Skip to content

Memory management

Inko uses automatic memory management, without the use of a garbage collector. Instead, Inko relies on what is known as "single ownership". If you've used Rust this should sound familiar, though Inko's implementation is quite different from the implementation used by Rust.

The idea behind single ownership is as follows: each value has a single owner. When this owner is done with the value, it discards it (known as a "drop"). Discarding the value runs its destructor (if it has any) and releases its memory. Such values are referred to as "owned values".

A value is either owned by the scope it's created in, or another value it's moved into. Take this code for example:

fn example {
  'hello'
}

The value 'hello' is created in the outer-most scope of the example method, meaning that said scope is the owner of the value. When we exit the scope (in this case return from the example method), the value is dropped.

Transferring ownership

Values can be moved, either into scopes or values. When a value is moved, its owner is transferred to whatever it's moved into. For example, pushing a value into an array makes the array the owner of the value:

fn example {
  let val = 'hello'
  let vals = [val]
}

When a value is moved, the previous owner no longer drops it, instead it's up to the new owner to do so when necessary. A value that is moved can't be used anymore, unless the value is a value type in which case a move copies the value. Consider this example:

fn foo(values: Array[Int]) {
  # ...
}

fn bar {
  let vals = [10, 20]

  foo(vals)
}

The call to foo moves vals. If we try to use vals after the call, a compile-time error is produced.

References and borrowing

Besides owned values Inko also supports references. A reference allows you to temporarily use a value without moving it. When the reference is no longer needed, only the reference is discarded; not the value it points to. Creating a reference is known as "borrowing", because you borrow the value the reference points to.

Inko supports two types of references: immutable (ref T) and mutable (mut T) references. Immutable references, as the name suggests, don't allow you to mutate the value pointed to, while mutable references do allow this. References can only be created from an owned value, not from another reference.

References are created using the ref and mut keywords:

let a = [10, 20] # An owned value
let b = ref a    # An immutable reference
let c = mut a    # A mutable reference

Inko automatically creates references for you whenever necessary, so you won't need to use these keywords often.

Unlike Rust, Inko allows you to move owned values when references to it exist. Inko also allows both immutable and mutable references to the same value to exist at the same time. This makes it trivial to implement self-referential data structures (such as linked lists), without needing any unsafe code or the use of raw pointers. For example, here's how you'd define a doubly-linked list:

class Node[T] {
  let @next: Option[Node[T]]
  let @previous: Option[mut Node[T]]
  let @value: T
}

class List[T] {
  let @head: Option[Node[T]]
  let @tail: Option[mut Node[T]]
}

To ensure correctness, Inko maintains a reference count at runtime. This count tracks the amount of ref and mut references that exist for an owned value. If the owned value is dropped but references to it still exist, a panic is produced and the program is aborted; protecting you against use-after-free errors.

The reference count is a regular integer (i.e. we don't use atomic reference counting), and the compiler tries to optimise code such that the amount of reference count changes is kept as low as possible. While there is a runtime cost associated with maintaining these reference counts, the cost is minimal, and far less than the cost of running a tracing garbage collector or using regular (atomic) reference counting.

Inko's implementation is inspired by the paper "Ownership You Can Count On" (mirror).

Unique values and recovery

Besides owned values and references, Inko also has "unique values" (uni T). A unique value is unique in the sense that only a single reference to it can exist (= the value itself). The best way to explain this is to use a cardboard box as a metaphor: a unique value is a box with items in it. Within that box these items are allowed to refer to each other using references, but none of the items are allowed to refer to values outside of the box and vice-versa.

This restriction means that when we have a unique value we can move it around knowing no references (outside of the unique value) exist that point to the unique value. Inko's concurrency support builds upon this, and only allows you to send values between processes if they are either unique or value types (which are copied). This allows passing of data between processes, without you having to worry about race conditions, and without a runtime cost such as having to deep copy values.

If you're familiar with Pony, Inko's unique values are the same as Pony's "isolated values". This is not a coincidence, as both Inko and Pony draw inspiration from the same paper "Uniqueness and Reference Immutability for Safe Parallelism". Unlike Pony, Inko doesn't have a long list of (complicated) reference capabilities, making it easier to use Inko while still achieving the same safety guarantees.

Unique values are created using the recover expression. Within this expression, outside variables are only visible if they are unique values or value types; everything else is hidden. If the return value of a recover expression is an owned value, it's turned into a unique value. If the value already is a unique value, it's instead turned into an owned value.

let a = [10, 20]
let b = recover a        # Not possible, because `a` is owned and thus not visible
let c = recover [10, 20] # `c` is of type `uni Array[Int]`

This is safe because of the following: if the only outside values we can refer to are unique values, then any owned value returned must originate from inside the recover expression. This in turn means any references created to it are either stored inside the value (which is fine), or are discarded before the end of the recover expression. That in turn means that after the recover expression returns, we know for a fact no outside references to the unique value exist, nor can the unique value contain any references to values stored outside of itself.

Values recovered using recover are moved, meaning that the old variable containing the owned value is no longer available:

let a = recover [10, 20]
let b = recover a

a # => this is an error, because `a` is moved into `b`

In general recovery is only needed when sending values between processes.

Using unique values

When we said you can't create references to unique values this wasn't entirely true: you can create references to such values (known as ref uni T or mut uni T references), but such references come with restrictions to ensure correctness. For example, such references can't be assigned to variables, nor are they allowed in explicit type signatures. This means the only place they can be used in is temporary/intermediate expressions not assigned to anything. This in turn means that it's safe to move a unique value afterwards, because the references no longer exist.

Both unique references and owned values allow you to call methods on them, though this comes with a set of rules. These rules are as follows:

  1. If a method takes any arguments, specifies a throw type, or a return type, the types must be "sendable". If any of these types isn't sendable, the method isn't available.
  2. If a method doesn't take any arguments and is immutable, and returns and/or throws an owned value, the method is available if and only if these types are sendable (including any sub values they may store).

A "sendable" type is a type that can cross the boundary between a unique value and the outside world, or a type that can be sent to another process. A type is sendable if it's unique (uni T), a value type, or an owned type that only contains sendable types (in case of rule two). To put this another way: a sendable type is a type of which we are certain no outside references to it exist, and has no references pointing from it to the outside world.

To illustrate this, consider the following expression:

let a = recover 'testing'

a.to_upper

The variable a contains a value of type uni String. The expression a.to_upper is valid because to_upper doesn't take any arguments, and its return type (String) is a value type, which is a sendable type.

Because a is a unique value, we can also write the following:

let a = recover 'testing'  # => uni String
let b = recover a.to_upper # => uni String

Here's a more complicated example:

import std::net::ip::IpAddress
import std::net::socket::TcpServer

class async Main {
  fn async main {
    let server = recover try! TcpServer
      .new(ip: IpAddress.v4(127, 0, 0, 1), port: 40_000)

    let client = recover try! server.accept
  }
}

Here server is of type uni TcpServer. The expression server.accept is valid because server is unique and thus we can see it, and because accept meets rule two: it doesn't mutate its receiver, doesn't take any arguments, and the types it throws/returns only store sendable types.

Here's an example of something that isn't valid:

let a = recover [ByteArray.new]

a.push(ByteArray.new)

This isn't valid because a is of type uni Array[ByteArray], and push takes an argument of type ByteArray which isn't sendable, thus the push method isn't available.

Panics and ownership

A panic is a critical error that aborts the program. When such an error is produced, Inko doesn't drop any values and instead aborts right away.

Benefits compared to garbage collection

If you're used to languages using (tracing) garbage collection you may wonder: what's the benefit of all this?

The first benefit is that memory management using single ownership is deterministic: every time you run your program, values are dropped in the same place at the same time (assuming the drops are not influenced by some condition of course). Not only does this make debugging easier, it also makes scaling your program easier. This in particular is a problem for languages using a garbage collector: they work fine for small workloads, but as load increases they tend to need a lot of tuning, and even then they may not perform well enough. In some cases one may even need to resort to hacks such as allocating a 10 GiB byte array, because the garbage collector doesn't provide the settings necessary to make it perform better.

The second benefit is that because there's a clear point in the code where a value is dropped, we can support deterministic destructors. This results in simpler and more robust code. For example, external resources such as database connections or files can be closed when a value goes out of scope, instead of this requiring a manual call to a close or dispose method of sorts. While some languages with a garbage collector support finalisers, finalisers are not deterministic and may not run at all, and as such can't be relied upon for anything important.

The third benefit is that single ownership can lead to better memory usage, or at least more consistent memory usage. This isn't a hard guarantee as it depends on the program's behaviour, but it's easier to achieve. For example, in typical a garbage collected language the garbage collector doesn't kick in until a set of conditions are met, such as the amount of memory allocated since the last garbage collection run. This results in memory usage following a sawtooth pattern, with memory usage increasing until the GC kicks in, at which point memory usage may be reduced (this is up to the GC implementation). When using single ownership, memory is (at least typically) reclaimed as soon as possible, which can lead to lower memory usage.

The cost of single ownership

Single ownership isn't a silver bullet, and does come with a cost. Specifically, the cost is that of having to run destructors and releasing values one by one, instead of all at once. In case of Inko there's also a small cost involved in maintaining reference counts. Should this cost become significant enough, the solution is typically straightforward: adjust your code such that values live longer (or shorter), or allocate values using an arena of sorts, and you're probably good to go.

There's also a mental cost that comes with single ownership: as a developer you're forced to decide who owns what value, when to transfer ownership, when to use references, etc. In Rust this can be a challenge, as Rust is rather strict about ownership. Inko tries to reduce this cost by being more forgiving and shifting some compile-time work to work done at runtime. While this may not be suitable for all types of programs, we believe it to be good enough for most of them.