source: doc/theses/fangren_yu_MMath/intro.tex@ bbbff10

\chapter{Introduction}

This thesis is exploratory work I did to understand, fix, and extend the \CFA type-system, specifically, the \newterm{type-resolver} used to satisfy call-site assertions among overloaded variable and function names to allow polymorphic routine calls.
Assertions are the operations a function uses within its body to perform its computation.
For example, a polymorphic function summing an array needs a size, zero, assignment, and plus for the array element-type, and a subscript operation for the array type.
\begin{cfa}
T sum( T a[$\,$], size_t size ) {
        @T@ total = { @0@ };  $\C[1.75in]{// size, 0 for type T}$
        for ( size_t i = 0; i < size; i += 1 )
                total @+=@ a@[@i@]@; $\C{// + and subscript for T}\CRT$
        return total;
}
\end{cfa}
In certain cases, if the resolver fails to find an exact assertion match, it attempts to find a \emph{best} match using reasonable type conversions.
Hence, \CFA follows the current trend of replacing nominal inheritance with traits composed of assertions for type matching.
The over-arching goal is to push the boundary on localized assertion matching, with advanced overloading resolution and type conversions that match programmer expectations in the C programming language.
Together, the resulting \CFA type-system has a number of unique features making it different from other programming languages with expressive, static, type-systems.


\section{Types}

All computers have multiple types because computer architects optimize the hardware around a few basic types with well defined (mathematical) operations: boolean, integral, floating-point, and occasionally strings.
A programming language and its compiler present ways to declare types that ultimately map into the ones provided by the underlying hardware.
These language types are thrust upon programmers with their syntactic/semantic rules and restrictions.
These rules are then used to transform a language expression to a hardware expression.
Modern programming-languages allow user-defined types and generalize across multiple types using polymorphism.
Type systems can be static, where each variable has a fixed type during execution and an expression's type is determined once at compile time, or dynamic, where each variable can change type during execution and so an expression's type is reconstructed on each evaluation.
Expressibility, generalization, and safety are all bound up in a language's type system, and hence, directly affect the capability, build time, and correctness of program development.


\section{Overloading}

\begin{quote}
There are only two hard things in Computer Science: cache invalidation and \emph{naming things}. --- Phil Karlton
\end{quote}
Overloading allows programmers to use the most meaningful names without fear of name clashes within a program or from external sources, like include files.
Experience from \CC and \CFA developers is that the type system implicitly and correctly disambiguates the majority of overloaded names, \ie it is rare to get an incorrect selection or ambiguity, even among hundreds of overloaded (variables and) functions.
In many cases, a programmer has no idea there are name clashes, as they are silently resolved, simplifying the development process.
Depending on the language, any ambiguous cases are resolved explicitly using some form of qualification and/or cast.


\subsection{Operator Overloading}

Virtually all programming languages overload the arithmetic operators across the basic computational types using the number and type of parameters and returns.
Like \CC, \CFA maps operators to named functions and allows these operators to be overloaded with user-defined types.
The syntax for operator names uses the @'?'@ character to denote a parameter, \eg left and right unary operators: @?++@ and @++?@, and binary operators @?+?@ and @?<=?@.
Here, a user-defined type is extended with an addition operation with the same syntax as a builtin type.
\begin{cfa}
struct S { int i, j };
S @?+?@( S op1, S op2 ) { return (S){ op1.i + op2.i, op1.j + op2.j }; }
S s1, s2;
s1 = s1 @+@ s2;                 $\C[1.75in]{// infix call}$
s1 = @?+?@( s1, s2 );   $\C{// direct call}\CRT$
\end{cfa}
The type system examines each call site and selects the best matching overloaded function based on the number and types of arguments.
If there are mixed-mode operands, @2 + 3.5@, the type system attempts (safe) conversions, like in C/\CC, converting the argument type(s) to the parameter type(s).
Conversions are necessary because the hardware rarely supports mix-mode operations, so both operands must be converted to a common type.
Like overloading, the majority of mixed-mode conversions are silently resolved, simplifying the development process.
Without implicit conversions, programmers must write an exponential number of functions covering all possible exact-match cases among all possible types.
This approach does not match with programmer intuition and expectation, regardless of any \emph{safety} issues resulting from converted values.
Depending on the language, mix-mode conversions can be explicitly controlled using some form of cast.


\subsection{Function Overloading}

Both \CFA and \CC allow function names to be overloaded, as long as their prototypes differ in the number and type of parameters and returns.
\begin{cfa}
void f( void );                 $\C[2in]{// (1): no parameter}$
void f( char );                 $\C{// (2): overloaded on the number and parameter type}$
void f( int, int );             $\C{// (3): overloaded on the number and parameter type}$
f( 'A' );                               $\C{// select (2)}\CRT$
\end{cfa}
In this case, the name @f@ is overloaded depending on the number and parameter types.
The type system examines each call size and selects the best match based on the number and types of the arguments.
Here, there is a perfect match for the call, @f( 'A' )@ with the number and parameter type of function (2).

Ada, Scala, and \CFA type-systems also use the return type in resolving a call, to pinpoint the best overloaded name.
For example, in many programming languages with overloading, the following functions are ambiguous without using the return type.
\begin{cfa}
int f( int );                   $\C[2in]{// (1); overloaded on return type and parameter}$
double f( int );                $\C{// (2); overloaded on return type and parameter}$
int i = f( 3 );                 $\C{// select (1)}$
double d = f( 3 );              $\C{// select (2)}\CRT$
\end{cfa}
Alternatively, if the type system uses the return type, there is an exact match for each call, which again matches with programmer intuition and expectation.
This capability can be taken to the extreme, where the only differentiating factor is the return type.
\begin{cfa}
int random( void );             $\C[2in]{// (1); overloaded on return type}$
double random( void );  $\C{// (2); overloaded on return type}$
int i = random();               $\C{// select (1)}$
double d = random();    $\C{// select (2)}\CRT$
\end{cfa}
Again, there is an exact match for each call.
As for operator overloading, if there is no exact match, a set of minimal, an implicit conversion can be added to find a best match.
\begin{cfa}
short int = random();   $\C[2in]{// select (1), unsafe}$
long double = random(); $\C{// select (2), safe}\CRT$
\end{cfa}


\subsection{Variable Overloading}

Unlike most programming languages, \CFA has variable overloading within a scope, along with shadow overloading in nested scopes.
Shadow overloading is also possible for functions, in languages supporting nested-function declarations, \eg \CC named, nested, lambda functions.
\begin{cfa}
void foo( double d );
int v;                              $\C[2in]{// (1)}$
double v;                               $\C{// (2) variable overloading}$
foo( v );                               $\C{// select (2)}$
{
        int v;                          $\C{// (3) shadow overloading}$
        double v;                       $\C{// (4) and variable overloading}$
        foo( v );                       $\C{// select (4)}\CRT$
}
\end{cfa}
It is interesting that shadow overloading is considered a normal programming-language feature with only slight software-engineering problems.
However, variable overloading within a scope is considered extremely dangerous, without any evidence to corroborate this claim.
In contrast, function overloading in \CC occurs silently within the global scope from @#include@ files all the time without problems.

In \CFA, the type system simply treats an overloaded variable as an overloaded function returning a value with no parameters.
Hence, no effort is required to support this feature as it is available for differentiating among overloaded functions with no parameters.
\begin{cfa}
int MAX = 2147483647;   $\C[2in]{// (1); overloaded on return type}$
long int MAX = ...;             $\C{// (2); overloaded on return type}$
double MAX = ...;               $\C{// (3); overloaded on return type}$
int i = MAX;                    $\C{// select (1)}$
long int i = MAX;               $\C{// select (2)}$
double d = MAX;                 $\C{// select (3)}\CRT$
\end{cfa}
Hence, the name @MAX@ can replace all the C type-specific names, \eg @INT_MAX@, @LONG_MAX@, @DBL_MAX@, \etc.
The result is a significant reduction in names to access typed constants.

As an aside, C has a separate namespace for types and variables allowing overloading between the namespaces, using @struct@ (qualification) to disambiguate.
\begin{cfa}
void S() {
        struct @S@ { int S; };
        @struct S@ S;
        void S( @struct S@ S ) { S.S = 1; };
}
\end{cfa}
Here the name @S@ is an aggregate type and field, and a variable and parameter of type @S@.


\subsection{Constant Overloading}

\CFA is unique in providing restricted constant overloading for the values @0@ and @1@, which have special status in C.
For example, the value @0@ is both an integer and a pointer literal, so its meaning depends on context.
In addition, several operations are defined in terms of values @0@ and @1@.
For example, @if@ and iteration statements in C compare the condition with @0@, and the increment and decrement operators are semantically equivalent to adding or subtracting the value @1@.
\begin{cfa}
if ( x ) ++x;        =>    if ( x @!= 0@ ) x @+= 1@;
for ( ; x; --x )   =>    for ( ; x @!= 0@; x @-= 1@ )
\end{cfa}
To generalize this feature, both constants are given types @zero_t@ and @one_t@ in \CFA, which allows overloading various operations for new types that seamlessly work within the special @0@ and @1@ contexts.
The types @zero_t@ and @one_t@ have special builtin implicit conversions to the various integral types, and a conversion to pointer types for @0@, which allows standard C code involving @0@ and @1@ to work.
\begin{cfa}
struct S { int i, j; };
void ?{}( S & s, zero_t ) { s.[i,j] = 0; } $\C{// constant constructors}$
void ?{}( S & s, one_t ) { s.[i,j] = 1; }
S ?=?( S & dst, zero_t ) { dst.[i,j] = 0; return dst; } $\C{// constant assignments}$
S ?=?( S & dst, one_t ) { dst.[i,j] = 1; return dst; }
S ?+=?( S & s, one_t ) { s.[i,j] += 1; return s; } $\C{// increment/decrement each field}$
S ?-=?( S & s, one_t ) { s.[i,j] -= 1; return s; }
int ?!=?( S s, zero_t ) { return s.i != 0 && s.j != 0; } $\C{// constant comparison}$
S s = @0@;                      $\C{// initialization}$
s = @0@;                        $\C{// assignments}$
s = @1@;
if ( @s@ ) @++s@;       $\C{// unary ++/-\,- come implicitly from +=/-=}$
\end{cfa}
Here, type @S@ is first-class with respect to the basic types, working with all existing implicit C mechanisms.


\section{Type Inferencing}
\label{s:IntoTypeInferencing}

Every variable has a type, but association between them can occur in different ways:
at the point where the variable comes into existence (declaration) and/or on each assignment to the variable.
\begin{cfa}
double x;                               $\C{// type only}$
float y = 3.1D;                 $\C{// type and initialization}$
auto z = y;                             $\C{// initialization only}$
z = "abc";                              $\C{// assignment}$
\end{cfa}
For type-only, the programmer specifies the initial type, which remains fixed for the variable's lifetime in statically typed languages.
For type-and-initialization, the specified and initialization types may not agree requiring an implicit/explicit conversion.
For initialization-only, the compiler may select the type by melding programmer and context information.
When the compiler participates in type selection, it is called \newterm{type inferencing}.
Note, type inferencing is different from type conversion: type inferencing \emph{discovers} a variable's type before setting its value, whereas conversion has two typed variables and performs a (possibly lossy) value conversion from one type to the other.
Finally, for assignment, the current variable and expression types may not agree.
Discovering a variable or function type is complex and has limitations.
The following covers these issues, and why this scheme is not amenable with the \CFA type system.

One of the first and powerful type-inferencing system is Hindley--Milner~\cite{Damas82}.
Here, the type resolver starts with the types of the program constants used for initialization and these constant types flow throughout the program, setting all variable and expression types.
\begin{cfa}
auto f() {
        x = 1;   y = 3.5;       $\C{// set types from constants}$
        x = // expression involving x, y and other local initialized variables
        y = // expression involving x, y and other local initialized variables
        return x, y;
}
auto w = f();                   $\C{// typing flows outwards}$

void f( auto x, auto y ) {
        x = // expression involving x, y and other local initialized variables
        y = // expression involving x, y and other local initialized variables
}
s = 1;   t = 3.5;               $\C{// set types from constants}$
f( s, t );                              $\C{// typing flows inwards}$
\end{cfa}
In both overloads of @f@, the type system works from the constant initializations inwards and/or outwards to determine the types of all variables and functions.
Like template meta-programming, there can be a new function generated for the second @f@ depending on the types of the arguments, assuming these types are meaningful in the body of @f@.
Inferring type constraints, by analysing the body of @f@ is possible, and these constraints must be satisfied at each call site by the argument types;
in this case, parametric polymorphism can allow separate compilation.
In languages with type inferencing, there is often limited overloading to reduce the search space, which introduces the naming problem.
Note, return-type inferencing goes in the opposite direction to Hindley--Milner: knowing the type of the result and flowing back through an expression to help select the best possible overloads, and possibly converting the constants for a best match.

In simpler type-inferencing systems, such as C/\CC/\CFA, there are more specific usages.
\begin{cquote}
\setlength{\tabcolsep}{10pt}
\begin{tabular}{@{}lll@{}}
\multicolumn{1}{c}{\textbf{gcc / \CFA}} & \multicolumn{1}{c}{\textbf{\CC}} \\
\begin{cfa}
#define expr 3.0 * i
typeof(expr) x = expr;
int y;
typeof(y) z = y;
\end{cfa}
&
\begin{cfa}

auto x = 3.0 * i;
int y;
auto z = y;
\end{cfa}
&
\begin{cfa}

// use type of initialization expression

// use type of initialization expression
\end{cfa}
\end{tabular}
\end{cquote}
The two important capabilities are:
\begin{itemize}[topsep=0pt]
\item
Not determining or writing long generic types, \eg, given deeply nested generic types.
\begin{cfa}
typedef T1(int).T2(float).T3(char).T @ST@;  $\C{// \CFA nested type declaration}$
@ST@ x, y, x;
\end{cfa}
This issue is exaggerated with \CC templates, where type names are 100s of characters long, resulting in unreadable error messages.
\item
Ensuring the type of secondary variables, match a primary variable.
\begin{cfa}
int x; $\C{// primary variable}$
typeof(x) y, z, w; $\C{// secondary variables match x's type}$
\end{cfa}
If the type of @x@ changes, the type of the secondary variables correspondingly updates.
There can be strong software-engineering reasons for binding the types of these variables.
\end{itemize}
Note, the use of @typeof@ is more restrictive, and possibly safer, than general type-inferencing.
\begin{cfa}
int x;
type(x) y = ... // complex expression
type(x) z = ... // complex expression
\end{cfa}
Here, the types of @y@ and @z@ are fixed (branded), whereas with type inferencing, the types of @y@ and @z@ are potentially unknown.


\subsection{Type-Inferencing Issues}

Each kind of type-inferencing system has its own set of issues that flow onto the programmer in the form of convenience, restrictions, or confusions.

A convenience is having the compiler use its overarching program knowledge to select the best type for each variable based on some notion of \emph{best}, which simplifies the programming experience.

A restriction is the conundrum in type inferencing of when to \emph{brand} a type.
That is, when is the type of the variable/function more important than the type of its initialization expression(s).
For example, if a change is made in an initialization expression, it can cascade type changes producing many other changes and/or errors.
At some point, a variable's type needs to remain constant and the initializing expression needs to be modified or be in error when it changes.
Often type-inferencing systems allow restricting (\newterm{branding}) a variable or function type, so the complier can report a mismatch with the constant initialization.
\begin{cfa}
void f( @int@ x, @int@ y ) {  // brand function prototype
        x = // expression involving x, y and other local initialized variables
        y = // expression involving x, y and other local initialized variables
}
s = 1;   t = 3.5;
f( s, @t@ ); // type mismatch
\end{cfa}
In Haskell, it is common for programmers to brand (type) function parameters.

A confusion is blocks of code where all declarations are @auto@, as is now common in \CC.
As a result, understanding and changing the code becomes almost impossible.
Types provide important clues as to the behaviour of the code, and correspondingly to correctly change or add new code.
In these cases, a programmer is forced to re-engineer types, which is fragile, or rely on a fancy IDE that can re-engineer types for them.
For example, given:
\begin{cfa}
auto x = @...@
\end{cfa}
and the need to write a routine to compute using @x@
\begin{cfa}
void rtn( @type of x@ parm );
rtn( x );
\end{cfa}
A programmer must re-engineer the type of @x@'s initialization expression, reconstructing the possibly long generic type-name.
In this situation, having the type name or its short alias is essential.

\CFA's type system tries to prevent type-resolution mistakes by relying heavily on the type of the left-hand side of assignment to pinpoint the right types within an expression.
Type inferencing defeats this goal because there is no left-hand type.
Fundamentally, type inferencing tries to magic away variable types from the programmer.
However, this results in lazy programming with the potential for poor performance and safety concerns.
Types are as important as control-flow in writing a good program, and should not be masked, even if it requires the programmer to think!
A similar issue is garbage collection, where storage management is magicked away, often resulting in poor program design and performance.\footnote{
There are full-time Java consultants, who are hired to find memory-management problems in large Java programs.}
The entire area of Computer-Science data-structures is obsessed with time and space, and that obsession should continue into regular programming.
Understanding space and time issues is an essential part of the programming craft.
Given @typedef@ and @typeof@ in \CFA, and the strong desire to use the left-hand type in resolution, the decision was made not to support implicit type-inferencing in the type system.
Should a significant need arise, this decision can be revisited.


\section{Polymorphism}

\CFA provides polymorphic functions and types, where a polymorphic function can constrain types using assertions based on traits.


\subsection{Polymorphic Function}

The signature feature of the \CFA type-system is parametric-polymorphic functions~\cite{forceone:impl,Cormack90,Duggan96}, generalized using a @forall@ clause (giving the language its name).
\begin{cfa}
@forall( T )@ T identity( T val ) { return val; }
int forty_two = identity( 42 );         $\C{// T is bound to int, forty\_two == 42}$
\end{cfa}
This @identity@ function can be applied to an \newterm{object type}, \ie a type with a known size and alignment, which is sufficient to stack allocate, default or copy initialize, assign, and delete.
The \CFA implementation passes the size and alignment for each type parameter, as well as auto-generated default and copy constructors, assignment operator, and destructor.
For an incomplete \newterm{data type}, \eg pointer/reference types, this information is not needed.
\begin{cfa}
forall( T * ) T * identity( T * val ) { return val; }
int i, * ip = identity( &i );
\end{cfa}
Unlike \CC template functions, \CFA polymorphic functions are compatible with C \emph{separate compilation}, preventing compilation and code bloat.

To constrain polymorphic types, \CFA uses \newterm{type assertions}~\cite[pp.~37-44]{Alphard} to provide further type information, where type assertions may be variable or function declarations that depend on a polymorphic type variable.
Here, the function @twice@ works for any type @T@ with a matching addition operator.
\begin{cfa}
forall( T @| { T ?+?(T, T); }@ ) T twice( T x ) { return x @+@ x; }
int val = twice( twice( 3 ) );  $\C{// val == 12}$
\end{cfa}
Parametric polymorphism and assertions occur in existing type-unsafe (@void *@) C functions, like @qsort@ for sorting an array of unknown values.
\begin{cfa}
void qsort( void * base, size_t nmemb, size_t size, int (*cmp)( const void *, const void * ) );
\end{cfa}
Here, the polymorphism is type-erasure, and the parametric assertion is the comparison routine, which is explicitly passed.
\begin{cfa}
enum { N = 5 };
double val[N] = { 5.1, 4.1, 3.1, 2.1, 1.1 };
int cmp( const void * v1, const void * v2 ) { $\C{// compare two doubles}$
        return *(double *)v1 < *(double *)v2 ? -1 : *(double *)v2 < *(double *)v1 ? 1 : 0;
}
qsort( val, N, sizeof( double ), cmp );
\end{cfa}
The equivalent type-safe version in \CFA is a wrapper over the C version.
\begin{cfa}
forall( ET | { int @?<?@( ET, ET ); } ) $\C{// type must have < operator}$
void qsort( ET * vals, size_t dim ) {
        int cmp( const void * t1, const void * t2 ) { $\C{// nested function}$
                return *(ET *)t1 @<@ *(ET *)t2 ? -1 : *(ET *)t2 @<@ *(ET *)t1 ? 1 : 0;
        }
        qsort( vals, dim, sizeof(ET), cmp ); $\C{// call C version}$
}
qsort( val, N );  $\C{// deduct type double, and pass builtin < for double}$
\end{cfa}
The nested function @cmp@ is implicitly built and provides the interface from typed \CFA to untyped (@void *@) C.
Providing a hidden @cmp@ function in \CC is awkward as lambdas do not use C calling conventions and template declarations cannot appear in block scope.
% In addition, an alternate kind of return is made available: position versus pointer to found element.
% \CC's type system cannot disambiguate between the two versions of @bsearch@ because it does not use the return type in overload resolution, nor can \CC separately compile a template @bsearch@.
Call-site inferencing and nested functions provide a localized form of inheritance.
For example, the \CFA @qsort@ can be made to sort in descending order by locally changing the behaviour of @<@.
\begin{cfa}
{
        int ?<?( double x, double y ) { return x @>@ y; } $\C{// locally override behaviour}$
        qsort( vals, 10 );                                                      $\C{// descending sort}$
}
\end{cfa}
The local version of @?<?@ overrides the built-in @?<?@ so it is passed to @qsort@.
The local version performs @?>?@, making @qsort@ sort in descending order.
Hence, any number of assertion functions can be overridden locally to maximize the reuse of existing functions and types, without the construction of a named inheritance hierarchy.
A final example is a type-safe wrapper for C @malloc@, where the return type supplies the type/size of the allocation, which is impossible in most type systems.
\begin{cfa}
static inline forall( T & | sized(T) )
T * malloc( void ) {
        if ( _Alignof(T) <= __BIGGEST_ALIGNMENT__ ) return (T *)malloc( sizeof(T) ); // C allocation
        else return (T *)memalign( _Alignof(T), sizeof(T) );
}
// select type and size from left-hand side
int * ip = malloc();  double * dp = malloc();  [[aligned(64)]] struct S {...} * sp = malloc();
\end{cfa}
The @sized@ assertion passes size and alignment as a data object has no implicit assertions.
Both assertions are used in @malloc@ via @sizeof@ and @_Alignof@.
In practise, this polymorphic @malloc@ is unwrapped by the C compiler and the @if@ statement is elided producing a type-safe call to @malloc@ or @memalign@.

This mechanism is used to construct type-safe wrapper-libraries condensing hundreds of existing C functions into tens of \CFA overloaded functions.
Here, existing C legacy code is leveraged as much as possible;
other programming languages must build supporting libraries from scratch, even in \CC.


\subsection{Traits}

\CFA provides \newterm{traits} to name a group of type assertions, where the trait name allows specifying the same set of assertions in multiple locations, preventing repetition mistakes at each function declaration.
\begin{cquote}
\begin{tabular}{@{}l|@{\hspace{10pt}}l@{}}
\begin{cfa}
trait @sumable@( T ) {
        void @?{}@( T &, zero_t ); // 0 literal constructor
        T ?+?( T, T );           // assortment of additions
        T @?+=?@( T &, T );
        T ++?( T & );
        T ?++( T & );
};
\end{cfa}
&
\begin{cfa}
forall( T @| sumable( T )@ ) // use trait
T sum( T a[$\,$], size_t size ) {
        @T@ total = { @0@ };  // initialize by 0 constructor
        for ( size_t i = 0; i < size; i += 1 )
                total @+=@ a[i]; // select appropriate +
        return total;
}
\end{cfa}
\end{tabular}
\end{cquote}
Traits are implemented by flatten them at use points, as if written in full by the programmer.
Flattening often results in overlapping assertions, \eg operator @+@.
Hence, trait names play no part in type equivalence.
In the example, type @T@ is an object type, and hence, has the implicit internal trait @otype@.
\begin{cfa}
trait otype( T & | sized(T) ) {
        void ?{}( T & );                                                $\C{// default constructor}$
        void ?{}( T &, T );                                             $\C{// copy constructor}$
        void ?=?( T &, T );                                             $\C{// assignment operator}$
        void ^?{}( T & );                                               $\C{// destructor}$
};
\end{cfa}
These implicit routines are used by the @sumable@ operator @?+=?@ for the right side of @?+=?@ and return.

If the array type is not a builtin type, an extra type parameter and assertions are required, like subscripting.
This case is generalized in polymorphic container-types, such as a list with @insert@ and @remove@ operations, and an element type with copy and assignment.


\subsection{Generic Types}

A significant shortcoming of standard C is the lack of reusable type-safe abstractions for generic data structures and algorithms.
Broadly speaking, there are three approaches to implement abstract data structures in C.
\begin{enumerate}[leftmargin=*]
\item
Write bespoke data structures for each context.
While this approach is flexible and supports integration with the C type checker and tooling, it is tedious and error prone, especially for more complex data structures.
\item
Use @void *@-based polymorphism, \eg the C standard library functions @bsearch@ and @qsort@, which allow for the reuse of code with common functionality.
However, this approach eliminates the type checker's ability to ensure argument types are properly matched, often requiring a number of extra function parameters, pointer indirection, and dynamic allocation that is otherwise unnecessary.
\item
Use preprocessor macros, similar to \CC @templates@, to generate code that is both generic and type checked, but errors may be difficult to interpret.
Furthermore, writing and using complex preprocessor macros is difficult and inflexible.
\end{enumerate}

\CC, Java, and other languages use \newterm{generic types} to produce type-safe abstract data-types.
\CFA generic types integrate efficiently and naturally with the existing polymorphic functions, while retaining backward compatibility with C and providing separate compilation.
For concrete parameters, the generic-type definition can be inlined, like \CC templates, if its definition appears in a header file (\eg @static inline@).

A generic type can be declared by placing a @forall@ specifier on a @struct@ or @union@ declaration and instantiated using a parenthesized list of types after the type name.
\begin{cquote}
\begin{tabular}{@{}l|@{\hspace{10pt}}l@{}}
\begin{cfa}
@forall( F, S )@ struct pair {
        F first;        S second;
};
@forall( F, S )@ // object
S second( pair( F, S ) p ) { return p.second; }
@forall( F *, S * )@ // sized
S * second( pair( F *, S * ) p ) { return p.second; }
\end{cfa}
&
\begin{cfa}
pair( double, int ) dpr = { 3.5, 42 };
int i = second( dpr );
pair( void *, int * ) vipr = { 0p, &i };
int * ip = second( vipr );
double d = 1.0;
pair( int *, double * ) idpr = { &i, &d };
double * dp = second( idpr );
\end{cfa}
\end{tabular}
\end{cquote}
\CFA generic types are \newterm{fixed} or \newterm{dynamic} sized.
Fixed-size types have a fixed memory layout regardless of type parameters, whereas dynamic types vary in memory layout depending on the type parameters.
For example, the type variable @T *@ is fixed size and is represented by @void *@ in code generation;
whereas, the type variable @T@ is dynamic and set at the point of instantiation.
The difference between fixed and dynamic is the complexity and cost of field access.
For fixed, field offsets are computed (known) at compile time and embedded as displacements in instructions.
For dynamic, field offsets are compile-time computed at the call site, stored in an array of offset values, passed as a polymorphic parameter, and added to the structure address for each field dereference within a polymorphic routine.
See~\cite[\S~3.2]{Moss19} for complete implementation details.

Currently, \CFA generic types allow assertion.
For example, the following declaration of a sorted set-type ensures the set key supports equality and relational comparison.
\begin{cfa}
forall( Elem, @Key@ | { _Bool ?==?( Key, Key ); _Bool ?<?( Key, Key ); } )
struct Sorted_Set { Elem elem; @Key@ key; ... };
\end{cfa}
However, the operations that insert/remove elements from the set should not appear as part of the generic-types assertions.
\begin{cfa}
forall( @Elem@ | /* any assertions on element type */ ) {
        void insert( Sorted_Set set, @Elem@ elem ) { ... }
        bool remove( Sorted_Set set, @Elem@ elem ) { ... } // false => element not present
        ... // more set operations
} // distribution
\end{cfa}
(Note, the @forall@ clause can be distributed across multiple functions.)
For software-engineering reasons, the set assertions would be refactored into a trait to allow alternative implementations, like a Java \lstinline[language=java]{interface}.

In summation, the \CFA type system inherits \newterm{nominal typing} for concrete types from C, and adds \newterm{structural typing} for polymorphic types.
Traits are used like interfaces in Java or abstract base-classes in \CC, but without the nominal inheritance relationships.
Instead, each polymorphic function or generic type defines the structural type needed for its execution, which is fulfilled at each call site from the lexical environment, like Go~\cite{Go} or Rust~\cite{Rust} interfaces.
Hence, new lexical scopes and nested functions are used extensively to create local subtypes, as in the @qsort@ example, without having to manage a nominal inheritance hierarchy.


\section{Contributions}

The \CFA compiler performance and type capability have been greatly improved through my development work.
\begin{enumerate}
\item
The compilation time of various \CFA library units and test programs has been reduced by an order of magnitude, from minutes to seconds \see{\VRef[Table]{t:SelectedFileByCompilerBuild}}, which made it possible to develop and test more complicated \CFA programs that utilize sophisticated type system features.
The details of compiler optimization work are covered in a previous technical report~\cite{Yu20}, which essentially forms part of this thesis.
\item
The thesis presents a systematic review of the new features added to the \CFA language and its type system.
Some of the more recent inclusions to \CFA, such as tuples and generic structure types, were not well tested during development due to the limitation of compiler performance.
Several issues coming from the interactions of various language features are identified and discussed in this thesis;
some of them I have resolved, while others are given temporary fixes and need to be reworked in the future.
\item
Finally, this thesis provides constructive ideas for fixing a number of high-level issues in the \CFA language design and implementation, and gives a path for future improvements to the language and compiler.
\end{enumerate}


\begin{comment}
From: Andrew James Beach <ajbeach@uwaterloo.ca>
To: Peter Buhr <pabuhr@uwaterloo.ca>, Michael Leslie Brooks <mlbrooks@uwaterloo.ca>,
    Fangren Yu <f37yu@uwaterloo.ca>, Jiada Liang <j82liang@uwaterloo.ca>
Subject: Re: Haskell
Date: Fri, 30 Aug 2024 16:09:06 +0000

Do you mean:

one = 1

And then write a bunch of code that assumes it is an Int or Integer (which are roughly int and Int in Cforall) and then replace it with:

one = 1.0

And have that crash? That is actually enough, for some reason Haskell is happy to narrow the type of the first literal (Num a => a) down to Integer but will not do the same for (Fractional a => a) and Rational (which is roughly Integer for real numbers). Possibly a compatibility thing since before Haskell had polymorphic literals.

Now, writing even the first version will fire a -Wmissing-signatures warning, because it does appear to be understood that just from a documentation perspective, people want to know what types are being used. Now, if you have the original case and start updating the signatures (adding one :: Fractional a => a), you can eventually get into issues, for example:

import Data.Array (Array, Ix, (!))
atOne :: (Ix a, Frational a) => Array a b -> b - - In CFA: forall(a | Ix(a) | Frational(a), b) b atOne(Array(a, b) const & array)
atOne = (! one)

Which compiles and is fine except for the slightly awkward fact that I don't know of any types that are both Ix and Fractional types. So you might never be able to find a way to actually use that function. If that is good enough you can reduce that to three lines and use it.

Something that just occurred to me, after I did the above examples, is: Are there any classic examples in literature I could adapt to Haskell?

Andrew

PS, I think it is too obvious of a significant change to work as a good example but I did mock up the structure of what I am thinking you are thinking about with a function. If this helps here it is.

doubleInt :: Int -> Int
doubleInt x = x * 2

doubleStr :: String -> String
doubleStr x = x ++ x

-- Missing Signature
action = doubleInt - replace with doubleStr

main :: IO ()
main = print $ action 4
\end{comment}