source: doc/theses/mike_brooks_MMath/string.tex@ a800a19

\chapter{String}

\vspace*{-20pt}
This chapter presents my work on designing and building a modern string type in \CFA.
The discussion starts with an overview of string API, then a number of interesting string problems, followed by how these issues are resolved in this work.


\section{String Operations}

% https://en.wikipedia.org/wiki/Comparison_of_programming_languages_(string_functions)

\VRef[Figure]{f:StrApiCompare} shows a general comparison of string APIs for C, \CC, Java and \CFA.
It provides a classic ``cheat sheet'', summarizing the names of the most-common closely-equivalent operations.
The over-arching commonality is that operations work on groups of characters for assigning, copying, scanning, and updating.

\begin{figure}[h]
\begin{cquote}
\begin{tabular}{@{}l|l|l|l@{}}
C @char [ ]@                    &  \CC @string@                 & Java @String@     & \CFA @string@     \\
\hline
@strcpy@, @strncpy@             & @=@                                   & @=@               & @=@       \\
@strcat@, @strncat@             & @+@                                   & @+@               & @+@       \\
@strcmp@, @strncmp@             & @==@, @!=@, @<@, @<=@, @>@, @>=@
                                                & @equals@, @compareTo@  & @==@, @!=@, @<@, @<=@, @>@, @>=@ \\
@strlen@                                & @length@, @size@              & @length@                      & @size@        \\
@[ ]@                                   & @[ ]@                                 & @charAt@          & @[ ]@     \\
@strncpy@                               & @substr@                              & @substring@       & @( )@ RHS @=@     \\
@strncpy@                               & @replace@                             & @replace@         & @( )@ LHS @=@ \\
@strstr@                                & @find@                                & @indexOf@         & @find@ \\
@strcspn@                               & @find_first_of@               & @matches@         & @include@ \\
@strspn@                                & @find_first_not_of@   & @matches@         & @exclude@ \\
n/a                                             & @c_str@, @data@               & n/a               & @strcpy@, @strncpy@ \\
\end{tabular}
\end{cquote}
\caption{Language comparison of string API}
\label{f:StrApiCompare}
\end{figure}

As mentioned in \VRef{s:String}, a C string differs from other string types as it uses null termination rather than a length, which leads to explicit storage management;
hence, most of its group operations are error prone and expensive.
Most high-level string libraries use a separate length field and specialized storage management to implement group operations.
Interestingly, \CC strings retain null termination in case it is needed to interface with C library functions.
\begin{cfa}
int open( @const char * pathname@, int flags );
string fname{ "test.cc" );
open( fname.@c_str()@, O_RDONLY );              // null terminated value of string
\end{cfa}
Here, the \CC @c_str@ function does not create a new null-terminated C string from the \CC string, as that requires passing ownership of the C string to the caller for eventual deletion.\footnote{
C functions like \lstinline{strdup} do return allocated storage that must be freed by the caller.}
% Instead, each \CC string is null terminated just in case it might be needed for this purpose.
Providing this backwards compatibility with C has a ubiquitous performance and storage cost.


\section{\CFA \lstinline{string} type}
\label{s:stringType}

The \CFA string type is for manipulation of dynamically-sized character-strings versus C @char *@ type for manipulation of statically-sized null-terminated character-strings.
Hence, the amount of storage for a \CFA string changes dynamically at runtime to fit the string size, whereas the amount of storage for a C string is fixed at compile time.
As a result, a @string@ declaration does not specify a maximum length, where a C string must.
The maximum storage for a \CFA @string@ value is @size_t@ characters, which is $2^{32}$ or $2^{64}$ respectively.
A \CFA string manages its length separately from the string, so there is no null (@'\0'@) terminating value at the end of a string value.
Hence, a \CFA string cannot be passed to a C string manipulation function, such as @strcat@.
Like C strings, characters in a @string@ are numbered from the left starting at 0, and in \CFA numbered from the right starting at -1.
\begin{cquote}
\sf
\begin{tabular}{@{}rrrrll@{}}
\small\tt "a & \small\tt b & \small\tt c & \small\tt d & \small\tt e" \\
0 & 1 & 2 & 3 & 4 & left to right index \\
-5 & -4 & -3 & -2 & -1 & right to left index
\end{tabular}
\end{cquote}
The following operations have been defined to manipulate an instance of type @string@.
The discussion assumes the following declarations and assignment statements are executed.
\begin{cfa}
#include @<string.hfa>@
@string@ s = "abcde", name = "MIKE", digit = "0123456789";
const char cs[] = "abc";
int i;
\end{cfa}
Note, the include file @<string.hfa>@ to access type @string@.


\subsection{Implicit String Conversions}

The ability to convert from internal (machine) to external (human) format is useful in situations other than I/O.
Hence, the basic types @char@, @char *@, @int@, @double@, @_Complex@, including any signness and size variations, implicitly convert to type @string@.
\begin{cquote}
\setlength{\tabcolsep}{15pt}
\begin{tabular}{@{}l|ll|l@{}}
\begin{cfa}
//      string s = 5;
        s = 'x';
        s = "abc";
        s = cs;
        s = 45hh;
        s = 45h;
\end{cfa}
&
\begin{cfa}

"x"
"abc"
"abc"
"45"
"45"
\end{cfa}
&
\begin{cfa}
        s = (ssize_t)MIN;
        s = (size_t)MAX;
        s = 5.5;
        s = 5.5L;
        s = 5.5+3.4i;
        s = 5.5L+3.4Li;
\end{cfa}
&
\begin{cfa}
"-9223372036854775808"
"18446744073709551615"
"5.5"
"5.5"
"5.5+3.4i"
"5.5+3.4i"
\end{cfa}
\end{tabular}
\end{cquote}
Conversions can be explicitly specified using a compound literal.
\begin{cfa}
s = (string){ "abc" };                          $\C{// converts char * to string}$
s = (string){ 5 };                                      $\C{// converts int to string}$
s = (string){ 5.5 };                            $\C{// converts double to string}$
\end{cfa}

Conversions from @string@ to @char *@ attempt to be safe:
either by requiring the maximum length of the @char *@ storage (@strncpy@) or allocating the @char *@ storage for the string characters (ownership), meaning the programmer must free the storage.
Note, a C string is always null terminated, implying a minimum size of 1 character.
\begin{cquote}
\setlength{\tabcolsep}{15pt}
\begin{tabular}{@{}l|l@{}}
\begin{cfa}
strncpy( cs, s, sizeof(cs) );
char * cp = s;
delete( cp );
cp = s + ' ' + s;
delete( cp );
\end{cfa}
&
\begin{cfa}
"abc\0", in place
"abcde\0", malloc
ownership
"abcde abcde\0", malloc
ownership
\end{cfa}
\end{tabular}
\end{cquote}


\subsection{Length}

The @len@ operation (short for @strlen@) returns the length of a C or \CFA string.
For consistency, @strlen@ also works with \CFA strings.
\begin{cquote}
\setlength{\tabcolsep}{15pt}
\begin{tabular}{@{}l|l@{}}
\begin{cfa}
i = len( "" );
i = len( "abc" );
i = len( cs );
i = strlen( cs );
i = len( name );
i = strlen( name );
\end{cfa}
&
\begin{cfa}
0
3
3
3
4
4
\end{cfa}
\end{tabular}
\end{cquote}


\subsection{Comparison Operators}

The binary relational, @<@, @<=@, @>@, @>=@, and equality, @==@, @!=@, operators compare \CFA string values using lexicographical ordering, where longer strings are greater than shorter strings.
In C, these operators compare the C string pointer not its value, which does not match programmer expectation.
C strings use function @strcmp@, as the relational/equality operator for string values.


\subsection{Concatenation}

The binary operators @+@ and @+=@ concatenate characters, C strings and \CFA strings, creating the sum of the characters.
\begin{cquote}
\begin{tabular}{@{}l|l@{\hspace{15pt}}l|l@{\hspace{15pt}}l|l@{}}
\begin{cfa}
s = "";
s = 'a' + 'b';
s = 'a' + "b";
s = "a" + 'b';
s = "a" + "b";
\end{cfa}
&
\begin{cfa}

"ab"
"ab"
"ab"
"ab"
\end{cfa}
&
\begin{cfa}
s = "";
s = 'a' + 'b' + s;
s = 'a' + 'b' + s;
s = 'a' + "b" + s;
s = "a" + 'b' + s;
\end{cfa}
&
\begin{cfa}

"ab"
"abab"
"ababab"
"abababab"
\end{cfa}
&
\begin{cfa}
s = "";
s = s + 'a' + 'b';
s = s + 'a' + "b";
s = s + "a" + 'b';
s = s + "a" + "b";
\end{cfa}
&
\begin{cfa}

"ab"
"abab"
"ababab"
"abababab"
\end{cfa}
\end{tabular}
\end{cquote}
For these operations to meet programmer expectations, \CFA introduces two C non-backward compatibilities.
Note, subtracting pointers or characters has a low-level use-case.
\begin{cfa}
ch - '0'    $\C[2in]{// find character offset}$
cp1 - cp2;  $\C{// find pointer offset}\CRT$
\end{cfa}
However, there is no obvious use case for addition.
\begin{cfa}
ch + 'b'    $\C[2in]{// add character values}$
cp1 + 'a';  $\C{// move pointer cp1['a']}\CRT$
\end{cfa}
Adding character values or advancing a pointer with a character are unusual operations, and hence, unlikely to existing in C programs.
There is a legitimate use case for arithmetic on @signed@/@unsigned@ characters (bytes), but these type are treated differently from @char@ in \CC and \CFA.
However, for backwards compatibility reasons it is impossible to restrict or remove arithmetic on type @char@.
Stealing these two cases for use with strings, allows all combinations of concatenation among @char@, @char *@, and @string@.
Note, stealing only occurs if a program includes @<string.hfa>@, resulting is ambiguities in existing C code where there is no way to disambiguate.
\begin{cfa}
ch = 'a' + 'b'; $\C[2in]{// LHS disambiguate, add character values}$
s = 'a' + 'b'; $\C{// LHS disambiguate, concatenation characters}$
sout | 'a' + 'b'; $\C{// ambiguous with <string.hfa>, add or concatenate?}$
sout | (char)'a' + 'b'; $\C{// disambiguate}$
sout | "a" + "b"; $\C{// disambiguate}\CRT$
\end{cfa}
Again, introducing disambiguates for this scenario are rare, as adding characters is uncommon.

\CC cannot support this generality because it does not use the left-hand side of assignment in expression resolution.
While it can special case some combinations:
\begin{c++}
s = 'a' + s; $\C[2in]{// compiles in C++}$
s = "a" + s;
\end{c++}
it cannot generalize to any number of steps:
\begin{c++}
s = 'a' + 'b' + s; $\C{// does not compile in C++}\CRT$
s = "a" + "b" + s;
\end{c++}


\subsection{Repetition}

The binary operators @*@ and @*=@ repeat a string $N$ times.
If $N = 0$, a zero length string, @""@, is returned.
Like concatenation, multiplication is stolen for @char@;
multiplication for pointers does not exist in C.
\begin{cquote}
\setlength{\tabcolsep}{15pt}
\begin{tabular}{@{}l|l@{}}
\begin{cfa}
s = 'x' * 3;
s = "abc" * 3;
s = (name + ' ') * 3;
\end{cfa}
&
\begin{cfa}
"xxx"
"abcabcabc"
"MIKE MIKE MIKE "
\end{cfa}
\end{tabular}
\end{cquote}


\subsection{Substring}
The substring operation returns a subset of a string starting at a position in the string and traversing a length or matching a pattern string.
\begin{cquote}
\setlength{\tabcolsep}{10pt}
\begin{tabular}{@{}l|ll|l@{}}
\multicolumn{2}{c}{\textbf{length}} & \multicolumn{2}{c}{\textbf{pattern}} \\
\begin{cfa}
s = name( 2, 2 );
s = name( 3, -2 );
s = name( 2, 8 );
s = name( 0, -1 );
s = name( -1, -1 );
s = name( -3 );
\end{cfa}
&
\begin{cfa}
"KE"
"IK"
"KE", clip length to 2
"", beyond string clip to null
"K"
"IKE", to end of string
\end{cfa}
&
\begin{cfa}
s = name( "IK" );
s = name( "WW" );




\end{cfa}
&
\begin{cfa}
"IK"
""




\end{cfa}
\end{tabular}
\end{cquote}
A negative starting position is a specification from the right end of the string.
A negative length means that characters are selected in the opposite (right to left) direction from the starting position.
If the substring request extends beyond the beginning or end of the string, it is clipped (shortened) to the bounds of the string.
If the substring request is completely outside of the original string, a null string is returned.
The pattern form either returns the pattern string is the pattern matches or a null string if the pattern does not match.
The usefulness of this mechanism is discussed next.

The substring operation can also appear on the left side of an assignment and replaced by the string value on the right side.
The length of the right string may be shorter, the same length, or longer than the length of left string.
Hence, the left string may decrease, stay the same, or increase in length.
\begin{cquote}
\setlength{\tabcolsep}{15pt}
\begin{tabular}{@{}l|l@{}}
\begin{cfa}[escapechar={}]
digit( 3, 3 ) = "";
digit( 4, 3 ) = "xyz";
digit( 7, 0 ) = "***";
digit(-4, 3 ) = "$$$";
digit( 5 ) = "LLL";
\end{cfa}
&
\begin{cfa}[escapechar={}]
"0126789"
"0126xyz"
"0126xyz"
"012$$$z"
"012$$LLL"
\end{cfa}
\end{tabular}
\end{cquote}
Now pattern matching is useful on the left-hand side of assignment.
\begin{cquote}
\setlength{\tabcolsep}{15pt}
\begin{tabular}{@{}l|l@{}}
\begin{cfa}[escapechar={}]
digit( "$$" ) = "345";
digit( "LLL") = "6789";
\end{cfa}
&
\begin{cfa}
"012345LLL"
"0123456789"
\end{cfa}
\end{tabular}
\end{cquote}
Extending the pattern to a regular expression is a possible extension.

The replace operation returns a string in which all occurrences of a substring are replaced by another string.
\begin{cquote}
\setlength{\tabcolsep}{15pt}
\begin{tabular}{@{}l|l@{}}
\begin{cfa}
s = replace( "PETER", "E", "XX" );
s = replace( "PETER", "ET", "XX" );
s = replace( "PETER", "W", "XX" );
\end{cfa}
&
\begin{cfa}
"PXXTXXR"
"PXXER"
"PETER"
\end{cfa}
\end{tabular}
\end{cquote}
The replacement is done left-to-right and substituted text is not examined for replacement.


\subsection{Searching}

The find operation returns the position of the first occurrence of a key string in a string.
If the key does not appear in the string, the length of the string plus one is returned.
\begin{cquote}
\setlength{\tabcolsep}{15pt}
\begin{tabular}{@{}l|l@{}}
\begin{cfa}
i = find( digit, '3' );
i = find( digit, "45" );
string x = "567";
i = find( digit, x );
\end{cfa}
&
\begin{cfa}
3
4

5
\end{cfa}
\end{tabular}
\end{cquote}
The character-class operations indicate if a string is composed completely of a particular class of characters, \eg, alphabetic, numeric, vowels, \etc.
\begin{cquote}
\setlength{\tabcolsep}{15pt}
\begin{tabular}{@{}l|l@{}}
\begin{cfa}
charclass vowels{ "aeiouy" };
i = include( "aaeiuyoo", vowels );
i = include( "aabiuyoo", vowels );
\end{cfa}
&
\begin{cfa}

8  // compliant
2  // b non-compliant
\end{cfa}
\end{tabular}
\end{cquote}
@vowels@ defines a character class and function @include@ checks if all characters in the string are included in the class (compliance).
The position of the last character plus 1 is return if the string is compliant or the position of the first non-compliant character.
There is no relationship between the order of characters in the two strings.
Function @exclude@ is the reverse of @include@, checking if all characters in the string are excluded from the class (compliance).
\begin{cquote}
\setlength{\tabcolsep}{15pt}
\begin{tabular}{@{}l|l@{}}
\begin{cfa}
i = exclude( "cdbfghmk", vowels );
i = exclude( "cdyfghmk", vowels );
\end{cfa}
&
\begin{cfa}
8  // compliant
2  // y non-compliant
\end{cfa}
\end{tabular}
\end{cquote}
Both forms can return the longest substring of compliant characters.
\begin{cquote}
\setlength{\tabcolsep}{15pt}
\begin{tabular}{@{}l|l@{}}
\begin{cfa}
s = include( "aaeiuyoo", vowels );
s = include( "aabiuyoo", vowels );
s = exclude( "cdbfghmk", vowels );
s = exclude( "cdyfghmk", vowels );
\end{cfa}
&
\begin{cfa}
"aaeiuyoo"
"aa"
"cdbfghmk"
"cd"
\end{cfa}
\end{tabular}
\end{cquote}

The test operation checks if each character in a string is in one of the C character classes.\footnote{It is part of the hereditary madness of C that these function take and return an \lstinline{int} rather than a \lstinline{char}.}
\begin{cquote}
\setlength{\tabcolsep}{15pt}
\begin{tabular}{@{}l|l@{}}
\begin{cfa}
i = test( "1FeC34aB", @isxdigit@ );
i = test( ".,;'!\"", @ispunct@ );
i = test( "XXXx", @isupper@ );
\end{cfa}
&
\begin{cfa}
8   // compliant
6   // compliant
3   // non-compliant
\end{cfa}
\end{tabular}
\end{cquote}
The position of the last character plus 1 is return if the string is compliant or the position of the first non-compliant character.

Combining substring and search allows actions like trimming whitespace from the start of a line.
\begin{cquote}
\setlength{\tabcolsep}{15pt}
\begin{tabular}{@{}l|l@{}}
\begin{cfa}
string line = "  \t  xxx yyy zzz";
string trim = line( test( line, isspace ) );
\end{cfa}
&
\begin{cfa}

"xxx yyy zzz"
\end{cfa}
\end{tabular}
\end{cquote}

The translate operation returns a string with each character transformed by one of the C character transformation functions.
\begin{cquote}
\setlength{\tabcolsep}{15pt}
\begin{tabular}{@{}l|l@{}}
\begin{cfa}
s = translate( "abc", @toupper@ );
s = translate( "ABC", @tolower@ );
int tospace( int c ) { return isspace( c ) ? ' ' : c; }
s = translate( "X X\tX\nX", @tospace@ );
\end{cfa}
&
\begin{cfa}
"ABC"
"abc"

"X X X X"
\end{cfa}
\end{tabular}
\end{cquote}


\subsection{Returning N+1 on Search Failure}

String search functions can fail to find the key in the target string.
The failure must be returned as an alternate outcome, possibly an exception.
Many string types use a return code to indicate the failure, such as @0@ or @-1@ (PL/I~\cite{PLI} returns @0@).
\CFA adopts the approach used by the index-of function in APL~\cite{apl}, which returns length of the target string plus 1 ($N+1$).

When a search is performed to find the starting location for a substring operation, returning $N+1$ is arguably the best choice.
For example, in extracting words from a string, it is necessary to scan from left to right over whitespace until the first alphabetic character is found.
\begin{cfa}
line = line( exclude( line, alpha ) );  // find start of word
\end{cfa}
If the line contains all whitespace and @exclude@ returns 0 or -1, the result of the substring is unclear.
Most string types generate an error, or clip the starting value to 1, resulting in the entire whitespace string being selected.
This behaviour leads to the awkward pattern:
\begin{cfa}
i = exclude( line, alpha );
if ( i != -1 ) line = line( i );
else line = "";
\end{cfa}
If @exclude@ returns $N+1$, the starting position for the substring operation is beyond the end of the string leaving a null string.
This scenario is repeated when scanning off the word.
\begin{cfa}
word = line( 0, include( line, alpha ) - 1 );  // scan off word
\end{cfa}
If the entire line is composed of a word, the @include@ fails to find a non-alphabetic character, resulting in the same awkward pattern.
In string systems with an $O(1)$ length operator, checking for failure is low cost.
\begin{cfa}
if ( include( line, alpha ) == len( line ) ) ... // not found, 0 origin
\end{cfa}


\subsection{C Compatibility}

To ease conversion from C to \CFA, \CFA provides companion C @string@ functions.
Hence, it is possible to convert a block of C string operations to \CFA strings just by changing the type @char *@ to @string@.
\begin{cfa}
char s[32];   // string s;
strcpy( s, "abc" );
strncpy( s, "abcdef", 3 );
strcat( s, "xyz" );
strncat( s, "uvwxyz", 3 );
\end{cfa}
However, the conversion fails with I/O because @printf@ cannot print a @string@ using format code @%s@ because \CFA strings are not null terminated.
Nevertheless, this capability does provide a useful starting point for conversion to safer \CFA strings.


\subsection{Parameter Passing}

A substring is treated as a pointer into the base (substringed) string rather than creating a copy of the subtext.
Hence, if the referenced item is changed, then the pointer sees the change.
Pointers to the result value of a substring operation are defined to always start at the same location in their base string as long as that starting location exists, independent of changes to themselves or the base string.
However, if the base string value changes, this may affect the values of one or more of the substrings to that base string.
If the base string value shortens so that its end is before the starting location of a substring, resulting in the substring starting location disappearing, the substring becomes a null string located at the end of the base string.

\VRef[Figure]{f:ParameterPassing} shows passing the results of substring operations by reference and by value to a subprogram.
Notice the side-effects to other reference parameters as one is modified.

\begin{figure}
\begin{cfa}
// x, a, b, c, & d are substring results passed by reference
// e is a substring result passed by value
void test(string &x, string &a, string &b, string &c, string &d, string e) {
                                                                        $\C{//   x                                a               b               c               d               e}$
        a( 1, 2 ) = "aaa";                              $\C{// aaaxxxxxxxxxxx   aaax    axx             xxxxx   xxxxx   xxxxx}$
        b( 2, 12 ) = "bbb";                             $\C{// aaabbbxxxxxxxxx  aaab    abbb    bbxxx   xxxxx   xxxxx}$
        c( 4, 5 ) = "ccc";                              $\C{// aaabbbxcccxxxxxx aaab    abbb    bbxccc  ccxxx   xxxxx}$
        c = "yyy";                                              $\C{// aaabyyyxxxxxx    aaab    abyy    yyy             xxxxx   xxxxx}$
        d( 1, 3 ) = "ddd";                              $\C{// aaabyyyxdddxx    aaab    abyy    yyy             dddxx   xxxxx}$
        e( 1, 3 ) = "eee";                              $\C{// aaabyyyxdddxx    aaab    abyy    yyy             dddxx   eeexx}$
        x = e;                                                  $\C{// eeexx                    eeex    exx             x                               eeexx}$
}
int main() {
        string x = "xxxxxxxxxxxxx";
        test( x, x(1,3), x(3,3), x(5,5), x(9,5), x(9,5) );
}
\end{cfa}
\caption{Parameter Passing}
\label{f:ParameterPassing}
\end{figure}


\subsection{I/O Operators}

The ability to read and print strings is as essential as for any other type.
The goal for character I/O is to work with groups rather than individual characters.
A comparison with \CC string I/O is presented as a counterpoint to \CFA string I/O.

The \CC output @<<@ and input @>>@ operators are defined on type @string@.
\CC output for @char@, @char *@, and @string@ are similar.
The \CC manipulators are @setw@, and its associated width controls @left@, @right@ and @setfill@.
\begin{cquote}
\setlength{\tabcolsep}{15pt}
\begin{tabular}{@{}l|l@{}}
\begin{c++}
string s = "abc";
cout << setw(10) << left << setfill( 'x' ) << s << endl;
\end{c++}
&
\begin{c++}

"abcxxxxxxx"
\end{c++}
\end{tabular}
\end{cquote}

The \CFA input/output operator @|@ is defined on type @string@.
\CFA output for @char@, @char *@, and @string@ are the similar.
The \CFA manipulators are @bin@, @oct@, @hex@, @wd@, and its associated width control and @left@.
\begin{cquote}
\setlength{\tabcolsep}{15pt}
\begin{tabular}{@{}l|l@{}}
\begin{cfa}
string s = "abc";
sout | bin( s ) | nl
           | oct( s ) | nl
           | hex( s ) | nl
           | wd( 10, s ) | nl
           | wd( 10, 2, s ) | nl
           | left( wd( 10, s ) );
\end{cfa}
&
\begin{cfa}

"0b1100001 0b1100010 0b1100011"
"0141 0142 0143"
"0x61 0x62 0x63"
"       abc"
"        ab"
"abc       "
\end{cfa}
\end{tabular}
\end{cquote}

\CC input matching for @char@, @char *@, and @string@ are the similar, where \emph{all} input characters are read from the current point in the input stream to the end of the type size, format width, whitespace, end of line (@'\n'@), or end of file.
The \CC manipulator is @setw@ to restrict the size.
Reading into a @char@ is safe as the size is 1, @char *@ is unsafe without using @setw@ to constraint the length (which includes @'\0'@), @string@ is safe as its grows dynamically as characters are read.
\begin{cquote}
\setlength{\tabcolsep}{15pt}
\begin{tabular}{@{}l|l@{}}
\begin{c++}
char ch, c[10];
string s;
cin >> ch >> setw( 5 ) >> c  >> s;
abcde   fg
\end{c++}
&
\begin{c++}


'a' "bcde" "fg"

\end{c++}
\end{tabular}
\end{cquote}
Input text can be gulped from the current point to an arbitrary delimiter character using @getline@, which reads whitespace.

The \CFA philosophy for input is that for every constant type in C, these constants should be usable as input.
For example, the complex constant @3.5+4.1i@ can appear as input to a complex variable.
\CFA input matching for @char@, @char *@, and @string@ are similar.
C-strings may only be read with a width field, which should match the string size.
Certain input manipulators support a scanset, which is a simple regular expression from @printf@.
The \CFA manipulators for these types are @wdi@\footnote{Due to an overloading issue in the type-resolver, the input width name must be temporarily different from the output, \lstinline{wdi} versus \lstinline{wd}.},
and its associated width control and @left@, @quote@, @incl@, @excl@, and @getline@.
\begin{cquote}
\setlength{\tabcolsep}{10pt}
\begin{tabular}{@{}l|l@{}}
\begin{c++}
char ch, c[10];
string s;
sin | ch | wdi( 5, c ) | s;
abcde fg
sin | quote( ch ) | quote( wdi( sizeof(c), c ) ) | quote( s, '[', ']' ) | nl;
$'a' "bcde" [fg]$
sin | incl( "a-zA-Z0-9 ?!&\n", s ) | nl;
x?&000xyz TOM !.
sin | excl( "a-zA-Z0-9 ?!&\n", s );
<>{}{}STOP
\end{c++}
&
\begin{c++}


'a' "bcde" [fg]

'a' "bcde" [fg]

"x?&000xyz TOM !"

"<>{}{}"

\end{c++}
\end{tabular}
\end{cquote}



\subsection{Assignment}

While \VRef[Figure]{f:StrApiCompare} emphasizes cross-language similarities, it elides many specific operational differences.
For example, the @replace@ function selects a substring in the target and substitutes it with the source string, which can be smaller or larger than the substring.
\CC performs the modification on the mutable receiver object
\begin{cfa}
string s1 = "abcde";
s1.replace( 2, 3, "xy" );  $\C[2.25in]{// replace by position (zero origin) and length, mutable}\CRT$
cout << s1 << endl;
$\texttt{\small abxy}$
\end{cfa}
while Java allocates and returns a new string with the result, leaving the receiver unmodified.
\label{p:JavaReplace}
\begin{java}
String s = "abcde";
String r = s.replace( "cde", "xy" );  $\C[2.25in]{// replace by text, immutable}$
System.out.println( s + ' ' + r );
$\texttt{\small abcde abxy}$
\end{java}
% Generally, Java's @String@ type is immutable.
Java provides a @StringBuffer@ near-analog that is mutable.
\begin{java}
StringBuffer sb = new StringBuffer( "abcde" );
sb.replace( 2, 5, "xy" );  $\C[2.25in]{// replace by position, mutable}\CRT$
System.out.println( sb );
$\texttt{\small abxy}$
\end{java}
However, there are significant differences;
\eg, @StringBuffer@'s @substring@ function returns a @String@ copy that is immutable.
Finally, the operations between these type are asymmetric, \eg @String@ has @replace@ by text but not replace by position and vice versa for @StringBuffer@.

More significant operational differences relate to storage management, often appearing through assignment (@target = source@), and are summarized in \VRef[Figure]{f:StrSemanticCompare}.
% It calls out the consequences of each language taking a different approach on ``internal'' storage management.
The following discussion justifies the figure's yes/no entries per language.

\begin{figure}
\setlength{\extrarowheight}{2pt}
\begin{tabularx}{\textwidth}{@{}p{0.6in}XXcccc@{}}
                                        &                       &                       & \multicolumn{4}{@{}c@{}}{\underline{Supports Helpful?}} \\
                                        & Required      & Helpful       & C                     & \CC           & Java          & \CFA \\
\hline
Type abst'n
                                        & Low-level: The string type is a varying amount of text communicated via a parameter or return.
                                                                & High-level: The string-typed relieves the user of managing memory for the text.
                                                                                        & no    & yes   & yes   & yes \\
\hline
State
                                        & \multirow{2}{2in}
                                        {Fast Initialize: The target receives the characters of the source without copying the characters, resulting in an Alias or Snapshot.}
                                                                & Alias: The target name is within the source text; changes made in either variable are visible in both.
                                                                                        & yes   & yes   & no    & yes \\
\cline{3-7}
                                        &
                                                                & Snapshot: The target is an alias within the source until the target changes (copy on write).
                                                                                        & no    & no    & yes   & yes \\
\hline
Symmetry
                                        & Laxed: The target's type is anything string-like; it may have a different status concerning ownership.
                                                                & Strict: The target's type is the same as the source; both strings are equivalent peers concerning ownership.
                                                                                        & --            & no    & yes   & yes \\
\hline
Referent
                                        & Variable-Constrained: The target can accept the entire text of the source.
                                                                & Fragment: The target can accept an arbitrary substring of the source.
                                                                                        & no    & no    & yes   & yes
\end{tabularx}

\noindent
Notes
\begin{itemize}[parsep=0pt]
\item
        All languages support Required in all criteria.
\item
        A language gets ``Supports Helpful'' in one criterion if it can do so without sacrificing the Required achievement on all other criteria.
\item
        The C ``string'' is actually @char []@, under the conventions that @<string.h>@ requires. Hence, there is no actual string type in C, so symmetry does not apply.
\item
        The Java @String@ class is analyzed; its @StringBuffer@ class behaves similarly to @C++@.
\end{itemize}
\caption{Comparison of languages' strings, storage management perspective.}
\label{f:StrSemanticCompare}
\end{figure}

In C, the declaration
\begin{cfa}
char s[$\,$] = "abcde";
\end{cfa}
creates a second-class fixed-sized string-variable, as it can only be used in its lexical context;
it cannot be passed by value to string operations or user functions as C array's cannot be copied because there is no string-length information passed to the function.
Therefore, only pointers to strings are first-class, and discussed further.
\begin{cfa}
(const) char * s = "abcde";  $\C[2.25in]{// alias state, n/a symmetry, variable-constrained referent}$
char * s1 = s;  $\C{// alias state, n/a symmetry, variable-constrained referent}$
char * s2 = s;  $\C{// alias state, n/a symmetry, variable-constrained referent}$
char * s3 = &s[1];  $\C{// alias state, n/a symmetry, variable-constrained referent}$
char * s4 = &s3[1];  $\C{// alias state, n/a symmetry, variable-constrained referent}\CRT$
printf( "%s %s %s %s %s\n", s, s1, s2, s3, s4 );
$\texttt{\small abcde abcde abcde bcde cde}$
\end{cfa}
Note, all of these aliased strings rely on the single null termination character at the end of @s@.
The issue of symmetry does not apply to C strings because the value and pointer strings are essentially different types, and so this feature is scored as not applicable for C.
With the type not managing the text storage, there is no ownership question, \ie operations on @s1@ or @s2@ never leads to their memory becoming reusable.
While @s3@ is a valid C-string that contains a proper substring of @s1@, the @s3@ technique does not constitute having a fragment referent because null termination implies the substring cannot be chosen arbitrarily; the technique works only for suffixes.

In \CC, @string@ offers a high-level abstraction.
\begin{cfa}
string s = "abcde";
string & s1 = s;  $\C[2.25in]{// alias state, lax symmetry, variable-constrained referent}$
string s2 = s;  $\C{// copy (strict symmetry, variable-constrained referent)}$
string s3 = s.substr( 1, 2 );  $\C{// copy (strict symmetry, fragment referent)}$
string s4 = s3.substr( 1, 1 );  $\C{// copy (strict symmetry, fragment referent)}$
cout << s << ' ' << s1 << ' ' << s2 << ' ' << s3 << ' ' << s4 << endl;
$\texttt{\small abcde abcde abcde bc c}$
string & s5 = s.substr(2,4);  $\C{// error: cannot point to temporary}\CRT$
\end{cfa}
The lax symmetry reflects how the validity of @s1@ depends on the content and lifetime of @s@.
It is common practice in \CC to use the @s1@-style pass by reference, with the understanding that the callee only uses the referenced string for the duration of the call, \ie no side-effect using the parameter.
So, when the called function is a constructor, it is typical to use an @s2@-style copy-initialization to string-object-typed member.
Exceptions to this pattern are possible, but require the programmer to assure safety where the type system does not.
The @s3@ initialization is constrained to copy the substring because @c_str@ always provides a null-terminated character, which may be different from the source string.
@s3@ assignment could be fast by reference counting the text area and using copy-on-write, but would require an implementation upgrade.

In Java, @String@ also offers a high-level abstraction:
\begin{java}
String s = "abcde";
String s1 = s;  $\C[2.25in]{// snapshot state, strict symmetry, variable-constrained referent}$
String s2 = s.substring( 1, 3 );  $\C{// snapshot state (possible), strict symmetry, fragment referent}$
String s3 = s2.substring( 1, 2 );  $\C{// snapshot state (possible), strict symmetry, fragment referent}\CRT$
System.out.println( s + ' ' + s1 + ' ' + s2 + ' ' + s3 );
System.out.println( (s == s1) + " " + (s == s2) + " " + (s2 == s3) );
$\texttt{\small abcde abcde bc c}$
$\texttt{\small true false false}$
\end{java}
Note, @substring@ takes a start and end position, rather than a start position and length.
Here, facts about Java's implicit pointers and pointer equality can over complicate the picture, and so are ignored.
Furthermore, Java's string immutability means string variables behave as simple values.
The result in @s1@ is the pointer in @s@, and their pointer equality confirm no time is spent copying characters.
With @s2@, the case for fast-copy is more subtle.
Certainly, its value is not pointer-equal to @s@, implying at least a further allocation.
\PAB{TODO: finish the fast-copy case.}
Java does not meet the aliasing requirement because immutability make it impossible to modify.
Java's @StringBuffer@ provides aliasing (see @replace@ example on \VPageref{p:JavaReplace}), though without supporting symmetric treatment of a fragment referent, \eg @substring@ of a @StringBuffer@ is a @String@;
as a result, @StringBuffer@ scores as \CC.
The easy symmetry that the Java string enjoys is aided by Java's garbage collection; Java's @s2@ is doing effectively the operation of \CC's @s3@, though without the consequence of complicating memory management.
\PAB{What complex storage management is going on here?}

Finally, in \CFA, @string@ also offers a high-level abstraction:
\begin{cfa}
string s = "abcde";
string & s1 = s; $\C[2.25in]{// alias state, strict symmetry, variable-constrained referent}$
string s2 = s; $\C{// snapshot state, strict symmetry, variable-constrained referent}$
string s3 = s`share; $\C{// alias state, strict symmetry, variable-constrained referent}\CRT$
string s4 = s( 1, 2 );
string s5 = s4( 1, 1 );
sout | s | s1 | s2 | s3 | s4 | s5;
$\texttt{\small abcde abcde abcde abcde bc c}$
\end{cfa}
% all helpful criteria of \VRef[Figure]{f:StrSemanticCompare} are satisfied.
The \CFA string manages storage, handles all assignments, including those of fragment referents with fast initialization, provides the choice between snapshot and alias semantics, and does so symmetrically with one type (which assures text validity according to the lifecycles of the string variables).
The intended metaphor for \CFA stings is similar to a GUI text-editor or web browser.
Select a consecutive block of text using the mouse generates an aliased substring in the file/dialog-box.
Typing into the selected area is like assigning to an aliased substring, where the highlighted text is replaced with more or less text;
depending on the text entered, the file/dialog-box content grows or shrinks.
\PAB{Need to discuss the example, as for the other languages.}

The remainder of this chapter explains how the \CFA string achieves this usage style.


\section{Storage Management}

This section discusses issues related to storage management of strings.
Specifically, it is common for strings to logically overlap partially or completely.
\begin{cfa}
string s1 = "abcdef";
string s2 = s1; $\C{// complete overlap, s2 == "abcdef"}$
string s3 = s1.substr( 0, 3 ); $\C{// partial overlap, s3 == "abc"}$
\end{cfa}
This raises the question of how strings behave when an overlapping component is changed,
\begin{cfa}
s3[1] = 'w'; $\C{// what happens to s1 and s2?}$
\end{cfa}
which is restricted by a string's mutable or immutable property.
For example, Java's immutable strings require copy-on-write when any overlapping string changes.
Note, the notion of underlying string mutability is not specified by @const@; \eg in \CC:
\begin{cfa}
const string s1 = "abc";
\end{cfa}
the @const@ applies to the @s1@ pointer to @"abc"@, and @"abc"@ is an immutable constant that is \emph{copied} into the string's storage.
Hence, @s1@ is not pointing at an immutable constant, meaning its underlying string can be mutable, unless some other designation is specified, such as Java's global immutable rule.


\subsection{Logical overlap}

\CFA provides a dynamic mechanism to indicate mutable or immutable using the attribute @`share@.
This aliasing relationship is a sticky-property established at initialization.
For example, here strings @s1@ and @s1a@ are in an aliasing relationship, while @s2@ is in a copy relationship.
\input{sharing1.tex}
Here, the aliasing (@`share@) causes partial changes (subscripting) to flow in both directions.
\input{sharing2.tex}
Similarly for complete changes.
\input{sharing3.tex}

Because string assignment copies the value, RHS aliasing is irrelevant.
Hence, aliasing of the LHS is unaffected.
\input{sharing4.tex}

Now, consider string @s1_mid@ being an alias in the middle of @s1@, along with @s2@, made by a simple copy from the middle of @s1@.
\input{sharing5.tex}
Again, @`share@ passes changes in both directions; copy does not.
As a result, the index values for the position of @b@ are 1 in the longer string @"abcd"@ and 0 in the shorter aliased string @"bc"@.
This alternate positioning also applies to subscripting.
\input{sharing6.tex}

Finally, assignment flows through the aliasing relationship without affecting its structure.
\input{sharing7.tex}
In the @"ff"@ assignment, the result is straightforward to accept because the flow direction is from contained (small) to containing (large).
The following rules explain aliasing substrings that flow in the opposite direction, large to small.

Growth and shrinkage are natural extensions, as for the text-editor example mentioned earlier, where an empty substring is as real real as an empty string.
\input{sharing8.tex}

Multiple portions of a string can be aliased.
% When there are several aliasing substrings at once, the text editor analogy becomes an online multi-user editor.
%I should be able to edit a paragraph in one place (changing the document's length), without my edits affecting which letters are within a mouse-selection that you had made previously, somewhere else.
\input{sharing9.tex}
When @s1_bgn@'s size increases by 3, @s1_mid@'s starting location moves from 1 to 4 and @s1_end@'s from 3 to 6,

When changes happens on an aliasing substring that overlap.
\input{sharing10.tex}
Strings @s1_crs@ and @s1_mid@ overlap at character 4, @j@ because the substrings are 3,2 and 4,2.
When @s1_crs@'s size increases by 1, @s1_mid@'s starting location moves from 4 to 5, but the overlapping character remains, changing to @'+'@.

\PAB{TODO: finish typesetting the demo}

%\input{sharing-demo.tex}


\subsection{RAII limitations}

Earlier work on \CFA~\cite[ch.~2]{Schluntz17} implemented object constructors and destructors for all types (basic and user defined).
A constructor is a user-defined function run implicitly \emph{after} an object's declaration-storage is created, and a destructor is a user-defined function run \emph{before} an object's declaration-storage is deleted.
This feature, called RAII~\cite[p.~389]{Stroustrup94}, guarantees pre-invariants for users before accessing an object and post invariants for the programming environment after an object terminates.

The purposes of these invariants goes beyond ensuring authentic values inside an object.
Invariants can also track occurrences of managed objects in other data structures.
For example, reference counting is a typical application of an invariant outside of the data values.
With a reference-counting smart-pointer, the constructor and destructor \emph{of a pointer type} tracks the life cycle of the object it points to.
Both \CC and \CFA RAII systems are powerful enough to achieve reference counting.

In general, a lifecycle function has access to an object by location, \ie constructors and destructors receive a @this@ parameter providing an object's memory address.
\begin{cfa}
struct S { int * ip; };
void ?{}( S & @this@ ) { this.ip = new(); } $\C[3in]{// default constructor}$
void ?{}( S & @this@, int i ) { ?{}(this); *this.ip = i; } $\C{// initializing constructor}$
void ?{}( S & @this@, S s ) { this = s; } $\C{// copy constructor}$
void ^?{}( S & @this@ ) { delete( this.ip ); } $\C{// destructor}\CRT$
\end{cfa}
The lifecycle implementation can then add this object to a collection at creation and remove it at destruction.
A module providing lifecycle semantics can traverse the collection at relevant times to keep the objects ``good.''
Hence, declaring such an object not only ensures ``good'' authentic values, but also an implicit subscription to a service that keeps the value ``good'' across its lifetime.

In many cases, the relationship between memory location and lifecycle is straightforward.
For example, stack-allocated objects being used as parameters and returns, with a sender version in one stack frame and a receiver version in another, as opposed to assignment where sender and receiver are in the same stack frame.
What is crucial for lifecycle management is knowing if the receiver is initialized or uninitialized, \ie an object is or is not currently associated with management.
To provide this knowledge, languages differentiate between initialization and assignment to a left-hand side.
\begin{cfa}
Obj obj2 = obj1;  $\C[1.5in]{// initialization, obj2 is initialized}$
obj2 = obj1;      $\C{// assignment, obj2 must be initialized for management to work}\CRT$
\end{cfa}
Initialization occurs at declaration by value, parameter by argument, return temporary by function call.
Hence, it is necessary to have two kinds of constructors: by value or object.
\begin{cfa}
Obj obj1{ 1, 2, 3 }; $\C[1.5in]{// by value, management is initialized}$
Obj obj2 = obj1;     $\C{// by obj, management is updated}\CRT$
\end{cfa}
When no object management is required, initialization copies the right-hand value.
Hence, the calling convention remains uniform, where the unmanaged case uses @memcpy@ as the initialization constructor and managed uses the specified initialization constructor.

The \CFA RAII system supports lifecycle functions, except for returning a value from a function to a temporary.
For example, in \CC:
\begin{c++}
struct S {...};
S identity( S s ) { return s; }
S s;
s = identity( s ); // S temp = identity( s ); s = temp;
\end{c++}
the generated code for the function call created a temporary with initialization from the function call, and then assigns the temporary to the object.
This two step approach means extra storage for the temporary and two copies to get the result into the object variable.
\CC{17} introduced return value-optimization (RVO)~\cite{RVO20} to ``avoid copying an object that a function returns as its value, including avoiding creation of a temporary object''.
\CFA uses C semantics for function return giving direct value-assignment, which eliminates unnecessary code, but skips an essential feature needed by lifetime management.
The following discusses the consequences of this semantics with respect to lifetime management of \CFA strings.

The present string-API contribution provides lifetime management with initialization semantics on function return.
The workaround to achieve the full lifetime semantics does have a runtime performance penalty.
An alternative API sacrifices return initialization semantics to recover full runtime performance.
These APIs are layered, with the slower, friendlier High Level API (HL) wrapping the faster, more primitive Low Level API (LL).
Both API present the same features, up to lifecycle management, with return initialization being disabled in LL and implemented with the workaround in HL.
The intention is for most future code to target HL.
When \CFA becomes a full compiler, it can provide return initialization with RVO optimizations.
Then, programs written with the HL API will simply run faster.
In the meantime, performance-critical sections of applications use LL.
Subsequent performance experiments \see{\VRef{s:PerformanceAssessment}} with other string libraries has \CFA strings using the LL API.
These measurement gives a fair estimate of the goal state for \CFA.


\subsection{Memory management}

A centrepiece of the string module is its memory manager.
The management scheme defines a shared buffer for string text.
Allocation in this buffer is via a bump-pointer;
the buffer is compacted and/or relocated with growth when it fills.
A string is a smart pointer into this buffer.

This cycle of frequent cheap allocations, interspersed with infrequent expensive compactions, has obvious similarities to a general-purpose memory manager based on garbage collection (GC).
A few differences are noteworthy.
First, in a general purpose manager, the allocated objects may contain pointers to other objects, making the transitive reachability of these objects a crucial property.
Here, the allocations are text, so one allocation never keeps another alive.
Second, in a general purpose manager, the handle that keeps an allocation alive is just a lean pointer.
For strings, a fatter representation is acceptable because there are fewer string head pointers versus chained pointers within nodes as for linked containers.

\begin{figure}
\includegraphics{memmgr-basic.pdf}
\caption{String memory-management data structures}
\label{f:memmgr-basic}
\end{figure}

\VRef[Figure]{f:memmgr-basic} shows the representation.
The heap header and text buffer define a sharing context.
Normally, one global sharing context is appropriate for an entire program;
concurrent exceptions are discussed in \VRef{s:AvoidingImplicitSharing}.
A string is a handle into the buffer and linked into a list.
The list is doubly linked for $O(1)$ insertion and removal at any location.
Strings are orders in the list by string-text address, where there is no overlapping, and approximately, where there is.
The header maintains a next-allocation pointer, @alloc@, pointing to the last live allocation in the buffer.
No external references point into the buffer and the management procedure relocates the text allocations as needed.
A string handle references a containing string, while its string is contiguous and not null terminated.
The length sets an upper limit on the string size, but is large (4 or 8 bytes).
String handles can be allocated in the stack or heap, and represent the string variables in a program.
Normal C life-time rules apply to guarantee correctness of the string linked-list.
The text buffer is large enough with good management so that often only one dynamic allocation is necessary during program execution.
% During this period, strings can vary in size dynamically.

When the text buffer fills, \ie the next new string allocation causes @alloc@ to point beyond the end of the buffer, the strings are compacted.
The linked handles define all live strings in the buffer, which indirectly defines the allocated and free space in the buffer.
Since the string handles are in (roughly) sorted order, the handle list can be traversed copying the first text to the start of the buffer and subsequent strings after each over.
After compaction, if the amount of free storage is still less than the new string allocation, a larger text buffer is heap allocated, the current buffer is copies into the new buffer, and the original buffer is freed.
Note, the list of string handles is unaffected during a compaction;
only the string pointers in the handles are modified to new buffer locations.

Object lifecycle events are the \emph{subscription-management} triggers in such a service.
There are two fundamental string-creation functions: importing external text like a C-string or reading a string, and initialization from an existing \CFA string.
When importing, storage comes from the end of the buffer, into which the text is copied.
The new string handle is inserted at the end of the handle list because the new text is at the end of the buffer.
When initializing from text already in the text buffer, the new handle is a second reference into the original run of characters.
In this case, the new handle's linked-list position is after the original handle.
Both string initialization styles preserve the string module's internal invariant that the linked-list order matches the buffer order.
For string destruction, handles are removed from the list.

Certain string operations can results in a subset (substring) of another string.
The resulting handle is then placed in the correct sorted position in the list, possible with a short linear search to locate the position.
For string operations resulting in a new string, that string is allocated at the end of the buffer.
For shared-edit strings, handles that originally referenced containing locations need to see the new value at the new buffer location.
These strings are moved to appropriate locations at the end of the list \see{[xref: TBD]}.
For nonshared-edit strings, a containing string can be moved and the nonshared strings can remain in the same position.
String assignment words similarly to string initialization, maintain the invariant of linked-list order matching buffer order.

At the level of the memory manager, these modifications can always be explained as assignments and appendment;
for example, an append is an assignment into the empty substring at the end of the buffer. 
Favourable conditions allow for in-place editing: where there is room for the resulting value in the original buffer location, and where all handles referring to the original buffer location see the new value.
However, the general case requires a new buffer allocation: where the new value does not fit in the old place, or if other handles are still using the old value.


\subsection{Sharing implementation}

The \CFA string module has two mechanisms to handle the case when string handles share a string of text.  

The first type of sharing is the user requests both string handles be views of the same logical, modifiable string.
This state is typically produced by the substring operation.
\begin{cfa}
string s = "abcde";
string s1 = s( 1, 2 )@`share@; $\C[2.25in]{// explicit sharing}$
s[1] = 'x'; $\C{// change s and s1}\CRT$
sout | s | s1;
$\texttt{\small axcde xc}$
\end{cfa}
In a typical substring call, the source string-handle is referencing an entire string, and the resulting, newly made, string handle is referencing a portion of the original.
In this state, a subsequent modification made by either is visible in both.

The second type of sharing happens when the system implicitly delays the physical execution of a logical \emph{copy} operation, as part of its copy-on-write optimization.
This state is typically produced by constructing a new string, using an original string as its initialization source.
\begin{cfa}
string s = "abcde";
string s1 = s( 1, 2 )@@; $\C[2.25in]{// no sharing}$
s[1] = 'x'; $\C{// copy-on-write s1}\CRT$
sout | s | s1;
$\texttt{\small axcde bc}$
\end{cfa}
In this state, a subsequent modification done on one handle triggers the deferred copy action, leaving the handles referencing different text within the buffer, holding distinct values.

A further abstraction, in the string module's implementation, helps distinguish the two senses of sharing.
A share-edit set (SES) is an equivalence class over string handles, being the reflexive, symmetric and transitive closure of the relationship of one string being constructed from another, with the ``share'' opt-in given.
The SES is represented by a second linked list among the handles.
A string that shares edits with no other is in a SES by itself.
Inside a SES, a logical modification of one substring portion may change the logical value in another, depending on whether the two actually overlap.
Conversely, no logical value change can flow outside of a SES.
Even if a modification on one string handle does not reveal itself \emph{logically} to anther handle in the same SES (because they do not overlap), if the modification is length-changing, completing the modification requires visiting the second handle to adjust its location in the sliding text.


\subsection{Avoiding implicit sharing}
\label{s:AvoidingImplicitSharing}

There are tradeoffs associated with the copy-on-write mechanism.
Several qualitative matters are detailed in \VRef{s:PerformanceAssessment} and the qualitative issue of multi-threaded support is introduced here.
The \CFA string library provides a switch to disable threads allocating from the string buffer, when string sharing is unsafe.
When toggled, string management is moved to the storage allocator, specifically @malloc@/@free@, where the storage allocator is assumed to be thread-safe.

In detail, string sharing has inter-linked string handles, so any participant managing one string is also managing, directly, the neighbouring strings, and from there, a data structure of the ``set of all strings.''
This string structure is intended for sequential access.
Hence, multiple threads using shared strings need to avoid modifying (concurrently) an instance of this structure (like Java immutable strings).
A positive consequence of this approach is that independent threads can use the sharing buffer without locking overhead.

When the string library is running with sharing disabled, it runs without implicit thread-safety challenges, which is the same as the \CC STL, and with performance goals similar to the STL.
Running with sharing disabled can be thought of as a STL-emulation mode.
Hence, concurrent users of string objects must still bring their own mutual exclusion, but the string library does not add any cross thread uses that are not apparent in a user's code.

The \CFA string library provides the type @string_sharectx@ to control an ambient sharing context for a current thread.
It allows two adjustments: to opt out of sharing entirely or to begin sharing within a private context.
Either way, the chosen mode applies only to the current thread, for the duration of the lifetime of the created  @string_sharectx@ object, up to being suspended by child lifetimes of different contexts.
\VRef[Figure]{fig:string-sharectx} illustrates its behaviour.
Executing the example does not produce an interesting outcome.
But the comments indicate when the logical copy operation runs with
\begin{description}
    \item[share:] the copy being deferred, as described through the rest of this section (fast), or
    \item[copy:] the copy performed eagerly (slow).
\end{description}
Only eager copies can cross @string_sharectx@ boundaries.
The intended use is with stack-managed lifetimes, in which the established context lasts until the current function returns, and affects all functions called that do not create their own contexts.
In this example, the single-letter functions are called in alphabetic order.
The functions @a@, @b@ and @g@ share string character ranges with each other, because they occupy a common sharing-enabled context.
The function @e@ shares within itself (because its is in a sharing-enabled context), but not with the rest of the program (because its context is not occupied by any of the rest of the program).
The functions @c@, @d@ and @f@ never share anything, because they are in a sharing-disabled context.


\begin{figure}
    \begin{tabular}{ll}
        \lstinputlisting[language=CFA, firstline=10, lastline=55]{sharectx.run.cfa}
        &
        \raisebox{-0.17\totalheight}{\includegraphics{string-sharectx.pdf}} % lower
    \end{tabular}
        \caption{Controlling copying vs sharing of strings using \lstinline{string_sharectx}.}
        \label{fig:string-sharectx}
\end{figure}


[ TODO: true up with ``is thread local'' (implement that and expand this discussion to give a concurrent example, or adjust this wording) ]


\subsection{Future work}

To discuss: Unicode

To discuss: Small-string optimization


\section{Performance assessment}
\label{s:PerformanceAssessment}

I assessed the \CFA string library's speed and memory usage against strings in \CC STL.
The results are presented in even equivalent cases, due to either micro-optimizations foregone, or fundamental costs of the added functionality.
They also show the benefits and tradeoffs, as >100\% effects, of switching to \CFA, with the tradeoff points quantified.
The final test shows the overall win of the \CFA text-sharing mechanism.
It exercises several operations together, showing \CFA enabling clean user code to achieve performance that STL requires less-clean user code to achieve.

To discuss: general goal of ...
while STL makes you think about memory management, all the time, and if you do, your performance can be great ...
\CFA sacrifices this advantage modestly in exchange for big wins when you're not thinking about memory management.
[Does this position cover all of it?]

To discuss: revisit HL v LL APIs

To discuss: revisit no-sharing as STL emulation modes


\subsection{Methodology}

These tests use a \emph{corpus} of strings (string content is immaterial).
For varying-length strings, the mean length comes from a geometric distribution, which implies that lengths much longer than the mean occur frequently.
The string sizes are:
\begin{description}
        \item [Fixed-size] all string lengths are of the stated size.
        \item [Varying from 1 to N] means the string lengths are drawn from the geometric distribution with a stated mean and all lengths occur.
        \item [Varying from 16 to N] means string lengths are drawn from the geometric distribution with the stated mean, but only lengths 16 and above occur; thus, the stated mean is above 16.
\end{description}
The means for the geometric distribution are the X-axis values in experiments.
The special treatment of length 16 deals with the short-string optimization (SSO) in STL @string@, currently not implemented in \CFA.
When an STL string can fit into a heap pointer, the optimization uses the pointer storage to eliminate using the heap.
\begin{c++}
class string {
        union {
                struct { $\C{// long string, string storage in heap}$
                        size_t size;
                        char * strptr;
                } lstr;
                char sstr[sizeof(lstr)]; $\C{// short string 8-16 characters, in situ}$
        };
        bool tag; $\C{// string kind, short or long}$
        ... $\C{// other storage}$
};
\end{c++}

When success is illustrated, notwithstanding SSO, a fixed-size or from-16 distribution ensures that extra-optimized cases are not part of the mix on the STL side.
In all experiments that use a corpus, its text is generated and loaded into the system under test before the timed phase begins.

To discuss: vocabulary for reused case variables

To discuss: common approach to iteration and quoted rates

To discuss: hardware and such

To ensure comparable results, a common memory allocator is used for \CFA and \CC.
The llheap allocator~\cite{Zulfiqar22} is embedded into \CFA and is used standalone with \CC.


\subsection{Test: Append}

This test measures the speed of appending randomly-size text onto a growing string.
\begin{cquote}
\setlength{\tabcolsep}{20pt}
\begin{tabular}{@{}ll@{}}
% \multicolumn{1}{c}{\textbf{fresh}} & \multicolumn{1}{c}{\textbf{reuse}} \\
\begin{cfa}

for ( ... ) {
        @string x;@       // fresh
        for ( ... )
                x @+=@ ...
}
\end{cfa}
&
\begin{cfa}
string x;
for ( ... ) {
        @x = "";@  $\C[1in]{// reuse}$
        for ( ... )
                x @+=@ ...  $\C{// append, alternative x = x + ...}\CRT$
}
\end{cfa}
\end{tabular}
\end{cquote}
The benchmark's outer loop executes ``until a sample-worthy amount of execution has happened'' and an inner loop for ``building up the desired-length string.''
Its subcases include,
\begin{enumerate}[leftmargin=*]
\item
\CFA nosharing/sharing \vs \CC nosharing.
\item
Difference between the logically equivalent operations @x += ...@ \vs @x = x + ...@.
For numeric types, the generated code is equivalence, giving identical performance.
However, for string types there can be a significant difference in performance, especially if this code appears in a loop iterating a large number of times.
This difference might not be intuitive to beginners.
\item
Coding practice where the user's logical allocation is fresh \vs reused.
Here, \emph{reusing a logical allocation}, means that the program variable, into which the user is concatenating, previously held a long string.
In general, a user should not have to care about this difference, yet the STL performs differently in these cases.
Furthermore, if a function takes a string by reference, if cannot use the fresh approach.
Concretely, both cases incur the cost of copying characters into the target string, but only the allocation-fresh case incurs a further reallocation cost, which is generally paid at points of doubling the length.
For the STL, this cost includes obtaining a fresh buffer from the memory allocator and copying older characters into the new buffer, while \CFA-sharing hides such a cost entirely.
%The fresh \vs reuse distinction is only relevant in the \emph{append} tests.
\end{enumerate}

\begin{figure}
\centering
        \includegraphics{string-graph-peq-cppemu.pdf}
%       \includegraphics[width=\textwidth]{string-graph-peq-cppemu.png}
        \caption{Average time per iteration (lower is better) with one \lstinline{x += y} invocation, comparing \CFA with STL implementations (given \CFA running in STL emulation mode), and comparing the ``fresh'' with ``reused'' reset styles, at various string sizes.}
        \label{fig:string-graph-peq-cppemu}
\end{figure}

This tests use the varying-from-1 corpus construction, \ie it assumes the STL's advantage of small-string optimization.
\PAB{To discuss: any other case variables introduced in the performance intro}
\VRef[Figure]{fig:string-graph-peq-cppemu} shows this behaviour, by the STL and by \CFA in STL emulation mode.
\CFA reproduces STL's performance, up to a 15\% penalty averaged over the cases shown, diminishing with larger strings, and 50\% in the worst case.
This penalty characterizes the amount of implementation fine tuning done with STL and not done with \CFA in present state.
There is a larger penalty for redeclaring the string each loop iteration (fresh) versus hosting it out of the loop and reseting it to the null string (reuse).
The cost is 40\% averaged over the cases shown and minimally 24\%, and shows up consistently between the \CFA and STL implementations, and increases with larger strings.

\begin{figure}
\centering
        \includegraphics{string-graph-peq-sharing.pdf}
%       \includegraphics[width=\textwidth]{string-graph-peq-sharing.png}
        \caption{Average time per iteration (lower is better) with one \lstinline{x += y} invocation, comparing \CFA (having implicit sharing activated) with STL, and comparing the ``fresh'' with ``reused'' reset styles, at various string sizes.}
        \label{fig:string-graph-peq-sharing}
\end{figure}

In sharing mode, \CFA makes the fresh/reuse difference disappear, as shown in \VRef[Figure]{fig:string-graph-peq-sharing}.
At append lengths 5 and above, \CFA not only splits the two baseline STL cases, but its slowdown of 16\% over (STL with user-managed reuse) is close to the \CFA-v-STL implementation difference seen with \CFA in STL-emulation mode.

\begin{figure}
\centering
        \includegraphics{string-graph-pta-sharing.pdf}
%       \includegraphics[width=\textwidth]{string-graph-pta-sharing.png}
        \caption{Average time per iteration (lower is better) with one \lstinline{x = x + y} invocation, comparing \CFA (having implicit sharing activated) with STL.
For context, the results from \VRef[Figure]{fig:string-graph-peq-sharing} are repeated as the bottom bands.
While not a design goal, and not graphed out, \CFA in STL-emulation mode outperformed STL in this case; user-managed allocation reuse did not affect any of the implementations in this case.}
        \label{fig:string-graph-pta-sharing}
\end{figure}

When the user takes a further step beyond the STL's optimal zone, by running @x = x + y@, as in \VRef[Figure]{fig:string-graph-pta-sharing}, the STL's penalty is above $15 \times$ while \CFA's (with sharing) is under $2 \times$, averaged across the cases shown here.
Moreover, the STL's gap increases with string size, while \CFA's converges.


\subsubsection{Test: Pass argument}

STL has a penalty for passing a string by value, which indirectly forces users to think about memory management when communicating values to a function.
\begin{cfa}
void foo( string s );
string s = "abc";
foo( s );
\end{cfa}
With implicit sharing active, \CFA treats this operation as normal and supported.
This test illustrates a main advantage of the \CFA sharing algorithm.
It also has a case in which STL's small-string optimization provides a successful mitigation.

\begin{figure}
\centering
        \includegraphics{string-graph-pbv.pdf}
%       \includegraphics[width=\textwidth]{string-graph-pbv.png}
        \caption{Average time per iteration (lower is better) with one call to a function that takes a by-value string argument, comparing \CFA (having implicit sharing activated) with STL.
(a) With \emph{Varying-from-1} corpus construction, in which the STL-only benefit of small-string optimization occurs, in varying degrees, at all string sizes.
(b) With \emph{Fixed-size} corpus construction, in which this benefit applies exactly to strings with length below 16.
[TODO: show version (b)]}
        \label{fig:string-graph-pbv}
\end{figure}

\VRef[Figure]{fig:string-graph-pbv} shows the costs for calling a function that receives a string argument by value.
STL's performance worsens as string length increases, while \CFA has the same performance at all sizes.

The \CFA cost to pass a string is nontrivial.
The contributor is adding and removing the callee's string handle from the global list.
This cost is $1.5 \times$ to $2 \times$ over STL's when small-string optimization applies, though this cost should be avoidable in the same case, given a \CFA realization of this optimization.
At the larger sizes, when STL has to manage storage for the string, STL runs more than $3 \times$ slower, mainly due to time spent in the general-purpose memory allocator.


\subsubsection{Test: Allocate}

This test directly compares the allocation schemes of the \CFA string with sharing, compared with the STL string.
It treats the \CFA scheme as a form of garbage collection, and the STL scheme as an application of malloc-free.
The test shows that \CFA enables faster speed at a cost in memory usage.

A garbage collector, afforded the freedom of managed memory, often runs faster than malloc-free (in an amortized analysis, even though it must occasionally stop to collect) because it is able to use its collection time to move objects.
(In the case of the mini-allocator powering the \CFA string library, objects are runs of text.)  Moving objects lets fresh allocations consume from a large contiguous store of available memory; the ``bump pointer'' book-keeping for such a scheme is very light.
A malloc-free implementation without the freedom to move objects must, in the general case, allocate in the spaces between existing objects; doing so entails the heavier book-keeping to navigate and maintain a linked structure.

A garbage collector keeps allocations around for longer than the using program can reach them.
By contrast, a program using malloc-free (correctly) releases allocations exactly when they are no longer reachable.
Therefore, the same harness will use more memory while running under garbage collection.
A garbage collector can minimize the memory overhead by searching for these dead allocations aggressively, that is, by collecting more often.
Tuned in this way, it spends a lot of time collecting, easily so much as to overwhelm its speed advantage from bump-pointer allocation.
If it is tuned to collect rarely, then it leaves a lot of garbage allocated (waiting to be collected) but gains the advantage of little time spent doing collection.

[TODO: find citations for the above knowledge]

The speed for memory tradeoff is, therefore, standard for comparisons like \CFA--STL string allocations.
The test verifies that it is so and quantifies the returns available.

These tests manipulate a tuning knob that controls how much extra space to use.
Specific values of this knob are not user-visible and are not presented in the results here.
Instead, its two effects (amount of space used and time per operation) are shown.
The independent variable is the liveness target, which is the fraction of the text buffer that is in use at the end of a collection.
The allocator will expand its text buffer during a collection if the actual fraction live exceeds this target.

This experiment's driver allocates strings by constructing a string handle as a local variable then looping over recursive calls.
The time measurement is of nanoseconds per such allocating call.
The arrangement of recursive calls and their fan-out (iterations per recursion level) makes some of the strings long-lived and some of them short-lived.
String lifetime (measured in number of subsequent string allocations) is ?? distributed, because each node in the call tree survives as long as its descendent calls.
The run presented in this section used a call depth of 1000 and a fan-out of 1.006, which means that approximately one call in 167 makes two recursive calls, while the rest make one.
This sizing was chosen to keep the amounts of consumed memory within the machine's last-level cache.

\begin{figure}
\centering
  \includegraphics{string-graph-allocn.pdf}
% \includegraphics[width=\textwidth]{string-graph-allocn.png}
  \caption{Space and time performance, under varying fraction-live targets, for the five string lengths shown, at (\emph{Fixed-size} corpus construction.
[MISSING] The identified clusters are for the default fraction-live target, which is 30\%.
MISSING: STL results, typically just below the 0.5--0.9 \CFA segment.
All runs keep an average of 836 strings live, and the median string lifetime is ?? allocations.}
  \label{fig:string-graph-allocn}
\end{figure}

\VRef[Figure]{fig:string-graph-allocn} shows the results of this experiment.
At all string sizes, varying the liveness threshold gives offers speed-for-space tradeoffs relative to STL.
At the default liveness threshold, all measured string sizes see a ??\%--??\% speedup for a ??\%--??\% increase in memory footprint.


\subsubsection{Test: Normalize}

This test is more applied than the earlier ones.
It combines the effects of several operations.
It also demonstrates a case of the \CFA API allowing user code to perform well, while being written without overt memory management, while achieving similar performance in STL requires adding memory-management complexity.

To motivate: edits being rare

The program is doing a specialized find-replace operation on a large body of text.
In the program under test, the replacement is just to erase a magic character.
But in the larger software problem represented, the rewrite logic belongs to a module that was originally intended to operate on simple, modest-length strings.
The challenge is to apply this packaged function across chunks taken from the large body.
Using the \CFA string library, the most natural way to write the helper module's function also works well in the adapted context.
Using the STL string, the most natural ways to write the helper module's function, given its requirements in isolation, slow down when it is driven in the adapted context.

\begin{lstlisting}
void processItem( string & item ) {
         // find issues in item and fix them
}
\end{lstlisting}