LanguagesArchitecture
RSS Github r/Vale Discord

Zero-Cost Borrowing with Vale Regions, Part 3: One-Way Isolation (Preview, Draft)

Watch how we split our memory into regions, for more performance!
Preview, Draft  —  Evan Ovadia  — 
Note: Regions are still a work-in-progress. Part 1 has been successfully prototyped, but parts 2-5 are only a preview describing how we expect them to work in practice, to show where we're headed and what we're aiming for. They could surpass our wildest expectations, or they could shatter and implode into a glorious fireball, who knows! Follow along as we implement all this, and reach out if anything isn't clear! 0 1

Vale has an ambitious goal: to be fast, memory safe, and most importantly, easy. There are a lot of stellar languages that have two, and we suspect it's possible to really maximize all three.

To do this, we're harnessing a new concept called regions.

In Part 1 we saw how we can use pure functions to easily immutably borrow data to make it faster to access.

Part 2 showed us how we could more precisely create regions via isolates, and immutably borrow them too.

The isolates we've seen so far have had complete isolation: no outside data can point to any inside data, and vice versa. This is useful for a lot of things, but there are times when we want inside data to point out.

Luckily, with one-way isolation, we can make data inside the region point to data outside the region.

An Example

Here's something similar to the example we saw in Part 2.

This snippet doesn't yet use isolation, we'll show that further below.

There are a couple differences from what we saw in part 2:

  • Cannon now points to an EnergySource.
  • We subtract from the EnergySource whenever we fire on a ship.

In Part 2, we were able to optimize this by making cannon isolated, because it didn't point to anything outside itself, and nothing outside pointed in.

However, Cannon now points to an EnergySource outside itself, so we can't use the isolation we saw in Part 2. 

struct Cannon {
  source &EnergySource;
  strength int;
  ...
}

struct EnergySource {
  energy int;
}

struct Ship {
  hp int;
}

exported func main() {
  source = EnergySource(200);
  cannon = Cannon(&source, 12);
  ship = Ship(100);
  fire(&cannon, &ship);
  println("Ship's new hp: {ship.hp}");
}

func fire(
  cannon &Cannon,
  ship &Ship)
void {
  // Calculate damage using a very
  // complex algorithm.
  damage = cannon.strength * 2;

  // Use up that much energy.
  set cannon.source.energy -= damage;

  // Now hit the ship!
  set ship.hp -= damage;
}
stdout
Ship's new hp: 88

The answer is to use one-way isolation. Here's how!

Using One-Way Isolation

Even though something inside the Cannon points outside itself, there's still nothing outside that points in.

In this case, we can still make cannon isolated, as long as we tell the compiler which parts of Cannon might point to outside itself.

We still make the changes from Part 2:

  • By putting the ' in front of the Cannon call, cannon is now of type 'Cannon which means it's isolated.
  • &cannon became cannon.imm, which immutably borrows the iso's contents.
  • We added <c'> after func fire so that the function can receive things in a read-only region, referred to as c.
  • We added a c' to the &Cannon to show that it's in that read-only region.

But there are a couple extra changes now, in Cannon and fire:

  • cannon is now of type 'Cannon<main'> which means it's isolated, but it can point to things inside main's region.
  • We made fire's parameter into a &c'Cannon<fire'>, so that it can point to things inside fire's own region. 

struct Cannon<e'> {
  source &e'EnergySource;
  strength int;
  ...
}

struct EnergySource {
  energy int;
}

struct Ship {
  hp int;
}

exported func main() {
  source = EnergySource(200);
  cannon = Cannon(&source, 12);
  ship = Ship(100);
  fire(cannon.imm, &ship);
  println("Ship's new hp: {ship.hp}");
}

func fire<c'>(
  cannon &c'Cannon<fire'>,
  ship &Ship)
void {
  // Very fast, no generation checks!
  damage = cannon.strength;

  // Take energy from energy source.
  set cannon.source.energy -= damage;

  // Now hit the ship!
  set ship.hp -= damage;
}

As you can see, we're still able to isolate Cannon and open it immutably, even though it points to something outside its own isolated region.

A lot of real-world code can fit easily with one-way isolation. Most languages have a notion of "private" data, that's not exposed via an object's API. Those objects can be in the object's isolate, yet they can still point outside.

With one-way isolation, we can immutably borrow much more of our programs data a lot more often.

Architectural Benefits

The best thing about one-way isolation is that it's opt-in:

  • A programmer can write a complete Vale program without ever learning about regions.
  • A programmer can ignore any region markers and still understand the code; regions don't affect a program's semantics.

This is consistent with Vale's philosophy of avoiding forced complexity.

This has two extra benefits to the programmer:

  • They can get started with Vale right away without learning these more advanced concepts.
  • They can focus on the problem at hand while still iterating and building out the program, and add regions later once their profiling identifies where optimization is needed.

In a way, regions and isolation allow us to get the optimization power of borrow checking, with less restrictions and constraints.

Conclusion

As we saw, one-way isolation can allow us to use isolation even for data that points to things outside itself.

Part 4 shows how one object can contain another region's data inline, and Part 5 shows how that combined with one-way isolation can make certain patterns (iterating collections, calculating determinants, etc.) and entire architectures (like entity-component-system) zero-cost. 2

That's all for now! We hope you enjoyed this article. Stay tuned for the next article, which shows how one-way isolation works.

If you're impressed with our track record and believe in the direction we're heading, please consider sponsoring us on GitHub!

With your support, we can bring regions to programmers worldwide.

See you next time!

- Evan Ovadia

3

Side Notes
(interesting tangential thoughts)
0

If anything isn't clear, feel free to reach out via discord, twitter, or the subreddit! We love answering questions, and it helps us know how to improve our explanations.

1

We're aiming to complete regions by early 2024, check out the roadmap for more details.

2

Together, isolates, pure functions, and one-way isolation combine to form something that looks suspiciously like an entire new programming paradigm... whether that's true remains to be seen!

3

This is still a draft! TODOs:

  • Talk about how this lets us truly have an opt-in borrow checker thats much more usable, flexible, and intuitive. It seems to fit the natural structure of our programs much better. Isolates are what truly makes it an opt-in borrow checker.
  • Mention somewhere that with channels, we can send isolated messages that point outside to mutable data.
  • What happens when we have MyStruct<T> impl MyInterface, but then try to upcast MyStruct<a'Bork>? Does it become a a'MyInterface? but it itself isn't in region a'. Perhaps we need something like MyInterface + a'? Maybe we can get around it with a &''Something?
  • Seamless concurrency threads use this under the hood. I think even regular threads might be able to as well.

We're looking for sponsors!

With your help, we can launch a language with speed, safety, flexibility, and ease of use.

We’re a very small team of passionate individuals, working on this on our own and not backed by any corporation.

If you want to support our work, please consider sponsoring us on GitHub!

Those who sponsor us also get extra benefits, including:

  • Early access to all of our articles!
  • A sneak peek at some of our more ambitious designs, such as memory-safe allocators based on algebraic effects, an async/await/goroutine hybrid that works without data coloring or function coloring, and more.
  • Your name on the vale.dev home page!

With enough sponsorship, we can:

  • Start a a 501(c)(3) non-profit organization to hold ownership of Vale. 4
  • Buy the necessary computers to support more architectures.
  • Work on this full-time.
  • Make Vale into a production-ready language, and push it into the mainstream!

We have a strong track record, and during this quest we've discovered and implemented a lot of completely new techniques:

  • The Linear-Aliasing Model that lets us use linear types where we need speed, and generational references where we need the flexibility of shared mutability.
  • Region Borrowing, which makes it easier to write efficient code by composing shared mutability with the ability to temporarily freeze data.
  • Higher RAII, where the language adds logic safety by enforcing that we eventually perform a specific future operation.
  • Perfect Replayability makes debugging race conditions obsolete by recording all inputs and replaying execution exactly.

These have been successfully prototyped. With your sponsorship we can polish them, integrate them, and bring these techniques into the mainstream. 5

Our next steps are focused on making Vale more user-friendly by:

  1. Finalizing the compiler's error messages and improving compile speeds.
  2. Polishing interop with other languages.
  3. Growing the standard library and ecosystem!

We aim to combine and add to the benefits of our favorite languages:

We need your help to make this happen!

If you're impressed by our track record and believe in the direction we're heading, please consider sponsoring us:

If you have any questions, always feel free to reach out via email, twitter, discord, or the subreddit. Cheers!

4

Tentatively named the Vale Software Foundation.

5

Generational references, the linear-aliasing model, and higher RAII are all complete, and region borrowing, fearless FFI, and perfect replayability have been successfully prototyped. Be sure to check out the experimental version of the compiler!

Copyright © 2022 Evan Ovadia