generating heap- bounded programs walid taha, stephan ellner (rice university) hongwei xi (boston...

Generating Heap-bounded Programs

Walid Taha, Stephan Ellner (Rice University)

Hongwei Xi (Boston University)

Why do languages matter?The need for well thought-out languages (or

“models”) will only increase in the future– Applications are constantly growing in complexity

– The need for simplicity is constant

– Can we think outside our languages?

– Using old languages means making old mistakes

Carefully designed languages allow us to– Ensure strong safety properties

– Preserve desirable reasoning principles

– Ultimately: Reduce developer/owner cost

Embedded systems:An area of growing demand

C/C++

C

FORTRAN

Assembly/C

Trouble with High-level Languages

High-level languages deprive programmer of control over basic resources

Programming embedded systems requires attention to various kinds of resources:– Concrete resources:

– Abstract resources:• Critical sections, capabilities, power, bandwidth, availability,

security, freedom of race conditions…

Resource-bounded languages provide guarantees

But they limit expressivity

Can we combine the best of both worlds?

I OP

LFPL[Hofmann, ’99/00]

Traditional Programming

OPI1

I2

Multi-Stage Programming (MSP) [Taha, Sheard ’97]

OI1 P1 P2

I2

Resource Aware Programming[EMSOFT ’03]

P1I1 P2


OI1 P1 P2

I2

I2

O

Insertion sort

This can be resource-bounded program:

let rec insert(a,l) =

case l of

nil -> cons(a, nil)

| cons(b,t) -> if a < b

then cons(a, cons(b, t))

else cons(b, insert(a, t))

let rec sort(l) =

case l of

nil -> nil

| cons(a,t) -> insert(a, sort(t))

I OP



OPI1

I2


OI1 P1 P2

I2


P1I1 P2


OI1 P1 P2

I2

I2

O

Hoffman’s (RB) LFPL

• Allows heap-bounded manipulation of dynamic data structures

• Can be translated into imperative C programs that have competitive performance (without optimizations)

• How does it work:

– You want to avoid duplicating structures

• Linear types. Default: Variables used only once

Insertion sort in LFPL

This is a resource-bounded program [Hoffman’99/00]

let rec insert(d,a,l) =

case l of

nil -> cons(a, nil) at d

| cons(b,t) at e -> if a < b

then cons(a, cons(b, t) at e) at d

else cons(b, insert(e,a, t)) at d

let rec sort(l) =

case l of

nil -> nil

| cons(a,t) at d -> insert(d, a, sort(t))

I OP



OPI1

I2


OI1 P1 P2

I2


P1I1 P2


OI1 P1 P2

I2

I2

O

Multi-stage programming (MSP)• Provide abstraction mechanisms like: polymorphism, higher-order

functions, exceptions, …

• “Abstractions without guilt” through prg. generation

• Without damaging the static typing discipline

ApproachBuild

“f (x,y)”

Combine

F X

Syntactic correctness?

Reject “f (x,)”

Type correctness?

Reject “7 (8)”

String

Datatype

MSP

Multi-stage programming (MSP)

Three staging annotations:

Construct Example Result

Brackets: a=<2*4> a=<2*4>

Escape: b=<9+~a> b=<9+2*4>

Run: c= .! b c=17

Simplified typing rules:

Given of type We get of type

X T <X> <T>

X <T> ~X T

X <T> .! X T

Small example: Exponentiation

Single stage:

let rec exp(n:int, x:real):real =

if n = 0

then 1.0

else if even (n)

then sqr (exp(n div 2,x))

else x * (exp(n - 1,x));;

xnPn

x


Two stage:

let rec exp(n:int, x:<real>):<real>=

if n = 0

then <1.0>

else if even (n)

then <sqr ~(exp(n div 2,x))>

else <~x * ~(exp(n - 1,x))>;;

Only things in gold are left for second stage

xnn P1 P2

x

To use the staged exp we simply write:

<f(x) = ~(exp(5,<x>))>;;

The result for the second stage is:

<f(x)= x*(sqr(sqr(x*1.0)))>


Just 4 ops!

No recursion

I OP



OPI1

I2


OI1 P1 P2

I2


P1I1 P2


OI1 P1 P2

I2

I2

O

Why RAP (= MSP + RB) is hard

Two key points:

• Want to guarantee RB before generation

• Must somehow isolate expressive features, even when used in same language. Naïve combination doesn’t work. For LFPL:

– Can just combine non-linear and linear environments

• Some first-stage values must be linear

• Some second-stage values can be non-linear

RAP language for LFPL

• GeHB: A language for “Generating Heap-Bounded programs”

• Intuitively: Program/configure on PC, execute on embedded/real-time platform

• All done in one language that integrates the two platforms very closely

• Static analysis (type system) guarantees that – The two platforms never get confused

– Before any programs are generated, we know that all generated programs will be resource bounded.

Type System

Summary of Results

• Evaluation (generation) preserves types

– Standard type preservation

• Code values are easily turned into LFPL code

– Requires a form of let-floating

• Can only be done for well-typed terms

• Generated LFPL code is well-typed

– And Hofmann shows how to translate to C

• No lost expressivity (GeHB is strictly more expressive)

Safe, fast, and generic insert. sort

let rec sort_gen(myLess,list) =

let [less] = myLess in (* Co-monadic co-bind *)

<let rec insert(d,a,l) =

case l of

nil -> cons(a, nil) at d

| cons(b,t) at d' -> if ~ (less(<a> ,<b> ))

then cons(a, cons(b, t) at d') at d

else cons(b, insert(a, d', t)) at d

in let rec sort(l) =

case l of

nil -> nil

| cons(a,t) at d -> insert(d, a, sort(t))

in sort(~list)>

Summary

• GP languages give us expressivity– But no guarantees about resources

• RB languages give us resource bound– But limit expressivity

• MSP allows us to express staging

• Carefully designed RAP languages give the programmer more control without becoming too low-level or unsafe.

Claim: Underlying idea is general & tractable.

Future work on RAPSuccess requires targeting three areas:

1. Design an theory• Lots of basic PL research needed here

• In RB languages, MSP, and how to combine

2. Applications• Currently: device drivers and n.w. interface

cards

3. Implementation and engineering aspects• Multiple target platforms

• Essential for technology transition

generating heap- bounded programs walid taha, stephan ellner (rice university) hongwei xi (boston...

Documents