source: doc/theses/andrew_beach_MMath/future.tex @ 32b7f54

\chapter{Future Work}
\label{c:future}

The following discussion covers both missing language features that affected my
work and research based improvements.

\section{Language Improvements}

\CFA is a developing programming language. As such, there are partially or
unimplemented features (including several broken components)
that I had to workaround while building an EHM largely in
the \CFA language (some C components).  The following are a few of these
issues, and once implemented/fixed, how they would affect the exception system.
\begin{itemize}
\item
The implementation of termination is not portable because it includes
hand-crafted assembly statements for each architecture, where the
ARM processor was just added.
% The existing compilers cannot translate that for other platforms and those
% sections must be ported by hand to
Supporting more hardware architectures in a general way is important.
\item
Due to a type-system problem, the catch clause cannot bind the exception to a
reference instead of a pointer. Since \CFA has a very general reference
capability, programmers will want to use it. Once fixed, this capability should
result in little or no change in the exception system but simplify usage.
\item
Termination handlers cannot use local control-flow transfers, \eg by @break@,
@return@, \etc. The reason is that current code generation hoists a handler
into a nested function for convenience (versus assemble-code generation at the
@try@ statement). Hence, when the handler runs, its can access local variable
in the lexical scope of the @try@ statement, but the closure does not capture
local control-flow points so it cannot perform non-local transfers in the
hoisted function.
\item
There is no detection of colliding unwinds. It is possible for clean-up code
run during an unwind to trigger another unwind that escapes the clean-up code
itself; such as a termination exception caught further down the stack or a
cancellation. There do exist ways to handle this case, but currently there is no
detection and the first unwind is simply forgotten, often leaving
it in a bad state.
\item
Finally, the exception system has not have a lot programmer testing.
More time with encouraged usage will reveal new
quality of life upgrades that can be made.
\end{itemize}

\section{Complete Virtual System}
The virtual system should be completed. It was not supposed to be part of this
project, but was thrust upon it to do exception inheritance; hence, only
minimal work is done. A draft for a complete virtual system is available but
not finalized.  A future \CFA project is to complete that work and then
update the exception system that uses the current version.

There are several improvements to the virtual system that would improve the
exception traits. The most important one is an assertion to check one virtual
type is a child of another. This check precisely captures many of the
current ad-hoc correctness requirements.

The full virtual system might also include other improvement like associated
types to allow traits to refer to types not listed in their header. This
feature allows exception traits to not refer to the virtual-table type
explicitly. %, removing the need for the current interface macros.

\section{Additional Raises}
Several other kinds of exception raises were considered beyond termination
(@throw@), resumption (@throwResume@), and reraise.

The first is a non-local/concurrent raise providing asynchronous exceptions,
\ie raising an exception on another stack. This semantics acts like signals
allowing for out-of-band communication among coroutines and threads. This kind
of raise is often restricted to resumption to allow the target stack to
continue execution normally after the exception has been handled. That is,
allowing one coroutine/thread to unwind the stack of another via termination is
bad software engineering.

Non-local/concurrent raise requires more
coordination between the concurrency system
and the exception system. Many of the interesting design decisions centre
around masking, \ie controlling which exceptions may be thrown at a stack. It
would likely require more of the virtual system and would also effect how
default handlers are set.

Other raises were considered to mimic bidirectional algebraic effects.
Algebraic effects are used in some functional languages allowing one function
to have another function on the stack resolve an effect (which is defined with
a functional-like interface).  This semantics can be mimicked with resumptions
and new raises were discussed to mimic bidirectional algebraic-effects, where
control can go back and forth between the function-effect caller and handler
while the effect is underway.
% resume-top & resume-reply
These raises would be like the resumption raise except using different search
patterns to find the handler.

\section{Checked Exceptions}
Checked exceptions make exceptions part of a function's type by adding an
exception signature. An exception signature must declare all checked
exceptions that could propagate from the function, either because they were
raised inside the function or a call to a sub-function. This improves safety
by making sure every checked exception is either handled or consciously
passed on.

However checked exceptions were never seriously considered for this project
because they have significant trade-offs in usability and code reuse in
exchange for the increased safety.
These trade-offs are most problematic when trying to pass exceptions through
higher-order functions from the functions the user passed into the
higher-order function. There are no well known solutions to this problem
that were satisfactory for \CFA (which carries some of C's flexibility
over safety design) so additional research is needed.

Follow-up work might add some form of checked exceptions to \CFA,
possibly using polymorphic exception signatures,
a form of tunneling\cite{Zhang19} or
checked and unchecked raises.

\section{Zero-Cost Try}
\CFA does not have zero-cost try-statements because the compiler generates C
code rather than assembler code (see \vpageref{p:zero-cost}). When the compiler
does create its own assembly (or LLVM byte-code), then zero-cost try-statements
are possible. The downside of zero-cost try-statements is the LSDA complexity,
its size (program bloat), and the high cost of raising an exception.

Alternatively, some research could be done into the simpler alternative method
with a non-zero-cost try-statement but much lower cost exception raise. For
example, programs are starting to use exception in the normal control path, so
more exceptions are thrown. In these cases, the cost balance switches towards
low-cost raise. Unfortunately, while exceptions remain exceptional, the
libunwind model will probably remain the most effective option.

Zero-cost resumptions is still an open problem. First, because libunwind does
not support a successful-exiting stack-search without doing an unwind.
Workarounds are possible but awkward. Ideally an extension to libunwind could
be made, but that would either require separate maintenance or gaining enough
support to have it folded into the code base.

Also new techniques to skip previously searched parts of the stack need to be
developed to handle the recursive resume problem and support advanced algebraic
effects.

\section{Signal Exceptions}
Goodenough~\cite{Goodenough75} suggests three types of exceptions: escape,
notify and signal.  Escape are termination exceptions, notify are resumption
exceptions, leaving signal unimplemented.

A signal exception allows either behaviour, \ie after an exception is handled,
the handler has the option of returning to the raise or after the @try@
statement. Currently, \CFA fixes the semantics of the handler return
syntactically by the @catch@ or @catchResume@ clause.

Signal exception should be reexamined and possibly be supported in \CFA. A very
direct translation is to have a new raise and catch pair, and a new statement
(or statements) would indicate if the handler returns to the raise or continues
where it is; but there may be other options.

For instance, resumption could be extended to cover this use by allowing local
control flow out of it. This approach would require an unwind as part of the
transition as there are stack frames that have to be removed between where
the resumption handler is installed and where it is defined.
This approach would not require, but might benefit from, a special statement
to leave the handler.
Currently, mimicking this behaviour in \CFA is possible by throwing a
termination exception inside a resumption handler.

% Maybe talk about the escape; and escape CONTROL_STMT; statements or how
% if we could choose if _Unwind_Resume proceeded to the clean-up stage this
% would be much easier to implement.