about summary refs log tree commit diff stats
path: root/071deep_copy.cc
Commit message (Collapse)AuthorAgeFilesLines
* 4089Kartik K. Agaram2017-10-221-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Clean up how we reclaim local scopes. It used to work like this (commit 3216): 1. Update refcounts of products after every instruction, EXCEPT: a) when instruction is a non-primitive and the callee starts with 'local-scope' (because it's already not decremented in 'return') OR: b) when instruction is primitive 'next-ingredient' or 'next-ingredient-without-typechecking', and its result is saved to a variable in the default space (because it's already incremented at the time of the call) 2. If a function starts with 'local-scope', force it to be reclaimed before each return. However, since locals may be returned, *very carefully* don't reclaim those. (See the logic in the old `escaping` and `should_update_refcount` functions.) However, this approach had issues. We needed two separate commands for 'local-scope' (reclaim locals on exit) and 'new-default-space' (programmer takes charge of reclaiming locals). The hard-coded reclamation duplicated refcounting logic. In addition to adding complexity, this implementation failed to work if a function overwrites default-space after setting up a local-scope (the old default-space is leaked). It also fails in the presence of continuations. Calling a continuation more than once was guaranteed to corrupt memory (commit 3986). After this commit, reclaiming local scopes now works like this: Update refcounts of products for every PRIMITIVE instruction. For non-primitive instructions, all the work happens in the `return` instruction: increment refcount of ingredients to `return` (unless -- one last bit of ugliness -- they aren't saved in the caller) decrement the refcount of the default-space use existing infrastructure for reclaiming as necessary if reclaiming default-space, first decrement refcount of each local again, use existing infrastructure for reclaiming as necessary This commit (finally!) completes the bulk[1] of step 2 of the plan in commit 3991. It was very hard until I gave up trying to tweak the existing implementation and just test-drove layer 43 from scratch. [1] There's still potential for memory corruption if we abuse `default-space`. I should probably try to add warnings about that at some point (todo in layer 45).
* 3997Kartik K. Agaram2017-09-131-2/+2
| | | | | | | Follow-up to commit 3993: deep-copy needs to also ignore screen and console objects. Basically channels and any fake objects passed into tests. (The real ones will be null, which will work fine thanks to the bugfix of commit 3996.)
* 3996Kartik K. Agaram2017-09-131-1/+18
|
* 3993Kartik K. Agaram2017-09-131-11/+78
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fully isolate routines from their arguments. I still need exceptions for containers that are *designed* to be shared between routines. The primary such case is channels; we need some way to share them between routines, and if we deep-copy them that defeats their entire purpose. A milder case is the use of fake file-systems in tests, though that's a hint that there'll be more of these as the OS gets more fleshed out. The pattern seems to be that we need to not deep-copy containers that contain lock fields, and so their operations internally do their own locking. We may have to stop hard-coding the list of exceptions and allow people to define new ones. Perhaps don't deep-copy any container with metadata of 'shared', and then ensure that get-location is only ever called on shared containers. This still isn't absolutely ironclad. People can now store something into a channel and then pass it into a routine to share arbitrary data. But perhaps the goal isn't to be ironclad, just to avoid easy mistakes. I'd still want an automated check for this, though. Some way to highlight it as an unsafe pattern. This completes step 1 in the plan of commit 3992 for making continuations safe.
* 3991 - start work on making continuations safeKartik K. Agaram2017-09-101-0/+390
Plan: 1. Fix a hole where addresses are shared between routines when passed in as arguments to `start-running`. 2. Switch to a new approach to refcount management: instead of updating refcounts when writing products of instructions by default, increment refcounts inside instructions by default and decrement refcounts in caller. More details in future when I actually implement this. 3. Now we shouldn't need a distinction between `new-default-space` and `local-scope`, and all functions can simply decrement refcounts of their default-space, consistently handling any refcounts in the space. At this point if all goes well, continuations should be safe! This commit is just preparation for step 1.