Re: Internals details for

From: Jerome Vouillon (
Date: Sat Dec 18 1999 - 19:56:35 MET

Date: Sat, 18 Dec 1999 19:56:35 +0100
From: Jerome Vouillon <>
To: John Prevost <>, Xavier Leroy <>
Subject: Re: Internals details for
In-Reply-To: <>; from John Prevost on Fri, Dec 17, 1999 at 07:51:02PM -0500

On Fri, Dec 17, 1999 at 07:51:02PM -0500, John Prevost wrote:
> > If you're really into high-performance stuff, you could fold the
> > permission check and the bounds check in one "checkbound" instruction.
> > Just arrange the "write enable" flag to be (the Caml integer) 0 if
> > write is allowed, and -1 if it is not. Then, generate something like

You could also probably make the permission check only once, when the
region is created, and use the type system to enforce safety. For
instance, the interface could look something like this:

    type 'a perms
    type 'a t

    val read_only : <read:unit> perms
    val write_only : <write:unit> perms
    val read_write : <read:unit;write:unit> perms

    val create : Unix.file_desc -> 'a perms -> int -> int -> 'a t
    val unsafe_get : <read:unit;..> t -> int -> char
    val unsafe_set : <write:unit;..> t -> int -> char -> unit
    val get : <read:unit;..> t -> int -> char
    val set : <write:unit;..> t -> int -> char -> unit

The implementation would then be something like this:

    type 'a perms = int
    type 'a t = 'a string * int

    let read_only = 1
    let write_only = 2
    let read_write = 3

    let region_create fd perms offset count =
      (* Check that "fd" permissions and "perms" matches *)
      (* Mmap the region and returns it *)

    let check_bound n i = if i < 0 || i >= n then raise ...
    let unsafe_get (r, _) i = String.unsafe_get r i
    let unsafe_set (r, _) i v = String.unsafe_set r i v
    let get (r, n) i = check_bound n i; String.unsafe_get r i
    let set (r, n) i v = check_bound n i; String.unsafe_set r i v

> (How does -unsafe work, by the way? Does it make the C-- "checkbound"
> stuff work differently?)

No, this flag is taken into account much earlier: it makes the parser
translate "e.(e')" as "Array.unsafe_get e e'" rather than "Array.get e
e'" (similarly, it makes use of the unsafe variant instead of the safe
one for the other array and string operations).

> Hmm. What do you mean by "a more portable implementation"? One which
> doesn't require compiler modifications, or one which works with
> bytecode? I believe that with bytecode, the C functions are
> sufficient.

He probably means an implementation that does not require compiler

> As for unsafe string access: but doesn't the pointer point to an
> O'Caml block, which includes a tag and length information?

The pointer points to the beginning of the data, just after the
header. Moreover, this header is ignored for the unsafe string

-- Jérôme

This archive was generated by hypermail 2b29 : Sun Jan 02 2000 - 11:58:29 MET