source: doc/rob_thesis/ctordtor.tex @ 3fb7f5e

aaron-thesisarm-ehcleanup-dtorsdeferred_resndemanglerjacob/cs343-translationjenkins-sandboxnew-astnew-ast-unique-exprnew-envno_listpersistent-indexerresolv-newwith_gc
Last change on this file since 3fb7f5e was 0111dc7, checked in by Rob Schluntz <rschlunt@…>, 5 years ago

penultimate thesis draft

  • Property mode set to 100644
File size: 58.6 KB
Line 
1%======================================================================
2\chapter{Constructors and Destructors}
3%======================================================================
4
5% TODO now: as an experiment, implement Andrei Alexandrescu's ScopeGuard http://www.drdobbs.com/cpp/generic-change-the-way-you-write-excepti/184403758?pgno=2
6% doesn't seem possible to do this without allowing ttype on generic structs?
7
8Since \CFA is a true systems language, it does not provide a garbage collector.
9As well, \CFA is not an object-oriented programming language, \ie, structures cannot have routine members.
10Nevertheless, one important goal is to reduce programming complexity and increase safety.
11To that end, \CFA provides support for implicit pre/post-execution of routines for objects, via constructors and destructors.
12
13This chapter details the design of constructors and destructors in \CFA, along with their current implementation in the translator.
14Generated code samples have been edited for clarity and brevity.
15
16\section{Design Criteria}
17\label{s:Design}
18In designing constructors and destructors for \CFA, the primary goals were ease of use and maintaining backwards compatibility.
19
20In C, when a variable is defined, its value is initially undefined unless it is explicitly initialized or allocated in the static area.
21\begin{cfacode}
22int main() {
23  int x;        // uninitialized
24  int y = 5;    // initialized to 5
25  x = y;        // assigned 5
26  static int z; // initialized to 0
27}
28\end{cfacode}
29In the example above, @x@ is defined and left uninitialized, while @y@ is defined and initialized to 5.
30Next, @x@ is assigned the value of @y@.
31In the last line, @z@ is implicitly initialized to 0 since it is marked @static@.
32The key difference between assignment and initialization being that assignment occurs on a live object (\ie, an object that contains data).
33It is important to note that this means @x@ could have been used uninitialized prior to being assigned, while @y@ could not be used uninitialized.
34Use of uninitialized variables yields undefined behaviour, which is a common source of errors in C programs.
35
36Initialization of a declaration is strictly optional, permitting uninitialized variables to exist.
37Furthermore, declaration initialization is limited to expressions, so there is no way to insert arbitrary code before a variable is live, without delaying the declaration.
38Many C compilers give good warnings for uninitialized variables most of the time, but they cannot in all cases.
39\begin{cfacode}
40int f(int *);  // output parameter: never reads, only writes
41int g(int *);  // input parameter: never writes, only reads,
42               // so requires initialized variable
43
44int x, y;
45f(&x);  // okay - only writes to x
46g(&y);  // uses y uninitialized
47\end{cfacode}
48Other languages are able to give errors in the case of uninitialized variable use, but due to backwards compatibility concerns, this is not the case in \CFA.
49
50In C, constructors and destructors are often mimicked by providing routines that create and tear down objects, where the tear down function is typically only necessary if the type modifies the execution environment.
51\begin{cfacode}
52struct array_int {
53  int * x;
54};
55struct array_int create_array(int sz) {
56  return (struct array_int) { calloc(sizeof(int)*sz) };
57}
58void destroy_rh(struct resource_holder * rh) {
59  free(rh->x);
60}
61\end{cfacode}
62This idiom does not provide any guarantees unless the structure is opaque, which then requires that all objects are heap allocated.
63\begin{cfacode}
64struct opqaue_array_int;
65struct opqaue_array_int * create_opqaue_array(int sz);
66void destroy_opaque_array(opaque_array_int *);
67int opaque_get(opaque_array_int *);  // subscript
68
69opaque_array_int * x = create_opaque_array(10);
70int x2 = opaque_get(x, 2);
71\end{cfacode}
72This pattern is cumbersome to use since every access becomes a function call.
73While useful in some situations, this compromise is too restrictive.
74Furthermore, even with this idiom it is easy to make mistakes, such as forgetting to destroy an object or destroying it multiple times.
75
76A constructor provides a way of ensuring that the necessary aspects of object initialization is performed, from setting up invariants to providing compile- and run-time checks for appropriate initialization parameters.
77This goal is achieved through a guarantee that a constructor is called implicitly after every object is allocated from a type with associated constructors, as part of an object's definition.
78Since a constructor is called on every object of a managed type, it is impossible to forget to initialize such objects, as long as all constructors perform some sensible form of initialization.
79
80In \CFA, a constructor is a function with the name @?{}@.
81Like other operators in \CFA, the name represents the syntax used to call the constructor, \eg, @struct S = { ... };@.
82Every constructor must have a return type of @void@ and at least one parameter, the first of which is colloquially referred to as the \emph{this} parameter, as in many object-oriented programming-languages (however, a programmer can give it an arbitrary name).
83The @this@ parameter must have a pointer type, whose base type is the type of object that the function constructs.
84There is precedence for enforcing the first parameter to be the @this@ parameter in other operators, such as the assignment operator, where in both cases, the left-hand side of the equals is the first parameter.
85There is currently a proposal to add reference types to \CFA.
86Once this proposal has been implemented, the @this@ parameter will become a reference type with the same restrictions.
87
88Consider the definition of a simple type encapsulating a dynamic array of @int@s.
89
90\begin{cfacode}
91struct Array {
92  int * data;
93  int len;
94}
95\end{cfacode}
96
97In C, if the user creates an @Array@ object, the fields @data@ and @len@ are uninitialized, unless an explicit initializer list is present.
98It is the user's responsibility to remember to initialize both of the fields to sensible values, since there are no implicit checks for invalid values or reasonable defaults.
99In \CFA, the user can define a constructor to handle initialization of @Array@ objects.
100
101\begin{cfacode}
102void ?{}(Array * arr){
103  arr->len = 10;    // default size
104  arr->data = malloc(sizeof(int)*arr->len);
105  for (int i = 0; i < arr->len; ++i) {
106    arr->data[i] = 0;
107  }
108}
109Array x;  // allocates storage for Array and calls ?{}(&x)
110\end{cfacode}
111
112This constructor initializes @x@ so that its @length@ field has the value 10, and its @data@ field holds a pointer to a block of memory large enough to hold 10 @int@s, and sets the value of each element of the array to 0.
113This particular form of constructor is called the \emph{default constructor}, because it is called on an object defined without an initializer.
114In other words, a default constructor is a constructor that takes a single argument: the @this@ parameter.
115
116In \CFA, a destructor is a function much like a constructor, except that its name is \lstinline!^?{}! and it takes only one argument.
117A destructor for the @Array@ type can be defined as:
118\begin{cfacode}
119void ^?{}(Array * arr) {
120  free(arr->data);
121}
122\end{cfacode}
123The destructor is automatically called at deallocation for all objects of type @Array@.
124Hence, the memory associated with an @Array@ is automatically freed when the object's lifetime ends.
125The exact guarantees made by \CFA with respect to the calling of destructors are discussed in section \ref{sub:implicit_dtor}.
126
127As discussed previously, the distinction between initialization and assignment is important.
128Consider the following example.
129\begin{cfacode}[numbers=left]
130Array x, y;
131Array z = x;  // initialization
132y = x;        // assignment
133\end{cfacode}
134By the previous definition of the default constructor for @Array@, @x@ and @y@ are initialized to valid arrays of length 10 after their respective definitions.
135On line 2, @z@ is initialized with the value of @x@, while on line 3, @y@ is assigned the value of @x@.
136The key distinction between initialization and assignment is that a value to be initialized does not hold any meaningful values, whereas an object to be assigned might.
137In particular, these cases cannot be handled the same way because in the former case @z@ does not currently own an array, while @y@ does.
138
139\begin{cfacode}[emph={other}, emphstyle=\color{red}]
140void ?{}(Array * arr, Array other) {  // copy constructor
141  arr->len = other.len;               // initialization
142  arr->data = malloc(sizeof(int)*arr->len)
143  for (int i = 0; i < arr->len; ++i) {
144    arr->data[i] = other.data[i];     // copy from other object
145  }
146}
147Array ?=?(Array * arr, Array other) { // assignment
148  ^?{}(arr);                          // explicitly call destructor
149  ?{}(arr, other);                    // explicitly call constructor
150  return *arr;
151}
152\end{cfacode}
153The two functions above handle these cases.
154The first function is called a \emph{copy constructor}, because it constructs its argument by copying the values from another object of the same type.
155The second function is the standard copy-assignment operator.
156The four functions (default constructor, destructor, copy constructor, and assignment operator) are special in that they safely control the state of most objects.
157
158It is possible to define a constructor that takes any combination of parameters to provide additional initialization options.
159For example, a reasonable extension to the array type would be a constructor that allocates the array to a given initial capacity and initializes the elements of the array to a given @fill@ value.
160\begin{cfacode}
161void ?{}(Array * arr, int capacity, int fill) {
162  arr->len = capacity;
163  arr->data = malloc(sizeof(int)*arr->len);
164  for (int i = 0; i < arr->len; ++i) {
165    arr->data[i] = fill;
166  }
167}
168\end{cfacode}
169
170In \CFA, constructors are called implicitly in initialization contexts.
171\begin{cfacode}
172Array x, y = { 20, 0xdeadbeef }, z = y;
173\end{cfacode}
174Constructor calls look just like C initializers, which allows them to be inserted into legacy C code with minimal code changes, and also provides a very simple syntax that veteran C programmers are familiar with.
175One downside of reusing C initialization syntax is that it is not possible to determine whether an object is constructed just by looking at its declaration, since that requires knowledge of whether the type is managed at that point in the program.
176
177This example generates the following code
178\begin{cfacode}
179Array x;
180?{}(&x);                  // implicit default construct
181Array y;
182?{}(&y, 20, 0xdeadbeef);  // explicit fill construct
183Array z;
184?{}(&z, y);               // copy construct
185^?{}(&z);                 // implicit destruct
186^?{}(&y);                 // implicit destruct
187^?{}(&x);                 // implicit destruct
188\end{cfacode}
189Due to the way that constructor calls are interleaved, it is impossible for @y@ to be referenced before it is initialized, except in its own constructor.
190This loophole is minor and exists in \CC as well.
191Destructors are implicitly called in reverse declaration-order so that objects with dependencies are destructed before the objects they are dependent on.
192
193\subsection{Calling Syntax}
194\label{sub:syntax}
195There are several ways to construct an object in \CFA.
196As previously introduced, every variable is automatically constructed at its definition, which is the most natural way to construct an object.
197\begin{cfacode}
198struct A { ... };
199void ?{}(A *);
200void ?{}(A *, A);
201void ?{}(A *, int, int);
202
203A a1;             // default constructed
204A a2 = { 0, 0 };  // constructed with 2 ints
205A a3 = a1;        // copy constructed
206// implicitly destruct a3, a2, a1, in that order
207\end{cfacode}
208Since constructors and destructors are just functions, the second way is to call the function directly.
209\begin{cfacode}
210struct A { int a; };
211void ?{}(A *);
212void ?{}(A *, A);
213void ^?{}(A *);
214
215A x;               // implicitly default constructed: ?{}(&x)
216A * y = malloc();  // copy construct: ?{}(&y, malloc())
217
218?{}(&x);    // explicit construct x, second construction
219?{}(y, x);  // explit construct y from x, second construction
220^?{}(&x);   // explicit destroy x, in different order
221^?{}(y);    // explicit destroy y
222
223// implicit ^?{}(&y);
224// implicit ^?{}(&x);
225\end{cfacode}
226Calling a constructor or destructor directly is a flexible feature that allows complete control over the management of storage.
227In particular, constructors double as a placement syntax.
228\begin{cfacode}
229struct A { ... };
230struct memory_pool { ... };
231void ?{}(memory_pool *, size_t);
232
233memory_pool pool = { 1024 };  // create an arena of size 1024
234
235A * a = allocate(&pool);      // allocate from memory pool
236?{}(a);                       // construct an A in place
237
238for (int i = 0; i < 10; i++) {
239  // reuse storage rather than reallocating
240  ^?{}(a);
241  ?{}(a);
242  // use a ...
243}
244^?{}(a);
245deallocate(&pool, a);         // return to memory pool
246\end{cfacode}
247Finally, constructors and destructors support \emph{operator syntax}.
248Like other operators in \CFA, the function name mirrors the use-case, in that the question marks are placeholders for the first $N$ arguments.
249This syntactic form is similar to the new initialization syntax in \CCeleven, except that it is used in expression contexts, rather than declaration contexts.
250\begin{cfacode}
251struct A { ... };
252struct B { A a; };
253
254A x, y, * z = &x;
255(&x){}          // default construct
256(&x){ y }       // copy construct
257(&x){ 1, 2, 3 } // construct with 3 arguments
258z{ y };         // copy construct x through a pointer
259^(&x){}         // destruct
260
261void ?{}(B * b) {
262  (&b->a){ 11, 17, 13 };  // construct a member
263}
264\end{cfacode}
265Constructor operator syntax has relatively high precedence, requiring parentheses around an address-of expression.
266Destructor operator syntax is actually an statement, and requires parentheses for symmetry with constructor syntax.
267
268One of these three syntactic forms should appeal to either C or \CC programmers using \CFA.
269
270\subsection{Constructor Expressions}
271In \CFA, it is possible to use a constructor as an expression.
272Like other operators, the function name @?{}@ matches its operator syntax.
273For example, @(&x){}@ calls the default constructor on the variable @x@, and produces @&x@ as a result.
274A key example for this capability is the use of constructor expressions to initialize the result of a call to @malloc@.
275\begin{cfacode}
276struct X { ... };
277void ?{}(X *, double);
278X * x = malloc(){ 1.5 };
279\end{cfacode}
280In this example, @malloc@ dynamically allocates storage and initializes it using a constructor, all before assigning it into the variable @x@.
281If this extension is not present, constructing dynamically allocated objects is much more cumbersome, requiring separate initialization of the pointer and initialization of the pointed-to memory.
282\begin{cfacode}
283X * x = malloc();
284x{ 1.5 };
285\end{cfacode}
286Not only is this verbose, but it is also more error prone, since this form allows maintenance code to easily sneak in between the initialization of @x@ and the initialization of the memory that @x@ points to.
287This feature is implemented via a transformation producing the value of the first argument of the constructor, since constructors do not themselves have a return value.
288Since this transformation results in two instances of the subexpression, care is taken to allocate a temporary variable to hold the result of the subexpression in the case where the subexpression may contain side effects.
289The previous example generates the following code.
290\begin{cfacode}
291struct X *_tmp_ctor;
292struct X *x = ?{}(  // construct result of malloc
293  _tmp_ctor=malloc_T( // store result of malloc
294    sizeof(struct X),
295    _Alignof(struct X)
296  ),
297  1.5
298), _tmp_ctor; // produce constructed result of malloc
299\end{cfacode}
300It should be noted that this technique is not exclusive to @malloc@, and allows a user to write a custom allocator that can be idiomatically used in much the same way as a constructed @malloc@ call.
301
302It should be noted that while it is possible to use operator syntax with destructors, destructors invalidate their argument, thus operator syntax with destructors is a statement and does not produce a value.
303
304\subsection{Function Generation}
305In \CFA, every type is defined to have the core set of four special functions described previously.
306Having these functions exist for every type greatly simplifies the semantics of the language, since most operations can simply be defined directly in terms of function calls.
307In addition to simplifying the definition of the language, it also simplifies the analysis that the translator must perform.
308If the translator can expect these functions to exist, then it can unconditionally attempt to resolve them.
309Moreover, the existence of a standard interface allows polymorphic code to interoperate with new types seamlessly.
310
311To mimic the behaviour of standard C, the default constructor and destructor for all of the basic types and for all pointer types are defined to do nothing, while the copy constructor and assignment operator perform a bitwise copy of the source parameter (as in \CC).
312
313There are several options for user-defined types: structures, unions, and enumerations.
314To aid in ease of use, the standard set of four functions is automatically generated for a user-defined type after its definition is completed.
315By auto-generating these functions, it is ensured that legacy C code continues to work correctly in every context where \CFA expects these functions to exist, since they are generated for every complete type.
316
317The generated functions for enumerations are the simplest.
318Since enumerations in C are essentially just another integral type, the generated functions behave in the same way that the built-in functions for the basic types work.
319For example, given the enumeration
320\begin{cfacode}
321enum Colour {
322  R, G, B
323};
324\end{cfacode}
325The following functions are automatically generated.
326\begin{cfacode}
327void ?{}(enum Colour *_dst){
328  // default constructor does nothing
329}
330void ?{}(enum Colour *_dst, enum Colour _src){
331  *_dst=_src;  // bitwise copy
332}
333void ^?{}(enum Colour *_dst){
334  // destructor does nothing
335}
336enum Colour ?=?(enum Colour *_dst, enum Colour _src){
337  return *_dst=_src; // bitwise copy
338}
339\end{cfacode}
340In the future, \CFA will introduce strongly-typed enumerations, like those in \CC.
341The existing generated routines are sufficient to express this restriction, since they are currently set up to take in values of that enumeration type.
342Changes related to this feature only need to affect the expression resolution phase, where more strict rules will be applied to prevent implicit conversions from integral types to enumeration types, but should continue to permit conversions from enumeration types to @int@.
343In this way, it is still possible to add an @int@ to an enumeration, but the resulting value is an @int@, meaning it cannot be reassigned to an enumeration without a cast.
344
345For structures, the situation is more complicated.
346Given a structure @S@ with members @M$_0$@, @M$_1$@, ... @M$_{N-1}$@, each function @f@ in the standard set calls \lstinline{f(s->M$_i$, ...)} for each @$i$@.
347That is, a default constructor for @S@ default constructs the members of @S@, the copy constructor copy constructs them, and so on.
348For example, given the structure definition
349\begin{cfacode}
350struct A {
351  B b;
352  C c;
353}
354\end{cfacode}
355The following functions are implicitly generated.
356\begin{cfacode}
357void ?{}(A * this) {
358  ?{}(&this->b);  // default construct each field
359  ?{}(&this->c);
360}
361void ?{}(A * this, A other) {
362  ?{}(&this->b, other.b);  // copy construct each field
363  ?{}(&this->c, other.c);
364}
365A ?=?(A * this, A other) {
366  ?=?(&this->b, other.b);  // assign each field
367  ?=?(&this->c, other.c);
368}
369void ^?{}(A * this) {
370  ^?{}(&this->c);  // destruct each field
371  ^?{}(&this->b);
372}
373\end{cfacode}
374It is important to note that the destructors are called in reverse declaration order to prevent conflicts in the event there are dependencies among members.
375
376In addition to the standard set, a set of \emph{field constructors} is also generated for structures.
377The field constructors are constructors that consume a prefix of the structure's member-list.
378That is, $N$ constructors are built of the form @void ?{}(S *, T$_{\text{M}_0}$)@, @void ?{}(S *, T$_{\text{M}_0}$, T$_{\text{M}_1}$)@, ..., @void ?{}(S *, T$_{\text{M}_0}$, T$_{\text{M}_1}$, ..., T$_{\text{M}_{N-1}}$)@, where members are copy constructed if they have a corresponding positional argument and are default constructed otherwise.
379The addition of field constructors allows structures in \CFA to be used naturally in the same ways as used in C (\ie, to initialize any prefix of the structure), \eg, @A a0 = { b }, a1 = { b, c }@.
380Extending the previous example, the following constructors are implicitly generated for @A@.
381\begin{cfacode}
382void ?{}(A * this, B b) {
383  ?{}(&this->b, b);
384  ?{}(&this->c);
385}
386void ?{}(A * this, B b, C c) {
387  ?{}(&this->b, b);
388  ?{}(&this->c, c);
389}
390\end{cfacode}
391
392For unions, the default constructor and destructor do nothing, as it is not obvious which member, if any, should be constructed.
393For copy constructor and assignment operations, a bitwise @memcpy@ is applied.
394In standard C, a union can also be initialized using a value of the same type as its first member, and so a corresponding field constructor is generated to perform a bitwise @memcpy@ of the object.
395An alternative to this design is to always construct and destruct the first member of a union, to match with the C semantics of initializing the first member of the union.
396This approach ultimately feels subtle and unsafe.
397Another option is to, like \CC, disallow unions from containing members that are themselves managed types.
398This restriction is a reasonable approach from a safety standpoint, but is not very C-like.
399Since the primary purpose of a union is to provide low-level memory optimization, it is assumed that the user has a certain level of maturity.
400It is therefore the responsibility of the user to define the special functions explicitly if they are appropriate, since it is impossible to accurately predict the ways that a union is intended to be used at compile-time.
401
402For example, given the union
403\begin{cfacode}
404union X {
405  Y y;
406  Z z;
407};
408\end{cfacode}
409The following functions are automatically generated.
410\begin{cfacode}
411void ?{}(union X *_dst){  // default constructor
412}
413void ?{}(union X *_dst, union X _src){  // copy constructor
414  __builtin_memcpy(_dst, &_src, sizeof(union X ));
415}
416void ^?{}(union X *_dst){  // destructor
417}
418union X ?=?(union X *_dst, union X _src){  // assignment
419  __builtin_memcpy(_dst, &_src, sizeof(union X));
420  return _src;
421}
422void ?{}(union X *_dst, struct Y src){  // construct first field
423  __builtin_memcpy(_dst, &src, sizeof(struct Y));
424}
425\end{cfacode}
426
427% This feature works in the \CFA model, since constructors are simply special functions and can be called explicitly, unlike in \CC. % this sentence isn't really true => placement new
428In \CCeleven, unions may have managed members, with the caveat that if there are any members with a user-defined operation, then that operation is not implicitly defined, forcing the user to define the operation if necessary.
429This restriction could easily be added into \CFA once \emph{deleted} functions are added.
430
431\subsection{Using Constructors and Destructors}
432Implicitly generated constructor and destructor calls ignore the outermost type qualifiers, \eg @const@ and @volatile@, on a type by way of a cast on the first argument to the function.
433For example,
434\begin{cfacode}
435struct S { int i; };
436void ?{}(S *, int);
437void ?{}(S *, S);
438
439const S s = { 11 };
440volatile S s2 = s;
441\end{cfacode}
442Generates the following code
443\begin{cfacode}
444const struct S s;
445?{}((struct S *)&s, 11);
446volatile struct S s2;
447?{}((struct S *)&s2, s);
448\end{cfacode}
449Here, @&s@ and @&s2@ are cast to unqualified pointer types.
450This mechanism allows the same constructors and destructors to be used for qualified objects as for unqualified objects.
451This rule applies only to implicitly generated constructor calls.
452Hence, explicitly re-initializing qualified objects with a constructor requires an explicit cast.
453
454As discussed in Section \ref{sub:c_background}, compound literals create unnamed objects.
455This mechanism can continue to be used seamlessly in \CFA with managed types to create temporary objects.
456The object created by a compound literal is constructed using the provided brace-enclosed initializer-list, and is destructed at the end of the scope it is used in.
457For example,
458\begin{cfacode}
459struct A { int x; };
460void ?{}(A *, int, int);
461{
462  int x = (A){ 10, 20 }.x;
463}
464\end{cfacode}
465is equivalent to
466\begin{cfacode}
467struct A { int x, y; };
468void ?{}(A *, int, int);
469{
470  A _tmp;
471  ?{}(&_tmp, 10, 20);
472  int x = _tmp.x;
473  ^?{}(&tmp);
474}
475\end{cfacode}
476
477Unlike \CC, \CFA provides an escape hatch that allows a user to decide at an object's definition whether it should be managed or not.
478An object initialized with \ateq is guaranteed to be initialized like a C object, and has no implicit destructor call.
479This feature provides all of the freedom that C programmers are used to having to optimize a program, while maintaining safety as a sensible default.
480\begin{cfacode}
481struct A { int * x; };
482// RAII
483void ?{}(A * a) { a->x = malloc(sizeof(int)); }
484void ^?{}(A * a) { free(a->x); }
485
486A a1;           // managed
487A a2 @= { 0 };  // unmanaged
488\end{cfacode}
489In this example, @a1@ is a managed object, and thus is default constructed and destructed at the start/end of @a1@'s lifetime, while @a2@ is an unmanaged object and is not implicitly constructed or destructed.
490Instead, @a2->x@ is initialized to @0@ as if it were a C object, because of the explicit initializer.
491
492In addition to freedom, \ateq provides a simple path for migrating legacy C code to \CFA, in that objects can be moved from C-style initialization to \CFA gradually and individually.
493It is worth noting that the use of unmanaged objects can be tricky to get right, since there is no guarantee that the proper invariants are established on an unmanaged object.
494It is recommended that most objects be managed by sensible constructors and destructors, except where absolutely necessary.
495
496When a user declares any constructor or destructor, the corresponding intrinsic/generated function and all field constructors for that type are hidden, so that they are not found during expression resolution until the user-defined function goes out of scope.
497Furthermore, if the user declares any constructor, then the intrinsic/generated default constructor is also hidden, precluding default construction.
498These semantics closely mirror the rule for implicit declaration of constructors in \CC, wherein the default constructor is implicitly declared if there is no user-declared constructor \cite[p.~186]{ANSI98:C++}.
499\begin{cfacode}
500struct S { int x, y; };
501
502void f() {
503  S s0, s1 = { 0 }, s2 = { 0, 2 }, s3 = s2;  // okay
504  {
505    void ?{}(S * s, int i) { s->x = i*2; } // locally hide autogen ctors
506    S s4;  // error, no default constructor
507    S s5 = { 3 };  // okay, local constructor
508    S s6 = { 4, 5 };  // error, no field constructor
509    S s7 = s5; // okay
510  }
511  S s8, s9 = { 6 }, s10 = { 7, 8 }, s11 = s10;  // okay
512}
513\end{cfacode}
514In this example, the inner scope declares a constructor from @int@ to @S@, which hides the default constructor and field constructors until the end of the scope.
515
516When defining a constructor or destructor for a structure @S@, any members that are not explicitly constructed or destructed are implicitly constructed or destructed automatically.
517If an explicit call is present, then that call is taken in preference to any implicitly generated call.
518A consequence of this rule is that it is possible, unlike \CC, to precisely control the order of construction and destruction of sub-objects on a per-constructor basis, whereas in \CC sub-object initialization and destruction is always performed based on the declaration order.
519\begin{cfacode}
520struct A {
521  B w, x, y, z;
522};
523void ?{}(A * a, int i) {
524  (&a->x){ i };
525  (&a->z){ a->y };
526}
527\end{cfacode}
528Generates the following
529\begin{cfacode}
530void ?{}(A * a, int i) {
531  (&a->w){};   // implicit default ctor
532  (&a->y){};   // implicit default ctor
533  (&a->x){ i };
534  (&a->z){ a->y };
535}
536\end{cfacode}
537Finally, it is illegal for a sub-object to be explicitly constructed for the first time after it is used for the first time.
538If the translator cannot be reasonably sure that an object is constructed prior to its first use, but is constructed afterward, an error is emitted.
539More specifically, the translator searches the body of a constructor to ensure that every sub-object is initialized.
540\begin{cfacode}
541void ?{}(A * a, double x) {
542  f(a->x);
543  (&a->x){ (int)x }; // error, used uninitialized on previous line
544}
545\end{cfacode}
546However, if the translator sees a sub-object used within the body of a constructor, but does not see a constructor call that uses the sub-object as the target of a constructor, then the translator assumes the object is to be implicitly constructed (copy constructed in a copy constructor and default constructed in any other constructor).
547\begin{cfacode}
548void ?{}(A * a) {
549  // default constructs all members
550  f(a->x);
551}
552
553void ?{}(A * a, A other) {
554  // copy constructs all members
555  f(a->y);
556}
557
558void ^?{}(A * a) {
559  ^(&a->x){}; // explicit destructor call
560} // z, y, w implicitly destructed, in this order
561\end{cfacode}
562If at any point, the @this@ parameter is passed directly as the target of another constructor, then it is assumed that constructor handles the initialization of all of the object's members and no implicit constructor calls are added.
563To override this rule, \ateq can be used to force the translator to trust the programmer's discretion.
564This form of \ateq is not yet implemented.
565
566Despite great effort, some forms of C syntax do not work well with constructors in \CFA.
567In particular, constructor calls cannot contain designations (see \ref{sub:c_background}), since this is equivalent to allowing designations on the arguments to arbitrary function calls.
568\begin{cfacode}
569// all legal forward declarations in C
570void f(int, int, int);
571void f(int a, int b, int c);
572void f(int b, int c, int a);
573void f(int c, int a, int b);
574void f(int x, int y, int z);
575
576f(b:10, a:20, c:30);  // which parameter is which?
577\end{cfacode}
578In C, function prototypes are permitted to have arbitrary parameter names, including no names at all, which may have no connection to the actual names used at function definition.
579Furthermore, a function prototype can be repeated an arbitrary number of times, each time using different names.
580As a result, it was decided that any attempt to resolve designated function calls with C's function prototype rules would be brittle, and thus it is not sensible to allow designations in constructor calls.
581
582\begin{sloppypar}
583In addition, constructor calls do not support unnamed nesting.
584\begin{cfacode}
585struct B { int x; };
586struct C { int y; };
587struct A { B b; C c; };
588void ?{}(A *, B);
589void ?{}(A *, C);
590
591A a = {
592  { 10 },  // construct B? - invalid
593};
594\end{cfacode}
595In C, nesting initializers means that the programmer intends to initialize sub-objects with the nested initializers.
596The reason for this omission is to both simplify the mental model for using constructors, and to make initialization simpler for the expression resolver.
597If this were allowed, it would be necessary for the expression resolver to decide whether each argument to the constructor call could initialize to some argument in one of the available constructors, making the problem highly recursive and potentially much more expensive.
598That is, in the previous example the line marked as an error could mean construct using @?{}(A *, B)@ or with @?{}(A *, C)@, since the inner initializer @{ 10 }@ could be taken as an intermediate object of type @B@ or @C@.
599In practice, however, there could be many objects that can be constructed from a given @int@ (or, indeed, any arbitrary parameter list), and thus a complete solution to this problem would require fully exploring all possibilities.
600\end{sloppypar}
601
602More precisely, constructor calls cannot have a nesting depth greater than the number of array dimensions in the type of the initialized object, plus one.
603For example,
604\begin{cfacode}
605struct A;
606void ?{}(A *, int);
607void ?{}(A *, A, A);
608
609A a1[3] = { { 3 }, { 4 }, { 5 } };
610A a2[2][2] = {
611  { { 9 }, { 10 } },  // a2[0]
612  { {14 }, { 15 } }   // a2[1]
613};
614A a3[4] = { // 1 dimension => max depth 2
615  { { 11 }, { 12 } },  // error, three levels deep
616  { 80 }, { 90 }, { 100 }
617}
618\end{cfacode}
619The body of @A@ has been omitted, since only the constructor interfaces are important.
620
621It should be noted that unmanaged objects can still make use of designations and nested initializers in \CFA.
622It is simple to overcome this limitation for managed objects by making use of compound literals, so that the arguments to the constructor call are explicitly typed.
623
624\subsection{Implicit Destructors}
625\label{sub:implicit_dtor}
626Destructors are automatically called at the end of the block in which the object is declared.
627In addition to this, destructors are automatically called when statements manipulate control flow to leave a block in which the object is declared, \eg, with return, break, continue, and goto statements.
628The example below demonstrates a simple routine with multiple return statements.
629\begin{cfacode}
630struct A;
631void ^?{}(A *);
632
633void f(int i) {
634  A x;  // construct x
635  {
636    A y; // construct y
637    {
638      A z; // construct z
639      {
640        if (i == 0) return; // destruct x, y, z
641      }
642      if (i == 1) return; // destruct x, y, z
643    } // destruct z
644    if (i == 2) return; // destruct x, y
645  } // destruct y
646} // destruct x
647\end{cfacode}
648
649The next example illustrates the use of simple continue and break statements and the manner that they interact with implicit destructors.
650\begin{cfacode}
651for (int i = 0; i < 10; i++) {
652  A x;
653  if (i == 2) {
654    continue;  // destruct x
655  } else if (i == 3) {
656    break;     // destruct x
657  }
658} // destruct x
659\end{cfacode}
660Since a destructor call is automatically inserted at the end of the block, nothing special needs to happen to destruct @x@ in the case where control reaches the end of the loop.
661In the case where @i@ is @2@, the continue statement runs the loop update expression and attempts to begin the next iteration of the loop.
662Since continue is a C statement, which does not understand destructors, it is transformed into a @goto@ statement that branches to the end of the loop, just before the block's destructors, to ensure that @x@ is destructed.
663When @i@ is @3@, the break statement moves control to just past the end of the loop.
664Unlike the previous case, the destructor for @x@ cannot be reused, so a destructor call for @x@ is inserted just before the break statement.
665
666\CFA also supports labeled break and continue statements, which allow more precise manipulation of control flow.
667Labeled break and continue allow the programmer to specify which control structure to target by using a label attached to a control structure.
668\begin{cfacode}[emph={L1,L2}, emphstyle=\color{red}]
669L1: for (int i = 0; i < 10; i++) {
670  A x;
671  for (int j = 0; j < 10; j++) {
672    A y;
673    if (i == 1) {
674      continue L1; // destruct y
675    } else if (i == 2) {
676      break L1;    // destruct x,y
677    }
678  } // destruct y
679} // destruct X
680\end{cfacode}
681The statement @continue L1@ begins the next iteration of the outer for-loop.
682Since the semantics of continue require the loop update expression to execute, control branches to the end of the outer for loop, meaning that the block destructor for @x@ can be reused, and it is only necessary to generate the destructor for @y@.
683Break, on the other hand, requires jumping out of both loops, so the destructors for both @x@ and @y@ are generated and inserted before the @break L1@ statement.
684
685Finally, an example which demonstrates goto.
686Since goto is a general mechanism for jumping to different locations in the program, a more comprehensive approach is required.
687For each goto statement $G$ and each target label $L$, let $S_G$ be the set of all managed variables alive at $G$, and let $S_L$ be the set of all managed variables alive at $L$.
688If at any $G$, $S_L \setminus S_G = \emptyset$, then the translator emits an error, because control flow branches from a point where the object is not yet live to a point where it is live, skipping the object's constructor.
689Then, for every $G$, the destructors for each variable in the set $S_G \setminus S_L$ is inserted directly before $G$, which ensures each object that is currently live at $G$, but not at $L$, is destructed before control branches.
690\begin{cfacode}
691int i = 0;
692{
693  L0: ;     // S_L0 = { x }
694    A y;
695  L1: ;     // S_L1 = { x }
696    A x;
697  L2: ;     // S_L2 = { y, x }
698    if (i == 0) {
699      ++i;
700      goto L1;    // S_G = { y, x }
701      // S_G-S_L1 = { x } => destruct x
702    } else if (i == 1) {
703      ++i;
704      goto L2;    // S_G = { y, x }
705      // S_G-S_L2 = {} => destruct nothing
706    } else if (i == 2) {
707      ++i;
708      goto L3;    // S_G = { y, x }
709      // S_G-S_L3 = {}
710    } else if (false) {
711      ++i;
712      A z;
713      goto L3;    // S_G = { z, y, x }
714      // S_G-S_L3 = { z } => destruct z
715    } else {
716      ++i;
717      goto L4;    // S_G = { y, x }
718      // S_G-S_L4 = { y, x } => destruct y, x
719    }
720  L3: ;    // S_L3 = { y, x }
721    goto L2;      // S_G = { y, x }
722    // S_G-S_L2 = {}
723}
724L4: ;  // S_L4 = {}
725if (i == 4) {
726  goto L0;        // S_G = {}
727  // S_G-S_L0 = {}
728}
729\end{cfacode}
730All break and continue statements are implemented in \CFA in terms of goto statements, so the more constrained forms are precisely governed by these rules.
731
732The next example demonstrates the error case.
733\begin{cfacode}
734{
735    goto L1; // S_G = {}
736    // S_L1-S_G = { y } => error
737    A y;
738  L1: ; // S_L1 = { y }
739    A x;
740  L2: ; // S_L2 = { y, x }
741}
742goto L2; // S_G = {}
743// S_L2-S_G = { y, x } => error
744\end{cfacode}
745
746\subsection{Implicit Copy Construction}
747\label{s:implicit_copy_construction}
748When a function is called, the arguments supplied to the call are subject to implicit copy construction (and destruction of the generated temporary), and the return value is subject to destruction.
749When a value is returned from a function, the copy constructor is called to pass the value back to the call site.
750Exempt from these rules are intrinsic and built-in functions.
751It should be noted that unmanaged objects are subject to copy constructor calls when passed as arguments to a function or when returned from a function, since they are not the \emph{target} of the copy constructor call.
752That is, since the parameter is not marked as an unmanaged object using \ateq, it is be copy constructed if it is returned by value or passed as an argument to another function, so to guarantee consistent behaviour, unmanaged objects must be copy constructed when passed as arguments.
753These semantics are important to bear in mind when using unmanaged objects, and could produce unexpected results when mixed with objects that are explicitly constructed.
754\begin{cfacode}
755struct A;
756void ?{}(A *);
757void ?{}(A *, A);
758void ^?{}(A *);
759
760A identity(A x) { // pass by value => need local copy
761  return x;       // return by value => make call-site copy
762}
763
764A y, z @= {};
765identity(y);  // copy construct y into x
766identity(z);  // copy construct z into x
767\end{cfacode}
768Note that unmanaged argument @z@ is logically copy constructed into managed parameter @x@; however, the translator must copy construct into a temporary variable to be passed as an argument, which is also destructed after the call.
769A compiler could by-pass the argument temporaries since it is in control of the calling conventions and knows exactly where the called-function's parameters live.
770
771This generates the following
772\begin{cfacode}
773struct A f(struct A x){
774  struct A _retval_f;    // return value
775  ?{}((&_retval_f), x);  // copy construct return value
776  return _retval_f;
777}
778
779struct A y;
780?{}(&y);                 // default construct
781struct A z = { 0 };      // C default
782
783struct A _tmp_cp1;       // argument 1
784struct A _tmp_cp_ret0;   // return value
785_tmp_cp_ret0=f(
786  (?{}(&_tmp_cp1, y) , _tmp_cp1)  // argument is a comma expression
787), _tmp_cp_ret0;         // return value for cascading
788^?{}(&_tmp_cp_ret0);     // destruct return value
789^?{}(&_tmp_cp1);         // destruct argument 1
790
791struct A _tmp_cp2;       // argument 1
792struct A _tmp_cp_ret1;   // return value
793_tmp_cp_ret1=f(
794  (?{}(&_tmp_cp2, z), _tmp_cp2)  // argument is a common expression
795), _tmp_cp_ret1;         // return value for cascading
796^?{}(&_tmp_cp_ret1);     // destruct return value
797^?{}(&_tmp_cp2);         // destruct argument 1
798^?{}(&y);
799\end{cfacode}
800
801A special syntactic form, such as a variant of \ateq, can be implemented to specify at the call site that an argument should not be copy constructed, to regain some control for the C programmer.
802\begin{cfacode}
803identity(z@);  // do not copy construct argument
804               // - will copy construct/destruct return value
805A@ identity_nocopy(A @ x) {  // argument not copy constructed or destructed
806  return x;  // not copy constructed
807             // return type marked @ => not destructed
808}
809\end{cfacode}
810It should be noted that reference types will allow specifying that a value does not need to be copied, however reference types do not provide a means of preventing implicit copy construction from uses of the reference, so the problem is still present when passing or returning the reference by value.
811
812A known issue with this implementation is that the argument and return value temporaries are not guaranteed to have the same address for their entire lifetimes.
813In the previous example, since @_retval_f@ is allocated and constructed in @f@, then returned by value, the internal data is bitwise copied into the caller's stack frame.
814This approach works out most of the time, because typically destructors need to only access the fields of the object and recursively destroy.
815It is currently the case that constructors and destructors that use the @this@ pointer as a unique identifier to store data externally do not work correctly for return value objects.
816Thus, it is currently not safe to rely on an object's @this@ pointer to remain constant throughout execution of the program.
817\begin{cfacode}
818A * external_data[32];
819int ext_count;
820struct A;
821void ?{}(A * a) {
822  // ...
823  external_data[ext_count++] = a;
824}
825void ^?{}(A * a) {
826  for (int i = 0; i < ext_count) {
827    if (a == external_data[i]) { // may never be true
828      // ...
829    }
830  }
831}
832
833A makeA() {
834  A x;  // stores &x in external_data
835  return x;
836}
837makeA();  // return temporary has a different address than x
838// equivalent to:
839//   A _tmp;
840//   _tmp = makeA(), _tmp;
841//   ^?{}(&_tmp);
842\end{cfacode}
843In the above example, a global array of pointers is used to keep track of all of the allocated @A@ objects.
844Due to copying on return, the current object being destructed does not exist in the array if an @A@ object is ever returned by value from a function, such as in @makeA@.
845
846This problem could be solved in the translator by changing the function signatures so that the return value is moved into the parameter list.
847For example, the translator could restructure the code like so
848\begin{cfacode}
849void f(struct A x, struct A * _retval_f){
850  ?{}(_retval_f, x);  // construct directly into caller's stack frame
851}
852
853struct A y;
854?{}(&y);
855struct A z = { 0 };
856
857struct A _tmp_cp1;     // argument 1
858struct A _tmp_cp_ret0; // return value
859f((?{}(&_tmp_cp1, y) , _tmp_cp1), &_tmp_cp_ret0), _tmp_cp_ret0;
860^?{}(&_tmp_cp_ret0);   // return value
861^?{}(&_tmp_cp1);       // argument 1
862\end{cfacode}
863This transformation provides @f@ with the address of the return variable so that it can be constructed into directly.
864It is worth pointing out that this kind of signature rewriting already occurs in polymorphic functions that return by value, as discussed in \cite{Bilson03}.
865A key difference in this case is that every function would need to be rewritten like this, since types can switch between managed and unmanaged at different scope levels, \eg
866\begin{cfacode}
867struct A { int v; };
868A x; // unmanaged, since only trivial constructors are available
869{
870  void ?{}(A * a) { ... }
871  void ^?{}(A * a) { ... }
872  A y; // managed
873}
874A z; // unmanaged
875\end{cfacode}
876Hence there is not enough information to determine at function declaration whether a type is managed or not, and thus it is the case that all signatures have to be rewritten to account for possible copy constructor and destructor calls.
877Even with this change, it would still be possible to declare backwards compatible function prototypes with an @extern "C"@ block, which allows for the definition of C-compatible functions within \CFA code, however this would require actual changes to the way code inside of an @extern "C"@ function is generated as compared with normal code generation.
878Furthermore, it is not possible to overload C functions, so using @extern "C"@ to declare functions is of limited use.
879
880It would be possible to regain some control by adding an attribute to structures that specifies whether they can be managed or not (perhaps \emph{manageable} or \emph{unmanageable}), and to emit an error in the case that a constructor or destructor is declared for an unmanageable type.
881Ideally, structures should be manageable by default, since otherwise the default case becomes more verbose.
882This means that in general, function signatures would have to be rewritten, and in a select few cases the signatures would not be rewritten.
883\begin{cfacode}
884__attribute__((manageable)) struct A { ... };   // can declare ctors
885__attribute__((unmanageable)) struct B { ... }; // cannot declare ctors
886struct C { ... };                               // can declare ctors
887
888A f();  // rewritten void f(A *);
889B g();  // not rewritten
890C h();  // rewritten void h(C *);
891\end{cfacode}
892An alternative is to make the attribute \emph{identifiable}, which states that objects of this type use the @this@ parameter as an identity.
893This strikes more closely to the visible problem, in that only types marked as identifiable would need to have the return value moved into the parameter list, and every other type could remain the same.
894Furthermore, no restrictions would need to be placed on whether objects can be constructed.
895\begin{cfacode}
896__attribute__((identifiable)) struct A { ... };  // can declare ctors
897struct B { ... };                                // can declare ctors
898
899A f();  // rewritten void f(A *);
900B g();  // not rewritten
901\end{cfacode}
902
903Ultimately, both of these are patchwork solutions.
904Since a real compiler has full control over its calling conventions, it can seamlessly allow passing the return parameter without outwardly changing the signature of a routine.
905As such, it has been decided that this issue is not currently a priority and will be fixed when a full \CFA compiler is implemented.
906
907\section{Implementation}
908\subsection{Array Initialization}
909Arrays are a special case in the C type-system.
910C arrays do not carry around their size, making it impossible to write a standalone \CFA function that constructs or destructs an array while maintaining the standard interface for constructors and destructors.
911Instead, \CFA defines the initialization and destruction of an array recursively.
912That is, when an array is defined, each of its elements is constructed in order from element 0 up to element $n-1$.
913When an array is to be implicitly destructed, each of its elements is destructed in reverse order from element $n-1$ down to element 0.
914As in C, it is possible to explicitly provide different initializers for each element of the array through array initialization syntax.
915In this case, each of the initializers is taken in turn to construct a subsequent element of the array.
916If too many initializers are provided, only the initializers up to N are actually used.
917If too few initializers are provided, then the remaining elements are default constructed.
918
919For example, given the following code.
920\begin{cfacode}
921struct X {
922  int x, y, z;
923};
924void f() {
925  X x[10] = { { 1, 2, 3 }, { 4 }, { 7, 8 } };
926}
927\end{cfacode}
928The following code is generated for @f@.
929\begin{cfacode}
930void f(){
931  struct X x[((long unsigned int )10)];
932  // construct x
933  {
934    int _index0 = 0;
935    // construct with explicit initializers
936    {
937      if (_index0<10) ?{}(&x[_index0], 1, 2, 3);
938      ++_index0;
939      if (_index0<10) ?{}(&x[_index0], 4);
940      ++_index0;
941      if (_index0<10) ?{}(&x[_index0], 7, 8);
942      ++_index0;
943    }
944
945    // default construct remaining elements
946    for (;_index0<10;++_index0) {
947      ?{}(&x[_index0]);
948    }
949  }
950  // destruct x
951  {
952    int _index1 = 10-1;
953    for (;_index1>=0;--_index1) {
954      ^?{}(&x[_index1]);
955    }
956  }
957}
958\end{cfacode}
959Multidimensional arrays require more complexity.
960For example, a two dimensional array
961\begin{cfacode}
962void g() {
963  X x[10][10] = {
964    { { 1, 2, 3 }, { 4 } }, // x[0]
965    { { 7, 8 } }            // x[1]
966  };
967}\end{cfacode}
968Generates the following
969\begin{cfacode}
970void g(){
971  struct X x[10][10];
972  // construct x
973  {
974    int _index0 = 0;
975    for (;_index0<10;++_index0) {
976      {
977        int _index1 = 0;
978        // construct with explicit initializers
979        {
980          switch ( _index0 ) {
981            case 0:
982              // construct first array
983              if ( _index1<10 ) ?{}(&x[_index0][_index1], 1, 2, 3);
984              ++_index1;
985              if ( _index1<10 ) ?{}(&x[_index0][_index1], 4);
986              ++_index1;
987              break;
988            case 1:
989              // construct second array
990              if ( _index1<10 ) ?{}(&x[_index0][_index1], 7, 8);
991              ++_index1;
992              break;
993          }
994        }
995        // default construct remaining elements
996        for (;_index1<10;++_index1) {
997            ?{}(&x[_index0][_index1]);
998        }
999      }
1000    }
1001  }
1002  // destruct x
1003  {
1004    int _index2 = 10-1;
1005    for (;_index2>=0;--_index2) {
1006      {
1007        int _index3 = 10-1;
1008        for (;_index3>=0;--_index3) {
1009            ^?{}(&x[_index2][_index3]);
1010        }
1011      }
1012    }
1013  }
1014}
1015\end{cfacode}
1016% It is possible to generate slightly simpler code for the switch cases, since the value of @_index1@ is known at compile-time within each case, however the procedure for generating constructor calls is complicated.
1017% It is simple to remove the increment statements for @_index1@, but it is not simple to remove the
1018%% technically, it's not hard either. I could easily downcast and change the second argument to ?[?], but is it really necessary/worth it??
1019
1020\subsection{Global Initialization}
1021In standard C, global variables can only be initialized to compile-time constant expressions, which places strict limitations on the programmer's ability to control the default values of objects.
1022In \CFA, constructors and destructors are guaranteed to be run on global objects, allowing arbitrary code to be run before and after the execution of the main routine.
1023By default, objects within a translation unit are constructed in declaration order, and destructed in the reverse order.
1024The default order of construction of objects amongst translation units is unspecified.
1025It is, however, guaranteed that any global objects in the standard library are initialized prior to the initialization of any object in a user program.
1026
1027This feature is implemented in the \CFA translator by grouping every global constructor call into a function with the GCC attribute \emph{constructor}, which performs most of the heavy lifting \cite[6.31.1]{GCCExtensions}.
1028A similar function is generated with the \emph{destructor} attribute, which handles all global destructor calls.
1029At the time of writing, initialization routines in the library are specified with priority \emph{101}, which is the highest priority level that GCC allows, whereas initialization routines in the user's code are implicitly given the default priority level, which ensures they have a lower priority than any code with a specified priority level.
1030This mechanism allows arbitrarily complicated initialization to occur before any user code runs, making it possible for library designers to initialize their modules without requiring the user to call specific startup or tear-down routines.
1031
1032For example, given the following global declarations.
1033\begin{cfacode}
1034struct X {
1035  int y, z;
1036};
1037void ?{}(X *);
1038void ?{}(X *, int, int);
1039void ^?{}(X *);
1040
1041X a;
1042X b = { 10, 3 };
1043\end{cfacode}
1044The following code is generated.
1045\begin{cfacode}
1046__attribute__ ((constructor)) static void _init_global_ctor(void){
1047  ?{}(&a);
1048  ?{}(&b, 10, 3);
1049}
1050__attribute__ ((destructor)) static void _destroy_global_ctor(void){
1051  ^?{}(&b);
1052  ^?{}(&a);
1053}
1054\end{cfacode}
1055
1056%   https://gcc.gnu.org/onlinedocs/gcc/C_002b_002b-Attributes.html#C_002b_002b-Attributes
1057% suggestion: implement this in CFA by picking objects with a specified priority and pulling them into their own init functions (could even group them by priority level -> map<int, list<ObjectDecl*>>) and pull init_priority forward into constructor and destructor attributes with the same priority level
1058GCC provides an attribute @init_priority@ in \CC, which allows specifying the relative priority for initialization of global objects on a per-object basis.
1059A similar attribute can be implemented in \CFA by pulling marked objects into global constructor/destructor-attribute functions with the specified priority.
1060For example,
1061\begin{cfacode}
1062struct A { ... };
1063void ?{}(A *, int);
1064void ^?{}(A *);
1065__attribute__((init_priority(200))) A x = { 123 };
1066\end{cfacode}
1067would generate
1068\begin{cfacode}
1069A x;
1070__attribute__((constructor(200))) __init_x() {
1071  ?{}(&x, 123);  // construct x with priority 200
1072}
1073__attribute__((destructor(200))) __destroy_x() {
1074  ?{}(&x);       // destruct x with priority 200
1075}
1076\end{cfacode}
1077
1078\subsection{Static Local Variables}
1079In standard C, it is possible to mark variables that are local to a function with the @static@ storage class.
1080Unlike normal local variables, a @static@ local variable is defined to live for the entire duration of the program, so that each call to the function has access to the same variable with the same address and value as it had in the previous call to the function.
1081Much like global variables, @static@ variables can only be initialized to a \emph{compile-time constant value} so that a compiler is able to create storage for the variable and initialize it at compile-time.
1082
1083Yet again, this rule is too restrictive for a language with constructors and destructors.
1084Since the initializer expression is not necessarily a compile-time constant and can depend on the current execution state of the function, \CFA modifies the definition of a @static@ local variable so that objects are guaranteed to be live from the time control flow reaches their declaration, until the end of the program.
1085Since standard C does not allow access to a @static@ local variable before the first time control flow reaches the declaration, this change does not preclude any valid C code.
1086Local objects with @static@ storage class are only implicitly constructed and destructed once for the duration of the program.
1087The object is constructed when its declaration is reached for the first time.
1088The object is destructed once at the end of the program.
1089
1090Construction of @static@ local objects is implemented via an accompanying @static bool@ variable, which records whether the variable has already been constructed.
1091A conditional branch checks the value of the companion @bool@, and if the variable has not yet been constructed then the object is constructed.
1092The object's destructor is scheduled to be run when the program terminates using @atexit@ \footnote{When using the dynamic linker, it is possible to dynamically load and unload a shared library. Since glibc 2.2.3 \cite{atexit}, functions registered with @atexit@ within the shared library are called when unloading the shared library. As such, static local objects can be destructed using this mechanism even in shared libraries on Linux systems.}, and the companion @bool@'s value is set so that subsequent invocations of the function do not reconstruct the object.
1093Since the parameter to @atexit@ is a parameter-less function, some additional tweaking is required.
1094First, the @static@ variable must be hoisted up to global scope and uniquely renamed to prevent name clashes with other global objects.
1095If necessary, a local structure may need to be hoisted, as well.
1096Second, a function is built that calls the destructor for the newly hoisted variable.
1097Finally, the newly generated function is registered with @atexit@, instead of registering the destructor directly.
1098Since @atexit@ calls functions in the reverse order in which they are registered, @static@ local variables are guaranteed to be destructed in the reverse order that they are constructed, which may differ between multiple executions of the same program.
1099Extending the previous example
1100\begin{cfacode}
1101int f(int x) {
1102  static X a;
1103  static X b = { x, x };  // depends on parameter value
1104  static X c = b;         // depends on local variable
1105}
1106\end{cfacode}
1107Generates the following.
1108\begin{cfacode}
1109static struct X a_static_var0;
1110static void __a_dtor_atexit0(void){
1111  ((void)^?{}(((struct X *)(&a_static_var0))));
1112}
1113static struct X b_static_var1;
1114static void __b_dtor_atexit1(void){
1115  ((void)^?{}(((struct X *)(&b_static_var1))));
1116}
1117static struct X c_static_var2;
1118static void __c_dtor_atexit2(void){
1119  ((void)^?{}(((struct X *)(&c_static_var2))));
1120}
1121int f(int x){
1122  int _retval_f;
1123  __attribute__ ((unused)) static void *_dummy0;
1124  static _Bool __a_uninitialized = 1;
1125  if ( __a_uninitialized ) {
1126    ((void)?{}(((struct X *)(&a_static_var0))));
1127    ((void)(__a_uninitialized=0));
1128    ((void)atexit(__a_dtor_atexit0));
1129  }
1130
1131  __attribute__ ((unused)) static void *_dummy1;
1132  static _Bool __b_uninitialized = 1;
1133  if ( __b_uninitialized ) {
1134    ((void)?{}(((struct X *)(&b_static_var1)), x, x));
1135    ((void)(__b_uninitialized=0));
1136    ((void)atexit(__b_dtor_atexit1));
1137  }
1138
1139  __attribute__ ((unused)) static void *_dummy2;
1140  static _Bool __c_uninitialized = 1;
1141  if ( __c_uninitialized ) {
1142    ((void)?{}(((struct X *)(&c_static_var2)), b_static_var1));
1143    ((void)(__c_uninitialized=0));
1144    ((void)atexit(__c_dtor_atexit2));
1145  }
1146}
1147\end{cfacode}
1148
1149\subsection{Polymorphism}
1150As mentioned in section \ref{sub:polymorphism}, \CFA currently has 3 type-classes that are used to designate polymorphic data types: @otype@, @dtype@, and @ftype@.
1151In previous versions of \CFA, @otype@ was syntactic sugar for @dtype@ with known size/alignment information and an assignment function.
1152That is,
1153\begin{cfacode}
1154forall(otype T)
1155void f(T);
1156\end{cfacode}
1157was equivalent to
1158\begin{cfacode}
1159forall(dtype T | sized(T) | { T ?=?(T *, T); })
1160void f(T);
1161\end{cfacode}
1162This allows easily specifying constraints that are common to all complete object-types very simply.
1163
1164Now that \CFA has constructors and destructors, more of a complete object's behaviour can be specified than was previously possible.
1165As such, @otype@ has been augmented to include assertions for a default constructor, copy constructor, and destructor.
1166That is, the previous example is now equivalent to
1167\begin{cfacode}
1168forall(dtype T | sized(T) |
1169  { T ?=?(T *, T); void ?{}(T *); void ?{}(T *, T); void ^?{}(T *); })
1170void f(T);
1171\end{cfacode}
1172These additions allow @f@'s body to create and destroy objects of type @T@, and pass objects of type @T@ as arguments to other functions, following the normal \CFA rules.
1173A point of note here is that objects can be missing default constructors (and eventually other functions through deleted functions), so it is important for \CFA programmers to think carefully about the operations needed by their function, as to not over-constrain the acceptable parameter types and prevent potential reuse.
Note: See TracBrowser for help on using the repository browser.