Unique Pointers and Reference Counting in Cyclone Michael Hicks, Greg Morrisett, Dan Grossman, and Trevor Jim Abstract. Cyclone is a type-safe language intended for applications re- quiring control over memory management. Initial work on Cyclone sup- ported stack allocation, lexical region allocation, and a garbage-collected heap. In this paper, we describe added support for unique pointers (which permit limited use of malloc and free) and reference-counted objects. These idioms are crucial for supporting overlapping, non-nested object lifetimes and safe manual deallocation. A region-based type-and-effects system ensures that dangling pointers cannot be dereferenced. Novel lin- guistic mechanisms leverage the region system to make it easier to use unique pointers. In particular, region polymorphism and a scoped con- struct for temporarily aliasing unique pointers let us write programs that can manipulate either unique or nonunique pointers. In our experience, our new constructs can significantly improve application performance, while adding a modest programming overhead. 1 Introduction Cyclone is a type-safe, C-like language intended for use in systems programs, where control is needed over low-level details such as data representations and memory management. Most safe languages allow memory to be recycled only through garbage collection. In Cyclone, garbage collection is not necessary. Rather, objects may be allocated on the stack or more generally in regions and reclaimed when the stack frame or region is deallocated. A type-and-effects system based on the work of Tofte and Talpin [30] ensures that pointers into deallocated re- gions are never dereferenced. However, region-based mechanisms have a serious weakness: they force object lifetimes to be nested. For example, stack-allocated objects and regions must obey a last-in-first-out discipline: only the most re- cently allocated object or region can be deallocated. Objects with overlapping, non-nested (ONN) lifetimes can be accommodated, but only at the cost of either allocating some objects earlier than otherwise necessary, or deallocating some objects later than necessary. ONN lifetimes are common in systems programs, like operating system kernels and event-based servers. We have integrated two features into Cyclone for handling ONN lifetimes ef- ficiently: reference counted objects, and a restricted (safe) version of free. These features allow us to safely deallocate an object at any time, without constraining the lifetimes of other objects. The key mechanism underlying both features is the unique pointer. By definition, a unique pointer is the only reference to an object, so freeing the object cannot make another reference a dangling pointer.