1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
.. sources:

    `<https://info.ravenbrook.com/project/mps/master/design/arena/>`_

.. mps:prefix:: design.mps.arena

Arena
=====


Introduction
------------

:mps:tag:`intro` This is the design of the arena structure.

:mps:tag:`readership` MPS developers.


History
-------

:mps:tag:`hist.0` Version 0 is a different document.

:mps:tag:`hist.1` First draft written by Pekka P. Pirinen, 1997-08-11,
based on :mps:ref:`design.mps.space(0)` and
:mps:ref:`mail.richard.1997-04-25.11-52(0)`.

:mps:tag:`hist.2` Updated for separation of tracts and segments. Tony
Mann, 1999-04-16.

:mps:tag:`hist.3` Converted from MMInfo database design document.
Richard Brooksby, 2002-06-07.

:mps:tag:`hist.4` Converted to reStructuredText. Gareth Rees,
2013-03-11.


Overview
--------

:mps:tag:`overview` The arena serves two purposes. It is a structure
that is the top-level state of the MPS, and as such contains a lot of
fields which are considered "global". And it provides raw memory to
pools.

An arena belongs to a particular arena class. The class is selected
when the arena is created. Classes encapsulate both policy (such as
how pool placement preferences map into actual placement) and
mechanism (such as where the memory originates: operating system
virtual memory, client provided, or via malloc). Some behaviour
(mostly serving the "top-level datastructure" purpose) is implemented
by generic arena code, and some by arena class code.


Definitions
-----------

:mps:tag:`def.tract` Pools request memory from the arena by calling
:c:func:`ArenaAlloc`. This returns a block comprising a contiguous
sequence of "tracts". A tract has a specific size (also known as the
"arena alignment", which typically corresponds to the operating system
page size) and all tracts are aligned to that size. "Tract" is also
used for the data structure used to manage tracts.


Requirements
------------

[copied from :mps:ref:`design.mps.arena.vm(1)` and edited slightly
-- drj 1999-06-23]

[Where do these come from? Need to identify and document the sources
of requirements so that they are traceable to client requirements.
Most of these come from the architectural design
(:mps:ref:`design.mps.architecture`) or the fix function design
(:mps:ref:`design.mps.fix`). -- richard 1995-08-28]


Block management
................

:mps:tag:`req.fun.block.alloc` The arena must provide allocation of
contiguous blocks of memory.

:mps:tag:`req.fun.block.free` It must also provide freeing of
contiguously allocated blocks owned by a pool - whether or not the
block was allocated via a single request.

:mps:tag:`req.attr.block.size.min` The arena must support management
of blocks down to the size of the grain (page) provided by the virtual
mapping interface if a virtual memory interface is being used, or a
comparable size otherwise.

:mps:tag:`req.attr.block.size.max` It must also support management of
blocks up to the maximum size allowed by the combination of operating
system and architecture. This is derived from
:mps:ref:`req.dylan.attr.obj.max` (at least).

:mps:tag:`req.attr.block.align.min` The alignment of blocks shall not
be less than :c:macro:`MPS_PF_ALIGN` for the architecture. This is so
that pool classes can conveniently guarantee pool allocated blocks are
aligned to :c:macro:`MPS_PF_ALIGN`. (A trivial requirement)

:mps:tag:`req.attr.block.grain.max` The granularity of allocation
shall not be more than the grain size provided by the virtual mapping
interface.


Address translation
...................

:mps:tag:`req.fun.trans` The arena must provide a translation from any
address to either an indication that the address is not in any tract
(if that is so) or the following data associated with the tract
containing that address:

:mps:tag:`req.fun.trans.pool` The pool that allocated the tract.

:mps:tag:`req.fun.trans.arbitrary` An arbitrary pointer value that the
pool can associate with the tract at any time.

:mps:tag:`req.fun.trans.white` The tracer whiteness information. That
is, a bit for each active trace that indicates whether this tract is
white (contains white objects). This is required so that the "fix"
protocol can run very quickly.

:mps:tag:`req.attr.trans.time` The translation shall take no more than
@@@@ [something not very large -- drj 1999-06-23]


Iteration protocol
..................

:mps:tag:`req.iter` er, there's a tract iteration protocol which is
presumably required for some reason?


Arena partition
...............

:mps:tag:`req.fun.set` The arena must provide a method for
approximating sets of addresses.

:mps:tag:`req.fun.set.time` The determination of membership shall take
no more than @@@@ [something very small indeed]. (the non-obvious
solution is refsets)


Constraints
...........

:mps:tag:`req.attr.space.overhead`
:mps:ref:`req.dylan.attr.space.struct` implies that the arena must
limit the space overhead. The arena is not the only part that
introduces an overhead (pool classes being the next most obvious), so
multiple parts must cooperate in order to meet the ultimate
requirements.

:mps:tag:`req.attr.time.overhead` Time overhead constraint? [how can
there be a time "overhead" on a necessary component? drj 1999-06-23]



Architecture
------------

Statics
.......

:mps:tag:`static` There is no higher-level data structure than a
arena, so in order to support several arenas, we have to have some
static data in :mps:ref:`impl.c.arena`. See
:mps:ref:`impl.c.arena.static`.

:mps:tag:`static.init` All the static data items are initialized when
the first arena is created.

:mps:tag:`static.serial` ``arenaSerial`` is a static :c:type:`Serial`,
containing the serial number of the next arena to be created. The
serial of any existing arena is less than this.

:mps:tag:`static.ring` ``arenaRing`` is the sentinel of the ring of
arenas.

:mps:tag:`static.ring.init` ``arenaRingInit`` is a :c:type:`Bool`
showing whether the ring of arenas has been initialized.

:mps:tag:`static.ring.lock` The ring of arenas has to be locked when
traversing the ring, to prevent arenas being added or removed. This is
achieved by using the (non-recursive) global lock facility, provided
by the lock module.

:mps:tag:`static.check` The statics are checked each time any arena is
checked.


Arena classes
.............

:mps:tag:`class` The :c:type:`Arena` data structure is designed to be
subclassable (see :mps:ref:`design.mps.protocol(0)`). Clients can
select what arena class they'd like when instantiating one with
:c:func:`mps_arena_create`. The arguments to
:c:func:`mps_arena_create` are class dependent.

:mps:tag:`class.init` However, the generic :c:func:`ArenaInit` is
called from the class-specific method, rather than vice versa, because
the method is responsible for allocating the memory for the arena
descriptor and the arena lock in the first place. Likewise,
:c:func:`ArenaFinish` is called from the finish method.

:mps:tag:`class.fields` The ``alignment`` (for tract allocations) and
``zoneShift`` (for computing zone sizes and what zone an address is
in) fields in the arena are the responsibility of the each class, and
are initialized by the :c:func:`init` method. The responsibility for
maintaining the ``commitLimit``, ``spareCommitted``, and
``spareCommitLimit`` fields is shared between the (generic) arena and
the arena class. ``commitLimit`` (see :mps:ref:`.commit-limit`) is
changed by the generic arena code, but arena classes are responsible
for ensuring the semantics. For ``spareCommitted`` and
``spareCommitLimit`` see :mps:ref:`.spare-committed` below.

:mps:tag:`class.abstract` The basic arena class
(``AbstractArenaClass``) is abstract and must not be instantiated. It
provides little useful behaviour, and exists primarily as the root of
the tree of arena classes. Each concrete class must specialize each of
the class method fields, with the exception of the describe method
(which has a trivial implementation) and the :c:func:`extend`,
:c:func:`retract` and :c:func:`spareCommitExceeded` methods which have
non-callable methods for the benefit of arena classes which don't
implement these features.

:mps:tag:`class.abstract.null` The abstract class does not provide
dummy implementations of those methods which must be overridden.
Instead each abstract method is initialized to ``NULL``.


Tracts
......

:mps:tag:`tract` The arena allocation function :c:func:`ArenaAlloc`
allocates a block of memory to pools, of a size which is aligned to
the arena alignment. Each alignment unit (grain) of allocation is
represented by a tract. Tracts are the hook on which the segment
module is implemented. Pools which don't use segments may use tracts
for associating their own data with each allocation grain.

:mps:tag:`tract.structure` The tract structure definition looks like
this::

    typedef struct TractStruct { /* Tract structure */
      Pool pool;   /* MUST BE FIRST (design.mps.arena.tract.field.pool) */
      void *p;                    /* pointer for use of owning pool */
      Addr base;                  /* Base address of the tract */
      TraceSet white : TRACE_MAX; /* traces for which tract is white */
      unsigned int hasSeg : 1;    /* does tract have a seg in p?  */
    } TractStruct;

:mps:tag:`tract.field.pool` The pool field indicates to which pool the
tract has been allocated (:mps:ref:`.req.fun.trans.pool`). Tracts
are only valid when they are allocated to pools. When tracts are not
allocated to pools, arena classes are free to reuse tract objects in
undefined ways. A standard technique is for arena class
implementations to internally describe the objects as a union type of
``TractStruct`` and some private representation, and to set the pool
field to ``NULL`` when the tract is not allocated. The pool field must
come first so that the private representation can share a common
prefix with ``TractStruct``. This permits arena classes to determine
from their private representation whether such an object is allocated
or not, without requiring an extra field.

:mps:tag:`tract.field.p` The ``p`` field is used by pools to associate
tracts with other data (:mps:ref:`.req.fun.trans.arbitrary`). It's
used by the segment module to indicate which segment a tract belongs
to. If a pool doesn't use segments it may use the ``p`` field for its
own purposes. This field has the non-specific type ``(void *)`` so
that pools can use it for any purpose.

:mps:tag:`tract.field.hasSeg` The ``hasSeg`` bit-field is a Boolean
which indicates whether the ``p`` field is being used by the segment
module. If this field is ``TRUE``, then the value of ``p`` is a
:c:type:`Seg`. ``hasSeg`` is typed as an ``unsigned int``, rather than
a :c:type:`Bool`. This ensures that there won't be sign conversion
problems when converting the bit-field value.

:mps:tag:`tract.field.base` The base field contains the base address
of the memory represented by the tract.

:mps:tag:`tract.field.white` The white bit-field indicates for which
traces the tract is white (:mps:ref:`.req.fun.trans.white`). This
information is also stored in the segment, but is duplicated here for
efficiency during a call to :c:func:`TraceFix` (see
:mps:ref:`design.mps.trace.fix`).

:mps:tag:`tract.limit` The limit of the tract's memory may be
determined by adding the arena alignment to the base address.

:mps:tag:`tract.iteration` Iteration over tracts is described in
:mps:ref:`design.mps.arena.tract-iter(0)`.

:mps:tag:`tract.if.tractofaddr` The function :c:func:`TractOfAddr`
finds the tract corresponding to an address in memory. (See
:mps:ref:`.req.fun.trans`)::

    Bool TractOfAddr(Tract *tractReturn, Arena arena, Addr addr);

If ``addr`` is an address which has been allocated to some pool, then
:c:func:`TractOfAddr` returns ``TRUE``, and sets ``*tractReturn`` to
the tract corresponding to that address. Otherwise, it returns
``FALSE``. This function is similar to :c:func:`TractOfBaseAddr` (see
:mps:ref:`design.mps.arena.tract-iter.if.contig-base`) but serves a
more general purpose and is less efficient.

:mps:tag:`tract.if.TRACT_OF_ADDR` :c:func:`TRACT_OF_ADDR` is a macro
version of :c:func:`TractOfAddr`. It's provided for efficiency during
a call to :c:func:`TraceFix` (see
:mps:ref:`design.mps.trace.fix.tractofaddr`).


Control pool
............

:mps:tag:`pool` Each arena has a "control pool",
``arena->controlPoolStruct``, which is used for allocating MPS control
data structures by calling :c:func:`ControlAlloc`.


Polling
.......

:mps:tag:`poll` :c:func:`ArenaPoll` is called "often" by other code
(for instance, on buffer fill or allocation). It is the entry point
for doing tracing work. If the polling clock exceeds a set threshold,
and we're not already doing some tracing work (that is, ``insidePoll``
is not set), it calls :c:func:`TracePoll` on all busy traces.

:mps:tag:`poll.size` The actual clock is ``arena->fillMutatorSize``.
This is because internal allocation is only significant when copy
segments are being allocated, and we don't want to have the pause
times to shrink because of that. There is no current requirement for
the trace rate to guard against running out of memory. [Clearly it
really ought to: we have a requirement to not run out of memory (see
:mps:ref:`req.dylan.prot.fail-alloc`,
:mps:ref:`req.dylan.prot.consult`), and emergency tracing should not
be our only story. drj 1999-06-22] ``BufferEmpty`` is not taken into
account, because the splinter will rarely be useable for allocation
and we are wary of the clock running backward.

:mps:tag:`poll.clamp` Polling is disabled when the arena is "clamped",
in which case ``arena->clamped`` is ``TRUE``. Clamping the arena
prevents background tracing work, and further new garbage collections
from starting. Clamping and releasing are implemented by the
:c:func:`ArenaClamp` and :c:func:`ArenaRelease` methods.

:mps:tag:`poll.park` The arena is "parked" by clamping it, then
polling until there are no active traces. This finishes all the active
collections and prevents further collection. Parking is implemented by
the :c:func:`ArenaPark` method.


Commit limit
............

:mps:tag:`commit-limit` The arena supports a client configurable
"commit limit" which is a limit on the total amount of committed
memory. The generic arena structure contains a field to hold the value
of the commit limit and the implementation provides two functions for
manipulating it: :c:func:`ArenaCommitLimit` to read it, and
:c:func:`ArenaSetCommitLimit` to set it. Actually abiding by the
contract of not committing more memory than the commit limit is left
up to the individual arena classes.

:mps:tag:`commit-limit.err` When allocation from the arena would
otherwise succeed but cause the MPS to use more committed memory than
specified by the commit limit :c:func:`ArenaAlloc` should refuse the
request and return ``ResCOMMIT_LIMIT``.

:mps:tag:`commit-limit.err.multi` In the case where an
:c:func:`ArenaAlloc` request cannot be fulfilled for more than one
reason including exceeding the commit limit then class implementations
should strive to return a result code other than ``ResCOMMIT_LIMIT``.
That is, ``ResCOMMIT_LIMIT`` should only be returned if the *only*
reason for failing the :c:func:`ArenaAlloc` request is that the commit
limit would be exceeded. The client documentation allows
implementations to be ambiguous with respect to which result code in
returned in such a situation however.


Spare committed (aka "hysteresis")
..................................

:mps:tag:`spare-committed` See :c:func:`mps_arena_spare_committed`.
The generic arena structure contains two fields for the spare
committed memory fund: ``spareCommitted`` records the total number of
spare committed bytes; ``spareCommitLimit`` records the limit (set by
the user) on the amount of spare committed memory. ``spareCommitted``
is modified by the arena class but its value is used by the generic
arena code. There are two uses: a getter function for this value is
provided through the MPS interface
(:c:func:`mps_arena_spare_commit_limit_set`), and by the
:c:func:`SetSpareCommitLimit` function to determine whether the amount
of spare committed memory needs to be reduced. ``spareCommitLimit`` is
manipulated by generic arena code, however the associated semantics
are the responsibility of the class. It is the class's responsibility
to ensure that it doesn't use more spare committed bytes than the
value in ``spareCommitLimit``.

:mps:tag:`spare-commit-limit` The function
:c:func:`ArenaSetSpareCommitLimit` sets the ``spareCommitLimit``
field. If the limit is set to a value lower than the amount of spare
committed memory (stored in ``spareCommitted``) then the class
specific function ``spareCommitExceeded`` is called.


Locks
.....

:mps:tag:`lock.ring` :c:func:`ArenaAccess` is called when we fault on
a barrier. The first thing it does is claim the non-recursive global
lock to protect the arena ring (see :mps:ref:`design.mps.lock(0)`).

:mps:tag:`lock.arena` After the arena ring lock is claimed,
:c:func:`ArenaEnter` is called on one or more arenas. This claims the
lock for that arena. When the correct arena is identified or we run
out of arenas, the lock on the ring is released.

:mps:tag:`lock.avoid` Deadlocking is avoided as described below:

:mps:tag:`lock.avoid.mps` Firstly we require the MPS not to fault
(that is, when any of these locks are held by a thread, that thread
does not fault).

:mps:tag:`lock.avoid.thread` Secondly, we require that in a
multi-threaded system, memory fault handlers do not suspend threads
(although the faulting thread will, of course, wait for the fault
handler to finish).

:mps:tag:`lock.avoid.conflict` Thirdly, we avoid conflicting deadlock
between the arena and global locks by ensuring we never claim the
arena lock when the recursive global lock is already held, and we
never claim the binary global lock when the arena lock is held.


Location dependencies
.....................

:mps:tag:`ld` Location dependencies use fields in the arena to
maintain a history of summaries of moved objects, and to keep a notion
of time, so that the staleness of location dependency can be
determined.


Finalization
............

:mps:tag:`final` There is a pool which is optionally (and dynamically)
instantiated to implement finalization. The fields ``finalPool`` and
``isFinalPool`` are used.


Implementation
--------------


Tract cache
...........

:mps:tag:`tract.cache` When tracts are allocated to pools by
:c:func:`ArenaAlloc`, the first tract of the block and it's base
address are cached in arena fields ``lastTract`` and
``lastTractBase``. The function :c:func:`TractOfBaseAddr` (see
:mps:ref:`design.mps.arena.tract-iter.if.block-base(0)`) checks
against these cached values and only calls the class method on a cache
miss. This optimizes for the common case where a pool allocates a
block and then iterates over all its tracts (for example, to attach
them to a segment).

:mps:tag:`tract.uncache` When blocks of memory are freed by pools,
:c:func:`ArenaFree` checks to see if the cached value for the most
recently allocated tract (see :mps:ref:`.tract.cache`) is being
freed. If so, the cache is invalid, and must be reset. The
``lastTract`` and ``lastTractBase`` fields are set to ``NULL``.


Control pool
............

:mps:tag:`pool.init` The control pool is initialized by a call to
:c:func:`PoolInit` during :c:func:`ArenaCreate`.

:mps:tag:`pool.ready` All the other fields in the arena are made
checkable before calling :c:func:`PoolInit`, so :c:func:`PoolInit` can
call ``ArenaCheck(arena)``. The pool itself is, of course, not
checkable, so we have a field ``arena->poolReady``, which is false
until after the return from :c:func:`PoolInit`. :c:func:`ArenaCheck`
only checks the pool if ``poolReady``.


Traces
......

:mps:tag:`trace` ``arena->trace[ti]`` is valid if and only if
``TraceSetIsMember(arena->busyTraces, ti)``.

:mps:tag:`trace.create` Since the arena created by
:c:func:`ArenaCreate` has ``arena->busyTraces = TraceSetEMPTY``, none
of the traces are meaningful.

:mps:tag:`trace.invalid` Invalid traces have signature ``SigInvalid``,
which can be checked.


Polling
.......

:mps:tag:`poll.fields` There are three fields of a arena used for
polling: ``pollThreshold``, ``insidePoll``, and ``clamped`` (see
above). ``pollThreshold`` is the threshold for the next poll: it is
set at the end of :c:func:`ArenaPoll` to the current polling time plus
``ARENA_POLL_MAX``.


Location dependencies
.....................

:mps:tag:`ld.epoch` ``arena->epoch`` is the "current epoch". This is
the number of 'flips' of traces in the arena since the arena was
created. From the mutator's point of view locations change atomically
at flip.

:mps:tag:`ld.history` ``arena->history`` is an array of
``ARENA_LD_LENGTH`` elements of type :c:type:`RefSet`. These are the
summaries of moved objects since the last ``ARENA_LD_LENGTH`` epochs.
If ``e`` is one of these recent epochs, then ::

    arena->history[e % ARENA_LD_LENGTH]

is a summary of (the original locations of) objects moved since epoch
``e``.

:mps:tag:`ld.prehistory` ``arena->prehistory`` is a :c:type:`RefSet`
summarizing the original locations of all objects ever moved. When
considering whether a really old location dependency is stale, it is
compared with this summary.


Roots
.....

:mps:tag:`root-ring` The arena holds a member of a ring of roots in
the arena. It holds an incremental serial which is the serial of the
next root.