Nils Goesche <car...@cartan.de> writes: > In article <pan.2002.03.01.10.21.15.524027.25...@shimizu-blume.com>, Matthias Blume wrote: > > On Fri, 01 Mar 2002 06:58:35 -0500, Nils Goesche wrote: > >> Last time I checked, SML compilers generated pretty slow code. > > Must have been a long time ago. > Last year. I used SML/NJ, which you are probably familiar with :-))
I've been hearing good things about MLton. And OCaml is widely known for it's excellent code. My experience of SML/NJ was that the 0.93 codebase produced acceptably fast code. Then it got slower, and I switched to Scheme (those facts are *not* related, actually).
> >> Same with static typing. By your logic, OS's should be written rather > >> in *Haskell*.
Actually OSes are so inherently stateful that I can't see how using a pure functional language would help. Perhaps my imagination is simply inadequate.
> Writing device drivers and hacking around > in kernels is my job. I do that every day. The problems I face > there are of a totally different nature. Buggy hardware for instance. > Timing problems. Synchronization. Braindead protocols. Deadlocks. > Non-aligned buffers. Memory management. Wild pointers. Registers > that don't work as advertised. I don't think much of these will > go away only because I won't have runtime type errors. What I could > need down there is an expressive language that makes programming > those things easier, on a more abstract level. And nothing is more > expressive than Lisp.
Actually, I found SML to be incredibly expressive, but admittedly my SML programs generally turned into huge masses of functors...
david rush -- Don't you think it would be a useful item to add to your intellectual tookit to be capable of saying, when a ton of wet steaming bullshit lands on your head, "My goodness, this appears to be bullshit?" -- Douglas MacArthur Shaftoe, in _Cryptonomicon_
In article <okf664g9oge....@bellsouth.net>, David Rush wrote: > Nils Goesche <car...@cartan.de> writes: >> What I could need down there is an expressive language that >> makes programming those things easier, on a more abstract level. >> And nothing is more expressive than Lisp. > Actually, I found SML to be incredibly expressive, but admittedly my > SML programs generally turned into huge masses of functors...
Oh, I agree that SML is very expressive. SML would certainly be the language of my choice... if Common Lisp didn't exist :-)
Regards, -- Nils Goesche "Don't ask for whom the <CTRL-G> tolls."
Matthias> When unix_read is being called, the OS must check several things:
Matthias> 1. First argument:
Matthias> - must be a number obtained from a previous call to open/dup/... Matthias> - must not have been subjected to "close" in the meantime Matthias> - must have been opened for reading
It may be that there are things I do not know about the ML system, or how an ML OS would work file objects, but as I know file objects from UNIX (be it represented by a small integer or something else), such an object has state; so how would it be verifiable at compile time that a particular call to `read' would not be operating on an object that has been closed?
Is the ML compiler smart enough to know that in regions following the close operation, the object has another type and would that work in a multiprocess setting?
Or did it just misinterpret the extent of your claims (in which case I must state for the record that it was with no malicious intent :-)
------------------------+-------------------------------------------------- --- Christian Lynbech | ------------------------+-------------------------------------------------- --- Hit the philistines three times over the head with the Elisp reference manual. - peto...@hal.com (Michael A. Petonic)
On Fri, 01 Mar 2002 10:51:00 -0500, Tim Bradshaw wrote: > * Matthias Blume wrote:
>> The point is that both file descriptors and buffers are *unforgeable* >> abstract types. So whenever a user program invokes mlos_read, it can >> only do so if it has obtained a valid file descriptor and a valid >> buffer beforehand. Thus, mlos_read does not need to do *any* checking >> of its arguments at runtime because there is a compile-time proof that >> everything will be ok. And the important contribution of the >> programming language is that it lets you define such abstractions (they >> do not have to be built-in).
> What magic prevents me from stopping the program at a crucial moment and > inserting some bogus stuff in these `unforgeable' types? For instance: > OS gives me a file descriptor, I then hack at it with a hex editor, and > hand it back. Oops, now I'm all over your machine.
Well, there are certainly a lot of things that one has to be very careful about here. For one, the OS clearly cannot let you run any old code that comes out of a hex editor. A low-tech solution might be cryptographic fingerprints inserted by a certified compiler (questionable, because compilers tend to be buggy). A better solution might eventually emerge from the idea of proof-carrying code.
Matthias Blume <matth...@shimizu-blume.com> writes: > > Are you implying that SML is better suited for writing an OS than Lisp? > > If so, what is the advantages of SML in that problem domain? > One word: types.
I hope that wasn't an intentional troll, but merely a bizarre and horrible misunderstanding of the entire way Lisp works.
-- -> -/- - Rahul Jain - -\- <- -> -\- http://linux.rice.edu/~rahul -=- mailto:rj...@techie.com -/- <- -> -/- "I never could get the hang of Thursdays." - HHGTTG by DNA -\- <- |--|--------|--------------|----|-------------|------|---------|-----|-| Version 11.423.999.221020101.23.50110101.042 (c)1996-2002, All rights reserved. Disclaimer available upon request.
> The Utah Common Lisp collector was written in Lisp (not by me). It > was a stop-and-copy collector, and it certainly didn't look like any > other Lisp program. IIRC, (car foo) would get you the forwarding > pointer of the cons cell. On the other hand, coding the GC algorithm > in Lisp was pretty straight-forward, given the right primitives.
> I'm not sure if it's advantageous to write a Lisp collector in Lisp. > Because the normal Lisp world is so inconsistant and screwed up while > running the collector, normal Lisp advantages like debuggability and > access to a repl simply don't apply.
Actually, they do. Writing the GC in subset of Lisp that doesn't cons has benefits like:
- use of the many code-construction mechanisms that Lisp allows (macros etc)
- easy sharing of the constants needed by the compiler to implement primitives (assuming your Lisp compiler is written in Lisp :-)
- the ability to develop and test code on-the-fly (sure, if you screw up badly then you are lost, but many cases this doesn't happen).
-- Martin Simmons, Xanalys Software Tools zne...@xanalys.com rot13 to reply
On Fri, 01 Mar 2002 12:37:03 -0500, Erik Naggum wrote: > * Matthias Blume > | The point is that both file descriptors and buffers are *unforgeable* > | abstract types. So whenever a user program invokes mlos_read, it can > | only do so if it has obtained a valid file descriptor and a valid > buffer | beforehand. Thus, mlos_read does not need to do *any* checking > of its | arguments at runtime because there is a compile-time proof that > | everything will be ok. And the important contribution of the > programming | language is that it lets you define such abstractions > (they do not have | to be built-in).
> What happens when you close a file?
You wouldn't.
> Suppose I get an > opened-for-reading file descriptor back from open, store it somewhere, > and its type is known to be such that I can mlos_read from it. Do we > have a different way to keep track of this open file than storing (a > reference to) the file descriptor in a variable? If not, how does > close communicate the type back to the compiler so that there is only > compile-time type checking that prevents you from calling mlos_read on > a closed file descriptor?
Well, if you insist on having "close" around, there are linear type systems or unique types that have been built into some languages (but not ML). Alternatively, one could probably use monads in some clever way.
> It is probably something very trivial in SML, but I keep getting > confused by such things as the run-time behavior of streams, and > wonder how a file descriptor that has hit end of file is prevented at > compile-time from being used to read more data, and other such simple > things.
Notice that I did not include "hitting the end of the file" into my earlier description of which runtime checks I want to avoid. Of course, nobody should claim that *every* runtime check can be eliminated by static analysis, doing so would be silly. But the checks that can be eliminated should be, IMO.
On Fri, 01 Mar 2002 11:42:22 -0500, Nils Goesche wrote: > In article <pan.2002.03.01.10.21.15.524027.25...@shimizu-blume.com>, > Matthias Blume wrote: >> On Fri, 01 Mar 2002 06:58:35 -0500, Nils Goesche wrote:
>>> Last time I checked, SML compilers generated pretty slow code.
>> Must have been a long time ago.
> Last year. I used SML/NJ, which you are probably familiar with :-)) > Don't get me wrong: I think SML/NJ is a great system, I am not such a > performance junkie.
Thanks. I am not such a performance junkie either. :-) (You brought that topic up.) But I acknowledge that poor performance can be a showstopper in some situations.
>>> When I ported programs to CMUCL they ran several times faster.
>> See the Great PL Shootout page. There are three ML compilers (two SML >> and one Ocaml) ahead of CMUCL. Two of them are *significantly* ahead.
> I am aware of that web page. Frankly I don't understand why CMUCL looks > so bad there. Whenever /I/ implemented anything in several languages, > admittedly something bigger than the programs you find there, CMUCL left > most other compilers far behind, sometimes even gcc.
Maybe you are just more experienced in cranking out efficient code for CMUCL than you are for SML. I am serious about this: The stuff on "that web page" are actually putting SML/NJ at a disadvantage because Bagley insisted on not using our latest versions -- which especially for the x86 platform produces much better code almost all of the time. Moreover, some of the code was written in a slightly strange style. For example, using 110.39 sped up the matrix multiplication code by a factor of 3, and re-coding that code in a (to me) more natural style sped it up by another factor of 2.
> And yes, the OCaml > compiler is just great w.r.t. performance, note that I was talking about > SML. Again: I actually prefer SML to OCaml for various reasons; but it > is not my experience that it is particularly fast.
Certainly. We perfectly agree here.
>>> Same with static typing. By your logic, OS's should be written rather >>> in *Haskell*.
>> Actually, no. I think that ML's fairly restrictive type system would >> be just the right fit.
> I am not surprised that you think so ;-) But the point remains true: If > you advocate using a language that forbids the programmer to do all > kinds of things in order to make programs safer, why not go all the way? > Shouldn't we use Haskell, then?
We could. I am just a bit paranoid about programming in a language where switching from writing a + b to b + a (literally!) can change the complexity class of your program from O(n) to O(n^2) etc. Don't get me wrong, Haskell is a wonderful language as far as beauty is concerned. But I prefer ML because my brain is wired in such a way that I can more easily predict how well code that I write down will perform in practice. Other people's brains are wired differently, and they may well go ahead and code an OS in Haskell.
> Why should that *one* point, that we > know there won't be any runtime type errors in SML, make something like > an OS so instantaniously safer?
It is not "instantanious". It actually takes quite a bit of experience in setting up the right invariants and then code them into the type system.
>> By the way, the type system is not just for making sure your >> implementation is correct. It can also be used to *structure* the OS >> itself -- in such a way that things could (at least in theory) become >> much more efficient.
> And all of a sudden we don't disagree anymore: Sure, a rich type system > is a nice thing. I am wondering if you are aware of the fact that > Common Lisp in fact /has/ a very rich type system: Your example could be > very easily rewritten in CLOS, for instance.
But the CLOS type system will not be checked at compile time, at least not the same way that the ML typesystem is being checked. That's at least my understanding. Correct me if I am wrong. Here is the acid test:
I want to store in a variable x a 32-bit quantity that has the exact same representation as an 'unsigned int' in C but for which I have a compile-time guarantee that it will never be an odd number. What I want to be able to do on these numbers are the "usual" four arithmetic operations (with division rounding down to the next even number), and perhaps some comparisons. And a conversion from/to "unsigned int" (again, with rounding down to the next even). In SML I write:
structure Even :> sig
type even
val + : even * even -> even val - : even * even -> even val * : even * even -> even val / : even * even -> even val compare : even * even -> order val fromWord: Word32.word -> even val toWord: even -> Word32.word
end = struct
fun roundeven (x: Word32.word) = Word32.andb (x, 0wxfffffffe)
type even = Word32.word val op + = Word32.+ val op - = Word32.- val op * = Word32.* fun x / y = roundeven (Word32./ (x, y)) val compare = Word32.compare fun toWord x = x val fromWord = roundeven
end
Now, whenever I see a value of type "even", I can be absolutely certain that it will be an even number -- but the point is that all the operations (except /) are *precisely* as efficient as the ones on Word32.
How do you do this in Common Lisp?
> Static typing fanatics > often pretend that there is no typing besides static typing, but Common > Lisp is /not/ an untyped language. Very strange that this has to be > repeated over and over again. If you call a Lisp function with an > argument it doesn't expect and can't handle it will signal an error > which you can catch.
Right, but that happens only after I have already called it -- which is too late. This is precisely the thing that I described earlier: OS syscalls do dynamic runtime checks. But what I want is to get rid of these runtime checks -- safely (i.e., without compromising the integrity of the OS).
> It won't do any weird things like an untyped > language would. And the important observation is that experienced > programmers hardly if ever /get/ any of those runtime type errors. And > when they do, then only because of some trivial oversight.
That is irrelevant because you use types in quite a different way than the one I am proposing. Catching the occasional programming error (which happens more rarely the more experienced the programmer is) is one thing, catching the malicious attempt at breaking an abstraction (which happens more frequently the more experienced the malicious hacker is) is another.
I don't want a guarantee that works 99.9% of the time because that's not good enough for this particular application. What I want is something that works always, but I want to eliminate the usual runtime penalty for it.
> * tmo...@sea-tmoore-l.dotcast.com (Tim Moore) > | I suppose that access to macros might be a bonus when writing a collector > | in Lisp, but assuming that much Lisp functionality won't be available in > | the collector or will be available in some weird and crippled form, and > | that it's desirable for the collector not to cons itself, the Lisp you > | write for the collector ends up looking a lot like C.
> Why is this? It seem obviously false to me. The first thing you would > do in a copying garbage collector would be to switch the active half of > the two-space memory organization. The GC's task is only to move live > objects from the other half to this half, right? It should be doable > with the full language available and with no real constraints on consing.
Yes, but the two-space model usually assumes equal sized spaces. If from-space is almost full of live data you won't have much room in the to-space for data allocated during the copying.
Also, the subset of Lisp available will be constrained to things that can run safely at any allocation point. E.g. you can't use anything that alloctates while holding a lock (I'm assuming the is keeping some data structure consistent). -- Martin Simmons, Xanalys Software Tools zne...@xanalys.com rot13 to reply
On Fri, 01 Mar 2002 13:36:25 -0500, Christian Lynbech wrote: >>>>>> "Matthias" == Matthias Blume <matth...@shimizu-blume.com> writes:
> Matthias> When unix_read is being called, the OS must check several > things:
> Matthias> 1. First argument:
> Matthias> - must be a number obtained from a previous call to > open/dup/... Matthias> - must not have been subjected to "close" > in the meantime Matthias> - must have been opened for reading
> It may be that there are things I do not know about the ML system, or > how an ML OS would work file objects, but as I know file objects from > UNIX (be it represented by a small integer or something else), such an > object has state; so how would it be verifiable at compile time that a > particular call to `read' would not be operating on an object that has > been closed?
Well, I did explicitly say that I want to structure things differently, so I was not really thinking of a Unix-style treatment of files.
As I have already said in a reply to another such question, I would probably not have a "close" operation at all -- for pretty much the same reason that we don't need "free" in Lisp or ML.
And again, not all runtime checks can be eliminated this way -- in particular not those that are testing for inherently dynamic properties.
> Is the ML compiler smart enough to know that in regions following the > close operation, the object has another type and would that work in a > multiprocess setting?
I don't know what this has to do with multiprocess settings. (Notice that even in Unix you can close a file in one process and another process can still read/write from its (clone of that) file descriptor.)
And there are static typing mechanisms that would allow one to express the effect that "close" has (linear types, unique types, monads).
* "Martin Simmons" <zne...@xanalys.com> | Yes, but the two-space model usually assumes equal sized spaces. If | from-space is almost full of live data you won't have much room in the | to-space for data allocated during the copying.
I assume that if this technique is used at all, it is used all the time, it is not suddenly used in a system that did not do this previously, but your argument looks like you think someone would suddenly start to do some allocation in the garbage collector of a Common Lisp system that had never done this before. I find this a rather peculiar inability to see the simplest possible ramification of a suggestion: that it be used all the time. So, at least some of the garbage in from-space is the direct result of its collection phase of what is now to-space, right? In other words, there is at least as much space as you allocated last time you collected.
Also, what happens in a system that does not allocate during collection? Do they crash and burn if they they have to grow their new-space because it did not release enough space on the last allocation? No? If not, survival tactics of a similar kind _might_ be re-usable in a collector that does allocation, don't you think?
In other words, your fake "problem" does not exist. If it should spring up nonetheless, the solution is the same as for a system that does not allocate during collection. Worst case, we start garbage collection some time prior to actually hitting the roof of the available space. Yet none of these very trivial solutions came to mind between starting to write your article and deciding to post it after it was written. How come?
| Also, the subset of Lisp available will be constrained to things that can | run safely at any allocation point. E.g. you can't use anything that | alloctates while holding a lock (I'm assuming the is keeping some data | structure consistent).
This makes even less sense than your previous, non-existing problem. What other parts of the system inhibits allocation while being locked? Please remember that garbage collection happens at a time when the memory allocation subsystem has the control of the system, so if you had a lock and you never allocated anything before releasing it, you would never trigger a garbage collection in the first place.
Do not waste my time by trying to make me think for you. Think and post in that order. please.
/// -- In a fight against something, the fight has value, victory has none. In a fight for something, the fight is a loss, victory merely relief.
In article <pan.2002.03.01.15.45.24.920817.25...@shimizu-blume.com>, Matthias Blume wrote: > As I have already said in a reply to another such question, I would > probably not have a "close" operation at all -- for pretty much the same > reason that we don't need "free" in Lisp or ML.
The guy hanging on the other side of the socket connection represented by your file descriptor will most certainly not appreciate this attitude of yours :-)
Regards, -- Nils Goesche "Don't ask for whom the <CTRL-G> tolls."
On Fri, 01 Mar 2002 16:04:26 GMT, Erik Naggum <e...@naggum.net> wrote: >[ Not responding to comp.lang.scheme. ]
>* tmo...@sea-tmoore-l.dotcast.com (Tim Moore) >| I suppose that access to macros might be a bonus when writing a collector >| in Lisp, but assuming that much Lisp functionality won't be available in >| the collector or will be available in some weird and crippled form, and >| that it's desirable for the collector not to cons itself, the Lisp you >| write for the collector ends up looking a lot like C.
> Why is this? It seem obviously false to me. The first thing you would > do in a copying garbage collector would be to switch the active half of > the two-space memory organization. The GC's task is only to move live > objects from the other half to this half, right? It should be doable > with the full language available and with no real constraints on consing.
I'm not sure what you find obviously false; certainly some algorithms, when implemented in Lisp, will look more like C or Fortran than typical Lisp code just by nature of the algorithm itself. I believe GC fits in that category. Nevertheless, here are some additional reasons why the GC-in-Lisp -- which I haven't looked at in 10 years -- did not look like typical Lisp code to me:
Instead of using the normal Lisp accessor function like car and aref, open-coded equivalents of the same were used everywhere to avoid type checking and other surprises. Perhaps we could have achieved the same by using (optimize inline) and other declarations. But we didn't.
The semantics of the accessors was further muddied by forwarding pointers, which were stashed in odd spots. Even simple things like car require a check for a forwarding pointer, or not, depending on the context. I could imagine that this requirement would break pieces of the full language, for example conditions and handler-bind if the handlers are stored in a list.
I wouldn't say that a GC can't cons in the course of doing a collection, just that it's desirable not to. It may be awkward to reclaim the GC's own storage as garbage immediately, especially if in a two-space collector the storage is simply allocated in to-space.
You can put in arbitrary effort to making the full language available for use in the GC. On the other hand, in a Common Lisp implementation there are a lot of things you into which you can put arbitrary effort :)
On Fri, 01 Mar 2002 18:34:31 -0500, Nils Goesche wrote: > In article <pan.2002.03.01.15.45.24.920817.25...@shimizu-blume.com>, > Matthias Blume wrote: >> As I have already said in a reply to another such question, I would >> probably not have a "close" operation at all -- for pretty much the >> same reason that we don't need "free" in Lisp or ML.
> The guy hanging on the other side of the socket connection represented > by your file descriptor will most certainly not appreciate this attitude > of yours :-)
Well, there are two things that "close" does to a socket: it signals the other guy that communication is over, and it deallocates the data structures associated with this communication (if I am the last one holding on to it). What I was proposing was to not do the deallocation. The runtime check for "is communication over?", of course, cannot be eliminated because it is inherently dynamic. (Actually, with unique or linear types, or with monads, there might be a way around even this.)
Anyway, for the last time, I am not saying that every dynamic check can be eliminated. But many can, and those I would like to...
David Rush wrote: > Followup-to ignored because I read c.l.s although I'm not sure that I > really want to see the flamewar that is brewing...
> Christian Lynbech <lynb...@get2net.dk> writes: >> >>>>> "David" == David Rush <k...@bellsouth.net> writes:
>> David> That said, I'm waiting for someone to well and truly resurrect >> certain David> aspects of the LM ideal - specifically a GC-friendly OS - >> although I David> suspect that it may be better written in SML.
>> Are you implying that SML is better suited for writing an OS than >> Lisp?
> Yes.
>> If so, what is the advantages of SML in that problem domain?
> Static typing. Provable correctness. I *hate* slow buggy OSes.
IMHO a new OS would be much more interesting if written in a highly dynamic language like Lisp than a static language like SML. Operating Systems are very dynamic environments and you really want it to adapt to the actual need. How much runtime introspection do you have in SML? How easy is it to introspect and patch running programs? How easy is it to add scripting capabilities to programs written in SML? (all rather trivial and elegant in Lisp)
I don't think that there is a need for yet another OS that would only add compile-time type-safety to its mostly static and autistic program-components.
What I would want to see in new OS developments are things like moving the general OS behaviour from patiens to agens. I want the OS to actively observate the user(s) and try to actively act in a way that helps him/them to reach his/their goals. I cannot imagine developing such a thing in a language that is any less dynamic than lisp.
I sometimes wish that the programming environments in our so called "modern operating systems" would not distinguish so strongly between user interaction (shells, scripting) and "real" program development. A language like Lisp would enable a smooth transition from using it as a shell or for little scripting tasks up to writing whole applications. Communication between programs would be trivial and scripting would come for free.
Matthias Blume wrote: > And again, not all runtime checks can be eliminated this way -- in > particular not those that are testing for inherently dynamic properties.
In other words, the "provable correctness" claim that was stated by another in an earlier post is false. It is only static type claims that are enforced, a non-trivial, but fairly gross level of checking and certainly one that can be circumvented in any "useful" system (read any system that needs to input untagged binary object representations).
On Sat, 02 Mar 2002 00:14:08 -0500, Frank A. Adrian wrote: > Matthias Blume wrote: >> And again, not all runtime checks can be eliminated this way -- in >> particular not those that are testing for inherently dynamic >> properties.
> In other words, the "provable correctness" claim that was stated by > another in an earlier post is false.
Better: The claim is not related to the above problem. (Dynamic tests do not preclude provable correctness -- in fact, correctness will often require certain dynamic tests to be present (and correct :-).)
> It is only static type claims that > are enforced, a non-trivial, but fairly gross level of checking and
Well, how far one can push these things remains to be seen. It is certainly not the technology of today.
> certainly one that can be circumvented in any "useful" system (read any > system that needs to input untagged binary object representations).
This I would dispute (your definition of "useful", that is). In our more and more networked world, it is less and less likely that untagged binary objects can be tolerated as input (and then used, e.g., as executable code). This is completely independent of whether or not static typing is involved. For safety and security, it is absolutely necessary to perform checks on dynamic data. Static typing is simply a technique to reduce the number of them by providing compile-time proofs that some of them will always come out true, no matter what.
Nils Goesche wrote: > In article <pan.2002.03.01.15.45.24.920817.25...@shimizu-blume.com>, Matthias Blume wrote:
>>As I have already said in a reply to another such question, I would >>probably not have a "close" operation at all -- for pretty much the same >>reason that we don't need "free" in Lisp or ML.
> The guy hanging on the other side of the socket connection represented > by your file descriptor will most certainly not appreciate this > attitude of yours :-)
You if you send him a message telling him you're done communicating.
Matthias Blume wrote: > This I would dispute (your definition of "useful", that is). In our > more and more networked world, it is less and less likely that untagged > binary objects can be tolerated as input (and then used, e.g., as > executable code). This is completely independent of whether or > not static typing is involved. For safety and security, it is absolutely > necessary to perform checks on dynamic data. Static typing is simply a > technique to reduce the number of them by providing compile-time proofs > that some of them will always come out true, no matter what.
You may dispute it. The fact that there are legacy machines out there that provide these capabilities and the fact that it is cheaper to use this representation (in the sense of sending fewer bits) will ensure that it has some value in certain configurations and will need to be handled in a dynamic way even in static-typed systems.
My concern is that many people blur the line between levels of safety (note the earlier posters confusion between "statically type-checked" and "provably correct") and that many static typing afficianados like to take advantage of this blurring to make assertions that languages that do not provide these checks are somehow deficient rather than having simply selected a different point on the single axis labeled "type-safe", perhaps to gain ground on other valuation axes.
>Matthias> When unix_read is being called, the OS must check several things: >Matthias> 1. First argument: >Matthias> - must be a number obtained from a previous call to open/dup/.. >Matthias> - must not have been subjected to "close" in the meantime >Matthias> - must have been opened for reading
>It may be that there are things I do not know about the ML system, or >how an ML OS would work file objects, but as I know file objects from >UNIX (be it represented by a small integer or something else), such an >object has state; so how would it be verifiable at compile time that a >particular call to `read' would not be operating on an object that has >been closed?
Here's one way:
Don't provide 'open' and 'close' operations.
Instead, provide (in Haskell syntax, my ML is rusty):
type ReadableFile = ... opaque type WritableFile = ... opaque
readChar :: ReadableFile -> IO (Maybe Char) ... etc.
'withInputFile proc filename' opens the file for reading, calls 'proc <filehandle>', closes the file, and returns (). (I'm ignoring error conditions for the moment).
There's no way to get a ReadableFile except by passing a callback procedure to withInputFile, and since this returns () the file handle can't "escape" after it's been closed.
(Well, you could use call/cc, mutable variables, or some other trick to sneak an open file handle out of its dynamic extent, but I think the above should be safe in a pure HM type system).
> Read the first half of Jones & Lins book > (http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0471941484) for > a good survey of the state of the GC art as of about seven years or so ago. > If you're doing a basic uniprocessor implementation, it should give you the > info you need. It also has a good survey of bounded space strategies. The > multiproc and some RT stuff has moved on a bit beyond what's offered in the > book, but you can catch up by checking out the last few proceedings of the > International Symposia on Memory Management (even though you'll have to pan > a lot of Java crap to get to a few Lisp applicable nuggets).
No, it doesn't, because you aren't thinking about the actual complexity of the problem.
Jones & Lins uses normal space complexity measurements, which don't apply here, because garbage created by the GC is not itself cleaned; as a result, such an algorithm uses more space than its actual space complexity.
"Martin Simmons" <zne...@xanalys.com> writes: > Also, the subset of Lisp available will be constrained to things that can run > safely at any allocation point. E.g. you can't use anything that alloctates > while holding a lock (I'm assuming the is keeping some data structure > consistent).
This kind of restriction is *exactly* what I want to avoid. I'll be posting a revised version of my question next week.
tmo...@sea-tmoore-l.dotcast.com (Tim Moore) writes: > Instead of using the normal Lisp accessor function like car and aref, > open-coded equivalents of the same were used everywhere to avoid type > checking and other surprises. Perhaps we could have achieved the same > by using (optimize inline) and other declarations. But we didn't.
So now perhaps it is clear why my original problem is a *problem* and not a triviality.
See, open coding such functions is exactly what I want to avoid. The question is "implement GC in lisp", not "implement GC in some pseudo-Lisp with all the guts marked off-limits".
> I wouldn't say that a GC can't cons in the course of doing a > collection, just that it's desirable not to. It may be awkward to > reclaim the GC's own storage as garbage immediately, especially if in > a two-space collector the storage is simply allocated in to-space.
So this is a failure to look at the actual space of solutions. For example, if the GC thread has a special arena to allocate from, then it's perfectly fine to cons.
In article <pan.2002.03.01.15.33.21.468449.25...@shimizu-blume.com>, Matthias Blume wrote: > On Fri, 01 Mar 2002 11:42:22 -0500, Nils Goesche wrote:
>> And all of a sudden we don't disagree anymore: Sure, a rich type system >> is a nice thing. I am wondering if you are aware of the fact that >> Common Lisp in fact /has/ a very rich type system: Your example could be >> very easily rewritten in CLOS, for instance.
> But the CLOS type system will not be checked at compile time, at least > not the same way that the ML typesystem is being checked. That's at > least my understanding. Correct me if I am wrong. Here is the acid > test:
Well, not in the same way, I guess. I declare whatever I want to be checked...
> I want to store in a variable x a 32-bit quantity that has the exact same > representation as an 'unsigned int' in C but for which I have a > compile-time guarantee that it will never be an odd number. What I want > to be able to do on these numbers are the "usual" four arithmetic > operations (with division rounding down to the next even number), and > perhaps some comparisons. And a conversion from/to "unsigned int" > (again, with rounding down to the next even). In SML I write:
> structure Even :> sig
> type even
> val + : even * even -> even > val - : even * even -> even > val * : even * even -> even > val / : even * even -> even > val compare : even * even -> order > val fromWord: Word32.word -> even > val toWord: even -> Word32.word
> end = struct
> fun roundeven (x: Word32.word) = > Word32.andb (x, 0wxfffffffe)
> type even = Word32.word > val op + = Word32.+ > val op - = Word32.- > val op * = Word32.* > fun x / y = roundeven (Word32./ (x, y)) > val compare = Word32.compare > fun toWord x = x > val fromWord = roundeven
> end
> Now, whenever I see a value of type "even", I can be absolutely certain > that it will be an even number -- but the point is that all the > operations (except /) are *precisely* as efficient as the ones on Word32.
> How do you do this in Common Lisp?
I am not sure what to make of this. I'd never define a type like this, but you could do something like
and whether that will be slower or faster than if you left out the declaration depends only on compilation settings. Sure, you'll say that I won't have any guarantee that x will in fact be an even number. Well, that's right: There is no guarantee that you won't have any runtime type errors in CL. That's the point: I think it doesn't matter :-) I don't have any guarantee that I won't try to use too large array indices, either, for instance.
> I don't want a guarantee that works 99.9% of the time because that's not > good enough for this particular application. What I want is something > that works always, but I want to eliminate the usual runtime penalty for it.
I know what you mean. There are lots of things I'd like to have, too. But there is no such thing as a free lunch. Your perfect type inference algorithm comes with a price: It will always be too restrictive, there is nothing one can do about that. You think that price is acceptable, I think it isn't.
This reminds me of what some people percieve as contradicting goals of physicists and mathematicians: The physicists want to get the job done. If they can't prove some formula they need rigorously they'll use it anyway. They have no time to do otherwise. Some of them don't like mathematicians because they think that mathematicians were always trying to force them to prove everything rigorously or whatever, but strangely I have never met a mathematician who actually did that. In the same way, I want to get the program done. Fast. I can't spend days and days to find workarounds for some obscure restrictions on types of elements of modules or something that are only there to ensure the soundness of your carefully designed type system when I know that what I am trying to do will work anyway in that case. And I want to be able to quickly redesign and change arbitrarily large parts of my software, and your type system will certainly get in the way again.
You'll disagree, of course. Let's leave it at that. There is no way you or I can /prove/ that our respective views on practical programming is correct. Only practice can show -- people have to try out for themselves :-)
Regards, -- Nils Goesche Ask not for whom the <CONTROL-G> tolls.
* Matthias Blume wrote: > Right, but that happens only after I have already called it -- which is > too late. This is precisely the thing that I described earlier: OS > syscalls do dynamic runtime checks. But what I want is to get rid of > these runtime checks -- safely (i.e., without compromising the integrity > of the OS).
One thing that I think you should bear in mind is what these checks cost, or rather don't. Imagine the case where the OS has been given a file handle (or something that claims to be one) and a buffer (likewise). In a dynamically checked system you have to do a check to make sure the filehandle is a filehandle of a suitable kind, and a check to make sure the buffer points at writable space belonging to whoever made the call. And then you have to fetch data from the disk and put it into the buffer. Even if the data is already cached you're doing a memory-to-memory copy of probably hundreds of bytes. It's in the nature of modern processors that this will *hugely* outweigh the cost of the checks unless you have done something terribly wrong. On a PDP11 with fast memory and a slow processor this might have mattered, on a modern machine where you spend most of your time waiting for memory it's an irrelevance.
So the efficiency argument is really a red-herring. A couple of more interesting arguments are that the OS design might be simplified and that errors might happen at a more convenient time. The former I don't know about (to make such a system work would require such radical changes that it's hard to reason about simplicity), the latter is also fairly bogus because you still need to handle things like the disk filling up, ECC errors from main memory and so on - no amount of theorem proving will make these go away or mean that well-written applications (databases say) need to try and cope.
