Runtime Memory And Dynamic Behavior

This document is the production contract for 0x0 runtime depth. Runtime depth

production closure is implemented by make runtime-depth-closure-check and

release memory evidence.

Runtime depth production closure is the Milestone 3 truth token for this

document.

Memory Model

Direct ELF programs use deterministic process-lifetime ownership for runtime

values. Strings, list/cons nodes, ABI v1 core tagged values, and generated

runtime buffers are owned by the process and are reclaimed at process exit. This

is the production policy for current CLI, compiler, streaming, and app-probe

executables.

Allocation uses the direct ELF runtime arena. The arena grows with host memory

mappings and checks the mapping result before publishing a new cursor/end pair.

If mapping fails, the generated process exits with status 1 before exposing a

partial value.

Host buffers are copied into runtime-owned values before source code observes

them. 0x0 source does not receive raw host pointers.

Long-running servers and services use explicit host/runtime boundaries,

supervised worker processes, and release RSS budgets until a later release adds

finer-grained in-process reclamation. That is an operational policy, not an

untracked runtime gap.

Dynamic Surface

The production direct runtime supports the tagged value slice required by the

implemented source surface:

• primitive I64, Bool, Text, and Unit values;
• list values built by list, cons, tail, nth, len, and empty?;
• ABI v1 core Option, Result, Map, Bytes, and Error layouts through

lib/core;

• source ADTs lowered to ordinary constructor and match forms;
• text operations such as equality, concatenation, slicing, length, indexing,

character classification, and integer conversion;

• stdin/file/env/argv runtime operations for the supported backend slices;
• direct result printing and process exit.

Runtime dispatch is intentionally source-typed: calls are resolved by the

compiler and dynamic values carry runtime tags for the supported value

families. Broader reflection APIs belong in libraries or host runtimes, not in

the implicit executable ABI.

Streaming IO

Production streaming IO is implemented in the independent direct ELF compiler

runtime (compiler2/elf-runtime.0x0). The streaming paths read and write in

fixed-size chunks and do not materialize the whole payload as a 0x0 Text

value:

• (read-stdin) as the main text result streams stdin to stdout;
• (read-file (nth (argv) 0)) as the main text result streams a file to

stdout;

• (write-file (nth (argv) 1) (read-file (nth (argv) 0))) copies a file from

one path to another with chunked reads and writes.

make runtime-depth-closure-check compiles those direct ELF streaming

programs, runs each with deterministic payloads larger than 1 MiB, and compares

the byte-for-byte output with cmp.

Materializing reads that return a source Text remain available for

compiler-shaped compatibility workloads. New production data movement should

use the streaming paths or explicit host/runtime boundaries.

CLI And Environment

argv returns the process argument list. env returns the value of one

environment variable by name. The release memory workload validates stdin,

argv, environment lookup, text operations, list allocation, indexed access,

direct output, and process exit in one generated executable.

Host runtimes provide richer environment snapshots, process spawning, stdio

pipes, cancellation, and timeouts through later host-effect and framework

milestones.

Failure Semantics

Runtime depth closure fixes the stable process-level failures for this slice:

1  arena allocation failure or explicit panic
2  streaming input/output argv path missing
3  streaming input open/read failure
4  streaming output open/write failure

The closure gate exercises the streaming 2, 3, and 4 cases. Arena failure

is guarded in generated runtime code and covered by source checks that require

the mmap result test before cursor publication.

Release Memory Evidence

make memory-check writes build/release/v<VERSION>/memory.txt. In addition to

the compiler succession and OISA stress measurements, the report includes:

• release.runtime_compile: compiles a generated direct-runtime workload with

the current native direct-ELF compiler path;

• release.runtime_dynamic: executes that workload under the process-group RSS

limit.

The enforced budgets live in perf/memory-budgets.txt:

release.runtime_compile.max_rss_kib=262144
release.runtime_dynamic.max_rss_kib=65536

make rss-limit-check verifies the report wiring through a fake compiler and

fake runtime executable. make runtime-memory-dynamic-check verifies the

memory evidence contract without running the heavy release compiler chain.

Runtime Depth Production Closure

make runtime-depth-closure-check is the Milestone 3 closure gate. It verifies:

• source wiring for streaming direct ELF stdin, read-file, and copy-file paths;
• large-payload streaming behavior;
• stable streaming failure exit statuses;
• direct-runtime memory report evidence;
• public docs, gap inventory, support matrix, release notes, and ADR/RFC

records.