using cxx::types

using cxx::types;

Jordan DeLongSoftware Engineer, Facebook

Overview

• C++ and its type system

• Weakly typed code

• Refactoring example

Preliminaries

Why does Facebook use C++?

Preliminaries

• Performance

◦ At scale: operational costs > engineering costs

◦ C++ gives programmers low-level control

Preliminaries

• Performance

◦ At scale: operational costs > engineering costs

◦ C++ gives programmers low-level control

• Abstraction tools

◦ Lambdas and higher-order functions

◦ Type deduction (auto, template arguments)

◦ Powerful type system

C++: Powerful Type System

• template<class T>

• template<int I>

• template<template <class> class T>

• template<int I>

• OO-style subtyping/polymorphism

• template<int I>

Basics:

• New statically incompatible types can be created

• template<int I>

Basics:

• New statically incompatible types can be created

• Function and operator overloading

C++: “Powerful” Type System?

• Error-prone standard conversions

◦ Nearly all primitive types convert to bool

◦ unsigned to signed

◦ narrowing conversions

◦ floating-integral conversions

• void*, unsigned char*, untyped memory

• typedef only makes type aliases

◦ Creating real new types is more verbose

Strong vs. Weak

Usual definition:

A type system is “strong” if it disallows conversions

between values of different types.

Strong vs. Weak

Usual definition:

Many? Most? Unsafe? Implicit?

Strong vs. Weak

Usual definition:

In the context of static type systems:

• Unclear as a language property

Strong vs. Weak

Usual definition:

• Better: “strongly typed” is a property of code

Strong vs. Weak

Usual definition:

• Better: “strongly typed” is a property of code

• Weakly typed code can be written in a strongly typed language

What We Really Want

Goal: fewer bugs, guaranteed correctness.

What We Really Want

• Move runtime errors to compile time

• One way to do this: strongly typed APIs

What We Really Want

What this means:

• Types are a critical part of interface design

What We Really Want

What this means:

• Types should encode semantics

What We Really Want

What this means:

• Types should encode semantics

• Primitive types are just building blocks (especially in C++)

Weakly Typed APIs

Weak: High-arity Functions

public void DrawRectangle(

Color colorOutline,

int thicknessOutline,

int x,

int y,

int width,

int height,

int xCornerRadius,

int yCornerRadius,

Color colorGradientStart,

int xGradientStart,

int yGradientStart,

Color colorGradientEnd,

int xGradientEnd,

int yGradientEnd,

UInt16 opacity

• Semantics are primarily encoded by position

• Worse when arguments have compatible types

• Temptation to use or add defaulted arguments

◦ Hinders refactoring

Weak: “Types” in Identifiers

void sleep(int seconds);

sleep(3600 * 60 * 2 /* two hours */);

• Semantics are encoded in the identifier

sleep(3600 * 60 * 2 /* two hours */);

• Semantics are encoded in the identifier

• Use types that encode units, e.g. std::chrono::duration<>

using namespace std::chrono;

void sleep(seconds s);

sleep(duration_cast<seconds>(hours(2)));

Weak: Boolean Arguments

typedef int Id;

enum MetaKind { ... };

void addMeta(int pos,

MetaKind kind,

MetaData* mdata,

bool mIsVector,

Id id);

Particularly bad in C++: every other argument type here implicitly

converts to bool.

Refactoring: HHVM Assembler

An Assembler API

typedef int register_name_t;

const register_name_t rax = 0;

const register_name_t rbx = 1;

// ...

struct Asm {

// ...

void load_reg64_disp_reg32(int rbase, int disp,

int rdest);

void load_reg64_disp_reg64(int, int, int);

void sub_imm32_reg32(intptr_t, int);

void mov_imm64_reg(intptr_t, int);

void load_reg64_index_scale_disp_reg64(

int rbase, int rindex, int scale, int disp,

int rdest);

x64 Memory Operands

// *rax = rbx;

movq %rbx, (%rax) ; base + 0

// rax[0xc] = rbx;

movq %rbx, 0xc(%rax) ; base + disp

// rax[rcx*2+0xc] = 0x42;

movq $0x42, 0xc(%rax,%rcx,0x2) ; base + idx*2 + disp

General case: base + index * scale + displacement.

Using the API

void (*g_destructors[4])(void*) =

{destructString, destructArray,

destructObject, destructRef};

// Dispatch to appropriate destructor function

a. load_reg64_disp_reg32(rbx, TVOFF(m_type), rsi);

a. sub_imm32_reg32(KindOfString, rsi);

a. mov_imm64_reg(uintptr_t(&g_destructors), rax)

a. load_reg64_index_scale_disp_reg64(

rax, rsi, 8, 0, rax);

a. call_reg(rax);

Using the API

movl 0xc(%rbx), %esi

subl $0xf,%esi

movq $0x6a28240,%rax

movq (%rax,%rsi,8),%rax

callq *%rax

Misusing the API

void load_reg64_index_scale_disp_reg64(

int rbase, int rindex, int scale, int disp,

int rdest);

Possible Errors #1

a. load_reg64_disp_reg64(rVmFp, AROFF(m_this), rax);

a. store_reg64_disp_reg64(0,

AROFF(m_this), rVmFp);

a. shr_imm32_reg64(1, rax);

a. jcc(CC_NBE, decRefThisStub);

Possible Errors #1

a. store_reg64_disp_reg64(0,

AROFF(m_this), rVmFp); // <--

Possible Errors #1

a. store_imm64_disp_reg64(0, // reg -> imm

AROFF(m_this), rVmFp); // <--

Possible Errors #2

a. mov_imm32_reg32(-1, rax);

a. store_reg64_disp_reg64(rax,

0, rbx);

Possible Errors #2

a. mov_imm32_reg32(-1, rax);

0, rbx); // not sign-extended

Possible Errors #2

a. mov_imm32_reg64(-1, rax); // 32 -> 64

0, rbx); // not sign-extended

Improving on this

• Argument semantics we can encode in types:

◦ Registers vs. immediates

◦ How a register is used (value vs. part of memory operand)

◦ Operand sizes (eax vs. rax)

Improving on this

• Reduce function arity

Improving on this

• Reduce function arity

• Function naming: closer to x64 opcode mnemonics

Refactored API

// Dispatch to appropriate destructor function

a. movl (rbx[TVOFF(m_type)], esi);

a. subl (KindOfString, esi);

a. movq (&g_destructors, rax);

a. movq (rax[rsi*8], rax);

a. call (rax);

New Register Types

/// Reg64, Reg32, RegXMM, RegRIP ...

constexpr Reg64 rax(0);

constexpr Reg64 rcx(1);

constexpr Reg32 eax(0);

constexpr Reg32 ecx(1);

constexpr Reg8 al(0);

constexpr RegXMM xmm0(0);

constexpr RegRIP rip;

// etc

Register Type Details

struct Reg64 {

explicit constexpr Reg64(int);

explicit constexpr operator int() const;

constexpr bool operator==(Reg64) const;

constexpr bool operator!=(Reg64) const;

// ...

• We’re using a struct instead of enum class because we want to

define an operator[] later.

Register to Register mov

void movb(Reg8, Reg8); // 8-bit operands

void movl(Reg32, Reg32); // 32-bit operands

void movq(Reg64, Reg64); // 64-bit operands

a. movl (rax, rbx); // compile-time error

a. movl (eax, ebx); // ok

Simple Memory Operands

// reg + offset

struct DispReg {

Reg64 rbase;

intptr_t disp;

DispReg operator+(Reg64 rbase, intptr_t disp);

Indexed Memory Operands

// reg * scale

struct ScaledIndex {

Reg64 rindex;

int scale;

ScaledIndex operator*(Reg64 rindex, int scale);

// reg + reg*scale + disp

struct IndexedDispReg {

Reg64 rbase;

ScaledIndex index;

intptr_t disp;

IndexedDispReg operator+(Reg64 rbase, ScaledIndex);

IndexedDispReg operator+(IndexedDispReg, intptr_t);

Dereferenced Memory Operands

// *(reg + offset)

struct MemoryRef {

DispReg dr;

MemoryRef operator*(DispReg);

// *(reg + reg*scale + disp)

struct IndexedMemoryRef {

IndexedDispReg dr;

IndexedMemoryRef operator*(IndexedDispReg);

void movq(MemoryRef, Reg64);

void movl(MemoryRef, Reg32);

void movq(IndexedMemoryRef, Reg64);

void movl(IndexedMemoryRef, Reg32);

a. movl(*(rbx + 0xc), rax); // compile-time error

a. movl(*(rbx + 0xc), eax); // ok

Stores

void movq(Reg64, MemoryRef);

void movl(Reg32, MemoryRef);

void movq(Reg64, IndexedMemoryRef);

void movl(Reg32, IndexedMemoryRef);

Stores

a. movq(rbx, rax[0xc]); // Reg64 gets an operator[]

Stores

a. movq(rbx, rax[0xc]); // Reg64 gets an operator[]

a. movq(ebx, rax[0xc]); // compile-time error

Other opcodes

// Load effective address:

void lea(IndexedDispReg, Reg64);

void lea(DispReg, Reg64);

// Push can take memory or registers:

void pushq(IndexedMemoryRef);

void pushq(MemoryRef);

void pushq(Reg64);

Discussion

• Registers 6≡ Memory Operands 6≡ Immediates 6≡ Registers

Discussion

• Memory Operands: encoded as an embedded expression language

Discussion

• Immediates:

void movq(Immed, Reg64);

void movl(Immed, Reg32);

void movb(Immed, Reg8);

◦ Thin, runtime-checked wrapper around intptr_t

◦ Still potentially vulnerable to runtime integer-related issues

Discussion

• Immediates:

void movq(Immed, Reg64);

void movl(Immed, Reg32);

void movb(Immed, Reg8);

◦ Thin, runtime-checked wrapper around intptr_t

◦ Still potentially vulnerable to runtime integer-related issues

• Looks more like the assembly we’re trying to generate

Making immediates safer

void movimm(Immed immed, Reg64 reg);

struct Immed {

template<class T>

/* implicit */ Immed(

T i, typename std::enable_if<...>::type* = 0

) : m_int(/* ... */) {}

// various accessors q(), l(), w()

// fitsSigned(), fitsUnsigned()

Making immediates safer

void movimm(Immed imm, Reg64 dest) {

if (imm.q() == 0) return xorl(r32(dest), r32(dest));

if (imm.q() > 0 && imm.fitsUnsigned(sz::dword)) {

return movl(imm, r32(dest)); // zeros top bits

movq(imm, dest);

using cxx::types

Technology

a uniÃo anua ano cxx

tomo cxx saltillo, coahuila, martes 20 de agosto de 2013...

brand starter cxx 2

table of contents - glls · fa-xx-bn-xxa-cxx-m...

nuevo documento de cxx

tomo cxx saltillo, coahuila, martes 18 de junio de 2013

tomo cxx saltillo, coahuila, viernes 20 de diciembre de 2013...

using new data types in 2008

编号：cnca-cxx-xxx: 2018

using types for software verification

using types to enforce architectural structure

types care parts using

complete completion using types and weights

scc inc. technical instructionsscccombustion.com/pdf/bracket...

a uniÃo anua número 219 ano cxx

tomo cxx saltillo, coahuila, viernes 15 de febrero...

types of radiation sources and procedures using inspection...

remind of c/c++ basic elements - infn sezione di...

using new data types in2008

medium voltage products keva 24 cxx(c) indoor voltage...