source: doc/refrat/refrat.tex @ 7aa78b4

ADTaaron-thesisarm-ehast-experimentalcleanup-dtorsdeferred_resndemanglerenumforall-pointer-decayjacob/cs343-translationjenkins-sandboxnew-astnew-ast-unique-exprnew-envno_listpersistent-indexerpthread-emulationqualifiedEnumresolv-newwith_gc
Last change on this file since 7aa78b4 was 2264c11, checked in by Peter A. Buhr <pabuhr@…>, 7 years ago

create cfa lstnewenvironment

  • Property mode set to 100644
File size: 187.2 KB
Line 
1%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -*- Mode: Latex -*- %%%%%%%%%%%%%%%%%%%%%%%%%%%%
2%%
3%% Cforall Version 1.0.0 Copyright (C) 2016 University of Waterloo
4%%
5%% The contents of this file are covered under the licence agreement in the
6%% file "LICENCE" distributed with Cforall.
7%%
8%% refrat.tex --
9%%
10%% Author           : Peter A. Buhr
11%% Created On       : Wed Apr  6 14:52:25 2016
12%% Last Modified By : Peter A. Buhr
13%% Last Modified On : Wed Apr  5 23:23:28 2017
14%% Update Count     : 79
15%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
16
17% requires tex packages: texlive-base texlive-latex-base tex-common texlive-humanities texlive-latex-extra texlive-fonts-recommended
18
19\documentclass[openright,twoside]{report}
20
21%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
22
23% Latex packages used in the document.
24\usepackage[T1]{fontenc}                                % allow Latin1 (extended ASCII) characters
25\usepackage{textcomp}
26\usepackage[latin1]{inputenc}
27
28\usepackage{fullpage,times,comment}
29\usepackage{epic,eepic}
30\usepackage{upquote}                                                                    % switch curled `'" to straight
31\usepackage{xspace}
32\usepackage{varioref}                                                                   % extended references
33\usepackage{listings}                                                                   % format program code
34\usepackage[flushmargin]{footmisc}                                              % support label/reference in footnote
35\usepackage{latexsym}                                   % \Box glyph
36\usepackage{mathptmx}                                   % better math font with "times"
37\usepackage[usenames]{color}
38\usepackage[pagewise]{lineno}
39\renewcommand{\linenumberfont}{\scriptsize\sffamily}
40\input{common}                                          % bespoke macros used in the document
41\usepackage[dvips,plainpages=false,pdfpagelabels,pdfpagemode=UseNone,colorlinks=true,pagebackref=true,linkcolor=blue,citecolor=blue,urlcolor=blue,pagebackref=true,breaklinks=true]{hyperref}
42\usepackage{breakurl}
43\renewcommand{\UrlFont}{\small\sf}
44
45\setlength{\topmargin}{-0.45in}                                                 % move running title into header
46\setlength{\headsep}{0.25in}
47
48%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
49
50\CFAStyle                                                                                               % use default CFA format-style
51
52% inline code ©...© (copyright symbol) emacs: C-q M-)
53% red highlighting ®...® (registered trademark symbol) emacs: C-q M-.
54% blue highlighting ß...ß (sharp s symbol) emacs: C-q M-_
55% green highlighting ¢...¢ (cent symbol) emacs: C-q M-"
56% LaTex escape §...§ (section symbol) emacs: C-q M-'
57% keyword escape ¶...¶ (pilcrow symbol) emacs: C-q M-^
58% math escape $...$ (dollar symbol)
59
60%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
61
62% Names used in the document.
63\newcommand{\Version}{\input{../../version}}
64
65\newcommand{\Textbf}[2][red]{{\color{#1}{\textbf{#2}}}}
66\newcommand{\Emph}[2][red]{{\color{#1}\textbf{\emph{#2}}}}
67\newcommand{\R}[1]{\Textbf{#1}}
68\newcommand{\B}[1]{{\Textbf[blue]{#1}}}
69\newcommand{\G}[1]{{\Textbf[OliveGreen]{#1}}}
70
71%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
72
73\setcounter{secnumdepth}{3}                             % number subsubsections
74\setcounter{tocdepth}{3}                                % subsubsections in table of contents
75\makeindex
76
77%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
78
79\title{\Huge
80\vspace*{1in}
81\CFA (\CFL) Reference Manual and Rationale
82}% title
83
84\author{\huge
85Glen Ditchfield and Peter A. Buhr
86}% author
87
88\date{
89DRAFT \\ \today
90}% date
91
92%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
93
94\begin{document}
95\pagestyle{headings}
96% changed after setting pagestyle
97\renewcommand{\chaptermark}[1]{\markboth{\thechapter\quad #1}{\thechapter\quad #1}}
98\renewcommand{\sectionmark}[1]{\markboth{\thesection\quad #1}{\thesection\quad #1}}
99\pagenumbering{roman}
100\linenumbers                                            % comment out to turn off line numbering
101
102\maketitle
103\thispagestyle{empty}
104\vspace*{\fill}
105\noindent
106\copyright\,2015 Glen Ditchfield \\ \\
107\noindent
108This work is licensed under the Creative Commons Attribution 4.0 International License.
109To view a copy of this license, visit {\small\url{http://creativecommons.org/licenses/by/4.0}}.
110\vspace*{1in}
111
112\clearpage
113\pdfbookmark[1]{Contents}{section}
114\tableofcontents
115
116\clearpage
117\pagenumbering{arabic}
118
119
120\chapter*{Introduction}\addcontentsline{toc}{chapter}{Introduction}
121
122This document is a reference manual and rationale for \CFA, a polymorphic extension of the C programming language.
123It makes frequent reference to the {\c11} standard \cite{C11}, and occasionally compares \CFA to {\CC} \cite{C++}.
124
125The manual deliberately imitates the ordering of the {\c11} standard (although the section numbering differs).
126Unfortunately, this means the manual contains more ``forward references'' than usual, making it harder to follow if the reader does not have a copy of the {\c11} standard.
127For a simple introduction to \CFA, see the companion document ``An Overview of \CFA''
128\cite{Ditchfield96:Overview}.
129
130\begin{rationale}
131Commentary (like this) is quoted with quads.
132Commentary usually deals with subtle points, the rationale behind a rule, and design decisions.
133\end{rationale}
134
135% No ``Scope'' or ``Normative references'' chapters yet.
136
137
138\setcounter{chapter}{2}
139\chapter{Terms, definitions, and symbols}
140
141Terms from the {\c11} standard used in this document have the same meaning as in the {\c11} standard.
142
143% No ``Conformance'' or ``Environment'' chapters yet.
144
145
146\setcounter{chapter}{5}
147\chapter{Language}
148
149
150\section{Notation}
151The syntax notation used in this document is the same as in the {\c11} standard, with one exception: ellipsis in the definition of a nonterminal, as in ``\emph{declaration:} \ldots'', indicates that these rules extend a previous definition, which occurs in this document or in the {\c11} standard.
152
153
154\section{Concepts}
155
156
157\subsection{Scopes of identifiers}\index{scopes}
158
159\CFA's scope rules differ from C's in one major respect: a declaration of an identifier may overload\index{overloading} outer declarations of lexically identical identifiers in the same \Index{name space}, instead of hiding them.
160The outer declaration is hidden if the two declarations have \Index{compatible type}, or if one declares an array type and the other declares a pointer type and the element type and pointed-at type are compatible, or if one has function type and the other is a pointer to a compatible function type, or if one declaration is a ©type©\use{type} or ©typedef©\use{typedef} declaration and the other is not.
161The outer declaration becomes \Index{visible} when the scope of the inner declaration terminates.
162\begin{rationale}
163Hence, a \CFA program can declare an ©int v© and a ©float v© in the same scope;
164a {\CC} program can not.
165\end{rationale}
166
167
168\subsection{Linkage of identifiers}
169\index{linkage}
170
171\CFA's linkage rules differ from C's in only one respect: instances of a particular identifier with external or internal linkage do not necessarily denote the same object or function.
172Instead, in the set of translation units and libraries that constitutes an entire program, any two instances of a particular identifier with \Index{external linkage} denote the same object or function if they have \Index{compatible type}s, or if one declares an array type and the other declares a pointer type and the element type and pointed-at type are compatible, or if one has function type and the other is a pointer to a compatible function type.
173Within one translation unit, each instance of an identifier with \Index{internal linkage} denotes the same object or function in the same circumstances.
174Identifiers with \Index{no linkage} always denote unique entities.
175\begin{rationale}
176A \CFA program can declare an ©extern int v© and an ©extern float v©;
177a C program cannot.
178\end{rationale}
179
180
181\setcounter{subsection}{8}
182\subsection{Generic Types}
183
184
185\subsubsection{Semantics}
186
187\CFA provides a capability for generic types;
188using this capability a single "generic type generator" can be written that can represent multiple concrete type instantiations by substitution of the "type parameters" of the generic type for concrete types.
189Syntactically a generic type generator is represented by putting a forall specifier on a struct or union declaration, as defined in \VRef{forall}.
190An instantiation of the generic type is written by specifying the type parameters in parentheses after the name of the generic type generator:
191\begin{lstlisting}
192forall( otype T | sumable( T ) ) struct pair {
193        T x;
194        T y;
195};
196pair( int ) p = { 3, 14 };
197\end{lstlisting}
198
199The type parameters in an instantiation of a generic type must satisfy any constraints in the forall specifier on the type generator declaration, e.g., ©sumable©.
200The instantiation then has the semantics that would result if the type parameters were substituted into the type generator declaration by macro substitution.
201
202Polymorphic functions may have generic types as parameters, and those generic types may use type parameters of the polymorphic function as type parameters of the generic type:
203\begin{lstlisting}
204forall( otype T ) void swap( pair(T) *p ) {
205        T z = p->x;
206        p->x = p->y;
207        p->y = z;
208}
209\end{lstlisting}
210
211
212\subsubsection{Constraints}
213
214To avoid unduly constraining implementors, the generic type generator definition must be visible at any point where it is instantiated.
215Forward declarations of generic type generators are not forbidden, but the definition must be visible to instantiate the generic type.  Equivalently, instantiations of generic types are not allowed to be incomplete types.
216
217\examples
218\begin{lstlisting}
219forall( otype T ) struct A;
220
221forall( otype T ) struct B {
222        A(T) *a;                        // legal, but cannot instantiate B(T)
223};
224
225B(T) x;                                 // illegal, *x.a is of an incomplete generic type
226 
227forall( otype T ) struct A {
228        B( T ) *b;
229};
230
231B( T ) y;                               // legal, *x.a is now of a complete generic type
232
233// box.h:
234        forall( otype T ) struct box;
235        forall( otype T ) box( T ) *make_box( T );
236        forall( otype T ) void use_box( box( T ) *b );
237       
238// main.c:
239        box( int ) *b = make_box( 42 ); // illegal, definition of box not visible
240        use_box( b );           // illegal
241\end{lstlisting}
242
243
244\section{Conversions}
245\CFA defines situations where values of one type are automatically converted to another type.
246These conversions are called \define{implicit conversion}s.
247The programmer can request \define{explicit conversion}s using cast expressions.
248
249
250\subsection{Arithmetic operands}
251
252
253\setcounter{subsubsection}{8}
254\subsubsection{Safe arithmetic conversions}
255
256In C, a pattern of conversions known as the \define{usual arithmetic conversion}s is used with most binary arithmetic operators to convert the operands to a common type and determine the type of the operator's result.
257In \CFA, these conversions play a role in overload resolution, and collectively are called the \define{safe arithmetic conversion}s.
258
259Let ©int$_r$© and ©unsigned$_r$© be the signed and unsigned integer types with integer conversion rank\index{integer conversion rank}\index{rank|see{integer conversion rank}} $r$.
260Let ©unsigned$_{mr}$© be the unsigned integer type with maximal rank.
261
262The following conversions are \emph{direct} safe arithmetic conversions.
263\begin{itemize}
264\item
265The \Index{integer promotion}s.
266\item
267For every rank $r$ greater than or equal to the rank of ©int©, conversion from ©int$_r$© to ©unsigned$_r$©.
268\item
269For every rank $r$ greater than or equal to the rank of ©int©, where ©int$_{r+1}$© exists and can represent all values of ©unsigned$_r$©, conversion from ©unsigned$_r$© to ©int$_{r+1}$©.
270\item
271Conversion from ©unsigned$_{mr}$© to ©float©.
272\item
273Conversion from an enumerated type to its compatible integer type.
274\item
275Conversion from ©float© to ©double©, and from ©double© to ©long double©.
276\item
277Conversion from ©float _Complex© to ©double _Complex©, and from ©double _Complex© to ©long double _Complex©.
278\begin{sloppypar}
279\item
280Conversion from ©float _Imaginary© to ©double _Imaginary©, and from ©double _Imaginary© to ©long double _Imaginary©, if the implementation supports imaginary types.
281\end{sloppypar}
282\end{itemize}
283
284If type ©T© can be converted to type ©U© by a safe direct arithmetic conversion and type ©U© can be converted to type ©V© by a safe arithmetic conversion, then the conversion from ©T© to type ©V© is an \emph{indirect} safe arithmetic conversion.
285
286\begin{rationale}
287Note that {\c11} does not include conversion from \Index{real type}s to \Index{complex type}s in the usual arithmetic conversions, and \CFA does not include them as safe conversions.
288\end{rationale}
289
290
291\subsection{Other operands}
292
293
294\setcounter{subsubsection}{3}
295\subsubsection{Anonymous structures and unions}
296\label{anon-conv}
297
298If an expression's type is a pointer to a structure or union type that has a member that is an \Index{anonymous structure} or an \Index{anonymous union}, it can be implicitly converted\index{implicit conversion} to a pointer to the anonymous structure's or anonymous union's type.
299The result of the conversion is a pointer to the member.
300
301\examples
302\begin{lstlisting}
303struct point {
304        int x, y;
305};
306void move_by( struct point * p1, struct point * p2 ) {§\impl{move_by}§
307        p1->x += p2.x;
308        p1->y += p2.y;
309}
310struct color_point {
311        enum { RED, BLUE, GREEN } color;
312        struct point;
313} cp1, cp2;
314move_to( &cp1, &cp2 );
315\end{lstlisting}
316Thanks to implicit conversion, the two arguments that ©move_by()© receives are pointers to ©cp1©'s second member and ©cp2©'s second member.
317
318
319\subsubsection{Specialization}
320A function or value whose type is polymorphic may be implicitly converted to one whose type is \Index{less polymorphic} by binding values to one or more of its \Index{inferred parameter}.
321Any value that is legal for the inferred parameter may be used, including other inferred parameters.
322
323If, after the inferred parameter binding, an \Index{assertion parameter} has no inferred parameters in its type, then an object or function must be visible at the point of the specialization that has the same identifier as the assertion parameter and has a type that is compatible\index{compatible type} with or can be specialized to the type of the assertion parameter.
324The assertion parameter is bound to that object or function.
325
326The type of the specialization is the type of the original with the bound inferred parameters and the bound assertion parameters replaced by their bound values.
327
328\examples
329The type
330\begin{lstlisting}
331forall( otype T, otype U ) void (*)( T, U );
332\end{lstlisting}
333can be specialized to (among other things)
334\begin{lstlisting}
335forall( otype T ) void (*)( T, T );             // U bound to T
336forall( otype T ) void (*)( T, real );  // U bound to real
337forall( otype U ) void (*)( real, U );  // T bound to real
338void f( real, real );                                   // both bound to real
339\end{lstlisting}
340
341The type
342\begin{lstlisting}
343forall( otype T | T ?+?( T, T ) ) T (*)( T );
344\end{lstlisting}
345can be specialized to (among other things)
346\begin{lstlisting}
347int (*)( int );         // T bound to int, and T ?+?(T, T ) bound to int ?+?( int, int )
348\end{lstlisting}
349
350
351\subsubsection{Safe conversions}
352
353A \define{direct safe conversion} is one of the following conversions:
354\begin{itemize}
355\item
356a direct safe arithmetic conversion;
357\item
358from any object type or incomplete type to ©void©;
359\item
360from a pointer to any non-©void© type to a pointer to ©void©;
361\item
362from a pointer to any type to a pointer to a more qualified version of the type\index{qualified type};
363\item
364from a pointer to a structure or union type to a pointer to the type of a member of the structure or union that is an \Index{anonymous structure} or an \Index{anonymous union};
365\item
366within the scope of an initialized \Index{type declaration}, conversions between a type and its implementation or between a pointer to a type and a pointer to its implementation.
367\end{itemize}
368
369Conversions that are not safe conversions are \define{unsafe conversion}s.
370\begin{rationale}
371As in C, there is an implicit conversion from ©void *© to any pointer type.
372This is clearly dangerous, and {\CC} does not have this implicit conversion.
373\CFA\index{deficiencies!void * conversion} keeps it, in the interest of remaining as pure a superset of C as possible, but discourages it by making it unsafe.
374\end{rationale}
375
376
377\subsection{Conversion cost}
378
379The \define{conversion cost} of a safe\index{safe conversion} conversion\footnote{Unsafe\index{unsafe conversion} conversions do not have defined conversion costs.} is a measure of how desirable or undesirable it is.
380It is defined as follows.
381\begin{itemize}
382\item
383The cost of a conversion from any type to itself is 0.
384
385\item
386The cost of a direct safe conversion is 1.
387
388\item
389The cost of an indirect safe arithmetic conversion is the smallest number of direct conversions needed to make up the conversion.
390\end{itemize}
391
392\examples
393In the following, assume an implementation that does not provide any extended integer types.
394
395\begin{itemize}
396\item
397The cost of an implicit conversion from ©int© to ©long© is 1.
398The cost of an implicit conversion from ©long© to ©double© is 3, because it is defined in terms of conversions from ©long© to ©unsigned long©, then to ©float©, and then to ©double©.
399
400\item
401If ©int© can represent all the values of ©unsigned short©, then the cost of an implicit conversion from ©unsigned short© to ©unsigned© is 2: ©unsigned short© to ©int© to ©unsigned©.
402Otherwise, ©unsigned short© is converted directly to ©unsigned©, and the cost is 1.
403
404\item
405If ©long© can represent all the values of ©unsigned©, then the conversion cost of ©unsigned© to ©long© is 1.
406Otherwise, the conversion is an unsafe conversion, and its conversion cost is undefined.
407\end{itemize}
408
409
410\section{Lexical elements}
411
412
413\subsection{Keywords}
414
415\begin{syntax}
416\oldlhs{keyword}
417\rhs ©forall©
418\rhs ©lvalue©
419\rhs ©trait©
420\rhs ©dtype©
421\rhs ©ftype©
422\rhs ©otype©
423\end{syntax}
424
425
426\subsection{Identifiers}
427
428\CFA allows operator \Index{overloading} by associating operators with special function identifiers.
429Furthermore, the constants ``©0©'' and ``©1©'' have special status for many of C's data types (and for many programmer-defined data types as well), so \CFA treats them as overloadable identifiers.
430Programmers can use these identifiers to declare functions and objects that implement operators and constants for their own types.
431
432
433\setcounter{subsubsection}{2}
434\subsubsection{Constant identifiers}
435
436\begin{syntax}
437\oldlhs{identifier}
438\rhs ©0©
439\rhs ©1©
440\end{syntax}
441
442\index{constant identifiers}\index{identifiers!for constants} The tokens ``©0©''\impl{0} and ``©1©''\impl{1} are identifiers.
443No other tokens defined by the rules for integer constants are considered to be identifiers.
444\begin{rationale}
445Why ``©0©'' and ``©1©''? Those integers have special status in C.
446All scalar types can be incremented and decremented, which is defined in terms of adding or subtracting 1.
447The operations ``©&&©'', ``©||©'', and ``©!©'' can be applied to any scalar arguments, and are defined in terms of comparison against 0.
448A \nonterm{constant-expression} that evaluates to 0 is effectively compatible with every pointer type.
449
450In C, the integer constants 0 and 1 suffice because the integer promotion rules can convert them to any arithmetic type, and the rules for pointer expressions treat constant expressions evaluating to 0 as a special case.
451However, user-defined arithmetic types often need the equivalent of a 1 or 0 for their functions or operators, polymorphic functions often need 0 and 1 constants of a type matching their polymorphic parameters, and user-defined pointer-like types may need a null value.
452Defining special constants for a user-defined type is more efficient than defining a conversion to the type from ©_Bool©.
453
454Why \emph{just} ``©0©'' and ``©1©''? Why not other integers? No other integers have special status in C.
455A facility that let programmers declare specific constants---``©const Rational 12©'', for instance---would not be much of an improvement.
456Some facility for defining the creation of values of programmer-defined types from arbitrary integer tokens would be needed.
457The complexity of such a feature doesn't seem worth the gain.
458\end{rationale}
459
460
461\subsubsection{Operator identifiers}
462
463\index{operator identifiers}\index{identifiers!for operators} Table \ref{opids} lists the programmer-definable operator identifiers and the operations they are associated with.
464Functions that are declared with (or pointed at by function pointers that are declared with) these identifiers can be called by expressions that use the operator tokens and syntax, or the operator identifiers and ``function call'' syntax.
465The relationships between operators and function calls are discussed in descriptions of the operators.
466
467\begin{table}[hbt]
468\hfil
469\begin{tabular}[t]{ll}
470%identifier & operation \\ \hline
471©?[?]© & subscripting \impl{?[?]}\\
472©?()© & function call \impl{?()}\\
473©?++© & postfix increment \impl{?++}\\
474©?--© & postfix decrement \impl{?--}\\
475©++?© & prefix increment \impl{++?}\\
476©--?© & prefix decrement \impl{--?}\\
477©*?© & dereference \impl{*?}\\
478©+?© & unary plus \impl{+?}\\
479©-?© & arithmetic negation \impl{-?}\\
480©~?© & bitwise negation \impl{~?}\\
481©!?© & logical complement \impl{"!?}\\
482©?*?© & multiplication \impl{?*?}\\
483©?/?© & division \impl{?/?}\\
484\end{tabular}\hfil
485\begin{tabular}[t]{ll}
486%identifier & operation \\ \hline
487©?%?© & remainder \impl{?%?}\\
488©?+?© & addition \impl{?+?}\\
489©?-?© & subtraction \impl{?-?}\\
490©?<<?© & left shift \impl{?<<?}\\
491©?>>?© & right shift \impl{?>>?}\\
492©?<?© & less than \impl{?<?}\\
493©?<=?© & less than or equal \impl{?<=?}\\
494©?>=?© & greater than or equal \impl{?>=?}\\
495©?>?© & greater than \impl{?>?}\\
496©?==?© & equality \impl{?==?}\\
497©?!=?© & inequality \impl{?"!=?}\\
498©?&& bitwise AND \impl{?&?}\\
499\end{tabular}\hfil
500\begin{tabular}[t]{ll}
501%identifier & operation \\ \hline
502©?^& exclusive OR \impl{?^?}\\
503©?|?© & inclusive OR \impl{?"|?}\\
504©?=?© & simple assignment \impl{?=?}\\
505©?*=?© & multiplication assignment \impl{?*=?}\\
506©?/=?© & division assignment \impl{?/=?}\\
507©?%=?© & remainder assignment \impl{?%=?}\\
508©?+=?© & addition assignment \impl{?+=?}\\
509©?-=?© & subtraction assignment \impl{?-=?}\\
510©?<<=?© & left-shift assignment \impl{?<<=?}\\
511©?>>=?© & right-shift assignment \impl{?>>=?}\\
512©?&=?© & bitwise AND assignment \impl{?&=?}\\
513©?^=?© & exclusive OR assignment \impl{?^=?}\\
514©?|=?© & inclusive OR assignment \impl{?"|=?}\\
515\end{tabular}
516\hfil
517\caption{Operator Identifiers}
518\label{opids}
519\end{table}
520
521\begin{rationale}
522Operator identifiers are made up of the characters of the operator token, with question marks added to mark the positions of the arguments of operators.
523The question marks serve as mnemonic devices;
524programmers can not create new operators by arbitrarily mixing question marks and other non-alphabetic characters.
525Note that prefix and postfix versions of the increment and decrement operators are distinguished by the position of the question mark.
526\end{rationale}
527
528\begin{rationale}
529The use of ``©?©'' in identifiers means that some C programs are not \CFA programs.  For instance, the sequence of characters ``©(i < 0)?--i:i©'' is legal in a C program, but a
530\CFA compiler detects a syntax error because it treats ``©?--©'' as an identifier, not as the two tokens ``©?©'' and ``©--©''.
531\end{rationale}
532
533\begin{rationale}
534Certain operators \emph{cannot} be defined by the programmer:
535\begin{itemize}
536\item
537The logical operators ``©&&©'' and ``©||©'', and the conditional operator ``©?:©''.
538These operators do not always evaluate their operands, and hence can not be properly defined by functions unless some mechanism like call-by-name is added to the language.
539Note that the definitions of ``©&&©'' and ``©||©'' say that they work by checking that their arguments are unequal to 0, so defining ``©!=©'' and ``©0©'' for user-defined types is enough to allow them to be used in logical expressions.
540
541\item
542The comma operator\index{comma expression}.
543It is a control-flow operator like those above.
544Changing its meaning seems pointless and confusing.
545
546\item
547The ``address of'' operator.
548It would seem useful to define a unary ``©&©'' operator that returns values of some programmer-defined pointer-like type.
549The problem lies with the type of the operator.
550Consider the expression ``©p = &x©'', where ©x© is of type ©T© and ©p© has the programmer-defined type ©T_ptr©.
551The expression might be treated as a call to the unary function ``©&?©''.
552Now what is the type of the function's parameter? It can not be ©T©, because then ©x© would be passed by value, and there is no way to create a useful pointer-like result from a value.
553Hence the parameter must have type ©T *©.
554But then the expression must be rewritten as ``©p = &?( &x )©''
555---which doesn't seem like progress!
556
557The rule for address-of expressions would have to be something like ``keep applying address-of functions until you get one that takes a pointer argument, then use the built-in operator and stop''.
558It seems simpler to define a conversion function from ©T *© to ©T_ptr©.
559
560\item
561The ©sizeof© operator.
562It is already defined for every object type, and intimately tied into the language's storage allocation model.
563Redefining it seems pointless.
564
565\item
566The ``member of'' operators ``©.©'' and ``©->©''.
567These are not really infix operators, since their right ``operand'' is not a value or object.
568
569\item
570Cast operators\index{cast expression}.
571Anything that can be done with an explicit cast can be done with a function call.
572The difference in syntax is small.
573\end{itemize}
574\end{rationale}
575
576
577\section{Expressions}
578
579\CFA allows operators and identifiers to be overloaded.
580Hence, each expression can have a number of \define{interpretation}s, each of which has a different type.
581The interpretations that are potentially executable are called \define{valid interpretation}s.
582The set of interpretations depends on the kind of expression and on the interpretations of the subexpressions that it contains.
583The rules for determining the valid interpretations of an expression are discussed below for each kind of expression.
584Eventually the context of the outermost expression chooses one interpretation of that expression.
585
586An \define{ambiguous interpretation} is an interpretation which does not specify the exact object or function denoted by every identifier in the expression.
587An expression can have some interpretations that are ambiguous and others that are unambiguous.
588An expression that is chosen to be executed shall not be ambiguous.
589
590The \define{best valid interpretations} are the valid interpretations that use the fewest unsafe\index{unsafe conversion} conversions.
591Of these, the best are those where the functions and objects involved are the least polymorphic\index{less polymorphic}.
592Of these, the best have the lowest total \Index{conversion cost}, including all implicit conversions in the argument expressions.
593Of these, the best have the highest total conversion cost for the implicit conversions
594(if any) applied to the argument expressions.
595If there is no single best valid interpretation, or if the best valid interpretation is ambiguous, then the resulting interpretation is ambiguous\index{ambiguous interpretation}.
596
597\begin{rationale}
598\CFA's rules for selecting the best interpretation are designed to allow overload resolution to mimic C's operator semantics.
599In C, the ``usual arithmetic conversions'' are applied to the operands of binary operators if necessary to convert the operands to types with a common real type.
600In \CFA, those conversions are ``safe''.
601The ``fewest unsafe conversions'' rule ensures that the usual conversions are done, if possible.
602The ``lowest total expression cost'' rule chooses the proper common type.
603The odd-looking ``highest argument conversion cost'' rule ensures that, when unary expressions must be converted, conversions of function results are preferred to conversion of function arguments: ©(double)-i© will be preferred to ©-(double)i©.
604
605The ``least polymorphic'' rule reduces the number of polymorphic function calls, since such functions are presumably more expensive than monomorphic functions and since the more specific function is presumably more appropriate.
606It also gives preference to monomorphic values (such as the ©int© ©0©) over polymorphic values (such as the \Index{null pointer} ©0©\use{0}).
607However, interpretations that call polymorphic functions are preferred to interpretations that perform unsafe conversions, because those conversions potentially lose accuracy or violate strong typing.
608
609There are two notable differences between \CFA's overload resolution rules and the rules for
610{\CC} defined in \cite{C++}.
611First, the result type of a function plays a role.
612In {\CC}, a function call must be completely resolved based on the arguments to the call in most circumstances.
613In \CFA, a function call may have several interpretations, each with a different result type, and the interpretations of the containing context choose among them.
614Second, safe conversions are used to choose among interpretations of all sorts of functions;
615in {\CC}, the ``usual arithmetic conversions'' are a separate set of rules that apply only to the built-in operators.
616\end{rationale}
617
618Expressions involving certain operators\index{operator identifiers} are considered to be equivalent to function calls.
619A transformation from ``operator'' syntax to ``function call'' syntax is defined by \define{rewrite rules}.
620Each operator has a set of predefined functions that overload its identifier.
621Overload resolution determines which member of the set is executed in a given expression.
622The functions have \Index{internal linkage} and are implicitly declared with \Index{file scope}.
623The predefined functions and rewrite rules are discussed below for each of these operators.
624\begin{rationale}
625Predefined functions and constants have internal linkage because that simplifies optimization in traditional compile-and-link environments.
626For instance, ``©an_int + an_int©'' is equivalent to ``©?+?(an_int, an_int)©''.
627If integer addition has not been redefined in the current scope, a compiler can generate code to perform the addition directly.
628If predefined functions had external linkage, this optimization would be difficult.
629\end{rationale}
630
631\begin{rationale}
632Since each subsection describes the interpretations of an expression in terms of the interpretations of its subexpressions, this chapter can be taken as describing an overload resolution algorithm that uses one bottom-up pass over an expression tree.
633Such an algorithm was first described (for Ada) by Baker~\cite{Bak:overload}.
634It is extended here to handle polymorphic functions and arithmetic conversions.
635The overload resolution rules and the predefined functions have been chosen so that, in programs that do not introduce overloaded declarations, expressions will have the same meaning in C and in \CFA.
636\end{rationale}
637
638\begin{rationale}
639Expression syntax is quoted from the {\c11} standard.
640The syntax itself defines the precedence and associativity of operators.
641The sections are arranged in decreasing order of precedence, with all operators in a section having the same precedence.
642\end{rationale}
643
644
645\subsection{Primary expressions}
646
647\begin{syntax}
648\lhs{primary-expression}
649\rhs \nonterm{identifier}
650\rhs \nonterm{constant}
651\rhs \nonterm{string-literal}
652\rhs ©(© \nonterm{expression} ©)©
653\rhs \nonterm{generic-selection}
654\end{syntax}
655
656\predefined
657\begin{lstlisting}
658const int 1;§\use{1}§
659const int 0;§\use{0}§
660forall( dtype DT ) DT * const 0;
661forall( ftype FT ) FT * const 0;
662\end{lstlisting}
663
664\semantics
665The \Index{valid interpretation} of an \nonterm{identifier} are given by the visible\index{visible} declarations of the identifier.
666
667A \nonterm{constant} or \nonterm{string-literal} has one valid interpretation, which has the type and value defined by {\c11}.
668The predefined integer identifiers ``©1©'' and ``©0©'' have the integer values 1 and 0, respectively.
669The other two predefined ``©0©'' identifiers are bound to polymorphic pointer values that, when specialized\index{specialization} with a data type or function type respectively, produce a null pointer of that type.
670
671A parenthesised expression has the same interpretations as the contained \nonterm{expression}.
672
673\examples
674The expression ©(void *)0©\use{0} specializes the (polymorphic) null pointer to a null pointer to ©void©. ©(const void *)0© does the same, and also uses a safe conversion from ©void *© to ©const void *©.
675In each case, the null pointer conversion is better\index{best valid interpretations} than the unsafe conversion of the integer ©0© to a pointer.
676
677\begin{rationale}
678Note that the predefined identifiers have addresses.
679
680\CFA does not have C's concept of ``null pointer constants'', which are not typed values but special strings of tokens.
681The C token ``©0©'' is an expression of type ©int© with the value ``zero'', and it \emph{also} is a null pointer constant.
682Similarly, ``©(void *)0© is an expression of type ©(void *)© whose value is a null pointer, and it also is a null pointer constant.
683However, in C, ``©(void *)(void *)0©'' is
684\emph{not} a null pointer constant, even though it is null-valued, a pointer, and constant! The semantics of C expressions contain many special cases to deal with subexpressions that are null pointer constants.
685
686\CFA handles these cases through overload resolution.
687The declaration
688\begin{lstlisting}
689forall( dtype DT ) DT * const 0;
690\end{lstlisting} means that ©0© is a polymorphic object, and contains a value that can have \emph{any} pointer-to-object type or pointer-to-incomplete type.
691The only such value is the null pointer.
692Therefore the type \emph{alone} is enough to identify a null pointer.
693Where C defines an operator with a special case for the null pointer constant, \CFA defines predefined functions with a polymorphic object parameter.
694\end{rationale}
695
696
697\subsubsection{Generic selection}
698
699\constraints The best interpretation of the controlling expression shall be unambiguous\index{ambiguous interpretation}, and shall have type compatible with at most one of the types named in its generic association list.
700If a generic selection has no ©default© generic association, the best interpretation of its controlling expression shall have type compatible with exactly one of the types named in its generic association list.
701
702\semantics
703A generic selection has the same interpretations as its result expression.
704
705
706\subsection{Postfix operators}
707
708\begin{syntax}
709\lhs{postfix-expression}
710\rhs \nonterm{primary-expression}
711\rhs \nonterm{postfix-expression} ©[© \nonterm{expression} ©]©
712\rhs \nonterm{postfix-expression} ©(©
713         \nonterm{argument-expression-list}\opt ©)©
714\rhs \nonterm{postfix-expression} ©.© \nonterm{identifier}
715\rhs \nonterm{postfix-expression} ©->© \nonterm{identifier}
716\rhs \nonterm{postfix-expression} ©++©
717\rhs \nonterm{postfix-expression} ©--©
718\rhs ©(© \nonterm{type-name} ©)© ©{© \nonterm{initializer-list} ©}©
719\rhs ©(© \nonterm{type-name} ©)© ©{© \nonterm{initializer-list} ©,© ©}©
720\lhs{argument-expression-list}
721\rhs \nonterm{assignment-expression}
722\rhs \nonterm{argument-expression-list} ©,©
723         \nonterm{assignment-expression}
724\end{syntax}
725
726\rewriterules
727\begin{lstlisting}
728a[b] => ?[?]( b, a ) // if a has integer type§\use{?[?]}§
729a[b] => ?[?]( a, b ) // otherwise
730a( §\emph{arguments}§ ) => ?()( a, §\emph{arguments}§ )§\use{?()}§
731a++ => ?++(&( a ))§\use{?++}§
732a-- => ?--(&( a ))§\use{?--}§
733\end{lstlisting}
734
735
736\subsubsection{Array subscripting}
737
738\predefined
739\begin{lstlisting}
740forall( otype T ) lvalue T ?[?]( T *, ptrdiff_t );§\use{ptrdiff_t}§
741forall( otype T ) lvalue _Atomic T ?[?]( _Atomic T *, ptrdiff_t );
742forall( otype T ) lvalue const T ?[?]( const T *, ptrdiff_t );
743forall( otype T ) lvalue restrict T ?[?]( restrict T *, ptrdiff_t );
744forall( otype T ) lvalue volatile T ?[?]( volatile T *, ptrdiff_t );
745forall( otype T ) lvalue _Atomic const T ?[?]( _Atomic const T *, ptrdiff_t );
746forall( otype T ) lvalue _Atomic restrict T ?[?]( _Atomic restrict T *, ptrdiff_t );
747forall( otype T ) lvalue _Atomic volatile T ?[?]( _Atomic volatile T *, ptrdiff_t );
748forall( otype T ) lvalue const restrict T ?[?]( const restrict T *, ptrdiff_t );
749forall( otype T ) lvalue const volatile T ?[?]( const volatile T *, ptrdiff_t );
750forall( otype T ) lvalue restrict volatile T ?[?]( restrict volatile T *, ptrdiff_t );
751forall( otype T ) lvalue _Atomic const restrict T ?[?]( _Atomic const restrict T *, ptrdiff_t );
752forall( otype T ) lvalue _Atomic const volatile T ?[?]( _Atomic const volatile T *, ptrdiff_t );
753forall( otype T ) lvalue _Atomic restrict volatile T ?[?]( _Atomic restrict volatile T *, ptrdiff_t );
754forall( otype T ) lvalue const restrict volatile T ?[?]( const restrict volatile T *, ptrdiff_t );
755forall( otype T ) lvalue _Atomic const restrict volatile T ?[?]( _Atomic const restrict volatile T *, ptrdiff_t );
756\end{lstlisting}
757\semantics
758The interpretations of subscript expressions are the interpretations of the corresponding function call expressions.
759\begin{rationale}
760C defines subscripting as pointer arithmetic in a way that makes ©a[i]© and ©i[a]© equivalent. \CFA provides the equivalence through a rewrite rule to reduce the number of overloadings of ©?[?]©.
761
762Subscript expressions are rewritten as function calls that pass the first parameter by value.
763This is somewhat unfortunate, since array-like types tend to be large.
764The alternative is to use the rewrite rule ``©a[b] => ?[?](&(a), b)©''.
765However, C semantics forbid this approach: the ©a© in ``©a[b]©'' can be an arbitrary pointer value, which does not have an address.
766
767The repetitive form of the predefined identifiers shows up a deficiency\index{deficiencies!pointers
768 to qualified types} of \CFA's type system.
769Type qualifiers are not included in type values, so polymorphic functions that take pointers to arbitrary types often come in one flavor for each possible qualification of the pointed-at type.
770\end{rationale}
771
772
773\subsubsection{Function calls}
774
775\semantics
776A \define{function designator} is an interpretation of an expression that has function type.
777The
778\nonterm{postfix-expression} in a function call may have some interpretations that are function designators and some that are not.
779
780For those interpretations of the \nonterm{postfix-expression} that are not function designators, the expression is rewritten and becomes a call of a function named ``©?()©''.
781The valid interpretations of the rewritten expression are determined in the manner described below.
782
783Each combination of function designators and argument interpretations is considered.
784For those interpretations of the \nonterm{postfix-expression} that are \Index{monomorphic function} designators, the combination has a \Index{valid interpretation} if the function designator accepts the number of arguments given, and each argument interpretation matches the corresponding explicit parameter:
785\begin{itemize}
786\item if the argument corresponds to a parameter in the function designator's prototype, the argument interpretation must have the same type as the corresponding parameter, or be implicitly convertible to the parameter's type
787\item if the function designator's type does not include a prototype or if the argument corresponds to ``©...©'' in a prototype, a \Index{default argument promotion} is applied to it.
788\end{itemize}
789The type of the valid interpretation is the return type of the function designator.
790
791For those combinations where the interpretation of the \nonterm{postfix-expression} is a \Index{polymorphic function} designator and the function designator accepts the number of arguments given, there shall be at least one set of \define{implicit argument}s for the implicit parameters such that
792\begin{itemize}
793\item
794If the declaration of the implicit parameter uses \Index{type-class} ©type©\use{type}, the implicit argument must be an object type;
795if it uses ©dtype©, the implicit argument must be an object type or an incomplete type;
796and if it uses ©ftype©, the implicit argument must be a function type.
797
798\item if an explicit parameter's type uses any implicit parameters, then the corresponding explicit argument must have a type that is (or can be safely converted\index{safe conversion} to) the type produced by substituting the implicit arguments for the implicit parameters in the explicit parameter type.
799
800\item the remaining explicit arguments must match the remaining explicit parameters, as described for monomorphic function designators.
801
802\item for each \Index{assertion parameter} in the function designator's type, there must be an object or function with the same identifier that is visible at the call site and whose type is compatible with or can be specialized to the type of the assertion declaration.
803\end{itemize}
804There is a valid interpretation for each such set of implicit parameters.
805The type of each valid interpretation is the return type of the function designator with implicit parameter values substituted for the implicit arguments.
806
807A valid interpretation is ambiguous\index{ambiguous interpretation} if the function designator or any of the argument interpretations is ambiguous.
808
809Every valid interpretation whose return type is not compatible with any other valid interpretation's return type is an interpretation of the function call expression.
810
811Every set of valid interpretations that have mutually compatible\index{compatible type} result types also produces an interpretation of the function call expression.
812The type of the interpretation is the \Index{composite type} of the types of the valid interpretations, and the value of the interpretation is that of the \Index{best valid interpretation}.
813\begin{rationale}
814One desirable property of a polymorphic programming language is \define{generalizability}: the ability to replace an abstraction with a more general but equivalent abstraction without requiring changes in any of the uses of the original\cite{Cormack90}.
815For instance, it should be possible to replace a function ``©int f( int );©'' with ``©forall( otype T ) T f( T );©'' without affecting any calls of ©f©.
816
817\CFA\index{deficiencies!generalizability} does not fully possess this property, because \Index{unsafe conversion} are not done when arguments are passed to polymorphic parameters.
818Consider
819\begin{lstlisting}
820float g( float, float );
821int i;
822float f;
823double d;
824f = g( f, f );          // (1)
825f = g( i, f );          // (2) (safe conversion to float)
826f = g( d, f );          // (3) (unsafe conversion to float)
827\end{lstlisting}
828If ©g© was replaced by ``©forall( otype T ) T g( T, T );©'', the first and second calls would be unaffected, but the third would change: ©f© would be converted to ©double©, and the result would be a ©double©.
829
830Another example is the function ``©void h( int *);©''.
831This function can be passed a ©void *© argument, but the generalization ``©forall( otype T ) void h( T *);©'' can not.
832In this case, ©void© is not a valid value for ©T© because it is not an object type.
833If unsafe conversions were allowed, ©T© could be inferred to be \emph{any} object type, which is undesirable.
834\end{rationale}
835
836\examples
837A function called ``©?()©'' might be part of a numerical differentiation package.
838\begin{lstlisting}
839extern otype Derivative;
840extern double ?()( Derivative, double );
841extern Derivative derivative_of( double (*f)( double ) );
842extern double sin( double );
843
844Derivative sin_dx = derivative_of( sin );
845double d;
846d = sin_dx( 12.9 );
847\end{lstlisting}
848Here, the only interpretation of ©sin_dx© is as an object of type ©Derivative©.
849For that interpretation, the function call is treated as ``©?()( sin_dx, 12.9 )©''.
850\begin{lstlisting}
851int f( long );          // (1)
852int f( int, int );      // (2)
853int f( int *);          // (3)
854int i = f( 5 );         // calls (1)
855\end{lstlisting}
856Function (1) provides a valid interpretation of ``©f( 5 )©'', using an implicit ©int© to ©long© conversion.
857The other functions do not, since the second requires two arguments, and since there is no implicit conversion from ©int© to ©int *© that could be used with the third function.
858
859\begin{lstlisting}
860forall( otype T ) T h( T );
861double d = h( 1.5 );
862\end{lstlisting}
863``©1.5©'' is a ©double© constant, so ©T© is inferred to be ©double©, and the result of the function call is a ©double©.
864
865\begin{lstlisting}
866forall( otype T, otype U ) void g( T, U );      // (4)
867forall( otype T ) void g( T, T );                       // (5)
868forall( otype T ) void g( T, long );            // (6)
869void g( long, long );                                           // (7)
870double d;
871int i;
872int *p;
873g( d, d );                                                                      // calls (5)
874g( d, i );                                                                      // calls (6)
875g( i, i );                                                                      // calls (7)
876g( i, p );                                                                      // calls (4)
877\end{lstlisting}
878The first call has valid interpretations for all four versions of ©g©. (6) and (7) are discarded because they involve unsafe ©double©-to-©long© conversions. (5) is chosen because it is less polymorphic than (4).
879
880For the second call, (7) is again discarded.
881Of the remaining interpretations for (4), (5), and (6) (with ©i© converted to ©long©), (6) is chosen because it is the least polymorphic.
882
883The third call has valid interpretations for all of the functions;
884(7) is chosen since it is not polymorphic at all.
885
886The fourth call has no interpretation for (5), because its arguments must have compatible type. (4) is chosen because it does not involve unsafe conversions.
887\begin{lstlisting}
888forall( otype T ) T min( T, T );
889double max( double, double );
890trait min_max( T ) {§\impl{min_max}§
891        T min( T, T );
892        T max( T, T );
893}
894forall( otype U | min_max( U ) ) void shuffle( U, U );
895shuffle( 9, 10 );
896\end{lstlisting}
897The only possibility for ©U© is ©double©, because that is the type used in the only visible ©max© function. 9 and 10 must be converted to ©double©, and ©min© must be specialized with ©T© bound to ©double©.
898\begin{lstlisting}
899extern void q( int );                                           // (8)
900extern void q( void * );                                        // (9)
901extern void r();
902q( 0 );
903r( 0 );
904\end{lstlisting}
905The ©int 0© could be passed to (8), or the ©(void *)© \Index{specialization} of the null pointer\index{null pointer} ©0©\use{0} could be passed to (9).
906The former is chosen because the ©int© ©0© is \Index{less polymorphic}.
907For the same reason, ©int© ©0© is passed to ©r()©, even though it has \emph{no} declared parameter types.
908
909
910\subsubsection{Structure and union members}
911
912\semantics In the member selection expression ``©s©.©m©'', there shall be at least one interpretation of ©s© whose type is a structure type or union type containing a member named ©m©.
913If two or more interpretations of ©s© have members named ©m© with mutually compatible types, then the expression has an \Index{ambiguous interpretation} whose type is the composite type of the types of the members.
914If an interpretation of ©s© has a member ©m© whose type is not compatible with any other ©s©'s ©m©, then the expression has an interpretation with the member's type.
915The expression has no other interpretations.
916
917The expression ``©p->m©'' has the same interpretations as the expression ``©(*p).m©''.
918
919
920\subsubsection{Postfix increment and decrement operators}
921
922\predefined
923\begin{lstlisting}
924_Bool ?++( volatile _Bool * ), ?++( _Atomic volatile _Bool * );
925char ?++( volatile char * ), ?++( _Atomic volatile char * );
926signed char ?++( volatile signed char * ), ?++( _Atomic volatile signed char * );
927unsigned char ?++( volatile signed char * ), ?++( _Atomic volatile signed char * );
928short int ?++( volatile short int * ), ?++( _Atomic volatile short int * );
929unsigned short int ?++( volatile unsigned short int * ), ?++( _Atomic volatile unsigned short int * );
930int ?++( volatile int * ), ?++( _Atomic volatile int * );
931unsigned int ?++( volatile unsigned int * ), ?++( _Atomic volatile unsigned int * );
932long int ?++( volatile long int * ), ?++( _Atomic volatile long int * );
933long unsigned int ?++( volatile long unsigned int * ), ?++( _Atomic volatile long unsigned int * );
934long long int ?++( volatile long long int * ), ?++( _Atomic volatile long long int * );
935long long unsigned ?++( volatile long long unsigned int * ), ?++( _Atomic volatile long long unsigned int * );
936float ?++( volatile float * ), ?++( _Atomic volatile float * );
937double ?++( volatile double * ), ?++( _Atomic volatile double * );
938long double ?++( volatile long double * ), ?++( _Atomic volatile long double * );
939
940forall( otype T ) T * ?++( T * restrict volatile * ), * ?++( T * _Atomic restrict volatile * );
941forall( otype T ) _Atomic T * ?++( _Atomic T * restrict volatile * ), * ?++( _Atomic T * _Atomic restrict volatile * );
942forall( otype T ) const T * ?++( const T * restrict volatile * ), * ?++( const T * _Atomic restrict volatile * );
943forall( otype T ) volatile T * ?++( volatile T * restrict volatile * ), * ?++( volatile T * _Atomic restrict volatile * );
944forall( otype T ) restrict T * ?++( restrict T * restrict volatile * ), * ?++( restrict T * _Atomic restrict volatile * );
945forall( otype T ) _Atomic const T * ?++( _Atomic const T * restrict volatile * ),
946        * ?++( _Atomic const T * _Atomic restrict volatile * );
947forall( otype T ) _Atomic restrict T * ?++( _Atomic restrict T * restrict volatile * ),
948        * ?++( _Atomic restrict T * _Atomic restrict volatile * );
949forall( otype T ) _Atomic volatile T * ?++( _Atomic volatile T * restrict volatile * ),
950        * ?++( _Atomic volatile T * _Atomic restrict volatile * );
951forall( otype T ) const restrict T * ?++( const restrict T * restrict volatile * ),
952        * ?++( const restrict T * _Atomic restrict volatile * );
953forall( otype T ) const volatile T * ?++( const volatile T * restrict volatile * ),
954        * ?++( const volatile T * _Atomic restrict volatile * );
955forall( otype T ) restrict volatile T * ?++( restrict volatile T * restrict volatile * ),
956        * ?++( restrict volatile T * _Atomic restrict volatile * );
957forall( otype T ) _Atomic const restrict T * ?++( _Atomic const restrict T * restrict volatile * ),
958        * ?++( _Atomic const restrict T * _Atomic restrict volatile * );
959forall( otype T ) _Atomic const volatile T * ?++( _Atomic const volatile T * restrict volatile * ),
960        * ?++( _Atomic const volatile T * _Atomic restrict volatile * );
961forall( otype T ) _Atomic restrict volatile T * ?++( _Atomic restrict volatile T * restrict volatile * ),
962        * ?++( _Atomic restrict volatile T * _Atomic restrict volatile * );
963forall( otype T ) const restrict volatile T * ?++( const restrict volatile T * restrict volatile * ),
964        * ?++( const restrict volatile T * _Atomic restrict volatile * );
965forall( otype T ) _Atomic const restrict volatile T * ?++( _Atomic const restrict volatile T * restrict volatile * ),
966        * ?++( _Atomic const restrict volatile T * _Atomic restrict volatile * );
967
968_Bool ?--( volatile _Bool * ), ?--( _Atomic volatile _Bool * );
969char ?--( volatile char * ), ?--( _Atomic volatile char * );
970signed char ?--( volatile signed char * ), ?--( _Atomic volatile signed char * );
971unsigned char ?--( volatile signed char * ), ?--( _Atomic volatile signed char * );
972short int ?--( volatile short int * ), ?--( _Atomic volatile short int * );
973unsigned short int ?--( volatile unsigned short int * ), ?--( _Atomic volatile unsigned short int * );
974int ?--( volatile int * ), ?--( _Atomic volatile int * );
975unsigned int ?--( volatile unsigned int * ), ?--( _Atomic volatile unsigned int * );
976long int ?--( volatile long int * ), ?--( _Atomic volatile long int * );
977long unsigned int ?--( volatile long unsigned int * ), ?--( _Atomic volatile long unsigned int * );
978long long int ?--( volatile long long int * ), ?--( _Atomic volatile long long int * );
979long long unsigned ?--( volatile long long unsigned int * ), ?--( _Atomic volatile long long unsigned int * );
980float ?--( volatile float * ), ?--( _Atomic volatile float * );
981double ?--( volatile double * ), ?--( _Atomic volatile double * );
982long double ?--( volatile long double * ), ?--( _Atomic volatile long double * );
983
984forall( otype T ) T * ?--( T * restrict volatile * ), * ?--( T * _Atomic restrict volatile * );
985forall( otype T ) _Atomic T * ?--( _Atomic T * restrict volatile * ), * ?--( _Atomic T * _Atomic restrict volatile * );
986forall( otype T ) const T * ?--( const T * restrict volatile * ), * ?--( const T * _Atomic restrict volatile * );
987forall( otype T ) volatile T * ?--( volatile T * restrict volatile * ), * ?--( volatile T * _Atomic restrict volatile * );
988forall( otype T ) restrict T * ?--( restrict T * restrict volatile * ), * ?--( restrict T * _Atomic restrict volatile * );
989forall( otype T ) _Atomic const T * ?--( _Atomic const T * restrict volatile * ),
990        * ?--( _Atomic const T * _Atomic restrict volatile * );
991forall( otype T ) _Atomic restrict T * ?--( _Atomic restrict T * restrict volatile * ),
992        * ?--( _Atomic restrict T * _Atomic restrict volatile * );
993forall( otype T ) _Atomic volatile T * ?--( _Atomic volatile T * restrict volatile * ),
994        * ?--( _Atomic volatile T * _Atomic restrict volatile * );
995forall( otype T ) const restrict T * ?--( const restrict T * restrict volatile * ),
996        * ?--( const restrict T * _Atomic restrict volatile * );
997forall( otype T ) const volatile T * ?--( const volatile T * restrict volatile * ),
998        * ?--( const volatile T * _Atomic restrict volatile * );
999forall( otype T ) restrict volatile T * ?--( restrict volatile T * restrict volatile * ),
1000        * ?--( restrict volatile T * _Atomic restrict volatile * );
1001forall( otype T ) _Atomic const restrict T * ?--( _Atomic const restrict T * restrict volatile * ),
1002        * ?--( _Atomic const restrict T * _Atomic restrict volatile * );
1003forall( otype T ) _Atomic const volatile T * ?--( _Atomic const volatile T * restrict volatile * ),
1004        * ?--( _Atomic const volatile T * _Atomic restrict volatile * );
1005forall( otype T ) _Atomic restrict volatile T * ?--( _Atomic restrict volatile T * restrict volatile * ),
1006        * ?--( _Atomic restrict volatile T * _Atomic restrict volatile * );
1007forall( otype T ) const restrict volatile T * ?--( const restrict volatile T * restrict volatile * ),
1008        * ?--( const restrict volatile T * _Atomic restrict volatile * );
1009forall( otype T ) _Atomic const restrict volatile T * ?--( _Atomic const restrict volatile T * restrict volatile * ),
1010        * ?--( _Atomic const restrict volatile T * _Atomic restrict volatile * );
1011\end{lstlisting}
1012For every extended integer type ©X© there exist
1013% Don't use predefined: keep this out of prelude.cf.
1014\begin{lstlisting}
1015X ?++( volatile X * ), ?++( _Atomic volatile X * ),
1016  ?--( volatile X * ), ?--( _Atomic volatile X * );
1017\end{lstlisting}
1018For every complete enumerated type ©E© there exist
1019% Don't use predefined: keep this out of prelude.cf.
1020\begin{lstlisting}
1021E ?++( volatile E * ), ?++( _Atomic volatile E * ),
1022  ?--( volatile E * ), ?--( _Atomic volatile E * );
1023\end{lstlisting}
1024
1025\begin{rationale}
1026Note that ``©++©'' and ``©--©'' are rewritten as function calls that are given a pointer to that operand. (This is true of all operators that modify an operand.) As Hamish Macdonald has pointed out, this forces the modified operand of such expressions to be an lvalue.
1027This partially enforces the C semantic rule that such operands must be \emph{modifiable} lvalues.
1028\end{rationale}
1029
1030\begin{rationale}
1031In C, a semantic rule requires that pointer operands of increment and decrement be pointers to object types.
1032Hence, ©void *© objects cannot be incremented.
1033In \CFA, the restriction follows from the use of a ©type© parameter in the predefined function definitions, as opposed to ©dtype©, since only object types can be inferred arguments corresponding to the type parameter ©T©.
1034\end{rationale}
1035
1036\semantics
1037First, each interpretation of the operand of an increment or decrement expression is considered separately.
1038For each interpretation that is a bit-field or is declared with the \Indexc{register}\index{storage-class specifier}, the expression has one valid interpretation, with the type of the operand, and the expression is ambiguous if the operand is.
1039
1040For the remaining interpretations, the expression is rewritten, and the interpretations of the expression are the interpretations of the corresponding function call.
1041Finally, all interpretations of the expression produced for the different interpretations of the operand are combined to produce the interpretations of the expression as a whole; where interpretations have compatible result types, the best interpretations are selected in the manner described for function call expressions.
1042
1043\examples
1044\begin{lstlisting}
1045volatile short int vs;  vs++; // rewritten as ?++( &(vs) )
1046short int s;                    s++;
1047const short int cs;             cs++;
1048_Atomic short int as;   as++;
1049\end{lstlisting}
1050\begin{sloppypar}
1051Since ©&(vs)© has type ©volatile short int *©, the best valid interpretation of ©vs++© calls the ©?++© function with the ©volatile short *© parameter.
1052©s++© does the same, applying the safe conversion from ©short int *© to ©volatile short int *©.
1053Note that there is no conversion that adds an ©_Atomic© qualifier, so the ©_Atomic volatile short int© overloading does not provide a valid interpretation.
1054\end{sloppypar}
1055
1056There is no safe conversion from ©const short int *© to ©volatile short int *©, and no ©?++© function that accepts a ©const *© parameter, so ©cs++© has no valid interpretations.
1057
1058The best valid interpretation of ©as++© calls the ©short ?++© function with the ©_Atomic volatile short int *© parameter, applying a safe conversion to add the ©volatile© qualifier.
1059\begin{lstlisting}
1060char * const restrict volatile * restrict volatile pqpc;
1061pqpc++
1062char * * restrict volatile ppc;
1063ppc++;
1064\end{lstlisting}
1065Since ©&(pqpc)© has type ©char * const restrict volatile * restrict volatile *©, the best valid interpretation of ©pqpc++© calls the polymorphic ©?++© function with the ©const restrict volatile T * restrict volatile *© parameter, inferring ©T© to be ©char *©.
1066
1067©ppc++© calls the same function, again inferring ©T© to be ©char *©, and using the safe conversions from ©T© to ©T const© ©restrict volatile©.
1068
1069\begin{rationale}
1070Increment and decrement expressions show up a deficiency of \CFA's type system.
1071There is no such thing as a pointer to a register object or bit-field\index{deficiencies!pointers to bit-fields}.
1072Therefore, there is no way to define a function that alters them, and hence no way to define increment and decrement functions for them.
1073As a result, the semantics of increment and decrement expressions must treat them specially.
1074This holds true for all of the operators that may modify such objects.
1075\end{rationale}
1076
1077\begin{rationale}
1078The polymorphic overloadings for pointer increment and decrement can be understood by considering increasingly complex types.
1079\begin{enumerate}
1080\item
1081``©char * p; p++;©''.
1082The argument to ©?++© has type ©char * *©, and the result has type ©char *©.
1083The expression would be valid if ©?++© were declared by
1084\begin{lstlisting}
1085forall( otype T ) T * ?++( T * * );
1086\end{lstlisting} with ©T© inferred to be ©char©.
1087
1088\item
1089``©char *restrict volatile qp; qp++©''.
1090The result again has type ©char *©, but the argument now has type ©char *restrict volatile *©, so it cannot be passed to the hypothetical function declared in point 1.
1091Hence the actual predefined function is
1092\begin{lstlisting}
1093forall( otype T ) T * ?++( T * restrict volatile * );
1094\end{lstlisting} which also accepts a ©char * *© argument, because of the safe conversions that add ©volatile© and ©restrict© qualifiers. (The parameter is not const-qualified, so constant pointers cannot be incremented.)
1095
1096\item
1097``©char *_Atomic ap; ap++©''.
1098The result again has type ©char *©, but no safe conversion adds an ©_Atomic© qualifier, so the function in point 2 is not applicable.
1099A separate overloading of ©?++© is required.
1100
1101\item
1102``©char const volatile * pq; pq++©''.
1103Here the result has type ©char const volatile *©, so a new overloading is needed:
1104\begin{lstlisting}
1105forall( otype T ) T const volatile * ?++( T const volatile *restrict volatile * );
1106\end{lstlisting}
1107One overloading is needed for each combination of qualifiers in the pointed-at type\index{deficiencies!pointers to qualified types}.
1108 
1109\item
1110``©float *restrict * prp; prp++©''.
1111The ©restrict© qualifier is handled just like ©const© and ©volatile© in the previous case:
1112\begin{lstlisting}
1113forall( otype T ) T restrict * ?++( T restrict *restrict volatile * );
1114\end{lstlisting} with ©T© inferred to be ©float *©.
1115This looks odd, because {\c11} contains a constraint that requires restrict-qualified types to be pointer-to-object types, and ©T© is not syntactically a pointer type. \CFA loosens the constraint.
1116\end{enumerate}
1117\end{rationale}
1118
1119
1120\subsubsection{Compound literals}
1121
1122\semantics 
1123A compound literal has one interpretation, with the type given by the \nonterm{type-name} of the compound literal.
1124
1125
1126\subsection{Unary operators}
1127
1128\begin{syntax}
1129\lhs{unary-expression}
1130        \rhs \nonterm{postfix-expression}
1131        \rhs ©++© \nonterm{unary-expression}
1132        \rhs ©--© \nonterm{unary-expression}
1133        \rhs \nonterm{unary-operator} \nonterm{cast-expression}
1134        \rhs ©sizeof© \nonterm{unary-expression}
1135        \rhs ©sizeof© ©(© \nonterm{type-name} ©)©
1136\lhs{unary-operator} one of
1137        \rhs ©&© ©*© ©+© ©-© ©~© ©!©
1138\end{syntax}
1139
1140\rewriterules
1141\begin{lstlisting}
1142*a      => *?( a )§\use{*?}§
1143+a      => +?( a )§\use{+?}§
1144-a      => -?( a )§\use{-?}§
1145~a      => ~?( a )§\use{~?}§
1146!a      => !?( a )§\use{"!?}§
1147++a     => ++?(&( a ))§\use{++?}§
1148--a     => --?(&( a ))§\use{--?}§
1149\end{lstlisting}
1150
1151
1152\subsubsection{Prefix increment and decrement operators}
1153
1154\predefined
1155\begin{lstlisting}
1156_Bool ++?( volatile _Bool * ), ++?( _Atomic volatile _Bool * );
1157char ++?( volatile char * ), ++?( _Atomic volatile char * );
1158signed char ++?( volatile signed char * ), ++?( _Atomic volatile signed char * );
1159unsigned char ++?( volatile signed char * ), ++?( _Atomic volatile signed char * );
1160short int ++?( volatile short int * ), ++?( _Atomic volatile short int * );
1161unsigned short int ++?( volatile unsigned short int * ), ++?( _Atomic volatile unsigned short int * );
1162int ++?( volatile int * ), ++?( _Atomic volatile int * );
1163unsigned int ++?( volatile unsigned int * ), ++?( _Atomic volatile unsigned int * );
1164long int ++?( volatile long int * ), ++?( _Atomic volatile long int * );
1165long unsigned int ++?( volatile long unsigned int * ), ++?( _Atomic volatile long unsigned int * );
1166long long int ++?( volatile long long int * ), ++?( _Atomic volatile long long int * );
1167long long unsigned ++?( volatile long long unsigned int * ), ++?( _Atomic volatile long long unsigned int * );
1168float ++?( volatile float * ), ++?( _Atomic volatile float * );
1169double ++?( volatile double * ), ++?( _Atomic volatile double * );
1170long double ++?( volatile long double * ), ++?( _Atomic volatile long double * );
1171
1172forall( otype T ) T * ++?( T * restrict volatile * ), * ++?( T * _Atomic restrict volatile * );
1173forall( otype T ) _Atomic T * ++?( _Atomic T * restrict volatile * ), * ++?( _Atomic T * _Atomic restrict volatile * );
1174forall( otype T ) const T * ++?( const T * restrict volatile * ), * ++?( const T * _Atomic restrict volatile * );
1175forall( otype T ) volatile T * ++?( volatile T * restrict volatile * ), * ++?( volatile T * _Atomic restrict volatile * );
1176forall( otype T ) restrict T * ++?( restrict T * restrict volatile * ), * ++?( restrict T * _Atomic restrict volatile * );
1177forall( otype T ) _Atomic const T * ++?( _Atomic const T * restrict volatile * ),
1178        * ++?( _Atomic const T * _Atomic restrict volatile * );
1179forall( otype T ) _Atomic volatile T * ++?( _Atomic volatile T * restrict volatile * ),
1180        * ++?( _Atomic volatile T * _Atomic restrict volatile * );
1181forall( otype T ) _Atomic restrict T * ++?( _Atomic restrict T * restrict volatile * ),
1182        * ++?( _Atomic restrict T * _Atomic restrict volatile * );
1183forall( otype T ) const volatile T * ++?( const volatile T * restrict volatile * ),
1184        * ++?( const volatile T * _Atomic restrict volatile * );
1185forall( otype T ) const restrict T * ++?( const restrict T * restrict volatile * ),
1186        * ++?( const restrict T * _Atomic restrict volatile * );
1187forall( otype T ) restrict volatile T * ++?( restrict volatile T * restrict volatile * ),
1188        * ++?( restrict volatile T * _Atomic restrict volatile * );
1189forall( otype T ) _Atomic const volatile T * ++?( _Atomic const volatile T * restrict volatile * ),
1190        * ++?( _Atomic const volatile T * _Atomic restrict volatile * );
1191forall( otype T ) _Atomic const restrict T * ++?( _Atomic const restrict T * restrict volatile * ),
1192        * ++?( _Atomic const restrict T * _Atomic restrict volatile * );
1193forall( otype T ) _Atomic restrict volatile T * ++?( _Atomic restrict volatile T * restrict volatile * ),
1194        * ++?( _Atomic restrict volatile T * _Atomic restrict volatile * );
1195forall( otype T ) const restrict volatile T * ++?( const restrict volatile T * restrict volatile * ),
1196        * ++?( const restrict volatile T * _Atomic restrict volatile * );
1197forall( otype T ) _Atomic const restrict volatile T * ++?( _Atomic const restrict volatile T * restrict volatile * ),
1198        * ++?( _Atomic const restrict volatile T * _Atomic restrict volatile * );
1199
1200_Bool --?( volatile _Bool * ), --?( _Atomic volatile _Bool * );
1201char --?( volatile char * ), --?( _Atomic volatile char * );
1202signed char --?( volatile signed char * ), --?( _Atomic volatile signed char * );
1203unsigned char --?( volatile signed char * ), --?( _Atomic volatile signed char * );
1204short int --?( volatile short int * ), --?( _Atomic volatile short int * );
1205unsigned short int --?( volatile unsigned short int * ), --?( _Atomic volatile unsigned short int * );
1206int --?( volatile int * ), --?( _Atomic volatile int * );
1207unsigned int --?( volatile unsigned int * ), --?( _Atomic volatile unsigned int * );
1208long int --?( volatile long int * ), --?( _Atomic volatile long int * );
1209long unsigned int --?( volatile long unsigned int * ), --?( _Atomic volatile long unsigned int * );
1210long long int --?( volatile long long int * ), --?( _Atomic volatile long long int * );
1211long long unsigned --?( volatile long long unsigned int * ), --?( _Atomic volatile long long unsigned int * );
1212float --?( volatile float * ), --?( _Atomic volatile float * );
1213double --?( volatile double * ), --?( _Atomic volatile double * );
1214long double --?( volatile long double * ), --?( _Atomic volatile long double * );
1215
1216forall( otype T ) T * --?( T * restrict volatile * ), * --?( T * _Atomic restrict volatile * );
1217forall( otype T ) _Atomic T * --?( _Atomic T * restrict volatile * ), * --?( _Atomic T * _Atomic restrict volatile * );
1218forall( otype T ) const T * --?( const T * restrict volatile * ), * --?( const T * _Atomic restrict volatile * );
1219forall( otype T ) volatile T * --?( volatile T * restrict volatile * ), * --?( volatile T * _Atomic restrict volatile * );
1220forall( otype T ) restrict T * --?( restrict T * restrict volatile * ), * --?( restrict T * _Atomic restrict volatile * );
1221forall( otype T ) _Atomic const T * --?( _Atomic const T * restrict volatile * ),
1222        * --?( _Atomic const T * _Atomic restrict volatile * );
1223forall( otype T ) _Atomic volatile T * --?( _Atomic volatile T * restrict volatile * ),
1224        * --?( _Atomic volatile T * _Atomic restrict volatile * );
1225forall( otype T ) _Atomic restrict T * --?( _Atomic restrict T * restrict volatile * ),
1226        * --?( _Atomic restrict T * _Atomic restrict volatile * );
1227forall( otype T ) const volatile T * --?( const volatile T * restrict volatile * ),
1228        * --?( const volatile T * _Atomic restrict volatile * );
1229forall( otype T ) const restrict T * --?( const restrict T * restrict volatile * ),
1230        * --?( const restrict T * _Atomic restrict volatile * );
1231forall( otype T ) restrict volatile T * --?( restrict volatile T * restrict volatile * ),
1232        * --?( restrict volatile T * _Atomic restrict volatile * );
1233forall( otype T ) _Atomic const volatile T * --?( _Atomic const volatile T * restrict volatile * ),
1234        * --?( _Atomic const volatile T * _Atomic restrict volatile * );
1235forall( otype T ) _Atomic const restrict T * --?( _Atomic const restrict T * restrict volatile * ),
1236        * --?( _Atomic const restrict T * _Atomic restrict volatile * );
1237forall( otype T ) _Atomic restrict volatile T * --?( _Atomic restrict volatile T * restrict volatile * ),
1238        * --?( _Atomic restrict volatile T * _Atomic restrict volatile * );
1239forall( otype T ) const restrict volatile T * --?( const restrict volatile T * restrict volatile * ),
1240        * --?( const restrict volatile T * _Atomic restrict volatile * );
1241forall( otype T ) _Atomic const restrict volatile T * --?( _Atomic const restrict volatile T * restrict volatile * ),
1242        * --?( _Atomic const restrict volatile T * _Atomic restrict volatile * );
1243\end{lstlisting}
1244For every extended integer type ©X© there exist
1245% Don't use predefined: keep this out of prelude.cf.
1246\begin{lstlisting}
1247X       ++?( volatile X * ),
1248        ++?( _Atomic volatile X * ),
1249        --?( volatile X * ),
1250        --?( _Atomic volatile X * );
1251\end{lstlisting}
1252For every complete enumerated type ©E© there exist
1253% Don't use predefined: keep this out of prelude.cf.
1254\begin{lstlisting}
1255E ++?( volatile E * ),
1256        ++?( _Atomic volatile E * ),
1257        ?--( volatile E * ),
1258        ?--( _Atomic volatile E * );
1259\end{lstlisting}
1260
1261\semantics
1262The interpretations of prefix increment and decrement expressions are determined in the same way as the interpretations of postfix increment and decrement expressions.
1263
1264
1265\subsubsection{Address and indirection operators}
1266
1267\predefined
1268\begin{lstlisting}
1269forall( otype T ) lvalue T *?( T * );
1270forall( otype T ) _Atomic lvalue T *?( _Atomic T * );
1271forall( otype T ) const lvalue T *?( const T * );
1272forall( otype T ) volatile lvalue T *?( volatile T * );
1273forall( otype T ) restrict lvalue T *?( restrict T * );
1274forall( otype T ) _Atomic const lvalue T *?( _Atomic const T * );
1275forall( otype T ) _Atomic volatile lvalue T *?( _Atomic volatile T * );
1276forall( otype T ) _Atomic restrict lvalue T *?( _Atomic restrict T * );
1277forall( otype T ) const volatile lvalue T *?( const volatile T * );
1278forall( otype T ) const restrict lvalue T *?( const restrict T * );
1279forall( otype T ) restrict volatile lvalue T *?( restrict volatile T * );
1280forall( otype T ) _Atomic const volatile lvalue T *?( _Atomic const volatile T * );
1281forall( otype T ) _Atomic const restrict lvalue T *?( _Atomic const restrict T * );
1282forall( otype T ) _Atomic restrict volatile lvalue T *?( _Atomic restrict volatile T * );
1283forall( otype T ) const restrict volatile lvalue T *?( const restrict volatile T * );
1284forall( otype T ) _Atomic const restrict volatile lvalue T *?( _Atomic const restrict volatile T * );
1285forall( ftype FT ) FT *?( FT * );
1286\end{lstlisting}
1287
1288\constraints
1289The operand of the unary ``©&©'' operator shall have exactly one \Index{interpretation}\index{ambiguous interpretation}, which shall be unambiguous.
1290
1291\semantics
1292The ``©&©'' expression has one interpretation which is of type ©T *©, where ©T© is the type of the operand.
1293
1294The interpretations of an indirection expression are the interpretations of the corresponding function call.
1295
1296
1297\subsubsection{Unary arithmetic operators}
1298
1299\predefined
1300\begin{lstlisting}
1301int     +?( int ), -?( int ), ~?( int );
1302unsigned int +?( unsigned int ), -?( unsigned int ), ~?( unsigned int );
1303long int +?( long int ), -?( long int ), ~?( long int );
1304long unsigned int +?( long unsigned int ), -?( long unsigned int ), ~?( long unsigned int );
1305long long int +?( long long int ), -?( long long int ), ~?( long long int );
1306long long unsigned int +?( long long unsigned int ), -?( long long unsigned int ), ~?( long long unsigned int );
1307float +?( float ), -?( float );
1308double +?( double ), -?( double );
1309long double +?( long double ), -?( long double );
1310_Complex float +?( _Complex float ), -?( _Complex float );
1311_Complex double +?( _Complex double ), -?( _Complex double );
1312_Complex long double +?( _Complex long double ), -?( _Complex long double );
1313int !?( int ), !?( unsigned int ), !?( long ), !?( long unsigned int ),
1314        !?( long long int ), !?( long long unsigned int ),
1315        !?( float ), !?( double ), !?( long double ),
1316        !?( _Complex float ), !?( _Complex double ), !?( _Complex long double );
1317forall( dtype DT ) int !?( const restrict volatile DT * );
1318forall( dtype DT ) int !?( _Atomic const restrict volatile DT * );
1319forall( ftype FT ) int !?( FT * );
1320\end{lstlisting}
1321For every extended integer type ©X© with \Index{integer conversion rank} greater than the rank of ©int© there exist
1322% Don't use predefined: keep this out of prelude.cf.
1323\begin{lstlisting}
1324X +?( X ), -?( X ), ~?( X );
1325int !?( X );
1326\end{lstlisting}
1327
1328\semantics
1329The interpretations of a unary arithmetic expression are the interpretations of the corresponding function call.
1330
1331\examples
1332\begin{lstlisting}
1333long int li;
1334void eat_double( double );§\use{eat_double}§
1335eat_double(-li ); // => eat_double( -?( li ) );
1336\end{lstlisting}
1337The valid interpretations of ``©-li©'' (assuming no extended integer types exist) are
1338\begin{center}
1339\begin{tabular}{llc} interpretation & result type & expression conversion cost \\
1340\hline
1341©-?( (int)li )©                                         & ©int©                                         & (unsafe) \\
1342©-?( (unsigned)li)©                                     & ©unsigned int©                        & (unsafe) \\
1343©-?( (long)li)©                                         & ©long©                                        & 0 \\
1344©-?( (long unsigned int)li)©            & ©long unsigned int©           & 1 \\
1345©-?( (long long int)li)©                        & ©long long int©                       & 2 \\
1346©-?( (long long unsigned int)li)©       & ©long long unsigned int©      & 3 \\
1347©-?( (float)li)©                                        & ©float©                                       & 4 \\
1348©-?( (double)li)©                                       & ©double©                                      & 5 \\
1349©-?( (long double)li)©                          & ©long double©                         & 6 \\
1350©-?( (_Complex float)li)©                       & ©float©                                       & (unsafe) \\
1351©-?( (_Complex double)li)©                      & ©double©                                      & (unsafe) \\
1352©-?( (_Complex long double)li)©         & ©long double©                         & (unsafe) \\
1353\end{tabular}
1354\end{center}
1355The valid interpretations of the ©eat_double© call, with the cost of the argument conversion and the cost of the entire expression, are
1356\begin{center}
1357\begin{tabular}{lcc} interpretation & argument cost & expression cost \\
1358\hline
1359©eat_double( (double)-?( (int)li) )©                                    & 7                     & (unsafe) \\
1360©eat_double( (double)-?( (unsigned)li) )©                               & 6                     & (unsafe) \\
1361©eat_double( (double)-?(li) )©                                                  & 5                     & \(0+5=5\) \\
1362©eat_double( (double)-?( (long unsigned int)li) )©              & 4                     & \(1+4=5\) \\
1363©eat_double( (double)-?( (long long int)li) )©                  & 3                     & \(2+3=5\) \\
1364©eat_double( (double)-?( (long long unsigned int)li) )© & 2                     & \(3+2=5\) \\
1365©eat_double( (double)-?( (float)li) )©                                  & 1                     & \(4+1=5\) \\
1366©eat_double( (double)-?( (double)li) )©                                 & 0                     & \(5+0=5\) \\
1367©eat_double( (double)-?( (long double)li) )©                    & (unsafe)      & (unsafe) \\
1368©eat_double( (double)-?( (_Complex float)li) )©                 & (unsafe)      & (unsafe) \\
1369©eat_double( (double)-?( (_Complex double)li) )©                & (unsafe)      & (unsafe) \\
1370©eat_double( (double)-?( (_Complex long double)li) )©   & (unsafe)      & (unsafe) \\
1371\end{tabular}
1372\end{center}
1373Each has result type ©void©, so the best must be selected.
1374The interpretations involving unsafe conversions are discarded.
1375The remainder have equal expression conversion costs, so the ``highest argument conversion cost'' rule is invoked, and the chosen interpretation is ©eat_double( (double)-?(li) )©.
1376
1377
1378\subsubsection[The sizeof and \_Alignof operators]{The \lstinline@sizeof@ and \lstinline@_Alignof@ operators}
1379
1380\constraints
1381The operand of ©sizeof© or ©_Alignof© shall not be ©type©, ©dtype©, or ©ftype©.
1382
1383When the ©sizeof©\use{sizeof} operator is applied to an expression, the expression shall have exactly one \Index{interpretation}\index{ambiguous interpretation}, which shall be unambiguous. \semantics A ©sizeof© or ©_Alignof© expression has one interpretation, of type ©size_t©.
1384
1385When ©sizeof© is applied to an identifier declared by a \nonterm{type-declaration} or a
1386\nonterm{type-parameter}, it yields the size in bytes of the type that implements the operand.
1387When the operand is an opaque type or an inferred type parameter\index{inferred parameter}, the expression is not a constant expression.
1388
1389When ©_Alignof© is applied to an identifier declared by a \nonterm{type-declaration} or a
1390\nonterm{type-parameter}, it yields the alignment requirement of the type that implements the operand.
1391When the operand is an opaque type or an inferred type parameter\index{inferred parameter}, the expression is not a constant expression.
1392\begin{rationale}
1393\begin{lstlisting}
1394otype Pair = struct { int first, second; };
1395size_t p_size = sizeof(Pair);           // constant expression
1396extern otype Rational;§\use{Rational}§
1397size_t c_size = sizeof(Rational);       // non-constant expression
1398forall(type T) T f(T p1, T p2) {
1399        size_t t_size = sizeof(T);              // non-constant expression
1400        ...
1401}
1402\end{lstlisting}
1403``©sizeof Rational©'', although not statically known, is fixed.
1404Within ©f()©, ``©sizeof(T)©'' is fixed for each call of ©f()©, but may vary from call to call.
1405\end{rationale}
1406
1407
1408\subsection{Cast operators}
1409
1410\begin{syntax}
1411\lhs{cast-expression}
1412\rhs \nonterm{unary-expression}
1413\rhs ©(© \nonterm{type-name} ©)© \nonterm{cast-expression}
1414\end{syntax}
1415
1416\constraints
1417The \nonterm{type-name} in a \nonterm{cast-expression} shall not be ©type©, ©dtype©, or ©ftype©.
1418
1419\semantics
1420
1421In a \Index{cast expression} ``©(©\nonterm{type-name}©)e©'', if
1422\nonterm{type-name} is the type of an interpretation of ©e©, then that interpretation is the only interpretation of the cast expression;
1423otherwise, ©e© shall have some interpretation that can be converted to \nonterm{type-name}, and the interpretation of the cast expression is the cast of the interpretation that can be converted at the lowest cost.
1424The cast expression's interpretation is ambiguous\index{ambiguous interpretation} if more than one interpretation can be converted at the lowest cost or if the selected interpretation is ambiguous.
1425
1426\begin{rationale}
1427Casts can be used to eliminate ambiguity in expressions by selecting interpretations of subexpressions, and to specialize polymorphic functions and values.
1428\end{rationale}
1429
1430
1431\subsection{Multiplicative operators}
1432
1433\begin{syntax}
1434\lhs{multiplicative-expression}
1435\rhs \nonterm{cast-expression}
1436\rhs \nonterm{multiplicative-expression} ©*© \nonterm{cast-expression}
1437\rhs \nonterm{multiplicative-expression} ©/© \nonterm{cast-expression}
1438\rhs \nonterm{multiplicative-expression} ©%© \nonterm{cast-expression}
1439\end{syntax}
1440
1441\rewriterules
1442\begin{lstlisting}
1443a * b => ?*?( a, b )§\use{?*?}§
1444a / b => ?/?( a, b )§\use{?/?}§
1445a % b => ?%?( a, b )§\use{?%?}§
1446\end{lstlisting}
1447
1448\predefined
1449\begin{lstlisting}
1450int?*?( int, int ), ?/?( int, int ), ?%?( int, int );
1451unsigned int?*?( unsigned int, unsigned int ), ?/?( unsigned int, unsigned int ), ?%?( unsigned int, unsigned int );
1452long int?*?( long int, long int ), ?/?( long, long ), ?%?( long, long );
1453long unsigned int?*?( long unsigned int, long unsigned int ),
1454        ?/?( long unsigned int, long unsigned int ), ?%?( long unsigned int, long unsigned int );
1455long long int?*?( long long int, long long int ), ?/?( long long int, long long int ),
1456        ?%?( long long int, long long int );
1457long long unsigned int ?*?( long long unsigned int, long long unsigned int ),
1458        ?/?( long long unsigned int, long long unsigned int ), ?%?( long long unsigned int, long long unsigned int );
1459float?*?( float, float ), ?/?( float, float );
1460double?*?( double, double ), ?/?( double, double );
1461long double?*?( long double, long double ), ?/?( long double, long double );
1462_Complex float?*?( float, _Complex float ), ?/?( float, _Complex float ),
1463        ?*?( _Complex float, float ), ?/?( _Complex float, float ),
1464        ?*?( _Complex float, _Complex float ), ?/?( _Complex float, _Complex float );
1465_Complex double?*?( double, _Complex double ), ?/?( double, _Complex double ),
1466        ?*?( _Complex double, double ), ?/?( _Complex double, double ),
1467        ?*?( _Complex double, _Complex double ), ?/?( _Complex double, _Complex double );
1468_Complex long double?*?( long double, _Complex long double ), ?/?( long double, _Complex long double ),
1469        ?*?( _Complex long double, long double ), ?/?( _Complex long double, long double ),
1470        ?*?( _Complex long double, _Complex long double ), ?/?( _Complex long double, _Complex long double );
1471\end{lstlisting}
1472For every extended integer type ©X© with \Index{integer conversion rank} greater than the rank of ©int© there exist
1473% Don't use predefined: keep this out of prelude.cf.
1474\begin{lstlisting}
1475X ?*?( X ), ?/?( X ), ?%?( X );
1476\end{lstlisting}
1477
1478\begin{rationale}
1479{\c11} does not include conversions from the \Index{real type}s to \Index{complex type}s in the \Index{usual arithmetic conversion}s.  Instead it specifies conversion of the result of binary operations on arguments from mixed type domains. \CFA's predefined operators match that pattern.
1480\end{rationale}
1481
1482\semantics
1483The interpretations of multiplicative expressions are the interpretations of the corresponding function call.
1484
1485\examples
1486\begin{lstlisting}
1487int i;
1488long li;
1489void eat_double( double );§\use{eat_double}§
1490eat_double( li % i );
1491\end{lstlisting}
1492``©li % i©'' is rewritten as ``©?%?(li, i )©''.
1493The valid interpretations of ©?%?(li, i )©, the cost\index{conversion cost} of converting their arguments, and the cost of converting the result to ©double© (assuming no extended integer types are present ) are
1494\begin{center}
1495\begin{tabular}{lcc} interpretation & argument cost & result cost \\
1496\hline
1497© ?%?( (int)li, i )©                                                                            & (unsafe)      & 6     \\
1498© ?%?( (unsigned)li,(unsigned)i )©                                                      & (unsafe)      & 5     \\
1499© ?%?( li, (long)i )©                                                                           & 1                     & 4     \\
1500© ?%?( (long unsigned)li,(long unsigned)i )©                            & 3                     & 3     \\
1501© ?%?( (long long)li,(long long)i )©                                            & 5                     & 2     \\
1502© ?%?( (long long unsigned)li, (long long unsigned)i )©         & 7                     & 1     \\
1503\end{tabular}
1504\end{center}
1505The best interpretation of ©eat_double( li, i )© is ©eat_double( (double)?%?(li, (long)i ))©, which has no unsafe conversions and the lowest total cost.
1506
1507\begin{rationale}
1508{\c11} defines most arithmetic operations to apply an \Index{integer promotion} to any argument that belongs to a type that has an \Index{integer conversion rank} less than that of ©int©.
1509If ©s© is a ©short int©, ``©s *s©'' does not have type ©short int©;
1510it is treated as ``©( (int)s ) * ( (int)s )©'', and has type ©int©. \CFA matches that pattern;
1511it does not predefine ``©short ?*?( short, short )©''.
1512
1513These ``missing'' operators limit polymorphism.
1514Consider
1515\begin{lstlisting}
1516forall( otype T | T ?*?( T, T ) ) T square( T );
1517short s;
1518square( s );
1519\end{lstlisting}
1520Since \CFA does not define a multiplication operator for ©short int©, ©square( s )© is treated as ©square( (int)s )©, and the result has type ©int©.
1521This is mildly surprising, but it follows the {\c11} operator pattern.
1522
1523A more troubling example is
1524\begin{lstlisting}
1525forall( otype T | ?*?( T, T ) ) T product( T[], int n );
1526short sa[5];
1527product( sa, 5);
1528\end{lstlisting}
1529This has no valid interpretations, because \CFA has no conversion from ``array of ©short int©'' to ``array of ©int©''.
1530The alternatives in such situations include
1531\begin{itemize}
1532\item
1533Defining monomorphic overloadings of ©product© for ©short© and the other ``small'' types.
1534\item
1535Defining ``©short ?*?( short, short )©'' within the scope containing the call to ©product©.
1536\item
1537Defining ©product© to take as an argument a conversion function from the ``small'' type to the operator's argument type.
1538\end{itemize}
1539\end{rationale}
1540
1541
1542\subsection{Additive operators}
1543
1544\begin{syntax}
1545\lhs{additive-expression}
1546\rhs \nonterm{multiplicative-expression}
1547\rhs \nonterm{additive-expression} ©+© \nonterm{multiplicative-expression}
1548\rhs \nonterm{additive-expression} ©-© \nonterm{multiplicative-expression}
1549\end{syntax}
1550
1551\rewriterules
1552\begin{lstlisting}
1553a + b => ?+?( a, b )§\use{?+?}§
1554a - b => ?-?( a, b )§\use{?-?}§
1555\end{lstlisting}
1556
1557\predefined
1558\begin{lstlisting}
1559int?+?( int, int ), ?-?( int, int );
1560unsigned int?+?( unsigned int, unsigned int ), ?-?( unsigned int, unsigned int );
1561long int?+?( long int, long int ), ?-?( long int, long int );
1562long unsigned int?+?( long unsigned int, long unsigned int ), ?-?( long unsigned int, long unsigned int );
1563long long int?+?( long long int, long long int ), ?-?( long long int, long long int );
1564long long unsigned int ?+?( long long unsigned int, long long unsigned int ),
1565        ?-?( long long unsigned int, long long unsigned int );
1566float?+?( float, float ), ?-?( float, float );
1567double?+?( double, double ), ?-?( double, double );
1568long double?+?( long double, long double ), ?-?( long double, long double );
1569_Complex float?+?( _Complex float, float ), ?-?( _Complex float, float ),
1570        ?+?( float, _Complex float ), ?-?( float, _Complex float ),
1571        ?+?( _Complex float, _Complex float ), ?-?( _Complex float, _Complex float );
1572_Complex double?+?( _Complex double, double ), ?-?( _Complex double, double ),
1573        ?+?( double, _Complex double ), ?-?( double, _Complex double ),
1574        ?+?( _Complex double, _Complex double ), ?-?( _Complex double, _Complex double );
1575_Complex long double?+?( _Complex long double, long double ), ?-?( _Complex long double, long double ),
1576        ?+?( long double, _Complex long double ), ?-?( long double, _Complex long double ),
1577        ?+?( _Complex long double, _Complex long double ), ?-?( _Complex long double, _Complex long double );
1578
1579forall( otype T ) T * ?+?( T *, ptrdiff_t ), * ?+?( ptrdiff_t, T * ), * ?-?( T *, ptrdiff_t );
1580forall( otype T ) _Atomic T * ?+?( _Atomic T *, ptrdiff_t ), * ?+?( ptrdiff_t, _Atomic T * ),
1581        * ?-?( _Atomic T *, ptrdiff_t );
1582forall( otype T ) const T * ?+?( const T *, ptrdiff_t ), * ?+?( ptrdiff_t, const T * ),
1583        * ?-?( const T *, ptrdiff_t );
1584forall( otype T ) restrict T * ?+?( restrict T *, ptrdiff_t ), * ?+?( ptrdiff_t, restrict T * ),
1585        * ?-?( restrict T *, ptrdiff_t );
1586forall( otype T ) volatile T * ?+?( volatile T *, ptrdiff_t ), * ?+?( ptrdiff_t, volatile T * ),
1587        * ?-?( volatile T *, ptrdiff_t );
1588forall( otype T ) _Atomic const T * ?+?( _Atomic const T *, ptrdiff_t ), * ?+?( ptrdiff_t, _Atomic const T * ),
1589        * ?-?( _Atomic const T *, ptrdiff_t );
1590forall( otype T ) _Atomic restrict T * ?+?( _Atomic restrict T *, ptrdiff_t ), * ?+?( ptrdiff_t, _Atomic restrict T * ),
1591        * ?-?( _Atomic restrict T *, ptrdiff_t );
1592forall( otype T ) _Atomic volatile T * ?+?( _Atomic volatile T *, ptrdiff_t ), * ?+?( ptrdiff_t, _Atomic volatile T * ),
1593        * ?-?( _Atomic volatile T *, ptrdiff_t );
1594forall( otype T ) const restrict T * ?+?( const restrict T *, ptrdiff_t ), * ?+?( ptrdiff_t, const restrict T * ),
1595        * ?-?( const restrict T *, ptrdiff_t );
1596forall( otype T ) const volatile T * ?+?( const volatile T *, ptrdiff_t ), * ?+?( ptrdiff_t, const volatile T * ),
1597        * ?-?( const volatile T *, ptrdiff_t );
1598forall( otype T ) restrict volatile T * ?+?( restrict volatile T *, ptrdiff_t ), * ?+?( ptrdiff_t, restrict volatile T * ),
1599        * ?-?( restrict volatile T *, ptrdiff_t );
1600forall( otype T ) _Atomic const restrict T * ?+?( _Atomic const restrict T *, ptrdiff_t ),
1601        * ?+?( ptrdiff_t, _Atomic const restrict T * ),
1602        * ?-?( _Atomic const restrict T *, ptrdiff_t );
1603forall( otype T ) ptrdiff_t
1604        * ?-?( const restrict volatile T *, const restrict volatile T * ),
1605        * ?-?( _Atomic const restrict volatile T *, _Atomic const restrict volatile T * );
1606\end{lstlisting}
1607For every extended integer type ©X© with \Index{integer conversion rank} greater than the rank of ©int© there exist
1608% Don't use predefined: keep this out of prelude.cf.
1609\begin{lstlisting}
1610X ?+?( X ), ?-?( X );
1611\end{lstlisting}
1612
1613\semantics
1614The interpretations of additive expressions are the interpretations of the corresponding function calls.
1615
1616\begin{rationale}
1617©ptrdiff_t© is an implementation-defined identifier defined in ©<stddef.h>© that is synonymous with a signed integral type that is large enough to hold the difference between two pointers.
1618It seems reasonable to use it for pointer addition as well. (This is technically a difference between \CFA and C, which only specifies that pointer addition uses an \emph{integral} argument.) Hence it is also used for subscripting, which is defined in terms of pointer addition.
1619The {\c11} standard uses ©size_t© in several cases where a library function takes an argument that is used as a subscript, but ©size_t© is unsuitable here because it is an unsigned type.
1620\end{rationale}
1621
1622
1623\subsection{Bitwise shift operators}
1624
1625\begin{syntax}
1626\lhs{shift-expression}
1627\rhs \nonterm{additive-expression}
1628\rhs \nonterm{shift-expression} ©<<© \nonterm{additive-expression}
1629\rhs \nonterm{shift-expression} ©>>© \nonterm{additive-expression}
1630\end{syntax}
1631
1632\rewriterules
1633\begin{lstlisting}
1634a << b => ?<<?( a, b )§\use{?<<?}§
1635a >> b => ?>>?( a, b )§\use{?>>?}§
1636\end{lstlisting}
1637
1638\predefined
1639\begin{lstlisting}
1640int ?<<?( int, int ), ?>>?( int, int );
1641unsigned int ?<<?( unsigned int, int ), ?>>?( unsigned int, int );
1642long int ?<<?( long int, int ), ?>>?( long int, int );
1643long unsigned int ?<<?( long unsigned int, int ), ?>>?( long unsigned int, int );
1644long long int ?<<?( long long int, int ), ?>>?( long long int, int );
1645long long unsigned int ?<<?( long long unsigned int, int ), ?>>?( long long unsigned int, int);
1646\end{lstlisting}
1647For every extended integer type ©X© with \Index{integer conversion rank} greater than the rank of ©int© there exist
1648% Don't use predefined: keep this out of prelude.cf.
1649\begin{lstlisting}
1650X ?<<?( X, int ), ?>>?( X, int );
1651\end{lstlisting}
1652
1653\begin{rationale}
1654The bitwise shift operators break the usual pattern: they do not convert both operands to a common type.
1655The right operand only undergoes \Index{integer promotion}.
1656\end{rationale}
1657
1658\semantics
1659The interpretations of a bitwise shift expression are the interpretations of the corresponding function calls.
1660
1661
1662\subsection{Relational operators}
1663
1664\begin{syntax}
1665\lhs{relational-expression}
1666\rhs \nonterm{shift-expression}
1667\rhs \nonterm{relational-expression} ©< © \nonterm{shift-expression}
1668\rhs \nonterm{relational-expression} ©> © \nonterm{shift-expression}
1669\rhs \nonterm{relational-expression} ©<=© \nonterm{shift-expression}
1670\rhs \nonterm{relational-expression} ©>=© \nonterm{shift-expression}
1671\end{syntax}
1672
1673\rewriterules
1674\begin{lstlisting}
1675a < b => ?<?( a, b )§\use{?<?}§
1676a > b => ?>?( a, b )§\use{?>?}§
1677a <= b => ?<=?( a, b )§\use{?<=?}§
1678a >= b => ?>=?( a, b )§\use{?>=?}§
1679\end{lstlisting}
1680
1681\predefined
1682\begin{lstlisting}
1683int ?<?( int, int ), ?<=?( int, int ),
1684        ?>?( int, int ), ?>=?( int, int );
1685int ?<?( unsigned int, unsigned int ), ?<=?( unsigned int, unsigned int ),
1686        ?>?( unsigned int, unsigned int ), ?>=?( unsigned int, unsigned int );
1687int ?<?( long int, long int ), ?<=?( long int, long int ),
1688        ?>?( long int, long int ), ?>=?( long int, long int );
1689int ?<?( long unsigned int, long unsigned ), ?<=?( long unsigned int, long unsigned ),
1690        ?>?( long unsigned int, long unsigned ), ?>=?( long unsigned int, long unsigned );
1691int ?<?( long long int, long long int ), ?<=?( long long int, long long int ),
1692        ?>?( long long int, long long int ), ?>=?( long long int, long long int );
1693int ?<?( long long unsigned int, long long unsigned ), ?<=?( long long unsigned int, long long unsigned ),
1694        ?>?( long long unsigned int, long long unsigned ), ?>=?( long long unsigned int, long long unsigned );
1695int ?<?( float, float ), ?<=?( float, float ),
1696        ?>?( float, float ), ?>=?( float, float );
1697int ?<?( double, double ), ?<=?( double, double ),
1698        ?>?( double, double ), ?>=?( double, double );
1699int ?<?( long double, long double ), ?<=?( long double, long double ),
1700        ?>?( long double, long double ), ?>=?( long double, long double );
1701forall( dtype DT ) int ?<?( const restrict volatile DT *, const restrict volatile DT * ),
1702        ?<?( _Atomic const restrict volatile DT *, _Atomic const restrict volatile DT * ),
1703        ?<=?( const restrict volatile DT *, const restrict volatile DT * ),
1704        ?<=?( _Atomic const restrict volatile DT *, _Atomic const restrict volatile DT * ),
1705        ?>?( const restrict volatile DT *, const restrict volatile DT * ),
1706        ?>?( _Atomic const restrict volatile DT *, _Atomic const restrict volatile DT * ),
1707        ?>=?( const restrict volatile DT *, const restrict volatile DT * ),
1708        ?>=?( _Atomic const restrict volatile DT *, _Atomic const restrict volatile DT * );
1709\end{lstlisting}
1710For every extended integer type ©X© with \Index{integer conversion rank} greater than the rank of ©int© there exist
1711% Don't use predefined: keep this out of prelude.cf.
1712\begin{lstlisting}
1713int ?<?( X, X ),
1714        ?<=?( X, X ),
1715        ?<?( X, X ),
1716        ?>=?( X, X );
1717\end{lstlisting}
1718
1719\semantics
1720The interpretations of a relational expression are the interpretations of the corresponding function call.
1721
1722
1723\subsection{Equality operators}
1724
1725\begin{syntax}
1726\lhs{equality-expression}
1727\rhs \nonterm{relational-expression}
1728\rhs \nonterm{equality-expression} ©==© \nonterm{relational-expression}
1729\rhs \nonterm{equality-expression} ©!=© \nonterm{relational-expression}
1730\end{syntax}
1731
1732\rewriterules
1733\begin{lstlisting}
1734a == b => ?==?( a, b )§\use{?==?}§
1735a != b => ?!=?( a, b )§\use{?"!=?}§
1736\end{lstlisting}
1737
1738\predefined
1739\begin{lstlisting}
1740int ?==?( int, int ), ?!=?( int, int ),
1741        ?==?( unsigned int, unsigned int ), ?!=?( unsigned int, unsigned int ),
1742        ?==?( long int, long int ), ?!=?( long int, long int ),
1743        ?==?( long unsigned int, long unsigned int ), ?!=?( long unsigned int, long unsigned int ),
1744        ?==?( long long int, long long int ), ?!=?( long long int, long long int ),
1745        ?==?( long long unsigned int, long long unsigned int ), ?!=?( long long unsigned int, long long unsigned int ),
1746        ?==?( float, float ), ?!=?( float, float ),
1747        ?==?( _Complex float, float ), ?!=?( _Complex float, float ),
1748        ?==?( float, _Complex float ), ?!=?( float, _Complex float ),
1749        ?==?( _Complex float, _Complex float ), ?!=?( _Complex float, _Complex float ),
1750        ?==?( double, double ), ?!=?( double, double ),
1751        ?==?( _Complex double, double ), ?!=?( _Complex double, double ),
1752        ?==?( double, _Complex double ), ?!=?( double, _Complex double ),
1753        ?==?( _Complex double, _Complex double ), ?!=?( _Complex double, _Complex double ),
1754        ?==?( long double, long double ), ?!=?( long double, long double ),
1755        ?==?( _Complex long double, long double ), ?!=?( _Complex long double, long double ),
1756        ?==?( long double, _Complex long double ), ?!=?( long double, _Complex long double ),
1757        ?==?( _Complex long double, _Complex long double ), ?!=?( _Complex long double, _Complex long double );
1758forall( dtype DT ) int
1759        ?==?( const restrict volatile DT *, const restrict volatile DT * ),
1760        ?!=?( const restrict volatile DT *, const restrict volatile DT * ),
1761        ?==?( const restrict volatile DT *, const restrict volatile void * ),
1762        ?!=?( const restrict volatile DT *, const restrict volatile void * ),
1763        ?==?( const restrict volatile void *, const restrict volatile DT * ),
1764        ?!=?( const restrict volatile void *, const restrict volatile DT * ),
1765        ?==?( const restrict volatile DT *, forall( dtype DT2) const DT2 * ),
1766        ?!=?( const restrict volatile DT *, forall( dtype DT2) const DT2 * ),
1767        ?==?( forall( dtype DT2) const DT2*, const restrict volatile DT * ),
1768        ?!=?( forall( dtype DT2) const DT2*, const restrict volatile DT * ),
1769        ?==?( forall( dtype DT2) const DT2*, forall( dtype DT3) const DT3 * ),
1770        ?!=?( forall( dtype DT2) const DT2*, forall( dtype DT3) const DT3 * ),
1771
1772        ?==?( _Atomic const restrict volatile DT *, _Atomic const restrict volatile DT * ),
1773        ?!=?( _Atomic const restrict volatile DT *, _Atomic const restrict volatile DT * ),
1774        ?==?( _Atomic const restrict volatile DT *, const restrict volatile void * ),
1775        ?!=?( _Atomic const restrict volatile DT *, const restrict volatile void * ),
1776        ?==?( const restrict volatile void *, _Atomic const restrict volatile DT * ),
1777        ?!=?( const restrict volatile void *, _Atomic const restrict volatile DT * ),
1778        ?==?( _Atomic const restrict volatile DT *, forall( dtype DT2) const DT2 * ),
1779        ?!=?( _Atomic const restrict volatile DT *, forall( dtype DT2) const DT2 * ),
1780        ?==?( forall( dtype DT2) const DT2*, _Atomic const restrict volatile DT * ),
1781        ?!=?( forall( dtype DT2) const DT2*, _Atomic const restrict volatile DT * );
1782forall( ftype FT ) int
1783        ?==?( FT *, FT * ), ?!=?( FT *, FT * ),
1784        ?==?( FT *, forall( ftype FT2) FT2 * ), ?!=?( FT *, forall( ftype FT2) FT2 * ),
1785        ?==?( forall( ftype FT2) FT2*, FT * ), ?!=?( forall( ftype FT2) FT2*, FT * ),
1786        ?==?( forall( ftype FT2) FT2*, forall( ftype FT3) FT3 * ), ?!=?( forall( ftype FT2) FT2*, forall( ftype FT3) FT3 * );
1787\end{lstlisting}
1788For every extended integer type ©X© with \Index{integer conversion rank} greater than the rank of ©int© there exist
1789% Don't use predefined: keep this out of prelude.cf.
1790\begin{lstlisting}
1791int ?==?( X, X ),
1792        ?!=?( X, X );
1793\end{lstlisting}
1794
1795\begin{rationale}
1796The polymorphic equality operations come in three styles: comparisons between pointers of compatible types, between pointers to ©void© and pointers to object types or incomplete types, and between the \Index{null pointer} constant and pointers to any type.
1797In the last case, a special constraint rule for null pointer constant operands has been replaced by a consequence of the \CFA type system.
1798\end{rationale}
1799
1800\semantics
1801The interpretations of an equality expression are the interpretations of the corresponding function call.
1802
1803\begin{sloppypar}
1804The result of an equality comparison between two pointers to predefined functions or predefined values is implementation-defined.
1805\end{sloppypar}
1806\begin{rationale}
1807The implementation-defined status of equality comparisons allows implementations to use one library routine to implement many predefined functions.
1808These optimization are particularly important when the predefined functions are polymorphic, as is the case for most pointer operations
1809\end{rationale}
1810
1811
1812\subsection{Bitwise AND operator}
1813
1814\begin{syntax}
1815\lhs{AND-expression}
1816\rhs \nonterm{equality-expression}
1817\rhs \nonterm{AND-expression} ©&© \nonterm{equality-expression}
1818\end{syntax}
1819
1820\rewriterules
1821\begin{lstlisting}
1822a & b => ?&?( a, b )§\use{?&?}§
1823\end{lstlisting}
1824
1825\predefined
1826\begin{lstlisting}
1827int ?&?( int, int );
1828unsigned int ?&?( unsigned int, unsigned int );
1829long int ?&?( long int, long int );
1830long unsigned int ?&?( long unsigned int, long unsigned int );
1831long long int ?&?( long long int, long long int );
1832long long unsigned int ?&?( long long unsigned int, long long unsigned int );
1833\end{lstlisting}
1834For every extended integer type ©X© with \Index{integer conversion rank} greater than the rank of ©int© there exist
1835% Don't use predefined: keep this out of prelude.cf.
1836\begin{lstlisting}
1837int ?&?( X, X );
1838\end{lstlisting}
1839
1840\semantics
1841The interpretations of a bitwise AND expression are the interpretations of the corresponding function call.
1842
1843
1844\subsection{Bitwise exclusive OR operator}
1845
1846\begin{syntax}
1847\lhs{exclusive-OR-expression}
1848\rhs \nonterm{AND-expression}
1849\rhs \nonterm{exclusive-OR-expression} ©^© \nonterm{AND-expression}
1850\end{syntax}
1851
1852\rewriterules
1853\begin{lstlisting}
1854a ^ b => ?^?( a, b )§\use{?^?}§
1855\end{lstlisting}
1856
1857\predefined
1858\begin{lstlisting}
1859int ?^?( int, int );
1860unsigned int ?^?( unsigned int, unsigned int );
1861long int ?^?( long int, long int );
1862long unsigned int ?^?( long unsigned int, long unsigned int );
1863long long int ?^?( long long int, long long int );
1864long long unsigned int ?^?( long long unsigned int, long long unsigned int );
1865\end{lstlisting}
1866For every extended integer type ©X© with \Index{integer conversion rank} greater than the rank of ©int© there exist
1867% Don't use predefined: keep this out of prelude.cf.
1868\begin{lstlisting}
1869int ?^?( X, X );
1870\end{lstlisting}
1871
1872\semantics
1873The interpretations of a bitwise exclusive OR expression are the interpretations of the corresponding function call.
1874
1875
1876\subsection{Bitwise inclusive OR operator}
1877
1878\begin{syntax}
1879\lhs{inclusive-OR-expression}
1880\rhs \nonterm{exclusive-OR-expression}
1881\rhs \nonterm{inclusive-OR-expression} ©|© \nonterm{exclusive-OR-expression}
1882\end{syntax}
1883
1884\rewriterules
1885\begin{lstlisting}
1886a | b => ?|?( a, b )§\use{?"|?}§
1887\end{lstlisting}
1888
1889\predefined
1890\begin{lstlisting}
1891int ?|?( int, int );
1892unsigned int ?|?( unsigned int, unsigned int );
1893long int ?|?( long int, long int );
1894long unsigned int ?|?( long unsigned int, long unsigned int );
1895long long int ?|?( long long int, long long int );
1896long long unsigned int ?|?( long long unsigned int, long long unsigned int );
1897\end{lstlisting}
1898For every extended integer type ©X© with \Index{integer conversion rank} greater than the rank of ©int© there exist
1899% Don't use predefined: keep this out of prelude.cf.
1900\begin{lstlisting}
1901int ?|?( X, X );
1902\end{lstlisting}
1903
1904\semantics 
1905The interpretations of a bitwise inclusive OR expression are the interpretations of the corresponding function call.
1906
1907
1908\subsection{Logical AND operator}
1909
1910\begin{syntax}
1911\lhs{logical-AND-expression}
1912\rhs \nonterm{inclusive-OR-expression}
1913\rhs \nonterm{logical-AND-expression} ©&&© \nonterm{inclusive-OR-expression}
1914\end{syntax}
1915
1916\semantics The operands of the expression ``©a && b©'' are treated as ``©(int)((a)!=0)©'' and ``©(int)((b)!=0)©'', which shall both be unambiguous.
1917The expression has only one interpretation, which is of type ©int©.
1918\begin{rationale}
1919When the operands of a logical expression are values of built-in types, and ``©!=©'' has not been redefined for those types, the compiler can optimize away the function calls.
1920
1921A common C idiom omits comparisons to ©0© in the controlling expressions of loops and ©if© statements.
1922For instance, the loop below iterates as long as ©rp© points at a ©Rational© value that is non-zero.
1923
1924\begin{lstlisting}
1925extern otype Rational;§\use{Rational}§
1926extern const Rational 0;§\use{0}§
1927extern int ?!=?( Rational, Rational );
1928Rational *rp;
1929while ( rp && *rp ) { ... }
1930\end{lstlisting}
1931The logical expression calls the ©Rational© inequality operator, passing it ©*rp© and the ©Rational 0©, and getting a 1 or 0 as a result.
1932In contrast, {\CC} would apply a programmer-defined ©Rational©-to-©int© conversion to ©*rp© in the equivalent situation.
1933The conversion to ©int© would produce a general integer value, which is unfortunate, and possibly dangerous if the conversion was not written with this situation in mind.
1934\end{rationale}
1935
1936
1937\subsection{Logical OR operator}
1938
1939\begin{syntax}
1940\lhs{logical-OR-expression}
1941\rhs \nonterm{logical-AND-expression}
1942\rhs \nonterm{logical-OR-expression} ©||© \nonterm{logical-AND-expression}
1943\end{syntax}
1944
1945\semantics
1946
1947The operands of the expression ``©a || b©'' are treated as ``©(int)((a)!=0)©'' and ``©(int)((b))!=0)©'', which shall both be unambiguous.
1948The expression has only one interpretation, which is of type ©int©.
1949
1950
1951\subsection{Conditional operator}
1952
1953\begin{syntax}
1954\lhs{conditional-expression}
1955\rhs \nonterm{logical-OR-expression}
1956\rhs \nonterm{logical-OR-expression} ©?© \nonterm{expression}
1957         ©:© \nonterm{conditional-expression}
1958\end{syntax}
1959
1960\semantics
1961In the conditional expression\use{?:} ``©a?b:c©'', if the second and third operands both have an interpretation with ©void© type, then the expression has an interpretation with type ©void©, equivalent to
1962\begin{lstlisting}
1963( int)(( a)!=0) ? ( void)( b) : ( void)( c)
1964\end{lstlisting}
1965
1966If the second and third operands both have interpretations with non-©void© types, the expression is treated as if it were the call ``©cond((a)!=0, b, c)©'', with ©cond© declared as
1967\begin{lstlisting}
1968forall( otype T ) T cond( int, T, T );
1969forall( dtype D ) void * cond( int, D *, void * ), * cond( int, void *, D * );
1970forall( dtype D ) _atomic void * cond(
1971        int, _Atomic D *, _Atomic void * ), * cond( int, _Atomic void *, _Atomic D * );
1972forall( dtype D ) const void * cond(
1973        int, const D *, const void * ), * cond( int, const void *, const D * );
1974forall( dtype D ) restrict void * cond(
1975        int, restrict D *, restrict void * ), * cond( int, restrict void *, restrict D * );
1976forall( dtype D ) volatile void * cond(
1977        int, volatile D *, volatile void * ), * cond( int, volatile void *, volatile D * );
1978forall( dtype D ) _Atomic const void * cond(
1979        int, _Atomic const D *, _Atomic const void * ), * cond( int, _Atomic const void *, _Atomic const D * );
1980forall( dtype D ) _Atomic restrict void * cond(
1981        int, _Atomic restrict D *, _Atomic restrict void * ), * cond( int, _Atomic restrict void *, _Atomic restrict D * );
1982forall( dtype D ) _Atomic volatile void * cond(
1983        int, _Atomic volatile D *, _Atomic volatile void * ), * cond( int, _Atomic volatile void *, _Atomic volatile D * );
1984forall( dtype D ) const restrict void * cond(
1985        int, const restrict D *, const restrict void * ), * cond( int, const restrict void *, const restrict D * );
1986forall( dtype D ) const volatile void * cond(
1987        int, const volatile D *, const volatile void * ), * cond( int, const volatile void *, const volatile D * );
1988forall( dtype D ) restrict volatile void * cond(
1989        int, restrict volatile D *, restrict volatile void * ), * cond( int, restrict volatile void *, restrict volatile D * );
1990forall( dtype D ) _Atomic const restrict void * cond(
1991        int, _Atomic const restrict D *, _Atomic const restrict void * ),
1992        * cond( int, _Atomic const restrict void *, _Atomic const restrict D * );
1993forall( dtype D ) _Atomic const volatile void * cond(
1994        int, _Atomic const volatile D *, _Atomic const volatile void * ),
1995        * cond( int, _Atomic const volatile void *, _Atomic const volatile D * );
1996forall( dtype D ) _Atomic restrict volatile void * cond(
1997        int, _Atomic restrict volatile D *, _Atomic restrict volatile void * ),
1998        * cond( int, _Atomic restrict volatile void *, _Atomic restrict volatile D * );
1999forall( dtype D ) const restrict volatile void * cond(
2000        int, const restrict volatile D *, const restrict volatile void * ),
2001        * cond( int, const restrict volatile void *, const restrict volatile D * );
2002forall( dtype D ) _Atomic const restrict volatile void * cond(
2003        int, _Atomic const restrict volatile D *, _Atomic const restrict volatile void * ),
2004        * cond( int, _Atomic const restrict volatile void *, _Atomic const restrict volatile D * );
2005\end{lstlisting}
2006
2007\begin{rationale}
2008The object of the above is to apply the \Index{usual arithmetic conversion}s when the second and third operands have arithmetic type, and to combine the qualifiers of the second and third operands if they are pointers.
2009\end{rationale}
2010
2011\examples
2012\begin{lstlisting}
2013#include <stdlib.h>
2014int i;
2015long l;
2016rand() ? i : l;
2017\end{lstlisting}
2018The best interpretation infers the expression's type to be ©long© and applies the safe ©int©-to-©long© conversion to ©i©.
2019
2020\begin{lstlisting}
2021const int *cip;
2022volatile int *vip;
2023rand() ? cip : vip;
2024\end{lstlisting}
2025The expression has type ©const volatile int *©, with safe conversions applied to the second and third operands to add ©volatile© and ©const© qualifiers, respectively.
2026
2027\begin{lstlisting}
2028rand() ? cip : 0;
2029\end{lstlisting}
2030The expression has type ©const int *©, with a specialization conversion applied to ©0©.
2031
2032
2033\subsection{Assignment operators}
2034
2035\begin{syntax}
2036\lhs{assignment-expression}
2037\rhs \nonterm{conditional-expression}
2038\rhs \nonterm{unary-expression} \nonterm{assignment-operator}
2039         \nonterm{assignment-expression}
2040\lhs{assignment-operator} one of
2041\rhs ©=©\ \ ©*=©\ \ ©/=©\ \ ©%=©\ \ ©+=©\ \ ©-=©\ \ ©<<=©\ \ ©>>=©\ \ ©&=©\ \ ©^=©\ \ ©|=©
2042\end{syntax}
2043
2044\rewriterules
2045Let ``©<-©'' be any of the assignment operators.
2046Then
2047\use{?=?}\use{?*=?}\use{?/=?}\use{?%=?}\use{?+=?}\use{?-=?}\use{?>>=?}\use{?&=?}\use{?^=?}\use{?"|=?}%use{?<<=?}
2048\begin{lstlisting}
2049a <- b => ?<-?( &( a ), b )
2050\end{lstlisting}
2051
2052\semantics
2053Each interpretation of the left operand of an assignment expression is considered separately.
2054For each interpretation that is a bit-field or is declared with the ©register© storage class specifier, the expression has one valid interpretation, with the type of the left operand.
2055The right operand is cast to that type, and the assignment expression is ambiguous if either operand is.
2056For the remaining interpretations, the expression is rewritten, and the interpretations of the assignment expression are the interpretations of the corresponding function call.
2057Finally, all interpretations of the expression produced for the different interpretations of the left operand are combined to produce the interpretations of the expression as a whole;
2058where interpretations have compatible result types, the best interpretations are selected in the manner described for function call expressions.
2059
2060
2061\subsubsection{Simple assignment}
2062
2063\predefined
2064\begin{lstlisting}
2065_Bool
2066        ?=?( volatile _Bool *, _Bool ),
2067        ?=?( volatile _Bool *, forall( dtype D ) D * ),
2068        ?=?( volatile _Bool *, forall( ftype F ) F * ),
2069        ?=?( _Atomic volatile _Bool *, _Bool ),
2070        ?=?( _Atomic volatile _Bool *, forall( dtype D ) D * ),
2071        ?=?( _Atomic volatile _Bool *, forall( ftype F ) F * );
2072char
2073        ?=?( volatile char *, char ),
2074        ?=?( _Atomic volatile char *, char );
2075unsigned char
2076        ?=?( volatile unsigned char *, unsigned char ),
2077        ?=?( _Atomic volatile unsigned char *, unsigned char );
2078signed char
2079        ?=?( volatile signed char *, signed char ),
2080        ?=?( _Atomic volatile signed char *, signed char );
2081short int
2082        ?=?( volatile short int *, short int ),
2083        ?=?( _Atomic volatile short int *, short int );
2084unsigned short
2085        ?=?( volatile unsigned int *, unsigned int ),
2086        ?=?( _Atomic volatile unsigned int *, unsigned int );
2087int
2088        ?=?( volatile int *, int ),
2089        ?=?( _Atomic volatile int *, int );
2090unsigned int
2091        ?=?( volatile unsigned int *, unsigned int ),
2092        ?=?( _Atomic volatile unsigned int *, unsigned int );
2093long int
2094        ?=?( volatile long int *, long int ),
2095        ?=?( _Atomic volatile long int *, long int );
2096unsigned long int
2097        ?=?( volatile unsigned long int *, unsigned long int ),
2098        ?=?( _Atomic volatile unsigned long int *, unsigned long int );
2099long long int
2100        ?=?( volatile long long int *, long long int ),
2101        ?=?( _Atomic volatile long long int *, long long int );
2102unsigned long long int
2103        ?=?( volatile unsigned long long int *, unsigned long long int ),
2104        ?=?( _Atomic volatile unsigned long long int *, unsigned long long int );
2105float
2106        ?=?( volatile float *, float ),
2107        ?=?( _Atomic volatile float *, float );
2108double
2109        ?=?( volatile double *, double ),
2110        ?=?( _Atomic volatile double *, double );
2111long double
2112        ?=?( volatile long double *, long double ),
2113        ?=?( _Atomic volatile long double *, long double );
2114_Complex float
2115        ?=?( volatile float *, float ),
2116        ?=?( _Atomic volatile float *, float );
2117_Complex double
2118        ?=?( volatile double *, double ),
2119        ?=?( _Atomic volatile double *, double );
2120_Complex long double
2121        ?=?( volatile _Complex long double *, _Complex long double ),
2122        ?=?( _Atomic volatile _Complex long double *, _Atomic _Complex long double );
2123forall( ftype FT ) FT
2124        * ?=?( FT * volatile *, FT * ),
2125        * ?=?( FT * volatile *, forall( ftype F ) F * );
2126forall( ftype FT ) FT const
2127        * ?=?( FT const * volatile *, FT const * ),
2128        * ?=?( FT const * volatile *, forall( ftype F ) F * );
2129forall( ftype FT ) FT volatile
2130        * ?=?( FT volatile * volatile *, FT * ),
2131        * ?=?( FT volatile * volatile *, forall( ftype F ) F * );
2132forall( ftype FT ) FT const
2133        * ?=?( FT const volatile * volatile *, FT const * ),
2134        * ?=?( FT const volatile * volatile *, forall( ftype F ) F * );
2135forall( dtype DT ) DT
2136        * ?=?( DT * restrict volatile *, DT * ),
2137        * ?=?( DT * restrict volatile *, void * ),
2138        * ?=?( DT * restrict volatile *, forall( dtype D ) D * ),
2139        * ?=?( DT * _Atomic restrict volatile *, DT * ),
2140        * ?=?( DT * _Atomic restrict volatile *, void * ),
2141        * ?=?( DT * _Atomic restrict volatile *, forall( dtype D ) D * );
2142forall( dtype DT ) DT _Atomic
2143        * ?=?( _Atomic DT * restrict volatile *, DT _Atomic * ),
2144        * ?=?( _Atomic DT * restrict volatile *, void * ),
2145        * ?=?( _Atomic DT * restrict volatile *, forall( dtype D ) D * ),
2146        * ?=?( _Atomic DT * _Atomic restrict volatile *, DT _Atomic * ),
2147        * ?=?( _Atomic DT * _Atomic restrict volatile *, void * ),
2148        * ?=?( _Atomic DT * _Atomic restrict volatile *, forall( dtype D ) D * );
2149forall( dtype DT ) DT const
2150        * ?=?( DT const * restrict volatile *, DT const * ),
2151        * ?=?( DT const * restrict volatile *, void const * ),
2152        * ?=?( DT const * restrict volatile *, forall( dtype D ) D * ),
2153        * ?=?( DT const * _Atomic restrict volatile *, DT const * ),
2154        * ?=?( DT const * _Atomic restrict volatile *, void const * ),
2155        * ?=?( DT const * _Atomic restrict volatile *, forall( dtype D ) D * );
2156forall( dtype DT ) DT restrict
2157        * ?=?( restrict DT * restrict volatile *, DT restrict * ),
2158        * ?=?( restrict DT * restrict volatile *, void * ),
2159        * ?=?( restrict DT * restrict volatile *, forall( dtype D ) D * ),
2160        * ?=?( restrict DT * _Atomic restrict volatile *, DT restrict * ),
2161        * ?=?( restrict DT * _Atomic restrict volatile *, void * ),
2162        * ?=?( restrict DT * _Atomic restrict volatile *, forall( dtype D ) D * );
2163forall( dtype DT ) DT volatile
2164        * ?=?( DT volatile * restrict volatile *, DT volatile * ),
2165        * ?=?( DT volatile * restrict volatile *, void volatile * ),
2166        * ?=?( DT volatile * restrict volatile *, forall( dtype D ) D * ),
2167        * ?=?( DT volatile * _Atomic restrict volatile *, DT volatile * ),
2168        * ?=?( DT volatile * _Atomic restrict volatile *, void volatile * ),
2169        * ?=?( DT volatile * _Atomic restrict volatile *, forall( dtype D ) D * );
2170forall( dtype DT ) DT _Atomic const
2171        * ?=?( DT _Atomic const * restrict volatile *, DT _Atomic const * ),
2172        * ?=?( DT _Atomic const * restrict volatile *, void const * ),
2173        * ?=?( DT _Atomic const * restrict volatile *, forall( dtype D ) D * ),
2174        * ?=?( DT _Atomic const * _Atomic restrict volatile *, DT _Atomic const * ),
2175        * ?=?( DT _Atomic const * _Atomic restrict volatile *, void const * ),
2176        * ?=?( DT _Atomic const * _Atomic restrict volatile *, forall( dtype D ) D * );
2177forall( dtype DT ) DT _Atomic restrict
2178        * ?=?( _Atomic restrict DT * restrict volatile *, DT _Atomic restrict * ),
2179        * ?=?( _Atomic restrict DT * restrict volatile *, void * ),
2180        * ?=?( _Atomic restrict DT * restrict volatile *, forall( dtype D ) D * ),
2181        * ?=?( _Atomic restrict DT * _Atomic restrict volatile *, DT _Atomic restrict * ),
2182        * ?=?( _Atomic restrict DT * _Atomic restrict volatile *, void * ),
2183        * ?=?( _Atomic restrict DT * _Atomic restrict volatile *, forall( dtype D ) D * );
2184forall( dtype DT ) DT _Atomic volatile
2185        * ?=?( DT _Atomic volatile * restrict volatile *, DT _Atomic volatile * ),
2186        * ?=?( DT _Atomic volatile * restrict volatile *, void volatile * ),
2187        * ?=?( DT _Atomic volatile * restrict volatile *, forall( dtype D ) D * ),
2188        * ?=?( DT _Atomic volatile * _Atomic restrict volatile *, DT _Atomic volatile * ),
2189        * ?=?( DT _Atomic volatile * _Atomic restrict volatile *, void volatile * ),
2190        * ?=?( DT _Atomic volatile * _Atomic restrict volatile *, forall( dtype D ) D * );
2191forall( dtype DT ) DT const restrict
2192        * ?=?( DT const restrict * restrict volatile *, DT const restrict * ),
2193        * ?=?( DT const restrict * restrict volatile *, void const * ),
2194        * ?=?( DT const restrict * restrict volatile *, forall( dtype D ) D * ),
2195        * ?=?( DT const restrict * _Atomic restrict volatile *, DT const restrict * ),
2196        * ?=?( DT const restrict * _Atomic restrict volatile *, void const * ),
2197        * ?=?( DT const restrict * _Atomic restrict volatile *, forall( dtype D ) D * );
2198forall( dtype DT ) DT const volatile
2199        * ?=?( DT const volatile * restrict volatile *, DT const volatile * ),
2200        * ?=?( DT const volatile * restrict volatile *, void const volatile * ),
2201        * ?=?( DT const volatile * restrict volatile *, forall( dtype D ) D * ),
2202        * ?=?( DT const volatile * _Atomic restrict volatile *, DT const volatile * ),
2203        * ?=?( DT const volatile * _Atomic restrict volatile *, void const volatile * ),
2204        * ?=?( DT const volatile * _Atomic restrict volatile *, forall( dtype D ) D * );
2205forall( dtype DT ) DT restrict volatile
2206        * ?=?( DT restrict volatile * restrict volatile *, DT restrict volatile * ),
2207        * ?=?( DT restrict volatile * restrict volatile *, void volatile * ),
2208        * ?=?( DT restrict volatile * restrict volatile *, forall( dtype D ) D * ),
2209        * ?=?( DT restrict volatile * _Atomic restrict volatile *, DT restrict volatile * ),
2210        * ?=?( DT restrict volatile * _Atomic restrict volatile *, void volatile * ),
2211        * ?=?( DT restrict volatile * _Atomic restrict volatile *, forall( dtype D ) D * );
2212forall( dtype DT ) DT _Atomic const restrict
2213        * ?=?( DT _Atomic const restrict * restrict volatile *,
2214         DT _Atomic const restrict * ),
2215        * ?=?( DT _Atomic const restrict * restrict volatile *,
2216         void const * ),
2217        * ?=?( DT _Atomic const restrict * restrict volatile *,
2218         forall( dtype D ) D * ),
2219        * ?=?( DT _Atomic const restrict * _Atomic restrict volatile *,
2220         DT _Atomic const restrict * ),
2221        * ?=?( DT _Atomic const restrict * _Atomic restrict volatile *,
2222         void const * ),
2223        * ?=?( DT _Atomic const restrict * _Atomic restrict volatile *,
2224         forall( dtype D ) D * );
2225forall( dtype DT ) DT _Atomic const volatile
2226        * ?=?( DT _Atomic const volatile * restrict volatile *,
2227         DT _Atomic const volatile * ),
2228        * ?=?( DT _Atomic const volatile * restrict volatile *,
2229         void const volatile * ),
2230        * ?=?( DT _Atomic const volatile * restrict volatile *,
2231         forall( dtype D ) D * ),
2232        * ?=?( DT _Atomic const volatile * _Atomic restrict volatile *,
2233         DT _Atomic const volatile * ),
2234        * ?=?( DT _Atomic const volatile * _Atomic restrict volatile *,
2235         void const volatile * ),
2236        * ?=?( DT _Atomic const volatile * _Atomic restrict volatile *,
2237         forall( dtype D ) D * );
2238forall( dtype DT ) DT _Atomic restrict volatile
2239        * ?=?( DT _Atomic restrict volatile * restrict volatile *,
2240         DT _Atomic restrict volatile * ),
2241        * ?=?( DT _Atomic restrict volatile * restrict volatile *,
2242         void volatile * ),
2243        * ?=?( DT _Atomic restrict volatile * restrict volatile *,
2244         forall( dtype D ) D * ),
2245        * ?=?( DT _Atomic restrict volatile * _Atomic restrict volatile *,
2246         DT _Atomic restrict volatile * ),
2247        * ?=?( DT _Atomic restrict volatile * _Atomic restrict volatile *,
2248         void volatile * ),
2249        * ?=?( DT _Atomic restrict volatile * _Atomic restrict volatile *,
2250         forall( dtype D ) D * );
2251forall( dtype DT ) DT const restrict volatile
2252        * ?=?( DT const restrict volatile * restrict volatile *,
2253         DT const restrict volatile * ),
2254        * ?=?( DT const restrict volatile * restrict volatile *,
2255         void const volatile * ),
2256        * ?=?( DT const restrict volatile * restrict volatile *,
2257         forall( dtype D ) D * ),
2258        * ?=?( DT const restrict volatile * _Atomic restrict volatile *,
2259         DT const restrict volatile * ),
2260        * ?=?( DT const restrict volatile * _Atomic restrict volatile *,
2261         void const volatile * ),
2262        * ?=?( DT const restrict volatile * _Atomic restrict volatile *,
2263         forall( dtype D ) D * );
2264forall( dtype DT ) DT _Atomic const restrict volatile
2265        * ?=?( DT _Atomic const restrict volatile * restrict volatile *,
2266         DT _Atomic const restrict volatile * ),
2267        * ?=?( DT _Atomic const restrict volatile * restrict volatile *,
2268         void const volatile * ),
2269        * ?=?( DT _Atomic const restrict volatile * restrict volatile *,
2270         forall( dtype D ) D * ),
2271        * ?=?( DT _Atomic const restrict volatile * _Atomic restrict volatile *,
2272         DT _Atomic const restrict volatile * ),
2273        * ?=?( DT _Atomic const restrict volatile * _Atomic restrict volatile *,
2274         void const volatile * ),
2275        * ?=?( DT _Atomic const restrict volatile * _Atomic restrict volatile *,
2276         forall( dtype D ) D * );
2277forall( dtype DT ) void
2278        * ?=?( void * restrict volatile *, DT * );
2279forall( dtype DT ) void const
2280        * ?=?( void const * restrict volatile *, DT const * );
2281forall( dtype DT ) void volatile
2282        * ?=?( void volatile * restrict volatile *, DT volatile * );
2283forall( dtype DT ) void const volatile
2284        * ?=?( void const volatile * restrict volatile *, DT const volatile * );
2285\end{lstlisting}
2286\begin{rationale}
2287The pattern of overloadings for simple assignment resembles that of pointer increment and decrement, except that the polymorphic pointer assignment functions declare a ©dtype© parameter, instead of a ©type© parameter, because the left operand may be a pointer to an incomplete type.
2288\end{rationale}
2289
2290For every complete structure or union type ©S© there exist
2291% Don't use predefined: keep this out of prelude.cf.
2292\begin{lstlisting}
2293S ?=?( S volatile *, S ), ?=?( S _Atomic volatile *, S );
2294\end{lstlisting}
2295
2296For every extended integer type ©X© there exist
2297% Don't use predefined: keep this out of prelude.cf.
2298\begin{lstlisting}
2299X ?=?( X volatile *, X ), ?=?( X _Atomic volatile *, X );
2300\end{lstlisting}
2301
2302For every complete enumerated type ©E© there exist
2303% Don't use predefined: keep this out of prelude.cf.
2304\begin{lstlisting}
2305E ?=?( E volatile *, int ), ?=?( E _Atomic volatile *, int );
2306\end{lstlisting}
2307\begin{rationale}
2308The right-hand argument is ©int© because enumeration constants have type ©int©.
2309\end{rationale}
2310
2311\semantics
2312The structure assignment functions provide member-wise assignment;
2313each non-array member and each element of each array member of the right argument is assigned to the corresponding member or element of the left argument using the assignment function defined for its type.
2314All other assignment functions have the same effect as the corresponding C assignment expression.
2315\begin{rationale}
2316Note that, by default, union assignment\index{deficiencies!union assignment} uses C semantics---that is, bitwise copy---even if some of the union members have programmer-defined assignment functions.
2317\end{rationale}
2318
2319
2320\subsubsection{Compound assignment}
2321
2322\predefined
2323\begin{lstlisting}
2324forall( otype T ) T
2325        * ?+=?( T * restrict volatile *, ptrdiff_t ),
2326        * ?-=?( T * restrict volatile *, ptrdiff_t ),
2327        * ?+=?( T * _Atomic restrict volatile *, ptrdiff_t ),
2328        * ?-=?( T * _Atomic restrict volatile *, ptrdiff_t );
2329forall( otype T ) T _Atomic
2330        * ?+=?( T _Atomic * restrict volatile *, ptrdiff_t ),
2331        * ?-=?( T _Atomic * restrict volatile *, ptrdiff_t ),
2332        * ?+=?( T _Atomic * _Atomic restrict volatile *, ptrdiff_t ),
2333        * ?-=?( T _Atomic * _Atomic restrict volatile *, ptrdiff_t );
2334forall( otype T ) T const
2335        * ?+=?( T const * restrict volatile *, ptrdiff_t ),
2336        * ?-=?( T const * restrict volatile *, ptrdiff_t ),
2337        * ?+=?( T const * _Atomic restrict volatile *, ptrdiff_t ),
2338        * ?-=?( T const * _Atomic restrict volatile *, ptrdiff_t );
2339forall( otype T ) T restrict
2340        * ?+=?( T restrict * restrict volatile *, ptrdiff_t ),
2341        * ?-=?( T restrict * restrict volatile *, ptrdiff_t ),
2342        * ?+=?( T restrict * _Atomic restrict volatile *, ptrdiff_t ),
2343        * ?-=?( T restrict * _Atomic restrict volatile *, ptrdiff_t );
2344forall( otype T ) T volatile
2345        * ?+=?( T volatile * restrict volatile *, ptrdiff_t ),
2346        * ?-=?( T volatile * restrict volatile *, ptrdiff_t ),
2347        * ?+=?( T volatile * _Atomic restrict volatile *, ptrdiff_t ),
2348        * ?-=?( T volatile * _Atomic restrict volatile *, ptrdiff_t );
2349forall( otype T ) T _Atomic const
2350        * ?+=?( T _Atomic const restrict volatile *, ptrdiff_t ),
2351        * ?-=?( T _Atomic const restrict volatile *, ptrdiff_t ),
2352        * ?+=?( T _Atomic const _Atomic restrict volatile *, ptrdiff_t ),
2353        * ?-=?( T _Atomic const _Atomic restrict volatile *, ptrdiff_t );
2354forall( otype T ) T _Atomic restrict
2355        * ?+=?( T _Atomic restrict * restrict volatile *, ptrdiff_t ),
2356        * ?-=?( T _Atomic restrict * restrict volatile *, ptrdiff_t ),
2357        * ?+=?( T _Atomic restrict * _Atomic restrict volatile *, ptrdiff_t ),
2358        * ?-=?( T _Atomic restrict * _Atomic restrict volatile *, ptrdiff_t );
2359forall( otype T ) T _Atomic volatile
2360        * ?+=?( T _Atomic volatile * restrict volatile *, ptrdiff_t ),
2361        * ?-=?( T _Atomic volatile * restrict volatile *, ptrdiff_t ),
2362        * ?+=?( T _Atomic volatile * _Atomic restrict volatile *, ptrdiff_t ),
2363        * ?-=?( T _Atomic volatile * _Atomic restrict volatile *, ptrdiff_t );
2364forall( otype T ) T const restrict
2365        * ?+=?( T const restrict * restrict volatile *, ptrdiff_t ),
2366        * ?-=?( T const restrict * restrict volatile *, ptrdiff_t ),
2367        * ?+=?( T const restrict * _Atomic restrict volatile *, ptrdiff_t ),
2368        * ?-=?( T const restrict * _Atomic restrict volatile *, ptrdiff_t );
2369forall( otype T ) T const volatile
2370        * ?+=?( T const volatile * restrict volatile *, ptrdiff_t ),
2371        * ?-=?( T const volatile * restrict volatile *, ptrdiff_t ),
2372        * ?+=?( T const volatile * _Atomic restrict volatile *, ptrdiff_t ),
2373        * ?-=?( T const volatile * _Atomic restrict volatile *, ptrdiff_t );
2374forall( otype T ) T restrict volatile
2375        * ?+=?( T restrict volatile * restrict volatile *, ptrdiff_t ),
2376        * ?-=?( T restrict volatile * restrict volatile *, ptrdiff_t ),
2377        * ?+=?( T restrict volatile * _Atomic restrict volatile *, ptrdiff_t ),
2378        * ?-=?( T restrict volatile * _Atomic restrict volatile *, ptrdiff_t );
2379forall( otype T ) T _Atomic const restrict
2380        * ?+=?( T _Atomic const restrict * restrict volatile *, ptrdiff_t ),
2381        * ?-=?( T _Atomic const restrict * restrict volatile *, ptrdiff_t ),
2382        * ?+=?( T _Atomic const restrict * _Atomic restrict volatile *, ptrdiff_t ),
2383        * ?-=?( T _Atomic const restrict * _Atomic restrict volatile *, ptrdiff_t );
2384forall( otype T ) T _Atomic const volatile
2385        * ?+=?( T _Atomic const volatile * restrict volatile *, ptrdiff_t ),
2386        * ?-=?( T _Atomic const volatile * restrict volatile *, ptrdiff_t ),
2387        * ?+=?( T _Atomic const volatile * _Atomic restrict volatile *, ptrdiff_t ),
2388        * ?-=?( T _Atomic const volatile * _Atomic restrict volatile *, ptrdiff_t );
2389forall( otype T ) T _Atomic restrict volatile
2390        * ?+=?( T _Atomic restrict volatile * restrict volatile *, ptrdiff_t ),
2391        * ?-=?( T _Atomic restrict volatile * restrict volatile *, ptrdiff_t ),
2392        * ?+=?( T _Atomic restrict volatile * _Atomic restrict volatile *, ptrdiff_t ),
2393        * ?-=?( T _Atomic restrict volatile * _Atomic restrict volatile *, ptrdiff_t );
2394forall( otype T ) T const restrict volatile
2395        * ?+=?( T const restrict volatile * restrict volatile *, ptrdiff_t ),
2396        * ?-=?( T const restrict volatile * restrict volatile *, ptrdiff_t ),
2397        * ?+=?( T const restrict volatile * _Atomic restrict volatile *, ptrdiff_t ),
2398        * ?-=?( T const restrict volatile * _Atomic restrict volatile *, ptrdiff_t );
2399forall( otype T ) T _Atomic const restrict volatile
2400        * ?+=?( T _Atomic const restrict volatile * restrict volatile *, ptrdiff_t ),
2401        * ?-=?( T _Atomic const restrict volatile * restrict volatile *, ptrdiff_t ),
2402        * ?+=?( T _Atomic const restrict volatile * _Atomic restrict volatile *, ptrdiff_t ),
2403        * ?-=?( T _Atomic const restrict volatile * _Atomic restrict volatile *, ptrdiff_t );
2404
2405_Bool
2406        ?*=?( _Bool volatile *, _Bool ),
2407        ?/=?( _Bool volatile *, _Bool ),
2408        ?+=?( _Bool volatile *, _Bool ),
2409        ?-=?( _Bool volatile *, _Bool ),
2410        ?%=?( _Bool volatile *, _Bool ),
2411        ?<<=?( _Bool volatile *, int ),
2412        ?>>=?( _Bool volatile *, int ),
2413        ?&=?( _Bool volatile *, _Bool ),
2414        ?^=?( _Bool volatile *, _Bool ),
2415        ?|=?( _Bool volatile *, _Bool );
2416char
2417        ?*=?( char volatile *, char ),
2418        ?/=?( char volatile *, char ),
2419        ?+=?( char volatile *, char ),
2420        ?-=?( char volatile *, char ),
2421        ?%=?( char volatile *, char ),
2422        ?<<=?( char volatile *, int ),
2423        ?>>=?( char volatile *, int ),
2424        ?&=?( char volatile *, char ),
2425        ?^=?( char volatile *, char ),
2426        ?|=?( char volatile *, char );
2427unsigned char
2428        ?*=?( unsigned char volatile *, unsigned char ),
2429        ?/=?( unsigned char volatile *, unsigned char ),
2430        ?+=?( unsigned char volatile *, unsigned char ),
2431        ?-=?( unsigned char volatile *, unsigned char ),
2432        ?%=?( unsigned char volatile *, unsigned char ),
2433        ?<<=?( unsigned char volatile *, int ),
2434        ?>>=?( unsigned char volatile *, int ),
2435        ?&=?( unsigned char volatile *, unsigned char ),
2436        ?^=?( unsigned char volatile *, unsigned char ),
2437        ?|=?( unsigned char volatile *, unsigned char );
2438signed char
2439        ?*=?( signed char volatile *, signed char ),
2440        ?/=?( signed char volatile *, signed char ),
2441        ?+=?( signed char volatile *, signed char ),
2442        ?-=?( signed char volatile *, signed char ),
2443        ?%=?( signed char volatile *, signed char ),
2444        ?<<=?( signed char volatile *, int ),
2445        ?>>=?( signed char volatile *, int ),
2446        ?&=?( signed char volatile *, signed char ),
2447        ?^=?( signed char volatile *, signed char ),
2448        ?|=?( signed char volatile *, signed char );
2449short int
2450        ?*=?( short int volatile *, short int ),
2451        ?/=?( short int volatile *, short int ),
2452        ?+=?( short int volatile *, short int ),
2453        ?-=?( short int volatile *, short int ),
2454        ?%=?( short int volatile *, short int ),
2455        ?<<=?( short int volatile *, int ),
2456        ?>>=?( short int volatile *, int ),
2457        ?&=?( short int volatile *, short int ),
2458        ?^=?( short int volatile *, short int ),
2459        ?|=?( short int volatile *, short int );
2460unsigned short int
2461        ?*=?( unsigned short int volatile *, unsigned short int ),
2462        ?/=?( unsigned short int volatile *, unsigned short int ),
2463        ?+=?( unsigned short int volatile *, unsigned short int ),
2464        ?-=?( unsigned short int volatile *, unsigned short int ),
2465        ?%=?( unsigned short int volatile *, unsigned short int ),
2466        ?<<=?( unsigned short int volatile *, int ),
2467        ?>>=?( unsigned short int volatile *, int ),
2468        ?&=?( unsigned short int volatile *, unsigned short int ),
2469        ?^=?( unsigned short int volatile *, unsigned short int ),
2470        ?|=?( unsigned short int volatile *, unsigned short int );
2471int
2472        ?*=?( int volatile *, int ),
2473        ?/=?( int volatile *, int ),
2474        ?+=?( int volatile *, int ),
2475        ?-=?( int volatile *, int ),
2476        ?%=?( int volatile *, int ),
2477        ?<<=?( int volatile *, int ),
2478        ?>>=?( int volatile *, int ),
2479        ?&=?( int volatile *, int ),
2480        ?^=?( int volatile *, int ),
2481        ?|=?( int volatile *, int );
2482unsigned int
2483        ?*=?( unsigned int volatile *, unsigned int ),
2484        ?/=?( unsigned int volatile *, unsigned int ),
2485        ?+=?( unsigned int volatile *, unsigned int ),
2486        ?-=?( unsigned int volatile *, unsigned int ),
2487        ?%=?( unsigned int volatile *, unsigned int ),
2488        ?<<=?( unsigned int volatile *, int ),
2489        ?>>=?( unsigned int volatile *, int ),
2490        ?&=?( unsigned int volatile *, unsigned int ),
2491        ?^=?( unsigned int volatile *, unsigned int ),
2492        ?|=?( unsigned int volatile *, unsigned int );
2493long int
2494        ?*=?( long int volatile *, long int ),
2495        ?/=?( long int volatile *, long int ),
2496        ?+=?( long int volatile *, long int ),
2497        ?-=?( long int volatile *, long int ),
2498        ?%=?( long int volatile *, long int ),
2499        ?<<=?( long int volatile *, int ),
2500        ?>>=?( long int volatile *, int ),
2501        ?&=?( long int volatile *, long int ),
2502        ?^=?( long int volatile *, long int ),
2503        ?|=?( long int volatile *, long int );
2504unsigned long int
2505        ?*=?( unsigned long int volatile *, unsigned long int ),
2506        ?/=?( unsigned long int volatile *, unsigned long int ),
2507        ?+=?( unsigned long int volatile *, unsigned long int ),
2508        ?-=?( unsigned long int volatile *, unsigned long int ),
2509        ?%=?( unsigned long int volatile *, unsigned long int ),
2510        ?<<=?( unsigned long int volatile *, int ),
2511        ?>>=?( unsigned long int volatile *, int ),
2512        ?&=?( unsigned long int volatile *, unsigned long int ),
2513        ?^=?( unsigned long int volatile *, unsigned long int ),
2514        ?|=?( unsigned long int volatile *, unsigned long int );
2515long long int
2516        ?*=?( long long int volatile *, long long int ),
2517        ?/=?( long long int volatile *, long long int ),
2518        ?+=?( long long int volatile *, long long int ),
2519        ?-=?( long long int volatile *, long long int ),
2520        ?%=?( long long int volatile *, long long int ),
2521        ?<<=?( long long int volatile *, int ),
2522        ?>>=?( long long int volatile *, int ),
2523        ?&=?( long long int volatile *, long long int ),
2524        ?^=?( long long int volatile *, long long int ),
2525        ?|=?( long long int volatile *, long long int );
2526unsigned long long int
2527        ?*=?( unsigned long long int volatile *, unsigned long long int ),
2528        ?/=?( unsigned long long int volatile *, unsigned long long int ),
2529        ?+=?( unsigned long long int volatile *, unsigned long long int ),
2530        ?-=?( unsigned long long int volatile *, unsigned long long int ),
2531        ?%=?( unsigned long long int volatile *, unsigned long long int ),
2532        ?<<=?( unsigned long long int volatile *, int ),
2533        ?>>=?( unsigned long long int volatile *, int ),
2534        ?&=?( unsigned long long int volatile *, unsigned long long int ),
2535        ?^=?( unsigned long long int volatile *, unsigned long long int ),
2536        ?|=?( unsigned long long int volatile *, unsigned long long int );
2537float
2538        ?*=?( float volatile *, float ),
2539        ?/=?( float volatile *, float ),
2540        ?+=?( float volatile *, float ),
2541        ?-=?( float volatile *, float );
2542double
2543        ?*=?( double volatile *, double ),
2544        ?/=?( double volatile *, double ),
2545        ?+=?( double volatile *, double ),
2546        ?-=?( double volatile *, double );
2547long double
2548        ?*=?( long double volatile *, long double ),
2549        ?/=?( long double volatile *, long double ),
2550        ?+=?( long double volatile *, long double ),
2551        ?-=?( long double volatile *, long double );
2552_Complex float
2553        ?*=?( _Complex float volatile *, _Complex float ),
2554        ?/=?( _Complex float volatile *, _Complex float ),
2555        ?+=?( _Complex float volatile *, _Complex float ),
2556        ?-=?( _Complex float volatile *, _Complex float );
2557_Complex double
2558        ?*=?( _Complex double volatile *, _Complex double ),
2559        ?/=?( _Complex double volatile *, _Complex double ),
2560        ?+=?( _Complex double volatile *, _Complex double ),
2561        ?-=?( _Complex double volatile *, _Complex double );
2562_Complex long double
2563        ?*=?( _Complex long double volatile *, _Complex long double ),
2564        ?/=?( _Complex long double volatile *, _Complex long double ),
2565        ?+=?( _Complex long double volatile *, _Complex long double ),
2566        ?-=?( _Complex long double volatile *, _Complex long double );
2567\end{lstlisting}
2568
2569For every extended integer type ©X© there exist
2570% Don't use predefined: keep this out of prelude.cf.
2571\begin{lstlisting}
2572?*=?( X volatile *, X ),
2573?/=?( X volatile *, X ),
2574?+=?( X volatile *, X ),
2575?-=?( X volatile *, X ),
2576?%=?( X volatile *, X ),
2577?<<=?( X volatile *, int ),
2578?>>=?( X volatile *, int ),
2579?&=?( X volatile *, X ),
2580?^=?( X volatile *, X ),
2581?|=?( X volatile *, X );
2582\end{lstlisting}
2583
2584For every complete enumerated type ©E© there exist
2585% Don't use predefined: keep this out of prelude.cf.
2586\begin{lstlisting}
2587?*=?( E volatile *, E ),
2588?/=?( E volatile *, E ),
2589?+=?( E volatile *, E ),
2590?-=?( E volatile *, E ),
2591?%=?( E volatile *, E ),
2592?<<=?( E volatile *, int ),
2593?>>=?( E volatile *, int ),
2594?&=?( E volatile *, E ),
2595?^=?( E volatile *, E ),
2596?|=?( E volatile *, E );
2597\end{lstlisting}
2598
2599
2600\subsection{Comma operator}
2601
2602\begin{syntax}
2603\lhs{expression}
2604\rhs \nonterm{assignment-expression}
2605\rhs \nonterm{expression} ©,© \nonterm{assignment-expression}
2606\end{syntax}
2607
2608\semantics
2609In the comma expression ``©a, b©'', the first operand is interpreted as ``©( void )(a)©'', which shall be unambiguous\index{ambiguous interpretation}.
2610The interpretations of the expression are the interpretations of the second operand.
2611
2612
2613\section{Constant expressions}
2614
2615
2616\section{Declarations}
2617
2618\begin{syntax}
2619\oldlhs{declaration}
2620\rhs \nonterm{type-declaration}
2621\rhs \nonterm{spec-definition}
2622\end{syntax}
2623
2624\constraints
2625If an identifier has \Index{no linkage}, there shall be no more than one declaration of the identifier ( in a declarator or type specifier ) with compatible types in the same scope and in the same name space, except that:
2626\begin{itemize}
2627\item a typedef name may be redefined to denote the same type as it currently does, provided that type is not a variably modified type;
2628\item tags may be redeclared as specified in section 6.7.2.3 of the {\c11} standard.
2629\end{itemize}
2630\begin{rationale}
2631This constraint adds the phrase ``with compatible types'' to the {\c11} constraint, to allow overloading.
2632\end{rationale}
2633
2634An identifier declared by a type declaration shall not be redeclared as a parameter in a function definition whose declarator includes an identifier list.
2635\begin{rationale}
2636This restriction echos {\c11}'s ban on the redeclaration of typedef names as parameters.
2637This avoids an ambiguity between old-style function declarations and new-style function prototypes:
2638\begin{lstlisting}
2639void f( Complex,        // ... 3000 characters ...
2640void g( Complex,        // ... 3000 characters ...
2641int Complex;
2642{ ... }
2643\end{lstlisting}
2644Without the rule, ©Complex© would be a type in the first case, and a parameter name in the second.
2645\end{rationale}
2646
2647
2648\setcounter{subsection}{1}
2649\subsection{Type specifiers}
2650
2651\begin{syntax}
2652\oldlhs{type-specifier}
2653\rhs \nonterm{forall-specifier}
2654\end{syntax}
2655
2656\semantics
2657Forall specifiers are discussed in \VRef{forall}.
2658
2659
2660\subsubsection{Structure and union specifiers}
2661
2662\semantics 
2663\CFA extends the {\c11} definition of \define{anonymous structure} to include structure specifiers with tags, and extends the {\c11} definition of \define{anonymous union} to include union specifiers with tags.
2664\begin{rationale}
2665This extension imitates an extension in the Plan 9 C compiler \cite{Thompson90new}.
2666\end{rationale}
2667
2668\examples
2669\begin{lstlisting}
2670struct point {§\impl{point}§
2671        int x, y;
2672};
2673struct color_point {§\impl{color_point}§
2674        enum { RED, BLUE, GREEN } color;
2675        struct point;
2676};
2677struct color_point cp;
2678cp.x = 0;
2679cp.color = RED;
2680struct literal {§\impl{literal}§
2681        enum { NUMBER, STRING } tag;
2682        union {
2683                double n;
2684                char *s;
2685        };
2686};
2687struct literal *next;
2688int length;
2689extern int strlen( const char * );
2690...
2691if ( next->tag == STRING ) length = strlen( next->s );
2692\end{lstlisting}
2693
2694
2695\setcounter{subsubsection}{4}
2696\subsubsection{Forall specifiers}
2697\label{forall}
2698
2699\begin{syntax}
2700\lhs{forall-specifier}
2701\rhs ©forall© ©(© \nonterm{type-parameter-list} ©)©
2702\end{syntax}
2703
2704\begin{comment}
2705\constraints
2706If the \nonterm{declaration-specifiers} of a declaration that contains a \nonterm{forall-specifier} declares a structure or union tag, the types of the members of the structure or union shall not use any of the type identifiers declared by the \nonterm{type-parameter-list}.
2707\begin{rationale}
2708This sort of declaration is illegal because the scope of the type identifiers ends at the end of the declaration, but the scope of the structure tag does not.
2709\begin{lstlisting}
2710forall( otype T ) struct Pair { T a, b;
2711} mkPair( T, T ); // illegal
2712\end{lstlisting}
2713If an instance of ©struct Pair© was declared later in the current scope, what would the members' type be?
2714\end{rationale}
2715\end{comment}
2716
2717\semantics
2718The \nonterm{type-parameter-list}s and assertions of the \nonterm{forall-specifier}s declare type identifiers, function and object identifiers with \Index{no linkage}.
2719
2720If, in the declaration ``©T D©'', ©T© contains \nonterm{forall-specifier}s and ©D© has the form
2721\begin{lstlisting}
2722D( §\normalsize\nonterm{parameter-type-list}§ )
2723\end{lstlisting} then a type identifier declared by one of the \nonterm{forall-specifier}s is an \define{inferred parameter} of the function declarator if and only if it is not an inferred parameter of a function declarator in ©D©, and it is used in the type of a parameter in the following
2724\nonterm{type-parameter-list} or it and an inferred parameter are used as arguments of a \Index{specification} in one of the \nonterm{forall-specifier}s.
2725The identifiers declared by assertions that use an inferred parameter of a function declarator are \Index{assertion parameter}s of that function declarator.
2726
2727\begin{comment}
2728\begin{rationale}
2729Since every inferred parameter is used by some parameter, inference can be understood as a single bottom-up pass over the expression tree, that only needs to apply local reasoning at each node.
2730
2731If this restriction were lifted, it would be possible to write
2732\begin{lstlisting}
2733forall( otype T ) T * alloc( void );§\use{alloc}§ int *p = alloc();
2734\end{lstlisting}
2735Here ©alloc()© would receive ©int© as an inferred argument, and return an ©int *©.
2736In general, if a call to ©alloc()© is a subexpression of an expression involving polymorphic functions and overloaded identifiers, there could be considerable distance between the call and the subexpression that causes ©T© to be bound.
2737
2738With the current restriction, ©alloc()© must be given an argument that determines ©T©:
2739\begin{lstlisting}
2740forall( otype T ) T * alloc( T initial_value );§\use{alloc}§
2741\end{lstlisting}
2742\end{rationale}
2743\end{comment}
2744
2745If a function declarator is part of a function definition, its inferred parameters and assertion parameters have \Index{block scope};
2746otherwise, identifiers declared by assertions have a \define{declaration scope}, which terminates at the end of the \nonterm{declaration}.
2747
2748A function type that has at least one inferred parameter is a \define{polymorphic function} type.
2749Function types with no inferred parameters are \define{monomorphic function} types.
2750One function type is \define{less polymorphic} than another if it has fewer inferred parameters, or if it has the same number of inferred parameters and fewer of its explicit parameters have types that depend on an inferred parameter.
2751
2752The names of inferred parameters and the order of identifiers in forall specifiers are not relevant to polymorphic function type compatibility.
2753Let $f$ and $g$ be two polymorphic function types with the same number of inferred parameters, and let $f_i$ and $g_i$ be the inferred parameters of $f$ and $g$ in their order of occurance in the function types' \nonterm{parameter-type-list}s.
2754Let $f'$ be $f$ with every occurrence of $f_i$ replaced by $g_i$, for all $i$.
2755Then $f$ and $g$ are \Index{compatible type}s if $f'$'s and $g$'s return types and parameter lists are compatible, and if for every assertion parameter of $f'$ there is an assertion parameter in $g$ with the same identifier and compatible type, and vice versa.
2756
2757\examples
2758Consider these analogous monomorphic and polymorphic declarations.
2759\begin{lstlisting}
2760int fi( int );
2761forall( otype T ) T fT( T );
2762\end{lstlisting}
2763©fi()© takes an ©int© and returns an ©int©. ©fT()© takes a ©T© and returns a ©T©, for any type ©T©.
2764\begin{lstlisting}
2765int (*pfi )( int ) = fi;
2766forall( otype T ) T (*pfT )( T ) = fT;
2767\end{lstlisting}
2768©pfi© and ©pfT© are pointers to functions. ©pfT© is not polymorphic, but the function it points at is.
2769\begin{lstlisting}
2770int (*fvpfi( void ))( int ) {
2771        return pfi;
2772}
2773forall( otype T ) T (*fvpfT( void ))( T ) {
2774        return pfT;
2775}
2776\end{lstlisting}
2777©fvpfi()© and ©fvpfT()© are functions taking no arguments and returning pointers to functions. ©fvpfT()© is monomorphic, but the function that its return value points at is polymorphic.
2778\begin{lstlisting}
2779forall( otype T ) int ( *fTpfi( T ) )( int );
2780forall( otype T ) T ( *fTpfT( T ) )( T );
2781forall( otype T, otype U ) U ( *fTpfU( T ) )( U );
2782\end{lstlisting}
2783©fTpfi()© is a polymorphic function that returns a pointer to a monomorphic function taking an integer and returning an integer.
2784It could return ©pfi©. ©fTpfT()© is subtle: it is a polymorphic function returning a \emph{monomorphic} function taking and returning
2785©T©, where ©T© is an inferred parameter of ©fTpfT()©.
2786For instance, in the expression ``©fTpfT(17)©'', ©T© is inferred to be ©int©, and the returned value would have type ©int ( * )( int )©. ``©fTpfT(17)(13)©'' and ``©fTpfT("yes")("no")©'' are legal, but ``©fTpfT(17)("no")©'' is illegal.
2787©fTpfU()© is polymorphic ( in type ©T©), and returns a pointer to a function that is polymorphic ( in type ©U©). ``©f5(17)("no")©'' is a legal expression of type ©char *©.
2788\begin{lstlisting}
2789forall( otype T, otype U, otype V ) U * f( T *, U, V * const );
2790forall( otype U, otype V, otype W ) U * g( V *, U, W * const );
2791\end{lstlisting}
2792The functions ©f()© and ©g()© have compatible types.
2793Let \(f\) and \(g\) be their types;
2794then \(f_1\) = ©T©, \(f_2\) = ©U©, \(f_3\) = ©V©, \(g_1\)
2795= ©V©, \(g_2\) = ©U©, and \(g_3\) = ©W©.
2796Replacing every \(f_i\) by \(g_i\) in \(f\) gives
2797\begin{lstlisting}
2798forall( otype V, otype U, otype W ) U * f( V *, U, W * const );
2799\end{lstlisting} which has a return type and parameter list that is compatible with \(g\).
2800\begin{rationale}
2801The word ``©type©'' in a forall specifier is redundant at the moment, but I want to leave room for inferred parameters of ordinary types in case parameterized types get added one day.
2802
2803Even without parameterized types, I might try to allow
2804\begin{lstlisting}
2805forall( int n ) int sum( int vector[n] );
2806\end{lstlisting} but C currently rewrites array parameters as pointer parameters, so the effects of such a change require more thought.
2807\end{rationale}
2808
2809\begin{rationale}
2810A polymorphic declaration must do two things: it must introduce type parameters, and it must apply assertions to those types.
2811Adding this to existing C declaration syntax and semantics was delicate, and not entirely successful.
2812
2813C depends on declaration-before-use, so a forall specifier must introduce type names before they can be used in the declaration specifiers.
2814This could be done by making the forall specifier part of the declaration specifiers, or by making it a new introductory clause of declarations.
2815
2816Assertions are also part of polymorphic function types, because it must be clear which functions have access to the assertion parameters declared by the assertions.
2817All attempts to put assertions inside an introductory clause produced complex semantics and confusing code.
2818Building them into the declaration specifiers could be done by placing them in the function's parameter list, or in a forall specifier that is a declaration specifier.
2819Assertions are also used with type parameters of specifications, and by type declarations.
2820For consistency's sake it seems best to attach assertions to the type declarations in forall specifiers, which means that forall specifiers must be declaration specifiers.
2821\end{rationale}
2822%HERE
2823
2824
2825\subsection{Type qualifiers}
2826
2827\CFA defines a new type qualifier ©lvalue©\impl{lvalue}\index{lvalue}.
2828\begin{syntax}
2829\oldlhs{type-qualifier}
2830\rhs ©lvalue©
2831\end{syntax}
2832
2833\constraints
2834\Indexc{restrict} Types other than type parameters and pointer types whose referenced type is an object type shall not be restrict-qualified.
2835
2836\semantics
2837An object's type may be a restrict-qualified type parameter.
2838©restrict© does not establish any special semantics in that case.
2839
2840\begin{rationale}
2841\CFA loosens the constraint on the restrict qualifier so that restrict-qualified pointers may be passed to polymorphic functions.
2842\end{rationale}
2843
2844©lvalue© may be used to qualify the return type of a function type.
2845Let ©T© be an unqualified version of a type;
2846then the result of calling a function with return type ©lvalue T© is a \Index{modifiable lvalue} of type ©T©.
2847©const©\use{const} and ©volatile©\use{volatile} qualifiers may also be added to indicate that the function result is a constant or volatile lvalue.
2848\begin{rationale}
2849The ©const© and ©volatile© qualifiers can only be sensibly used to qualify the return type of a function if the ©lvalue© qualifier is also used.
2850\end{rationale}
2851
2852An {lvalue}-qualified type may be used in a \Index{cast expression} if the operand is an lvalue;
2853the result of the expression is an lvalue.
2854
2855\begin{rationale}
2856©lvalue© provides some of the functionality of {\CC}'s ``©T&©'' ( reference to object of type ©T©) type.
2857Reference types have four uses in {\CC}.
2858\begin{itemize}
2859\item
2860They are necessary for user-defined operators that return lvalues, such as ``subscript'' and ``dereference''.
2861
2862\item
2863A reference can be used to define an alias for a complicated lvalue expression, as a way of getting some of the functionality of the Pascal ©with© statement.
2864The following {\CC} code gives an example.
2865\begin{lstlisting}
2866{
2867        char &code = long_name.some_field[i].data->code;
2868        code = toupper( code );
2869}
2870\end{lstlisting}
2871This is not very useful.
2872
2873\item
2874A reference parameter can be used to allow a function to modify an argument without forcing the caller to pass the address of the argument.
2875This is most useful for user-defined assignment operators.
2876In {\CC}, plain assignment is done by a function called ``©operator=©'', and the two expressions
2877\begin{lstlisting}
2878a = b;
2879operator=( a, b );
2880\end{lstlisting} are equivalent.
2881If ©a© and ©b© are of type ©T©, then the first parameter of ©operator=© must have type ``©T&©''.
2882It cannot have type ©T©, because then assignment couldn't alter the variable, and it can't have type ``©T *©'', because the assignment would have to be written ``©&a = b;©''.
2883
2884In the case of user-defined operators, this could just as well be handled by using pointer types and by changing the rewrite rules so that ``©a = b;©'' is equivalent to ``©operator=(&( a), b )©''.
2885Reference parameters of ``normal'' functions are Bad Things, because they remove a useful property of C function calls: an argument can only be modified by a function if it is preceded by ``©&©''.
2886
2887\item
2888References to \Index{const-qualified} types can be used instead of value parameters.  Given the
2889{\CC} function call ``©fiddle( a_thing )©'', where the type of ©a_thing© is
2890©Thing©, the type of ©fiddle© could be either of
2891\begin{lstlisting}
2892void fiddle( Thing );
2893void fiddle( const Thing & );
2894\end{lstlisting}
2895If the second form is used, then constructors and destructors are not invoked to create a temporary variable at the call site ( and it is bad style for the caller to make any assumptions about such things), and within ©fiddle© the parameter is subject to the usual problems caused by aliases.
2896The reference form might be chosen for efficiency's sake if ©Thing©s are too large or their constructors or destructors are too expensive.
2897An implementation may switch between them without causing trouble for well-behaved clients.
2898This leaves the implementor to define ``too large'' and ``too expensive''.
2899
2900I propose to push this job onto the compiler by allowing it to implement
2901\begin{lstlisting}
2902void fiddle( const volatile Thing );
2903\end{lstlisting} with call-by-reference.
2904Since it knows all about the size of ©Thing©s and the parameter passing mechanism, it should be able to come up with a better definition of ``too large'', and may be able to make a good guess at ``too expensive''.
2905\end{itemize}
2906
2907In summary, since references are only really necessary for returning lvalues, I'll only provide lvalue functions.
2908\end{rationale}
2909
2910
2911\setcounter{subsection}{8}
2912\subsection{Initialization}
2913
2914An expression that is used as an \nonterm{initializer} is treated as being cast to the type of the object being initialized.
2915An expression used in an \nonterm{initializer-list} is treated as being cast to the type of the aggregate member that it initializes.
2916In either case the cast must have a single unambiguous \Index{interpretation}.
2917
2918
2919\setcounter{subsection}{10}
2920\subsection{Specification definitions}
2921
2922\begin{syntax}
2923\lhs{spec-definition}
2924\rhs ©spec© \nonterm{identifier} 
2925        ©(© \nonterm{type-parameter-list} ©)©
2926        ©{© \nonterm{spec-declaration-list}\opt ©}©
2927\lhs{spec-declaration-list}
2928\rhs \nonterm{spec-declaration} ©;©
2929\rhs \nonterm{spec-declaration-list} \nonterm{spec-declaration} ©;©
2930\lhs{spec-declaration}
2931\rhs \nonterm{specifier-qualifier-list} \nonterm{declarator-list}
2932\lhs{declarator-list}
2933\rhs \nonterm{declarator}
2934\rhs \nonterm{declarator-list} ©,© \nonterm{declarator}
2935\end{syntax}
2936\begin{rationale}
2937The declarations allowed in a specification are much the same as those allowed in a structure, except that bit fields are not allowed, and \Index{incomplete type}s and function types are allowed.
2938\end{rationale}
2939
2940\semantics
2941A \define{specification definition} defines a name for a \define{specification}: a parameterized collection of object and function declarations.
2942
2943The declarations in a specification consist of the declarations in the
2944\nonterm{spec-declaration-list} and declarations produced by any assertions in the
2945\nonterm{spec-parameter-list}.
2946If the collection contains two declarations that declare the same identifier and have compatible types, they are combined into one declaration with the composite type constructed from the two types.
2947
2948
2949\subsubsection{Assertions}
2950
2951\begin{syntax}
2952\lhs{assertion-list}
2953\rhs \nonterm{assertion}
2954\rhs \nonterm{assertion-list} \nonterm{assertion}
2955\lhs{assertion}
2956\rhs ©|© \nonterm{identifier} ©(© \nonterm{type-name-list} ©)©
2957\rhs ©|© \nonterm{spec-declaration}
2958\lhs{type-name-list}
2959\rhs \nonterm{type-name}
2960\rhs \nonterm{type-name-list} ©,© \nonterm{type-name}
2961\end{syntax}
2962
2963\constraints
2964The \nonterm{identifier} in an assertion that is not a \nonterm{spec-declaration} shall be the name of a specification.
2965The \nonterm{type-name-list} shall contain one \nonterm{type-name} argument for each \nonterm{type-parameter} in that specification's \nonterm{spec-parameter-list}.
2966If the
2967\nonterm{type-parameter} uses type-class ©type©\use{type}, the argument shall be the type name of an \Index{object type};
2968if it uses ©dtype©, the argument shall be the type name of an object type or an \Index{incomplete type};
2969and if it uses ©ftype©, the argument shall be the type name of a \Index{function type}.
2970
2971\semantics
2972An \define{assertion} is a declaration of a collection of objects and functions, called \define{assertion parameters}.
2973
2974The assertion parameters produced by an assertion that applies the name of a specification to type arguments are found by taking the declarations specified in the specification and treating each of the specification's parameters as a synonym for the corresponding \nonterm{type-name} argument.
2975
2976The collection of assertion parameters produced by the \nonterm{assertion-list} are found by combining the declarations produced by each assertion.
2977If the collection contains two declarations that declare the same identifier and have compatible types, they are combined into one declaration with the \Index{composite type} constructed from the two types.
2978
2979\examples
2980\begin{lstlisting}
2981forall( otype T | T ?*?( T, T ))§\use{?*?}§
2982T square( T val ) {§\impl{square}§
2983        return val + val;
2984}
2985trait summable( otype T ) {§\impl{summable}§
2986        T ?+=?( T *, T );§\use{?+=?}§
2987        const T 0;§\use{0}§
2988};
2989trait list_of( otype List, otype Element ) {§\impl{list_of}§
2990        Element car( List );
2991        List cdr( List );
2992        List cons( Element, List );
2993        List nil;
2994        int is_nil( List );
2995};
2996trait sum_list( otype List, otype Element | summable( Element ) | list_of( List, Element ) ) {};
2997\end{lstlisting}
2998©sum_list© contains seven declarations, which describe a list whose elements can be added up.
2999The assertion ``©|sum_list( i_list, int )©''\use{sum_list} produces the assertion parameters
3000\begin{lstlisting}
3001int ?+=?( int *, int );
3002const int 0;
3003int car( i_list );
3004i_list cdr( i_list );
3005i_list cons( int, i_list );
3006i_list nil;
3007int is_nil;
3008\end{lstlisting}
3009
3010
3011\subsection{Type declarations}
3012
3013\begin{syntax}
3014\lhs{type-parameter-list}
3015\rhs \nonterm{type-parameter}
3016\rhs \nonterm{type-parameter-list} ©,© \nonterm{type-parameter}
3017\lhs{type-parameter}
3018\rhs \nonterm{type-class} \nonterm{identifier} \nonterm{assertion-list}\opt
3019\lhs{type-class}
3020\rhs ©type©
3021\rhs ©dtype©
3022\rhs ©ftype©
3023\lhs{type-declaration}
3024\rhs \nonterm{storage-class-specifier}\opt ©type© \nonterm{type-declarator-list} \verb|;|
3025\lhs{type-declarator-list}
3026\rhs \nonterm{type-declarator}
3027\rhs \nonterm{type-declarator-list} ©,© \nonterm{type-declarator}
3028\lhs{type-declarator}
3029\rhs \nonterm{identifier} \nonterm{assertion-list}\opt ©=© \nonterm{type-name}
3030\rhs \nonterm{identifier} \nonterm{assertion-list}\opt
3031\end{syntax}
3032
3033\constraints
3034If a type declaration has block scope, and the declared identifier has external or internal linkage, the declaration shall have no initializer for the identifier.
3035
3036\semantics
3037A \nonterm{type-parameter} or a \nonterm{type-declarator} declares an identifier to be a \Index{type name} for a type incompatible with all other types.
3038
3039An identifier declared by a \nonterm{type-parameter} has \Index{no linkage}.
3040Identifiers declared with type-class ©type©\use{type} are \Index{object type}s;
3041those declared with type-class ©dtype©\use{dtype} are \Index{incomplete type}s;
3042and those declared with type-class ©ftype©\use{ftype} are \Index{function type}s.
3043The identifier has \Index{block scope} that terminates at the end of the \nonterm{spec-declaration-list} or polymorphic function that contains the \nonterm{type-parameter}.
3044
3045A \nonterm{type-declarator} with an \Index{initializer} is a \define{type definition}.  The declared identifier is an \Index{incomplete type} within the initializer, and an \Index{object type} after the end of the initializer.
3046The type in the initializer is called the \define{implementation
3047  type}.
3048Within the scope of the declaration, \Index{implicit conversion}s can be performed between the defined type and the implementation type, and between pointers to the defined type and pointers to the implementation type.
3049
3050A type declaration without an \Index{initializer} and without a \Index{storage-class specifier} or with storage-class specifier ©static©\use{static} defines an \Index{incomplete type}.
3051If a \Index{translation unit} or \Index{block} contains one or more such declarations for an identifier, it must contain exactly one definition of the identifier ( but not in an enclosed block, which would define a new type known only within that block).
3052\begin{rationale}
3053Incomplete type declarations allow compact mutually-recursive types.
3054\begin{lstlisting}
3055otype t1; // incomplete type declaration
3056otype t2 = struct { t1 * p; ... };
3057otype t1 = struct { t2 * p; ... };
3058\end{lstlisting}
3059Without them, mutual recursion could be handled by declaring mutually recursive structures, then initializing the types to those structures.
3060\begin{lstlisting}
3061struct s1;
3062otype t2 = struct s2 { struct s1 * p; ... };
3063otype t1 = struct s1 { struct s2 * p; ... };
3064\end{lstlisting}
3065This introduces extra names, and may force the programmer to cast between the types and their implementations.
3066\end{rationale}
3067
3068A type declaration without an initializer and with \Index{storage-class specifier} ©extern©\use{extern} is an \define{opaque type declaration}.
3069Opaque types are \Index{object type}s.
3070An opaque type is not a \nonterm{constant-expression};
3071neither is a structure or union that has a member whose type is not a \nonterm{constant-expression}.
3072Every other \Index{object type} is a \nonterm{constant-expression}.
3073Objects with static storage duration shall be declared with a type that is a \nonterm{constant-expression}.
3074\begin{rationale}
3075Type declarations can declare identifiers with external linkage, whereas typedef declarations declare identifiers that only exist within a translation unit.
3076These opaque types can be used in declarations, but the implementation of the type is not visible.
3077
3078Static objects can not have opaque types because space for them would have to be allocated at program start-up.
3079This is a deficiency\index{deficiencies!static opaque objects}, but I don't want to deal with ``module initialization'' code just now.
3080\end{rationale}
3081
3082An \Index{incomplete type} which is not a qualified version\index{qualified type} of a type is a value of \Index{type-class} ©dtype©.
3083An object type\index{object types} which is not a qualified version of a type is a value of type-classes ©type© and ©dtype©.
3084A \Index{function type} is a value of type-class ©ftype©.
3085\begin{rationale}
3086Syntactically, a type value is a \nonterm{type-name}, which is a declaration for an object which omits the identifier being declared.
3087
3088Object types are precisely the types that can be instantiated.
3089Type qualifiers are not included in type values because the compiler needs the information they provide at compile time to detect illegal statements or to produce efficient machine instructions.
3090For instance, the code that a compiler must generate to manipulate an object that has volatile-qualified type may be different from the code to manipulate an ordinary object.
3091
3092Type qualifiers are a weak point of C's type system.
3093Consider the standard library function ©strchr()© which, given a string and a character, returns a pointer to the first occurrence of the character in the string.
3094\begin{lstlisting}
3095char *strchr( const char *s, int c ) {§\impl{strchr}§
3096        char real_c = c; // done because c was declared as int.
3097        for ( ; *s != real_c; s++ )
3098                if ( *s == '\0' ) return NULL;
3099        return ( char * )s;
3100}
3101\end{lstlisting}
3102The parameter ©s© must be ©const char *©, because ©strchr()© might be used to search a constant string, but the return type must be ©char *©, because the result might be used to modify a non-constant string.
3103Hence the body must perform a cast, and ( even worse) ©strchr()© provides a type-safe way to attempt to modify constant strings.
3104What is needed is some way to say that ©s©'s type might contain qualifiers, and the result type has exactly the same qualifiers.
3105Polymorphic functions do not provide a fix for this deficiency\index{deficiencies!pointers to qualified types}, because type qualifiers are not part of type values.
3106Instead, overloading can be used to define ©strchr()© for each combination of qualifiers.
3107\end{rationale}
3108
3109\begin{rationale}
3110Since \Index{incomplete type}s are not type values, they can not be used as the initializer in a type declaration, or as the type of a structure or union member.
3111This prevents the declaration of types that contain each other.
3112\begin{lstlisting}
3113otype t1;
3114otype t2 = t1; // illegal: incomplete type t1
3115otype t1 = t2;
3116\end{lstlisting}
3117
3118The initializer in a file-scope declaration must be a constant expression.
3119This means type declarations can not build on opaque types, which is a deficiency\index{deficiencies!nesting opaque
3120 types}.
3121\begin{lstlisting}
3122extern otype Huge; // extended-precision integer type
3123otype Rational = struct {
3124        Huge numerator, denominator;    // illegal
3125};
3126struct Pair {
3127        Huge first, second;                             // legal
3128};
3129\end{lstlisting}
3130Without this restriction, \CFA might require ``module initialization'' code ( since ©Rational© has external linkage, it must be created before any other translation unit instantiates it), and would force an ordering on the initialization of the translation unit that defines ©Huge© and the translation that declares ©Rational©.
3131
3132A benefit of the restriction is that it prevents the declaration in separate translation units of types that contain each other, which would be hard to prevent otherwise.
3133\begin{lstlisting}
3134//  File a.c:
3135        extern type t1;
3136        type t2 = struct { t1 f1; ... } // illegal
3137//  File b.c:
3138        extern type t2;
3139        type t1 = struct { t2 f2; ... } // illegal
3140\end{lstlisting}
3141\end{rationale}
3142
3143\begin{rationale}
3144Since a \nonterm{type-declaration} is a \nonterm{declaration} and not a
3145\nonterm{struct-declaration}, type declarations can not be structure members.
3146The form of
3147\nonterm{type-declaration} forbids arrays of, pointers to, and functions returning ©type©.
3148Hence the syntax of \nonterm{type-specifier} does not have to be extended to allow type-valued expressions.
3149It also side-steps the problem of type-valued expressions producing different values in different declarations.
3150
3151Since a type declaration is not a \nonterm{parameter-declaration}, functions can not have explicit type parameters.
3152This may be too restrictive, but it attempts to make compilation simpler.
3153Recall that when traditional C scanners read in an identifier, they look it up in the symbol table to determine whether or not it is a typedef name, and return a ``type'' or ``identifier'' token depending on what they find.
3154A type parameter would add a type name to the current scope.
3155The scope manipulations involved in parsing the declaration of a function that takes function pointer parameters and returns a function pointer may just be too complicated.
3156
3157Explicit type parameters don't seem to be very useful, anyway, because their scope would not include the return type of the function.
3158Consider the following attempt to define a type-safe memory allocation function.
3159\begin{lstlisting}
3160#include <stdlib.h>
3161T * new( otype T ) { return ( T * )malloc( sizeof( T) ); };
3162... int * ip = new( int );
3163\end{lstlisting}
3164This looks sensible, but \CFA's declaration-before-use rules mean that ``©T©'' in the function body refers to the parameter, but the ``©T©'' in the return type refers to the meaning of ©T© in the scope that contains ©new©;
3165it could be undefined, or a type name, or a function or variable name.
3166Nothing good can result from such a situation.
3167\end{rationale}
3168
3169\examples
3170Since type declarations create new types, instances of types are always passed by value.
3171\begin{lstlisting}
3172otype A1 = int[2];
3173void f1( A1 a ) { a[0] = 0; };
3174otypedef int A2[2];
3175void f2( A2 a ) { a[0] = 0; };
3176A1 v1;
3177A2 v2;
3178f1( v1 );
3179f2( v2 );
3180\end{lstlisting}
3181©V1© is passed by value, so ©f1()©'s assignment to ©a[0]© does not modify v1.  ©V2© is converted to a pointer, so ©f2()© modifies ©v2[0]©.
3182
3183A translation unit containing the declarations
3184\begin{lstlisting}
3185extern type Complex;§\use{Complex}§ // opaque type declaration
3186extern float abs( Complex );§\use{abs}§
3187\end{lstlisting} can contain declarations of complex numbers, which can be passed to ©abs©.
3188Some other translation unit must implement ©Complex© and ©abs©.
3189That unit might contain the declarations
3190\begin{lstlisting}
3191otype Complex = struct { float re, im; }\impl{Complex}§
3192Complex cplx_i = { 0.0, 1.0 }\impl{cplx_i}§
3193float abs( Complex c ) {§\impl{abs( Complex )}§
3194        return sqrt( c.re * c.re + c.im * c.im );
3195}
3196\end{lstlisting}
3197Note that ©c© is implicitly converted to a ©struct© so that its components can be retrieved.
3198
3199\begin{lstlisting}
3200otype Time_of_day = int;§\impl{Time_of_day}§ // seconds since midnight.
3201Time_of_day ?+?( Time_of_day t1, int seconds ) {§\impl{?+?}§
3202        return (( int)t1 + seconds ) % 86400;
3203}
3204\end{lstlisting}
3205©t1© must be cast to its implementation type to prevent infinite recursion.
3206
3207\begin{rationale}
3208Within the scope of a type definition, an instance of the type can be viewed as having that type or as having the implementation type.
3209In the ©Time_of_day© example, the difference is important.
3210Different languages have treated the distinction between the abstraction and the implementation in different ways.
3211\begin{itemize}
3212\item
3213Inside a Clu cluster \cite{CLU}, the declaration of an instance states which view applies.
3214Two primitives called ©up© and ©down© can be used to convert between the views.
3215\item
3216The Simula class \cite{SIMULA87} is essentially a record type.
3217Since the only operations on a record are member selection and assignment, which can not be overloaded, there is never any ambiguity as to whether the abstraction or the implementation view is being used.
3218In {\CC}
3219\cite{C++}, operations on class instances include assignment and ``©&©'', which can be overloaded.
3220A ``scope resolution'' operator can be used inside the class to specify whether the abstract or implementation version of the operation should be used.
3221\item
3222An Ada derived type definition \cite{Ada} creates a new type from an old type, and also implicitly declares derived subprograms that correspond to the existing subprograms that use the old type as a parameter type or result type.
3223The derived subprograms are clones of the existing subprograms with the old type replaced by the derived type.
3224Literals and aggregates of the old type are also cloned.
3225In other words, the abstract view provides exactly the same operations as the implementation view.
3226This allows the abstract view to be used in all cases.
3227
3228The derived subprograms can be replaced by programmer-specified subprograms.
3229This is an exception to the normal scope rules, which forbid duplicate definitions of a subprogram in a scope.
3230In this case, explicit conversions between the derived type and the old type can be used.
3231\end{itemize}
3232\CFA's rules are like Clu's, except that implicit conversions and conversion costs allow it to do away with most uses of ©up© and ©down©.
3233\end{rationale}
3234
3235
3236\subsubsection{Default functions and objects}
3237
3238A declaration\index{type declaration} of a type identifier ©T© with type-class ©type© implicitly declares a \define{default assignment} function ©T ?=?( T *, T )©\use{?=?}, with the same \Index{scope} and \Index{linkage} as the identifier ©T©.
3239\begin{rationale}
3240Assignment is central to C's imperative programming style, and every existing C object type has assignment defined for it ( except for array types, which are treated as pointer types for purposes of assignment).
3241Without this rule, nearly every inferred type parameter would need an accompanying assignment assertion parameter.
3242If a type parameter should not have an assignment operation, ©dtype© should be used.
3243If a type should not have assignment defined, the user can define an assignment function that causes a run-time error, or provide an external declaration but no definition and thus cause a link-time error.
3244\end{rationale}
3245
3246A definition\index{type definition} of a type identifier ©T© with \Index{implementation type} ©I© and type-class ©type© implicitly defines a default assignment function.
3247A definition\index{type definition} of a type identifier ©T© with implementation type ©I© and an assertion list implicitly defines \define{default function}s and \define{default object}s as declared by the assertion declarations.
3248The default objects and functions have the same \Index{scope} and \Index{linkage} as the identifier ©T©.
3249Their values are determined as follows:
3250\begin{itemize}
3251\item
3252If at the definition of ©T© there is visible a declaration of an object with the same name as the default object, and if the type of that object with all occurrence of ©I© replaced by ©T© is compatible with the type of the default object, then the default object is initialized with that object.
3253Otherwise the scope of the declaration of ©T© must contain a definition of the default object.
3254
3255\item 
3256If at the definition of ©T© there is visible a declaration of a function with the same name as the default function, and if the type of that function with all occurrence of ©I© replaced by ©T© is compatible with the type of the default function, then the default function calls that function after converting its arguments and returns the converted result.
3257
3258Otherwise, if ©I© contains exactly one anonymous member\index{anonymous member} such that at the definition of ©T© there is visible a declaration of a function with the same name as the default function, and the type of that function with all occurrences of the anonymous member's type in its parameter list replaced by ©T© is compatible with the type of the default function, then the default function calls that function after converting its arguments and returns the result.
3259
3260Otherwise the scope of the declaration of ©T© must contain a definition of the default function.
3261\end{itemize}
3262\begin{rationale}
3263Note that a pointer to a default function will not compare as equal to a pointer to the inherited function.
3264\end{rationale}
3265
3266A function or object with the same type and name as a default function or object that is declared within the scope of the definition of ©T© replaces the default function or object.
3267
3268\examples
3269\begin{lstlisting}
3270trait s( otype T ) {
3271        T a, b;
3272} struct impl { int left, right; } a = { 0, 0 };
3273otype Pair | s( Pair ) = struct impl;
3274Pair b = { 1, 1 };
3275\end{lstlisting}
3276The definition of ©Pair© implicitly defines two objects ©a© and ©b©.
3277©Pair a© inherits its value from the ©struct impl a©.
3278The definition of ©Pair b© is compulsory because there is no ©struct impl b© to construct a value from.
3279\begin{lstlisting}
3280trait ss( otype T ) {
3281        T clone( T );
3282        void munge( T * );
3283}
3284otype Whatsit | ss( Whatsit );§\use{Whatsit}§
3285otype Doodad | ss( Doodad ) = struct doodad {§\use{Doodad}§
3286        Whatsit; // anonymous member
3287        int extra;
3288};
3289Doodad clone( Doodad ) { ... }
3290\end{lstlisting}
3291The definition of ©Doodad© implicitly defines three functions:
3292\begin{lstlisting}
3293Doodad ?=?( Doodad *, Doodad );
3294Doodad clone( Doodad );
3295void munge( Doodad * );
3296\end{lstlisting}
3297The assignment function inherits ©struct doodad©'s assignment function because the types match when ©struct doodad©  is replaced by ©Doodad© throughout.
3298©munge()© inherits ©Whatsit©'s ©munge()© because the types match when ©Whatsit© is replaced by ©Doodad© in the parameter list. ©clone()© does \emph{not} inherit ©Whatsit©'s ©clone()©: replacement in the parameter list yields ``©Whatsit clone( Doodad )©'', which is not compatible with ©Doodad©'s ©clone()©'s type.
3299Hence the definition of ``©Doodad clone( Doodad )©'' is necessary.
3300
3301Default functions and objects are subject to the normal scope rules.
3302\begin{lstlisting}
3303otype T = ...;
3304T a_T = ...;            // Default assignment used.
3305T ?=?( T *, T );
3306T a_T = ...;            // Programmer-defined assignment called.
3307\end{lstlisting}
3308\begin{rationale}
3309A compiler warning would be helpful in this situation.
3310\end{rationale}
3311
3312\begin{rationale}
3313The \emph{class} construct of object-oriented programming languages performs three independent functions.
3314It \emph{encapsulates} a data structure;
3315it defines a \emph{subtype} relationship, whereby instances of one class may be used in contexts that require instances of another;
3316and it allows one class to \emph{inherit} the implementation of another.
3317
3318In \CFA, encapsulation is provided by opaque types and the scope rules, and subtyping is provided by specifications and assertions.
3319Inheritance is provided by default functions and objects.
3320\end{rationale}
3321
3322
3323\section{Statements and blocks}
3324
3325\begin{syntax}
3326\oldlhs{statement}
3327\rhs \nonterm{exception-statement}
3328\end{syntax}
3329
3330Many statements contain expressions, which may have more than one interpretation.
3331The following sections describe how the \CFA translator selects an interpretation.
3332In all cases the result of the selection shall be a single unambiguous \Index{interpretation}.
3333
3334
3335\subsection{Labeled statements}
3336
3337\begin{syntax}
3338\oldlhs{labeled-statement}
3339\rhs ©case© \nonterm{case-value-list} : \nonterm{statement}
3340\lhs{case-value-list}
3341\rhs \nonterm{case-value}
3342\rhs \nonterm{case-value-list} ©,© \nonterm{case-value}
3343\lhs{case-value}
3344\rhs \nonterm{constant-expression}
3345\rhs \nonterm{subrange}
3346\lhs{subrange}
3347\rhs \nonterm{constant-expression} ©~© \nonterm{constant-expression}
3348\end{syntax}
3349
3350The following have identical meaning:
3351\begin{lstlisting}
3352case 1:  case 2:  case 3:  case 4:  case 5:
3353case 1, 2, 3, 4, 5:
3354case 1~5:
3355\end{lstlisting}
3356Multiple subranges are allowed:
3357\begin{lstlisting}
3358case 1~4, 9~14, 27~32:
3359\end{lstlisting}
3360The ©case© and ©default© clauses are restricted within the ©switch© and ©choose© statements, precluding Duff's device.
3361
3362
3363\subsection{Expression and null statements}
3364
3365The expression in an expression statement is treated as being cast to ©void©.
3366
3367
3368\subsection{Selection statements}
3369
3370\begin{syntax}
3371\oldlhs{selection-statement}
3372\rhs ©choose© ©(© \nonterm{expression} ©)© \nonterm{statement}
3373\end{syntax}
3374
3375The controlling expression ©E© in the ©switch© and ©choose© statement:
3376\begin{lstlisting}
3377switch ( E ) ...
3378choose ( E ) ...
3379\end{lstlisting} may have more than one interpretation, but it shall have only one interpretation with an integral type.
3380An \Index{integer promotion} is performed on the expression if necessary.
3381The constant expressions in ©case© statements with the switch are converted to the promoted type.
3382
3383
3384\setcounter{subsubsection}{3}
3385\subsubsection[The choose statement]{The \lstinline@choose@ statement}
3386
3387The ©choose© statement is the same as the ©switch© statement except control transfers to the end of the ©choose© statement at a ©case© or ©default© labeled statement.
3388The ©fallthru© statement is used to fall through to the next ©case© or ©default© labeled statement.
3389The following have identical meaning:
3390\begin{flushleft}
3391\begin{tabular}{@{\hspace{2em}}l@{\hspace{2em}}l@{}}
3392\begin{lstlisting}
3393switch (...) {
3394  case 1: ... ; break;
3395  case 2: ... ; break;
3396  case 3: ... ; // fall through
3397  case 4: ... ; // fall through
3398  default: ... break;
3399}
3400\end{lstlisting}
3401&
3402\begin{lstlisting}
3403choose (...) {
3404  case 1: ... ; // exit
3405  case 2: ... ; // exit
3406  case 3: ... ; fallthru;
3407  case 4: ... ; fallthru;
3408  default: ... ; // exit
3409}
3410\end{lstlisting}
3411\end{tabular}
3412\end{flushleft}
3413The ©choose© statement addresses the problem of accidental fall-through associated with the ©switch© statement.
3414
3415
3416\subsection{Iteration statements}
3417
3418The controlling expression ©E© in the loops
3419\begin{lstlisting}
3420if ( E ) ...
3421while ( E ) ...
3422do ... while ( E );
3423\end{lstlisting}
3424is treated as ``©( int )((E)!=0)©''.
3425
3426The statement
3427\begin{lstlisting}
3428for ( a; b; c ) ...
3429\end{lstlisting} is treated as
3430\begin{lstlisting}
3431for ( ( void )( a ); ( int )(( b )!=0); ( void )( c ) ) ...
3432\end{lstlisting}
3433
3434
3435\subsection{Jump statements}
3436
3437\begin{syntax}
3438\oldlhs{jump-statement}
3439\rhs ©continue© \nonterm{identifier}\opt
3440\rhs ©break© \nonterm{identifier}\opt
3441\rhs \ldots
3442\rhs ©throw© \nonterm{assignment-expression}\opt
3443\rhs ©throwResume© \nonterm{assignment-expression}\opt \nonterm{at-expression}\opt
3444\lhs{at-expression} ©_At© \nonterm{assignment-expression}
3445\end{syntax}
3446
3447Labeled ©continue© and ©break© allow useful but restricted control-flow that reduces the need for the ©goto© statement for exiting multiple nested control-structures.
3448\begin{lstlisting}
3449L1: {                                                   // compound
3450  L2: switch ( ... ) {                  // switch
3451          case ...:
3452          L3: for ( ;; ) {                      // outer for
3453                L4: for ( ;; ) {                // inner for
3454                                continue L1;    // error: not enclosing iteration
3455                                continue L2;    // error: not enclosing iteration
3456                                continue L3;    // next iteration of outer for
3457                                continue L4;    // next iteration of inner for
3458                                break L1;               // exit compound
3459                                break L2;               // exit switch
3460                                break L3;               // exit outer for
3461                                break L4;               // exit inner for
3462                        } // for
3463                } // for
3464                break;                                  // exit switch
3465          default:
3466                break L1;                               // exit compound
3467        } // switch
3468        ...
3469} // compound
3470\end{lstlisting}
3471
3472
3473\setcounter{subsubsection}{1}
3474\subsubsection[The continue statement]{The \lstinline@continue@ statement}
3475
3476The identifier in a ©continue© statement shall name a label located on an enclosing iteration statement.
3477
3478
3479\subsubsection[The break statement]{The \lstinline@break@ statement}
3480
3481The identifier in a ©break© statement shall name a label located on an enclosing compound, selection or iteration statement.
3482
3483
3484\subsubsection[The return statement]{The \lstinline@return@ statement}
3485
3486An expression in a ©return© statement is treated as being cast to the result type of the function.
3487
3488
3489\subsubsection[The throw statement]{The \lstinline@throw@ statement}
3490
3491When an exception is raised, \Index{propagation} directs control from a raise in the source execution to a handler in the faulting execution.
3492
3493
3494\subsubsection[The throwResume statement]{The \lstinline@throwResume@ statement}
3495
3496
3497\subsection{Exception statements}
3498
3499\begin{syntax}
3500\lhs{exception-statement}
3501\rhs ©try© \nonterm{compound-statement} \nonterm{handler-list}
3502\rhs ©try© \nonterm{compound-statement} \nonterm{finally-clause}
3503\rhs ©try© \nonterm{compound-statement} \nonterm{handler-list} \nonterm{finally-clause}
3504\lhs{handler-list}
3505\rhs \nonterm{handler-clause}
3506\rhs ©catch© ©(© \ldots ©)© \nonterm{compound-statement}
3507\rhs \nonterm{handler-clause} ©catch© ©(© \ldots ©)© \nonterm{compound-statement}
3508\rhs ©catchResume© ©(© \ldots ©)© \nonterm{compound-statement}
3509\rhs \nonterm{handler-clause} ©catchResume© ©(© \ldots ©)© \nonterm{compound-statement}
3510\lhs{handler-clause}
3511\rhs ©catch© ©(© \nonterm{exception-declaration} ©)© \nonterm{compound-statement}
3512\rhs \nonterm{handler-clause} ©catch© ©(© \nonterm{exception-declaration} ©)© \nonterm{compound-statement}
3513\rhs ©catchResume© ©(© \nonterm{exception-declaration} ©)© \nonterm{compound-statement}
3514\rhs \nonterm{handler-clause} ©catchResume© ©(© \nonterm{exception-declaration} ©)© \nonterm{compound-statement}
3515\lhs{finally-clause}
3516\rhs ©finally© \nonterm{compound-statement}
3517\lhs{exception-declaration}
3518\rhs \nonterm{type-specifier}
3519\rhs \nonterm{type-specifier} \nonterm{declarator}
3520\rhs \nonterm{type-specifier} \nonterm{abstract-declarator}
3521\rhs \nonterm{new-abstract-declarator-tuple} \nonterm{identifier}
3522\rhs \nonterm{new-abstract-declarator-tuple}
3523\lhs{asynchronous-statement}
3524\rhs ©enable© \nonterm{identifier-list} \nonterm{compound-statement}
3525\rhs ©disable© \nonterm{identifier-list} \nonterm{compound-statement}
3526\end{syntax}
3527
3528\Index{Exception statement}s allow a dynamic call to a handler for \Index{recovery} (\Index{termination}) or \Index{correction} (\Index{resumption}) of an \Index{abnormal event}.
3529
3530
3531\subsubsection[The try statement]{The \lstinline@try@ statement}
3532
3533The ©try© statement is a block with associated handlers, called a \Index{guarded block};
3534all other blocks are \Index{unguarded block}s.
3535A ©goto©, ©break©, ©return©, or ©continue© statement can be used to transfer control out of a try block or handler, but not into one.
3536
3537
3538\subsubsection[The enable/disable statements]{The \lstinline@enable@/\lstinline@disable@ statements}
3539
3540The ©enable©/©disable© statements toggle delivery of \Index{asynchronous exception}s.
3541
3542
3543\setcounter{section}{9}
3544\section{Preprocessing directives}
3545
3546
3547\setcounter{subsection}{7}
3548\subsection{Predefined macro names}
3549
3550The implementation shall define the macro names ©__LINE__©, ©__FILE__©, ©__DATE__©, and ©__TIME__©, as in the {\c11} standard.
3551It shall not define the macro name ©__STDC__©.
3552
3553In addition, the implementation shall define the macro name ©__CFORALL__© to be the decimal constant 1.
3554
3555
3556\appendix
3557
3558
3559\chapter{Examples}
3560
3561
3562\section{C types}
3563This section gives example specifications for some groups of types that are important in the C language, in terms of the predefined operations that can be applied to those types.
3564
3565
3566\subsection{Scalar, arithmetic, and integral types}
3567
3568The pointer, integral, and floating-point types are all \define{scalar types}.
3569All of these types can be logically negated and compared.
3570The assertion ``©scalar( Complex )©'' should be read as ``type ©Complex© is scalar''.
3571\begin{lstlisting}
3572trait scalar( otype T ) {§\impl{scalar}§
3573        int !?( T );
3574        int ?<?( T, T ), ?<=?( T, T ), ?==?( T, T ), ?>=?( T, T ), ?>?( T, T ), ?!=?( T, T );
3575};
3576\end{lstlisting}
3577
3578The integral and floating-point types are \define{arithmetic types}, which support the basic arithmetic operators.
3579The use of an assertion in the \nonterm{spec-parameter-list} declares that, in order to be arithmetic, a type must also be scalar ( and hence that scalar operations are available ).
3580This is equivalent to inheritance of specifications.
3581\begin{lstlisting}
3582trait arithmetic( otype T | scalar( T ) ) {§\impl{arithmetic}§§\use{scalar}§
3583        T +?( T ), -?( T );
3584        T ?*?( T, T ), ?/?( T, T ), ?+?( T, T ), ?-?( T, T );
3585};
3586\end{lstlisting}
3587
3588The various flavors of ©char© and ©int© and the enumerated types make up the \define{integral types}.
3589\begin{lstlisting}
3590trait integral( otype T | arithmetic( T ) ) {§\impl{integral}§§\use{arithmetic}§
3591        T ~?( T );
3592        T ?&?( T, T ), ?|?( T, T ), ?^?( T, T );
3593        T ?%?( T, T );
3594        T ?<<?( T, T ), ?>>?( T, T );
3595};
3596\end{lstlisting}
3597
3598
3599\subsection{Modifiable types}
3600\index{modifiable lvalue}
3601
3602The only operation that can be applied to all modifiable lvalues is simple assignment.
3603\begin{lstlisting}
3604trait m_lvalue( otype T ) {§\impl{m_lvalue}§
3605        T ?=?( T *, T );
3606};
3607\end{lstlisting}
3608
3609Modifiable scalar lvalues are scalars and are modifiable lvalues, and assertions in the
3610\nonterm{spec-parameter-list} reflect those relationships.
3611This is equivalent to multiple inheritance of specifications.
3612Scalars can also be incremented and decremented.
3613\begin{lstlisting}
3614trait m_l_scalar( otype T | scalar( T ) | m_lvalue( T ) ) {§\impl{m_l_scalar}§
3615        T ?++( T * ), ?--( T * );§\use{scalar}§§\use{m_lvalue}§
3616        T ++?( T * ), --?( T * );
3617};
3618\end{lstlisting}
3619
3620Modifiable arithmetic lvalues are both modifiable scalar lvalues and arithmetic.
3621Note that this results in the ``inheritance'' of ©scalar© along both paths.
3622\begin{lstlisting}
3623trait m_l_arithmetic( otype T | m_l_scalar( T ) | arithmetic( T ) ) {§\impl{m_l_arithmetic}§
3624        T ?/=?( T *, T ), ?*=?( T *, T );§\use{m_l_scalar}§§\use{arithmetic}§
3625        T ?+=?( T *, T ), ?-=?( T *, T );
3626};
3627trait m_l_integral( otype T | m_l_arithmetic( T ) | integral( T ) ) {§\impl{m_l_integral}§
3628        T ?&=?( T *, T ), ?|=?( T *, T ), ?^=?( T *, T );§\use{m_l_arithmetic}§
3629        T ?%=?( T *, T ), ?<<=?( T *, T ), ?>>=?( T *, T );§\use{integral}§
3630};
3631\end{lstlisting}
3632
3633
3634\subsection{Pointer and array types}
3635
3636Array types can barely be said to exist in {\c11}, since in most cases an array name is treated as a constant pointer to the first element of the array, and the subscript expression ``©a[i]©'' is equivalent to the dereferencing expression ``©(*( a+( i )))©''.
3637Technically, pointer arithmetic and pointer comparisons other than ``©==©'' and ``©!=©'' are only defined for pointers to array elements, but the type system does not enforce those restrictions.
3638Consequently, there is no need for a separate ``array type'' specification.
3639
3640Pointer types are scalar types.
3641Like other scalar types, they have ``©+©'' and ``©-©'' operators, but the types do not match the types of the operations in ©arithmetic©, so these operators cannot be consolidated in ©scalar©.
3642\begin{lstlisting}
3643trait pointer( type P | scalar( P ) ) {§\impl{pointer}§§\use{scalar}§
3644        P ?+?( P, long int ), ?+?( long int, P ), ?-?( P, long int );
3645        ptrdiff_t ?-?( P, P );
3646};
3647trait m_l_pointer( type P | pointer( P ) | m_l_scalar( P ) ) {§\impl{m_l_pointer}§
3648        P ?+=?( P *, long int ), ?-=?( P *, long int );
3649        P ?=?( P *, void * );
3650        void * ?=?( void **, P );
3651};
3652\end{lstlisting}
3653
3654Specifications that define the dereference operator ( or subscript operator ) require two parameters, one for the pointer type and one for the pointed-at ( or element ) type.
3655Different specifications are needed for each set of \Index{type qualifier}s, because qualifiers are not included in types.
3656The assertion ``©|ptr_to( Safe_pointer, int )©'' should be read as ``©Safe_pointer© acts like a pointer to ©int©''.
3657\begin{lstlisting}
3658trait ptr_to( otype P | pointer( P ), otype T ) {§\impl{ptr_to}§§\use{pointer}§
3659        lvalue T *?( P );
3660        lvalue T ?[?]( P, long int );
3661};
3662trait ptr_to_const( otype P | pointer( P ), otype T ) {§\impl{ptr_to_const}§
3663        const lvalue T *?( P );
3664        const lvalue T ?[?]( P, long int );§\use{pointer}§
3665};
3666trait ptr_to_volatile( otype P | pointer( P ), otype T ) }§\impl{ptr_to_volatile}§
3667        volatile lvalue T *?( P );
3668        volatile lvalue T ?[?]( P, long int );§\use{pointer}§
3669};
3670trait ptr_to_const_volatile( otype P | pointer( P ), otype T ) }§\impl{ptr_to_const_volatile}§
3671        const volatile lvalue T *?( P );§\use{pointer}§
3672        const volatile lvalue T ?[?]( P, long int );
3673};
3674\end{lstlisting}
3675
3676Assignment to pointers is more complicated than is the case with other types, because the target's type can have extra type qualifiers in the pointed-at type: a ``©T *©'' can be assigned to a ``©const T *©'', a ``©volatile T *©'', and a ``©const volatile T *©''.
3677Again, the pointed-at type is passed in, so that assertions can connect these specifications to the ``©ptr_to©'' specifications.
3678\begin{lstlisting}
3679trait m_l_ptr_to( otype P | m_l_pointer( P ),§\use{m_l_pointer}§§\impl{m_l_ptr_to}§ otype T | ptr_to( P, T )§\use{ptr_to}§ {
3680        P ?=?( P *, T * );
3681        T * ?=?( T **, P );
3682};
3683trait m_l_ptr_to_const( otype P | m_l_pointer( P ),§\use{m_l_pointer}§§\impl{m_l_ptr_to_const}§ otype T | ptr_to_const( P, T )§\use{ptr_to_const}§) {
3684        P ?=?( P *, const T * );
3685        const T * ?=?( const T **, P );
3686};
3687trait m_l_ptr_to_volatile( otype P | m_l_pointer( P ),§\use{m_l_pointer}§§\impl{m_l_ptr_to_volatile}§ otype T | ptr_to_volatile( P, T )) {§\use{ptr_to_volatile}§
3688        P ?=?( P *, volatile T * );
3689        volatile T * ?=?( volatile T **, P );
3690};
3691trait m_l_ptr_to_const_volatile( otype P | ptr_to_const_volatile( P ),§\use{ptr_to_const_volatile}§§\impl{m_l_ptr_to_const_volatile}§
3692                otype T | m_l_ptr_to_volatile( P, T ) | m_l_ptr_to_const( P )) {§\use{m_l_ptr_to_const}§§\use{m_l_ptr_to_volatile}§
3693        P ?=?( P *, const volatile T * );
3694        const volatile T * ?=?( const volatile T **, P );
3695};
3696\end{lstlisting}
3697
3698Note the regular manner in which type qualifiers appear in those specifications.
3699An alternative specification can make use of the fact that qualification of the pointed-at type is part of a pointer type to capture that regularity.
3700\begin{lstlisting}
3701trait m_l_ptr_like( type MyP | m_l_pointer( MyP ),§\use{m_l_pointer}§§\impl{m_l_ptr_like}§ type CP | m_l_pointer( CP ) ) {
3702        MyP ?=?( MyP *, CP );
3703        CP ?=?( CP *, MyP );
3704};
3705\end{lstlisting}
3706The assertion ``©| m_l_ptr_like( Safe_ptr, const int * )©'' should be read as ``©Safe_ptr© is a pointer type like ©const int *©''.
3707This specification has two defects, compared to the original four: there is no automatic assertion that dereferencing a ©MyP© produces an lvalue of the type that ©CP© points at, and the ``©|m_l_pointer( CP )©'' assertion provides only a weak assurance that the argument passed to ©CP© really is a pointer type.
3708
3709
3710\section{Relationships between operations}
3711
3712Different operators often have related meanings;
3713for instance, in C, ``©+©'', ``©+=©'', and the two versions of ``©++©'' perform variations of addition.
3714Languages like {\CC} and Ada allow programmers to define operators for new types, but do not require that these relationships be preserved, or even that all of the operators be implemented.
3715Completeness and consistency is left to the good taste and discretion of the programmer.
3716It is possible to encourage these attributes by providing generic operator functions, or member functions of abstract classes, that are defined in terms of other, related operators.
3717
3718In \CFA, polymorphic functions provide the equivalent of these generic operators, and specifications explicitly define the minimal implementation that a programmer should provide.
3719This section shows a few examples.
3720
3721
3722\subsection{Relational and equality operators}
3723
3724The different comparison operators have obvious relationships, but there is no obvious subset of the operations to use in the implementation of the others.
3725However, it is usually convenient to implement a single comparison function that returns a negative integer, 0, or a positive integer if its first argument is respectively less than, equal to, or greater than its second argument;
3726the library function ©strcmp© is an example.
3727
3728C and \CFA have an extra, non-obvious comparison operator: ``©!©'', logical negation, returns 1 if its operand compares equal to 0, and 0 otherwise.
3729\begin{lstlisting}
3730trait comparable( otype T ) {
3731        const T 0;
3732        int compare( T, T );
3733}
3734forall( otype T | comparable( T ) ) int ?<?( T l, T r ) {
3735        return compare( l, r ) < 0;
3736}
3737// ... similarly for <=, ==, >=, >, and !=.
3738forall( otype T | comparable( T ) ) int !?( T operand ) {
3739        return !compare( operand, 0 );
3740}
3741\end{lstlisting}
3742
3743
3744\subsection{Arithmetic and integer operations}
3745
3746A complete arithmetic type would provide the arithmetic operators and the corresponding assignment operators.
3747Of these, the assignment operators are more likely to be implemented directly, because it is usually more efficient to alter the contents of an existing object than to create and return a new one.
3748Similarly, a complete integral type would provide integral operations based on integral assignment operations.
3749\begin{lstlisting}
3750trait arith_base( otype T ) {
3751        const T 1;
3752        T ?+=?( T *, T ), ?-=?( T *, T ), ?*=?( T *, T ), ?/=?( T *, T );
3753}
3754forall( otype T | arith_base( T ) ) T ?+?( T l, T r ) {
3755        return l += r;
3756}
3757forall( otype T | arith_base( T ) ) T ?++( T * operand ) {
3758        T temporary = *operand;
3759        *operand += 1;
3760        return temporary;
3761}
3762forall( otype T | arith_base( T ) ) T ++?( T * operand ) {
3763        return *operand += 1;
3764}
3765// ... similarly for -, --, *, and /.
3766trait int_base( otype T ) {
3767        T ?&=?( T *, T ), ?|=?( T *, T ), ?^=?( T *, T );
3768        T ?%=?( T *, T ), ?<<=?( T *, T ), ?>>=?( T *, T );
3769}
3770forall( otype T | int_base( T ) ) T ?&?( T l, T r ) {
3771        return l &= r;
3772}
3773// ... similarly for |, ^, %, <<, and >>.
3774\end{lstlisting}
3775
3776Note that, although an arithmetic type would certainly provide comparison functions, and an integral type would provide arithmetic operations, there does not have to be any relationship among ©int_base©, ©arith_base© and ©comparable©.
3777Note also that these declarations provide guidance and assistance, but they do not define an absolutely minimal set of requirements.
3778A truly minimal implementation of an arithmetic type might only provide ©0©, ©1©, and ©?-=?©, which would be used by polymorphic ©?+=?©, ©?*=?©, and ©?/=?© functions.
3779
3780Note also that ©short© is an integer type in C11 terms, but has no operations!
3781
3782
3783\chapter{TODO}
3784Review index entries.
3785
3786Restrict allowed to qualify anything, or type/dtype parameters, but only affects pointers.
3787This gets into ©noalias© territory.
3788Qualifying anything (``©short restrict rs©'') means pointer parameters of ©?++©, etc, would need restrict qualifiers.
3789
3790Enumerated types.
3791Constants are not ints.
3792Overloading.
3793Definition should be ``representable as an integer type'', not ``as an int''.
3794C11 usual conversions freely convert to and from ordinary integer types via assignment, which works between any integer types.
3795Does enum Color ?*?( enum
3796Color, enum Color ) really make sense? ?++ does, but it adds (int)1.
3797
3798Operators on {,signed,unsigned} char and other small types. ©?<?© harmless;
3799?*? questionable for chars.
3800Generic selections make these choices visible.
3801Safe conversion operators? Predefined ``promotion'' function?
3802
3803©register© assignment might be handled as assignment to a temporary with copying back and forth, but copying must not be done by assignment.
3804
3805Don't use ©ptrdiff_t© by name in the predefineds.
3806
3807Polymorphic objects.
3808Polymorphic typedefs and type declarations.
3809
3810
3811\bibliographystyle{plain}
3812\bibliography{cfa}
3813
3814
3815\addcontentsline{toc}{chapter}{\indexname} % add index name to table of contents
3816\begin{theindex}
3817Italic page numbers give the location of the main entry for the referenced term.
3818Plain page numbers denote uses of the indexed term.
3819Entries for grammar non-terminals are italicized.
3820A typewriter font is used for grammar terminals and program identifiers.
3821\indexspace
3822\input{refrat.ind}
3823\end{theindex}
3824
3825\end{document}
3826
3827% Local Variables: %
3828% tab-width: 4 %
3829% fill-column: 100 %
3830% compile-command: "make" %
3831% End: %
Note: See TracBrowser for help on using the repository browser.