Project snowflake: non-blocking safe manual memory management in .NET

Garbage collection greatly improves programmer productivity and ensures memory safety. Manual memory management on the other hand often delivers better performance but is typically unsafe and can lead to system crashes or security vulnerabilities. We propose integrating safe manual memory management with garbage collection in the .NET runtime to get the best of both worlds. In our design, programmers can choose between allocating objects in the garbage collected heap or the manual heap. All existing applications run unmodified, and without any performance degradation, using the garbage collected heap. Our programming model for manual memory management is flexible: although objects in the manual heap can have a single owning pointer, we allow deallocation at any program point and concurrent sharing of these objects amongst all the threads in the program. Experimental results from our .NET CoreCLR implementation on real-world applications show substantial performance gains especially in multithreaded scenarios: up to 3x savings in peak working sets and 2x improvements in runtime.

[1]  Lu Fang,et al.  FACADE: A Compiler and Runtime for (Almost) Object-Bounded Big Data Applications , 2015, ASPLOS.

[2]  James Cheney,et al.  Region-based memory management in cyclone , 2002, PLDI '02.

[3]  Mads Tofte,et al.  Region-based Memory Management , 1997, Inf. Comput..

[4]  Dave Clarke,et al.  External Uniqueness Is Unique Enough , 2003, ECOOP.

[5]  Keir Fraser,et al.  Practical lock-freedom , 2003 .

[6]  Maurice Herlihy,et al.  Fast non-intrusive memory reclamation for highly-concurrent data structures , 2016, ISMM.

[7]  Yehuda Afek,et al.  Temporally Bounding TSO for Fence-Free Asymmetric Synchronization , 2015, ASPLOS.

[8]  Dan Alistarh,et al.  ThreadScan: Automatic and Scalable Memory Reclamation , 2015, SPAA.

[9]  Benjamin G. Zorn,et al.  The measured cost of conservative garbage collection , 1993, Softw. Pract. Exp..

[10]  Liviu Codrut Stancu Safe and efficient hybrid memory management for Java , 2015, ISMM.

[11]  Dan Grossman,et al.  Experience with safe manual memory-management in cyclone , 2004, ISMM '04.

[12]  Trevor Alexander Brown,et al.  Reclaiming Memory for Lock-Free Data Structures: There has to be a Better Way , 2015, PODC.

[13]  David Walker,et al.  Typed memory management via static capabilities , 2000, TOPL.

[14]  Dan Grossman,et al.  Safe manual memory management in Cyclone , 2006, Sci. Comput. Program..

[15]  Lu Fang,et al.  Yak: A High-Performance Big-Data-Friendly Garbage Collector , 2016, OSDI.

[16]  Maged M. Michael Hazard pointers: safe memory reclamation for lock-free objects , 2004, IEEE Transactions on Parallel and Distributed Systems.

[17]  Dinakar Dhurjati,et al.  Memory safety without runtime checks or garbage collection , 2003, LCTES '03.

[18]  Dinakar Dhurjati,et al.  Efficiently Detecting All Dangling Pointer Uses in Production Servers , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[19]  Wenke Lee,et al.  Preventing Use-after-free with Dangling Pointers Nullification , 2015, NDSS.

[20]  Nhan Nguyen,et al.  NumaGiC: a Garbage Collector for Big Data on Big NUMA Machines , 2015, ASPLOS.

[21]  Emery D. Berger,et al.  Quantifying the performance of garbage collection vs. explicit memory management , 2005, OOPSLA '05.

[22]  David Walker,et al.  Typed memory management in a calculus of capabilities , 1999, POPL '99.

[23]  Erez Petrank,et al.  Efficient Memory Management for Lock-Free Data Structures with Optimistic Access , 2015, SPAA.

[24]  Emery D. Berger,et al.  DieHarder: securing the heap , 2010, CCS '10.

[25]  V. T. Rajan,et al.  The Metronome: A Simpler Approach to Garbage Collection in Real-Time Systems , 2003, OTM Workshops.

[26]  SalcianuAlexandru,et al.  Ownership types for safe region-based memory management in real-time Java , 2003 .

[27]  James Noble,et al.  Ownership types for flexible alias protection , 1998, OOPSLA '98.

[28]  David Walker,et al.  On Regions and Linear Types , 2001, ACM SIGPLAN International Conference on Functional Programming.

[29]  Timothy L. Harris,et al.  Dynamic adaptive pre-tenuring , 2000, ISMM '00.

[30]  Henry G. Baker,et al.  “Use-once” variables and linear objects: storage management, reflection and multi-threading , 1995, SIGP.

[31]  Jonathan Walpole,et al.  Performance of memory reclamation for lockless synchronization , 2007, J. Parallel Distributed Comput..

[32]  Erez Petrank,et al.  Automatic memory reclamation for lock-free data structures , 2015, OOPSLA.

[33]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[34]  Jochen Eisinger,et al.  Idle time garbage collection scheduling , 2016, Commun. ACM.

[35]  Periklis Akritidis,et al.  Cling: A Memory Allocator to Mitigate Dangling Pointers , 2010, USENIX Security Symposium.

[36]  Peter Lee,et al.  Generational stack collection and profile-driven pretenuring , 1998, PLDI.

[37]  Martin C. Rinard,et al.  Ownership types for safe region-based memory management in real-time Java , 2003, PLDI '03.

[38]  Yves Younan,et al.  FreeSentry: protecting against use-after-free vulnerabilities due to dangling pointers , 2015, NDSS.

[39]  Milo M. K. Martin,et al.  CETS: compiler enforced temporal safety for C , 2010, ISMM '10.

[40]  Emery D. Berger,et al.  DieHard: probabilistic memory safety for unsafe languages , 2006, PLDI '06.

[41]  Rachid Guerraoui,et al.  Fast and Robust Memory Reclamation for Concurrent Data Structures , 2016, SPAA.

[42]  Kathryn S. McKinley,et al.  Immix: a mark-region garbage collector with space efficiency, fast collection, and mutator performance , 2008, PLDI '08.

[43]  Emery D. Berger,et al.  Archipelago: trading address space for reliability and security , 2008, ASPLOS.

[44]  Naftaly H. Minsky Towards Alias-Free Pointers , 1996, ECOOP.

[45]  Hannes Payer,et al.  Memento mori: dynamic allocation-site-based optimizations , 2015, ISMM.

[46]  Hans-Juergen Boehm,et al.  Garbage collection in an uncooperative environment , 1988, Softw. Pract. Exp..

[47]  John Hogg,et al.  Islands: aliasing protection in object-oriented languages , 1991, OOPSLA '91.

[48]  John Kubiatowicz,et al.  Taurus: A Holistic Language Runtime System for Coordinating Distributed Managed-Language Applications , 2016, ASPLOS.

[49]  David Gay,et al.  Safe manual memory management , 2007, ISMM '07.

[50]  Matthew J. Parkinson,et al.  Simple, fast, and safe manual memory management , 2017, PLDI.

[51]  David Walker,et al.  Alias Types , 2000, ESOP.

[52]  Michael Isard,et al.  Broom: Sweeping Out Garbage Collection from Big Data Systems , 2015, HotOS.

[53]  Timothy L. Harris,et al.  A Pragmatic Implementation of Non-blocking Linked-Lists , 2001, DISC.

[54]  Robert Hundt,et al.  Loop Recognition in C++/Java/Go/Scala , 2011 .

[55]  Philip Wadler,et al.  Linear Types can Change the World! , 1990, Programming Concepts and Methods.

[56]  V. T. Rajan,et al.  Java without the coffee breaks: a nonintrusive multiprocessor garbage collector , 2001, PLDI '01.

[57]  Richard E. Jones,et al.  The Garbage Collection Handbook: The art of automatic memory management , 2011, Chapman and Hall / CRC Applied Algorithms and Data Structures Series.

[58]  Jonathan Aldrich,et al.  A type system for borrowing permissions , 2012, POPL '12.

[59]  Michael Wolf,et al.  C4: the continuously concurrent compacting collector , 2011, ISMM '11.

[60]  Kathryn S. McKinley,et al.  Age-based garbage collection , 1999, OOPSLA '99.

[61]  John Tang Boyland,et al.  Alias burying: Unique variables without destructive reads , 2001, Softw. Pract. Exp..