[0]; vector.push_back(some_string); cout << elem; [0] [1] vector data length capacity elem [0] Dangling pointer: pointer to freed memory.

19 C++ What is safety? void example() { vector<string> vector; auto& elem = vector[0]; vector.push_back(some_string); cout << elem; [0] [1] vector data length capacity elem [0] Dangling pointer: pointer to freed memory.

20 C++ What is safety? void example() { vector<string> vector; auto& elem = vector[0]; vector.push_back(some_string); cout << elem; [0] [1] vector data length capacity elem [0]

21 C++ What is safety? void example() { vector<string> vector; auto& elem = vector[0]; vector.push_back(some_string); cout << elem; [0] [1] vector data length capacity elem [0] Aliasing: more than one pointer to same memory.

22 C++ What is safety? void example() { vector<string> vector; auto& elem = vector[0]; vector.push_back(some_string); cout << elem; Mutating the vector freed old contents. [0] [1] vector data length capacity elem [0] Aliasing: more than one pointer to same memory.

23 What about GC?

24 What about GC? No control. Requires a runtime.

25 What about GC? No control. Requires a runtime. Insufficient to prevent related problems: iterator invalidation, data races.

26 Rust s Solution Type system enforces ownership and borrowing: 1. All resources have a clear owner. 2. Others can borrow from the owner. 3. Owner cannot free or mutate the resource while it is borrowed. 8

27 Ownership/Borrowing No need for a runtime Memory safety Data-race freedom 9

28 Ownership/Borrowing No need for a runtime Memory safety Data-race freedom C++ 9

29 Ownership/Borrowing No need for a runtime Memory safety Data-race freedom C++ GC 9

30 More to Rust than Safety Explicit control is often correlated with painfully verbose. Rust offers lots of goodies traditionally associated with garbagecollected runtimes: - Closures - Pattern matching - Type inference - Traits

31 Credit where it is due Rust has an active, amazing community.

32 Ownership n. The act, state, or right of possessing something.

33 Ownership (T)

34 Ownership (T)

35 Ownership (T)

36 Ownership (T)

37 Aliasing Mutation Ownership (T)

38 Aliasing Mutation Ownership (T)

39 fn give() { let mut vec = Vec::new(); vec.push(1); vec.push(2); take(vec); fn take(vec: Vec<int>) { // data vec length capacity

40 fn give() { let mut vec = Vec::new(); vec.push(1); vec.push(2); take(vec); fn take(vec: Vec<int>) { // data vec length capacity

41 fn give() { let mut vec = Vec::new(); vec.push(1); vec.push(2); take(vec); fn take(vec: Vec<int>) { // data 1 vec length capacity

42 fn give() { let mut vec = Vec::new(); vec.push(1); vec.push(2); take(vec); fn take(vec: Vec<int>) { // data 1 vec length capacity

43 fn give() { let mut vec = Vec::new(); vec.push(1); vec.push(2); take(vec); fn take(vec: Vec<int>) { // data 1 vec length capacity 2

44 fn give() { let mut vec = Vec::new(); vec.push(1); vec.push(2); take(vec); fn take(vec: Vec<int>) { // data 1 vec length capacity 2

45 fn give() { let mut vec = Vec::new(); vec.push(1); vec.push(2); take(vec); fn take(vec: Vec<int>) { // Take ownership of a Vec<int> data 1 vec length capacity 2

46 fn give() { let mut vec = Vec::new(); vec.push(1); vec.push(2); take(vec); fn take(vec: Vec<int>) { // data 1 vec length capacity 2

47 fn give() { let mut vec = Vec::new(); vec.push(1); vec.push(2); take(vec); fn take(vec: Vec<int>) { // data 1 vec length capacity 2 vec data length capacity

48 fn give() { let mut vec = Vec::new(); vec.push(1); vec.push(2); take(vec); fn take(vec: Vec<int>) { // data 1 vec length capacity 2 vec data length capacity

49 fn give() { let mut vec = Vec::new(); vec.push(1); vec.push(2); take(vec); fn take(vec: Vec<int>) { // data 1 vec length capacity 2 vec data length capacity

50 fn give() { let mut vec = Vec::new(); vec.push(1); vec.push(2); take(vec); fn take(vec: Vec<int>) { // data 1 vec length capacity 2 vec data length capacity

51 fn give() { let mut vec = Vec::new(); vec.push(1); vec.push(2); take(vec); fn take(vec: Vec<int>) { // data vec length capacity

52 fn give() { let mut vec = Vec::new(); vec.push(1); vec.push(2); take(vec); fn take(vec: Vec<int>) { // data vec length capacity

53 Compiler enforces moves fn give() { let mut vec = Vec::new(); vec.push(1); vec.push(2); take(vec); fn take(vec: Vec<int>) { //

54 Compiler enforces moves fn give() { let mut vec = Vec::new(); vec.push(1); vec.push(2); take(vec); fn take(vec: Vec<int>) { //

55 Compiler enforces moves fn give() { let mut vec = Vec::new(); vec.push(1); vec.push(2); take(vec); vec.push(2); fn take(vec: Vec<int>) { //

56 Compiler enforces moves fn give() { let mut vec = Vec::new(); vec.push(1); vec.push(2); take(vec); vec.push(2); fn take(vec: Vec<int>) { // Error: vec has been moved

57 Compiler enforces moves fn give() { let mut vec = Vec::new(); vec.push(1); vec.push(2); take(vec); vec.push(2); fn take(vec: Vec<int>) { // Error: vec has been moved

58 Compiler enforces moves fn give() { let mut vec = Vec::new(); vec.push(1); vec.push(2); take(vec); vec.push(2); fn take(vec: Vec<int>) { // Error: vec has been moved Prevents: - use after free - double moves -

59 Borrow v. To receive something with the promise of returning it.

60 Shared borrow (&T)

61 Shared borrow (&T)

62 Shared borrow (&T)

63 Aliasing Mutation Shared borrow (&T)

64 Aliasing Mutation Shared borrow (&T)

65 Mutable borrow (&mut T)

66 Mutable borrow (&mut T)

67 Mutable borrow (&mut T)

68 Mutable borrow (&mut T)

69 Mutable borrow (&mut T)

70 Mutable borrow (&mut T)

71 Mutable borrow (&mut T)

72 Aliasing Mutation Mutable borrow (&mut T)

73 Aliasing Mutation Mutable borrow (&mut T)

74 fn lender() { let mut vec = Vec::new(); vec.push(1); vec.push(2); use(&vec); fn use(vec: &Vec<int>) { //

75 fn lender() { let mut vec = Vec::new(); vec.push(1); vec.push(2); use(&vec); fn use(vec: &Vec<int>) { // data 1 vec length capacity 2

76 fn lender() { let mut vec = Vec::new(); vec.push(1); vec.push(2); use(&vec); fn use(vec: &Vec<int>) { // data 1 vec length capacity 2

77 fn lender() { let mut vec = Vec::new(); vec.push(1); vec.push(2); use(&vec); fn use(vec: &Vec<int>) { // Shared reference to Vec<int> data 1 vec length capacity 2

78 fn lender() { let mut vec = Vec::new(); vec.push(1); vec.push(2); use(&vec); Loan out vec fn use(vec: &Vec<int>) { // Shared reference to Vec<int> data 1 vec length capacity 2

79 fn lender() { let mut vec = Vec::new(); vec.push(1); vec.push(2); use(&vec); Loan out vec fn use(vec: &Vec<int>) { // Shared reference to Vec<int> data 1 vec length capacity 2 vec

80 fn lender() { let mut vec = Vec::new(); vec.push(1); vec.push(2); use(&vec); fn use(vec: &Vec<int>) { // data 1 vec length capacity 2 vec

81 fn lender() { let mut vec = Vec::new(); vec.push(1); vec.push(2); use(&vec); fn use(vec: &Vec<int>) { // data 1 vec length capacity 2 vec

82 fn lender() { let mut vec = Vec::new(); vec.push(1); vec.push(2); use(&vec); fn use(vec: &Vec<int>) { // data 1 vec length capacity 2

83 fn lender() { let mut vec = Vec::new(); vec.push(1); vec.push(2); use(&vec); fn use(vec: &Vec<int>) { // data 1 vec length capacity 2

84 Aliasing Mutation Shared references are immutable: fn use(vec: &Vec<int>) { vec.push(3); vec[1] += 2;

85 Aliasing Mutation Shared references are immutable: fn use(vec: &Vec<int>) { vec.push(3); vec[1] += 2;

86 Aliasing Mutation Shared references are immutable: fn use(vec: &Vec<int>) { vec.push(3); vec[1] += 2;

87 Aliasing Mutation Shared references are immutable: fn use(vec: &Vec<int>) { vec.push(3); vec[1] += 2; Error: cannot mutate shared reference

88 Aliasing Mutation Shared references are immutable: * fn use(vec: &Vec<int>) { vec.push(3); vec[1] += 2; Error: cannot mutate shared reference * Actually: mutation only in controlled circumstances

89 Mutable references fn push_all(from: &Vec<int>, to: &mut Vec<int>) { for elem in from.iter() { to.push(*elem);

90 Mutable references fn push_all(from: &Vec<int>, to: &mut Vec<int>) { for elem in from.iter() { to.push(*elem); mutable reference to Vec<int>

91 Mutable references fn push_all(from: &Vec<int>, to: &mut Vec<int>) { for elem in from.iter() { to.push(*elem); mutable reference to Vec<int> push() is legal

92 Efficient Iteration fn push_all(from: &Vec<int>, to: &mut Vec<int>) { for elem in from.iter() { to.push(*elem); from to 1 2 3

93 Efficient Iteration fn push_all(from: &Vec<int>, to: &mut Vec<int>) { for elem in from.iter() { to.push(*elem); from to 1 2 3

94 Efficient Iteration fn push_all(from: &Vec<int>, to: &mut Vec<int>) { for elem in from.iter() { to.push(*elem); from to elem 1 2 3

95 Efficient Iteration fn push_all(from: &Vec<int>, to: &mut Vec<int>) { for elem in from.iter() { to.push(*elem); from to elem 1 2 3

96 Efficient Iteration fn push_all(from: &Vec<int>, to: &mut Vec<int>) { for elem in from.iter() { to.push(*elem); from to elem

97 Efficient Iteration fn push_all(from: &Vec<int>, to: &mut Vec<int>) { for elem in from.iter() { to.push(*elem); from to elem

98 Efficient Iteration fn push_all(from: &Vec<int>, to: &mut Vec<int>) { for elem in from.iter() { to.push(*elem); from to elem

99 What if from and to are equal? fn push_all(from: &Vec<int>, to: &mut Vec<int>) { for elem in from.iter() { to.push(*elem); from to elem 1 2 3

100 What if from and to are equal? fn push_all(from: &Vec<int>, to: &mut Vec<int>) { for elem in from.iter() { to.push(*elem); 1 from to elem

101 What if from and to are equal? fn push_all(from: &Vec<int>, to: &mut Vec<int>) { for elem in from.iter() { to.push(*elem); 1 from to elem

102 What if from and to are equal? fn push_all(from: &Vec<int>, to: &mut Vec<int>) { for elem in from.iter() { to.push(*elem); dangling pointer 1 from to elem

103 fn push_all(from: &Vec<int>, to: &mut Vec<int>) { fn caller() { let mut vec = ; push_all(&vec, &mut vec);

104 fn push_all(from: &Vec<int>, to: &mut Vec<int>) { fn caller() { let mut vec = ; push_all(&vec, &mut vec); shared reference

105 fn push_all(from: &Vec<int>, to: &mut Vec<int>) { fn caller() { let mut vec = ; push_all(&vec, &mut vec); shared reference Error: cannot have both shared and mutable reference at same time

106 fn push_all(from: &Vec<int>, to: &mut Vec<int>) { fn caller() { let mut vec = ; push_all(&vec, &mut vec); shared reference Error: cannot have both shared and mutable reference at same time

107 fn push_all(from: &Vec<int>, to: &mut Vec<int>) { fn caller() { let mut vec = ; push_all(&vec, &mut vec); shared reference Error: cannot have both shared and mutable reference at same time A &mut T is the only way to access the memory it points at

108 { let mut vec = Vec::new(); for i in range(0, vec.len()) { let elem: &int = &vec[i]; vec.push(); vec.push(); Borrows restrict access to the original path for their duration. & &mut no writes, no moves no access at all

109 { let mut vec = Vec::new(); for i in range(0, vec.len()) { let elem: &int = &vec[i]; vec.push(); vec.push(); Borrows restrict access to the original path for their duration. & &mut no writes, no moves no access at all

110 { let mut vec = Vec::new(); for i in range(0, vec.len()) { let elem: &int = &vec[i]; vec.push(); vec.push(); Borrows restrict access to the original path for their duration. & &mut no writes, no moves no access at all

111 { let mut vec = Vec::new(); for i in range(0, vec.len()) { let elem: &int = &vec[i]; vec.push(); vec.push(); Error: vec[i] is borrowed, cannot mutate Borrows restrict access to the original path for their duration. & &mut no writes, no moves no access at all

112 { let mut vec = Vec::new(); for i in range(0, vec.len()) { let elem: &int = &vec[i]; vec.push(); vec.push(); Error: vec[i] is borrowed, cannot mutate OK. loan expired. Borrows restrict access to the original path for their duration. & &mut no writes, no moves no access at all

113 Concurrency n. several computations executing simultaneously, and potentially interacting with each other

114 Data race Two unsynchronized threads accessing same data where at least one writes.

115 Data race Two unsynchronized threads accessing same data where at least one writes.

116 Aliasing Mutation No ordering Data race

117 Sound familiar? Aliasing Mutation No ordering Data race

118 Actors forbid aliasing Rust forbid both from occurring simultaneously Functional forbid mutation

119 Messaging (ownership)

120 Messaging (ownership)

121 Messaging (ownership)

122 Messaging (ownership)

123 Messaging (ownership)

124 fn parent() { let (tx, rx) = channel(); spawn(move {); let m = rx.recv();

125 fn parent() { let (tx, rx) = channel(); spawn(move {); let m = rx.recv(); rx tx

126 fn parent() { let (tx, rx) = channel(); spawn(move {); let m = rx.recv(); rx tx

127 fn parent() { let (tx, rx) = channel(); spawn(move {); let m = rx.recv(); rx tx

128 fn parent() { let (tx, rx) = channel(); spawn(move {); let m = rx.recv(); move { let m = Vec::new(); tx.send(m); rx tx

129 fn parent() { let (tx, rx) = channel(); spawn(move {); let m = rx.recv(); move { let m = Vec::new(); tx.send(m); rx tx

130 fn parent() { let (tx, rx) = channel(); spawn(move {); let m = rx.recv(); move { let m = Vec::new(); tx.send(m); rx tx tx

131 fn parent() { let (tx, rx) = channel(); spawn(move {); let m = rx.recv(); move { let m = Vec::new(); tx.send(m); rx tx tx

132 fn parent() { let (tx, rx) = channel(); spawn(move {); let m = rx.recv(); move { let m = Vec::new(); tx.send(m); rx tx tx data length m capacity

133 fn parent() { let (tx, rx) = channel(); spawn(move {); let m = rx.recv(); move { let m = Vec::new(); tx.send(m); rx tx tx data length m capacity

134 fn parent() { let (tx, rx) = channel(); spawn(move {); let m = rx.recv(); move { let m = Vec::new(); tx.send(m); rx tx tx data data length length capacity m capacity

135 fn parent() { let (tx, rx) = channel(); spawn(move {); let m = rx.recv(); move { let m = Vec::new(); tx.send(m); rx tx tx data data length length capacity m capacity

136 fn parent() { let (tx, rx) = channel(); spawn(move {); let m = rx.recv(); move { let m = Vec::new(); tx.send(m); rx tx data length capacity tx data length capacity m

137 Shared read-only access (ownership, borrowing)

138 Arc<Vec<int>> ref_count data length [0] [1] capacity

139 Arc<Vec<int>> (ARC = Atomic Reference Count) ref_count data length [0] [1] capacity

140 Arc<Vec<int>> (ARC = Atomic Reference Count) ref_count data length [0] [1] capacity Vec<int>

141 Arc<Vec<int>> (ARC = Atomic Reference Count) ref_count data length [0] [1] capacity Owned, so no aliases. Vec<int>

142 Arc<Vec<int>> (ARC = Atomic Reference Count) ref_count data length [0] [1] capacity Owned, so no aliases. Vec<int> &Vec<int>

143 Arc<Vec<int>> (ARC = Atomic Reference Count) ref_count data length [0] [1] capacity Owned, so no aliases. Vec<int> &Vec<int> Shared reference, so Vec<int> is immutable.

144 Thread safety checking fn send<t: Send>(&self, t: T) Only sendable types

145 Thread safety checking fn send<t: Send>(&self, t: T) Only sendable types Arc<Vec<int>>: Send Rc<Vec<int>> : Send

146 Locked mutable access (ownership, borrowing)

147 fn sync_inc(mutex: &Mutex<int>) { let mut data = mutex.lock(); *data += 1;

148 fn sync_inc(mutex: &Mutex<int>) { let mut data = mutex.lock(); *data += 1;

149 fn sync_inc(mutex: &Mutex<int>) { let mut data = mutex.lock(); *data += 1; Destructor releases lock

150 fn sync_inc(mutex: &Mutex<int>) { let mut data = mutex.lock(); *data += 1; Destructor releases lock Yields a mutable reference to data

151 fn sync_inc(mutex: &Mutex<int>) { let mut data = mutex.lock(); *data += 1; Destructor releases lock Yields a mutable reference to data Destructor runs here, releasing lock

152 Parallel adj. occurring or existing at the same time

153 fn qsort(vec: &mut [int]) { if vec.len() <= 1 { return; let pivot = vec[random(vec.len())]; let mid = vec.partition(vec, pivot); let (less, greater) = vec.split_at_mut(mid); qsort(less); qsort(greater); [0] [1] [2] [3] [] [n]

154 fn qsort(vec: &mut [int]) { if vec.len() <= 1 { return; let pivot = vec[random(vec.len())]; let mid = vec.partition(vec, pivot); let (less, greater) = vec.split_at_mut(mid); qsort(less); qsort(greater); let vec: &mut [int] = ; [0] [1] [2] [3] [] [n]

155 fn qsort(vec: &mut [int]) { if vec.len() <= 1 { return; let pivot = vec[random(vec.len())]; let mid = vec.partition(vec, pivot); let (less, greater) = vec.split_at_mut(mid); qsort(less); qsort(greater); let vec: &mut [int] = ; [0] [1] [2] [3] [] [n]

156 fn qsort(vec: &mut [int]) { if vec.len() <= 1 { return; let pivot = vec[random(vec.len())]; let mid = vec.partition(vec, pivot); let (less, greater) = vec.split_at_mut(mid); qsort(less); qsort(greater); let vec: &mut [int] = ; [0] [1] [2] [3] [] [n]

157 fn qsort(vec: &mut [int]) { if vec.len() <= 1 { return; let pivot = vec[random(vec.len())]; let mid = vec.partition(vec, pivot); let (less, greater) = vec.split_at_mut(mid); qsort(less); qsort(greater); let vec: &mut [int] = ; [0] [1] [2] [3] [] [n]

158 fn qsort(vec: &mut [int]) { if vec.len() <= 1 { return; let pivot = vec[random(vec.len())]; let mid = vec.partition(vec, pivot); let (less, greater) = vec.split_at_mut(mid); qsort(less); qsort(greater); let vec: &mut [int] = ; [0] [1] [2] [3] [] [n] less greater

159 fn qsort(vec: &mut [int]) { if vec.len() <= 1 { return; let pivot = vec[random(vec.len())]; let mid = vec.partition(vec, pivot); let (less, greater) = vec.split_at_mut(mid); qsort(less); qsort(greater); let vec: &mut [int] = ; [0] [1] [2] [3] [] [n] less greater

160 fn parallel_qsort(vec: &mut [int]) { if vec.len() <= 1 { return; let pivot = vec[random(vec.len())]; let mid = vec.partition(vec, pivot); let (less, greater) = vec.split_at_mut(mid); parallel::join( parallel_qsort(less), parallel_qsort(greater) ); let vec: &mut [int] = ; [0] [1] [2] [3] [] [n]

161 fn parallel_qsort(vec: &mut [int]) { if vec.len() <= 1 { return; let pivot = vec[random(vec.len())]; let mid = vec.partition(vec, pivot); let (less, greater) = vec.split_at_mut(mid); parallel::join( parallel_qsort(less), parallel_qsort(greater) ); let vec: &mut [int] = ; [0] [1] [2] [3] [] [n]

162 fn parallel_qsort(vec: &mut [int]) { if vec.len() <= 1 { return; let pivot = vec[random(vec.len())]; let mid = vec.partition(vec, pivot); let (less, greater) = vec.split_at_mut(mid); parallel::join( parallel_qsort(less), parallel_qsort(greater) ); let vec: &mut [int] = ; [0] [1] [2] [3] [] [n] less greater

163 fn parallel_qsort(vec: &mut [int]) { if vec.len() <= 1 { return; let pivot = vec[random(vec.len())]; let mid = vec.partition(vec, pivot); let (less, greater) = vec.split_at_mut(mid); parallel::join( parallel_qsort(less), parallel_qsort(greater) ); let vec: &mut [int] = ; [0] [1] [2] [3] [] [n] less greater

164 fn parallel_qsort(vec: &mut [int]) { if vec.len() <= 1 { return; let pivot = vec[random(vec.len())]; let mid = vec.partition(vec, pivot); let (less, greater) = vec.split_at_mut(mid); parallel::join( parallel_qsort(less), parallel_qsort(greater) ); let vec: &mut [int] = ; [0] [1] [2] [3] [] [n] less greater

165 fn parallel_qsort(vec: &mut [int]) { if vec.len() <= 1 { return; let pivot = vec[random(vec.len())]; let mid = vec.partition(vec, pivot); let (less, greater) = vec.split_at_mut(mid); parallel::join( parallel_qsort(less), parallel_qsort(greater) ); let vec: &mut [int] = ; [0] [1] [2] [3] [] [n] less greater

166 And beyond Concurrency is an area of active development. Either already have or have plans for: - Atomic primitives - Non-blocking queues - Concurrent hashtables - Lightweight thread pools - Futures - CILK-style fork-join concurrency - etc.

167 And beyond Concurrency is an area of active development. Either already have or have plans for: - Atomic primitives - Non-blocking queues - Concurrent hashtables - Lightweight thread pools - Futures - CILK-style fork-join concurrency - etc. Always data-race free

168 Unsafe adj. not safe; hazardous

169 Safe abstractions unsafe { Useful for: Uninitialized memory Interfacing with C code Building parallel abstractions like ARC Ownership/borrowing permit creating safe abstraction boundaries.

170 Safe abstractions unsafe { Trust me. Useful for: Uninitialized memory Interfacing with C code Building parallel abstractions like ARC Ownership/borrowing permit creating safe abstraction boundaries.

171 Safe abstractions fn something_safe() { unsafe { Trust me. Useful for: Uninitialized memory Interfacing with C code Building parallel abstractions like ARC Ownership/borrowing permit creating safe abstraction boundaries.

172 Safe abstractions fn something_safe() { unsafe { Trust me. Validates input, etc. Useful for: Uninitialized memory Interfacing with C code Building parallel abstractions like ARC Ownership/borrowing permit creating safe abstraction boundaries.

173 Status of Rust 1.0 Beta: March 31st 1.0 Final: May 15th - Stable syntax, core type system - Basic standard library - Blossoming ecosystem on crates.io Subsequent releases coming every six weeks.

174 Conclusions Rust combines high-level features with low-level control. Rust gives strong safety guarantees beyond what GC can offer: Deterministic destruction Data race freedom Iterator invalidation

Similar documents

Nicholas Matsakis! Mozilla Research

Nicholas Matsakis! Mozilla Research Nicholas Matsakis! Mozilla Research Parallel! Systems programming without the hassle crashes! heisenbugs! fear 2 C/C++: efficiency first! destructors memory layout smart pointers monomorphization Research

More information

Rust for C++ Programmers

Rust for C++ Programmers Rust for C++ Programmers Vinzent Steinberg C++ User Group, FIAS April 29, 2015 1 / 27 Motivation C++ has a lot of problems C++ cannot be fixed (because of backwards compatibility) Rust to the rescue! 2

More information

RustBelt: Securing the Foundations of the Rust Programming Language

RustBelt: Securing the Foundations of the Rust Programming Language RustBelt: Securing the Foundations of the Rust Programming Language Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, Derek Dreyer POPL 2018 in Los Angeles, USA Max Planck Institute for Software Systems

More information

Guaranteeing memory safety in Rust

Guaranteeing memory safety in Rust Guaranteeing memory safety in Rust Nicholas D. Matsakis Mozilla Research 1 Hashtable in C / C++ template struct Hashtable { Bucket *buckets; unsigned num_buckets; template

More information

Rust intro. (for Java Developers) JFokus #jfokus 1. 1

Rust intro. (for Java Developers) JFokus #jfokus 1. 1 Rust intro (for Java Developers) JFokus 2017 - #jfokus 1. 1 Hi! Computer Engineer Programming Electronics Math

More information

CMSC 330: Organization of Programming Languages. Ownership, References, and Lifetimes in Rust

CMSC 330: Organization of Programming Languages. Ownership, References, and Lifetimes in Rust CMSC 330: Organization of Programming Languages Ownership, References, and Lifetimes in Rust CMSC330 Spring 2018 1 Memory: the Stack and the Heap The stack constant-time, automatic (de)allocation Data

More information

Next Gen Networking Infrastructure With Rust

Next Gen Networking Infrastructure With Rust Next Gen Networking Infrastructure With Rust Hi, I m @carllerche You may remember me from Most newer databases are written in a language that includes a runtime C / C++ Memory management we ll do it live

More information

Advances in Programming Languages

Advances in Programming Languages Advances in Programming Languages Lecture 18: Concurrency and More in Rust Ian Stark School of Informatics The University of Edinburgh Friday 24 November 2016 Semester 1 Week 10 https://blog.inf.ed.ac.uk/apl16

More information

Next Gen Networking Infrastructure With Rust

Next Gen Networking Infrastructure With Rust Next Gen Networking Infrastructure With Rust Hi, I m @carllerche Let s write a database! Most newer databases are written in a language that includes a runtime. C / C++ Memory management we ll do it live

More information

Index. object lifetimes, and ownership, use after change by an alias errors, use after drop errors, BTreeMap, 309

Index. object lifetimes, and ownership, use after change by an alias errors, use after drop errors, BTreeMap, 309 A Arithmetic operation floating-point arithmetic, 11 12 integer numbers, 9 11 Arrays, 97 copying, 59 60 creation, 48 elements, 48 empty arrays and vectors, 57 58 executable program, 49 expressions, 48

More information

Region-based Memory Management. Advanced Operating Systems Lecture 10

Region-based Memory Management. Advanced Operating Systems Lecture 10 Region-based Memory Management Advanced Operating Systems Lecture 10 Lecture Outline Rationale Stack-based memory management Region-based memory management Ownership Borrowing Benefits and limitations

More information

Why you should take a look at

Why you should take a look at Why you should take a look at Antonin Carette - FOSDEM 2018 - Rust devroom Slides and resources available @ github.com/k0pernicus/fosdem_rust_talk 1 Chalut 'tiot biloute! I tried to understand what the

More information

The New Java Technology Memory Model

The New Java Technology Memory Model The New Java Technology Memory Model java.sun.com/javaone/sf Jeremy Manson and William Pugh http://www.cs.umd.edu/~pugh 1 Audience Assume you are familiar with basics of Java technology-based threads (

More information

Programming In Rust. Jim Blandy, / Portland, (Slides are as presented; followup discussion,

Programming In Rust. Jim Blandy, / Portland, (Slides are as presented; followup discussion, Programming In Rust Jim Blandy, Mozilla @jimblandy / Portland, 2015 (Slides are as presented; followup discussion, fixes, etc. on Reddit: http://goo.gl/thj2pw) 2 The set of Rust enthusiasts certainly seems

More information

CS 140e. Opera&ng Systems from the Ground Up

CS 140e. Opera&ng Systems from the Ground Up CS 140e Opera&ng Systems from the Ground Up CS 140e Goals Learn OS fundamentals. Disks, File systems, I/O Threads & Processes Scheduling Virtual Memory Protection & Security Interrupts Concurrency & Synchronization

More information

Applied Unified Ownership. Capabilities for Sharing Across Threads

Applied Unified Ownership. Capabilities for Sharing Across Threads Applied Unified Ownership or Capabilities for Sharing Across Threads Elias Castegren Tobias Wrigstad DRF transfer parallel programming AppliedUnified Ownership memory management placement in pools (previous

More information

7/6/2015. Motivation & examples Threads, shared memory, & synchronization. Imperative programs

7/6/2015. Motivation & examples Threads, shared memory, & synchronization. Imperative programs Motivation & examples Threads, shared memory, & synchronization How do locks work? Data races (a lower level property) How do data race detectors work? Atomicity (a higher level property) Concurrency exceptions

More information

11/19/2013. Imperative programs

11/19/2013. Imperative programs if (flag) 1 2 From my perspective, parallelism is the biggest challenge since high level programming languages. It s the biggest thing in 50 years because industry is betting its future that parallel programming

More information

Motivation & examples Threads, shared memory, & synchronization

Motivation & examples Threads, shared memory, & synchronization 1 Motivation & examples Threads, shared memory, & synchronization How do locks work? Data races (a lower level property) How do data race detectors work? Atomicity (a higher level property) Concurrency

More information

The Concept of Ownership in Rust and Swift

The Concept of Ownership in Rust and Swift The Concept of Ownership in Rust and Swift The Concept of Ownership in Rust and Swift By Elaf A Alhazmi, M.Sc. A Thesis Submitted to The Department of Computing and Software and the School of Graduate

More information

It turns out that races can be eliminated without sacrificing much in terms of performance or expressive power.

It turns out that races can be eliminated without sacrificing much in terms of performance or expressive power. The biggest two problems in multi-threaded programming are races and deadlocks. Races reached new levels with the introduction of relaxed memory processors. It turns out that races can be eliminated without

More information

CS527 Software Security

CS527 Software Security Security Policies Purdue University, Spring 2018 Security Policies A policy is a deliberate system of principles to guide decisions and achieve rational outcomes. A policy is a statement of intent, and

More information

Introduction to Rust. CC-BY Mozilla. Jonathan Pallant

Introduction to Rust. CC-BY Mozilla. Jonathan Pallant Introduction to Rust CC-BY Mozilla Jonathan Pallant 27 October 2016 What is Rust? Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. www.rust-lang.org

More information

COMP6771 Advanced C++ Programming

COMP6771 Advanced C++ Programming 1.... COMP6771 Advanced C++ Programming Week 5 Part One: Exception Handling 2016 www.cse.unsw.edu.au/ cs6771 2.... Memory Management & Exception Handling.1 Part I: Exception Handling Exception objects

More information

$ cat ~/.profile GIT_AUTHOR_NAME=Florian Gilcher TWITTER_HANDLE=argorak GITHUB_HANDLE=skade BLOG=skade.

$ cat ~/.profile GIT_AUTHOR_NAME=Florian Gilcher TWITTER_HANDLE=argorak GITHUB_HANDLE=skade BLOG=skade. Useful Rust $ cat ~/.profile GIT_AUTHOR_NAME=Florian Gilcher GIT_AUTHOR_EMAIL=florian@rustfest.eu TWITTER_HANDLE=argorak GITHUB_HANDLE=skade BLOG=skade.me YAKS=yakshav.es Backend Developer Ruby Programmer

More information

Chapter 1 INTRODUCTION SYS-ED/ COMPUTER EDUCATION TECHNIQUES, INC.

Chapter 1 INTRODUCTION SYS-ED/ COMPUTER EDUCATION TECHNIQUES, INC. hapter 1 INTRODUTION SYS-ED/ OMPUTER EDUATION TEHNIQUES, IN. Objectives You will learn: Java features. Java and its associated components. Features of a Java application and applet. Java data types. Java

More information

Synchronization SPL/2010 SPL/20 1

Synchronization SPL/2010 SPL/20 1 Synchronization 1 Overview synchronization mechanisms in modern RTEs concurrency issues places where synchronization is needed structural ways (design patterns) for exclusive access 2 Overview synchronization

More information

Operating Systems CMPSCI 377, Lec 2 Intro to C/C++ Prashant Shenoy University of Massachusetts Amherst

Operating Systems CMPSCI 377, Lec 2 Intro to C/C++ Prashant Shenoy University of Massachusetts Amherst Operating Systems CMPSCI 377, Lec 2 Intro to C/C++ Prashant Shenoy University of Massachusetts Amherst Department of Computer Science Why C? Low-level Direct access to memory WYSIWYG (more or less) Effectively

More information

September 10,

September 10, September 10, 2013 1 Bjarne Stroustrup, AT&T Bell Labs, early 80s cfront original C++ to C translator Difficult to debug Potentially inefficient Many native compilers exist today C++ is mostly upward compatible

More information

Memory Management. Advanced Operating Systems (M) Lecture 3

Memory Management. Advanced Operating Systems (M) Lecture 3 Memory Management Advanced Operating Systems (M) Lecture 3 This work is licensed under the Creative Commons Attribution-NoDerivatives 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/4.0/

More information

Typed Assembly Language for Implementing OS Kernels in SMP/Multi-Core Environments with Interrupts

Typed Assembly Language for Implementing OS Kernels in SMP/Multi-Core Environments with Interrupts Typed Assembly Language for Implementing OS Kernels in SMP/Multi-Core Environments with Interrupts Toshiyuki Maeda and Akinori Yonezawa University of Tokyo Quiz [Environment] CPU: Intel Xeon X5570 (2.93GHz)

More information

Modular Reasoning about Aliasing using Permissions

Modular Reasoning about Aliasing using Permissions Modular Reasoning about Aliasing using Permissions John Boyland University of Wisconsin- Milwaukee FOAL 2015 Summary Permissions are non-duplicable tokens that give access to state. Permissions give effective

More information

Vector and Free Store (Pointers and Memory Allocation)

Vector and Free Store (Pointers and Memory Allocation) DM560 Introduction to Programming in C++ Vector and Free Store (Pointers and Memory Allocation) Marco Chiarandini Department of Mathematics & Computer Science University of Southern Denmark [Based on slides

More information

Rust: system programming with guarantees

Rust: system programming with guarantees Rust: system programming with guarantees CRI Monthly Seminar Arnaud Spiwack Pierre Guillou MINES ParisTech, PSL Research University Fontainebleau, July 6th, 2015 1 / 29 High level programming languages

More information

CSE 451: Operating Systems Winter Lecture 7 Synchronization. Steve Gribble. Synchronization. Threads cooperate in multithreaded programs

CSE 451: Operating Systems Winter Lecture 7 Synchronization. Steve Gribble. Synchronization. Threads cooperate in multithreaded programs CSE 451: Operating Systems Winter 2005 Lecture 7 Synchronization Steve Gribble Synchronization Threads cooperate in multithreaded programs to share resources, access shared data structures e.g., threads

More information

Kotlin/Native concurrency model. nikolay

Kotlin/Native concurrency model. nikolay Kotlin/Native concurrency model nikolay igotti@jetbrains What do we want from concurrency? Do many things concurrently Easily offload tasks Get notified once task a task is done Share state safely Mutate

More information

Rust. A safe, concurrent, practical language. Graydon Hoare October 2012

Rust. A safe, concurrent, practical language. Graydon Hoare October 2012 Rust A safe, concurrent, practical language Graydon Hoare October 2012 This is not a marketing talk Purpose: Convince you there's something interesting here Provide some technical

More information

Outline. Java Models for variables Types and type checking, type safety Interpretation vs. compilation. Reasoning about code. CSCI 2600 Spring

Outline. Java Models for variables Types and type checking, type safety Interpretation vs. compilation. Reasoning about code. CSCI 2600 Spring Java Outline Java Models for variables Types and type checking, type safety Interpretation vs. compilation Reasoning about code CSCI 2600 Spring 2017 2 Java Java is a successor to a number of languages,

More information

Chapter 1 GETTING STARTED. SYS-ED/ Computer Education Techniques, Inc.

Chapter 1 GETTING STARTED. SYS-ED/ Computer Education Techniques, Inc. Chapter 1 GETTING STARTED SYS-ED/ Computer Education Techniques, Inc. Objectives You will learn: Java platform. Applets and applications. Java programming language: facilities and foundation. Memory management

More information

Pointers and References

Pointers and References Steven Zeil October 2, 2013 Contents 1 References 2 2 Pointers 8 21 Working with Pointers 8 211 Memory and C++ Programs 11 212 Allocating Data 15 22 Pointers Can Be Dangerous 17 3 The Secret World of Pointers

More information

COMP6771 Advanced C++ Programming

COMP6771 Advanced C++ Programming 1.. COMP6771 Advanced C++ Programming Week 5 Part Two: Dynamic Memory Management 2016 www.cse.unsw.edu.au/ cs6771 2.. Revisited 1 #include 2 3 struct X { 4 X() { std::cout

More information

Short Notes of CS201

Short Notes of CS201 #includes: Short Notes of CS201 The #include directive instructs the preprocessor to read and include a file into a source code file. The file name is typically enclosed with < and > if the file is a system

More information

Threads and Too Much Milk! CS439: Principles of Computer Systems February 6, 2019

Threads and Too Much Milk! CS439: Principles of Computer Systems February 6, 2019 Threads and Too Much Milk! CS439: Principles of Computer Systems February 6, 2019 Bringing It Together OS has three hats: What are they? Processes help with one? two? three? of those hats OS protects itself

More information

Message Passing. Advanced Operating Systems Tutorial 7

Message Passing. Advanced Operating Systems Tutorial 7 Message Passing Advanced Operating Systems Tutorial 7 Tutorial Outline Review of Lectured Material Discussion: Erlang and message passing 2 Review of Lectured Material Message passing systems Limitations

More information

CS201 - Introduction to Programming Glossary By

CS201 - Introduction to Programming Glossary By CS201 - Introduction to Programming Glossary By #include : The #include directive instructs the preprocessor to read and include a file into a source code file. The file name is typically enclosed with

More information

Thread Safety. Review. Today o Confinement o Threadsafe datatypes Required reading. Concurrency Wrapper Collections

Thread Safety. Review. Today o Confinement o Threadsafe datatypes Required reading. Concurrency Wrapper Collections Thread Safety Today o Confinement o Threadsafe datatypes Required reading Concurrency Wrapper Collections Optional reading The material in this lecture and the next lecture is inspired by an excellent

More information

Rust for high level applications. Lise Henry

Rust for high level applications. Lise Henry Rust for high level applications Lise Henry Who am I Elisabeth Henry A.k.a Lizzie Crowdagger Computer science background Semi-professional fantasy writer I like Rust, but not really into systems programming

More information

CMSC 330: Organization of Programming Languages

CMSC 330: Organization of Programming Languages CMSC 330: Organization of Programming Languages Multithreading Multiprocessors Description Multiple processing units (multiprocessor) From single microprocessor to large compute clusters Can perform multiple

More information

Rust Advanced Topics

Rust Advanced Topics Rust Advanced Topics Adapted from https://skade.github.io/rust-three-dayscourse/presentation/toc/english.html Generic Functions 1. fn takes_anything(thing: T) -> T { 2. thing 3. } 4. fn main() { 5.

More information

Ironclad C++ A Library-Augmented Type-Safe Subset of C++

Ironclad C++ A Library-Augmented Type-Safe Subset of C++ Ironclad C++ A Library-Augmented Type-Safe Subset of C++ Christian DeLozier, Richard Eisenberg, Peter-Michael Osera, Santosh Nagarakatte*, Milo M. K. Martin, and Steve Zdancewic October 30, 2013 University

More information

CMSC 330: Organization of Programming Languages. Strings, Slices, Vectors, HashMaps in Rust

CMSC 330: Organization of Programming Languages. Strings, Slices, Vectors, HashMaps in Rust CMSC 330: Organization of Programming Languages Strings, Slices, Vectors, HashMaps in Rust CMSC330 Spring 2018 1 String Representation Rust s String is a 3-tuple A pointer to a byte array (interpreted

More information

Vector and Free Store (Vectors and Arrays)

Vector and Free Store (Vectors and Arrays) DM560 Introduction to Programming in C++ Vector and Free Store (Vectors and Arrays) Marco Chiarandini Department of Mathematics & Computer Science University of Southern Denmark [Based on slides by Bjarne

More information

CSE 451: Operating Systems Winter Lecture 7 Synchronization. Hank Levy 412 Sieg Hall

CSE 451: Operating Systems Winter Lecture 7 Synchronization. Hank Levy 412 Sieg Hall CSE 451: Operating Systems Winter 2003 Lecture 7 Synchronization Hank Levy Levy@cs.washington.edu 412 Sieg Hall Synchronization Threads cooperate in multithreaded programs to share resources, access shared

More information

CMSC 330: Organization of Programming Languages

CMSC 330: Organization of Programming Languages CMSC 330: Organization of Programming Languages Smart Pointers in Rust CMSC330 Spring 2018 Copyright 2018 Michael Hicks, the University of Maryland. Some material based on https://doc.rustlang.org/book/second-edition/index.html

More information

Chapter 17 vector and Free Store. Bjarne Stroustrup

Chapter 17 vector and Free Store. Bjarne Stroustrup Chapter 17 vector and Free Store Bjarne Stroustrup www.stroustrup.com/programming Overview Vector revisited How are they implemented? Pointers and free store Allocation (new) Access Arrays and subscripting:

More information

Today. Instance Method Dispatch. Instance Method Dispatch. Instance Method Dispatch 11/29/11. today. last time

Today. Instance Method Dispatch. Instance Method Dispatch. Instance Method Dispatch 11/29/11. today. last time CS2110 Fall 2011 Lecture 25 Java program last time Java compiler Java bytecode (.class files) Compile for platform with JIT Interpret with JVM Under the Hood: The Java Virtual Machine, Part II 1 run native

More information

Corrections made in this version not in first posting:

Corrections made in this version not in first posting: 1 Changelog 1 Corrections made in this version not in first posting: 12 April 2017: slide 15: correct arrow from B-freed to D-freed 12 April 2017: slide 42: correct phrasing on what is borrowed fuzzing

More information

The Case for N-Body Simulations in Rust

The Case for N-Body Simulations in Rust Int'l Conf. Scientific Computing CSC'16 3 The Case for N-Body Simulations in Rust A. Hansen, M. C. Lewis Department of Computer Science, Trinity University, San Antonio, Texas, United States Abstract In

More information

Threads and Too Much Milk! CS439: Principles of Computer Systems January 31, 2018

Threads and Too Much Milk! CS439: Principles of Computer Systems January 31, 2018 Threads and Too Much Milk! CS439: Principles of Computer Systems January 31, 2018 Last Time CPU Scheduling discussed the possible policies the scheduler may use to choose the next process (or thread!)

More information

CSE332: Data Abstractions Lecture 23: Programming with Locks and Critical Sections. Tyler Robison Summer 2010

CSE332: Data Abstractions Lecture 23: Programming with Locks and Critical Sections. Tyler Robison Summer 2010 CSE332: Data Abstractions Lecture 23: Programming with Locks and Critical Sections Tyler Robison Summer 2010 1 Concurrency: where are we Done: The semantics of locks Locks in Java Using locks for mutual

More information

Synchronising Threads

Synchronising Threads Synchronising Threads David Chisnall March 1, 2011 First Rule for Maintainable Concurrent Code No data may be both mutable and aliased Harder Problems Data is shared and mutable Access to it must be protected

More information

Threads Questions Important Questions

Threads Questions Important Questions Threads Questions Important Questions https://dzone.com/articles/threads-top-80-interview https://www.journaldev.com/1162/java-multithreading-concurrency-interviewquestions-answers https://www.javatpoint.com/java-multithreading-interview-questions

More information

Separate Compilation Model

Separate Compilation Model Separate Compilation Model Recall: For a function call to compile, either the function s definition or declaration must appear previously in the same file. Goal: Compile only modules affected by recent

More information

Processes. OS Structure. OS Structure. Modes of Execution. Typical Functions of an OS Kernel. Non-Kernel OS. COMP755 Advanced Operating Systems

Processes. OS Structure. OS Structure. Modes of Execution. Typical Functions of an OS Kernel. Non-Kernel OS. COMP755 Advanced Operating Systems OS Structure Processes COMP755 Advanced Operating Systems An OS has many parts. The Kernel is the core of the OS. It controls the execution of the system. Many OS features run outside of the kernel, such

More information

Inheritance, Polymorphism and the Object Memory Model

Inheritance, Polymorphism and the Object Memory Model Inheritance, Polymorphism and the Object Memory Model 1 how objects are stored in memory at runtime? compiler - operations such as access to a member of an object are compiled runtime - implementation

More information

Memory Management and Efficient Graph Processing in Rust

Memory Management and Efficient Graph Processing in Rust Memory Management and Efficient Graph Processing in Rust KEVIN CHEN and ELBERT LIN Stanford University 1. INTRODUCTION Graphs are a common data structure in most object-oriented programming languages due

More information

Consistency. CS 475, Spring 2018 Concurrent & Distributed Systems

Consistency. CS 475, Spring 2018 Concurrent & Distributed Systems Consistency CS 475, Spring 2018 Concurrent & Distributed Systems Review: 2PC, Timeouts when Coordinator crashes What if the bank doesn t hear back from coordinator? If bank voted no, it s OK to abort If

More information

Hazard Pointers. Number of threads unbounded time to check hazard pointers also unbounded! difficult dynamic bookkeeping! thread B - hp1 - hp2

Hazard Pointers. Number of threads unbounded time to check hazard pointers also unbounded! difficult dynamic bookkeeping! thread B - hp1 - hp2 Hazard Pointers Store pointers of memory references about to be accessed by a thread Memory allocation checks all hazard pointers to avoid the ABA problem thread A - hp1 - hp2 thread B - hp1 - hp2 thread

More information

The Case for Building a Kernel

The Case for Building a Kernel The Case for Building a Kernel in Rust Amit Levy Brad Campbell Branden Ghena Pat Pannuto Philip Levis Prabal Dutta Stanford University & University of Michigan September 2nd 2017 Memory and type safety

More information

A Framework for Gradual Memory Management

A Framework for Gradual Memory Management A Framework for Gradual Memory Management A safe, performant technique for integrating custom allocators and garbage collection mechanisms Jonathan Goodwin jondgoodwin@gmail.com September 12, 2017 Abstract

More information

Introduction to Locks. Intrinsic Locks

Introduction to Locks. Intrinsic Locks CMSC 433 Programming Language Technologies and Paradigms Spring 2013 Introduction to Locks Intrinsic Locks Atomic-looking operations Resources created for sequential code make certain assumptions, a large

More information

The Mezzo case. Jonathan Protzenko. François Pottier FSFMA'13. Why design a new programming language?

The Mezzo case. Jonathan Protzenko. François Pottier FSFMA'13. Why design a new programming language? Why design a new programming language? The Mezzo case François Pottier francois.pottier@inria.fr Jonathan Protzenko jonathan.protzenko@inria.fr INRIA FSFMA'13 Jonathan Protzenko (INRIA) The Mezzo language

More information

Processes. Johan Montelius KTH

Processes. Johan Montelius KTH Processes Johan Montelius KTH 2017 1 / 47 A process What is a process?... a computation a program i.e. a sequence of operations a set of data structures a set of registers means to interact with other

More information

Major Language Changes, pt. 1

Major Language Changes, pt. 1 C++0x What is C++0x? Updated version of C++ language. Addresses unresolved problems in C++03. Almost completely backwards compatible. Greatly increases expressiveness (and complexity!) of language. Greatly

More information

A process. the stack

A process. the stack A process Processes Johan Montelius What is a process?... a computation KTH 2017 a program i.e. a sequence of operations a set of data structures a set of registers means to interact with other processes

More information

Spot: A Programming Language for Verified Flight Software

Spot: A Programming Language for Verified Flight Software Spot: A Programming Language for Verified Flight Software Rob Bocchino (bocchino@jpl.nasa.gov) Ed Gamble (ed.gamble@jpl.nasa.gov) Kim Gostelow Jet Propulsion Laboratory Califor nia Institute of Technology

More information

High-Productivity Languages for HPC: Compiler Challenges

High-Productivity Languages for HPC: Compiler Challenges High-Productivity Languages for HPC: Compiler Challenges David Chase 2005-10-25 Fortress New language Designed for productivity, high performance, abundant parallelism. Contributors Guy Steele Jan-Willem

More information

Grand Central Dispatch and NSOperation. CSCI 5828: Foundations of Software Engineering Lecture 28 12/03/2015

Grand Central Dispatch and NSOperation. CSCI 5828: Foundations of Software Engineering Lecture 28 12/03/2015 Grand Central Dispatch and NSOperation CSCI 5828: Foundations of Software Engineering Lecture 28 12/03/2015 1 Credit Where Credit Is Due Most of the examples in this lecture were inspired by example code

More information

Rust. A new systems programming language. 1.0 was released on May 15th. been in development 5+ years. releases every 6 weeks

Rust. A new systems programming language. 1.0 was released on May 15th. been in development 5+ years. releases every 6 weeks 1 Rust A new systems programming language 1.0 was released on May 15th been in development 5+ years releases every 6 weeks Pursuing the trifecta: safe, concurrent, fast Gone through many radical iterations

More information

Introducing C++ to Java Programmers

Introducing C++ to Java Programmers Introducing C++ to Java Programmers by Kip Irvine updated 2/27/2003 1 Philosophy of C++ Bjarne Stroustrup invented C++ in the early 1980's at Bell Laboratories First called "C with classes" Design Goals:

More information

Concurrency, Thread. Dongkun Shin, SKKU

Concurrency, Thread. Dongkun Shin, SKKU Concurrency, Thread 1 Thread Classic view a single point of execution within a program a single PC where instructions are being fetched from and executed), Multi-threaded program Has more than one point

More information

const-correctness in C++

const-correctness in C++ const-correctness in C++ Matthias Kretz Frankfurt Institute Institute for Computer Science Goethe University Frankfurt 2015-04-01 HGS-HIRe Helmholtz Graduate School for Hadron and Ion Research Matthias

More information

Region-Based Memory Management in Cyclone

Region-Based Memory Management in Cyclone Region-Based Memory Management in Cyclone Dan Grossman Cornell University June 2002 Joint work with: Greg Morrisett, Trevor Jim (AT&T), Michael Hicks, James Cheney, Yanling Wang Cyclone A safe C-level

More information

Introduction to Multicore Programming

Introduction to Multicore Programming Introduction to Multicore Programming Minsoo Ryu Department of Computer Science and Engineering 2 1 Multithreaded Programming 2 Synchronization 3 Automatic Parallelization and OpenMP 4 GPGPU 5 Q& A 2 Multithreaded

More information

CSE 333 Lecture smart pointers

CSE 333 Lecture smart pointers CSE 333 Lecture 14 -- smart pointers Hal Perkins Department of Computer Science & Engineering University of Washington Administrivia Midterm Friday - Review in sections this week - Closed book; topic list

More information

2 ADT Programming User-defined abstract data types

2 ADT Programming User-defined abstract data types Preview 2 ADT Programming User-defined abstract data types user-defined data types in C++: classes constructors and destructors const accessor functions, and inline functions special initialization construct

More information

Memory Management: The Details

Memory Management: The Details Lecture 10 Memory Management: The Details Sizing Up Memory Primitive Data Types Complex Data Types byte: char: short: basic value (8 bits) 1 byte 2 bytes Pointer: platform dependent 4 bytes on 32 bit machine

More information

Objects Managing a Resource

Objects Managing a Resource Objects Managing a Resource 1 What is a Resource Respects Release/Acquire protocol files (open/close) memory allocation (allocate/free) locks (acquire/release). 2 What is a Resource Objects when constructed,

More information

Processes and Threads. From Processes to Threads. The Case for Threads. The Case for Threads. Process abstraction combines two concepts.

Processes and Threads. From Processes to Threads. The Case for Threads. The Case for Threads. Process abstraction combines two concepts. Processes and Threads From Processes to Threads Process abstraction combines two concepts Concurrency Each is a sequential execution stream of instructions Protection Threads Each defines an address space

More information

Practical Affine Types and Typestate-Oriented Programming

Practical Affine Types and Typestate-Oriented Programming Practical Affine Types and Typestate-Oriented Programming Philipp Haller KTH Royal Institute of Technology Stockholm, Sweden Dagstuhl Seminar 17051 Theory and Applications of Behavioural Types Schloss

More information

No littering! Bjarne Stroustrup. Morgan Stanley, Columbia University

No littering! Bjarne Stroustrup. Morgan Stanley, Columbia University No littering! Bjarne Stroustrup Morgan Stanley, Columbia University www.stroustrup.com Executive summary We now offer complete type- and resource-safety No memory corruption No resource leaks No garbage

More information

G Programming Languages - Fall 2012

G Programming Languages - Fall 2012 G22.2110-003 Programming Languages - Fall 2012 Lecture 2 Thomas Wies New York University Review Last week Programming Languages Overview Syntax and Semantics Grammars and Regular Expressions High-level

More information

Design Issues. Subroutines and Control Abstraction. Subroutines and Control Abstraction. CSC 4101: Programming Languages 1. Textbook, Chapter 8

Design Issues. Subroutines and Control Abstraction. Subroutines and Control Abstraction. CSC 4101: Programming Languages 1. Textbook, Chapter 8 Subroutines and Control Abstraction Textbook, Chapter 8 1 Subroutines and Control Abstraction Mechanisms for process abstraction Single entry (except FORTRAN, PL/I) Caller is suspended Control returns

More information

the gamedesigninitiative at cornell university Lecture 10 Memory Management

the gamedesigninitiative at cornell university Lecture 10 Memory Management Lecture 10 Gaming Memory (Current Generation) Playstation 4 8 GB RAM (unified) X-Box One (X) 12 GB RAM (unified) 9 GB for games Nintendo Switch 3 GB RAM (unified) 1 GB only for OS iphone/ipad 2 GB RAM

More information

Pointers. Developed By Ms. K.M.Sanghavi

Pointers. Developed By Ms. K.M.Sanghavi Pointers Developed By Ms. K.M.Sanghavi Memory Management : Dynamic Pointers Linked List Example Smart Pointers Auto Pointer Unique Pointer Shared Pointer Weak Pointer Memory Management In order to create

More information

CSE 333 Lecture smart pointers

CSE 333 Lecture smart pointers CSE 333 Lecture 14 -- smart pointers Hal Perkins Paul G. Allen School of Computer Science & Engineering University of Washington Administrivia New exercise out today, due Wednesday morning Exam Friday

More information

Design of Thread-Safe Classes

Design of Thread-Safe Classes Design of Thread-Safe Classes 1 Topic Outline Thread-Safe Classes Principles Confinement Delegation Synchronization policy documentation 2 Thread-safe Class Design Process Identify the object s state (variables)

More information

Managed runtimes & garbage collection. CSE 6341 Some slides by Kathryn McKinley

Managed runtimes & garbage collection. CSE 6341 Some slides by Kathryn McKinley Managed runtimes & garbage collection CSE 6341 Some slides by Kathryn McKinley 1 Managed runtimes Advantages? Disadvantages? 2 Managed runtimes Advantages? Reliability Security Portability Performance?

More information

CPS 310 first midterm exam, 10/6/2014

CPS 310 first midterm exam, 10/6/2014 CPS 310 first midterm exam, 10/6/2014 Your name please: Part 1. More fun with fork and exec* What is the output generated by this program? Please assume that each executed print statement completes, e.g.,

More information

CS152: Programming Languages. Lecture 19 Shared-Memory Parallelism and Concurrency. Dan Grossman Spring 2011

CS152: Programming Languages. Lecture 19 Shared-Memory Parallelism and Concurrency. Dan Grossman Spring 2011 CS152: Programming Languages Lecture 19 Shared-Memory Parallelism and Concurrency Dan Grossman Spring 2011 Concurrency and Parallelism PL support for concurrency/parallelism a huge topic Increasingly important

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback