source: doc/theses/andrew_beach_MMath/future.tex@ 58d471f

\chapter{Future Work}

\section{Language Improvements}
\CFA is a developing programming language. As such, there are partially or
unimplemented features of the language (including several broken components)
that I had to workaround while building an exception handling system largely in
the \CFA language (some C components).  The following are a few of these
issues, and once implemented/fixed, how this would affect the exception system.
\begin{itemize}
\item
The implementation of termination is not portable because it includes
hand-crafted assembly statements. These sections must be ported by hand to
support more hardware architectures, such as the ARM processor.
\item
Due to a type-system problem, the catch clause cannot bind the exception to a
reference instead of a pointer. Since \CFA has a very general reference
capability, programmers will want to use it. Once fixed, this capability should
result in little or no change in the exception system.
\item
Termination handlers cannot use local control-flow transfers, \eg by @break@,
@return@, \etc. The reason is that current code generation hoists a handler
into a nested function for convenience (versus assemble-code generation at the
@try@ statement). Hence, when the handler runs, its code is not in the lexical
scope of the @try@ statement, where the local control-flow transfers are
meaningful.
\item
There is no detection of colliding unwinds. It is possible for clean-up code
run during an unwind to trigger another unwind that escapes the clean-up code
itself; such as a termination exception caught further down the stack or a
cancellation. There do exist ways to handle this but currently they are not
even detected and the first unwind will simply be forgotten, often leaving
it in a bad state.
\item
Also the exception system did not have a lot of time to be tried and tested.
So just letting people use the exception system more will reveal new
quality of life upgrades that can be made with time.
\end{itemize}

\section{Complete Virtual System}
The virtual system should be completed. It was not supposed to be part of this
project, but was thrust upon it to do exception inheritance; hence, only
minimal work was done. A draft for a complete virtual system is available but
it is not finalized.  A future \CFA project is to complete that work and then
update the exception system that uses the current version.

There are several improvements to the virtual system that would improve the
exception traits. The most important one is an assertion to check one virtual
type is a child of another. This check precisely captures many of the
correctness requirements.

The full virtual system might also include other improvement like associated
types to allow traits to refer to types not listed in their header. This
feature allows exception traits to not refer to the virtual-table type
explicitly, removing the need for the current interface macros.

\section{Additional Raises}
Several other kinds of exception raises were considered beyond termination
(@throw@), resumption (@throwResume@), and reraise.

The first is a non-local/concurrent raise providing asynchronous exceptions,
\ie raising an exception on another stack. This semantics acts like signals
allowing for out-of-band communication among coroutines and threads. This kind
of raise is often restricted to resumption to allow the target stack to
continue execution normally after the exception has been handled. That is,
allowing one coroutine/thread to unwind the stack of another via termination is
bad software engineering.

Non-local/concurrent requires more coordination between the concurrency system
and the exception system. Many of the interesting design decisions centre
around masking (controlling which exceptions may be thrown at a stack). It
would likely require more of the virtual system and would also effect how
default handlers are set.

Other raises were considered to mimic bidirectional algebraic effects.
Algebraic effects are used in some functional languages allowing one function
to have another function on the stack resolve an effect (which is defined with
a functional-like interface).  This semantics can be mimicked with resumptions
and new raises were discussed to mimic bidirectional algebraic-effects, where
control can go back and forth between the function-effect caller and handler
while the effect is underway.
% resume-top & resume-reply
These raises would be like the resumption raise except using different search
patterns to find the handler.

\section{Checked Exceptions}
Checked exceptions make exceptions part of a function's type by adding the
exception signature. An exception signature must declare all checked
exceptions that could propogate from the function (either because they were
raised inside the function or came from a sub-function). This improves safety
by making sure every checked exception is either handled or consciously
passed on.

However checked exceptions were never seriously considered for this project
for two reasons. The first is due to time constraints, even copying an
existing checked exception system would be pushing the remaining time and
trying to address the second problem would take even longer. The second
problem is that checked exceptions have some real usability trade-offs in
exchange for the increased safety.

These trade-offs are most problematic when trying to pass exceptions through
higher-order functions from the functions the user passed into the
higher-order function. There are no well known solutions to this problem
that were statifactory for \CFA (which carries some of C's flexability
over safety design) so one would have to be researched and developed.

Follow-up work might add checked exceptions to \CFA, possibly using
polymorphic exception signatures, a form of tunneling\cite{Zhang19} or
checked and unchecked raises.

\section{Zero-Cost Try}
\CFA does not have zero-cost try-statements because the compiler generates C
code rather than assembler code (see \vpageref{p:zero-cost}). When the compiler
does create its own assembly (or LLVM byte-code), then zero-cost try-statements
are possible. The downside of zero-cost try-statements is the LSDA complexity,
its size (program bloat), and the high cost of raising an exception.

Alternatively, some research could be done into the simpler alternative method
with a non-zero-cost try-statement but much lower cost exception raise. For
example, programs are starting to use exception in the normal control path, so
more exceptions are thrown. In these cases, the cost balance switches towards
low-cost raise. Unfortunately, while exceptions remain exceptional, the
libunwind model will probably remain the most effective option.

Zero-cost resumptions is still an open problem. First, because libunwind does
not support a successful-exiting stack-search without doing an unwind.
Workarounds are possible but awkward. Ideally an extension to libunwind could
be made, but that would either require separate maintenance or gain enough
support to have it folded into the standard.

Also new techniques to skip previously searched parts of the stack need to be
developed to handle the recursive resume problem and support advanced algebraic
effects.

\section{Signal Exceptions}
Goodenough~\cite{Goodenough75} suggests three types of exceptions: escape,
notify and signal.  Escape are termination exceptions, notify are resumption
exceptions, leaving signal unimplemented.

A signal exception allows either behaviour, \ie after an exception is handled,
the handler has the option of returning to the raise or after the @try@
statement. Currently, \CFA fixes the semantics of the handler return
syntactically by the @catch@ or @catchResume@ clause.

Signal exception should be reexamined and possibly be supported in \CFA. A very
direct translation is to have a new raise and catch pair, and a new statement
(or statements) would indicate if the handler returns to the raise or continues
where it is; but there may be other options.

For instance, resumption could be extended to cover this use by allowing local
control flow out of it. This approach would require an unwind as part of the
transition as there are stack frames that have to be removed.  This approach
means there is no notify raise, but because \CFA does not have exception
signatures, a termination can be thrown from within any resumption handler so
there is already a way to do mimic this in existing \CFA.

% Maybe talk about the escape; and escape CONTROL_STMT; statements or how
% if we could choose if _Unwind_Resume proceeded to the clean-up stage this
% would be much easier to implement.