Safe Low-Level Languages

Two hazards commonly associated with manual memory management are allocating a block of memory without ever freeing it (memory leak) and attempting to access a block of memory which has already been freed (dangling pointer access). Tofte and Talpin described a “region type” system, in which data in the store is associated with a named region. The expression (e at ⇢) allocates store space for the result of e in the region ⇢. (letregion ⇢ in e) allocates a new region named ⇢, which remains in scope in e. Once the body of the letregion expression is evaluated, all store objects in the region it created are freed. This means regions are managed in stack-based manner. A region allocated for the entire program can be treated as a heap, but data remains in this heap until program termination as the only way to deallocate a store entry is for its region to go out of scope. Including a tag identifying the regions a function may access in the function’s type allows checking that function calls do not access regions which have already been freed. Cyclone o↵ers this region-based memory management in a C-like language. Every pointer type includes a region annotation. Each function automatically introduce a new region, which is freed when the function returns. The programmer can also wrap a block of code (within a function) with a region declaration, giving slightly finer control over memory allocation. There is also a “heap” region which is always in scope and is garbage-collected. “Region polymorphism” allows variables in a the region tag of a function or struct. For example strcpy can be used on arguments from arbitrary regions, and those regions are the ones strcpy will access: char?⇢ strcpy<⇢, ⇢2>(char?⇢ d, const char?⇢2 s).