source: doc/theses/mike_brooks_MMath/string.tex @ 8f250e0

\chapter{String}

\vspace*{-20pt}
This chapter presents my work on designing and building a modern string type in \CFA.
The discussion starts with examples of interesting string problems, followed by examples of how these issues are resolved in my design.


\section{String Operations}

To prepare for the following discussion, comparisons among C, \CC, Java and \CFA strings are presented, beginning in \VRef[Figure]{f:StrApiCompare}.
It provides a classic ``cheat sheet'' presentation, summarizing the names of the most-common closely-equivalent operations.
The over-arching commonality is that operations work on groups of characters for assigning, copying, scanning, and updating.

\begin{figure}[h]
\begin{cquote}
\begin{tabular}{@{}l|l|l|l@{}}
C @char [ ]@                    &  \CC @string@                 & Java @String@     & \CFA @string@     \\
\hline
@strcpy@, @strncpy@             & @=@                                   & @=@               & @=@       \\
@strcat@, @strncat@             & @+@                                   & @+@               & @+@       \\
@strcmp@, @strncmp@             & @==@, @!=@, @<@, @<=@, @>@, @>=@
                                                & @equals@, @compareTo@
                                                                                                                    & @==@, @!=@, @<@, @<=@, @>@, @>=@ \\
@strlen@                                & @length@, @size@              & @length@                      & @size@        \\
@[ ]@                                   & @[ ]@                                 & @charAt@          & @[ ]@     \\
@strncpy@                               & @substr@                              & @substring@       & @( )@     \\
@strncpy@                               & @replace@                             & @replace@         & @=@ \emph{(on a substring)}\\
@strstr@                                & @find@                                & @indexOf@         & @find@ \\
@strcspn@                               & @find_first_of@               & @matches@         & @include@ \\
@strspn@                                & @find_first_not_of@   & @matches@         & @exclude@ \\
n/a                                             & @c_str@, @data@               & n/a               & @strcpy@, @strncpy@ \\
\end{tabular}
\end{cquote}
\caption{Comparison of languages' strings, API/``cheat-sheet'' perspective.}
\label{f:StrApiCompare}
\end{figure}

As mentioned in \VRef{s:String}, a C string differs from other string types as it uses null termination rather than a length, which leads to explicit storage management;
hence, most of its group operations are error prone and expensive.
Most high-level string libraries use a separate length field and specialized storage management to implement group operations.
Interestingly, \CC strings retain null termination in case it is needed to interface with C library functions.
\begin{cfa}
int open( @const char * pathname@, int flags );
string fname{ "test.cc" );
open( fname.@c_str()@, O_RDONLY );
\end{cfa}
Here, the \CC @c_str@ function does not create a new null-terminated C string from the \CC string, as that requires passing ownership of the C string to the caller for eventual deletion.\footnote{
C functions like \lstinline{strdup} do return allocated storage that must be freed by the caller.}
% Instead, each \CC string is null terminated just in case it might be needed for this purpose.
Providing this backwards compatibility with C has a ubiquitous performance and storage cost.

While \VRef[Figure]{f:StrApiCompare} emphasizes cross-language similarities, it elides many specific operational differences.
For example, the @replace@ function selects a substring in the target and substitutes it with the source string, which can be smaller or larger than the substring.
\CC performs the modification on the mutable receiver object
\begin{cfa}
string s1 = "abcde";
s1.replace( 2, 3, "xy" );  $\C[2.25in]{// replace by position (zero origin) and length, mutable}\CRT$
cout << s1 << endl;
$\texttt{\small abxy}$
\end{cfa}
while Java allocates and returns a new string with the result, leaving the receiver unmodified.
\label{p:JavaReplace}
\begin{java}
String s = "abcde";
String r = s.replace( "cde", "xy" );  $\C[2.25in]{// replace by text, immutable}$
System.out.println( s + ' ' + r );
$\texttt{\small abcde abxy}$
\end{java}
% Generally, Java's @String@ type is immutable.
Java provides a @StringBuffer@ near-analog that is mutable.
\begin{java}
StringBuffer sb = new StringBuffer( "abcde" );
sb.replace( 2, 5, "xy" );  $\C[2.25in]{// replace by position, mutable}\CRT$
System.out.println( sb );
$\texttt{\small abxy}$
\end{java}
However, there are significant differences;
\eg, @StringBuffer@'s @substring@ function returns a @String@ copy that is immutable.
Finally, the operations between these type are asymmetric, \eg @String@ has @replace@ by text but not replace by position and vice versa for @StringBuffer@.

More significant operational differences relate to storage management, often appearing through assignment (@target = source@), and are summarized in \VRef[Figure]{f:StrSemanticCompare}.
% It calls out the consequences of each language taking a different approach on ``internal'' storage management.
The following discussion justifies the figure's yes/no entries per language.

\begin{figure}
\setlength{\extrarowheight}{2pt}
\begin{tabularx}{\textwidth}{@{}p{0.6in}XXcccc@{}}
                                        &                       &                       & \multicolumn{4}{@{}c@{}}{\underline{Supports Helpful?}} \\
                                        & Required      & Helpful       & C                     & \CC           & Java          & \CFA \\
\hline
Type abst'n
                                        & Low-level: The string type is a varying amount of text communicated via a parameter or return.
                                                                & High-level: The string-typed relieves the user of managing memory for the text.
                                                                                        & no    & yes   & yes   & yes \\
\hline
State
                                        & \multirow{2}{2in}
                                        {Fast Initialize: The target receives the characters of the source without copying the characters, resulting in an Alias or Snapshot.}
                                                                & Alias: The target name is within the source text; changes made in either variable are visible in both.
                                                                                        & yes   & yes   & no    & yes \\
\cline{3-7}
                                        &
                                                                & Snapshot: The target is an alias within the source until the target changes (copy on write).
                                                                                        & no    & no    & yes   & yes \\
\hline
Symmetry
                                        & Laxed: The target's type is anything string-like; it may have a different status concerning ownership.
                                                                & Strict: The target's type is the same as the source; both strings are equivalent peers concerning ownership.
                                                                                        & --            & no    & yes   & yes \\
\hline
Referent
                                        & Variable-Constrained: The target can accept the entire text of the source.
                                                                & Fragment: The target can accept an arbitrary substring of the source.
                                                                                        & no    & no    & yes   & yes
\end{tabularx}

\noindent
Notes
\begin{itemize}[parsep=0pt]
\item
        All languages support Required in all criteria.
\item
        A language gets ``Supports Helpful'' in one criterion if it can do so without sacrificing the Required achievement on all other criteria.
\item
        The C ``string'' is actually @char []@, under the conventions that @<string.h>@ requires. Hence, there is no actual string type in C, so symmetry does not apply.
\item
        The Java @String@ class is analyzed; its @StringBuffer@ class behaves similarly to @C++@.
\end{itemize}
\caption{Comparison of languages' strings, storage management perspective.}
\label{f:StrSemanticCompare}
\end{figure}

In C, the declaration
\begin{cfa}
char s[$\,$] = "abcde";
\end{cfa}
creates a second-class fixed-sized string-variable, as it can only be used in its lexical context;
it cannot be passed by value to string operations or user functions as C array's cannot be copied because there is no string-length information passed to the function.
Therefore, only pointers to strings are first-class, and discussed further.
\begin{cfa}
(const) char * s = "abcde";  $\C[2.25in]{// alias state, n/a symmetry, variable-constrained referent}$
char * s1 = s;  $\C{// alias state, n/a symmetry, variable-constrained referent}$
char * s2 = s;  $\C{// alias state, n/a symmetry, variable-constrained referent}$
char * s3 = &s[1];  $\C{// alias state, n/a symmetry, variable-constrained referent}$
char * s4 = &s3[1];  $\C{// alias state, n/a symmetry, variable-constrained referent}\CRT$
printf( "%s %s %s %s %s\n", s, s1, s2, s3, s4 );
$\texttt{\small abcde abcde abcde bcde cde}$
\end{cfa}
Note, all of these aliased strings rely on the single null termination character at the end of @s@.
The issue of symmetry does not apply to C strings because the value and pointer strings are essentially different types, and so this feature is scored as not applicable for C.
With the type not managing the text storage, there is no ownership question, \ie operations on @s1@ or @s2@ never leads to their memory becoming reusable.
While @s3@ is a valid C-string that contains a proper substring of @s1@, the @s3@ technique does not constitute having a fragment referent because null termination implies the substring cannot be chosen arbitrarily; the technique works only for suffixes.

In \CC, @string@ offers a high-level abstraction.
\begin{cfa}
string s = "abcde";
string & s1 = s;  $\C[2.25in]{// alias state, lax symmetry, variable-constrained referent}$
string s2 = s;  $\C{// copy (strict symmetry, variable-constrained referent)}$
string s3 = s.substr( 1, 2 );  $\C{// copy (strict symmetry, fragment referent)}$
string s4 = s3.substr( 1, 1 );  $\C{// copy (strict symmetry, fragment referent)}$
cout << s << ' ' << s1 << ' ' << s2 << ' ' << s3 << ' ' << s4 << endl;
$\texttt{\small abcde abcde abcde bc c}$
string & s5 = s.substr(2,4);  $\C{// error: cannot point to temporary}\CRT$
\end{cfa}
The lax symmetry reflects how the validity of @s1@ depends on the content and lifetime of @s@.
It is common practice in \CC to use the @s1@-style pass by reference, with the understanding that the callee only uses the referenced string for the duration of the call, \ie no side-effect using the parameter.
So, when the called function is a constructor, it is typical to use an @s2@-style copy-initialization to string-object-typed member.
Exceptions to this pattern are possible, but require the programmer to assure safety where the type system does not.
The @s3@ initialization is constrained to copy the substring because @c_str@ always provides a null-terminated character, which may be different from the source string.
@s3@ assignment could be fast by reference counting the text area and using copy-on-write, but would require an implementation upgrade.

In Java, @String@ also offers a high-level abstraction:
\begin{java}
String s = "abcde";
String s1 = s;  $\C[2.25in]{// snapshot state, strict symmetry, variable-constrained referent}$
String s2 = s.substring( 1, 3 );  $\C{// snapshot state (possible), strict symmetry, fragment referent}$
String s3 = s2.substring( 1, 2 );  $\C{// snapshot state (possible), strict symmetry, fragment referent}\CRT$
System.out.println( s + ' ' + s1 + ' ' + s2 + ' ' + s3 );
System.out.println( (s == s1) + " " + (s == s2) + " " + (s2 == s3) );
$\texttt{\small abcde abcde bc c}$
$\texttt{\small true false false}$
\end{java}
Note, @substring@ takes a start and end position, rather than a start position and length.
Here, facts about Java's implicit pointers and pointer equality can over complicate the picture, and so are ignored.
Furthermore, Java's string immutability means string variables behave as simple values.
The result in @s1@ is the pointer in @s@, and their pointer equality confirm no time is spent copying characters.
With @s2@, the case for fast-copy is more subtle.
Certainly, its value is not pointer-equal to @s@, implying at least a further allocation.
\PAB{TODO: finish the fast-copy case.}
Java does not meet the aliasing requirement because immutability make it impossible to modify.
Java's @StringBuffer@ provides aliasing (see @replace@ example on \VPageref{p:JavaReplace}), though without supporting symmetric treatment of a fragment referent, \eg @substring@ of a @StringBuffer@ is a @String@;
as a result, @StringBuffer@ scores as \CC.
The easy symmetry that the Java string enjoys is aided by Java's garbage collection; Java's @s2@ is doing effectively the operation of \CC's @s3@, though without the consequence of complicating memory management.
\PAB{What complex storage management is going on here?}

Finally, in \CFA, @string@ also offers a high-level abstraction:
\begin{cfa}
string s = "abcde";
string & s1 = s; $\C[2.25in]{// alias state, strict symmetry, variable-constrained referent}$
string s2 = s; $\C{// snapshot state, strict symmetry, variable-constrained referent}$
string s3 = s`share; $\C{// alias state, strict symmetry, variable-constrained referent}\CRT$
string s4 = s( 1, 2 );
string s5 = s4( 1, 1 );
sout | s | s1 | s2 | s3 | s4 | s5;
$\texttt{\small abcde abcde abcde abcde bc c}$
\end{cfa}
% all helpful criteria of \VRef[Figure]{f:StrSemanticCompare} are satisfied.
The \CFA string manages storage, handles all assignments, including those of fragment referents with fast initialization, provides the choice between snapshot and alias semantics, and does so symmetrically with one type (which assures text validity according to the lifecycles of the string variables).
The intended metaphor for \CFA stings is similar to a GUI text-editor or web browser.
Select a consecutive block of text using the mouse generates an aliased substring in the file/dialog-box.
Typing into the selected area is like assigning to an aliased substring, where the highlighted text is replaced with more or less text;
depending on the text entered, the file/dialog-box content grows or shrinks.
\PAB{Need to discuss the example, as for the other languages.}

The remainder of this chapter explains how the \CFA string achieves this usage style.


\section{Storage Management}

This section discusses issues related to storage management of strings.
Specifically, it is common for strings to logically overlap partially or completely.
\begin{cfa}
string s1 = "abcdef";
string s2 = s1; $\C{// complete overlap, s2 == "abcdef"}$
string s3 = s1.substr( 0, 3 ); $\C{// partial overlap, s3 == "abc"}$
\end{cfa}
This raises the question of how strings behave when an overlapping component is changed,
\begin{cfa}
s3[1] = 'w'; $\C{// what happens to s1 and s2?}$
\end{cfa}
which is restricted by a string's mutable or immutable property.
For example, Java's immutable strings require copy-on-write when any overlapping string changes.
Note, the notion of underlying string mutability is not specified by @const@; \eg in \CC:
\begin{cfa}
const string s1 = "abc";
\end{cfa}
the @const@ applies to the @s1@ pointer to @"abc"@, and @"abc"@ is an immutable constant that is \emph{copied} into the string's storage.
Hence, @s1@ is not pointing at an immutable constant, meaning its underlying string can be mutable, unless some other designation is specified, such as Java's global immutable rule.


\subsection{Logical overlap}

\CFA provides a dynamic mechanism to indicate mutable or immutable using the attribute @`share@.
This aliasing relationship is a sticky-property established at initialization.
For example, here strings @s1@ and @s1a@ are in an aliasing relationship, while @s2@ is in a copy relationship.
\input{sharing1.tex}
Here, the aliasing (@`share@) causes partial changes (subscripting) to flow in both directions.
\input{sharing2.tex}
Similarly for complete changes.
\input{sharing3.tex}

Because string assignment copies the value, RHS aliasing is irrelevant.
Hence, aliasing of the LHS is unaffected.
\input{sharing4.tex}

Now, consider string @s1_mid@ being an alias in the middle of @s1@, along with @s2@, made by a simple copy from the middle of @s1@.
\input{sharing5.tex}
Again, @`share@ passes changes in both directions; copy does not.
As a result, the index values for the position of @b@ are 1 in the longer string @"abcd"@ and 0 in the shorter aliased string @"bc"@.
This alternate positioning also applies to subscripting.
\input{sharing6.tex}

Finally, assignment flows through the aliasing relationship without affecting its structure.
\input{sharing7.tex}
In the @"ff"@ assignment, the result is straightforward to accept because the flow direction is from contained (small) to containing (large).
The following rules explain aliasing substrings that flow in the opposite direction, large to small.

Growth and shrinkage are natural extensions, as for the text-editor example mentioned earlier, where an empty substring is as real real as an empty string.
\input{sharing8.tex}

Multiple portions of a string can be aliased.
% When there are several aliasing substrings at once, the text editor analogy becomes an online multi-user editor.
%I should be able to edit a paragraph in one place (changing the document's length), without my edits affecting which letters are within a mouse-selection that you had made previously, somewhere else.
\input{sharing9.tex}
When @s1_bgn@'s size increases by 3, @s1_mid@'s starting location moves from 1 to 4 and @s1_end@'s from 3 to 6,

When changes happens on an aliasing substring that overlap.
\input{sharing10.tex}
Strings @s1_crs@ and @s1_mid@ overlap at character 4, @j@ because the substrings are 3,2 and 4,2.
When @s1_crs@'s size increases by 1, @s1_mid@'s starting location moves from 4 to 5, but the overlapping character remains, changing to @'+'@.

\PAB{TODO: finish typesetting the demo}

%\input{sharing-demo.tex}


\subsection{RAII limitations}

Earlier work on \CFA~\cite[ch.~2]{Schluntz17} implemented object constructors and destructors for all types (basic and user defined).
A constructor is a user-defined function run implicitly \emph{after} an object's declaration-storage is created, and a destructor is a user-defined function run \emph{before} an object's declaration-storage is deleted.
This feature, called RAII~\cite[p.~389]{Stroustrup94}, guarantees pre-invariants for users before accessing an object and post invariants for the programming environment after an object terminates.

The purposes of these invariants goes beyond ensuring authentic values inside an object.
Invariants can also track occurrences of managed objects in other data structures.
For example, reference counting is a typical application of an invariant outside of the data values.
With a reference-counting smart-pointer, the constructor and destructor \emph{of a pointer type} tracks the life cycle of the object it points to.
Both \CC and \CFA RAII systems are powerful enough to achieve reference counting.

In general, a lifecycle function has access to an object by location, \ie constructors and destructors receive a @this@ parameter providing an object's memory address.
\begin{cfa}
struct S { int * ip; };
void ?{}( S & @this@ ) { this.ip = new(); } $\C[3in]{// default constructor}$
void ?{}( S & @this@, int i ) { ?{}(this); *this.ip = i; } $\C{// initializing constructor}$
void ?{}( S & @this@, S s ) { this = s; } $\C{// copy constructor}$
void ^?{}( S & @this@ ) { delete( this.ip ); } $\C{// destructor}\CRT$
\end{cfa}
The lifecycle implementation can then add this object to a collection at creation and remove it at destruction.
A module providing lifecycle semantics can traverse the collection at relevant times to keep the objects ``good.''
Hence, declaring such an object not only ensures ``good'' authentic values, but also an implicit subscription to a service that keeps the value ``good'' across its lifetime.

In many cases, the relationship between memory location and lifecycle is straightforward.
For example, stack-allocated objects being used as parameters and returns, with a sender version in one stack frame and a receiver version in another, as opposed to assignment where sender and receiver are in the same stack frame.
What is crucial for lifecycle management is knowing if the receiver is initialized or uninitialized, \ie an object is or is not currently associated with management.
To provide this knowledge, languages differentiate between initialization and assignment to a left-hand side.
\begin{cfa}
Obj obj2 = obj1;  $\C[1.5in]{// initialization, obj2 is initialized}$
obj2 = obj1;      $\C{// assignment, obj2 must be initialized for management to work}\CRT$
\end{cfa}
Initialization occurs at declaration by value, parameter by argument, return temporary by function call.
Hence, it is necessary to have two kinds of constructors: by value or object.
\begin{cfa}
Obj obj1{ 1, 2, 3 }; $\C[1.5in]{// by value, management is initialized}$
Obj obj2 = obj1;     $\C{// by obj, management is updated}\CRT$
\end{cfa}
When no object management is required, initialization copies the right-hand value.
Hence, the calling convention remains uniform, where the unmanaged case uses @memcpy@ as the initialization constructor and managed uses the specified initialization constructor.

The \CFA RAII system supports lifecycle functions, except for returning a value from a function to a temporary.
For example, in \CC:
\begin{c++}
struct S {...};
S identity( S s ) { return s; }
S s;
s = identity( s ); // S temp = identity( s ); s = temp;
\end{c++}
the generated code for the function call created a temporary with initialization from the function call, and then assigns the temporary to the object.
This two step approach means extra storage for the temporary and two copies to get the result into the object variable.
\CC{17} introduced return value-optimization (RVO)~\cite{RVO20} to ``avoid copying an object that a function returns as its value, including avoiding creation of a temporary object''.
\CFA uses C semantics for function return giving direct value-assignment, which eliminates unnecessary code, but skips an essential feature needed by lifetime management.
The following discusses the consequences of this semantics with respect to lifetime management of \CFA strings.

The present string-API contribution provides lifetime management with initialization semantics on function return.
The workaround to achieve the full lifetime semantics does have a runtime performance penalty.
An alternative API sacrifices return initialization semantics to recover full runtime performance.
These APIs are layered, with the slower, friendlier High Level API (HL) wrapping the faster, more primitive Low Level API (LL).
Both API present the same features, up to lifecycle management, with return initialization being disabled in LL and implemented with the workaround in HL.
The intention is for most future code to target HL.
When \CFA becomes a full compiler, it can provide return initialization with RVO optimizations.
Then, programs written with the HL API will simply run faster.
In the meantime, performance-critical sections of applications use LL.
Subsequent performance experiments \see{\VRef{s:PerformanceAssessment}} with other string libraries has \CFA strings using the LL API.
These measurement gives a fair estimate of the goal state for \CFA.


\subsection{Memory management}

A centrepiece of the string module is its memory manager.
The management scheme defines a shared buffer for string text.
Allocation in this buffer is via a bump-pointer;
the buffer is compacted and/or relocated with growth when it fills.
A string is a smart pointer into this buffer.

This cycle of frequent cheap allocations, interspersed with infrequent expensive compactions, has obvious similarities to a general-purpose memory manager based on garbage collection (GC).
A few differences are noteworthy.
First, in a general purpose manager, the allocated objects may contain pointers to other objects, making the transitive reachability of these objects a crucial property.
Here, the allocations are text, so one allocation never keeps another alive.
Second, in a general purpose manager, the handle that keeps an allocation alive is just a lean pointer.
For strings, a fatter representation is acceptable because there are fewer string head pointers versus chained pointers within nodes as for linked containers.

\begin{figure}
\includegraphics{memmgr-basic}
\caption{String memory-management data structures}
\label{f:memmgr-basic}
\end{figure}

\VRef[Figure]{f:memmgr-basic} shows the representation.
The heap header and text buffer define a sharing context.
Normally, one global sharing context is appropriate for an entire program;
concurrent exceptions are discussed in \VRef{s:AvoidingImplicitSharing}.
A string is a handle into the buffer and linked into a list.
The list is doubly linked for $O(1)$ insertion and removal at any location.
Strings are orders in the list by string-text address, where there is no overlapping, and approximately, where there is.
The header maintains a next-allocation pointer, @alloc@, pointing to the last live allocation in the buffer.
No external references point into the buffer and the management procedure relocates the text allocations as needed.
A string handle references a containing string, while its string is contiguous and not null terminated.
The length sets an upper limit on the string size, but is large (4 or 8 bytes).
String handles can be allocated in the stack or heap, and represent the string variables in a program.
Normal C life-time rules apply to guarantee correctness of the string linked-list.
The text buffer is large enough with good management so that often only one dynamic allocation is necessary during program execution.
% During this period, strings can vary in size dynamically.

When the text buffer fills, \ie the next new string allocation causes @alloc@ to point beyond the end of the buffer, the strings are compacted.
The linked handles define all live strings in the buffer, which indirectly defines the allocated and free space in the buffer.
Since the string handles are in (roughly) sorted order, the handle list can be traversed copying the first text to the start of the buffer and subsequent strings after each over.
After compaction, if the amount of free storage is still less than the new string allocation, a larger text buffer is heap allocated, the current buffer is copies into the new buffer, and the original buffer is freed.
Note, the list of string handles is unaffected during a compaction;
only the string pointers in the handles are modified to new buffer locations.

Object lifecycle events are the \emph{subscription-management} triggers in such a service.
There are two fundamental string-creation routines: importing external text like a C-string or reading a string, and initialization from an existing \CFA string.
When importing, storage comes from the end of the buffer, into which the text is copied.
The new string handle is inserted at the end of the handle list because the new text is at the end of the buffer.
When initializing from text already in the text buffer, the new handle is a second reference into the original run of characters.
In this case, the new handle's linked-list position is after the original handle.
Both string initialization styles preserve the string module's internal invariant that the linked-list order matches the buffer order.
For string destruction, handles are removed from the list.

Certain string operations can results in a subset (substring) of another string.
The resulting handle is then placed in the correct sorted position in the list, possible with a short linear search to locate the position.
For string operations resulting in a new string, that string is allocated at the end of the buffer.
For shared-edit strings, handles that originally referenced containing locations need to see the new value at the new buffer location.
These strings are moved to appropriate locations at the end of the list \see{[xref: TBD]}.
For nonshared-edit strings, a containing string can be moved and the nonshared strings can remain in the same position.
String assignment words similarly to string initialization, maintain the invariant of linked-list order matching buffer order.

At the level of the memory manager, these modifications can always be explained as assignments and appendment;
for example, an append is an assignment into the empty substring at the end of the buffer. 
Favourable conditions allow for in-place editing: where there is room for the resulting value in the original buffer location, and where all handles referring to the original buffer location see the new value.
However, the general case requires a new buffer allocation: where the new value does not fit in the old place, or if other handles are still using the old value.


\subsection{Sharing implementation}

The \CFA string module has two mechanisms to handle the case when string handles share a string of text.  

The first type of sharing is the user requests both string handles be views of the same logical, modifiable string.
This state is typically produced by the substring operation.
\begin{cfa}
string s = "abcde";
string s1 = s( 1, 2 )@`share@; $\C[2.25in]{// explicit sharing}$
s[1] = 'x'; $\C{// change s and s1}\CRT$
sout | s | s1;
$\texttt{\small axcde xc}$
\end{cfa}
In a typical substring call, the source string-handle is referencing an entire string, and the resulting, newly made, string handle is referencing a portion of the original.
In this state, a subsequent modification made by either is visible in both.

The second type of sharing happens when the system implicitly delays the physical execution of a logical \emph{copy} operation, as part of its copy-on-write optimization.
This state is typically produced by constructing a new string, using an original string as its initialization source.
\begin{cfa}
string s = "abcde";
string s1 = s( 1, 2 )@@; $\C[2.25in]{// no sharing}$
s[1] = 'x'; $\C{// copy-on-write s1}\CRT$
sout | s | s1;
$\texttt{\small axcde bc}$
\end{cfa}
In this state, a subsequent modification done on one handle triggers the deferred copy action, leaving the handles referencing different text within the buffer, holding distinct values.

A further abstraction, in the string module's implementation, helps distinguish the two senses of sharing.
A share-edit set (SES) is an equivalence class over string handles, being the reflexive, symmetric and transitive closure of the relationship of one string being constructed from another, with the ``share'' opt-in given.
The SES is represented by a second linked list among the handles.
A string that shares edits with no other is in a SES by itself.
Inside a SES, a logical modification of one substring portion may change the logical value in another, depending on whether the two actually overlap.
Conversely, no logical value change can flow outside of a SES.
Even if a modification on one string handle does not reveal itself \emph{logically} to anther handle in the same SES (because they do not overlap), if the modification is length-changing, completing the modification requires visiting the second handle to adjust its location in the sliding text.


\subsection{Avoiding implicit sharing}
\label{s:AvoidingImplicitSharing}

There are tradeoffs associated with the copy-on-write mechanism.
Several qualitative matters are detailed in the \VRef{s:PerformanceAssessment} and the qualitative issue of multi-threaded support is introduced here.
The \CFA sting library provides a switch to disable the sharing mechanism for situations where it is inappropriate.

Because of the inter-linked string handles, any participant managing one string is also managing, directly, the neighbouring strings, and from there, a data structure of the ``set of all strings.''  This data structure is intended for sequential access.
A negative consequence of this decision is that multiple threads using strings need to be set up so that they avoid attempting to modify (concurrently) an instance of this structure.
A positive consequence is that a single-threaded program, or a program with several independent threads, can use the sharing context without locking overhead.

When the string library is running with sharing disabled, it runs without implicit thread-safety challenges, which is the same as the \CC STL, and with performance goals similar to the STL.
Running with sharing disabled can be thought of as a STL-emulation mode.
Hence, concurrent users of string objects must still bring their own mutual exclusion, but the string library does not add any cross thread uses that are not apparent in a user's code.

\PAB{I could not get this to do anything.}
The \CFA string library does provides a @string_sharectx@ type to control an ambient sharing context for the current thread.
It allows two adjustments: to opt out of sharing entirely or to begin sharing within a private context.
Either way, the chosen mode applies only to the current thread, for the duration of the lifetime of the created  @string_sharectx@ object, up to being suspended by child lifetimes of different contexts.
The intended use is with stack-managed lifetimes, in which the established context lasts until the current function returns, and affects all functions called that do not create their own contexts.
\lstinputlisting[language=CFA, firstline=20, lastline=34]{sharectx.run.cfa}
In this example, the single-letter functions are called in alphabetic order.
The functions @a@ and @d@ share string character ranges within themselves, but not with each other.
The functions @b@, @c@ and @e@ never share anything.

[ TODO: true up with ``is thread local'' (implement that and expand this discussion to give a concurrent example, or adjust this wording) ]


\subsection{Future work}

To discuss: Unicode

To discuss: Small-string optimization


\section{Performance assessment}
\label{s:PerformanceAssessment}

I assessed the \CFA string library's speed and memory usage against strings in \CC STL.
The results are presented in even equivalent cases, due to either micro-optimizations foregone, or fundamental costs of the added functionality.
They also show the benefits and tradeoffs, as >100\% effects, of switching to \CFA, with the tradeoff points quantified.
The final test shows the overall win of the \CFA text-sharing mechanism.
It exercises several operations together, showing \CFA enabling clean user code to achieve performance that STL requires less-clean user code to achieve.

To discuss: general goal of ...
while STL makes you think about memory management, all the time, and if you do your performance can be great ...
\CFA sacrifices this advantage modestly in exchange for big wins when you're not thinking about memory management.
[Does this position cover all of it?]

To discuss: revisit HL v LL APIs

To discuss: revisit no-sharing as STL emulation modes


\subsection{Methodology}

These tests use randomly generated text fragments of varying lengths.
A collection of such fragments is a \emph{corpus}.
The mean length of a fragment from a corpus is a typical explanatory variable.
Such a length is used in one of three modes:
\begin{description}
        \item [Fixed-size] means all string fragments are of the stated size.
        \item [Varying from 1] means string lengths are drawn from a geometric distribution with the stated mean, and all lengths occur.
        \item [Varying from 16] means string lengths are drawn from a geometric distribution with the stated mean, but only lengths 16 and above occur; thus, the stated mean is above 16.
\end{description}
The geometric distribution implies that lengths much longer than the mean occur frequently.
The special treatment of length 16 deals with comparison to STL, given that STL has short-string optimization (see [TODO: write and cross-ref future-work SSO]), currently not implemented in \CFA.
When success, notwithstanding SSO, is illustrated, a fixed-size or from-16 distribution ensures that extra-optimized cases are not part of the mix on the STL side.
In all experiments that use a corpus, its text is generated and loaded into the SUT before the timed phase begins.

To discuss: vocabulary for reused case variables

To discuss: common approach to iteration and quoted rates

To discuss: hardware and such

To discuss: memory allocator


\subsection{Test: Append}

This test measures the speed of appending fragments of text onto a growing string.
Its subcases include both \CFA being similar to STL and their designs offering a tradeoff.

One experimental variable is logically equivalent operations such as @a = a + b@ \vs @a += b@.
For numeric types, the generated code is equivalence, giving identical performance.
However, for string types there can be a significant difference in performance, especially if this code appears in a loop iterating a large number of times.
This difference might not be intuitive to beginners.

Another experimental variable is whether the user's logical allocation is fresh \vs reused.
Here, \emph{reusing a logical allocation}, means that the program variable, into which the user is concatenating, previously held a long string:\\
\begin{cquote}
\setlength{\tabcolsep}{20pt}
\begin{tabular}{@{}ll@{}}
\begin{cfa}

for ( ... ) {
        @string x;@   // fresh
        for ( ... )
                x += ...
}
\end{cfa}
&
\begin{cfa}
string x;
for ( ... ) {
        @x = "";@  // reused
        for ( ... )
                x += ...
}
\end{cfa}
\end{tabular}
\end{cquote}
These benchmark drivers have an outer loop for ``until a sample-worthy amount of execution has happened'' and an inner loop for ``build up the desired-length string.''
In general, a user should not have to care about this difference, yet the STL performs differently in these cases.
Furthermore, if a routine takes a string by reference, if cannot use the fresh approach.
Concretely, both cases incur the cost of copying characters into the target string, but only the allocation-fresh case incurs a further reallocation cost, which is generally paid at points of doubling the length.
For the STL, this cost includes obtaining a fresh buffer from the memory allocator and copying older characters into the new buffer, while \CFA-sharing hides such a cost entirely.
The fresh \vs reuse distinction is only relevant in the \emph{append} tests.

The \emph{append} tests use the varying-from-1 corpus construction, \ie they do not assume away the STL's advantage for small-string optimization.
\PAB{To discuss: any other case variables introduced in the performance intro}
Figure \ref{fig:string-graph-peq-cppemu} shows this behaviour, by the STL and by \CFA in STL emulation mode.
\CFA reproduces STL's performance, up to a 15\% penalty averaged over the cases shown, diminishing with larger strings, and 50\% in the worst case.
This penalty characterizes the amount of implementation fine tuning done with STL and not done with \CFA in present state.
The larger inherent penalty, for a user mismanaging reuse, is 40\% averaged over the cases shown, is minimally 24\%, shows up consistently between the STL and \CFA implementations, and increases with larger strings.

\PAB{Most of your graphs are unreadable. gnuplot is a good tool for generating high quality graphs.}

\begin{figure}
        \includegraphics[width=\textwidth]{string-graph-peq-cppemu.png}
        \caption{Average time per iteration with one \lstinline{x += y} invocation, comparing \CFA with STL implementations (given \CFA running in STL emulation mode), and comparing the ``fresh'' with ``reused'' reset styles, at various string sizes.}
        \label{fig:string-graph-peq-cppemu}
\end{figure}

\begin{figure}
        \includegraphics[width=\textwidth]{string-graph-peq-sharing.png}
        \caption{Average time per iteration with one \lstinline{x += y} invocation, comparing \CFA (having implicit sharing activated) with STL, and comparing the ``fresh'' with ``reused'' reset styles, at various string sizes.}
        \label{fig:string-graph-peq-sharing}
\end{figure}

In sharing mode, \CFA makes the fresh/reuse difference disappear, as shown in Figure \ref{fig:string-graph-peq-sharing}.
At append lengths 5 and above, \CFA not only splits the two baseline STL cases, but its slowdown of 16\% over (STL with user-managed reuse) is close to the \CFA-v-STL implementation difference seen with \CFA in STL-emulation mode.

\begin{figure}
        \includegraphics[width=\textwidth]{string-graph-pta-sharing.png}
        \caption{Average time per iteration with one \lstinline{x = x + y} invocation (new, purple bands), comparing \CFA (having implicit sharing activated) with STL.
For context, the results from Figure \ref{fig:string-graph-peq-sharing} are repeated as the bottom bands.
While not a design goal, and not graphed out, \CFA in STL-emulation mode outperformed STL in this case; user-managed allocation reuse did not affect any of the implementations in this case.}
        \label{fig:string-graph-pta-sharing}
\end{figure}

When the user takes a further step beyond the STL's optimal zone, by running @x = x + y@, as in Figure \ref{fig:string-graph-pta-sharing}, the STL's penalty is above $15 \times$ while \CFA's (with sharing) is under $2 \times$, averaged across the cases shown here.
Moreover, the STL's gap increases with string size, while \CFA's converges.

\subsubsection{Test: Pass argument}

To have introduced:  STL string library forces users to think about memory management when communicating values across a function call

STL charges a prohibitive penalty for passing a string by value.
With implicit sharing active, \CFA treats this operation as normal and supported.
This test illustrates a main advantage of the \CFA sharing algorithm.
It also has a case in which STL's small-string optimization provides a successful mitigation.

\begin{figure}
        \includegraphics[width=\textwidth]{string-graph-pbv.png}
        \caption{Average time per iteration with one call to a function that takes a by-value string argument, comparing \CFA (having implicit sharing activated) with STL.
(a) With \emph{Varying-from-1} corpus construction, in which the STL-only benefit of small-string optimization occurs, in varying degrees, at all string sizes.
(b) With \emph{Fixed-size} corpus construction, in which this benefit applies exactly to strings with length below 16.
[TODO: show version (b)]}
        \label{fig:string-graph-pbv}
\end{figure}

Figure \ref{fig:string-graph-pbv} shows the costs for calling a function that receives a string argument by value.
STL's performance worsens as string length increases, while \CFA has the same performance at all sizes.

The \CFA cost to pass is nontrivial.
The contributor is adding and removing the callee's string handle from the global list.
This cost is $1.5 \times$ to $2 \times$ over STL's when small-string optimization applies, though this cost should be avoidable in the same case, given a \CFA realization of this optimization.
At the larger sizes, when STL has to manage storage for the string, STL runs more than $3 \times$ slower, mainly due to time spent in the general-purpose memory allocator.


\subsubsection{Test: Allocate}

This test directly compares the allocation schemes of the \CFA string with sharing, compared with the STL string.
It treats the \CFA scheme as a form of garbage collection, and the STL scheme as an application of malloc-free.
The test shows that \CFA enables faster speed at a cost in memory usage.

A garbage collector, afforded the freedom of managed memory, often runs faster than malloc-free (in an amortized analysis, even though it must occasionally stop to collect) because it is able to use its collection time to move objects.
(In the case of the mini-allocator powering the \CFA string library, objects are runs of text.)  Moving objects lets fresh allocations consume from a large contiguous store of available memory; the ``bump pointer'' book-keeping for such a scheme is very light.
A malloc-free implementation without the freedom to move objects must, in the general case, allocate in the spaces between existing objects; doing so entails the heavier book-keeping to navigate and maintain a linked structure.

A garbage collector keeps allocations around for longer than the using program can reach them.
By contrast, a program using malloc-free (correctly) releases allocations exactly when they are no longer reachable.
Therefore, the same harness will use more memory while running under garbage collection.
A garbage collector can minimize the memory overhead by searching for these dead allocations aggressively, that is, by collecting more often.
Tuned in this way, it spends a lot of time collecting, easily so much as to overwhelm its speed advantage from bump-pointer allocation.
If it is tuned to collect rarely, then it leaves a lot of garbage allocated (waiting to be collected) but gains the advantage of little time spent doing collection.

[TODO: find citations for the above knowledge]

The speed for memory tradeoff is, therefore, standard for comparisons like \CFA--STL string allocations.
The test verifies that it is so and quantifies the returns available.

These tests manipulate a tuning knob that controls how much extra space to use.
Specific values of this knob are not user-visible and are not presented in the results here.
Instead, its two effects (amount of space used and time per operation) are shown.
The independent variable is the liveness target, which is the fraction of the text buffer that is in use at the end of a collection.
The allocator will expand its text buffer during a collection if the actual fraction live exceeds this target.

This experiment's driver allocates strings by constructing a string handle as a local variable then looping over recursive calls.
The time measurement is of nanoseconds per such allocating call.
The arrangement of recursive calls and their fan-out (iterations per recursion level) makes some of the strings long-lived and some of them short-lived.
String lifetime (measured in number of subsequent string allocations) is ?? distributed, because each node in the call tree survives as long as its descendent calls.
The run presented in this section used a call depth of 1000 and a fan-out of 1.006, which means that approximately one call in 167 makes two recursive calls, while the rest make one.
This sizing was chosen to keep the amounts of consumed memory within the machine's last-level cache.

\begin{figure}
  \includegraphics[width=\textwidth]{string-graph-allocn.png}
  \caption{Space and time performance, under varying fraction-live targets, for the five string lengths shown, at (\emph{Fixed-size} corpus construction.
[MISSING] The identified clusters are for the default fraction-live target, which is 30\%.
MISSING: STL results, typically just below the 0.5--0.9 \CFA segment.
All runs keep an average of 836 strings live, and the median string lifetime is ?? allocations.}
  \label{fig:string-graph-allocn}
\end{figure}

Figure \ref{fig:string-graph-allocn} shows the results of this experiment.
At all string sizes, varying the liveness threshold gives offers speed-for-space tradeoffs relative to STL.
At the default liveness threshold, all measured string sizes see a ??\%--??\% speedup for a ??\%--??\% increase in memory footprint.


\subsubsection{Test: Normalize}

This test is more applied than the earlier ones.
It combines the effects of several operations.
It also demonstrates a case of the \CFA API allowing user code to perform well, while being written without overt memory management, while achieving similar performance in STL requires adding memory-management complexity.

To motivate: edits being rare

The program is doing a specialized find-replace operation on a large body of text.
In the program under test, the replacement is just to erase a magic character.
But in the larger software problem represented, the rewrite logic belongs to a module that was originally intended to operate on simple, modest-length strings.
The challenge is to apply this packaged function across chunks taken from the large body.
Using the \CFA string library, the most natural way to write the helper module's function also works well in the adapted context.
Using the STL string, the most natural ways to write the helper module's function, given its requirements in isolation, slow down when it is driven in the adapted context.

\begin{lstlisting}
void processItem( string & item ) {
         // find issues in item and fix them
}
\end{lstlisting}

\section{String I/O}