%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -*- Mode: Latex -*- %%%%%%%%%%%%%%%%%%%%%%%%%%%% %% %% Cforall Version 1.0.0 Copyright (C) 2016 University of Waterloo %% %% The contents of this file are covered under the licence agreement in the %% file "LICENCE" distributed with Cforall. %% %% user.tex -- %% %% Author : Peter A. Buhr %% Created On : Wed Apr 6 14:53:29 2016 %% Last Modified By : Peter A. Buhr %% Last Modified On : Thu Aug 15 22:23:30 2024 %% Update Count : 6957 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % requires tex packages: texlive-base texlive-latex-base tex-common texlive-humanities texlive-latex-extra texlive-fonts-recommended \documentclass[twoside]{article} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % Latex packages used in the document. \usepackage[T1]{fontenc} % allow Latin1 (extended ASCII) characters \usepackage{textcomp} \usepackage[latin1]{inputenc} \usepackage{fullpage,times,comment} \usepackage{epic,eepic} \usepackage{upquote} % switch curled `'" to straight \usepackage[labelformat=simple,aboveskip=0pt,farskip=0pt]{subfig} \renewcommand{\thesubfigure}{\alph{subfigure})} \usepackage[flushmargin]{footmisc} % support label/reference in footnote \usepackage{latexsym} % \Box glyph \usepackage{mathptmx} % better math font with "times" \usepackage[usenames]{color} \newcommand{\CFALatin}{} % inline code ©...© (copyright symbol) emacs: C-q M-) % red highlighting ®...® (registered trademark symbol) emacs: C-q M-. % blue highlighting ß...ß (sharp s symbol) emacs: C-q M-_ % green highlighting ¢...¢ (cent symbol) emacs: C-q M-" % LaTex escape ...§ (section symbol) emacs: C-q M-' % keyword escape ¶...¶ (pilcrow symbol) emacs: C-q M-^ % math escape $...$ (dollar symbol) \usepackage{common} % common CFA document macros %\input{common} % common CFA document macros \usepackage[dvips,plainpages=false,pdfpagelabels,pdfpagemode=UseNone,colorlinks=true,pagebackref=true,linkcolor=blue,citecolor=blue,urlcolor=blue,pagebackref=true,breaklinks=true]{hyperref} \urlstyle{sf} \usepackage{breakurl} \renewcommand\footnoterule{\kern -3pt\rule{0.3\linewidth}{0.15pt}\kern 2pt} \usepackage[pagewise]{lineno} \renewcommand{\linenumberfont}{\scriptsize\sffamily} \usepackage[firstpage]{draftwatermark} \SetWatermarkLightness{0.9} % Default underscore is too low. Cannot use lstlisting "literate" as replacing underscore removes it % as a variable-name character so keywords in variables are highlighted. MUST APPEAR AFTER HYPERREF. \renewcommand{\textunderscore}{\makebox[1.4ex][c]{{\raisebox{1.25pt}{\char`\_}}}} \setlength{\topmargin}{-0.45in} % move running title into header \setlength{\headsep}{0.25in} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \CFAStyle % use default CFA format-style \setgcolumn{2.25in} \lstset{language=CFA} % CFA default lnaguage \lstnewenvironment{C++}[1][] % use C++ style {\lstset{language=C++,escapechar=§,moredelim=**[is][\protect\color{red}]{®}{®},#1}} {} \newsavebox{\myboxA} \newsavebox{\myboxB} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % Names used in the document. \newcommand{\Version}{\input{build/version}} \newcommand{\Textbf}[2][red]{{\color{#1}{\textbf{#2}}}} \newcommand{\Emph}[2][red]{{\color{#1}\textbf{\emph{#2}}}} \newcommand{\R}[1]{{\color{red}#1}} \newcommand{\RB}[1]{\Textbf{#1}} \newcommand{\B}[1]{{\Textbf[blue]{#1}}} \newcommand{\G}[1]{{\Textbf[OliveGreen]{#1}}} \newcommand{\Sp}{\R{\textvisiblespace}} \newcommand{\KWC}{K-W C\xspace} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \setcounter{secnumdepth}{3} % number subsubsections \setcounter{tocdepth}{3} % subsubsections in table of contents \makeindex %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \title{\Huge \vspace*{1in} \CFA (\CFL) User Manual \\ Version 1.0 \\ \vspace*{0.25in} \huge``describe not prescribe'' \vspace*{1in} }% title \author{ \huge \CFA Team (past and present) \medskip \\ \Large Andrew Beach, Richard Bilson, Michael Brooks, Peter A. Buhr, Thierry Delisle, \smallskip \\ \Large Glen Ditchfield, Rodolfo G. Esteves, Jiada Liang, Aaron Moss, Colby Parsons \smallskip \\ \Large Rob Schluntz, Fangren Yu, Mubeen Zulfiqar }% author \date{ \today }% date %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{document} \pagestyle{headings} % changed after setting pagestyle \renewcommand{\sectionmark}[1]{\markboth{\thesection\quad #1}{\thesection\quad #1}} \renewcommand{\subsectionmark}[1]{\markboth{\thesubsection\quad #1}{\thesubsection\quad #1}} \pagenumbering{roman} \linenumbers % comment out to turn off line numbering \maketitle \thispagestyle{empty} \vspace*{\fill} \noindent \copyright\,2016, 2018, 2021, 2024 \CFA Project \\ \\ \noindent This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit {\small\url{http://creativecommons.org/licenses/by/4.0}}. \vspace*{1in} \clearpage \thispagestyle{plain} \pdfbookmark[1]{Contents}{section} \tableofcontents \clearpage \thispagestyle{plain} \pagenumbering{arabic} \section{Introduction} \CFA{}\index{cforall@\CFA}\footnote{Pronounced ``\Index*{C-for-all}'', and written \CFA, CFA, or \CFL.} is a modern general-purpose concurrent programming-language, designed as an evolutionary step forward for the C programming language. The syntax of \CFA builds from C and should look immediately familiar to C/\Index*[C++]{\CC{}} programmers. % Any language feature that is not described here can be assumed to be using the standard \Celeven syntax. \CFA adds many modern features that directly lead to increased \emph{\Index{safety}} and \emph{\Index{productivity}}, while maintaining interoperability with existing C programs and achieving similar performance. Like C, \CFA is a statically typed, procedural (non-\Index{object-oriented}) language with a low-overhead runtime, meaning there is no global \Index{garbage-collection}, but \Index{regional garbage-collection}\index{garbage-collection!regional} is possible. The primary new features include polymorphic routines and types, exceptions, concurrency, and modules. One of the main design philosophies of \CFA is to ``\Index{describe not prescribe}'', which means \CFA tries to provide a pathway from low-level C programming to high-level \CFA programming, but it does not force programmers to ``do the right thing''. Programmers can cautiously add \CFA extensions to their C programs in any order and at any time to incrementally move towards safer, higher-level programming. A programmer is always free to reach back to C from \CFA, for any reason, and in many cases, new \CFA features can be locally switched back to their C counterpart. There is no notion or requirement for \emph{rewriting} a legacy C program to \CFA; instead, a programmer evolves a legacy program into \CFA by incrementally incorporating \CFA features. As well, new programs can be written in \CFA using a combination of C and \CFA features. In many ways, \CFA is to C as \Index{Scala}~\cite{Scala} is to Java, providing a vehicle for new typing and control-flow capabilities on top of a highly popular programming language allowing immediate dissemination. \Index*[C++]{\CC{}}~\cite{c++:v1} had a similar goal 30 years ago, allowing object-oriented programming to be incrementally added to C. However, \CC currently has the disadvantages of a strong object-oriented bias, multiple legacy design-choices that are difficult to update, and active divergence of the language model from C, requiring significant effort and training to incrementally add \CC to a C code-base. In contrast, \CFA has 30 years of hindsight and a clean starting point. Like \Index*[C++]{\CC{}}, there may be both old and new ways to achieve the same effect. For example, the following programs compare the C, \CFA, and \CC I/O mechanisms, where the programs output the same result. \begin{center} \begin{tabular}{@{}lll@{}} \multicolumn{1}{@{}c}{\textbf{C}} & \multicolumn{1}{c}{\textbf{\CFA}} & \multicolumn{1}{c@{}}{\textbf{\CC}} \\ \begin{cfa} #include §\indexc{stdio.h}§ int main( void ) { int x = 0, y = 1, z = 2; ®printf( "%d %d %d\n", x, y, z );® } \end{cfa} & \begin{cfa}[tabsize=3] #include §\indexc{fstream.hfa}§ int main( void ) { int x = 0, y = 1, z = 2; ®sout | x | y | z;®§\indexc{sout}§ } \end{cfa} & \begin{cfa}[tabsize=3] #include §\indexc{iostream}§ using namespace std; int main() { int x = 0, y = 1, z = 2; ®cout << x << ' ' << y << ' ' << z << endl;® } \end{cfa} \end{tabular} \end{center} While \CFA I/O \see{\VRef{s:StreamIOLibrary}} looks similar to \Index*[C++]{\CC{}}, there are important differences, such as automatic spacing between variables and an implicit newline at the end of the expression list, similar to \Index*{Python}~\cite{Python}. In general, \CFA programs are 10\% to 30\% shorter than their equivalent C/\CC counterparts. \subsection{Background} This document is a programmer reference-manual for the \CFA programming language. The manual covers the core features of the language and runtime-system, with simple examples illustrating syntax and semantics of features. The manual does not teach programming, \ie how to combine the new constructs to build complex programs. The reader must have an intermediate knowledge of control flow, data structures, and concurrency issues to understand the ideas presented, as well as some experience programming in C/\CC. Implementers should refer to the \CFA Programming Language Specification for details about the language syntax and semantics. Changes to the syntax and additional features are expected to be included in later revisions. \section{Why fix C?} The C programming language is a foundational technology for modern computing with billions of lines of code implementing everything from hobby projects to commercial operating-systems. This installation base and the programmers producing it represent a massive software-engineering investment spanning decades and likely to continue for decades more. Even with all its problems, C continues to be popular because it allows writing software at virtually any level in a computer system without restriction. For system programming, where direct access to hardware, storage management, and real-time issues are a requirement, C is the only language of choice. The TIOBE index~\cite{TIOBE} for February 2023 ranks the top six most \emph{popular} programming languages as C 17.4\%, \Index*{Java} 12\%, Python 12\%, \Index*[C++]{\CC{}} 7.6\%, \Csharp 4\%, Visual Basic 3.8\% = 56.8\%, where the next 50 languages are less than 2\% each, with a long tail. The top 4 rankings over the past 35 years are: \begin{center} \setlength{\tabcolsep}{10pt} \begin{tabular}{@{}rcccccccc@{}} & 2023 & 2018 & 2013 & 2008 & 2003 & 1998 & 1993 & 1988 \\ \hline Python & 1 & 4 & 8 & 7 & 12 & 25 & 18 & - \\ \RB{C} & \RB{2}& \RB{2}& \RB{1}& \RB{2}& \RB{2}& \RB{1}& \RB{1}& \RB{1}\\ C++ & 3 & 3 & 4 & 4 & 3 & 2 & 2 & 4 \\ Java & 4 & 1 & 2 & 1 & 1 & 18 & - & - \\ \end{tabular} \end{center} Hence, C is still an extremely important programming language, with double the usage of \Index*[C++]{\CC{}}; in many cases, \CC is often used solely as a better C. Love it or hate it, C has been an important and influential part of computer science for 40 years and its appeal is not diminishing. Nevertheless, C has many problems and omissions that make it an unacceptable programming language for modern needs. As stated, the goal of the \CFA project is to engineer modern language-features into C in an evolutionary rather than revolutionary way. \CC~\cite{C++14,C++} is an example of a similar project; however, it largely extended the C language, and did not address many of C's existing problems.\footnote{% Two important existing problems addressed were changing the type of character literals from ©int© to ©char© and enumerator from ©int© to the type of its enumerators.} \Index*{Fortran}~\cite{Fortran08}, \Index*{Cobol}~\cite{Cobol14}, and \Index*{Ada}~\cite{Ada16} are examples of programming languages that took an evolutionary approach, where modern language-features (\eg objects, concurrency) are added and problems fixed within the framework of the existing language. \Index*{Java}~\cite{Java8}, \Index*{Go}~\cite{Go}, \Index*{Rust}~\cite{Rust} and \Index*{D}~\cite{D} are examples of the revolutionary approach for modernizing C/\CC, resulting in a new language rather than an extension of the descendent. These languages have different syntax and semantics from C, do not interoperate directly with C, and are not systems languages because of restrictive memory-management or garbage collection. As a result, there is a significant learning curve to move to these languages, and C legacy-code must be rewritten. These costs can be prohibitive for many companies with a large software-base in C/\CC, and a significant number of programmers require retraining in the new programming language. The result of this project is a language that is largely backwards compatible with \Index*[C11]{\Celeven{}}~\cite{C11}, but fixes many of the well known C problems while adding modern language-features. To achieve these goals required a significant engineering exercise, \ie ``thinking \emph{inside} the C box''. Considering the large body of existing C code and programmers, there is significant impetus to ensure C is transformed into a modern language. While \Index*[C11]{\Celeven{}} made a few simple extensions to the language, nothing was added to address existing problems in the language or to augment the language with modern language-features. While some may argue that modern language-features may make C complex and inefficient, it is clear a language without modern capabilities is insufficient for the advanced programming problems existing today. \section{History} The \CFA project started with \Index*{Dave Till}\index{Till, Dave}'s \Index*{K-W C}~\cite{Buhr94a,Till89}, which extended C with new declaration syntax, multiple return values from routines, and advanced assignment capabilities using the notion of tuples \see{\cite{Werther96} for similar work in \Index*[C++]{\CC{}}}. The first \CFA implementation of these extensions was by \Index*{Rodolfo Esteves}\index{Esteves, Rodolfo}~\cite{Esteves04}. The signature feature of \CFA is \emph{\Index{overload}able} \Index{parametric-polymorphic} functions~\cite{forceone:impl,Cormack90,Duggan96} with functions generalized using a ©forall© clause (giving the language its name): \begin{cfa} ®forall( T )® T identity( T val ) { return val; } int forty_two = identity( 42 ); §\C{// T is bound to int, forty\_two == 42}§ \end{cfa} % extending the C type system with parametric polymorphism and overloading, as opposed to the \Index*[C++]{\CC{}} approach of object-oriented extensions. \CFA{}\hspace{1pt}'s polymorphism was originally formalized by \Index*{Glen Ditchfield}\index{Ditchfield, Glen}~\cite{Ditchfield92}, and first implemented by \Index*{Richard Bilson}\index{Bilson, Richard}~\cite{Bilson03}. However, at that time, there was little interest in extending C, so work did not continue. As the saying goes, ``\Index*{What goes around, comes around.}'', and there is now renewed interest in the C programming language because of the legacy code-base, so the \CFA project was restarted in 2015. \section{Interoperability} \label{s:Interoperability} \CFA is designed to integrate directly with existing C programs and libraries. The most important feature of \Index{interoperability} is using the same \Index{calling convention}s, so there is no complex interface or overhead to call existing C routines. This feature allows \CFA programmers to take advantage of the existing panoply of C libraries to access thousands of software features. Language developers often state that adequate \Index{library support} takes more work than designing and implementing the language itself. Fortunately, \CFA, like \Index*[C++]{\CC{}}, starts with immediate access to all exiting C libraries, and in many cases, can easily wrap library routines with simpler and safer interfaces, at zero or very low cost. Hence, \CFA begins by leveraging the large repository of C libraries, and than allows programmers to incrementally augment their C programs with modern \Index{backward-compatible} features. \begin{comment} A simple example is leveraging the existing type-unsafe (©void *©) C ©bsearch© to binary search a sorted floating array: \begin{cfa} void * bsearch( const void * key, const void * base, size_t dim, size_t size, int (* compar)( const void *, const void * )); int comp( const void * t1, const void * t2 ) { return *(double *)t1 < *(double *)t2 ? -1 : *(double *)t2 < *(double *)t1 ? 1 : 0; } double key = 5.0, vals[10] = { /* 10 sorted floating values */ }; double * val = (double *)bsearch( &key, vals, 10, sizeof(vals[0]), comp ); §\C{// search sorted array}§ \end{cfa} which can be augmented simply with a polymorphic, type-safe, \CFA-overloaded wrappers: \begin{cfa} forall( T | { int ?§\indexc{stdio.h}§ §\C{// C header file}§ #else #include §\indexc{fstream.hfa}§ §\C{// \CFA header file}§ #endif \end{cfa} which conditionally includes the correct header file, if the program is compiled using \Indexc{gcc} or \Indexc{cfa}. The \CFA \Index{transpiler} has multiple internal steps. The following flags control how the \CFA transpiler works, the stages run, and printing within a stage. The majority of these flags are used by \CFA developers, but some are occasionally useful to programmers. Each option must be escaped with \Indexc{-XCFA}\index{transpiler option!-XCFA@{©-XCFA©}} to direct it to the \CFA compilation step, similar to the ©-Xlinker© flag for the linker, \eg: \begin{lstlisting}[language=sh] cfa §test§.cfa -CFA -XCFA -p # print translated code without printing the standard prelude cfa §test§.cfa -XCFA -P -XCFA parse -XCFA -n # show program parse without prelude \end{lstlisting} Alternatively, multiple flags can be specified separated with commas and \emph{without} spaces. \begin{lstlisting}[language=sh,{moredelim=**[is][\protect\color{red}]{®}{®}}] cfa §test§.cfa -XCFA®,®-Pparse®,®-n # show program parse without prelude \end{lstlisting} \begin{description}[topsep=5pt,itemsep=0pt,parsep=0pt] \item \Indexc{-c}\index{transpiler option!-c@{©-c©}}, \Indexc{--colors}\index{transpiler option!--colors@{©--colors©}} \, diagnostic color: ©never©, ©always©, \lstinline[deletekeywords=auto]{auto} \item \Indexc{-g}\index{transpiler option!-g@{©-g©}}, \Indexc{--gdb}\index{transpiler option!--gdb@{©--gdb©}} \, wait for gdb to attach \item \Indexc{-h}\index{transpiler option!-h@{©-h©}}, \Indexc{--help}\index{transpiler option!--help@{©--help©}} \, print transpiler help message \item \Indexc{-i}\index{transpiler option!-i@{©-i©}}, \Indexc{--invariant}\index{transpiler option!--invariant@{©--invariant©}} \, invariant checking during AST passes \item \Indexc{-l}\index{transpiler option!-l@{©-l©}}, \Indexc{--libcfa}\index{transpiler option!--libcfa@{©--libcfa©}} \, generate ©libcfa.c© \item \Indexc{-L}\index{transpiler option!-L@{©-L©}}, \Indexc{--linemarks}\index{transpiler option!--linemarks@{©--linemarks©}} \, generate line marks \item \Indexc{-m}\index{transpiler option!-m@{©-m©}}, \Indexc{--no-main}\index{transpiler option!--no-main@{©--no-main©}} \, do not replace main \item \Indexc{-N}\index{transpiler option!-N@{©-N©}}, \Indexc{--no-linemarks}\index{transpiler option!--no-linemarks@{©--no-linemarks©}} \, do not generate line marks \item \Indexc{-n}\index{transpiler option!-n@{©-n©}}, \Indexc{--no-prelude}\index{transpiler option!--no-prelude@{©--no-prelude©}} \, do not read prelude \item \Indexc{-p}\index{transpiler option!-p@{©-p©}}, \Indexc{--prototypes}\index{transpiler option!--prototypes@{©--prototypes©}} \, do not generate prelude prototypes $\Rightarrow$ prelude not printed \item \Indexc{-d}\index{transpiler option!-d@{©-d©}}, \Indexc{--deterministic-out}\index{transpiler option!--deterministic-out@{©--deterministic-out©}} \, only print deterministic output \item \Indexc{-P}\index{transpiler option!-P@{©-P©}}, \Indexc{--print}\index{transpiler option!--print@{©--print©}} \, one of: \begin{description}[topsep=0pt,itemsep=0pt,parsep=0pt] \item \Indexc{ascodegen}\index{transpiler option!-P@{©-P©}!©ascodegen©}\index{transpiler option!--print@{©-print©}!©ascodegen©} \, print AST as codegen rather than AST \item \Indexc{asterr}\index{transpiler option!-P@{©-P©}!©asterr©}\index{transpiler option!--print@{©-print©}!©asterr©} \, print AST on error \item \Indexc{declstats}\index{transpiler option!-P@{©-P©}!©declstats©}\index{transpiler option!--print@{©-print©}!©declstats©} \, print code property statistics \item \Indexc{parse}\index{transpiler option!-P@{©-P©}!©parse©}\index{transpiler option!--print@{©-print©}!©parse©} \, print yacc (parsing) debug information \item \Indexc{pretty}\index{transpiler option!-P@{©-P©}!©pretty©}\index{transpiler option!--print@{©-print©}!©pretty©} \, prettyprint for ©ascodegen© flag \item \Indexc{rproto}\index{transpiler option!-P@{©-P©}!©rproto©}\index{transpiler option!--print@{©-print©}!©rproto©} \, resolver-proto instance \item \Indexc{rsteps}\index{transpiler option!-P@{©-P©}!©rsteps©}\index{transpiler option!--print@{©-print©}!©rsteps©} \, print resolver steps \item \Indexc{ast}\index{transpiler option!-P@{©-P©}!©ast©}\index{transpiler option!--print@{©-print©}!©ast©} \, print AST after parsing \item \Indexc{excpdecl}\index{transpiler option!-P@{©-P©}!©excpdecl©}\index{transpiler option!--print@{©-print©}!©excpdecl©} \, print AST after translating exception decls \item \Indexc{symevt}\index{transpiler option!-P@{©-P©}!©symevt©}\index{transpiler option!--print@{©-print©}!©symevt©} \, print AST after symbol table events \item \Indexc{expralt}\index{transpiler option!-P@{©-P©}!©expralt©}\index{transpiler option!--print@{©-print©}!©expralt©} \, print AST after expressions alternatives \item \Indexc{valdecl}\index{transpiler option!-P@{©-P©}!©valdecl©}\index{transpiler option!--print@{©-print©}!©valdecl©} \, print AST after declaration validation pass \item \Indexc{bresolver}\index{transpiler option!-P@{©-P©}!©bresolver©}\index{transpiler option!--print@{©-print©}!©bresolver©} \, print AST before resolver step \item \Indexc{expranly}\index{transpiler option!-P@{©-P©}!©expranly©}\index{transpiler option!--print@{©-print©}!©expranly©} \, print AST after expression analysis \item \Indexc{ctordtor}\index{transpiler option!-P@{©-P©}!©ctordtor©}\index{transpiler option!--print@{©-print©}!©ctordtor©} \, print AST after ctor/dtor are replaced \item \Indexc{tuple}\index{transpiler option!-P@{©-P©}!©tuple©}\index{transpiler option!--print@{©-print©}!©tuple©} \, print AST after tuple expansion \item \Indexc{instgen}\index{transpiler option!-P@{©-P©}!©instgen©}\index{transpiler option!--print@{©-print©}!©instgen©} \, print AST after instantiate generics \item \Indexc{bbox}\index{transpiler option!-P@{©-P©}!©bbox©}\index{transpiler option!--print@{©-print©}!©bbox©} \, print AST before box pass \item \Indexc{bcodegen}\index{transpiler option!-P@{©-P©}!©bcodegen©}\index{transpiler option!--print@{©-print©}!©bcodegen©} \, print AST before code generation \end{description} \item \Indexc{--prelude-dir} \, prelude directory for debug/nodebug \item \Indexc{-S}\index{transpiler option!-S@{©-S©}!©counters,heap,time,all,none©}, \Indexc{--statistics}\index{transpiler option!--statistics@{©--statistics©}!©counters,heap,time,all,none©} \, enable profiling information: ©counters©, ©heap©, ©time©, ©all©, ©none© \item \Indexc{-t}\index{transpiler option!-t@{©-t©}}, \Indexc{--tree}\index{transpiler option!--tree@{©--tree©}} build in tree \end{description} \section{Backquote Identifiers} \label{s:BackquoteIdentifiers} \CFA introduces several new keywords \see{\VRef{s:CFAKeywords}} that can clash with existing C variable-names in legacy code. Keyword clashes are accommodated by syntactic transformations using the \CFA backquote escape-mechanism: \begin{cfa} int ®``®coroutine = 3; §\C{// make keyword an identifier}§ double ®``®forall = 3.5; \end{cfa} Existing C programs with keyword clashes can be converted by prefixing the keyword identifiers with double backquotes, and eventually the identifier name can be changed to a non-keyword name. \VRef[Figure]{f:HeaderFileInterposition} shows how clashes in existing C header-files \see{\VRef{s:StandardHeaders}} can be handled using preprocessor \newterm{interposition}: ©#include_next© and command-line ©-I filename©. Several common C header-files with keyword clashes are fixed in the standard \CFA header-library, so there is largely a seamless programming-experience. \begin{figure} \begin{cfa} // include file uses the CFA keyword "with". #if ! defined( with ) §\C{// nesting ?}§ #define with ®``®with §\C{// make keyword an identifier}§ #define __CFA_BFD_H__ #endif §\R{\#include\_next} § §\C{// must have internal check for multiple expansion}§ #if defined( with ) && defined( __CFA_BFD_H__ ) §\C{// reset only if set}§ #undef with #undef __CFA_BFD_H__ #endif \end{cfa} \caption{Header-File Interposition} \label{f:HeaderFileInterposition} \end{figure} \section{Constant Underscores} Numeric constants are extended to allow \Index{underscore}s\index{constant!underscore} as a separator, \eg: \begin{cfa} 2®_®147®_®483®_®648; §\C{// decimal constant}§ 56®_®ul; §\C{// decimal unsigned long constant}§ 0®_®377; §\C{// octal constant}§ 0x®_®ff®_®ff; §\C{// hexadecimal constant}§ 0x®_®ef3d®_®aa5c; §\C{// hexadecimal constant}§ 3.141®_®592®_®654; §\C{// floating constant}§ 10®_®e®_®+1®_®00; §\C{// floating constant}§ 0x®_®ff®_®ff®_®p®_®3; §\C{// hexadecimal floating}§ 0x®_®1.ffff®_®ffff®_®p®_®128®_®l; §\C{// hexadecimal floating long constant}§ L®_®§"\texttt{\textbackslash{x}}§®_®§\texttt{ff}§®_®§\texttt{ee}"§; §\C{// wide character constant}§ \end{cfa} The rules for placement of underscores are: \begin{enumerate}[topsep=5pt,itemsep=5pt,parsep=0pt] \item A sequence of underscores is disallowed, \eg ©12__34© is invalid. \item Underscores may only appear within a sequence of digits (regardless of the digit radix). In other words, an underscore cannot start or end a sequence of digits, \eg ©_1©, ©1_© and ©_1_© are invalid (actually, the 1st and 3rd examples are identifier names). \item A numeric prefix may end with an underscore; a numeric infix may begin and/or end with an underscore; a numeric suffix may begin with an underscore. For example, the octal ©0© or hexadecimal ©0x© prefix may end with an underscore ©0_377© or ©0x_ff©; the exponent infix ©E© may start or end with an underscore ©1.0_E10©, ©1.0E_10© or ©1.0_E_10©; the type suffixes ©U©, ©L©, \etc may start with an underscore ©1_U©, ©1_ll© or ©1.0E10_f©. \end{enumerate} It is significantly easier to read and enter long constants when they are broken up into smaller groupings (most cultures use comma and/or period among digits for the same purpose). This extension is backwards compatible, matches with the use of underscore in variable names, and appears in \Index*{Ada} and \Index*{Java} 8. \CC uses the single quote (©'©) as a separator, restricted within a sequence of digits, \eg ©0xaa©©'©©ff©, ©3.141©©'©©592E1©©'©©1©. However, the drawback of the \CC approach is difficults parsing for IDEs between character and numeric constants, as quotes are no longer balanced (©'x'© and ©3.14©©'©©159©). \section{Exponentiation Operator} C, \CC, and Java (and other programming languages) have \emph{no} exponentiation operator\index{exponentiation!operator}\index{operator!exponentiation}, \ie $x^y$, and instead use a routine, like \Indexc{pow(x,y)}, to perform the exponentiation operation. \CFA extends the basic operators with the exponentiation operator ©?©\R{©\\©}©?©\index{?\\?@©?@\@?©} and ©?©\R{©\\©}©=?©\index{?\\=?@©@\@=?©}, as in, ©x ©\R{©\\©}© y© and ©x ©\R{©\\©}©= y©, which means $x^y$ and $x \leftarrow x^y$. The priority of the exponentiation operator is between the cast and multiplicative operators, so that ©w * (int)x \ (int)y * z© is parenthesized as ©(w * (((int)x) \ ((int)y))) * z©. There are exponentiation operators for integral and floating types, including the builtin \Index{complex} types. Integral exponentiation\index{exponentiation!unsigned integral} is performed with repeated multiplication ($O(\log y)$ or shifting if the exponent is 2). Overflow for a large exponent or negative exponent returns zero. Floating exponentiation\index{exponentiation!floating} is performed using \Index{logarithm}s\index{exponentiation!logarithm}, so the exponent cannot be negative. \begin{cfa} sout | 1 ®\® 0 | 1 ®\® 1 | 2 ®\® 8 | -4 ®\® 3 | 5 ®\® 3 | 5 ®\® 32 | 5L ®\® 32 | 5L ®\® 64 | -4 ®\® -3 | -4.0 ®\® -3 | 4.0 ®\® 2.1 | (1.0f+2.0fi) ®\® (3.0f+2.0fi); 1 1 256 -64 125 ®0® 3273344365508751233 ®0® ®0® -0.015625 18.3791736799526 0.264715-1.1922i \end{cfa} Note, ©5 \ 32© and ©5L \ 64© overflow, and ©-4 \ -3© is a fraction but stored in an integer so all three computations generate an integral zero. Because exponentiation has higher priority than ©+©, parenthesis are necessary for exponentiation of \Index{complex constant}s or the expression is parsed as ©1.0f+©\R{©(©}©2.0fi \ 3.0f©\R{©)©}©+2.0fi©, requiring \R{©(©}©1.0f+2.0fi©\R{©)©}© \ ©\R{©(©}©3.0f+2.0fi©\R{©)©}. The exponentiation operator is available for all the basic types, but for user-defined types, only the integral-computation version is available. \begin{cfa} forall( T | { void ?{}( T & this, one_t ); T ?*?( T, T ); } ) T ?®\®?( T ep, unsigned int y ); forall( T | { void ?{}( T & this, one_t ); T ?*?( T, T ); } ) T ?®\®?( T ep, unsigned long int y ); \end{cfa} A user type ©T© must define one (©1©), and multiplication (©*©) \see{\VRef{s:Operator}}. \section{Control Structures} \CFA identifies inconsistent, problematic, and missing control structures in C, and extends, modifies, and adds control structures to increase functionality and safety. %\subsection{\texorpdfstring{\protect\lstinline{if}/\protect\lstinline{while} Statement}{if Statement}} \subsection{\texorpdfstring{\LstKeywordStyle{if} / \LstKeywordStyle{while} Statement}{if / while Statement}} The \Indexc{if} and \Indexc{while} expressions are extended with declarations, similar to the \Indexc{for} declaration expression.\footnote{ Declarations in the \Indexc{do}-©while© condition are not useful because they appear after the loop body.} \begin{cfa} if ( ®int x = f()® ) ... §\C{// x != 0}§ if ( ®int x = f(), y = g()® ) ... §\C{// x != 0 \&\& y != 0}§ if ( ®int x = f(), y = g(); x < y® ) ... §\C{// relational expression}§ if ( ®struct S { int i; } x = { f() }; x.i < 4® ) §\C{// relational expression}§ while ( ®int x = f()® ) ... §\C{// x != 0}§ while ( ®int x = f(), y = g()® ) ... §\C{// x != 0 \&\& y != 0}§ while ( ®int x = f(), y = g(); x < y® ) ... §\C{// relational expression}§ while ( ®struct S { int i; } x = { f() }; x.i < 4® ) ... §\C{// relational expression}§ \end{cfa} Unless a relational expression is specified, each variable is compared not equal to 0, which is the standard semantics for the ©if©/©while© expression, and the results are combined using the logical \Indexc{&&} operator. The scope of the declaration(s) is local to the ©if©/©while© statement, \ie in both \emph{then} and \emph{else} clauses for ©if©, and loop body for ©while©. \CC only provides a single declaration always compared ©!=© to 0. %\section{\texorpdfstring{\protect\lstinline{case} Clause}{case Clause}} \subsection{\texorpdfstring{\LstKeywordStyle{case} Clause}{case Clause}} \label{s:caseClause} C restricts the \Indexc{case} clause in a \Indexc{switch} statement to a single value. For multiple ©case© clauses prefixing a statement within the ©switch© statement, it is necessary to have multiple ©case© clauses rather than multiple values. Requiring a ©case© clause for each value is not in the spirit of brevity normally associated with C. Therefore, the ©case© clause is extended with a list of values. \begin{cquote} \begin{tabular}{@{}l@{\hspace{3em}}l@{\hspace{2em}}l@{}} \multicolumn{1}{c@{\hspace{3em}}}{\textbf{C}} & \multicolumn{1}{c@{\hspace{2em}}}{\textbf{\CFA}} \\ \begin{cfa} switch ( i ) { case 1: case 3 : case 5: ... case 2: case 4 : case 6: ... } \end{cfa} & \begin{cfa} switch ( i ) { case ®1, 3, 5®: ... case ®2, 4, 6®: ... } \end{cfa} & \begin{cfa} // odd values // even values \end{cfa} \end{tabular} \end{cquote} In addition, subranges are allowed to specify a contiguous set of case values. \begin{cquote} \begin{tabular}{@{}l@{\hspace{3em}}l@{\hspace{2em}}l@{\hspace{2em}}l@{}} \multicolumn{1}{c@{\hspace{3em}}}{\textbf{C}} & \multicolumn{1}{c@{\hspace{2em}}}{\textbf{\CFA}} & \multicolumn{1}{c@{\hspace{2em}}}{\textbf{©gcc©}} \\ \begin{cfa} switch ( i ) { case 1: case 2: case 3: case 4: ... case 10: case 11: case 12: case 13: ... } \end{cfa} & \begin{cfa} switch ( i ) { case ®1~4:® ... case ®10~13:® ... } \end{cfa} & \begin{cfa} switch ( i ) { case 1§\R{\textvisiblespace}§®...®4: ... case 10§\R{\textvisiblespace}§®...®13: ... } \end{cfa} & \begin{cfa} // 1, 2, 3, 4 // 10, 11, 12, 13 \end{cfa} \end{tabular} \end{cquote} While ©gcc© has the same range mechanism, it has an awkward syntax, ©2©\R{\textvisiblespace}©...42©, because a space is required after a number, otherwise the period is a decimal point. \CFA also allows lists of subranges. \begin{cfa} case ®1~5, 12~21, 35~42®: \end{cfa} %\section{\texorpdfstring{\protect\lstinline{switch} Statement}{switch Statement}} \subsection{\texorpdfstring{\LstKeywordStyle{switch} Statement}{switch Statement}} C allows a number of questionable forms for the \Indexc{switch} statement: \begin{enumerate} \item By default, the end of a \Indexc{case} clause\footnote{ In this section, the term \emph{case clause} refers to either a ©case© or ©default© clause.} \emph{falls through} to the next ©case© clause in the ©switch© statement; to exit a ©switch© statement from a ©case© clause requires explicitly terminating the clause with a transfer statement, most commonly \Indexc{break}: \begin{cfa} switch ( i ) { case 1: ... §\R{\LstCommentStyle{// fall-through}}§ case 2: ... ®break;® // exit switch statement } \end{cfa} The ability to fall-through to the next clause \emph{is} a useful form of control flow, specifically when a sequence of case actions compound: \begin{cquote} \begin{tabular}{@{}l@{\hspace{3em}}l@{}} \begin{cfa} switch ( argc ) { case 3: // open output file // fall-through case 2: // open input file break; // exit switch statement default: // usage message } \end{cfa} & \begin{cfa} if ( argc == 3 ) { // open output file ®// open input file ®} else if ( argc == 2 ) { ®// open input file (duplicate) ®} else { // usage message } \end{cfa} \end{tabular} \end{cquote} In this example, case 2 is always done if case 3 is done. This control flow is difficult to simulate with ©if© statements or a ©switch© statement without fall-through as code must be duplicated or placed in a separate routine. C also uses fall-through to handle multiple case-values resulting in the same action: \begin{cfa} switch ( i ) { ®case 1: case 3: case 5:® // odd values // odd action break; ®case 2: case 4: case 6:® // even values // even action break; } \end{cfa} This situation is better handled by a list of case values \see{\VRef{s:caseClause}}. While fall-through itself is not a problem, the problem occurs when fall-through is the default, as this semantics is unintuitive for many programmers and is different from most programming languages with a ©switch© statement. Hence, default fall-through semantics results in programming errors as programmers often \emph{forget} the ©break© statement at the end of a ©case© clause, resulting in inadvertent fall-through. \item It is possible to place ©case© clauses on statements nested \emph{within} the body of the ©switch© statement: \begin{cfa} switch ( i ) { case 0: if ( j < k ) { ... ®case 1:® // transfer into "if" statement ... } // if \end{cfa} This usage branches into control structures, which is known to cause both comprehension and technical difficulties. The comprehension problem results from the inability to determine how control reaches a particular point due to the number of branches leading to it. The technical problem results from the inability to ensure declaration and initialization of variables when blocks are not entered at the beginning. There are few arguments for this kind of control flow, and therefore, there is a strong impetus to eliminate it. This C idiom is known as ``\Index*{Duff's device}''~\cite{Duff83}, from this example: \begin{cfa} register int n = (count + 7) / 8; switch ( count % 8 ) { case 0: do{ *to = *from++; case 7: *to = *from++; case 6: *to = *from++; case 5: *to = *from++; case 4: *to = *from++; case 3: *to = *from++; case 2: *to = *from++; case 1: *to = *from++; } while ( --n > 0 ); } \end{cfa} which unrolls a loop N times (N = 8 above) and uses the ©switch© statement to deal with any iterations not a multiple of N. While efficient, this sort of special purpose usage is questionable: \begin{quote} Disgusting, no? But it compiles and runs just fine. I feel a combination of pride and revulsion at this discovery.~\cite{Duff83} \end{quote} \item It is possible to place the ©default© clause anywhere in the list of labelled clauses for a ©switch© statement, rather than only at the end. Most programming languages with a ©switch© statement require the ©default© clause to appear last in the case-clause list. The logic for this semantics is that after checking all the ©case© clauses without success, the ©default© clause is selected; hence, physically placing the ©default© clause at the end of the ©case© clause list matches with this semantics. This physical placement can be compared to the physical placement of an ©else© clause at the end of a series of connected ©if©/©else© statements. \item It is possible to place unreachable code at the start of a ©switch© statement, as in: \begin{cfa} switch ( x ) { ®int y = 1;® §\C{// unreachable initialization}§ ®x = 7;® §\C{// unreachable code without label/branch}§ case 0: ... ... ®int z = 0;® §\C{// unreachable initialization, cannot appear after case}§ z = 2; case 1: ®x = z;® §\C{// without fall through, z is uninitialized}§ } \end{cfa} While the declaration of the local variable ©y© is useful with a scope across all ©case© clauses, the initialization for such a variable is defined to never be executed because control always transfers over it. Furthermore, any statements before the first ©case© clause can only be executed if labelled and transferred to using a ©goto©, either from outside or inside of the ©switch©, where both are problematic. As well, the declaration of ©z© cannot occur after the ©case© because a label can only be attached to a statement, and without a fall-through to case 3, ©z© is uninitialized. The key observation is that the ©switch© statement branches into a control structure, \ie there are multiple entry points into its statement body. \end{enumerate} Before discussing potential language changes to deal with these problems, it is worth observing that in a typical C program: \begin{itemize} \item the number of ©switch© statements is small, \item most ©switch© statements are well formed (\ie no \Index*{Duff's device}), \item the ©default© clause is usually written as the last case-clause, \item and there is only a medium amount of fall-through from one ©case© clause to the next, and most of these result from a list of case values executing common code, rather than a sequence of case actions that compound. \end{itemize} These observations put into perspective the \CFA changes to the ©switch© statement. \begin{enumerate} \item Eliminating default fall-through has the greatest potential for affecting existing code. However, even if fall-through is removed, most ©switch© statements would continue to work because of the explicit transfers already present at the end of each ©case© clause, the common placement of the ©default© clause at the end of the case list, and the most common use of fall-through, \ie a list of ©case© clauses executing common code, \eg: \begin{cfa} case 1: case 2: case 3: ... \end{cfa} still works. Nevertheless, reversing the default action would have a non-trivial effect on case actions that compound, such as the above example of processing shell arguments. Therefore, to preserve backwards compatibility, it is necessary to introduce a new kind of ©switch© statement, called \Indexc{choose}, with no implicit fall-through semantics and an explicit fall-through if the last statement of a case-clause ends with the new keyword \Indexc{fallthrough}/\-\Indexc{fallthru}, \eg: \begin{cfa} ®choose® ( i ) { case 1: case 2: case 3: ... §\R{\LstCommentStyle{// implicit end of switch (break)}}§ case 5: ... ®fallthru®; §\C{// explicit fall through}§ case 7: ... ®break® §\C{// explicit end of switch (redundant)}§ default: j = 3; } \end{cfa} Like the ©switch© statement, the ©choose© statement retains the fall-through semantics for a list of ©case© clauses. An implicit ©break© is applied only at the end of the \emph{statements} following a ©case© clause. An explicit ©fallthru© is retained because it is a C-idiom most C programmers expect, and its absence might discourage programmers from using the ©choose© statement. As well, allowing an explicit ©break© from the ©choose© is a carry over from the ©switch© statement, and expected by C programmers. \item \Index*{Duff's device} is eliminated from both ©switch© and ©choose© statements, and only invalidates a small amount of very questionable code. Hence, the ©case© clause must appear at the same nesting level as the ©switch©/©choose© body, as is done in most other programming languages with ©switch© statements. \item The issue of ©default© at locations other than at the end of the cause clause can be solved by using good programming style, and there are a few reasonable situations involving fall-through where the ©default© clause needs to appear is locations other than at the end. Therefore, no change is made for this issue. \item Dealing with unreachable code in a ©switch©/©choose© body is solved by restricting declarations and initialization to the start of statement body, which is executed \emph{before} the transfer to the appropriate ©case© clause\footnote{ Essentially, these declarations are hoisted before the ©switch©/©choose© statement and both declarations and statement are surrounded by a compound statement.} and precluding statements before the first ©case© clause. Further declarations at the same nesting level as the statement body are disallowed to ensure every transfer into the body is sound. \begin{cfa} switch ( x ) { ®int i = 0;® §\C{// allowed only at start}§ case 0: ... ®int j = 0;® §\C{// disallowed}§ case 1: { ®int k = 0;® §\C{// allowed at different nesting levels}§ ... ®case 2:® §\C{// disallow case in nested statements}§ } ... } \end{cfa} \end{enumerate} \subsection{Non-terminating and Labelled \texorpdfstring{\LstKeywordStyle{fallthrough}}{Non-terminating and Labelled fallthrough}} The \Indexc{fallthrough} clause may be non-terminating within a \Indexc{case} clause or have a target label to common code from multiple case clauses. \begin{cquote} \begin{tabular}{@{}lll@{}} \begin{cfa} choose ( ... ) { case 3: if ( ... ) { ... ®fallthru;® // goto case 4 } else { ... } // implicit break case 4: \end{cfa} & \begin{cfa} choose ( ... ) { case 3: ... ®fallthrough common;® case 4: ... ®fallthrough common;® ®common:® // below fallthrough // at case-clause level ... // common code for cases 3/4 // implicit break case 4: \end{cfa} & \begin{cfa} choose ( ... ) { case 3: choose ( ... ) { case 4: for ( ... ) { // multi-level transfer ... ®fallthru common;® } ... } ... ®common:® // below fallthrough // at case-clause level \end{cfa} \end{tabular} \end{cquote} The target label must be below the \Indexc{fallthrough} and may not be nested in a control structure, and the target label must be at the same or higher level as the containing \Indexc{case} clause and located at the same level as a ©case© clause; the target label may be case \Indexc{default}, but only associated with the current \Indexc{switch}/\Indexc{choose} statement. \subsection{Loop Control} Looping a predefined number of times, possibly with a loop index, occurs frequently. \CFA condenses writing loops to facilitate coding speed and safety. \Indexc{for}, \Indexc{while}, and \Indexc{do} loop-control\index{loop control} are extended with an empty conditional, meaning a comparison value of ©1© (true). \begin{cfa} while ( ®/* empty */® ) §\C{// while ( true )}§ for ( ®/* empty */® ) §\C{// for ( ; true; )}§ do ... while ( ®/* empty */® ) §\C{// do ... while ( true )}§ \end{cfa} The ©for© control\index{for control}, \ie ©for ( /* control */ )©, is extended with a range and step. A range is a set of values defined by an optional low value (default to 0), tilde, and high value, ©L ~ H©, with an optional step ©~ S© (default to 1), which means an ascending set of values from ©L© to ©H© in positive steps of ©S©. \begin{cfa} 0 ~ 5 §\C{// \{ 0, 1, 2, 3, 4, 5 \}}§ -8 ~ -2 ~ 2 §\C{// \{ -8. -6, -4, -2 \}}§ -3 ~ 3 ~ 1 §\C{// \{ -3, -2, -1, 0, 1, 2, 3 \}}§ \end{cfa} \R{Warning}: A range in descending order, \eg ©5 ~ -3© is the null (empty) set, \ie no values in the set. \R{Warning}: A ©0© or negative step is undefined. Note, the order of values in a set may not be the order the values are presented during looping. The range character, ©'~'©, is decorated on the left and right to control how the set values are presented in the loop body. The range character can be prefixed with ©'+'© or ©'-'© indicating the \emph{direction} the range is scanned, \ie from left to right (ascending) or right to left (descending). Ascending stepping uses operator \Indexc{+=}; descending stepping uses operator \Indexc{-=}. If there is no prefix character, it defaults to ©'+'©. \begin{cfa} -8 ®§\Sp§®~ -2 §\C{// ascending, no prefix}§ 0 ®+®~ 5 §\C{// ascending, prefix}§ -3 ®-®~ 3 §\C{// descending}§ \end{cfa} For descending iteration, the ©L© and ©H© values are \emph{implicitly} switched, and the increment/decrement for ©S© is toggled. When changing the iteration direction, this form is faster and safer, \ie the direction prefix can be added/removed without changing existing (correct) program text. \R{Warning}: reversing the range endpoints for descending order results in an empty set. \begin{cfa} for ( i; ®10 -~ 1® ) §{\C{// WRONG descending range!}§ \end{cfa} Because C uses zero origin, most loops iterate from 0 to $N - 1$. Hence, when scanning a range during iteration, the last value is dropped, \eg ©0 ~ 5© is ©0, 1, 2, 3, 4©, an exclusive range, [©L©,©H©\R{)}. To obtain \emph{all} the values in the range, the range character is postfixed with ©'='©, \eg ©0 ~= 5© is ©0, 1, 2, 3, 4, 5©, an inclusive range, [©L©,©H©\R{]}. \index{\~}\index{ascending exclusive range} \index{\~=}\index{ascending inclusive range} \index{-\~}\index{descending exclusive range} \index{-\~=}\index{descending inclusive range} ©for© control is formalized by the following regular expression: \begin{cquote} [ ©L© ]\ \ [ ©+©\ \ |\ \ ©-© ]\ \ \R{©~©}\ \ [ ©=© ]\ \ ©H©\ \ [ ©~© ©S© ] \end{cquote} where ©[©\,©]© denotes optional and ©|© denotes alternative. That is, the optional low set value, the optional scan direction (ascending/descending), the (possibly) required range character, the optional include last-scan value, the required high set value, and the optional range character and step value. \R{Warning}: the regular expression allows the form ©~H©, but this syntax has a preexisting meaning in C: complement the bits of ©H©, \eg ©for ( ~5 )© meaning ©for ( -6 )©, as ©-6© is the complement of ©5©. This anomaly is unlikely to cause problems because programers will write the shorter ©for ( 5 )©. The previous ©for© loops have an anonymous loop index in which the range iteration is computed. To access the value of the range iteration in the loop body, a \Index{loop index} is specified before the range. \begin{cfa} for ( ®int i;® 0 ~ 10 ~ 2 ) { ... ®i® ... } §\C{// loop index available in loop body}§ \end{cfa} Hence, unlike the 3 components in the C ©for©-control, there are only two components in the \CFA ©for©-control: the optional index variable and the range. The index type is optional (like \CC ©auto©), where the type is normally inferred from the low value ©L© because it initializes the index (the type of ©H© can be different from ©L©). When ©L© is omitted, the type of the required high value ©H© is used, as both ©L© and ©H© are the same type in this case. \begin{cfa} for ( i; ®1.5® ~ 5 ) §\C{// typeof(1.5) i; 1.5 is low value}§ for ( i; ®5.5® ) §\C{// typeof(5.5) i; 5.5 is high value}§ \end{cfa} The following examples illustrate common \CFA ©for©-control combinations, with the C counter-part in the comment. \begin{itemize}[itemsep=0pt] \item ©H© is implicit ascending exclusive range [0,©H©\R{)}. \begin{cfa} for ( ®5® ) §\C{// for ( typeof(5) i; i < 5; i += 1 )}§ \end{cfa} \item ©~=© ©H© is implicit ascending inclusive range [0,©H©\R{]}. \begin{cfa} for ( ®~=® 5 ) §\C{// for ( typeof(5) i; i <= 5; i += 1 )}§ \end{cfa} \item ©L© ©~©\index{~@©~©} ©H© is explicit ascending exclusive range [©L©,©H©\R{)}. \begin{cfa} for ( 1 ®~® 5 ) §\C{// for ( typeof(1) i = 1; i < 5; i += 1 )}§ \end{cfa} \item ©L© ©~=©\index{~=@©~=©} ©H© is explicit ascending inclusive range [©L©,©H©\R{]}. \begin{cfa} for ( 1 ®~=® 5 ) §\C{// for ( typeof(1) i = 1; i <= 5; i += 1 )}§ \end{cfa} \item ©L© ©-~©\index{-~@©-~©} ©H© is explicit descending exclusive range \R{(}©H©,©L©], where ©L© and ©H© are implicitly interchanged to make the range descending. \begin{cfa} for ( 1 ®-~® 5 ) §\C{// for ( typeof(1) i = 5; i > 0; i -= 1 )}§ \end{cfa} \item ©L© ©-~=©\index{-~=@©-~=©} ©H© is explicit descending inclusive range \R{[}©H©,©L©], where ©L© and ©H© are implicitly interchanged to make the range descending. \begin{cfa} for ( 1 ®-~=® 5 ) §\C{// for ( typeof(1) i = 5; i >= 0; i -= 1 )}§ \end{cfa} \end{itemize} There are situations when the ©for©-control actions need to be moved into the loop body, \eg a mid-loop exit does not need an iteration-completion test in the ©for© control. The character ©'@'© indicates that a specific ©for©-control action is ignored, \ie generates no code. \begin{cfa} for ( i; ®@® -~ 10 ) §\C{// for ( typeof(10) i = 10; \R{/*empty*/}; i -= 1 )}§ for ( i; 1 ~ ®@® ~ 2 ) §\C{// for ( typeof(1) i = 1; \R{/* empty */}; i += 2 )}§ for ( i; 1 ~ 10 ~ ®@® ) §\C{// for ( typeof(1) i = 1; i < 10; \R{/* empty */} )}§ for ( i; 1 ~ ®@® ~ ®@® ) §\C{// for ( typeof(1) i = 1; \R{/* empty */}; \R{/* empty */} )}§ \end{cfa} \R{Warning}: ©L© \emph{cannot} be elided for the ascending range, \lstinline{@ ~ 5}, nor ©H© for the descending range, \lstinline{1 -~ @}, as the loop index is uninitialized. \R{Warning}: ©H© \emph{cannot} be elided in an anonymous loop index, ©1 ~ @©, as there is no index to stop the loop. There are situations when multiple loop indexes are required. The character ©':'© means add another index, where any number of indices may be chained in a single ©for© control. \begin{cfa} for ( i; 5 ®:® j; 2 ~ 12 ~ 3 ) §\C{// for ( typeof(i) i = 1, j = 2; \R{i < 5 \&\& j < 12}; i += 1, j += 3 )}§ for ( i; 5 ®:® j; 2 ~ @ ~ 3 ) §\C{// for ( typeof(i) i = 1, j = 2; \R{i < 5}; i += 1, j += 3 )}§ for ( i; 5 ®:® j; 2.5 ~ @ ~ 3.5 ) §\C{// no C equivalent, without hoisting declaration of floating-point j}§ \end{cfa} \VRef[Figure]{f:LoopControlExamples} shows more complex loop-control examples across all the different options. \begin{figure} \begin{tabular}{@{}l@{\hspace{50pt}}|l@{}} \multicolumn{1}{@{}c@{\hspace{50pt}}|}{loop control} & \multicolumn{1}{c@{}}{output} \\ \hline \begin{cfa} while () { sout | "empty"; break; } do { sout | "empty"; break; } while (); for () { sout | "empty"; break; } §\C[3in]{sout | nl | nlOff;}§ for ( 0 ) { sout | "A"; } §\C{sout | nl;}§ for ( 1 ) { sout | "A"; } §\C{sout | nl;}§ for ( 10 ) { sout | "A"; } §\C{sout | nl;}§ for ( ~= 10 ) { sout | "A"; } §\C{sout | nl;}§ for ( 1 ~= 10 ~ 2 ) { sout | "B"; } §\C{sout | nl;}§ for ( 1 -~= 10 ~ 2 ) { sout | "C"; } §\C{sout | nl;}§ for ( 0.5 ~ 5.5 ) { sout | "D"; } §\C{sout | nl;}§ for ( 0.5 -~ 5.5 ) { sout | "E"; } §\C{sout | nl;}§ for ( i; 10 ) { sout | i; } §\C{sout | nl;}§ for ( i; ~= 10 ) { sout | i; } §\C{sout | nl;}§ for ( i; 1 ~= 10 ~ 2 ) { sout | i; } §\C{sout | nl;}§ for ( i; 1 -~= 10 ~ 2 ) { sout | i; } §\C{sout | nl;}§ for ( i; 0.5 ~ 5.5 ) { sout | i; } §\C{sout | nl;}§ for ( i; 0.5 -~ 5.5 ) { sout | i; } §\C{sout | nl;}§ for ( ui; 2u ~= 10u ~ 2u ) { sout | ui; } §\C{sout | nl;}§ for ( ui; 2u -~= 10u ~ 2u ) { sout | ui; } §\C{sout | nl | nl | nl;}§ enum { N = 10 }; for ( N ) { sout | "N"; } §\C{sout | nl;}§ for ( i; N ) { sout | i; } §\C{sout | nl;}§ for ( i; -~ N ) { sout | i; } §\C{sout | nl | nl | nl;}§ const int low = 3, high = 10, inc = 2; for ( i; low ~ high ~ inc + 1 ) { sout | i; } §\C{sout | nl;}§ for ( i; 1 ~ @ ) { if ( i > 10 ) break; sout | i; } §\C{sout | nl;}§ for ( i; @ -~ 10 ) { if ( i < 0 ) break; sout | i; } §\C{sout | nl;}§ for ( i; 2 ~ @ ~ 2 ) { if ( i > 10 ) break; sout | i; } §\C{sout | nl;}§ for ( i; 2.1 ~ @ ~ @ ) { if ( i > 10.5 ) break; sout | i; i += 1.7; } §\C{sout | nl;}§ for ( i; @ -~ 10 ~ 2 ) { if ( i < 0 ) break; sout | i; } §\C{sout | nl;}§ for ( i; 12.1 ~ @ ~ @ ) { if ( i < 2.5 ) break; sout | i; i -= 1.7; } §\C{sout | nl;}§ for ( i; 5 : j; -5 ~ @ ) { sout | i | j; } §\C{sout | nl;}§ for ( i; 5 : j; @ -~ -5 ) { sout | i | j; } §\C{sout | nl;}§ for ( i; 5 : j; -5 ~ @ ~ 2 ) { sout | i | j; } §\C{sout | nl;}§ for ( i; 5 : j; @ -~ -5 ~ 2 ) { sout | i | j; } §\C{sout | nl;}§ for ( i; 5 : j; -5 ~ @ ) { sout | i | j; } §\C{sout | nl;}§ for ( i; 5 : j; @ -~ -5 ) { sout | i | j; } §\C{sout | nl;}§ for ( i; 5 : j; -5 ~ @ ~ 2 ) { sout | i | j; } §\C{sout | nl;}§ for ( i; 5 : j; @ -~ -5 ~ 2 ) { sout | i | j; } §\C{sout | nl;}§ for ( i; 5 : j; @ -~ -5 ~ 2 : k; 1.5 ~ @ ) { sout | i | j | k; } §\C{sout | nl;}§ for ( i; 5 : j; @ -~ -5 ~ 2 : k; 1.5 ~ @ ) { sout | i | j | k; } §\C{sout | nl;}§ for ( i; 5 : k; 1.5 ~ @ : j; @ -~ -5 ~ 2 ) { sout | i | j | k; } §\C{sout | nl;}\CRT§ \end{cfa} & \begin{cfa} empty empty empty A A A A A A A A A A A A A A A A A A A A A A B B B B B C C C C C D D D D D E E E E E 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 10 1 3 5 7 9 10 8 6 4 2 0.5 1.5 2.5 3.5 4.5 5.5 4.5 3.5 2.5 1.5 2 4 6 8 10 10 8 6 4 2 N N N N N N N N N N 0 1 2 3 4 5 6 7 8 9 10 9 8 7 6 5 4 3 2 1 3 6 9 1 2 3 4 5 6 7 8 9 10 10 9 8 7 6 5 4 3 2 1 0 2 4 6 8 10 2.1 3.8 5.5 7.2 8.9 10 8 6 4 2 0 12.1 10.4 8.7 7. 5.3 3.6 0 -5 1 -4 2 -3 3 -2 4 -1 0 -5 1 -6 2 -7 3 -8 4 -9 0 -5 1 -3 2 -1 3 1 4 3 0 -5 1 -7 2 -9 3 -11 4 -13 0 -5 1 -4 2 -3 3 -2 4 -1 0 -5 1 -6 2 -7 3 -8 4 -9 0 -5 1 -3 2 -1 3 1 4 3 0 -5 1 -7 2 -9 3 -11 4 -13 0 -5 1.5 1 -7 2.5 2 -9 3.5 3 -11 4.5 4 -13 5.5 0 -5 1.5 1 -7 2.5 2 -9 3.5 3 -11 4.5 4 -13 5.5 0 -5 1.5 1 -7 2.5 2 -9 3.5 3 -11 4.5 4 -13 5.5 \end{cfa} \end{tabular} \caption{Loop Control Examples} \label{f:LoopControlExamples} \end{figure} Finally, any type that satisfies the ©Iterate© trait can be used with ©for© control. \begin{cfa} forall( T ) trait Iterate { void ?{}( T & t, zero_t ); int ??( T t1, T t2 ); int ?>=?( T t1, T t2 ); T ?+=?( T & t1, T t2 ); T ?+=?( T & t, one_t ); T ?-=?( T & t1, T t2 ); T ?-=?( T & t, one_t ); } \end{cfa} \VRef[Figure]{f:ForControlStructureType} shows an example of a structure using ©for© control. Note, the use of ©(S){0}© when implicitly setting the loop-index type, because using 0 incorrect declares the index to ©int© rather than ©S©. \begin{figure} \begin{tabular}{@{}l@{\hspace{5pt}}l@{}} \begin{cfa} struct S { int i, j; }; void ?{}( S & s, int i = 0, int j = 0 ) { s.[i, j] = [i, j]; } void ?{}( S & s, zero_t ) { s.[i, j] = 0; } int ??( S t1, S t2 ) { return t1.i > t2.i && t1.j > t2.j; } int ?>=?( S t1, S t2 ) { return t1.i >= t2.i && t1.j >= t2.j; } S ?+=?( S & t1, S t2 ) { t1.i += t2.i; t1.j += t2.j; return t1; } S ?+=?( S & t, one_t ) { t.i += 1; t.j += 1; return t; } S ?-=?( S & t1, S t2 ) { t1.i -= t2.i; t1.j -= t2.j; return t1; } S ?-=?( S & t, one_t ) { t.i -= 1; t.j -= 1; return t; } ofstream & ?|?( ofstream & os, S s ) { return os | "(" | s.i | s.j | ")"; } void & ?|?( ofstream & os, S s ) { (ofstream &)(os | s); ends( os ); } \end{cfa} & \begin{cfa} int main() { for ( S i = 0; i < (S){10,10}; i += 1 ) { sout | i; } sout | "A" | nl; // C for ( S i; 0 ~ (S){10,10} ) { sout | i; } sout | "B" | nl; // CFA for ( i; (S){10,10} ) { sout | i; } sout | "C" | nl; for ( i; (S){0} ~ (S){10,10} ) { sout | i; } sout | "D" | nl; for ( i; (S){0} ~= (S){10,10} ) { sout | i; } sout | "E" | nl; for ( i; (S){0} ~= (S){10,10} ~ (S){2} ) { sout | i; } sout | "F" | nl; for ( i; (S){0} -~ (S){10,10} ) { sout | i; } sout | "G" | nl; for ( i; (S){0} -~= (S){10,10} ) { sout | i; } sout | "H" | nl; for ( i; (S){0} -~= (S){10,10} ~ (S){2,1} ) { sout | i; } sout | "I" | nl; } (0 0) (1 1) (2 2) (3 3) (4 4) (5 5) (6 6) (7 7) (8 8) (9 9) A (0 0) (1 1) (2 2) (3 3) (4 4) (5 5) (6 6) (7 7) (8 8) (9 9) B (0 0) (1 1) (2 2) (3 3) (4 4) (5 5) (6 6) (7 7) (8 8) (9 9) C (0 0) (1 1) (2 2) (3 3) (4 4) (5 5) (6 6) (7 7) (8 8) (9 9) D (0 0) (1 1) (2 2) (3 3) (4 4) (5 5) (6 6) (7 7) (8 8) (9 9) (10 10) E (0 0) (2 0) (4 0) (6 0) (8 0) (10 0) F (10 10) (9 9) (8 8) (7 7) (6 6) (5 5) (4 4) (3 3) (2 2) (1 1) G (10 10) (9 9) (8 8) (7 7) (6 6) (5 5) (4 4) (3 3) (2 2) (1 1) (0 0) H (10 10) (8 9) (6 8) (4 7) (2 6) (0 5) I \end{cfa} \end{tabular} \caption{For Control with Structure Type} \label{f:ForControlStructureType} \end{figure} \begin{figure} \begin{lrbox}{\myboxA} \begin{cfa}[tabsize=4] ®Compound:® { ®Try:® try { ®For:® for ( ... ) { ®While:® while ( ... ) { ®Do:® do { ®If:® if ( ... ) { ®Switch:® switch ( ... ) { case 3: ®break Compound®; ®break Try®; ®break For®; /* or */ ®continue For®; ®break While®; /* or */ ®continue While®; ®break Do®; /* or */ ®continue Do®; ®break If®; ®break Switch®; } // switch } else { ... ®break If®; ... // terminate if } // if } while ( ... ); // do } // while } // for } ®finally® { // always executed } // try } // compound \end{cfa} \end{lrbox} \begin{lrbox}{\myboxB} \begin{cfa}[tabsize=4] { ®ForC:® for ( ... ) { ®WhileC:® while ( ... ) { ®DoC:® do { if ( ... ) { switch ( ... ) { case 3: ®goto Compound®; ®goto Try®; ®goto ForB®; /* or */ ®goto ForC®; ®goto WhileB®; /* or */ ®goto WhileC®; ®goto DoB®; /* or */ ®goto DoC®; ®goto If®; ®goto Switch®; } ®Switch:® ; } else { ... ®goto If®; ... // terminate if } ®If:®; } while ( ... ); ®DoB:® ; } ®WhileB:® ; } ®ForB:® ; } ®Compound:® ; \end{cfa} \end{lrbox} \subfloat[C]{\label{f:CFAFibonacciGen}\usebox\myboxB} \hspace{3pt} \vrule \hspace{3pt} \subfloat[\CFA]{\label{f:CFibonacci}\usebox\myboxA} \caption{Multi-level Exit} \label{f:MultiLevelExit} \end{figure} %\subsection{\texorpdfstring{Labelled \protect\lstinline{continue} / \protect\lstinline{break}}{Labelled continue / break}} \subsection{\texorpdfstring{Labelled \LstKeywordStyle{continue} / \LstKeywordStyle{break} Statement}{Labelled continue / break Statement}} C \Indexc{continue} and \Indexc{break} statements are restricted to one level of nesting for a particular control structure. This restriction forces programmers to use \Indexc{goto} to achieve the equivalent control-flow for more than one level of nesting. To prevent having to switch to the ©goto©, \CFA extends the \Indexc{continue}\index{continue@©continue©!labelled}\index{labelled!continue@©continue©} and \Indexc{break}\index{break@©break©!labelled}\index{labelled!break@©break©} with a target label to support static multi-level exit\index{multi-level exit}\index{static multi-level exit}~\cite{Buhr85}, as in Java. For both ©continue© and ©break©, the target label must be directly associated with a \Indexc{for}, \Indexc{while} or \Indexc{do} statement; for ©break©, the target label can also be associated with a \Indexc{switch}, \Indexc{if} or compound (©{}©) statement. \VRef[Figure]{f:MultiLevelExit} shows a comparison between labelled ©continue© and ©break© and the corresponding C equivalent using ©goto© and labels. The innermost loop has 8 exit points, which cause continuation or termination of one or more of the 7 \Index{nested control-structure}s. Both labelled \Indexc{continue} and \Indexc{break} are a \Indexc{goto}\index{goto@©goto©!restricted} restricted in the following ways: \begin{itemize} \item They cannot create a loop, which means only the looping constructs cause looping. This restriction means all situations resulting in repeated execution are clearly delineated. \item They cannot branch into a control structure. This restriction prevents missing declarations and/or initializations at the start of a control structure resulting in undefined behaviour. \end{itemize} The advantage of the labelled ©continue©/©break© is allowing static multi-level exits without having to use the ©goto© statement, and tying control flow to the target control structure rather than an arbitrary point in a program via a label. Furthermore, the location of the label at the \emph{beginning} of the target control structure informs the reader (\Index{eye candy}) that complex control-flow is occurring in the body of the control structure. With ©goto©, the label is at the end of the control structure, which fails to convey this important clue early enough to the reader. Finally, using an explicit target for the transfer, instead of an implicit target, allows new constructs to be added or removed without affecting existing constructs. Otherwise, the implicit targets of the current ©continue© and ©break©, \ie the closest enclosing loop or ©switch©, change as certain constructs are added or removed. \subsection{\texorpdfstring{Extended \LstKeywordStyle{else}}{Extended else}} \label{s:ExtendedElse} \index{extended ©else©} The ©if© statement has an optional ©else© clause executed if the conditional is false. This concept is extended to the \Indexc{while}, \Indexc{for}, and \Indexc{do} looping constructs (like Python). Hence, if the loop conditional becomes false, looping stops and the corresponding ©else© clause is executed, if present. The following example is a linear search for the key 3 in an array, where finding the key is handled with a ©break© and not finding with the ©else© clause on the loop construct. \begin{cquote} \begin{cfa} int a[10]; \end{cfa} \begin{tabular}{@{}l@{\hspace{3em}}l@{\hspace{3em}}l@{}} \begin{cfa} while ( int i = 0; i < 10 ) { if ( a[i] == 3 ) break; // found i += 1; } ®else® { // i == 10 sout | "not found"; } \end{cfa} & \begin{cfa} for ( i; 10 ) { if ( a[i] == 3 ) break; // found } ®else® { // i == 10 sout | "not found"; } \end{cfa} & \begin{cfa} int i = 0; do { if ( a[i] == 3 ) break; // found i += 1; } while( i < 10 ) ®else® { // i == 10 sout | "not found"; } \end{cfa} \end{tabular} \end{cquote} Note, \Index{dangling else} now occurs with \Indexc{if}, \Indexc{while}, \Indexc{for}, \Indexc{do}, and \Indexc{waitfor}. %\subsection{\texorpdfstring{\protect\lstinline{with} Statement}{with Statement}} \subsection{\texorpdfstring{\LstKeywordStyle{with} Statement}{with Statement}} \label{s:WithStatement} Grouping heterogeneous data into an \newterm{aggregate} (structure/union) is a common programming practice, and aggregates may be nested: \begin{cfa} struct Person { §\C{// aggregate}§ struct Name { §\C{// nesting}§ char first[20], last[20]; } name; struct Address { §\C{// nesting}§ ... } address; int sex; }; \end{cfa} Functions manipulating aggregates must repeat the aggregate name to access its containing fields. \begin{cfa} Person p ®p.®name ...; ®p.®address ...; ®p.®sex ...; §\C{// access containing fields}§ \end{cfa} which extends to multiple levels of qualification for nested aggregates and multiple aggregates. \begin{cfa} struct Ticket { ... } t; ®p.name®.first ...; ®p.address®.street ...; §\C{// access nested fields}§ ®t.®departure ...; ®t.®cost ...; §\C{// access multiple aggregate}§ \end{cfa} Repeated aggregate qualification is tedious and makes code difficult to read. Therefore, reducing aggregate qualification is a useful language design goal. C partially addresses the problem by eliminating qualification for enumerated types and unnamed \emph{nested} aggregates, which open their scope into the containing aggregate. This feature is used to group fields for attributes and/or with ©union© aggregates. \begin{cfa} struct S { struct §\R{\LstCommentStyle{/* unnamed */}}§ { int g, h; } __attribute__(( aligned(64) )); int tag; union §\R{\LstCommentStyle{/* unnamed */}}§ { struct { char c1, c2; } __attribute__(( aligned(128) )); struct { int i1, i2; }; struct { double d1, d2; }; }; } s; enum { R, G, B }; s.g; s.h; s.tag = R; s.c1; s.c2; s.i1 = G; s.i2 = B; s.d1; s.d2; \end{cfa} Object-oriented languages reduce qualification for class variables within member functions, \eg \CC: \begin{C++} struct S { char ®c®; int ®i®; double ®d®; void f( /* S * this */ ) { §\C{// implicit ``this'' parameter}§ ®c®; ®i®; ®d®; §\C{// this->c; this->i; this->d;}§ } } \end{C++} In general, qualification is elided for the variables and functions in the lexical scopes visible from a member function. However, qualification is necessary for name shadowing and explicit aggregate parameters. \begin{cfa} struct T { char ®m®; int ®i®; double ®n®; §\C{// derived class variables}§ }; struct S : public T { char ®c®; int ®i®; double ®d®; §\C{// class variables}§ void g( double ®d®, T & t ) { d; ®t®.m; ®t®.i; ®t®.n; §\C{// function parameter}§ c; i; ®this->®d; ®S::®d; §\C{// class S variables}§ m; ®T::®i; n; §\C{// class T variables}§ } }; \end{cfa} Note the three different forms of qualification syntax in \CC, ©.©, ©->©, ©::©, which is confusing. Since \CFA in not object-oriented, it has no implicit parameter with its implicit qualification. Instead \CFA introduces a general mechanism using the ©with© statement \see{Pascal~\cite[\S~4.F]{Pascal}} to explicitly elide aggregate qualification by opening a scope containing the field identifiers. Hence, the qualified fields become variables with the side-effect that it is simpler to write, easier to read, and optimize field references in a block. \begin{cfa} void f( S & this ) ®with ( this )® { §\C{// with statement}§ ®c®; ®i®; ®d®; §\C{// this.c, this.i, this.d}§ } \end{cfa} with the generality of opening multiple aggregate-parameters: \begin{cfa} void g( S & s, T & t ) ®with ( s, t )® {§\C{// multiple aggregate parameters}§ c; ®s.®i; d; §\C{// s.c, s.i, s.d}§ m; ®t.®i; n; §\C{// t.m, t.i, t.n}§ } \end{cfa} where qualification is only necessary to disambiguate the shadowed variable ©i©. In detail, the ©with© statement may form a function body or be nested within a function body. The ©with© clause takes a list of expressions, where each expression provides an aggregate type and object. (Enumerations are already opened.) To open a pointer type, the pointer must be dereferenced to obtain a reference to the aggregate type. \begin{cfa} S * sp; with ( *sp ) { ... } \end{cfa} The expression object is the implicit qualifier for the open structure-fields. \CFA's ability to overload variables \see{\VRef{s:VariableOverload}} and use the left-side of assignment in type resolution means most fields with the same name but different types are automatically disambiguated, eliminating qualification. All expressions in the expression list are open in parallel within the compound statement. This semantic is different from Pascal, which nests the openings from left to right. The difference between parallel and nesting occurs for fields with the same name and type: \begin{cfa} struct Q { int ®i®; int k; int ®m®; } q, w; struct R { int ®i®; int j; double ®m®; } r, w; with ( r, q ) { j + k; §\C{// unambiguous, r.j + q.k}§ m = 5.0; §\C{// unambiguous, q.m = 5.0}§ m = 1; §\C{// unambiguous, r.m = 1}§ int a = m; §\C{// unambiguous, a = r.i }§ double b = m; §\C{// unambiguous, b = q.m}§ int c = r.i + q.i; §\C{// disambiguate with qualification}§ (double)m; §\C{// disambiguate with cast}§ } \end{cfa} For parallel semantics, both ©r.i© and ©q.i© are visible, so ©i© is ambiguous without qualification; for nested semantics, ©q.i© hides ©r.i©, so ©i© implies ©q.i©. Pascal nested-semantics is possible by nesting ©with© statements. \begin{cfa} with ( r ) { i; §\C{// unambiguous, r.i}§ with ( q ) { i; §\C{// unambiguous, q.i}§ } } \end{cfa} A cast or qualification can be used to disambiguate variables within a ©with© \emph{statement}. A cast can also be used to disambiguate among overload variables in a ©with© \emph{expression}: \begin{cfa} with ( w ) { ... } §\C{// ambiguous, same name and no context}§ with ( (Q)w ) { ... } §\C{// unambiguous, cast}§ \end{cfa} Because there is no left-side in the ©with© expression to implicitly disambiguate between the ©w© variables, it is necessary to explicitly disambiguate by casting ©w© to type ©Q© or ©R©. Finally, there is an interesting problem between parameters and the function-body ©with©, \eg: \begin{cfa} void f( S & s, char c ) with ( s ) { ®s.c = c;® i = 3; d = 5.5; §\C{// initialize fields}§ } \end{cfa} Here, the assignment ©s.c = c© means ©s.c = s.c©, which is meaningless, and there is no mechanism to qualify the parameter ©c©, making the assignment impossible using the function-body ©with©. To solve this problem, parameters \emph{not} explicitly opened are treated like an initialized aggregate: \begin{cfa} struct Params { §\C{// s explicitly opened so S \& s elided}§ char c; } params; \end{cfa} and implicitly opened \emph{after} a function-body open, to give them higher priority: \begin{cfa} void f( S & s, char ®c® ) with ( s ) ®with( §\emph{\R{params}}§ )® { // syntax disallowed, illustration only s.c = ®c;® i = 3; d = 5.5; } \end{cfa} This implicit semantic matches with programmer expectation. \section{Exception Handling} \label{s:ExceptionHandling} Exception handling provides two mechanism: change of control flow from a raise to a handler, and communication from the raise to the handler. Transfer of control can be local, within a routine, or non-local, among routines. Non-local transfer can cause stack unwinding, \ie non-local routine termination, depending on the kind of raise. Currently, \CFA uses macros ©ExceptionDecl© and ©ExceptionInst© to declare and instantiate an exception. \begin{cfa} #include ®ExceptionDecl®( E, // must be global scope ... // exception fields ); try { ... if ( ... ) ®throwResume® ®ExceptionInst®( E, /* intialization */ ); if ( ... ) ®throw® ®ExceptionInst®( E, /* intialization */ ); ... } ®catchResume®( E * ) { // must be pointer ... } catch( E * ) { ... } \end{cfa} \begin{cfa} exception_t E {}; §\C{// exception type}§ void f(...) { ... throw E{}; ... §\C{// termination}§ ... throwResume E{}; ... §\C{// resumption}§ } try { f(...); } catch( E e ; §boolean-predicate§ ) { §\C{// termination handler}§ // recover and continue } catchResume( E e ; §boolean-predicate§ ) { §\C{// resumption handler}§ // repair and return } finally { // always executed } \end{cfa} The kind of raise and handler match: ©throw© with ©catch© and ©throwResume© with ©catchResume©. Then the exception type must match along with any additional predicate must be true. The ©catch© and ©catchResume© handlers may appear in any oder. However, the ©finally© clause must appear at the end of the ©try© statement. \subsection{Non-local Exception} \begin{cfa} void main() { try { _Enable { ... resume(); ... } } ®catchResume®( E & ) { // should be reference ... } catch( E & ) { ... } } \end{cfa} \subsection{Exception Hierarchy} An exception type can be derived from another exception type, just like deriving a subclass from a class, providing a kind of polymorphism among exception types. The exception-type hierarchy that is created is used to organize exception types, similar to a class hierarchy in object-oriented languages, \eg: \begin{center} \input{EHMHierarchy} \end{center} A programmer can then choose to handle an exception at different degrees of specificity along the hierarchy; derived exception-types support a more flexible programming style. For example, higher-level code should catch general exceptions to reduce coupling to the specific implementation at the lower levels; unnecessary coupling may force changes in higher-level code when low-level code changes. A consequence of derived exception-types is that multiple exceptions may match, \eg: \begin{cfa} catch( Arithmetic ) \end{cfa} matches all three derived exception-types: ©DivideByZero©, ©Overflow©, and ©Underflow©. Because the propagation mechanisms perform a simple linear search of the handler clause for a guarded block, and selects the first matching handler, the order of catch clauses in the handler clause becomes important, \eg: \begin{cfa} try { ... } catch( Overflow ) { // must appear first // handle overflow } catch( Arithmetic ) // handle other arithmetic issues } \end{cfa} \newterm{Multiple derivation} among exception is not supported. \section{Alternative Declarations} \label{s:AlternativeDeclarations} C declaration syntax is notoriously confusing and error prone. For example, many C programmers are confused by a declaration as simple as: \begin{cquote} \begin{tabular}{@{}ll@{}} \begin{cfa} int * x[5] \end{cfa} & \raisebox{-0.75\totalheight}{\input{Cdecl}} \end{tabular} \end{cquote} Is this an array of 5 pointers to integers or a \Index{pointer} to an array of 5 integers? If there is any doubt, it implies \Index{productivity} and \Index{safety} issues even for basic programs. Another example of confusion results from the fact that a routine name and its parameters are embedded within the return type, mimicking the way the return value is used at the routine's call site. For example, a routine returning a \Index{pointer} to an array of integers is defined and used in the following way: \begin{cfa} int ®(*®f®())[®5®]® {...}; §\C{// definition}§ ... ®(*®f®())[®3®]® += 1; §\C{// usage}§ \end{cfa} Essentially, the return type is wrapped around the routine name in successive layers (like an \Index{onion}). While attempting to make the two contexts consistent is a laudable goal, it has not worked out in practice, even though Dennis Richie believed otherwise: \begin{quote} In spite of its difficulties, I believe that the C's approach to declarations remains plausible, and am comfortable with it; it is a useful unifying principle.~\cite[p.~12]{Ritchie93} \end{quote} \CFA provides its own type, variable and routine declarations, using a different syntax. The new declarations place qualifiers to the left of the base type, while C declarations place qualifiers to the right of the base type. In the following example, \R{red} is the base type and \B{blue} is qualifiers. The \CFA declarations move the qualifiers to the left of the base type, \ie move the blue to the left of the red, while the qualifiers have the same meaning but are ordered left to right to specify a variable's type. \begin{cquote} \begin{tabular}{@{}l@{\hspace{3em}}l@{}} \multicolumn{1}{c@{\hspace{3em}}}{\textbf{C}} & \multicolumn{1}{c}{\textbf{\CFA}} \\ \begin{cfa}[moredelim={**[is][\color{blue}]{\#}{\#}}] ®int® #*# x1 #[5]#; ®int® #(*#x2#)[5]#; #int (*#f®( int p )®#)[5]#; \end{cfa} & \begin{cfa}[moredelim={**[is][\color{blue}]{\#}{\#}}] #[5] *# ®int® x1; #* [5]# ®int® x2; #[* [5] int]# f®( int p )®; \end{cfa} \end{tabular} \end{cquote} The only exception is \Index{bit field} specification, which always appear to the right of the base type. % Specifically, the character ©*© is used to indicate a pointer, square brackets ©[©\,©]© are used to represent an array or function return value, and parentheses ©()© are used to indicate a routine parameter. However, unlike C, \CFA type declaration tokens are distributed across all variables in the declaration list. For instance, variables ©x© and ©y© of type \Index{pointer} to integer are defined in \CFA as follows: \begin{cquote} \begin{tabular}{@{}l@{\hspace{3em}}l@{}} \multicolumn{1}{c@{\hspace{3em}}}{\textbf{C}} & \multicolumn{1}{c}{\textbf{\CFA}} \\ \begin{cfa} int ®*®x, ®*®y; \end{cfa} & \begin{cfa} ®*® int x, y; \end{cfa} \end{tabular} \end{cquote} The downside of this semantics is the need to separate regular and \Index{pointer} declarations: \begin{cquote} \begin{tabular}{@{}l@{\hspace{3em}}l@{}} \multicolumn{1}{c@{\hspace{3em}}}{\textbf{C}} & \multicolumn{1}{c}{\textbf{\CFA}} \\ \begin{cfa} int ®*®x, y; \end{cfa} & \begin{cfa} ®*® int x; int y; \end{cfa} \end{tabular} \end{cquote} which is \Index{prescribing} a safety benefit. Other examples are: \begin{cquote} \begin{tabular}{@{}l@{\hspace{3em}}l@{\hspace{2em}}l@{}} \multicolumn{1}{c@{\hspace{3em}}}{\textbf{C}} & \multicolumn{1}{c@{\hspace{2em}}}{\textbf{\CFA}} \\ \begin{cfa} int z[ 5 ]; char * w[ 5 ]; double (* v)[ 5 ]; struct s { int f0:3; int * f1; int * f2[ 5 ] }; \end{cfa} & \begin{cfa} [ 5 ] int z; [ 5 ] * char w; * [ 5 ] double v; struct s { int f0:3; * int f1; [ 5 ] * int f2; }; \end{cfa} & \begin{cfa} // array of 5 integers // array of 5 pointers to char // pointer to array of 5 doubles // common bit field syntax \end{cfa} \end{tabular} \end{cquote} All type qualifiers, \eg ©const©, ©volatile©, \etc, are used in the normal way with the new declarations and also appear left to right, \eg: \begin{cquote} \begin{tabular}{@{}l@{\hspace{1em}}l@{\hspace{1em}}l@{}} \multicolumn{1}{c@{\hspace{1em}}}{\textbf{C}} & \multicolumn{1}{c@{\hspace{1em}}}{\textbf{\CFA}} \\ \begin{cfa} int const * const x; const int (* const y)[ 5 ] \end{cfa} & \begin{cfa} const * const int x; const * [ 5 ] const int y; \end{cfa} & \begin{cfa} // const pointer to const integer // const pointer to array of 5 const integers \end{cfa} \end{tabular} \end{cquote} All declaration qualifiers, \eg ©extern©, ©static©, \etc, are used in the normal way with the new declarations but can only appear at the start of a \CFA routine declaration,\footnote{\label{StorageClassSpecifier} The placement of a storage-class specifier other than at the beginning of the declaration specifiers in a declaration is an obsolescent feature.~\cite[\S~6.11.5(1)]{C11}} \eg: \begin{cquote} \begin{tabular}{@{}l@{\hspace{3em}}l@{\hspace{2em}}l@{}} \multicolumn{1}{c@{\hspace{3em}}}{\textbf{C}} & \multicolumn{1}{c@{\hspace{2em}}}{\textbf{\CFA}} \\ \begin{cfa} int extern x[ 5 ]; const int static * y; \end{cfa} & \begin{cfa} extern [ 5 ] int x; static * const int y; \end{cfa} & \begin{cfa} // externally visible array of 5 integers // internally visible pointer to constant int \end{cfa} \end{tabular} \end{cquote} The new declaration syntax can be used in other contexts where types are required, \eg casts and the pseudo-routine ©sizeof©: \begin{cquote} \begin{tabular}{@{}l@{\hspace{3em}}l@{}} \multicolumn{1}{c@{\hspace{3em}}}{\textbf{C}} & \multicolumn{1}{c}{\textbf{\CFA}} \\ \begin{cfa} y = (int *)x; i = sizeof(int * [ 5 ]); \end{cfa} & \begin{cfa} y = (* int)x; i = sizeof([ 5 ] * int); \end{cfa} \end{tabular} \end{cquote} Finally, new \CFA declarations may appear together with C declarations in the same program block, but cannot be mixed within a specific declaration. Therefore, a programmer has the option of either continuing to use traditional C declarations or take advantage of the new style. Clearly, both styles need to be supported for some time due to existing C-style header-files, particularly for UNIX-like systems. \section{Pointer / Reference} \label{s:PointerReference} C provides a \newterm{pointer type}; \CFA adds a \newterm{reference type}. These types may be derived from an object or routine type, called the \newterm{referenced type}. Objects of these types contain an \newterm{address}, which is normally a location in memory, but may also address memory-mapped registers in hardware devices. An integer constant expression with the value 0, or such an expression cast to type ©void *©, is called a \newterm{null-pointer constant}.\footnote{ One way to conceptualize the null pointer is that no variable is placed at this address, so the null-pointer address can be used to denote an uninitialized pointer/reference object; \ie the null pointer is guaranteed to compare unequal to a pointer to any object or routine. In general, a value with special meaning among a set of values is called a \emph{\Index{sentinel value}}, \eg ©-1© as a return code value.} An address is \newterm{sound}, if it points to a valid memory location in scope, \ie within the program's execution-environment and has not been freed. Dereferencing an \newterm{unsound} address, including the null pointer, is \Index{undefined}, often resulting in a \Index{memory fault}. A program \newterm{object} is a region of data storage in the execution environment, the contents of which can represent values. In most cases, objects are located in memory at an address, and the variable name for an object is an implicit address to the object generated by the compiler and automatically dereferenced, as in: \begin{cquote} \begin{tabular}{@{}ll@{\hspace{2em}}l@{}} \begin{cfa} int x; x = 3; int y; y = x; \end{cfa} & \raisebox{-0.45\totalheight}{\input{pointer1}} & \begin{cfa} int * ®const® x = (int *)100 *x = 3; // implicit dereference int * ®const® y = (int *)104; *y = *x; // implicit dereference \end{cfa} \end{tabular} \end{cquote} where the right example is how the compiler logically interprets the variables in the left example. Since a variable name only points to one address during its lifetime, it is an \Index{immutable} \Index{pointer}; hence, the implicit type of pointer variables ©x© and ©y© are constant pointers in the compiler interpretation. In general, variable addresses are stored in instructions instead of loaded from memory, and hence may not occupy storage. These approaches are contrasted in the following: \begin{cquote} \begin{tabular}{@{}l|l@{}} \multicolumn{1}{c|}{explicit variable address} & \multicolumn{1}{c}{implicit variable address} \\ \hline \begin{cfa} lda r1,100 // load address of x ld r2,(r1) // load value of x lda r3,104 // load address of y st r2,(r3) // store x into y \end{cfa} & \begin{cfa} ld r2,(100) // load value of x st r2,(104) // store x into y \end{cfa} \end{tabular} \end{cquote} Finally, the immutable nature of a variable's address and the fact that there is no storage for the variable pointer means pointer assignment\index{pointer!assignment}\index{assignment!pointer} is impossible. Therefore, the expression ©x = y© has only one meaning, ©*x = *y©, \ie manipulate values, which is why explicitly writing the dereferences is unnecessary even though it occurs implicitly as part of \Index{instruction decoding}. A \Index{pointer}/\Index{reference} object is a generalization of an object variable-name, \ie a mutable address that can point to more than one memory location during its lifetime. (Similarly, an integer variable can contain multiple integer literals during its lifetime versus an integer constant representing a single literal during its lifetime, and like a variable name, may not occupy storage if the literal is embedded directly into instructions.) Hence, a pointer occupies memory to store its current address, and the pointer's value is loaded by dereferencing, \eg: \begin{cquote} \begin{tabular}{@{}l@{\hspace{2em}}l@{}} \begin{cfa} int x, y, ®*® p1, ®*® p2, ®**® p3; p1 = ®&®x; // p1 points to x p2 = p1; // p2 points to x p1 = ®&®y; // p1 points to y p3 = &p2; // p3 points to p2 \end{cfa} & \raisebox{-0.5\totalheight}{\input{pointer2.pstex_t}} \end{tabular} \end{cquote} Notice, an address has a \Index{duality}\index{address!duality}: a location in memory or the value at that location. In many cases, a compiler might be able to infer the best meaning for these two cases. For example, \Index*{Algol68}~\cite{Algol68} infers pointer dereferencing to select the best meaning for each pointer usage \begin{cfa} p2 = p1 + x; §\C{// compiler infers *p2 = *p1 + x;}§ \end{cfa} Algol68 infers the following dereferencing ©*p2 = *p1 + x©, because adding the arbitrary integer value in ©x© to the address of ©p1© and storing the resulting address into ©p2© is an unlikely operation. Unfortunately, automatic dereferencing does not work in all cases, and so some mechanism is necessary to fix incorrect choices. Rather than inferring dereference, most programming languages pick one implicit dereferencing semantics, and the programmer explicitly indicates the other to resolve address-duality. In C, objects of pointer type always manipulate the pointer object's address: \begin{cfa} p1 = p2; §\C{// p1 = p2\ \ rather than\ \ *p1 = *p2}§ p2 = p1 + x; §\C{// p2 = p1 + x\ \ rather than\ \ *p2 = *p1 + x}§ \end{cfa} even though the assignment to ©p2© is likely incorrect, and the programmer probably meant: \begin{cfa} p1 = p2; §\C{// pointer address assignment}§ ®*®p2 = ®*®p1 + x; §\C{// pointed-to value assignment / operation}§ \end{cfa} The C semantics work well for situations where manipulation of addresses is the primary meaning and data is rarely accessed, such as storage management (©malloc©/©free©). However, in most other situations, the pointed-to value is requested more often than the pointer address. \begin{cfa} *p2 = ((*p1 + *p2) * (**p3 - *p1)) / (**p3 - 15); \end{cfa} In this case, it is tedious to explicitly write the dereferencing, and error prone when pointer arithmetic is allowed. It is better to have the compiler generate the dereferencing and have no implicit pointer arithmetic: \begin{cfa} p2 = ((p1 + p2) * (p3 - p1)) / (p3 - 15); \end{cfa} To support this common case, a reference type is introduced in \CFA, denoted by ©&©, which is the opposite dereference semantics to a pointer type, making the value at the pointed-to location the implicit semantics for dereferencing (similar but not the same as \CC \Index{reference type}s). \begin{cfa} int x, y, ®&® r1, ®&® r2, ®&&® r3; ®&®r1 = &x; §\C{// r1 points to x}§ ®&®r2 = &r1; §\C{// r2 points to x}§ ®&®r1 = &y; §\C{// r1 points to y}§ ®&&®r3 = ®&®&r2; §\C{// r3 points to r2}§ r2 = ((r1 + r2) * (r3 - r1)) / (r3 - 15); §\C{// implicit dereferencing}§ \end{cfa} Except for auto-dereferencing by the compiler, this reference example is the same as the previous pointer example. Hence, a reference behaves like the variable name for the current variable it is pointing-to. One way to conceptualize a reference is via a rewrite rule, where the compiler inserts a dereference operator before the reference variable for each reference qualifier in a declaration, so the previous example becomes: \begin{cfa} ®*®r2 = ((®*®r1 + ®*®r2) ®*® (®**®r3 - ®*®r1)) / (®**®r3 - 15); \end{cfa} When a reference operation appears beside a dereference operation, \eg ©&*©, they cancel out. However, in C, the cancellation always yields a value (\Index{rvalue}).\footnote{ The unary ©&© operator yields the address of its operand. If the operand has type ``type'', the result has type ``pointer to type''. If the operand is the result of a unary ©*© operator, neither that operator nor the ©&© operator is evaluated and the result is as if both were omitted, except that the constraints on the operators still apply and the result is not an lvalue.~\cite[\S~6.5.3.2--3]{C11}} For a \CFA reference type, the cancellation on the left-hand side of assignment leaves the reference as an address (\Index{lvalue}): \begin{cfa} (&®*®)r1 = &x; §\C{// (\&*) cancel giving address in r1 not variable pointed-to by r1}§ \end{cfa} Similarly, the address of a reference can be obtained for assignment or computation (\Index{rvalue}): \begin{cfa} (&(&®*®)®*®)r3 = &(&®*®)r2; §\C{// (\&*) cancel giving address in r2, (\&(\&*)*) cancel giving address in r3}§ \end{cfa} Cancellation\index{cancellation!pointer/reference}\index{pointer!cancellation} works to arbitrary depth. Fundamentally, pointer and reference objects are functionally interchangeable because both contain addresses. \begin{cfa} int x, *p1 = &x, **p2 = &p1, ***p3 = &p2, &r1 = x, &&r2 = r1, &&&r3 = r2; ***p3 = 3; §\C{// change x}§ r3 = 3; §\C{// change x, ***r3}§ **p3 = ...; §\C{// change p1}§ &r3 = ...; §\C{// change r1, (\&*)**r3, 1 cancellation}§ *p3 = ...; §\C{// change p2}§ &&r3 = ...; §\C{// change r2, (\&(\&*)*)*r3, 2 cancellations}§ &&&r3 = p3; §\C{// change r3 to p3, (\&(\&(\&*)*)*)r3, 3 cancellations}§ \end{cfa} Furthermore, both types are equally performant, as the same amount of dereferencing occurs for both types. Therefore, the choice between them is based solely on whether the address is dereferenced frequently or infrequently, which dictates the amount of implicit dereferencing aid from the compiler. As for a pointer type, a reference type may have qualifiers: \begin{cfa} const int cx = 5; §\C{// cannot change cx;}§ const int & cr = cx; §\C{// cannot change what cr points to}§ ®&®cr = &cx; §\C{// can change cr}§ cr = 7; §\C{// error, cannot change cx}§ int & const rc = x; §\C{// must be initialized}§ ®&®rc = &x; §\C{// error, cannot change rc}§ const int & const crc = cx; §\C{// must be initialized}§ crc = 7; §\C{// error, cannot change cx}§ ®&®crc = &cx; §\C{// error, cannot change crc}§ \end{cfa} Hence, for type ©& const©, there is no pointer assignment, so ©&rc = &x© is disallowed, and \emph{the address value cannot be the null pointer unless an arbitrary pointer is coerced\index{coercion} into the reference}: \begin{cfa} int & const cr = *0; §\C{// where 0 is the int * zero}§ \end{cfa} Note, constant reference-types do not prevent \Index{addressing errors} because of explicit storage-management: \begin{cfa} int & const cr = *malloc(); cr = 5; free( &cr ); cr = 7; §\C{// unsound pointer dereference}§ \end{cfa} The position of the ©const© qualifier \emph{after} the pointer/reference qualifier causes confuse for C programmers. The ©const© qualifier cannot be moved before the pointer/reference qualifier for C style-declarations; \CFA-style declarations \see{\VRef{s:AlternativeDeclarations}} attempt to address this issue: \begin{cquote} \begin{tabular}{@{}l@{\hspace{3em}}l@{}} \multicolumn{1}{c@{\hspace{3em}}}{\textbf{C}} & \multicolumn{1}{c}{\textbf{\CFA}} \\ \begin{cfa} const int * ®const® * ®const® ccp; \end{cfa} & \begin{cfa} ®const® * ®const® * const int ccp; ®const® & ®const® & const int ccr; \end{cfa} \end{tabular} \end{cquote} where the \CFA declaration is read left-to-right. Finally, like pointers, references are usable and composable with other type operators and generators. \begin{cfa} int w, x, y, z, & ar[3] = { x, y, z }; §\C{// initialize array of references}§ &ar[1] = &w; §\C{// change reference array element}§ typeof( ar[1] ) p; §\C{// (gcc) is int, \ie the type of referenced object}§ typeof( &ar[1] ) q; §\C{// (gcc) is int \&, \ie the type of reference}§ sizeof( ar[1] ) == sizeof( int ); §\C{// is true, \ie the size of referenced object}§ sizeof( &ar[1] ) == sizeof( int *) §\C{// is true, \ie the size of a reference}§ \end{cfa} In contrast to \CFA reference types, \Index*[C++]{\CC{}}'s reference types are all ©const© references, preventing changes to the reference address, so only value assignment is possible, which eliminates half of the \Index{address duality}. Also, \CC does not allow \Index{array}s\index{array!reference} of reference\footnote{ The reason for disallowing arrays of reference is unknown, but possibly comes from references being ethereal (like a textual macro), and hence, replaceable by the referent object.} \Index*{Java}'s reference types to objects (all Java objects are on the heap) are like C pointers, which always manipulate the address, and there is no (bit-wise) object assignment, so objects are explicitly cloned by shallow or deep copying, which eliminates half of the address duality. \subsection{Initialization} \Index{Initialization} is different than \Index{assignment} because initialization occurs on the empty (uninitialized) storage on an object, while assignment occurs on possibly initialized storage of an object. There are three initialization contexts in \CFA: declaration initialization, argument/parameter binding, return/temporary binding. Because the object being initialized has no value, there is only one meaningful semantics with respect to address duality: it must mean address as there is no pointed-to value. In contrast, the left-hand side of assignment has an address that has a duality. Therefore, for pointer/reference initialization, the initializing value must be an address not a value. \begin{cfa} int * p = &x; §\C{// assign address of x}§ ®int * p = x;® §\C{// assign value of x}§ int & r = x; §\C{// must have address of x}§ \end{cfa} Like the previous example with C pointer-arithmetic, it is unlikely assigning the value of ©x© into a pointer is meaningful (again, a warning is usually given). Therefore, for safety, this context requires an address, so it is superfluous to require explicitly taking the address of the initialization object, even though the type is incorrect. Note, this is strictly a convenience and safety feature for a programmer. Hence, \CFA allows ©r© to be assigned ©x© because it infers a reference for ©x©, by implicitly inserting a address-of operator, ©&©, and it is an error to put an ©&© because the types no longer match due to the implicit dereference. Unfortunately, C allows ©p© to be assigned with ©&x© (address) or ©x© (value), but most compilers warn about the latter assignment as being potentially incorrect. Similarly, when a reference type is used for a parameter/return type, the call-site argument does not require a reference operator for the same reason. \begin{cfa} int & f( int & r ); §\C{// reference parameter and return}§ z = f( x ) + f( y ); §\C{// reference operator added, temporaries needed for call results}§ \end{cfa} Within routine ©f©, it is possible to change the argument by changing the corresponding parameter, and parameter ©r© can be locally reassigned within ©f©. Since operator routine ©?+?© takes its arguments by value, the references returned from ©f© are used to initialize compiler generated temporaries with value semantics that copy from the references. \begin{cfa} int temp1 = f( x ), temp2 = f( y ); z = temp1 + temp2; \end{cfa} This \Index{implicit referencing} is crucial for reducing the syntactic burden for programmers when using references; otherwise references have the same syntactic burden as pointers in these contexts. When a pointer/reference parameter has a ©const© value (immutable), it is possible to pass literals and expressions. \begin{cfa} void f( ®const® int & cr ); void g( ®const® int * cp ); f( 3 ); g( ®&®3 ); f( x + y ); g( ®&®(x + y) ); \end{cfa} Here, the compiler passes the address to the literal 3 or the temporary for the expression ©x + y©, knowing the argument cannot be changed through the parameter. The ©&© before the constant/expression for the pointer-type parameter (©g©) is a \CFA extension necessary to type match and is a common requirement before a variable in C (\eg ©scanf©). Importantly, ©&3© may not be equal to ©&3©, where the references occur across calls because the temporaries maybe different on each call. \CFA \emph{extends} this semantics to a mutable pointer/reference parameter, and the compiler implicitly creates the necessary temporary (copying the argument), which is subsequently pointed-to by the reference parameter and can be changed.\footnote{ If whole program analysis is possible, and shows the parameter is not assigned, \ie it is ©const©, the temporary is unnecessary.} \begin{cfa} void f( int & r ); void g( int * p ); f( 3 ); g( ®&®3 ); §\C{// compiler implicit generates temporaries}§ f( x + y ); g( ®&®(x + y) ); §\C{// compiler implicit generates temporaries}§ \end{cfa} Essentially, there is an implicit \Index{rvalue} to \Index{lvalue} conversion in this case.\footnote{ This conversion attempts to address the \newterm{const hell} problem, when the innocent addition of a ©const© qualifier causes a cascade of type failures, requiring an unknown number of additional ©const© qualifiers, until it is discovered a ©const© qualifier cannot be added and all the ©const© qualifiers must be removed.} The implicit conversion allows seamless calls to any routine without having to explicitly name/copy the literal/expression to allow the call. %\CFA attempts to handle pointers and references in a uniform, symmetric manner. Finally, C handles \Index{routine object}s in an inconsistent way. A routine object is both a pointer and a reference (\Index{particle and wave}). \begin{cfa} void f( int i ); void (* fp)( int ); §\C{// routine pointer}§ fp = f; §\C{// reference initialization}§ fp = &f; §\C{// pointer initialization}§ fp = *f; §\C{// reference initialization}§ fp(3); §\C{// reference invocation}§ (*fp)(3); §\C{// pointer invocation}§ \end{cfa} While C's treatment of routine objects has similarity to inferring a reference type in initialization contexts, the examples are assignment not initialization, and all possible forms of assignment are possible (©f©, ©&f©, ©*f©) without regard for type. Instead, a routine object should be referenced by a ©const© reference: \begin{cfa} ®const® void (®&® fr)( int ) = f; §\C{// routine reference}§ fr = ...; §\C{// error, cannot change code}§ &fr = ...; §\C{// changing routine reference}§ fr( 3 ); §\C{// reference call to f}§ (*fr)(3); §\C{// error, incorrect type}§ \end{cfa} because the value of the routine object is a routine literal, \ie the routine code is normally immutable during execution.\footnote{ Dynamic code rewriting is possible but only in special circumstances.} \CFA allows this additional use of references for routine objects in an attempt to give a more consistent meaning for them. \subsection{Address-of Semantics} In C, ©&E© is an rvalue for any expression ©E©. \CFA extends the ©&© (address-of) operator as follows: \begin{itemize} \item if ©R© is an \Index{rvalue} of type ©T &©$_1\cdots$ ©&©$_r$, where $r \ge 1$ references (©&© symbols), than ©&R© has type ©T ©\R{©*©}©&©\R{$_2$}$\cdots$ ©&©\R{$_r$}, \ie ©T© pointer with $r-1$ references (©&© symbols). \item if ©L© is an \Index{lvalue} of type ©T &©$_1\cdots$ ©&©$_l$, where $l \ge 0$ references (©&© symbols), than ©&L© has type ©T ©\R{©*©}©&©\R{$_1$}$\cdots$ ©&©\R{$_l$}, \ie ©T© pointer with $l$ references (©&© symbols). \end{itemize} The following example shows the first rule applied to different \Index{rvalue} contexts: \begin{cfa} int x, * px, ** ppx, *** pppx, **** ppppx; int & rx = x, && rrx = rx, &&& rrrx = rrx ; x = rrrx; §\C{// rrrx is an lvalue with type int \&\&\& (equivalent to x)}§ px = &rrrx; §\C{// starting from rrrx, \&rrrx is an rvalue with type int *\&\&\& (\&x)}§ ppx = &&rrrx; §\C{// starting from \&rrrx, \&\&rrrx is an rvalue with type int **\&\& (\&rx)}§ pppx = &&&rrrx; §\C{// starting from \&\&rrrx, \&\&\&rrrx is an rvalue with type int ***\& (\&rrx)}§ ppppx = &&&&rrrx; §\C{// starting from \&\&\&rrrx, \&\&\&\&rrrx is an rvalue with type int **** (\&rrrx)}§ \end{cfa} The following example shows the second rule applied to different \Index{lvalue} contexts: \begin{cfa} int x, * px, ** ppx, *** pppx; int & rx = x, && rrx = rx, &&& rrrx = rrx ; rrrx = 2; §\C{// rrrx is an lvalue with type int \&\&\& (equivalent to x)}§ &rrrx = px; §\C{// starting from rrrx, \&rrrx is an rvalue with type int *\&\&\& (rx)}§ &&rrrx = ppx; §\C{// starting from \&rrrx, \&\&rrrx is an rvalue with type int **\&\& (rrx)}§ &&&rrrx = pppx; §\C{// starting from \&\&rrrx, \&\&\&rrrx is an rvalue with type int ***\& (rrrx)}§ \end{cfa} \subsection{Conversions} C provides a basic implicit conversion to simplify variable usage: \begin{enumerate} \setcounter{enumi}{-1} \item lvalue to rvalue conversion: ©cv T© converts to ©T©, which allows implicit variable dereferencing. \begin{cfa} int x; x + 1; §\C{// lvalue variable (int) converts to rvalue for expression}§ \end{cfa} An rvalue has no type qualifiers (©cv©), so the lvalue qualifiers are dropped. \end{enumerate} \CFA provides three new implicit conversion for reference types to simplify reference usage. \begin{enumerate} \item reference to rvalue conversion: ©cv T &© converts to ©T©, which allows implicit reference dereferencing. \begin{cfa} int x, &r = x, f( int p ); x = ®r® + f( ®r® ); §\C{// lvalue reference converts to rvalue}§ \end{cfa} An rvalue has no type qualifiers (©cv©), so the reference qualifiers are dropped. \item lvalue to reference conversion: \lstinline[deletekeywords=lvalue]{lvalue-type cv1 T} converts to ©cv2 T &©, which allows implicitly converting variables to references. \begin{cfa} int x, &r = ®x®, f( int & p ); §\C{// lvalue variable (int) convert to reference (int \&)}§ f( ®x® ); §\C{// lvalue variable (int) convert to reference (int \&)}§ \end{cfa} Conversion can restrict a type, where ©cv1© $\le$ ©cv2©, \eg passing an ©int© to a ©const volatile int &©, which has low cost. Conversion can expand a type, where ©cv1© $>$ ©cv2©, \eg passing a ©const volatile int© to an ©int &©, which has high cost (\Index{warning}); furthermore, if ©cv1© has ©const© but not ©cv2©, a temporary variable is created to preserve the immutable lvalue. \item rvalue to reference conversion: ©T© converts to ©cv T &©, which allows binding references to temporaries. \begin{cfa} int x, & f( int & p ); f( ®x + 3® ); §\C{// rvalue parameter (int) implicitly converts to lvalue temporary reference (int \&)}§ ®&f®(...) = &x; §\C{// rvalue result (int \&) implicitly converts to lvalue temporary reference (int \&)}§ \end{cfa} In both case, modifications to the temporary are inaccessible (\Index{warning}). Conversion expands the temporary-type with ©cv©, which is low cost since the temporary is inaccessible. \end{enumerate} \begin{comment} From: Richard Bilson Date: Wed, 13 Jul 2016 01:58:58 +0000 Subject: Re: pointers / references To: "Peter A. Buhr" As a general comment I would say that I found the section confusing, as you move back and forth between various real and imagined programming languages. If it were me I would rewrite into two subsections, one that specifies precisely the syntax and semantics of reference variables and another that provides the rationale. I don't see any obvious problems with the syntax or semantics so far as I understand them. It's not obvious that the description you're giving is complete, but I'm sure you'll find the special cases as you do the implementation. My big gripes are mostly that you're not being as precise as you need to be in your terminology, and that you say a few things that aren't actually true even though I generally know what you mean. 20 C provides a pointer type; CFA adds a reference type. Both types contain an address, which is normally a 21 location in memory. An address is not a location in memory; an address refers to a location in memory. Furthermore it seems weird to me to say that a type "contains" an address; rather, objects of that type do. 21 Special addresses are used to denote certain states or access co-processor memory. By 22 convention, no variable is placed at address 0, so addresses like 0, 1, 2, 3 are often used to denote no-value 23 or other special states. This isn't standard C at all. There has to be one null pointer representation, but it doesn't have to be a literal zero representation and there doesn't have to be more than one such representation. 23 Often dereferencing a special state causes a memory fault, so checking is necessary 24 during execution. I don't see the connection between the two clauses here. I feel like if a bad pointer will not cause a memory fault then I need to do more checking, not less. 24 If the programming language assigns addresses, a program's execution is sound, \ie all 25 addresses are to valid memory locations. You haven't said what it means to "assign" an address, but if I use my intuitive understanding of the term I don't see how this can be true unless you're assuming automatic storage management. 1 Program variables are implicit pointers to memory locations generated by the compiler and automatically 2 dereferenced, as in: There is no reason why a variable needs to have a location in memory, and indeed in a typical program many variables will not. In standard terminology an object identifier refers to data in the execution environment, but not necessarily in memory. 13 A pointer/reference is a generalization of a variable name, \ie a mutable address that can point to more 14 than one memory location during its lifetime. I feel like you're off the reservation here. In my world there are objects of pointer type, which seem to be what you're describing here, but also pointer values, which can be stored in an object of pointer type but don't necessarily have to be. For example, how would you describe the value denoted by "&main" in a C program? I would call it a (function) pointer, but that doesn't satisfy your definition. 16 not occupy storage as the literal is embedded directly into instructions.) Hence, a pointer occupies memory 17 to store its current address, and the pointer's value is loaded by dereferencing, \eg: As with my general objection regarding your definition of variables, there is no reason why a pointer variable (object of pointer type) needs to occupy memory. 21 p2 = p1 + x; // compiler infers *p2 = *p1 + x; What language are we in now? 24 pointer usage. However, in C, the following cases are ambiguous, especially with pointer arithmetic: 25 p1 = p2; // p1 = p2 or *p1 = *p2 This isn't ambiguous. it's defined to be the first option. 26 p1 = p1 + 1; // p1 = p1 + 1 or *p1 = *p1 + 1 Again, this statement is not ambiguous. 13 example. Hence, a reference behaves like the variable name for the current variable it is pointing-to. The 14 simplest way to understand a reference is to imagine the compiler inserting a dereference operator before 15 the reference variable for each reference qualifier in a declaration, \eg: It's hard for me to understand who the audience for this part is. I think a practical programmer is likely to be satisfied with "a reference behaves like the variable name for the current variable it is pointing-to," maybe with some examples. Your "simplest way" doesn't strike me as simpler than that. It feels like you're trying to provide a more precise definition for the semantics of references, but it isn't actually precise enough to be a formal specification. If you want to express the semantics of references using rewrite rules that's a great way to do it, but lay the rules out clearly, and when you're showing an example of rewriting keep your references/pointers/values separate (right now, you use \eg "r3" to mean a reference, a pointer, and a value). 24 Cancellation works to arbitrary depth, and pointer and reference values are interchangeable because both 25 contain addresses. Except they're not interchangeable, because they have different and incompatible types. 40 Interestingly, C++ deals with the address duality by making the pointed-to value the default, and prevent- 41 ing changes to the reference address, which eliminates half of the duality. Java deals with the address duality 42 by making address assignment the default and requiring field assignment (direct or indirect via methods), 43 \ie there is no builtin bit-wise or method-wise assignment, which eliminates half of the duality. I can follow this but I think that's mostly because I already understand what you're trying to say. I don't think I've ever heard the term "method-wise assignment" and I don't see you defining it. Furthermore Java does have value assignment of basic (non-class) types, so your summary here feels incomplete. (If it were me I'd drop this paragraph rather than try to save it.) 11 Hence, for type & const, there is no pointer assignment, so &rc = &x is disallowed, and the address value 12 cannot be 0 unless an arbitrary pointer is assigned to the reference. Given the pains you've taken to motivate every little bit of the semantics up until now, this last clause ("the address value cannot be 0") comes out of the blue. It seems like you could have perfectly reasonable semantics that allowed the initialization of null references. 12 In effect, the compiler is managing the 13 addresses for type & const not the programmer, and by a programming discipline of only using references 14 with references, address errors can be prevented. Again, is this assuming automatic storage management? 18 rary binding. For reference initialization (like pointer), the initializing value must be an address (lvalue) not 19 a value (rvalue). This sentence appears to suggest that an address and an lvalue are the same thing. 20 int * p = &x; // both &x and x are possible interpretations Are you saying that we should be considering "x" as a possible interpretation of the initializer "&x"? It seems to me that this expression has only one legitimate interpretation in context. 21 int & r = x; // x unlikely interpretation, because of auto-dereferencing You mean, we can initialize a reference using an integer value? Surely we would need some sort of cast to induce that interpretation, no? 22 Hence, the compiler implicitly inserts a reference operator, &, before the initialization expression. But then the expression would have pointer type, which wouldn't be compatible with the type of r. 22 Similarly, 23 when a reference is used for a parameter/return type, the call-site argument does not require a reference 24 operator. Furthermore, it would not be correct to use a reference operator. 45 The implicit conversion allows 1 seamless calls to any routine without having to explicitly name/copy the literal/expression to allow the call. 2 While C' attempts to handle pointers and references in a uniform, symmetric manner, C handles routine 3 variables in an inconsistent way: a routine variable is both a pointer and a reference (particle and wave). After all this talk of how expressions can have both pointer and value interpretations, you're disparaging C because it has expressions that have both pointer and value interpretations? On Sat, Jul 9, 2016 at 4:18 PM Peter A. Buhr wrote: > Aaron discovered a few places where "&"s are missing and where there are too many "&", which are > corrected in the attached updated. None of the text has changed, if you have started reading > already. \end{comment} \section{\lstinline{string} Type} \label{s:stringType} The \CFA \Indexc{string} type is for manipulation of dynamically-size character-strings versus C \Indexc{char *} type for manipulation of statically-size null-terminated character-strings. That is, the amount of storage for a \CFA string changes dynamically at runtime to fit the string size, whereas the amount of storage for a C string is fixed at compile time. Hence, a ©string© declaration does not specify a maximum length; as a string dynamically grows and shrinks in size, so does its underlying storage. In contrast, a C string also dynamically grows and shrinks is size, but its underlying storage is fixed. The maximum storage for a \CFA ©string© value is ©size_t© characters, which is $2^{32}$ or $2^{64}$ respectively. A \CFA string manages its length separately from the string, so there is no null (©'\0'©) terminating value at the end of a string value. Hence, a \CFA string cannot be passed to a C string manipulation routine, such as ©strcat©. Like C strings, the characters in a ©string© are numbered starting from 0. The following operations have been defined to manipulate an instance of type ©string©. The discussion assumes the following declarations and assignment statements are executed. \begin{cfa} #include ®® ®string® s, peter, digit, alpha, punctuation, ifstmt; int i; peter = "PETER"; digit = "0123456789"; punctuation = "().,"; ifstmt = "IF (A > B) {"; \end{cfa} Note, the include file \Indexc{string.hfa} to access type ©string©. \subsection{Implicit String Conversions} The types ©char©, ©char *©, ©int©, ©double©, ©_Complex©, including different signness and sizes, implicitly convert to type ©string©. \VRef[Figure]{f:ImplicitConversionsString} shows examples of implicit conversions between C strings, integral, floating-point and complex types to ©string©. A conversions can be explicitly specified: \begin{cfa} s = string( "abc" ); §\C{// converts char * to string}§ s = string( 5 ); §\C{// converts int to string}§ s = string( 5.5 ); §\C{// converts double to string}§ \end{cfa} All conversions from ©string© to ©char *©, attempt to be safe: either by requiring the maximum length of the ©char *© storage (©strncpy©) or allocating the ©char *© storage for the string characters (ownership), meaning the programmer must free the storage. As well, a string is always null terminates, implying a minimum size of 1 character. \begin{cquote} \begin{tabular}{@{}l@{\hspace{1.75in}}|@{\hspace{15pt}}l@{}} \begin{cfa} string s = "abcde"; char cs[3]; strncpy( cs, s, sizeof(cs) ); §\C{sout | cs;}§ char * cp = s; §\C{sout | cp;}§ delete( cp ); cp = s + ' ' + s; §\C{sout | cp;}§ delete( cp ); \end{cfa} & \begin{cfa} ab abcde abcde abcde \end{cfa} \end{tabular} \end{cquote} \begin{figure} \begin{tabular}{@{}l@{\hspace{15pt}}|@{\hspace{15pt}}l@{}} \begin{cfa} // string s = 5; sout | s; string s; // conversion of char and char * to string s = 'x'; §\C{sout | s;}§ s = "abc"; §\C{sout | s;}§ char cs[5] = "abc"; s = cs; §\C{sout | s;}§ // conversion of integral, floating-point, and complex to string s = 45hh; §\C{sout | s;}§ s = 45h; §\C{sout | s;}§ s = -(ssize_t)MAX - 1; §\C{sout | s;}§ s = (size_t)MAX; §\C{sout | s;}§ s = 5.5; §\C{sout | s;}§ s = 5.5L; §\C{sout | s;}§ s = 5.5+3.4i; §\C{sout | s;}§ s = 5.5L+3.4Li; §\C{sout | s;}§ \end{cfa} & \begin{cfa} x abc abc 45 45 -9223372036854775808 18446744073709551615 5.5 5.5 5.5+3.4i 5.5+3.4i \end{cfa} \end{tabular} \caption{Implicit Conversions to String} \label{f:ImplicitConversionsString} \end{figure} \subsection{Size (length)} The ©size© operation returns the length of a string. \begin{cfa} i = size( "" ); §\C{// i is assigned 0}§ i = size( "abc" ); §\C{// i is assigned 3}§ i = size( peter ); §\C{// i is assigned 5}§ \end{cfa} \subsection{Comparison Operators} The binary \Index{relational operator}s, ©<©, ©<=©, ©>©, ©>=©, and \Index{equality operator}s, ©==©, ©!=©, compare strings using lexicographical ordering, where longer strings are greater than shorter strings. \subsection{Concatenation} The binary operators \Indexc{+} and \Indexc{+=} concatenate two strings, creating the sum of the strings. \begin{cfa} s = peter + ' ' + digit; §\C{// s is assigned "PETER 0123456789"}§ s += peter; §\C{// s is assigned "PETER 0123456789PETER"}§ \end{cfa} \subsection{Repetition} The binary operators \Indexc{*} and \Indexc{*=} repeat a string $N$ times. If $N = 0$, a zero length string, ©""© is returned. \begin{cfa} s = 'x' * 3; §\C{// s is assigned "PETER PETER PETER "}§ s = (peter + ' ') * 3; §\C{// s is assigned "PETER PETER PETER "}§ \end{cfa} \subsection{Substring} The substring operation returns a subset of the string starting at a position in the string and traversing a length. \begin{cfa} s = peter( 2, 3 ); §\C{// s is assigned "ETE"}§ s = peter( 4, -3 ); §\C{// s is assigned "ETE", length is opposite direction}§ s = peter( 2, 8 ); §\C{// s is assigned "ETER", length is clipped to 4}§ s = peter( 0, -1 ); §\C{// s is assigned "", beyond string so clipped to null}§ s = peter(-1, -1 ); §\C{// s is assigned "R", start and length are negative}§ \end{cfa} A negative starting position is a specification from the right end of the string. A negative length means that characters are selected in the opposite (right to left) direction from the starting position. If the substring request extends beyond the beginning or end of the string, it is clipped (shortened) to the bounds of the string. If the substring request is completely outside of the original string, a null string located at the end of the original string is returned. The substring operation can also appear on the left hand side of the assignment operator. The substring is replaced by the value on the right hand side of the assignment. The length of the right-hand-side value may be shorter, the same length, or longer than the length of the substring that is selected on the left hand side of the assignment. \begin{cfa} digit( 3, 3 ) = ""; §\C{// digit is assigned "0156789"}§ digit( 4, 3 ) = "xyz"; §\C{// digit is assigned "015xyz9"}§ digit( 7, 0 ) = "***"; §\C{// digit is assigned "015xyz***9"}§ digit(-4, 3 ) = "$$$"; §\C{// digit is assigned "015xyz\$\$\$9"}§ \end{cfa} A substring is treated as a pointer into the base (substringed) string rather than creating a copy of the subtext. As with all pointers, if the item they are pointing at is changed, then the pointer is referring to the changed item. Pointers to the result value of a substring operation are defined to always start at the same location in their base string as long as that starting location exists, independent of changes to themselves or the base string. However, if the base string value changes, this may affect the values of one or more of the substrings to that base string. If the base string value shortens so that its end is before the starting location of a substring, resulting in the substring starting location disappearing, the substring becomes a null string located at the end of the base string. The following example illustrates passing the results of substring operations by reference and by value to a subprogram. Notice the side-effects to other reference parameters as one is modified. \begin{cfa} main() { string x = "xxxxxxxxxxxxx"; test( x, x(1,3), x(3,3), x(5,5), x(9,5), x(9,5) ); } // x, a, b, c, & d are substring results passed by reference // e is a substring result passed by value void test(string &x, string &a, string &b, string &c, string &d, string e) { §\C{// x a b c d e}§ a( 1, 2 ) = "aaa"; §\C{// aaaxxxxxxxxxxx aaax axx xxxxx xxxxx xxxxx}§ b( 2, 12 ) = "bbb"; §\C{// aaabbbxxxxxxxxx aaab abbb bbxxx xxxxx xxxxx}§ c( 4, 5 ) = "ccc"; §\C{// aaabbbxcccxxxxxx aaab abbb bbxccc ccxxx xxxxx}§ c = "yyy"; §\C{// aaabyyyxxxxxx aaab abyy yyy xxxxx xxxxx}§ d( 1, 3 ) = "ddd"; §\C{// aaabyyyxdddxx aaab abyy yyy dddxx xxxxx}§ e( 1, 3 ) = "eee"; §\C{// aaabyyyxdddxx aaab abyy yyy dddxx eeexx}§ x = e; §\C{// eeexx eeex exx x eeexx}§ } \end{cfa} There is an assignment form of substring in which only the starting position is specified and the length is assumed to be the remainder of the string. \begin{cfa} string operator () (int start); \end{cfa} For example: \begin{cfa} s = peter( 2 ); §\C{// s is assigned "ETER"}§ peter( 2 ) = "IPER"; §\C{// peter is assigned "PIPER"}§ \end{cfa} It is also possible to substring using a string as the index for selecting the substring portion of the string. \begin{cfa} string operator () (const string &index); \end{cfa} For example: \begin{cfa}[mathescape=false] digit( "xyz$$$" ) = "678"; §\C{// digit is assigned "0156789"}§ digit( "234") = "***"; §\C{// digit is assigned "0156789***"}§ \end{cfa} \subsection{Searching} The ©index© operation \begin{cfa} int index( const string &key, int start = 1, occurrence occ = first ); \end{cfa} returns the position of the first or last occurrence of the ©key© (depending on the occurrence indicator ©occ© that is either ©first© or ©last©) in the current string starting the search at position ©start©. If the ©key© does not appear in the current string, the length of the current string plus one is returned. %If the ©key© has zero length, the value 1 is returned regardless of what the current string contains. A negative starting position is a specification from the right end of the string. \begin{cfa} i = digit.index( "567" ); §\C{// i is assigned 3}§ i = digit.index( "567", 7 ); §\C{// i is assigned 11}§ i = digit.index( "567", -1, last ); §\C{// i is assigned 3}§ i = peter.index( "E", 5, last ); §\C{// i is assigned 4}§ \end{cfa} The next two string operations test a string to see if it is or is not composed completely of a particular class of characters. For example, are the characters of a string all alphabetic or all numeric? Use of these operations involves a two step operation. First, it is necessary to create an instance of type ©strmask© and initialize it to a string containing the characters of the particular character class, as in: \begin{cfa} strmask digitmask = digit; strmask alphamask = string( "abcdefghijklmnopqrstuvwxyz" ); \end{cfa} Second, the character mask is used in the functions ©include© and ©exclude© to check a string for compliance of its characters with the characters indicated by the mask. The ©include© operation \begin{cfa} int include( const strmask &, int = 1, occurrence occ = first ); \end{cfa} returns the position of the first or last character (depending on the occurrence indicator, which is either ©first© or ©last©) in the current string that does not appear in the ©mask© starting the search at position ©start©; hence it skips over characters in the current string that are included (in) the ©mask©. The characters in the current string do not have to be in the same order as the ©mask©. If all the characters in the current string appear in the ©mask©, the length of the current string plus one is returned, regardless of which occurrence is being searched for. A negative starting position is a specification from the right end of the string. \begin{cfa} i = peter.include( digitmask ); §\C{// i is assigned 1}§ i = peter.include( alphamask ); §\C{// i is assigned 6}§ \end{cfa} The ©exclude© operation \begin{cfa} int exclude( string &mask, int start = 1, occurrence occ = first ) \end{cfa} returns the position of the first or last character (depending on the occurrence indicator, which is either ©first© or ©last©) in the current string that does appear in the ©mask© string starting the search at position ©start©; hence it skips over characters in the current string that are excluded from (not in) in the ©mask© string. The characters in the current string do not have to be in the same order as the ©mask© string. If all the characters in the current string do NOT appear in the ©mask© string, the length of the current string plus one is returned, regardless of which occurrence is being searched for. A negative starting position is a specification from the right end of the string. \begin{cfa} i = peter.exclude( digitmask ); §\C{// i is assigned 6}§ i = ifstmt.exclude( strmask( punctuation ) ); §\C{// i is assigned 4}§ \end{cfa} The ©includeStr© operation: \begin{cfa} string includeStr( strmask &mask, int start = 1, occurrence occ = first ) \end{cfa} returns the longest substring of leading or trailing characters (depending on the occurrence indicator, which is either ©first© or ©last©) of the current string that ARE included in the ©mask© string starting the search at position ©start©. A negative starting position is a specification from the right end of the string. \begin{cfa} s = peter.includeStr( alphamask ); §\C{// s is assigned "PETER"}§ s = ifstmt.includeStr( alphamask ); §\C{// s is assigned "IF"}§ s = peter.includeStr( digitmask ); §\C{// s is assigned ""}§ \end{cfa} The ©excludeStr© operation: \begin{cfa} string excludeStr( strmask &mask, int start = 1, occurrence = first ) \end{cfa} returns the longest substring of leading or trailing characters (depending on the occurrence indicator, which is either ©first© or ©last©) of the current string that are excluded (NOT) in the ©mask© string starting the search at position ©start©. A negative starting position is a specification from the right end of the string. \begin{cfa} s = peter.excludeStr( digitmask); §\C{// s is assigned "PETER"}§ s = ifstmt.excludeStr( strmask( punctuation ) ); §\C{// s is assigned "IF "}§ s = peter.excludeStr( alphamask); §\C{// s is assigned ""}§ \end{cfa} \subsection{Miscellaneous} The ©trim© operation \begin{cfa} string trim( string &mask, occurrence occ = first ) \end{cfa} returns a string in that is the longest substring of leading or trailing characters (depending on the occurrence indicator, which is either ©first© or ©last©) which ARE included in the ©mask© are removed. \begin{cfa} // remove leading blanks s = string( " ABC" ).trim( " " ); §\C{// s is assigned "ABC",}§ // remove trailing blanks s = string( "ABC " ).trim( " ", last ); §\C{// s is assigned "ABC",}§ \end{cfa} The ©translate© operation \begin{cfa} string translate( string &from, string &to ) \end{cfa} returns a string that is the same length as the original string in which all occurrences of the characters that appear in the ©from© string have been translated into their corresponding character in the ©to© string. Translation is done on a character by character basis between the ©from© and ©to© strings; hence these two strings must be the same length. If a character in the original string does not appear in the ©from© string, then it simply appears as is in the resulting string. \begin{cfa} // upper to lower case peter = peter.translate( "ABCDEFGHIJKLMNOPQRSTUVWXYZ", "abcdefghijklmnopqrstuvwxyz" ); // peter is assigned "peter" s = ifstmt.translate( "ABCDEFGHIJKLMNOPQRSTUVWXYZ", "abcdefghijklmnopqrstuvwxyz" ); // ifstmt is assigned "if (a > b) {" // lower to upper case peter = peter.translate( "abcdefghijklmnopqrstuvwxyz", "ABCDEFGHIJKLMNOPQRSTUVWXYZ" ); // peter is assigned "PETER" \end{cfa} The ©replace© operation \begin{cfa} string replace( string &from, string &to ) \end{cfa} returns a string in which all occurrences of the ©from© string in the current string have been replaced by the ©to© string. \begin{cfa} s = peter.replace( "E", "XX" ); §\C{// s is assigned "PXXTXXR"}§ \end{cfa} The replacement is done left-to-right. When an instance of the ©from© string is found and changed to the ©to© string, it is NOT examined again for further replacement. \subsection{Returning N+1 on Failure} Any of the string search routines can fail at some point during the search. When this happens it is necessary to return indicating the failure. Many string types in other languages use some special value to indicate the failure. This value is often 0 or -1 (PL/I returns 0). This section argues that a value of N+1, where N is the length of the base string in the search, is a more useful value to return. The index-of function in APL returns N+1. These are the boundary situations and are often overlooked when designing a string type. The situation that can be optimized by returning N+1 is when a search is performed to find the starting location for a substring operation. For example, in a program that is extracting words from a text file, it is necessary to scan from left to right over whitespace until the first alphabetic character is found. \begin{cfa} line = line( line.exclude( alpha ) ); \end{cfa} If a text line contains all whitespaces, the exclude operation fails to find an alphabetic character. If ©exclude© returns 0 or -1, the result of the substring operation is unclear. Most string types generate an error, or clip the starting value to 1, resulting in the entire whitespace string being selected. If ©exclude© returns N+1, the starting position for the substring operation is beyond the end of the string leaving a null string. The same situation occurs when scanning off a word. \begin{cfa} start = line.include(alpha); word = line(1, start - 1); \end{cfa} If the entire line is composed of a word, the include operation will fail to find a non-alphabetic character. In general, returning 0 or -1 is not an appropriate starting position for the substring, which must substring off the word leaving a null string. However, returning N+1 will substring off the word leaving a null string. \subsection{C Compatibility} To ease conversion from C to \CFA, there are companion ©string© routines for C strings. \VRef[Table]{t:CompanionStringRoutines} shows the C routines on the left that also work with ©string© and the rough equivalent ©string© opeation of the right. Hence, it is possible to directly convert a block of C string operations into @string@ just by changing the \begin{table} \begin{cquote} \begin{tabular}{@{}l|l@{}} \multicolumn{1}{c|}{©char []©} & \multicolumn{1}{c}{©string©} \\ \hline ©strcpy©, ©strncpy© & ©=© \\ ©strcat©, ©strncat© & ©+© \\ ©strcmp©, ©strncmp© & ©==©, ©!=©, ©<©, ©<=©, ©>©, ©>=© \\ ©strlen© & ©size© \\ ©[]© & ©[]© \\ ©strstr© & ©find© \\ ©strcspn© & ©find_first_of©, ©find_last_of© \\ ©strspc© & ©find_fist_not_of©, ©find_last_not_of© \end{tabular} \end{cquote} \caption{Companion Routines for \CFA \lstinline{string} to C Strings} \label{t:CompanionStringRoutines} \end{table} For example, this block of C code can be converted to \CFA by simply changing the type of variable ©s© from ©char []© to ©string©. \begin{cfa} char s[32]; //string s; strcpy( s, "abc" ); PRINT( %s, s ); strncpy( s, "abcdef", 3 ); PRINT( %s, s ); strcat( s, "xyz" ); PRINT( %s, s ); strncat( s, "uvwxyz", 3 ); PRINT( %s, s ); PRINT( %zd, strlen( s ) ); PRINT( %c, s[3] ); PRINT( %s, strstr( s, "yzu" ) ) ; PRINT( %s, strstr( s, 'y' ) ) ; \end{cfa} However, the conversion fails with I/O because ©printf© cannot print a ©string© using format code ©%s© because \CFA strings are not null terminated. \subsection{Input/Output Operators} Both the \CC operators ©<<© and ©>>© are defined on type ©string©. However, input of a string value is different from input of a ©char *© value. When a string value is read, \emph{all} input characters from the current point in the input stream to either the end of line (©'\n'©) or the end of file are read. \section{Enumeration} An \newterm{enumeration} is a compile-time mechanism to alias names to constants, like ©typedef© is a mechanism to alias names to types. Its purpose is to define a restricted-value type providing code-readability and maintenance -- changing an enum's value automatically updates all name usages during compilation. An enumeration type is a set of names, each called an \newterm{enumeration constant} (shortened to \newterm{enum}) aliased to a fixed value (constant). \begin{cfa} enum Days { Mon, Tue, Wed, Thu, Fri, Sat, Sun }; // enumeration type definition, set of 7 names & values Days days = Mon; // enumeration type declaration and initialization \end{cfa} The set of enums is injected into the variable namespace at the definition scope. Hence, enums may be overloaded with variable, enum, and function names. \begin{cfa} int Foo; §\C{// type/variable separate namespaces}§ enum Foo { Bar }; enum Goo { Bar }; §\C{// overload Foo.Bar}§ double Bar; §\C{// overload Foo.Bar, Goo.Bar}§ \end{cfa} An anonymous enumeration injects enums with specific values into a scope. \begin{cfa} enum { Prime = 103, BufferSize = 1024 }; \end{cfa} An enumeration is better than using C \Index{preprocessor} or constant declarations. \begin{cquote} \begin{tabular}{@{}l@{\hspace{4em}}l@{}} \begin{cfa} #define Mon 0 ... #define Sun 6 \end{cfa} & \begin{cfa} const int Mon = 0, ..., Sun = 6; \end{cfa} \end{tabular} \end{cquote} because the enumeration is succinct, has automatic numbering, can appear in ©case© labels, does not use storage, and is part of the language type-system. Finally, the type of an enum is implicitly or explicitly specified and the constant value can be implicitly or explicitly specified. Note, enum values may be repeated in an enumeration. \subsection{Enum type} The type of enums can be any type, and an enum's value comes from this type. Because an enum is a constant, it cannot appear in a mutable context, \eg ©Mon = Sun© is disallowed, and has no address (it is an rvalue). Therefore, an enum is automatically converted to its constant's base-type, \eg comparing/printing an enum compares/prints its value rather than the enum name; there is no mechanism to print the enum name. The default enum type is ©int©. Hence, ©Days© is the set type ©Mon©, ©Tue©, ...\,, ©Sun©, while the type of each enum is ©int© and each enum represents a fixed integral value. If no values are specified for an integral enum type, the enums are automatically numbered by one from left to right starting at zero. Hence, the value of enum ©Mon© is 0, ©Tue© is 1, ...\,, ©Sun© is 6. If an enum value is specified, numbering continues by one from that value for subsequent unnumbered enums. If an enum value is a \emph{constant} expression, the compiler performs constant-folding to obtain a constant value. \CFA allows other integral types with associated values. \begin{cfa} enum( ®char® ) Letter { A ®= 'A'®, B, C, I ®= 'I'®, J, K }; enum( ®long long int® ) BigNum { X = 123_456_789_012_345, Y = 345_012_789_456_123 }; \end{cfa} For enumeration ©Letter©, enum ©A©'s value is explicitly set to ©'A'©, with ©B© and ©C© implicitly numbered with increasing values from ©'A'©, and similarly for enums ©I©, ©J©, and ©K©. Non-integral enum types must be explicitly initialized, \eg ©double© is not automatically numbered by one. \begin{cfa} // non-integral numeric enum( ®double® ) Math { PI_2 = 1.570796, PI = 3.141597, E = 2.718282 } // pointer enum( ®char *® ) Name { Fred = "Fred", Mary = "Mary", Jane = "Jane" }; int i, j, k; enum( ®int *® ) ptr { I = &i, J = &j, K = &k }; enum( ®int &® ) ref { I = i, J = j, K = k }; // tuple enum( ®[int, int]® ) { T = [ 1, 2 ] }; // function void f() {...} void g() {...} enum( ®void (*)()® ) funs { F = f, F = g }; // aggregate struct S { int i, j; }; enum( ®S® ) s { A = { 3, 4 }, B = { 7, 8 } }; // enumeration enum( ®Letter® ) Greek { Alph = A, Beta = B, /* more enums */ }; // alphabet intersection \end{cfa} Enumeration ©Greek© may have more or less enums than ©Letter©, but the enum values \emph{must} be from ©Letter©. Therefore, ©Greek© enums are a subset of type ©Letter© and are type compatible with enumeration ©Letter©, but ©Letter© enums are not type compatible with enumeration ©Greek©. The following examples illustrate the difference between the enumeration type and the type of its enums. \begin{cfa} Math m = PI; §\C{// allowed}§ double d = PI; §\C{// allowed, conversion to base type}§ m = E; §\C{// allowed}§ m = Alph; §\C{// {\color{red}disallowed}}§ m = 3.141597; §\C{// {\color{red}disallowed}}§ d = m; §\C{// allowed}§ d = Alph; §\C{// {\color{red}disallowed}}§ Letter l = A; §\C{// allowed}§ Greek g = Alph; §\C{// allowed}§ l = Alph; §\C{// allowed, conversion to base type}§ g = A; §\C{// {\color{red}disallowed}}§ \end{cfa} A constructor \emph{cannot} be used to initialize enums because a constructor executes at runtime. A fallback is explicit C-style initialization using ©@=©. \begin{cfa} enum( struct vec3 ) Axis { Up @= { 1, 0, 0 }, Left @= { 0, 1, 0 }, Front @= { 0, 0, 1 } } \end{cfa} Finally, enumeration variables are assignable and comparable only if the appropriate operators are defined for its enum type. \subsection{Inheritance} \Index{Plan-9}\index{inheritance!enumeration} inheritance may be used with enumerations. \begin{cfa} enum( char * ) Name2 { ®inline Name®, Jack = "Jack", Jill = "Jill" }; enum ®/* inferred */® Name3 { ®inline Name2®, Sue = "Sue", Tom = "Tom" }; \end{cfa} Enumeration ©Name2© inherits all the enums and their values from enumeration ©Name© by containment, and a ©Name© enumeration is a subtype of enumeration ©Name2©. Note, enums must be unique in inheritance but enum values may be repeated. The enum type for the inheriting type must be the same as the inherited type; hence the enum type may be omitted for the inheriting enumeration and it is inferred from the inherited enumeration, as for ©Name3©. When inheriting from integral types, automatic numbering may be used, so the inheritance placement left to right is important, \eg the placement of ©Sue© and ©Tom© before or after ©inline Name2©. Specifically, the inheritance relationship for ©Name©s is: \begin{cfa} Name $\(\subseteq\)$ Name2 $\(\subseteq\)$ Name3 $\(\subseteq\)$ const char * // enum type of Name \end{cfa} Hence, given \begin{cfa} void f( Name ); void g( Name2 ); void h( Name3 ); void j( const char * ); \end{cfa} the following calls are valid \begin{cfa} f( Fred ); g( Fred ); g( Jill ); h( Fred ); h( Jill ); h( Sue ); j( Fred ); j( Jill ); j( Sue ); j( 'W' ); \end{cfa} Note, the validity of calls is the same for call-by-reference as for call-by-value, and ©const© restrictions are the same as for other types. Enums cannot be created at runtime, so inheritence problems, such as contra-variance do not apply. Only instances of the enum base-type may be created at runtime. \begin{comment} The invariance of references, as I show at the bottom, is easy to overlook. Not shown, but on the same topic, is that returns work in the opposite direction as parameters. Hopefully our existing type rules already know both those facts, so that we'd only have to provide the rules that I suggest using the by-value parameters. The Fred, Jack, and Mary declarations are picked verbatim from our earlier whiteboard, just repeated here for reference. \begin{cfa} // Fred is a subset of char * enum( char *) Fred { A = "A", B = "B", C = "C" }; // Jack is a subset of Fred enum( enum Fred ) Jack { W = A, Y = C}; // Mary is a superset of Fred enum Mary { inline Fred, D = "hello" }; // Demonstrating invariance of references [void] frcs( & * char x ) { char * x0 = x; x = "bye"; } [void] frf ( & Fred x ) { Fred x0 = x; x = B; } [void] frj ( & Jack x ) { Jack x0 = x; x = W; } [void] frm ( & Mary x ) { Mary x0 = x; x = D; } char * vcs; Fred vf; Jack vj; Mary vm; // all variant calls: bad (here are noteworthy examples) frcs( vf ); // can't assign "bye" to vf frm ( vf ); // can't assign D to vf frf ( vj ); // can't assign B to vj vf = B ; frj ( vf ); // can't assign B to frj.x0 vcs = "bye"; frf ( vcs ); // can't assign "bye" to frf.x0 \end{cfa} This example is really great. However, I think it's work explicitly doing one with ©const &©. \end{comment} \section{Routine Definition} \CFA supports a new syntax for routine definition, as well as \Celeven and K\&R routine syntax. The point of the new syntax is to allow returning multiple values from a routine~\cite{Galletly96,CLU}, \eg: \begin{cfa} ®[ int o1, int o2, char o3 ]® f( int i1, char i2, char i3 ) { §\emph{routine body}§ } \end{cfa} where routine ©f© has three output (return values) and three input parameters. Existing C syntax cannot be extended with multiple return types because it is impossible to embed a single routine name within multiple return type-specifications. In detail, the brackets, ©[]©, enclose the result type, where each return value is named and that name is a local variable of the particular return type.\footnote{ \Index*{Michael Tiemann}\index{Tiemann, Michael}, with help from \Index*{Doug Lea}\index{Lea, Doug}, provided named return values in g++, circa 1989.} The value of each local return variable is automatically returned at routine termination. Declaration qualifiers can only appear at the start of a routine definition, \eg: \begin{cfa} ®extern® [ int x ] g( int y ) {§\,§} \end{cfa} Lastly, if there are no output parameters or input parameters, the brackets and/or parentheses must still be specified; in both cases the type is assumed to be void as opposed to old style C defaults of int return type and unknown parameter types, respectively, as in: \begin{cfa} [§\,§] g(); §\C{// no input or output parameters}§ [ void ] g( void ); §\C{// no input or output parameters}§ \end{cfa} Routine f is called as follows: \begin{cfa} [ i, j, ch ] = f( 3, 'a', ch ); \end{cfa} The list of return values from f and the grouping on the left-hand side of the assignment is called a \newterm{return list} and discussed in Section 12. \CFA style declarations cannot be used to declare parameters for K\&R style routine definitions because of the following ambiguity: \begin{cfa} int (*f(x))[ 5 ] int x; {} \end{cfa} The string ``©int (*f(x))[ 5 ]©'' declares a K\&R style routine of type returning a pointer to an array of 5 integers, while the string ``©[ 5 ] int x©'' declares a \CFA style parameter ©x© of type array of 5 integers. Since the strings overlap starting with the open bracket, ©[©, there is an ambiguous interpretation for the string. As well, \CFA-style declarations cannot be used to declare parameters for C-style routine-definitions because of the following ambiguity: \begin{cfa} typedef int foo; int f( int (* foo) ); §\C{// foo is redefined as a parameter name}§ \end{cfa} The string ``©int (* foo)©'' declares a C-style named-parameter of type pointer to an integer (the parenthesis are superfluous), while the same string declares a \CFA style unnamed parameter of type routine returning integer with unnamed parameter of type pointer to ©foo©. The redefinition of a type name in a parameter list is the only context in C where the character ©*© can appear to the left of a type name, and \CFA relies on all type qualifier characters appearing to the right of the type name. The inability to use \CFA declarations in these two contexts is probably a blessing because it precludes programmers from arbitrarily switching between declarations forms within a declaration contexts. C-style declarations can be used to declare parameters for \CFA style routine definitions, \eg: \begin{cfa} [ int ] f( * int, int * ); §\C{// returns an integer, accepts 2 pointers to integers}§ [ * int, int * ] f( int ); §\C{// returns 2 pointers to integers, accepts an integer}§ \end{cfa} The reason for allowing both declaration styles in the new context is for backwards compatibility with existing preprocessor macros that generate C-style declaration-syntax, as in: \begin{cfa} #define ptoa( n, d ) int (*n)[ d ] int f( ptoa( p, 5 ) ) ... §\C{// expands to int f( int (*p)[ 5 ] )}§ [ int ] f( ptoa( p, 5 ) ) ... §\C{// expands to [ int ] f( int (*p)[ 5 ] )}§ \end{cfa} Again, programmers are highly encouraged to use one declaration form or the other, rather than mixing the forms. \subsection{Named Return Values} \Index{Named return values} handle the case where it is necessary to define a local variable whose value is then returned in a ©return© statement, as in: \begin{cfa} int f() { int x; ... x = 0; ... x = y; ... return x; } \end{cfa} Because the value in the return variable is automatically returned when a \CFA routine terminates, the ©return© statement \emph{does not} contain an expression, as in: \newline \begin{minipage}{\linewidth} \begin{cfa} ®[ int x, int y ]® f() { int z; ... x = 0; ... y = z; ... ®return;® §\C{// implicitly return x, y}§ } \end{cfa} \end{minipage} \newline When the return is encountered, the current values of ©x© and ©y© are returned to the calling routine. As well, ``falling off the end'' of a routine without a ©return© statement is permitted, as in: \begin{cfa} [ int x, int y ] f() { ... } §\C{// implicitly return x, y}§ \end{cfa} In this case, the current values of ©x© and ©y© are returned to the calling routine just as if a ©return© had been encountered. Named return values may be used in conjunction with named parameter values; specifically, a return and parameter can have the same name. \begin{cfa} [ int x, int y ] f( int, x, int y ) { ... } §\C{// implicitly return x, y}§ \end{cfa} This notation allows the compiler to eliminate temporary variables in nested routine calls. \begin{cfa} [ int x, int y ] f( int, x, int y ); §\C{// prototype declaration}§ int a, b; [a, b] = f( f( f( a, b ) ) ); \end{cfa} While the compiler normally ignores parameters names in prototype declarations, here they are used to eliminate temporary return-values by inferring that the results of each call are the inputs of the next call, and ultimately, the left-hand side of the assignment. Hence, even without the body of routine ©f© (separate compilation), it is possible to perform a global optimization across routine calls. The compiler warns about naming inconsistencies between routine prototype and definition in this case, and behaviour is \Index{undefined} if the programmer is inconsistent. \subsection{Routine Prototype} The syntax of the new routine prototype declaration follows directly from the new routine definition syntax; as well, parameter names are optional, \eg: \begin{cfa} [ int x ] f (); §\C{// returning int with no parameters}§ [ * int ] g (int y); §\C{// returning pointer to int with int parameter}§ [ ] h ( int, char ); §\C{// returning no result with int and char parameters}§ [ * int, int ] j ( int ); §\C{// returning pointer to int and int, with int parameter}§ \end{cfa} This syntax allows a prototype declaration to be created by cutting and pasting source text from the routine definition header (or vice versa). Like C, it is possible to declare multiple routine-prototypes in a single declaration, where the return type is distributed across \emph{all} routine names in the declaration list \see{\VRef{s:AlternativeDeclarations}}, \eg: \begin{cfa} C : const double bar1(), bar2( int ), bar3( double ); §\CFA§: [const double] foo(), foo( int ), foo( double ) { return 3.0; } \end{cfa} \CFA allows the last routine in the list to define its body. Declaration qualifiers can only appear at the start of a \CFA routine declaration,\footref{StorageClassSpecifier} \eg: \begin{cfa} extern [ int ] f ( int ); static [ int ] g ( int ); \end{cfa} \subsection{Postfix Function} \label{s:PostfixFunction} \index{postfix function} \CFA provides an alternative call syntax where the argument appears before the function name. The syntax uses the backquote ©`© to separate the parameters/arguments and function name: ©?`© denotes a postfix-function name, \eg ©int ?`h( int s )© and ©`© denotes a postfix-function call, \eg ©0`h© meaning ©h( 0 )©. \begin{cquote} \begin{tabular}{@{}l|l|l|l@{}} postfix function & constant argument call & variable argument call & postfix function pointer \\ \hline \begin{cfa} int ?`h( int s ); int ?`h( double s ); int ?`m( char c ); int ?`m( const char * s ); int ?`t( int a, int b, int c ); \end{cfa} & \begin{cfa} 0`h; 3.5`h; '1'`m; "123" "456"`m; [1, 2, 3]`t; \end{cfa} & \begin{cfa} int i = 7; i`h; (i + 3)`h; (i + 3.5)`h; \end{cfa} & \begin{cfa} int (* ?`p)( int i ); ?`p = ?`h; 3`p; i`p; (i + 3)`p; \end{cfa} \end{tabular} \end{cquote} Note, to pass \emph{multiple} arguments to a postfix function requires a \Index{tuple}, \eg ©[1, 2, 3]`t©, which forms a single argument that is flattened into the multiple arguments \see{\VRef{s:Tuple}}. Similarly, if the argument is an expression, it must be parenthesized, \eg ©(i + 3)`h©, or only the last operand of the expression is the argument, \eg ©i + (3`h)©. \VRef[Figure]{f:UnitsComparison} shows a common example for postfix functions: converting basic literals into user literals. \see*{\VRef{s:DynamicStorageManagement} for other uses for postfix functions.} The \CFA example (left) stores a mass in units of stones (1 stone = 14 lb or 6.35 kg) and provides an addition operator ©?+?© (imagine a full set of arithmetic operators). The arithmetic operators manipulate stones and the postfix operations convert to/from different units. The three postfixing function names ©st©, ©lb©, and ©kg©, represent units stones, pounds, and kilograms, respectively. Each name has two forms that bidirectional convert: a value of a specified unit to stones, \eg ©w = 14`lb© $\Rightarrow$ ©w == 1© stone or a ©Weight© from stones back to specific units, \eg ©w`lb© (1 stone) to ©14©. A similar group of postfix functions provide user constants for converting time units into nanoseconds, which is the basic time unit, \eg ©ns©, ©us©, ©ms©, ©s©, ©m©, ©h©, ©d©, and ©w©, for nanosecond, microsecond, millisecond, second, minute, hour, day, and week, respectively. (Note, month is not a fixed period of time nor is year because of leap years.) \begin{figure} \centering \begin{tabular}{@{}l|l@{}} \multicolumn{1}{@{}c|}{\textbf{\CFA Postfix Routine}} & \multicolumn{1}{c@{}}{\textbf{\CC User Literals}} \\ \hline \begin{cfa} struct Weight { double stones; }; Weight ?+?( Weight l, Weight r ) { return l.stones + r.stones; } Weight ®?`st®( double w ) { return w; } double ®?`st®( Weight w ) { return w.stones; } Weight ®?`lb®( double w ) { return w / 14.0; } double ®?`lb®( Weight w ) { return w.stones * 14.0; } Weight ®?`kg®( double w ) { return w / 6.35; } double ®?`kg®( Weight w ) { return w.stones * 6.35; } int main() { Weight w, heavy = { 20 }; // stones w = 155®`lb®; w = 0b_1111®`st®; w = 0_233®`lb®; w = 0x_9b®`kg®; w = 5.5®`st® + 8®`kg® + 25.01®`lb® + heavy; } \end{cfa} & \begin{C++} struct Weight { double stones; Weight() {} Weight( double w ) { stones = w; } }; Weight operator+( Weight l, Weight r ) { return l.stones + r.stones; } Weight operator®""_st®( long double w ) { return w; } Weight operator®""_lb®( long double w ) { return w / 14.0; } Weight operator®""_kg®( long double w ) { return w / 6.35; } Weight operator®""_st®( unsigned long long int w ) { return w; } Weight operator®""_lb®( unsigned long long int w ) { return w / 14.0; } Weight operator®""_kg®( unsigned long long int w ) { return w / 6.35; } int main() { Weight w, heavy = { 20 }; // stones w = 155®_lb®; w = 0b1111®_st®; w = 0'233®_lb®; // quote separator w = 0x9b®_kg®; w = 5.5®_st® + 8®_kg® + 25.01®_lb® + heavy; } \end{C++} \end{tabular} \begin{comment} Time : comparison of time units. \\ \begin{tabular}{@{}ll@{}} \CFA & \CC \\ \begin{cfa} #include #include Duration s = 1`h + 2 * 10`m + 70`s / 10; sout | "1 hour + 2*10 min + 70/10 sec = " | s | "seconds"; sout | "Dividing that by 2 minutes gives" | s / 2`m; sout | "Dividing that by 2 gives" | s / 2 | "seconds\n"; sout | s | "seconds is" | s`h | "hours," | (s % 1`h)`m | "minutes," | (s % 1`m)`s | "seconds"; \end{cfa} & \begin{C++} #include #include using namespace std; using namespace std::chrono; seconds s = hours(1) + 2 * minutes(10) + seconds(70) / 10; cout << "1 hour + 2*10 min + 70/10 sec = " << s.count() << " seconds\n"; cout << "Dividing that by 2 minutes gives " << s / minutes(2) << '\n'; cout << "Dividing that by 2 gives " << (s / 2).count() << " seconds\n"; cout << s.count() << " seconds is " << duration_cast( s ).count() << " hours, " << duration_cast( s % hours(1) ).count() << " minutes, " << duration_cast( s % minutes(1) ).count() << " seconds\n"; \end{C++} \end{tabular} \end{comment} \caption{Units: Stone, Pound, Kilogram Comparison} \label{f:UnitsComparison} \end{figure} The \CC example (right) provides a \emph{restricted} capability via user literals. The \lstinline[language=C++]{operator""} only takes a constant argument (\ie no variable as an argument), and the constant type must be the highest-level constant-type, \eg ©long double© for all floating-point constants. As well, there is no constant conversion, \ie ©int© to ©double© constants, so integral constants are handled by a separate set of routines, with maximal integral type ©unsigned long long int©. Finally, there is no mechanism to use this syntax for a bidirectional conversion because \lstinline[language=C++]{operator""} only accepts a constant argument. \section{Routine Pointers} The syntax for pointers to \CFA routines specifies the pointer name on the right, \eg: \begin{cfa} * [ int x ] () fp; §\C[2.25in]{// pointer to routine returning int with no parameters}§ * [ * int ] (int y) gp; §\C{// pointer to routine returning pointer to int with int parameter}§ * [ ] (int,char) hp; §\C{// pointer to routine returning no result with int and char parameters}§ * [ * int,int ] ( int ) jp; §\C{// pointer to routine returning pointer to int and int, with int parameter}\CRT§ \end{cfa} While parameter names are optional, \emph{a routine name cannot be specified}; for example, the following is incorrect: \begin{cfa} * [ int x ] f () fp; §\C{// routine name "f" is disallowed}§ \end{cfa} \section{Default and Named Parameter} Default\index{default parameter}\index{parameter!default} and named\index{named parameter}\index{parameter!named} parameters~\cite{Hardgrave76}\footnote{ Francez~\cite{Francez77} proposed a further extension to the named-parameter passing style, which specifies what type of communication (by value, by reference, by name) the argument is passed to the routine.} are two mechanisms to simplify routine call. \subsection{Default} A default parameter associates a default value with a parameter so it can be optionally specified in the argument list. For example, given the routine prototype: \begin{cfa} void f( int x ®= 1®, int y ®= 2®, int z ®= 3® ); \end{cfa} allowable calls are: \begin{cquote} \setlength{\tabcolsep}{0.75in} \begin{tabular}{@{}ll@{}} \textbf{positional arguments} & \textbf{empty arguments} \\ \begin{cfa} f(); §\C[0.75in]{// rewrite \(\Rightarrow\) f( 1, 2, 3 )}§ f( 4 ); §\C{// rewrite \(\Rightarrow\) f( 4, 2, 3 )}§ f( 4, 4 ); §\C{// rewrite \(\Rightarrow\) f( 4, 4, 3 )}§ f( 4, 4, 4 ); §\C{// rewrite \(\Rightarrow\) f( 4, 4, 4 )}\CRT§ \end{cfa} & \begin{cfa} f( ®?®, 4, 4 ); §\C[1.0in]{// rewrite \(\Rightarrow\) f( 1, 4, 4 )}§ f( 4, ®?®, 4 ); §\C{// rewrite \(\Rightarrow\) f( 4, 2, 4 )}§ f( 4, 4, ®?® ); §\C{// rewrite \(\Rightarrow\) f( 4, 4, 3 )}§ f( 4, ®?®, ®?® ); §\C{// rewrite \(\Rightarrow\) f( 4, 2, 3 )}§ f( ®?®, 4, ®?® ); §\C{// rewrite \(\Rightarrow\) f( 1, 4, 3 )}§ f( ®?®, ®?®, 4 ); §\C{// rewrite \(\Rightarrow\) f( 1, 2, 4 )}§ f( ®?®, ®?®, ®?® ); §\C{// rewrite \(\Rightarrow\) f( 1, 2, 3 )}\CRT§ \end{cfa} \end{tabular} \end{cquote} where the ©?© selects the default value as the argument. Here the missing arguments are inserted from the default values in the parameter list. The compiler rewrites missing default values into explicit positional arguments. The advantages of default values are: \begin{itemize} \item Routines with a large number of parameters are often very generalized, giving a programmer a number of different options on how a computation is performed. For many of these routines, there are standard or default settings that work for the majority of computations. Without default values for parameters, a programmer is forced to specify these common values all the time, resulting in long argument lists that are error prone. \item When a routine's interface is augmented with new parameters, it extends the interface providing generalizability\footnote{ ``It should be possible for the implementor of an abstraction to increase its generality. So long as the modified abstraction is a generalization of the original, existing uses of the abstraction will not require change. It might be possible to modify an abstraction in a manner which is not a generalization without affecting existing uses, but, without inspecting the modules in which the uses occur, this possibility cannot be determined. This criterion precludes the addition of parameters, unless these parameters have default or inferred values that are valid for all possible existing applications.''~\cite[p.~128]{Cormack90}} (somewhat like the generalization provided by inheritance for classes). That is, all existing calls are still valid, although the call must still be recompiled. \end{itemize} The only disadvantage of default arguments is that unintentional omission of an argument may not result in a compiler-time error. Instead, a default value is used, which may not be the programmer's intent. Default parameters may only appear in a prototype versus definition context: \begin{cfa} void f( int x, int y = 2, int z = 3 ); §\C{// prototype: allowed}§ void f( int, int = 2, int = 3 ); §\C{// prototype: allowed}§ void f( int x, int y = 2, int z = 3 ) ®{}® §\C{// definition: disallowed}§ \end{cfa} The reason for this restriction is to allow separate compilation. Multiple prototypes with different default values is undefined. Default arguments and overloading \see{\VRef{s:Overloading}} are complementary. While in theory default arguments can be simulated with overloading, as in: \begin{cquote} \begin{tabular}{@{}l@{\hspace{3em}}l@{}} \multicolumn{1}{c@{\hspace{3em}}}{\textbf{default arguments}} & \multicolumn{1}{c}{\textbf{overloading}} \\ \begin{cfa} void f( int x, int y = 2, int z = 3 ) {...} \end{cfa} & \begin{cfa} void f( int x, int y, int z ) {...} void f( int x ) { f( x, 2, 3 ); } void f( int x, int y ) { f( x, y, 3 ); } \end{cfa} \end{tabular} \end{cquote} the number of required overloaded routines is linear in the number of default values, which is unacceptable growth. In general, overloading is used over default parameters, if the body of the routine is significantly different. Furthermore, overloading cannot handle accessing default arguments in the middle of a positional list. \begin{cfa} f( 1, ®?®, 5 ); §\C{// rewrite \(\Rightarrow\) f( 1, 2, 5 )}§ \end{cfa} \subsection{Named (or Keyword)} A named (keyword) parameter provides the ability to specify an argument to a routine call using the parameter name rather than the position of the parameter. For example, given the routine prototype: \begin{cfa} void f( int ®?®x, int ®?®y, int ®?®z ); \end{cfa} allowable calls are: \begin{cfa} f( ?x = 3, ?y = 4, ?z = 5 ); §\C{// rewrite \(\Rightarrow\) f( 3, 4, 5 )}§ f( ?y = 4, ?z = 5, ?x = 3 ); §\C{// rewrite \(\Rightarrow\) f( 3, 4, 5 )}§ f( ?z = 5, ?x = 3, ?y = 4 ); §\C{// rewrite \(\Rightarrow\) f( 3, 4, 5 )}§ f( ?x = 3, ?z = 5, ?y = 4 ); §\C{// rewrite \(\Rightarrow\) f( 3, 4, 5 )}§ \end{cfa} Here the ordering of the the parameters and arguments is unimportant, and the names of the parameters are used to associate argument values with the corresponding parameters. The compiler rewrites a named call into a positional call. Note, the syntax ©?x = 3© is necessary for the argument, because ©x = 3© has an existing meaning, \ie assign ©3© to ©x© and pass the value of ©x©. The advantages of named parameters are: \begin{itemize} \item Remembering the names of the parameters may be easier than the order in the routine definition. \item Parameter names provide documentation at the call site (assuming the names are descriptive). \item Changes can be made to the order or number of parameters without affecting the call (although the call must still be recompiled). \end{itemize} Named parameters may only appear in a prototype versus definition context: \begin{cfa} void f( int x, int ?y, int ?z ); §\C{// prototype: allowed}§ void f( int ?x, int , int ?z ); §\C{// prototype: allowed}§ void f( int x, int ?y, int ?z ) ®{}® §\C{// definition: disallowed}§ \end{cfa} The reason for this restriction is to allow separate compilation. Multiple prototypes with different positional parameter names is an error. The named parameter is not part of type resolution; only the type of the expression assigned to the named parameter affects type resolution. \begin{cfa} int f( int ?i, int ?j ); int f( int ?i, double ?j ); f( ?j = 3, ?i = 4 ); §\C{// 1st f}§ f( ?i = 7, ?j = 8.1 ); §\C{// 2nd f}§ \end{cfa} \subsection{Mixed Default/Named} Default and named parameters can be intermixed and named parameters can have a default value. For example, given the routine prototype: \begin{cfa} void f( int x, int y ®= 1®, int ®?®z ®= 2® ); \end{cfa} allowable calls are: \begin{cfa} f( 3 ); §\C{// rewrite \(\Rightarrow\) f( 3, 1, 2 )}§ f( 3, 4 ); §\C{// rewrite \(\Rightarrow\) f( 3, 4, 2 )}§ f( 3, ?z = 5 ); §\C{// rewrite \(\Rightarrow\) f( 3, 1, 5 )}§ f( 3, 4, ?z = 5 ); §\C{// rewrite \(\Rightarrow\) f( 3, 4, 5 )}§ f( ?z = 5, 3 ); §\C{// rewrite \(\Rightarrow\) f( 3, 1, 5 )}§ f( 3, ?z = 5, 4 ); §\C{// rewrite \(\Rightarrow\) f( 3, 4, 5 )}§ \end{cfa} Finally, the ellipse (``...'') parameter must appear after positional and named parameters in a routine prototype. \begin{cfa} void f( int i = 1, int ?j = 2, ®...® ); \end{cfa} \CFA named and default arguments are backwards compatible with C. \Index*[C++]{\CC{}} only supports default parameters; \Index*{Ada} supports both named and default parameters. \section{Unnamed Structure Fields} C requires each field of a structure to have a name, except for a bit field associated with a basic type, \eg: \begin{cfa} struct { int f1; §\C{// named field}§ int f2 : 4; §\C{// named field with bit field size}§ int : 3; §\C{// unnamed field for basic type with bit field size}§ int ; §\C{// disallowed, unnamed field}§ int *; §\C{// disallowed, unnamed field}§ int (*)( int ); §\C{// disallowed, unnamed field}§ }; \end{cfa} This requirement is relaxed by making the field name optional for all field declarations; therefore, all the field declarations in the example are allowed. As for unnamed bit fields, an unnamed field is used for padding a structure to a particular size. A list of unnamed fields is also supported, \eg: \begin{cfa} struct { int , , ; §\C{// 3 unnamed fields}§ } \end{cfa} \section{Nesting} Nesting of types and routines is useful for controlling name visibility (\newterm{name hiding}). \subsection{Type Nesting} \CFA allows \Index{type nesting}, and type qualification of the nested types \see{\VRef[Figure]{f:TypeNestingQualification}}, where as C hoists\index{type hoisting} (refactors) nested types into the enclosing scope and has no type qualification. \begin{figure} \centering \begin{tabular}{@{}l@{\hspace{3em}}l|l@{}} \multicolumn{1}{c@{\hspace{3em}}}{\textbf{C Type Nesting}} & \multicolumn{1}{c}{\textbf{C Implicit Hoisting}} & \multicolumn{1}{|c}{\textbf{\CFA}} \\ \hline \begin{cfa} struct S { enum C { R, G, B }; struct T { union U { int i, j; }; enum C c; short int i, j; }; struct T t; } s; int fred() { s.t.c = R; struct T t = { R, 1, 2 }; enum C c; union U u; } \end{cfa} & \begin{cfa} enum C { R, G, B }; union U { int i, j; }; struct T { enum C c; short int i, j; }; struct S { struct T t; } s; \end{cfa} & \begin{cfa} struct S { enum C { R, G, B }; struct T { union U { int i, j; }; enum C c; short int i, j; }; struct T t; } s; int fred() { s.t.c = ®S.®R; // type qualification struct ®S.®T t = { ®S.®R, 1, 2 }; enum ®S.®C c; union ®S.T.®U u; } \end{cfa} \end{tabular} \caption{Type Nesting / Qualification} \label{f:TypeNestingQualification} \end{figure} In the left example in C, types ©C©, ©U© and ©T© are implicitly hoisted outside of type ©S© into the containing block scope. In the right example in \CFA, the types are not hoisted and accessed using the field-selection operator ``©.©'' for type qualification, as does \Index*{Java}, rather than the \CC type-selection operator ``©::©''. \subsection{Routine Nesting} While \CFA does not provide object programming by putting routines into structures, it does rely heavily on locally nested routines to redefine operations at or close to a call site. For example, the C quick-sort is wrapped into the following polymorphic \CFA routine: \begin{cfa} forall( T | { int ? y; }® §\C{// nested routine}§ qsort( ia, size ); §\C{// sort descending order by local redefinition}§ } \end{cfa} Nested routines are not first-class, meaning a nested routine cannot be returned if it has references to variables in its enclosing blocks; the only exception is references to the external block of the translation unit, as these variables persist for the duration of the program. The following program in undefined in \CFA (and Indexc{gcc}) \begin{cfa} [* [int]( int )] foo() { §\C{// int (* foo())( int )}§ int ®i® = 7; int bar( int p ) { ®i® += 1; §\C{// dependent on local variable}§ sout | ®i®; } return bar; §\C{// undefined because of local dependence}§ } int main() { * [int]( int ) fp = foo(); §\C{// int (* fp)( int )}§ sout | fp( 3 ); } \end{cfa} because Currently, there are no \Index{lambda} expressions, \ie unnamed routines because routine names are very important to properly select the correct routine. \section{Tuple} \label{s:Tuple} In C and \CFA, lists of elements appear in several contexts, such as the parameter list of a routine call. \begin{cfa} f( ®2, x, 3 + i® ); §\C{// element list}§ \end{cfa} A list of elements is called a \newterm{tuple}, and is different from a \Index{comma expression}. \subsection{Multiple-Return-Value Functions} \label{s:MRV_Functions} In C and most programming languages, functions return at most one value; however, many operations have multiple outcomes, some exceptional \see{\VRef{s:ExceptionHandling}}. To emulate functions with multiple return values, \emph{\Index{aggregation}} and/or \emph{\Index{aliasing}} is used. In the former approach, a record type is created combining all of the return values. For example, consider C's \Indexc{div} function, which returns the quotient and remainder for a division of an integer value. \begin{cfa} typedef struct { int quot, rem; } div_t; §\C{// from include stdlib.h}§ div_t div( int num, int den ); div_t qr = div( 13, 5 ); §\C{// return quotient/remainder aggregate}§ printf( "%d %d\n", qr.quot, qr.rem ); §\C{// print quotient/remainder}§ \end{cfa} This approach requires a name for the return type and fields, where \Index{naming} is a common programming-language issue. That is, naming creates an association that must be managed when reading and writing code. While effective when used sparingly, this approach does not scale when functions need to return multiple combinations of types. In the latter approach, additional return values are passed as pointer parameters. A pointer parameter is assigned inside the routine to emulate a return. For example, consider C's \Indexc{modf} function, which returns the integral and fractional part of a floating value. \begin{cfa} double modf( double x, double * i ); §\C{// from include math.h}§ double intp, frac = modf( 13.5, &intp ); §\C{// return integral and fractional components}§ printf( "%g %g\n", intp, frac ); §\C{// print integral/fractional components}§ \end{cfa} This approach requires allocating storage for the return values, which complicates the call site with a sequence of variable declarations leading to the call. Also, while a disciplined use of ©const© can give clues about whether a pointer parameter is used as an \Index{out parameter}, it is not obvious from the routine signature whether the callee expects such a parameter to be initialized before the call. Furthermore, while many C routines that accept pointers are safe for a ©NULL© argument, there are many C routines that are not null-safe. Finally, C does not provide a mechanism to state that a parameter is going to be used as an additional return value, which makes the job of ensuring that a value is returned more difficult for the compiler. Still, not every routine with multiple return values should be required to return an error code, and error codes are easily ignored, so this is not a satisfying solution. As with the previous approach, this technique can simulate multiple return values, but in practice it is verbose and error prone. \CFA allows functions to return multiple values by extending the function declaration syntax. Multiple return values are declared as a comma-separated list of types in square brackets in the same location that the return type appears in standard C function declarations. \begin{cfa} [ char, int, double ] f( ... ); \end{cfa} The ability to return multiple values from a function requires a new syntax for the return statement. For consistency, the return statement in \CFA accepts a comma-separated list of expressions in square brackets. \begin{cfa} return [ c, i, d ]; \end{cfa} The expression resolution ensures the correct form is used depending on the values being returned and the return type of the current function. A multiple-returning function with return type ©T© can return any expression that is implicitly convertible to ©T©. A common use of a function's output is input to another function. \CFA allows this case, without any new syntax; a multiple-returning function can be used in any of the contexts where an expression is allowed. When a function call is passed as an argument to another call, the best match of actual arguments to formal parameters is evaluated given all possible expression interpretations in the current scope. \begin{cfa} void g( int, int ); §\C{// 1}§ void g( double, double ); §\C{// 2}§ g( div( 13, 5 ) ); §\C{// select 1}§ g( modf( 13.5 ) ); §\C{// select 2}§ \end{cfa} In this case, there are two overloaded ©g© routines. Both calls to ©g© expect two arguments that are matched by the two return values from ©div© and ©modf©. respectively, which are fed directly to the first and second parameters of ©g©. As well, both calls to ©g© have exact type matches for the two different versions of ©g©, so these exact matches are chosen. When type matches are not exact, conversions are used to find a best match. The previous examples can be rewritten passing the multiple returned-values directly to the ©printf© function call. \begin{cfa} [ int, int ] div( int x, int y ); §\C{// from include stdlib}§ printf( "%d %d\n", div( 13, 5 ) ); §\C{// print quotient/remainder}§ [ double, double ] modf( double x ); §\C{// from include math}§ printf( "%g %g\n", modf( 13.5 ) ); §\C{// print integral/fractional components}§ \end{cfa} This approach provides the benefits of compile-time checking for appropriate return statements as in aggregation, but without the required verbosity of declaring a new named type. Finally, the addition of multiple-return-value functions necessitates a syntax for retaining the multiple values at the call-site versus their temporary existence during a call. The simplest mechanism for retaining a return value in C is variable assignment. By assigning the multiple return-values into multiple variables, the values can be retrieved later. As such, \CFA allows assigning multiple values from a function into multiple variables, using a square-bracketed list of lvalue expressions on the left side. \begin{cfa} int quot, rem; [ quot, rem ] = div( 13, 5 ); §\C{// assign multiple variables}§ printf( "%d %d\n", quot, rem ); §\C{// print quotient/remainder}§ \end{cfa} Here, the multiple return-values are matched in much the same way as passing multiple return-values to multiple parameters in a call. \subsection{Expressions} % Change order of expression evaluation. % http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2016/p0145r2.pdf Multiple-return-value functions provide \CFA with a new syntax for expressing a combination of expressions in the return statement and a combination of types in a function signature. These notions are generalized to provide \CFA with \newterm{tuple expression}s and \newterm{tuple type}s. A tuple expression is an expression producing a fixed-size, ordered list of values of heterogeneous types. The type of a tuple expression is the tuple of the subexpression types, or a tuple type. In \CFA, a tuple expression is denoted by a comma-separated list of expressions enclosed in square brackets. For example, the expression ©[5, 'x', 10.5]© has type ©[int, char, double]©. The previous expression has 3 \emph{components}. Each component in a tuple expression can be any \CFA expression, including another tuple expression. The order of evaluation of the components in a tuple expression is unspecified, to allow a compiler the greatest flexibility for program optimization. It is, however, guaranteed that each component of a tuple expression is evaluated for side-effects, even if the result is not used. Multiple-return-value functions can equivalently be called \newterm{tuple-returning functions}. \subsection{Variables} The previous call of ©div© still requires the preallocation of multiple return-variables in a manner similar to the aliasing example. In \CFA, it is possible to overcome this restriction by declaring a \newterm{tuple variable}. \begin{cfa} [int, int] ®qr® = div( 13, 5 ); §\C{// initialize tuple variable}§ printf( "%d %d\n", ®qr® ); §\C{// print quotient/remainder}§ \end{cfa} It is now possible to match the multiple return-values to a single variable, in much the same way as \Index{aggregation}. As well, the components of the tuple value are passed as separate parameters to ©printf©, allowing direct printing of tuple variables. One way to access the individual components of a tuple variable is with assignment. \begin{cfa} [ quot, rem ] = qr; §\C{// assign multiple variables}§ \end{cfa} In addition to variables of tuple type, it is also possible to have pointers to tuples, and arrays of tuples. Tuple types can be composed of any types, except for array types, since array assignment is disallowed, which makes tuple assignment difficult when a tuple contains an array. \begin{cfa} [ double, int ] di; [ double, int ] * pdi [ double, int ] adi[10]; \end{cfa} This examples declares a variable of type ©[double, int]©, a variable of type pointer to ©[double, int]©, and an array of ten ©[double, int]©. \subsection{Indexing} It is also possible to access a single component of a tuple-valued expression without creating temporary variables. Given a tuple-valued expression $e$np and a compile-time constant integer $i$ where $0 \leq i < n$, where $n$ is the number of components in $e$, $e.i$ accesses the $i^{\:th}$ component of $e$, \eg: \begin{cfa} [int, double] x; [char *, int] f(); void g(double, int); [int, double] * p; int y = x.0; §\C{// access int component of x}§ y = f().1; §\C{// access int component of f}§ p->0 = 5; §\C{// access int component of tuple pointed-to by p}§ g( x.1, x.0 ); §\C{// rearrange x to pass to g}§ double z = [ x, f() ].0.1; §\C{// access second component of first component of tuple expression}§ \end{cfa} Tuple-index expressions can occur on any tuple-typed expression, including tuple-returning functions, square-bracketed tuple expressions, and other tuple-index expressions, provided the retrieved component is also a tuple. This feature was proposed for \KWC but never implemented \cite[p.~45]{Till89}. \subsection{Flattening and Structuring} \label{s:FlatteningStructuring} As evident in previous examples, tuples in \CFA do not have a rigid structure. In function call contexts, tuples support implicit flattening and restructuring conversions. Tuple flattening recursively expands a tuple into the list of its basic components. Tuple structuring packages a list of expressions into a value of tuple type. \begin{cfa} int f(int, int); int g([int, int]); int h(int, [int, int]); [int, int] x; int y; f(x); // flatten g(y, 10); // structure h(x, y); // flatten & structure \end{cfa} In \CFA, each of these calls is valid. In the call to ©f©, ©x© is implicitly flattened so that the components of ©x© are passed as the two arguments to ©f©. For the call to ©g©, the values ©y© and ©10© are structured into a single argument of type ©[int, int]© to match the type of the parameter of ©g©. Finally, in the call to ©h©, ©x© is flattened to yield an argument list of length 3, of which the first component of ©x© is passed as the first parameter of ©h©, and the second component of ©x© and ©y© are structured into the second argument of type ©[int, int]©. The flexible structure of tuples permits a simple and expressive function-call syntax to work seamlessly with both single- and multiple-return-value functions, and with any number of arguments of arbitrarily complex structure. In \KWC \cite{Buhr94a,Till89}, there were 4 tuple coercions: opening, closing, flattening, and structuring. Opening coerces a tuple value into a tuple of values, while closing converts a tuple of values into a single tuple value. Flattening coerces a nested tuple into a flat tuple, \ie it takes a tuple with tuple components and expands it into a tuple with only non-tuple components. Structuring moves in the opposite direction, \ie it takes a flat tuple value and provides structure by introducing nested tuple components. In \CFA, the design has been simplified to require only the two conversions previously described, which trigger only in function call and return situations. This simplification is a primary contribution of this thesis to the design of tuples in \CFA. Specifically, the expression resolution algorithm examines all of the possible alternatives for an expression to determine the best match. In resolving a function call expression, each combination of function value and list of argument alternatives is examined. Given a particular argument list and function value, the list of argument alternatives is flattened to produce a list of non-tuple valued expressions. Then the flattened list of expressions is compared with each value in the function's parameter list. If the parameter's type is not a tuple type, then the current argument value is unified with the parameter type, and on success the next argument and parameter are examined. If the parameter's type is a tuple type, then the structuring conversion takes effect, recursively applying the parameter matching algorithm using the tuple's component types as the parameter list types. Assuming a successful unification, eventually the algorithm gets to the end of the tuple type, which causes all of the matching expressions to be consumed and structured into a tuple expression. For example, in \begin{cfa} int f(int, [double, int]); f([5, 10.2], 4); \end{cfa} There is only a single definition of ©f©, and 3 arguments with only single interpretations. First, the argument alternative list ©[5, 10.2], 4© is flattened to produce the argument list ©5, 10.2, 4©. Next, the parameter matching algorithm begins, with $P =$© int© and $A =$© int©, which unifies exactly. Moving to the next parameter and argument, $P =$© [double, int]© and $A =$© double©. This time, the parameter is a tuple type, so the algorithm applies recursively with $P' =$© double© and $A =$© double©, which unifies exactly. Then $P' =$© int© and $A =$© double©, which again unifies exactly. At this point, the end of $P'$ has been reached, so the arguments ©10.2, 4© are structured into the tuple expression ©[10.2, 4]©. Finally, the end of the parameter list $P$ has also been reached, so the final expression is ©f(5, [10.2, 4])©. \subsection{Assignment} \label{s:TupleAssignment} An assignment where the left side of the assignment operator has a tuple type is called \newterm{tuple assignment}. There are two kinds of tuple assignment depending on whether the right side of the assignment operator has a non-tuple or tuple type, called \newterm[mass assignment]{mass} and \newterm[multiple assignment]{multiple} assignment, respectively. \begin{cfa} int x; double y; [int, double] z; [y, x] = 3.14; §\C{// mass assignment}§ [x, y] = z; §\C{// multiple assignment}§ z = 10; §\C{// mass assignment}§ z = [x, y]; §\C{// multiple assignment}§ \end{cfa} Let $L_i$ for $i$ in $[0, n)$ represent each component of the flattened left side, $R_i$ represent each component of the flattened right side of a multiple assignment, and $R$ represent the right side of a mass assignment. For a multiple assignment to be valid, both tuples must have the same number of elements when flattened. For example, the following is invalid because the number of components on the left does not match the number of components on the right. \begin{cfa} [ int, int ] x, y, z; [ x, y ] = z; §\C{// multiple assignment, invalid 4 != 2}§ \end{cfa} Multiple assignment assigns $R_i$ to $L_i$ for each $i$. That is, ©?=?(&$L_i$, $R_i$)© must be a well-typed expression. In the previous example, ©[x, y] = z©, ©z© is flattened into ©z.0, z.1©, and the assignments ©x = z.0© and ©y = z.1© happen. A mass assignment assigns the value $R$ to each $L_i$. For a mass assignment to be valid, ©?=?(&$L_i$, $R$)© must be a well-typed expression. These semantics differ from C cascading assignment (\eg ©a=b=c©) in that conversions are applied to $R$ in each individual assignment, which prevents data loss from the chain of conversions that can happen during a cascading assignment. For example, ©[y, x] = 3.14© performs the assignments ©y = 3.14© and ©x = 3.14©, which results in the value ©3.14© in ©y© and the value ©3© in ©x©. On the other hand, the C cascading assignment ©y = x = 3.14© performs the assignments ©x = 3.14© and ©y = x©, which results in the value ©3© in ©x©, and as a result the value ©3© in ©y© as well. Both kinds of tuple assignment have parallel semantics, such that each value on the left side and right side is evaluated \emph{before} any assignments occur. As a result, it is possible to swap the values in two variables without explicitly creating any temporary variables or calling a function. \begin{cfa} int x = 10, y = 20; [ x, y ] = [ y, x ]; \end{cfa} After executing this code, ©x© has the value ©20© and ©y© has the value ©10©. In \CFA, tuple assignment is an expression where the result type is the type of the left side of the assignment, as in normal assignment. That is, a tuple assignment produces the value of the left-hand side after assignment. These semantics allow cascading tuple assignment to work out naturally in any context where a tuple is permitted. These semantics are a change from the original tuple design in \KWC \cite{Till89}, wherein tuple assignment was a statement that allows cascading assignments as a special case. Restricting tuple assignment to statements was an attempt to to fix what was seen as a problem with side-effects, wherein assignment can be used in many different locations, such as in function-call argument position. While permitting assignment as an expression does introduce the potential for subtle complexities, it is impossible to remove assignment expressions from \CFA without affecting backwards compatibility. Furthermore, there are situations where permitting assignment as an expression improves readability by keeping code succinct and reducing repetition, and complicating the definition of tuple assignment puts a greater cognitive burden on the user. In another language, tuple assignment as a statement could be reasonable, but it would be inconsistent for tuple assignment to be the only kind of assignment that is not an expression. In addition, \KWC permits the compiler to optimize tuple assignment as a block copy, since it does not support user-defined assignment operators. This optimization could be implemented in \CFA, but it requires the compiler to verify that the selected assignment operator is trivial. The following example shows multiple, mass, and cascading assignment used in one expression \begin{cfa} int a, b; double c, d; [ void ] f( [ int, int ] ); f( [ c, a ] = [ b, d ] = 1.5 ); §\C{// assignments in parameter list}§ \end{cfa} The tuple expression begins with a mass assignment of ©1.5© into ©[b, d]©, which assigns ©1.5© into ©b©, which is truncated to ©1©, and ©1.5© into ©d©, producing the tuple ©[1, 1.5]© as a result. That tuple is used as the right side of the multiple assignment (\ie, ©[c, a] = [1, 1.5]©) that assigns ©1© into ©c© and ©1.5© into ©a©, which is truncated to ©1©, producing the result ©[1, 1]©. Finally, the tuple ©[1, 1]© is used as an expression in the call to ©f©. \subsection{Construction} Tuple construction and destruction follow the same rules and semantics as tuple assignment, except that in the case where there is no right side, the default constructor or destructor is called on each component of the tuple. As constructors and destructors did not exist in previous versions of \CFA or in \KWC, this is a primary contribution of this thesis to the design of tuples. \begin{cfa} struct S; void ?{}(S *); §\C{// (1)}§ void ?{}(S *, int); §\C{// (2)}§ void ?{}(S * double); §\C{// (3)}§ void ?{}(S *, S); §\C{// (4)}§ [S, S] x = [3, 6.28]; §\C{// uses (2), (3), specialized constructors}§ [S, S] y; §\C{// uses (1), (1), default constructor}§ [S, S] z = x.0; §\C{// uses (4), (4), copy constructor}§ \end{cfa} In this example, ©x© is initialized by the multiple constructor calls ©?{}(&x.0, 3)© and ©?{}(&x.1, 6.28)©, while ©y© is initialized by two default constructor calls ©?{}(&y.0)© and ©?{}(&y.1)©. ©z© is initialized by mass copy constructor calls ©?{}(&z.0, x.0)© and ©?{}(&z.1, x.0)©. Finally, ©x©, ©y©, and ©z© are destructed, \ie the calls ©^?{}(&x.0)©, ©^?{}(&x.1)©, ©^?{}(&y.0)©, ©^?{}(&y.1)©, ©^?{}(&z.0)©, and ©^?{}(&z.1)©. It is possible to define constructors and assignment functions for tuple types that provide new semantics, if the existing semantics do not fit the needs of an application. For example, the function ©void ?{}([T, U] *, S);© can be defined to allow a tuple variable to be constructed from a value of type ©S©. \begin{cfa} struct S { int x; double y; }; void ?{}([int, double] * this, S s) { this->0 = s.x; this->1 = s.y; } \end{cfa} Due to the structure of generated constructors, it is possible to pass a tuple to a generated constructor for a type with a member prefix that matches the type of the tuple. For example, \begin{cfa} struct S { int x; double y; int z }; [int, double] t; S s = t; \end{cfa} The initialization of ©s© with ©t© works by default because ©t© is flattened into its components, which satisfies the generated field constructor ©?{}(S *, int, double)© to initialize the first two values. \subsection{Member-Access Expression} \label{s:MemberAccessTuple} Tuples may be used to select multiple fields of a record by field name. The result is a single tuple-valued expression whose type is the tuple of the types of the members. For example, \begin{cfa} struct S { char x; int y; double z; } s; s.[x, y, z]; \end{cfa} Here, the type of ©s.[ x, y, z ]© is ©[ char, int, double ]©. A member tuple expression has the form \emph{e}©.[x, y, z];© where \emph{e} is an expression with type ©T©, where ©T© supports member access expressions, and ©x, y, z© are all members of ©T© with types ©T$_x$©, ©T$_y$©, and ©T$_z$© respectively. Then the type of \emph{e}©.[x, y, z]© is ©[T$_x$, T$_y$, T$_z$]©. A member-access tuple may be used anywhere a tuple can be used, \eg: \begin{cfa} s.[ y, z, x ] = [ 3, 3.2, 'x' ]; §\C{// equivalent to s.x = 'x', s.y = 3, s.z = 3.2}§ f( s.[ y, z ] ); §\C{// equivalent to f( s.y, s.z )}§ \end{cfa} Note, the fields appearing in a record-field tuple may be specified in any order; also, it is unnecessary to specify all the fields of a struct in a multiple record-field tuple. Since tuple-index expressions are a form of member-access expression, it is possible to use tuple-index expressions in conjunction with member-access expressions to restructure a tuple (\eg, rearrange components, drop components, duplicate components, \etc). \begin{cfa} [ int, int, long, double ] x; void f( double, long ); f( x.[ 0, 3 ] ); §\C{// f( x.0, x.3 )}§ x.[ 0, 1 ] = x.[ 1, 0 ]; §\C{// [ x.0, x.1 ] = [ x.1, x.0 ]}§ [ long, int, long ] y = x.[ 2, 0, 2 ]; \end{cfa} It is possible for a member tuple expression to contain other member access expressions, \eg: \begin{cfa} struct A { double i; int j; }; struct B { int * k; short l; }; struct C { int x; A y; B z; } v; v.[ x, y.[ i, j ], z.k ]; \end{cfa} This expression is equivalent to ©[ v.x, [ v.y.i, v.y.j ], v.z.k ]©. That is, the aggregate expression is effectively distributed across the tuple allowing simple and easy access to multiple components in an aggregate without repetition. It is guaranteed that the aggregate expression to the left of the ©.© in a member tuple expression is evaluated exactly once. As such, it is safe to use member tuple expressions on the result of a function with side-effects. \begin{cfa} [ int, float, double ] f(); [ double, float ] x = f().[ 2, 1 ]; §\C{// f() called once}§ \end{cfa} In \KWC, member tuple expressions are known as \emph{record field tuples} \cite{Till89}. Since \CFA permits these tuple-access expressions using structures, unions, and tuples, \emph{member tuple expression} or \emph{field tuple expression} is more appropriate. \subsection{Casting} In C, the cast operator is used to explicitly convert between types. In \CFA, the cast operator has a secondary use, which is type ascription, since it forces the expression resolution algorithm to choose the lowest cost conversion to the target type. That is, a cast can be used to select the type of an expression when it is ambiguous, as in the call to an overloaded function. \begin{cfa} int f(); §\C{// (1)}§ double f(); §\C{// (2)}§ f(); §\C{// ambiguous - (1),(2) both equally viable}§ (int)f(); §\C{// choose (2)}§ \end{cfa} Since casting is a fundamental operation in \CFA, casts need to be given a meaningful interpretation in the context of tuples. Taking a look at standard C provides some guidance with respect to the way casts should work with tuples. \begin{cfa}[numbers=left] int f(); void g(); (void)f(); §\C{// valid, ignore results}§ (int)g(); §\C{// invalid, void cannot be converted to int}§ struct A { int x; }; (struct A)f(); §\C{// invalid, int cannot be converted to A}§ \end{cfa} In C, line 4 is a valid cast, which calls ©f© and discards its result. On the other hand, line 5 is invalid, because ©g© does not produce a result, so requesting an ©int© to materialize from nothing is nonsensical. Finally, line 8 is also invalid, because in C casts only provide conversion between scalar types \cite[p.~91]{C11}. For consistency, this implies that any case wherein the number of components increases as a result of the cast is invalid, while casts that have the same or fewer number of components may be valid. Formally, a cast to tuple type is valid when $T_n \leq S_m$, where $T_n$ is the number of components in the target type and $S_m$ is the number of components in the source type, and for each $i$ in $[0, n)$, $S_i$ can be cast to $T_i$. Excess elements ($S_j$ for all $j$ in $[n, m)$) are evaluated, but their values are discarded so that they are not included in the result expression. This discarding naturally follows the way that a cast to void works in C. For example, \begin{cfa} [int, int, int] f(); [int, [int, int], int] g(); ([int, double])f(); §\C{// (1) valid}§ ([int, int, int])g(); §\C{// (2) valid}§ ([void, [int, int]])g(); §\C{// (3) valid}§ ([int, int, int, int])g(); §\C{// (4) invalid}§ ([int, [int, int, int]])g(); §\C{// (5) invalid}§ \end{cfa} (1) discards the last element of the return value and converts the second element to type double. Since ©int© is effectively a 1-element tuple, (2) discards the second component of the second element of the return value of ©g©. If ©g© is free of side effects, this is equivalent to ©[(int)(g().0), (int)(g().1.0), (int)(g().2)]©. Since ©void© is effectively a 0-element tuple, (3) discards the first and third return values, which is effectively equivalent to ©[(int)(g().1.0), (int)(g().1.1)]©). % will this always hold true? probably, as constructors should give all of the conversion power we need. if casts become function calls, what would they look like? would need a way to specify the target type, which seems awkward. Also, C++ basically only has this because classes are closed to extension, while we don't have that problem (can have floating constructors for any type). Note that a cast is not a function call in \CFA, so flattening and structuring conversions do not occur for cast expressions. As such, (4) is invalid because the cast target type contains 4 components, while the source type contains only 3. Similarly, (5) is invalid because the cast ©([int, int, int])(g().1)© is invalid. That is, it is invalid to cast ©[int, int]© to ©[int, int, int]©. \subsection{Polymorphism} Due to the implicit flattening and structuring conversions involved in argument passing, object and opaque parameters are restricted to matching only with non-tuple types. The integration of polymorphism, type assertions, and monomorphic specialization of tuple-assertions are a primary contribution of this thesis to the design of tuples. \begin{cfa} forall(T, U &) void f(T x, U * y); f([5, "hello"]); \end{cfa} In this example, ©[5, "hello"]© is flattened, so that the argument list appears as ©5, "hello"©. The argument matching algorithm binds ©T© to ©int© and ©U© to ©const char©, and calls the function as normal. Tuples can contain polymorphic types. For example, a plus operator can be written to add two triples of a type together. \begin{cfa} forall(T | { T ?+?(T, T); }) [T, T, T] ?+?([T, T, T] x, [T, T, T] y) { return [x.0+y.0, x.1+y.1, x.2+y.2]; } [int, int, int] x; int i1, i2, i3; [i1, i2, i3] = x + ([10, 20, 30]); \end{cfa} Note that due to the implicit tuple conversions, this function is not restricted to the addition of two triples. A call to this plus operator type checks as long as a total of 6 non-tuple arguments are passed after flattening, and all of the arguments have a common type that can bind to ©T©, with a pairwise ©?+?© over ©T©. For example, these expressions also succeed and produce the same value. \begin{cfa} ([x.0, x.1]) + ([x.2, 10, 20, 30]); // x + ([10, 20, 30]) x.0 + ([x.1, x.2, 10, 20, 30]); // x + ([10, 20, 30]) \end{cfa} This presents a potential problem if structure is important, as these three expressions look like they should have different meanings. Furthermore, these calls can be made ambiguous by introducing seemingly different functions. \begin{cfa} forall(T | { T ?+?(T, T); }) [T, T, T] ?+?([T, T] x, [T, T, T, T]); forall(T | { T ?+?(T, T); }) [T, T, T] ?+?(T x, [T, T, T, T, T]); \end{cfa} It is also important to note that these calls could be disambiguated if the function return types were different, as they likely would be for a reasonable implementation of ©?+?©, since the return type is used in overload resolution. Still, these semantics are a deficiency of the current argument matching algorithm, and depending on the function, differing return values may not always be appropriate. These issues could be rectified by applying an appropriate conversion cost to the structuring and flattening conversions, which are currently 0-cost conversions in the expression resolver. Care would be needed in this case to ensure that exact matches do not incur such a cost. \begin{cfa} void f([int, int], int, int); f([0, 0], 0, 0); §\C{// no cost}§ f(0, 0, 0, 0); §\C{// cost for structuring}§ f([0, 0,], [0, 0]); §\C{// cost for flattening}§ f([0, 0, 0], 0); §\C{// cost for flattening and structuring}§ \end{cfa} Until this point, it has been assumed that assertion arguments must match the parameter type exactly, modulo polymorphic specialization (\ie, no implicit conversions are applied to assertion arguments). This decision presents a conflict with the flexibility of tuples. \subsubsection{Assertion Inference} \begin{cfa} int f([int, double], double); forall(T, U | { T f(T, U, U); }) void g(T, U); g(5, 10.21); \end{cfa} If assertion arguments must match exactly, then the call to ©g© cannot be resolved, since the expected type of ©f© is flat, while the only ©f© in scope requires a tuple type. Since tuples are fluid, this requirement reduces the usability of tuples in polymorphic code. To ease this pain point, function parameter and return lists are flattened for the purposes of type unification, which allows the previous example to pass expression resolution. This relaxation is made possible by extending the existing thunk generation scheme, as described by Bilson \cite{Bilson03}. Now, whenever a candidate's parameter structure does not exactly match the formal parameter's structure, a thunk is generated to specialize calls to the actual function. \begin{cfa} int _thunk(int _p0, double _p1, double _p2) { return f([_p0, _p1], _p2); } \end{cfa} Essentially, this provides flattening and structuring conversions to inferred functions, improving the compatibility of tuples and polymorphism. \section{Tuples} \label{tuples} In C and \CFA, lists of elements appear in several contexts, such as the parameter list for a routine call. (More contexts are added shortly.) A list of such elements is called a \newterm{lexical list}. The general syntax of a lexical list is: \begin{cfa} [ §\emph{exprlist}§ ] \end{cfa} where \LstBasicStyle{\emph{exprlist}} is a list of one or more expressions separated by commas. The brackets, ©[]©, allow differentiating between lexical lists and expressions containing the C comma operator. The following are examples of lexical lists: \begin{cfa} [ x, y, z ] [ 2 ] [ v + w, x * y, 3.14159, f() ] \end{cfa} Tuples are permitted to contain sub-tuples (\ie nesting), such as ©[ [ 14, 21 ], 9 ]©, which is a 2-element tuple whose first element is itself a tuple. Note, a tuple is not a record (structure); a record denotes a single value with substructure, whereas a tuple is multiple values with no substructure \see{flattening coercion in \VRef{s:FlatteningStructuring}}. In essence, tuples are largely a compile time phenomenon, having little or no runtime presence. Tuples can be organized into compile-time tuple variables; these variables are of \newterm{tuple type}. Tuple variables and types can be used anywhere lists of conventional variables and types can be used. The general syntax of a tuple type is: \begin{cfa} [ §\emph{typelist}§ ] \end{cfa} where \LstBasicStyle{\emph{typelist}} is a list of one or more legal \CFA or C type specifications separated by commas, which may include other tuple type specifications. Examples of tuple types include: \begin{cfa} [ unsigned int, char ] [ double, double, double ] [ * int, int * ] §\C{// mix of CFA and ANSI}§ [ * [ 5 ] int, * * char, * [ [ int, int ] ] (int, int) ] \end{cfa} Like tuples, tuple types may be nested, such as ©[ [ int, int ], int ]©, which is a 2-element tuple type whose first element is itself a tuple type. Examples of declarations using tuple types are: \begin{cfa} [ int, int ] x; §\C{// 2 element tuple, each element of type int}§ * [ char, char ] y; §\C{// pointer to a 2 element tuple}§ [ [ int, int ] ] z ([ int, int ]); \end{cfa} The last example declares an external routine that expects a 2 element tuple as an input parameter and returns a 2 element tuple as its result. As mentioned, tuples can appear in contexts requiring a list of value, such as an argument list of a routine call. In unambiguous situations, the tuple brackets may be omitted, \eg a tuple that appears as an argument may have its square brackets omitted for convenience; therefore, the following routine invocations are equivalent: \begin{cfa} f( [ 1, x+2, fred() ] ); f( 1, x+2, fred() ); \end{cfa} Also, a tuple or a tuple variable may be used to supply all or part of an argument list for a routine expecting multiple input parameters or for a routine expecting a tuple as an input parameter. For example, the following are all legal: \begin{cfa} [ int, int ] w1; [ int, int, int ] w2; [ void ] f (int, int, int); §\C{// three input parameters of type int}§ [ void ] g ([ int, int, int ]); §\C{// 3 element tuple as input}§ f( [ 1, 2, 3 ] ); f( w1, 3 ); f( 1, w1 ); f( w2 ); g( [ 1, 2, 3 ] ); g( w1, 3 ); g( 1, w1 ); g( w2 ); \end{cfa} Note, in all cases 3 arguments are supplied even though the syntax may appear to supply less than 3. As mentioned, a tuple does not have structure like a record; a tuple is simply converted into a list of components. \begin{rationale} The present implementation of \CFA does not support nested routine calls when the inner routine returns multiple values; \ie a statement such as ©g( f() )© is not supported. Using a temporary variable to store the results of the inner routine and then passing this variable to the outer routine works, however. \end{rationale} A tuple can contain a C comma expression, provided the expression containing the comma operator is enclosed in parentheses. For instance, the following tuples are equivalent: \begin{cfa} [ 1, 3, 5 ] [ 1, (2, 3), 5 ] \end{cfa} The second element of the second tuple is the expression (2, 3), which yields the result 3. This requirement is the same as for comma expressions in argument lists. Type qualifiers, \ie ©const© and ©volatile©, may modify a tuple type. The meaning is to distribute the qualifier across all of the types in the tuple, \eg: \begin{cfa} const volatile [ int, float, const int ] x; \end{cfa} is equivalent to: \begin{cfa} [ const volatile int, const volatile float, const volatile int ] x; \end{cfa} Declaration qualifiers can only appear at the start of a \CFA tuple declaration4, \eg: \begin{cfa} extern [ int, int ] w1; static [ int, int, int ] w2; \end{cfa} \begin{rationale} Unfortunately, C's syntax for subscripts precluded treating them as tuples. The C subscript list has the form ©[i][j]...© and not ©[i, j, ...]©. Therefore, there is no syntactic way for a routine returning multiple values to specify the different subscript values, \eg ©f[ g() ]© always means a single subscript value because there is only one set of brackets. Fixing this requires a major change to C because the syntactic form ©M[i, j, k]© already has a particular meaning: ©i, j, k© is a comma expression. \end{rationale} \subsection{Tuple Coercions} \label{tuple coercions}\label{coercions!tuple} There are four coercions that can be performed on tuples and tuple variables: closing, opening, flattening and structuring. In addition, the coercion of dereferencing can be performed on a tuple variable to yield its value(s), as for other variables. A \newterm{closing coercion} takes a set of values and converts it into a tuple value, which is a contiguous set of values, as in: \begin{cfa} [ int, int, int, int ] w; w = [ 1, 2, 3, 4 ]; \end{cfa} First the right-hand tuple is closed into a tuple value and then the tuple value is assigned. An \newterm{opening coercion} is the opposite of closing; a tuple value is converted into a tuple of values, as in: \begin{cfa} [ a, b, c, d ] = w \end{cfa} ©w© is implicitly opened to yield a tuple of four values, which are then assigned individually. A \newterm{flattening coercion} coerces a nested tuple, \ie a tuple with one or more components, which are themselves tuples, into a flattened tuple, which is a tuple whose components are not tuples, as in: \begin{cfa} [ a, b, c, d ] = [ 1, [ 2, 3 ], 4 ]; \end{cfa} First the right-hand tuple is flattened and then the values are assigned individually. Flattening is also performed on tuple types. For example, the type ©[ int, [ int, int ], int ]© can be coerced, using flattening, into the type ©[ int, int, int, int ]©. A \newterm{structuring coercion} is the opposite of flattening; a tuple is structured into a more complex nested tuple. For example, structuring the tuple ©[ 1, 2, 3, 4 ]© into the tuple ©[ 1, [ 2, 3 ], 4 ]© or the tuple type ©[ int, int, int, int ]© into the tuple type ©[ int, [ int, int ], int ]©. In the following example, the last assignment illustrates all the tuple coercions: \begin{cfa} [ int, int, int, int ] w = [ 1, 2, 3, 4 ]; int x = 5; [ x, w ] = [ w, x ]; §\C{// all four tuple coercions}§ \end{cfa} Starting on the right-hand tuple in the last assignment statement, w is opened, producing a tuple of four values; therefore, the right-hand tuple is now the tuple ©[ [ 1, 2, 3, 4 ], 5 ]©. This tuple is then flattened, yielding ©[ 1, 2, 3, 4, 5 ]©, which is structured into ©[ 1, [ 2, 3, 4, 5 ] ]© to match the tuple type of the left-hand side. The tuple ©[ 2, 3, 4, 5 ]© is then closed to create a tuple value. Finally, ©x© is assigned ©1© and ©w© is assigned the tuple value using \Index{multiple assignment} \see{\VRef{s:TupleAssignment}}. \begin{rationale} A possible additional language extension is to use the structuring coercion for tuples to initialize a complex record with a tuple. \end{rationale} \subsection{Mass Assignment} \label{mass assignment}\label{assignment!mass} \CFA permits assignment to several variables at once using mass assignment~\cite{CLU}. Mass assignment has the following form: \begin{cfa} [ §\emph{lvalue}§, ... , §\emph{lvalue}§ ] = §\emph{expr}§; \end{cfa} The left-hand side is a tuple of \LstBasicStyle{\emph{\Index{lvalue}}}s, which is a list of expressions each yielding an address, \ie any data object that can appear on the left-hand side of a conventional assignment statement. \LstBasicStyle{\emph{expr}} is any standard arithmetic expression. Clearly, the types of the entities being assigned must be type compatible with the value of the expression. Mass assignment has parallel semantics, \eg the statement: \begin{cfa} [ x, y, z ] = 1.5; \end{cfa} is equivalent to: \begin{cfa} x = 1.5; y = 1.5; z = 1.5; \end{cfa} This semantics is not the same as the following in C: \begin{cfa} x = y = z = 1.5; \end{cfa} as conversions between intermediate assignments may lose information. A more complex example is: \begin{cfa} [ i, y[i], z ] = a + b; \end{cfa} which is equivalent to: \begin{cfa} t = a + b; a1 = &i; a2 = &y[i]; a3 = &z; *a1 = t; *a2 = t; *a3 = t; \end{cfa} The temporary ©t© is necessary to store the value of the expression to eliminate conversion issues. The temporaries for the addresses are needed so that locations on the left-hand side do not change as the values are assigned. In this case, ©y[i]© uses the previous value of ©i© and not the new value set at the beginning of the mass assignment. \subsection{Multiple Assignment} \label{multiple assignment}\label{assignment!multiple} \CFA also supports the assignment of several values at once, known as multiple assignment~\cite{CLU,Galletly96}. Multiple assignment has the following form: \begin{cfa} [ §\emph{lvalue}§, ... , §\emph{lvalue}§ ] = [ §\emph{expr}§, ... , §\emph{expr}§ ];§ \end{cfa} The left-hand side is a tuple of \LstBasicStyle{\emph{\Index{lvalue}}}s, and the right-hand side is a tuple of \LstBasicStyle{\emph{expr}}s. Each \LstBasicStyle{\emph{expr}} appearing on the right-hand side of a multiple assignment statement is assigned to the corresponding \LstBasicStyle{\emph{lvalues}} on the left-hand side of the statement using parallel semantics for each assignment. An example of multiple assignment is: \begin{cfa} [ x, y, z ] = [ 1, 2, 3 ]; \end{cfa} Here, the values ©1©, ©2© and ©3© are assigned, respectively, to the variables ©x©, ©y© and ©z©. A more complex example is: \begin{cfa} [ i, y[ i ], z ] = [ 1, i, a + b ]; \end{cfa} Here, the values ©1©, ©i© and ©a + b© are assigned to the variables ©i©, ©y[i]© and ©z©, respectively. Note, the parallel semantics of multiple assignment ensures: \begin{cfa} [ x, y ] = [ y, x ]; \end{cfa} correctly interchanges (swaps) the values stored in ©x© and ©y©. The following cases are errors: \begin{cfa} [ a, b, c ] = [ 1, 2, 3, 4 ]; [ a, b, c ] = [ 1, 2 ]; \end{cfa} because the number of entities in the left-hand tuple is unequal with the right-hand tuple. As for all tuple contexts in C, side effects should not be used because C does not define an ordering for the evaluation of the elements of a tuple; both these examples produce indeterminate results: \begin{cfa} f( x++, x++ ); §\C{// C routine call with side effects in arguments}§ [ v1, v2 ] = [ x++, x++ ]; §\C{// side effects in right-hand side of multiple assignment}§ \end{cfa} \subsection{Cascade Assignment} \index{cascade assignment}\index{assignment!cascade} As in C, \CFA mass and multiple assignments can be cascaded, producing cascade assignment. Cascade assignment has the following form: \begin{cfa} §\emph{tuple}§ = §\emph{tuple}§ = ... = §\emph{tuple}§; \end{cfa} and it has the same parallel semantics as for mass and multiple assignment. Some examples of cascade assignment are: \begin{cfa} x1 = y1 = x2 = y2 = 0; [ x1, y1 ] = [ x2, y2 ] = [ x3, y3 ]; [ x1, y1 ] = [ x2, y2 ] = 0; [ x1, y1 ] = z = 0; \end{cfa} As in C, the rightmost assignment is performed first, \ie assignment parses right to left. \section{Stream I/O Library} \label{s:StreamIOLibrary} \index{input}\index{output} \index{stream library}\index{library!stream} The goal of \CFA stream input/output (I/O) is to simplify the common cases\index{I/O!common case}, while fully supporting polymorphism and user defined types in a consistent way. Stream I/O can be implicitly or explicitly formatted. Implicit formatting means \CFA selects an I/O format for values that matches a variable's type. Explicit formatting means additional I/O information is specified to control how a value is interpreted. \CFA formatting incorporates ideas from C ©printf©, \CC ©stream© manipulators, and Python implicit spacing and newline. Specifically: \begin{itemize} \item ©printf©/Python format codes are dense, making them difficult to read and remember. \CFA/\CC format manipulators are named, making them easier to read and remember. \item ©printf©/Python separate format codes from associated variables, making it difficult to match codes with variables. \CFA/\CC co-locate codes with associated variables, where \CFA has the tighter binding. \item Format manipulators in ©printf©/Python/\CFA have local effect, whereas \CC have global effect, except ©setw©. Hence, it is common \CC programming practice to toggle manipulators on and then back to the default to prevent downstream side-effects. Without this programming style, errors occur when moving prints, as manipulator effects incorrectly flow into the new location. Furthermore, to guarantee no side-effects, manipulator values must be saved and restored across function calls. \CC programers never do any of this. \item \CFA has more sophisticated implicit value spacing than Python, plus implicit newline at the end of a print. \end{itemize} \subsection{Basic I/O} The standard polymorphic I/O streams are ©stdin©/©sin© (input), ©stdout©/©sout©, and ©stderr©/©serr© (output) (like C++ ©cin©/©cout©/©cerr©). The standard I/O operator is the bit-wise (or) operator, ©'|'©, which is used to cascade multiple I/O operations. The \CFA header file for the I/O library is \Indexc{fstream.hfa}. \subsubsection{Stream Output} For implicit formatted output, the common case is printing a series of variables separated by whitespace. \begin{cquote} \begin{tabular}{@{}l@{\hspace{2em}}l@{\hspace{2em}}l@{}} \multicolumn{1}{c@{\hspace{2em}}}{\textbf{\CFA}} & \multicolumn{1}{c@{\hspace{2em}}}{\textbf{\CC}} & \multicolumn{1}{c}{\textbf{Python}} \\ \begin{cfa} int x = 1, y = 2, z = 3; sout | x ®|® y ®|® z; \end{cfa} & \begin{cfa} cout << x ®<< " "® << y ®<< " "® << z << endl; \end{cfa} & \begin{cfa} x = 1; y = 2; z = 3 print( x, y, z ) \end{cfa} \\ \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] 1® ®2® ®3 \end{cfa} & \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] 1® ®2® ®3 \end{cfa} & \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] 1® ®2® ®3 \end{cfa} \end{tabular} \end{cquote} The \CFA form has half the characters of the \CC form, and is similar to \Index*{Python} I/O with respect to implicit separators and newline. Similar simplification occurs for \Index{tuple} I/O, which flattens the tuple and prints each value separated by ``\lstinline[showspaces=true]{, }'' (comma space). \begin{cfa} [int, [ int, int ] ] t1 = [ 1, [ 2, 3 ] ], t2 = [ 4, [ 5, 6 ] ]; sout | t1 | t2; §\C{// print tuples}§ \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt] 1®, ®2®, ®3 4®, ®5®, ®6 \end{cfa} The bit-wise ©|© operator is used for I/O, rather \CC shift-operators, ©<<© and ©>>©, as it is the lowest-priority \emph{overloadable} operator, other than assignment. (Operators ©||© and ©&&© are not overloadable in \CFA.) Therefore, fewer output expressions require parenthesis. \begin{cquote} \begin{tabular}{@{}ll@{}} \textbf{\CFA:} & \begin{cfa} sout | x * 3 | y + 1 | z << 2 | x == y | ®(®x | y®)® | ®(®x || y®)® | ®(®x > z ? 1 : 2®)®; \end{cfa} \\ \textbf{\CC:} & \begin{cfa} cout << x * 3 << y + 1 << ®(®z << 2®)® << ®(®x == y®)® << ®(®x | y®)® << ®(®x || y®)® << ®(®x > z ? 1 : 2®)® << endl; \end{cfa} \\ & \begin{cfa}[showspaces=true,aboveskip=0pt] 3 3 12 0 3 1 2 \end{cfa} \end{tabular} \end{cquote} There is a weak similarity between the \CFA logical-or operator and the \Index{Shell pipe-operator} for moving data, where data flows in the correct direction for input but the opposite direction for output. Input and output use a uniform operator, ©|©, rather than \CC's ©<<© and ©>>© input/output operators to prevent this common error in \CC: \begin{C++} cin << i; // why is this generating a lot of error messages? \end{C++} Streams ©exit© and ©abort© provide output with immediate program termination without and with generating a stack trace and core file. Stream ©exit© implicitly returns ©EXIT_FAILURE© to the shell. \begin{cfa} ®exit® | "x (" | x | ") negative value."; §\C{// print, terminate, and return EXIT\_FAILURE to shell}§ ®abort® | "x (" | x | ") negative value."; §\C{// print, terminate, and generate stack trace and core file}§ \end{cfa} Note, \CFA stream variables ©stdin©, ©stdout©, ©stderr©, ©exit©, and ©abort© overload C variables ©stdin©, ©stdout©, ©stderr©, and functions ©exit© and ©abort©, respectively. \subsubsection{Stream Input} For implicit formatted input, the common case is reading a sequence of values separated by whitespace, where the type of an input constant must match with the type of the input variable. \begin{cquote} \begin{lrbox}{\myboxA} \begin{cfa}[aboveskip=0pt,belowskip=0pt] char c; int i; double d \end{cfa} \end{lrbox} \begin{tabular}{@{}l@{\hspace{3em}}l@{\hspace{3em}}l@{}} \multicolumn{1}{@{}l@{}}{\usebox\myboxA} \\ \multicolumn{1}{c@{\hspace{2em}}}{\textbf{\CFA}} & \multicolumn{1}{c@{\hspace{2em}}}{\textbf{\CC}} & \multicolumn{1}{c}{\textbf{Python}} \\ \begin{cfa}[aboveskip=0pt,belowskip=0pt] sin | c | i | d; \end{cfa} & \begin{cfa}[aboveskip=0pt,belowskip=0pt] cin >> c >> i >> d; \end{cfa} & \begin{cfa}[aboveskip=0pt,belowskip=0pt] c = input(); i = int(input()); d = float(input()); \end{cfa} \\ \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] ®A® ®1® ®2.5® \end{cfa} & \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] ®A® ®1® ®2.5® \end{cfa} & \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] ®A® ®1® ®2.5® \end{cfa} \end{tabular} \end{cquote} The format of numeric input values in the same as C constants without a trailing type suffix, as the input value-type is denoted by the input variable. For ©bool© type, the constants are ©true© and ©false©. For integral types, any number of digits, optionally preceded by a sign (©+© or ©-©), where a \begin{itemize} \item ©1©-©9© prefix introduces a decimal value (©0©-©9©), \item ©0© prefix introduces an octal value (©0©-©7©), and \item ©0x© or ©0X© prefix introduces a hexadecimal value (©0©-©f©) with lower or upper case letters. \end{itemize} For floating-point types, any number of decimal digits, optionally preceded by a sign (©+© or ©-©), optionally containing a decimal point, and optionally followed by an exponent, ©e© or ©E©, with signed (optional) decimal digits. Floating-point values can also be written in hexadecimal format preceded by ©0x© or ©0X© with hexadecimal digits and exponent denoted by ©p© or ©P©. In all cases, whitespace characters are skipped until an appropriate value is found. \begin{cfa}[belowskip=0pt] char ch; int i; float f; double d; _Complex double cxd; sin | ch | i | f | d | cxd; X 42 1234.5 0xfffp-2 3.5+7.1i \end{cfa} It is also possible to scan and ignore specific strings and whitespace using a string format. \begin{cfa}[belowskip=0pt] sin | "abc def"; §\C{// space matches arbitrary whitespace (2 blanks, 2 tabs)}§ \end{cfa} \begin{cfa}[showspaces=true,showtabs=true,aboveskip=0pt,belowskip=0pt] ®abc def® \end{cfa} A non-whitespace format character reads the next input character, compares the format and input characters, and if equal, the input character is discarded and the next format character is tested. Note, a single whitespace in the format string matches \Textbf{any} quantity of whitespace characters from the stream (including none). For the C-string type, the default input format is any number of \Textbf{non-whitespace} characters. There is no escape character supported in an input string, but any Latin-1 character can be typed directly in the input string. For example, if the following non-whitespace output is redirected into a file by the shell: \begin{cfa}[belowskip=0pt] sout | "\n\t\f\0234\x23"; \end{cfa} it can be read back from the file by redirecting the file as input using: \begin{cfa}[belowskip=0pt] char s[64]; sin | wdi( sizeof(s), s ); §\C{// must specify string size}§ \end{cfa} The input string is always null terminated ©'\0'© in the input variable. Because of potential buffer overrun when reading C strings, strings are restricted to work with input manipulators \see{\VRef{s:InputManipulators}}. As well, there are multiple input-manipulators for scanning complex input string formats, \eg a quoted character or string. \Textbf{In all cases, if an invalid data value is not found for a type or format string, the exception ©missing_data© is raised and the input variable is unchanged.} For example, when reading an integer and the string ©"abc"© is found, the exception ©missing_data© is raised to ensure the program does not proceed erroneously. If a valid data value is found, but it is larger than the capacity of the input variable, such reads are undefined. \subsubsection{Stream Files} \VRef[Figure]{f:IOStreamFunctions} shows the I/O stream operations for interacting with files other than ©sin©, ©sout©, and ©cerr©. \begin{itemize}[topsep=4pt,itemsep=2pt,parsep=0pt] \item \Indexc{fail} tests the stream error-indicator, returning nonzero if it is set. \item \Indexc{clear} resets the stream error-indicator. \item \Indexc{flush} (©ofstream© only) causes any unwritten data for a stream to be written to the file. \item \Indexc{eof} (©ifstream© only) tests the end-of-file indicator for the stream pointed to by stream. Returns true if the end-of-file indicator is set, otherwise false. \item \Indexc{open} binds the file with ©name© to a stream accessed with ©mode© (see ©fopen©). \item \Indexc{close} flushes the stream and closes the file. \item \Indexc{write} (©ofstream© only) writes ©size© bytes to the stream. The bytes are written lazily when an internal buffer fills. Eager buffer writes are done with ©flush© \item \Indexc{read} (©ifstream© only) reads ©size© bytes from the stream. \item \Indexc{ungetc} (©ifstream© only) pushes the character back to the input stream. Pushed-back characters returned by subsequent reads in the reverse order of pushing. \end{itemize} The constructor functions: \begin{itemize}[topsep=4pt,itemsep=2pt,parsep=0pt] \item create an unbound stream, which is subsequently bound to a file with ©open©. \item create a bound stream to the associated file with given ©mode©. \end{itemize} The destructor closes the stream. \begin{figure} \begin{cfa} // *********************************** ofstream *********************************** bool fail( ofstream & );§\indexc{fail}\index{ofstream@©ofstream©!©fail©}§ void clear( ofstream & );§\indexc{clear}\index{ofstream@©ofstream©!©clear©}§ int flush( ofstream & );§\indexc{flush}\index{ofstream@©ofstream©!©flush©}§ void open( ofstream &, const char name[], const char mode[] = "w" );§\indexc{open}\index{ofstream@©ofstream©!©open©}§ void close( ofstream & );§\indexc{close}\index{ofstream@©ofstream©!©close©}§ ofstream & write( ofstream &, const char data[], size_t size );§\indexc{write}\index{ofstream@©ofstream©!©write©}§ void ?{}( ofstream & );§\index{ofstream@©ofstream©!©?{}©}§ void ?{}( ofstream &, const char name[], const char mode[] = "w" ); void ^?{}( ofstream & );§\index{ofstream@©ofstream©!©^?{}©}§ // *********************************** ifstream *********************************** bool fail( ifstream & is );§\indexc{fail}\index{ifstream@©ifstream©!©fail©}§ void clear( ifstream & );§\indexc{clear}\index{ifstream@©ifstream©!©clear©}§ bool eof( ifstream & is );§\indexc{eof}\index{ifstream@©ifstream©!©eof©}§ void open( ifstream & is, const char name[], const char mode[] = "r" );§\indexc{open}\index{ifstream@©ifstream©!©open©}§ void close( ifstream & is );§\indexc{close}\index{ifstream@©ifstream©!©close©}§ ifstream & read( ifstream & is, char data[], size_t size );§\indexc{read}\index{ifstream@©ifstream©!©read©}§ ifstream & ungetc( ifstream & is, char c );§\indexc{unget}\index{ifstream@©ifstream©!©unget©}§ void ?{}( ifstream & is );§\index{ifstream@©ifstream©!©?{}©}§ void ?{}( ifstream & is, const char name[], const char mode[] = "r" ); void ^?{}( ifstream & is );§\index{ifstream@©ifstream©!©^?{}©}§ \end{cfa} \caption{I/O Stream Functions} \label{f:IOStreamFunctions} \end{figure} \VRef[Figure]{f:CFACommand-LineProcessing} demonstrates the file operations by showing the idiomatic \CFA command-line processing and copying an input file to an output file. Note, a stream variable may be copied because it is a reference to an underlying stream data-structures. \Textbf{All unusual I/O cases are handled as exceptions, including end-of-file.} \begin{figure} \begin{cfa} #include ®® int main( int argc, char * argv[] ) { ®ifstream® in = stdin; §\C{// copy default files}§ ®ofstream® out = stdout; try { choose ( argc ) { case 3, 2: ®open®( in, argv[1] ); §\C{// open input file first as output creates file}§ if ( argc == 3 ) ®open®( out, argv[2] ); §\C{// do not create output unless input opens}§ case 1: ; §\C{// use default files}§ default: ®exit® | "Usage" | argv[0] | "[ input-file (default stdin) " "[ output-file (default stdout) ] ]"; } // choose } catch( ®open_failure® * ex; ex->istream == &in ) { §\C{// input file errors}§ ®exit® | "Unable to open input file" | argv[1]; } catch( ®open_failure® * ex; ex->ostream == &out ) { §\C{// output file errors}§ ®close®( in ); §\C{// optional}§ ®exit® | "Unable to open output file" | argv[2]; } // try out | nlOff; §\C{// turn off auto newline}§ in | nlOn; §\C{// turn on reading newline}§ char ch; try { for () { §\C{// read/write characters}§ in | ch; out | ch; } // for } catch( end_of_file * ) { §\C{// end-of-file raised}§ } // try } // main \end{cfa} \caption{\CFA Command-Line Processing} \label{f:CFACommand-LineProcessing} \end{figure} \subsection{Implicit Separator} The \Index{implicit separator}\index{I/O!separator} character (space/blank) is a separator not a terminator for output. The rules for implicitly adding a separator are: \begin{enumerate} \item A separator does not appear at the start or end of a line. \begin{cfa}[belowskip=0pt] sout | 1 | 2 | 3; \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] 1 2 3 \end{cfa} \item A separator does not appear before or after a character literal or variable. \begin{cfa} sout | '1' | '2' | '3'; 123 \end{cfa} \item A separator does not appear before or after a null (empty) C string, which is a local mechanism to disable insertion of the separator character. \begin{cfa} sout | 1 | "" | 2 | "" | 3; 123 \end{cfa} \item A separator does not appear before a C string starting with the (extended) \Index*{ASCII}\index{ASCII!extended} characters: \LstStringStyle{,.;!?)]\}\%\textcent\guillemotright}, where \LstStringStyle{\guillemotright} is a closing citation mark. \begin{cfa} sout | 1 | ", x" | 2 | ". x" | 3 | "; x" | 4 | "! x" | 5 | "? x" | 6 | "% x" | 7 | "§\LstStringStyle{\textcent}§ x" | 8 | "§\LstStringStyle{\guillemotright}§ x" | 9 | ") x" | 10 | "] x" | 11 | "} x"; \end{cfa} \begin{cfa}[showspaces=true] Input1®,® x 2®.® x 3®;® x 4®!® x 5®?® x 6®%® x 7§\R{\LstStringStyle{\textcent}}§ x 8§\R{\LstStringStyle{\guillemotright}}§ x 9®)® x 10®]® x 11®}® x \end{cfa} \item A separator does not appear after a C string ending with the (extended) \Index*{ASCII}\index{ASCII!extended} characters: \LstStringStyle{([\{=\$\textsterling\textyen\textexclamdown\textquestiondown\guillemotleft}, where \LstStringStyle{\textexclamdown\textquestiondown} are inverted opening exclamation and question marks, and \LstStringStyle{\guillemotleft} is an opening citation mark. \begin{cfa} sout | "x (" | 1 | "x [" | 2 | "x {" | 3 | "x =" | 4 | "x §\LstStringStyle{\textdollar}§" | 5 | "x §\LstStringStyle{\textsterling}§" | 6 | "x §\LstStringStyle{\textyen}§" | 7 | "x §\LstStringStyle{\textexclamdown}§" | 8 | "x §\LstStringStyle{\textquestiondown}§" | 9 | "x §\LstStringStyle{\guillemotleft}§" | 10; \end{cfa} \begin{cfa}[showspaces=true] x ®(®1 x ®[®2 x ®{®3 x ®=®4 x §\LstStringStyle{\textdollar}§5 x §\R{\LstStringStyle{\textsterling}}§6 x §\R{\LstStringStyle{\textyen}}§7 x §\R{\LstStringStyle{\textexclamdown}}§8 x §\R{\LstStringStyle{\textquestiondown}}§9 x §\R{\LstStringStyle{\guillemotleft}}§10 \end{cfa} \item A separator does not appear before/after a C string starting/ending with the \Index*{ASCII} quote or whitespace characters: \lstinline[basicstyle=\tt,showspaces=true]{`'": \t\v\f\r\n} \begin{cfa} sout | "x`" | 1 | "`x'" | 2 | "'x\"" | 3 | "\"x:" | 4 | ":x " | 5 | " x\t" | 6 | "\tx"; \end{cfa} \begin{cfa}[showspaces=true,showtabs=true] x®`®1®`®x§\R{\texttt{'}}§2§\R{\texttt{'}}§x§\R{\texttt{"}}§3§\R{\texttt{"}}§x®:®4®:®x® ®5® ®x® ®6® ®x \end{cfa} \item If a space is desired before or after one of the special string start/end characters, explicitly insert a space. \begin{cfa} sout | "x (§\R{\texttt{\textvisiblespace}}§" | 1 | "§\R{\texttt{\textvisiblespace}}§) x" | 2 | "§\R{\texttt{\textvisiblespace}}§, x" | 3 | "§\R{\texttt{\textvisiblespace}}§:x:§\R{\texttt{\textvisiblespace}}§" | 4; \end{cfa} \begin{cfa}[showspaces=true,showtabs=true] x (® ®1® ®) x 2® ®, x 3® ®:x:® ®4 \end{cfa} \end{enumerate} \subsection{Separation Manipulators} The following \Index{manipulator}s control \Index{implicit output separation}. The effect of these manipulators is global for an output stream (except ©sep© and ©nosep©). \begin{enumerate} \item \Indexc{sepSet}\index{manipulator!sepSet@©sepSet©} and \Indexc{sepVal}\index{manipulator!sepVal@©sepVal©}/\Indexc{sepGet}\index{manipulator!sepGet@©sepGet©} set and get the separator string. The separator string can be at most 16 characters including the ©'\0'© string terminator (15 printable characters). \begin{cfa}[belowskip=0pt] sepSet( sout, ", §\LstStringStyle{\textdollar}§" ); §\C{// set separator from " " to ", \$"}§ sout | 1 | 2 | 3 | " \"" | ®sepVal® | "\""; \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt] 1®, §\color{red}\LstStringStyle{\textdollar}§®2®, §\color{red}\LstStringStyle{\textdollar}§®3 ®", §\color{red}\LstStringStyle{\textdollar}§"® \end{cfa} \begin{cfa}[belowskip=0pt] sepSet( sout, " " ); §\C{// reset separator to " "}§ sout | 1 | 2 | 3 | " \"" | ®sepGet( sout )® | "\""; \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt] 1® ®2® ®3 ®" "® \end{cfa} ©sepGet© can be used to store a separator and then restore it: \begin{cfa}[belowskip=0pt] char store[®sepSize®]; §\C{// sepSize is the maximum separator size}§ strcpy( store, sepGet( sout ) ); §\C{// copy current separator}§ sepSet( sout, "_" ); §\C{// change separator to underscore}§ sout | 1 | 2 | 3; \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] 1®_®2®_®3 \end{cfa} \begin{cfa}[belowskip=0pt] sepSet( sout, store ); §\C{// change separator back to original}§ sout | 1 | 2 | 3; \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt] 1® ®2® ®3 \end{cfa} \item \Indexc{sepSetTuple}\index{manipulator!sepSetTuple@©sepSetTuple©} and \Indexc{sepTupleVal}\index{manipulator!sepTupleVal@©sepTupleVal©}/\Indexc{sepGetTuple}\index{manipulator!sepGetTuple@©sepGetTuple©} get and set the tuple separator-string. The tuple separator-string can be at most 16 characters including the ©'\0'© string terminator (15 printable characters). \begin{cfa}[belowskip=0pt] sepSetTuple( sout, " " ); §\C{// set tuple separator from ", " to " "}§ sout | t1 | t2 | " \"" | ®sepTupleVal® | "\""; \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt] 1 2 3 4 5 6 ®" "® \end{cfa} \begin{cfa}[belowskip=0pt] sepSetTuple( sout, ", " ); §\C{// reset tuple separator to ", "}§ sout | t1 | t2 | " \"" | ®sepGetTuple( sout )® | "\""; \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt] 1, 2, 3 4, 5, 6 ®", "® \end{cfa} As for ©sepGet©, ©sepGetTuple© can be use to store a tuple separator and then restore it. \item \Indexc{sepOff}\index{manipulator!sepOff@©sepOff©} and \Indexc{sepOn}\index{manipulator!sepOn@©sepOn©} globally toggle printing the separator. \begin{cfa}[belowskip=0pt] sout | ®sepOff® | 1 | 2 | 3; §\C{// turn off implicit separator}§ \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] 123 \end{cfa} \begin{cfa}[belowskip=0pt] sout | ®sepOn® | 1 | 2 | 3; §\C{// turn on implicit separator}§ \end{cfa} \begin{cfa}[mathescape=off,showspaces=true,aboveskip=0pt,belowskip=0pt] 1 2 3 \end{cfa} \item \Indexc{sep}\index{manipulator!sep@©sep©} and \Indexc{nosep}\index{manipulator!nosep@©nosep©} locally toggle printing the separator with respect to the next printed item, and then return to the global separator setting. \begin{cfa}[belowskip=0pt] sout | 1 | ®nosep® | 2 | 3; §\C{// turn off implicit separator for the next item}§ \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] 12 3 \end{cfa} \begin{cfa}[belowskip=0pt] sout | sepOff | 1 | ®sep® | 2 | 3; §\C{// turn on implicit separator for the next item}§ \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] 1 23 \end{cfa} The tuple separator also responses to being turned on and off. \begin{cfa}[belowskip=0pt] sout | t1 | ®nosep® | t2; §\C{// turn off implicit separator for the next item}§ \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] 1, 2, 34, 5, 6 \end{cfa} ©sep© \emph{cannot} be used to start/end a line with a separator because separators do not appear at the start/end of a line. Use ©sep© to accomplish this functionality. \begin{cfa}[belowskip=0pt] sout | ®sep® | 1 | 2 | 3 | ®sep®; §\C{// sep does nothing at start/end of line}§ \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] 1 2 3 \end{cfa} \begin{cfa}[belowskip=0pt] sout | ®sepVal® | 1 | 2 | 3 | ®sepVal® ; §\C{// use sepVal to print separator at start/end of line}§ \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] ® ®1 2 3® ® \end{cfa} \end{enumerate} \subsection{Newline Manipulators} The following \Index{manipulators} control \Index{newline separation} for input and output. For input: \begin{enumerate}[parsep=0pt] \item \Indexc{nlOn}\index{manipulator!nlOn@©nlOn©} reads the newline character, when reading single characters. \item \Indexc{nlOff}\index{manipulator!nlOff@©nlOff©} does \emph{not} read the newline character, when reading single characters. \item \Indexc{nl}\index{manipulator!nl@©nl©} scans characters until the next newline character, \ie ignore the remaining characters in the line. If ©nlOn© is enabled, the ©nl© is also consumed. \end{enumerate} For example, in: \begin{cfa} int i, j; sin | i | ®nl® | j; 1 ®2® 3 \end{cfa} variable ©i© is assigned 1, the 2 is skipped, and variable ©j© is assigned 3. For example, in: \begin{cquote} \begin{tabular}{@{}l@{\hspace{3em}}l@{}} \begin{cfa} char ch sin | ch; // read X X \end{cfa} & \begin{cfa} sin | ®nlOn®; // enable reading newlines sin | ch; // read newline \end{cfa} \end{tabular} \end{cquote} the left example skips the newline and reads ©'X'© into ©ch©, while the right example reads the newline into ©ch©. For output: \begin{enumerate}[parsep=0pt] \item \Indexc{nlOn}\index{manipulator!nlOn@©nlOn©} implicitly prints a newline at the end of each output expression. \item \Indexc{nlOff}\index{manipulator!nlOff@©nlOff©} does \emph{not} implicitly print a newline at the end of each output expression. \item \Indexc{nl}\index{manipulator!nl@©nl©} inserts a newline. \begin{cfa} sout | ®nl®; §\C{// only print newline}§ sout | 2; §\C{// implicit newline}§ sout | 3 | ®nl® | 4 | ®nl®; §\C{// terminating nl merged with implicit newline}§ sout | 5 | ®nl® | ®nl®; §\C{// again terminating nl merged with implicit newline}§ sout | 6; §\C{// implicit newline}§ 2 3 4 5 6 \end{cfa} Note, a terminating ©nl© is merged with (overrides) the implicit newline at the end of the ©sout© expression, otherwise it is impossible to print a single newline \end{enumerate} \subsection{Output Manipulators} The following \Index{manipulator}s control formatting (printing) of the argument output values. \begin{enumerate} \item \Indexc{bin}( integer )\index{manipulator!bin@©bin©} print value in base 2 preceded by ©0b©/©0B©. \begin{cfa}[belowskip=0pt] sout | bin( 0 ) | bin( 27HH ) | bin( 27H ) | bin( 27 ) | bin( 27L ); 0b0 0b11011 0b11011 0b11011 0b11011 sout | bin( -27HH ) | bin( -27H ) | bin( -27 ) | bin( -27L ); 0b11100101 0b1111111111100101 0b11111111111111111111111111100101 0b®(58 1s)®100101 \end{cfa} \item \Indexc{oct}( integer )\index{manipulator!oct@©oct©} print value in base 8 preceded by ©0©. \begin{cfa}[belowskip=0pt] sout | oct( 0 ) | oct( 27HH ) | oct( 27H ) | oct( 27 ) | oct( 27L ); ®0® 033 033 033 033 sout | oct( -27HH ) | oct( -27H ) | oct( -27 ) | oct( -27L ); 0345 0177745 037777777745 01777777777777777777745 \end{cfa} Note, octal 0 is \emph{not} preceded by ©0© to prevent confusion. \item \Indexc{hex}( integer / floating-point )\index{manipulator!hex@©hex©} print value in base 16 preceded by ©0x©/©0X©. \begin{cfa}[belowskip=0pt] sout | hex( 0 ) | hex( 27HH ) | hex( 27H ) | hex( 27 ) | hex( 27L ); 0x0 0x1b 0x1b 0x1b 0x1b sout | hex( -27HH ) | hex( -27H ) | hex( -27 ) | hex( -27L ); 0xe5 0xffe5 0xffffffe5 0xffffffffffffffe5 sout | hex( 0.0 ) | hex( 27.5F ) | hex( 27.5 ) | hex( 27.5L ); 0x0p+0 0x1.b8p+4 0x1.b8p+4 0xd.cp+1 sout | hex( -27.5F ) | hex( -27.5 ) | hex( -27.5L ); -0x1.b8p+4 -0x1.b8p+4 -0xd.cp+1 \end{cfa} \item \Indexc{sci}( floating-point )\index{manipulator!sci@©sci©} print value in scientific notation with exponent. Default is 6 digits of precision. \begin{cfa}[belowskip=0pt] sout | sci( 0.0 ) | sci( 27.5 ) | sci( -27.5 ); 0.000000e+00 2.750000e+01 -2.750000e+01 \end{cfa} \item \Indexc{eng}( floating-point )\index{manipulator!eng@©eng©} print value in engineering notation with exponent, which means the exponent is adjusted to a multiple of 3. \begin{cfa}[belowskip=0pt] sout | eng( 0.0 ) | eng( 27000.5 ) | eng( -27.5e7 ); 0®e0® 27.0005®e3® -275®e6® \end{cfa} \item \Indexc{unit}( engineering-notation )\index{manipulator!unit@©unit©} print engineering exponent as a letter between the range $10^{-24}$ and $10^{24}$: \begin{cquote} ©y© $\Rightarrow 10^{-24}$, ©z© $\Rightarrow 10^{-21}$, ©a© $\Rightarrow 10^{-18}$, ©f© $\Rightarrow 10^{-15}$, ©p© $\Rightarrow 10^{-12}$, ©n© $\Rightarrow 10^{-9}$, ©u© $\Rightarrow 10^{-6}$, ©m© $\Rightarrow 10^{-3}$, ©K© $\Rightarrow 10^{3}$, ©M© $\Rightarrow 10^{6}$, ©G© $\Rightarrow 10^{9}$, ©T© $\Rightarrow 10^{12}$, ©P© $\Rightarrow 10^{15}$, ©E© $\Rightarrow 10^{18}$, ©Z© $\Rightarrow 10^{21}$, ©Y© $\Rightarrow 10^{24}$. \end{cquote} For exponent $10^{0}$, no decimal point or letter is printed. \begin{cfa}[belowskip=0pt] sout | unit(eng( 0.0 )) | unit(eng( 27000.5 )) | unit(eng( -27.5e7 )); 0 27.0005®K® -275®M® \end{cfa} \item \Indexc{upcase}( bin / hex / floating-point )\index{manipulator!upcase@©upcase©} print letters in a value in upper case. Lower case is the default. \begin{cfa}[belowskip=0pt] sout | upcase( bin( 27 ) ) | upcase( hex( 27 ) ) | upcase( 27.5e-10 ) | upcase( hex( 27.5 ) ); 0®B®11011 0®X®1®B® 2.75®E®-09 0®X®1.®B®8®P®+4 \end{cfa} \item \Indexc{nobase}( integer )\index{manipulator!nobase@©nobase©} do not precede ©bin©, ©oct©, ©hex© with ©0b©/©0B©, ©0©, or ©0x©/©0X©. Printing the base is the default. \begin{cfa}[belowskip=0pt] sout | nobase( bin( 27 ) ) | nobase( oct( 27 ) ) | nobase( hex( 27 ) ); 11011 33 1b \end{cfa} \item \Indexc{nodp}( floating-point )\index{manipulator!nodp@©nodp©} do not print a decimal point if there are no fractional digits. Printing a decimal point is the default, if there are no fractional digits. \begin{cfa}[belowskip=0pt] sout | 0. | nodp( 0. ) | 27.0 | nodp( 27.0 ) | nodp( 27.5 ); 0.0 ®0® 27.0 ®27® 27.5 \end{cfa} \item \Indexc{sign}( integer / floating-point )\index{manipulator!sign@©sign©} prefix with plus or minus sign (©+© or ©-©). Only printing the minus sign is the default. \begin{cfa}[belowskip=0pt] sout | sign( 27 ) | sign( -27 ) | sign( 27. ) | sign( -27. ) | sign( 27.5 ) | sign( -27.5 ); ®+®27 -27 ®+®27.0 -27.0 ®+®27.5 -27.5 \end{cfa} \item \Indexc{wd}( minimum, value )\index{manipulator!wd@©wd©}, ©wd©( minimum, precision, value ) For all types, minimum is the number of printed characters. If the value is shorter than the minimum, it is padded on the right with spaces. \begin{cfa}[belowskip=0pt] sout | wd( 4, 34) | wd( 3, 34 ) | wd( 2, 34 ); sout | wd( 10, 4.) | wd( 9, 4. ) | wd( 8, 4. ); sout | wd( 4, "ab" ) | wd( 3, "ab" ) | wd( 2, "ab" ); \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt] ® ®34 ® ®34 34 ® ®4.000000 ® ®4.000000 4.000000 ® ®ab ® ®ab ab \end{cfa} If the value is larger, it is printed without truncation, ignoring the minimum. \begin{cfa}[belowskip=0pt] sout | wd( 4, 34567 ) | wd( 3, 34567 ) | wd( 2, 34567 ); sout | wd( 4, 3456. ) | wd( 3, 3456. ) | wd( 2, 3456. ); sout | wd( 4, "abcde" ) | wd( 3, "abcde" ) | wd( 2,"abcde" ); \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] 3456®7® 345®67® 34®567® 3456®.® 345®6.® 34®56.® abcd®e® abc®de® ab®cde® \end{cfa} For integer types, precision is the minimum number of printed digits. If the value is shorter, it is padded on the left with leading zeros. \begin{cfa}[belowskip=0pt] sout | wd( 4,3, 34 ) | wd( 8,4, 34 ) | wd( 10,10, 34 ); \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] ®0®34 ®00®34 ®00000000®34 \end{cfa} If the value is larger, it is printed without truncation, ignoring the precision. \begin{cfa}[belowskip=0pt] sout | wd( 4,1, 3456 ) | wd( 8,2, 3456 ) | wd( 10,3, 3456 ); \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] 3456 3456 3456 \end{cfa} If precision is 0, nothing is printed for zero. If precision is greater than the minimum, it becomes the minimum. \begin{cfa}[belowskip=0pt] sout | wd( 4,0, 0 ) | wd( 3,10, 34 ); \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] ® ® ®00000000®34 \end{cfa} For floating-point types, precision is the minimum number of digits after the decimal point. \begin{cfa}[belowskip=0pt] sout | wd( 6,3, 27.5 ) | wd( 8,1, 27.5 ) | wd( 8,0, 27.5 ) | wd( 3,8, 27.5 ); \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] 27.®500® 27.®5® 28. 27.®50000000® \end{cfa} For the C-string type, precision is the maximum number of printed characters, so the string is truncated if it exceeds the maximum. \begin{cfa}[belowskip=0pt] sout | wd( 6,8, "abcd" ) | wd( 6,8, "abcdefghijk" ) | wd( 6,3, "abcd" ) | ®wd( 10, "" )® | 'X'; \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] abcd abcdefgh abc® ®X \end{cfa} Note, printing the null string with minimum width L pads with L spaces. \item \begin{sloppypar} \Indexc{ws}( minimum, significant, floating-point )\index{manipulator!ws@©ws©} For floating-point types, minimum is the same as for manipulator ©wd©, but significant is the maximum number of significant digits to be printed for both the integer and fractions (versus only the fraction for ©wd©). If a value's significant digits is greater than significant, the last significant digit is rounded up. \end{sloppypar} \begin{cfa}[belowskip=0pt] sout | ws(6,6, 234.567) | ws(6,5, 234.567) | ws(6,4, 234.567) | ws(6,3, 234.567); \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] 234.567 234.5®7® 234.®6® 23®5® \end{cfa} If a value's magnitude is greater than significant, the value is printed in scientific notation with the specified number of significant digits. \begin{cfa}[belowskip=0pt] sout | ws(6,6, 234567.) | ws(6,5, 234567.) | ws(6,4, 234567.) | ws(6,3, 234567.); \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] 234567. 2.3457®e+05® 2.346®e+05® 2.35®e+05® \end{cfa} If significant is greater than minimum, it defines the number of printed characters. \begin{cfa}[belowskip=0pt] sout | ws(3,6, 234567.) | ws(4,6, 234567.) | ws(5,6, 234567.) | ws(6,6, 234567.); \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] 234567. 234567. 234567. 234567. \end{cfa} \item \Indexc{left}( field-width )\index{manipulator!left@©left©} left justify within the given field. \begin{cfa}[belowskip=0pt] sout | left(wd(4, 27)) | left(wd(10, 27.)) | left(wd(10, 27.5)) | left(wd(4,3, 27)) | left(wd(10,3, 27.5)); \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] 27® ® 27.000000 27.500000 027 27.500® ® \end{cfa} \item \Indexc{pad0}( field-width )\index{manipulator!pad0@©pad0©} left pad with zeroes (0). \begin{cfa}[belowskip=0pt] sout | pad0( wd( 4, 27 ) ) | pad0( wd( 4,3, 27 ) ) | pad0( wd( 8,3, 27.5 ) ); ®00®27 ®0®27 ®00®27.500 \end{cfa} \end{enumerate} \begin{comment} #include #include // strcpy int main( void ) { int x = 1, y = 2, z = 3; sout | x | y | z; [int, [ int, int ] ] t1 = [ 1, [ 2, 3 ] ], t2 = [ 4, [ 5, 6 ] ]; sout | t1 | t2; // print tuples sout | x * 3 | y + 1 | z << 2 | x == y | (x | y) | (x || y) | (x > z ? 1 : 2); sout | 1 | 2 | 3; sout | '1' | '2' | '3'; sout | 1 | "" | 2 | "" | 3; sout | "x (" | 1 | "x [" | 2 | "x {" | 3 | "x =" | 4 | "x $" | 5 | "x £" | 6 | "x ¥" | 7 | "x ¡" | 8 | "x ¿" | 9 | "x «" | 10; sout | 1 | ", x" | 2 | ". x" | 3 | "; x" | 4 | "! x" | 5 | "? x" | 6 | "% x" | 7 | "¢ x" | 8 | "» x" | 9 | ") x" | 10 | "] x" | 11 | "} x"; sout | "x`" | 1 | "`x'" | 2 | "'x\"" | 3 | "\"x:" | 4 | ":x " | 5 | " x\t" | 6 | "\tx"; sout | "x ( " | 1 | " ) x" | 2 | " , x" | 3 | " :x: " | 4; sepSet( sout, ", $" ); // set separator from " " to ", $" sout | 1 | 2 | 3 | " \"" | sep | "\""; sepSet( sout, " " ); // reset separator to " " sout | 1 | 2 | 3 | " \"" | sepGet( sout ) | "\""; char store[sepSize]; strcpy( store, sepGet( sout ) ); sepSet( sout, "_" ); sout | 1 | 2 | 3; sepSet( sout, store ); sout | 1 | 2 | 3; sepSetTuple( sout, " " ); // set tuple separator from ", " to " " sout | t1 | t2 | " \"" | sepTuple | "\""; sepSetTuple( sout, ", " ); // reset tuple separator to ", " sout | t1 | t2 | " \"" | sepGetTuple( sout ) | "\""; sout | sepOff | 1 | 2 | 3; // globally turn off implicit separator sout | sepOn | 1 | 2 | 3; // globally turn on implicit separator sout | 1 | nosep | 2 | 3; // locally turn on implicit separator sout | sepOff | 1 | sep | 2 | 3; // globally turn off implicit separator sout | sepOn; sout | t1 | nosep | t2; // locally turn on/off implicit separator sout | sep | 1 | 2 | 3 | sep ; // sep does nothing at start/end of line sout | sep | 1 | 2 | 3 | sep ; // use sep to print separator at start/end of line } // Local Variables: // // tab-width: 4 // // fill-column: 100 // // End: // \end{comment} \subsection{Input Manipulators} \label{s:InputManipulators} A string variable \emph{must} be large enough to contain the input sequence. To force programmers to consider buffer overruns for C-string input, C-strings may only be read with a width field, which should specify a size less than or equal to the C-string size, \eg: \begin{cfa} char line[64]; sin | wdi( ®sizeof(line)®, line ); §\C{// must specify string size}§ \end{cfa} Certain input manipulators support a \newterm{scanset}, which is a simple regular expression, where the matching set contains any Latin-1 character (8-bits) or character ranges using minus. For example, the scanset \lstinline{"a-zA-Z -/?§"} matches any number of characters between ©'a'© and ©'z'©, between ©'A'© and ©'Z'©, between space and ©'/'©, and characters ©'?'© and (Latin-1) ©'§'©. The following string is matched by this scanset: \begin{cfa} !&%$ abAA () ZZZ ??§\S§ xx§\S\S§ \end{cfa} To match a minus, make it the first character in the set, \eg ©"©{\color{red}\raisebox{-1pt}{\texttt{-}}}©0-9"©. Other complex forms of regular-expression matching are unsupported. The following \Index{manipulator}s control scanning of input values (reading) and only affect the format of the argument. \begin{enumerate} \item \Indexc{skip}( \textit{scanset} )\index{manipulator!skip@©skip©}, ©skip©( $N$ ) consumes either the \textit{scanset} or the next $N$ characters, including newlines. If the match successes, the input characters are ignored, and input continues with the next character. If the match fails, the input characters are left unread. \begin{cfa}[belowskip=0pt] char scanset[§\,§] = "abc"; sin | "abc§\textvisiblespace§" | skip( scanset ) | skip( 5 ); §\C{// match and skip input sequence}§ \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] ®abc abc xxx® \end{cfa} Again, the blank in the format string ©"abc©\textvisiblespace©"© matches any number of whitespace characters. \item \Indexc{wdi}( \textit{maximum}, ©T & v© )\index{manipulator!wdi@©wdi©} For all types except ©char *©, whitespace is skipped and the longest sequence of non-whitespace characters matching an appropriate typed (©T©) value is read, converted into its corresponding internal form, and written into the ©T© variable. \textit{maximum} is the maximum number of characters read for the current value rather than the longest sequence. \begin{cfa}[belowskip=0pt] char ch; char ca[3]; int i; double d; sin | wdi( sizeof(ch), ch ) | wdi( sizeof(ca), ca[0] ) | wdi( 3, i ) | wdi( 8, d ); // c == 'a', ca == "bcd", i == 123, d == 345.6 \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] ®abcd1233.456E+2® \end{cfa} Here, ©ca[0]© is type ©char©, so the width reads 3 characters \Textbf{without} a null terminator. If an input value is not found for a variable, the exception ©missing_data© is raised, and the input variable is unchanged. Note, input ©wdi© cannot be overloaded with output ©wd© because both have the same parameters but return different types. Currently, \CFA cannot distinguish between these two manipulators in the middle of an ©sout©/©sin© expression based on return type. \item \Indexc{wdi}( $maximum\ size$, ©char s[]© )\index{manipulator!wdi@©wdi©} For type ©char *©, whitespace is skippped and the longest sequence of non-whitespace characters is read, without conversion, and written into the string variable (null terminated). $maximum\ size$ is the maximum number of characters in the string variable. If the non-whitespace sequence of input characters is greater than $maximum\ size - 1$ (null termination), the exception ©cstring_length© is raised. \begin{cfa}[belowskip=0pt] char cs[10]; sin | wdi( sizeof(cs), cs ); \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] ®012345678® \end{cfa} Nine non-whitespace character are read and the null character is added to make ten. \item \Indexc{wdi}( $maximum\ size$, $maximum\ read$, ©char s[]© )\index{manipulator!wdi@©wdi©} This manipulator is the same as the previous one, except $maximum$ $read$ is the maximum number of characters read for the current value rather than the longest sequence, where $maximum\ read$ $\le$ $maximum\ size$. \begin{cfa}[belowskip=0pt] char cs[10]; sin | wdi( sizeof(cs), 9, cs ); \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] ®012345678®9 \end{cfa} The exception ©cstring_length© is not raised, because the read stops reading after nine characters. \item \Indexc{getline}( $wdi\ manipulator$, ©const char delimiter = '\n'© )\index{manipulator!getline@©getline©} consumes the scanset ©"[^D]D"©, where ©D© is the ©delimiter© character, which reads all characters from the current input position to the delimiter character into the string (null terminated), and consumes and ignores the delimiter. If the delimiter character is omitted, it defaults to ©'\n'© (newline). \begin{cfa}[belowskip=0pt] char cs[10]; sin | getline( wdi( sizeof(cs), cs ) ); sin | getline( wdi( sizeof(cs), cs ), 'X' ); §\C{// X is the line delimiter}§ \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] ®abc ?? #@%® ®abc ?? #@%X® w \end{cfa} The same value is read for both input strings. \item \Indexc{quoted}( ©char & ch©, ©const char Ldelimiter = '\''©, ©const char Rdelimiter = '\0'© )\index{manipulator!quoted@©quoted©} consumes the string ©"LCR"©, where ©L© is the left ©delimiter© character, ©C© is the value in ©ch©, and ©R© is the right delimiter character, which skips whitespace, consumes and ignores the left delimiter, reads a single character into ©ch©, and consumes and ignores the right delimiter (3 characters). If the delimit character is omitted, it defaults to ©'\''© (single quote). \begin{cfa}[belowskip=0pt] char ch; sin | quoted( ch ); sin | quoted( ch, '"' ); sin | quoted( ch, '[', ']' ); \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] ® 'a' "a"[a]® \end{cfa} \item \begin{sloppypar} \Indexc{quoted}( $wdi\ manipulator$, ©const char Ldelimiter = '\''©, ©const char Rdelimiter = '\0'© )\index{manipulator!quoted@©quoted©} consumes the scanset ©"L[^R]R"©, where ©L© is the left ©delimiter© character and ©R© is the right delimiter character, which skips whitespace, consumes and ignores the left delimiter, reads characters until the right-delimiter into the string variable (null terminated), and consumes and ignores the right delimiter. If the delimit character is omitted, it defaults to ©'\''© (single quote). \end{sloppypar} \begin{cfa}[belowskip=0pt] char cs[10]; sin | quoted( wdi( sizeof(cs), cs ) ); §\C[3in]{// " is the start/end delimiter}§ sin | quoted( wdi( sizeof(cs), cs ), '\'' ); §\C{// ' is the start/end delimiter}§ sin | quoted( wdi( sizeof(cs), cs ), '[', ']' ); §\C{// [ is the start and ] is the end delimiter}\CRT§ \end{cfa} \begin{cfa}[showspaces=true] ® "abc" 'abc'[abc]® \end{cfa} \item \Indexc{incl}( scanset, $wdi\ manipulator$ )\index{manipulator!incl@©incl©} consumes the scanset, which reads all the scanned characters into the string variable (null terminated). \begin{cfa}[belowskip=0pt] char cs[10]; sin | incl( "abc", cs ); \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] ®bca®xyz \end{cfa} \item \Indexc{excl}( scanset, $wdi\ manipulator$ )\index{manipulator!excl@©excl©} consumes the \emph{not} scanset, which reads all the scanned characters into the string variable (null terminated). \begin{cfa}[belowskip=0pt] char cs[10]; sin | excl( "abc", cs ); \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] ®xyz®bca \end{cfa} \item \Indexc{ignore}( ©T & v© or ©const char cs[]© or $string\ manipulator$ )\index{manipulator!ignore@©ignore©} consumes the appropriate characters for the type and ignores them, so the input variable is unchanged. \begin{cfa} double d; char cs[10]; sin | ignore( d ); §\C{// d is unchanged}§ sin | ignore( cs ); §\C{// cs is unchanged, no wdi required}§ sin | ignore( quoted( wdi( sizeof(cs), cs ) ) ); §\C{// cs is unchanged}§ \end{cfa} \begin{cfa}[showspaces=true,aboveskip=0pt,belowskip=0pt] ® -75.35e-4 25 "abc"® \end{cfa} \end{enumerate} \subsection{Concurrent Stream Access} When a stream is shared by multiple threads, input or output characters can be intermixed or cause failure. For example, if two threads execute the following: \begin{cfa} §\emph{thread\(_1\)}§ : sout | "abc " | "def "; §\emph{thread\(_2\)}§ : sout | "uvw " | "xyz "; \end{cfa} possible outputs are: \begin{cquote} \begin{tabular}{@{}l|l|l|l|l@{}} \begin{cfa} abc def uvw xyz \end{cfa} & \begin{cfa} abc uvw xyz def \end{cfa} & \begin{cfa} uvw abc xyz def \end{cfa} & \begin{cfa} abuvwc dexf yz \end{cfa} & \begin{cfa} uvw abc def xyz \end{cfa} \end{tabular} \end{cquote} Concurrent operations can even corrupt the internal state of the stream resulting in failure. As a result, some form of mutual exclusion is required for concurrent stream access. A coarse-grained solution is to perform all stream operations via a single thread or within a monitor providing the necessary mutual exclusion for the stream. A fine-grained solution is to have a lock for each stream, which is acquired and released around stream operations by each thread. \CFA provides a fine-grained solution where a \Index{recursive lock} is acquired and released indirectly via a manipulator ©acquire© or instantiating an \Index{RAII} type specific for the kind of stream: ©osacquire©\index{ostream@©ostream©!osacquire@©osacquire©} for output streams and ©isacquire©\index{isacquire@©isacquire©}\index{istream@©istream©!isacquire@©isacquire©} for input streams. The common usage is the short form of the mutex statement\index{ostream@©ostream©!mutex@©mutex©} to lock a stream during a single cascaded I/O expression, \eg: \begin{cfa} §\emph{thread\(_1\)}§ : ®mutex( sout )® sout | "abc " | "def "; §\emph{thread\(_2\)}§ : ®mutex( sout )® sout | "uvw " | "xyz "; \end{cfa} Now, the order of the thread execution is still non-deterministic, but the output is constrained to two possible lines in either order. \begin{cquote} \def\VRfont{\fontfamily{pcr}\upshape\selectfont} \begin{tabular}{@{}l|l@{}} \begin{cfa} abc def uvw xyz \end{cfa} & \begin{cfa} uvw xyz abc def \end{cfa} \end{tabular} \end{cquote} In summary, the stream lock is acquired by the ©acquire© manipulator and implicitly released at the end of the cascaded I/O expression ensuring all operations in the expression occur atomically. To lock a stream across multiple I/O operations, he long form of the mutex statement is used, \eg: \begin{cfa} ®mutex( sout )® { sout | 1; ®mutex( sout ) sout® | 2 | 3; §\C{// unnecessary, but ok because of recursive lock}§ sout | 4; } // implicitly release sout lock \end{cfa} Note, the unnecessary ©mutex© in the middle of the mutex statement, works because the recursive stream-lock can be acquired/released multiple times by the owner thread. Hence, calls to functions that also acquire a stream lock for their output do not result in \Index{deadlock}. The previous values written by threads 1 and 2 can be read in concurrently: \begin{cfa} ®mutex( sin )® { int x, y, z, w; sin | x; ®mutex( sin )® sin | y | z; §\C{// unnecessary, but ok because of recursive lock}§ sin | w; } // implicitly release sin lock \end{cfa} Again, the order of the reading threads is non-deterministic. Note, non-deterministic reading is rare. \Textbf{WARNING:} The general problem of \Index{nested locking} can occur if routines are called in an I/O sequence that block, \eg: \begin{cfa} ®mutex( sout )® sout | "data:" | rtn( mon ); §\C{// mutex call on monitor}§ \end{cfa} If the thread executing the I/O expression blocks in the monitor with the ©sout© lock, other threads writing to ©sout© also block until the thread holding the lock is unblocked and releases it. This scenario can lead to \Index{deadlock}, if the thread that is going to unblock the thread waiting in the monitor first writes to ©sout© (deadly embrace). To prevent nested locking, a simple precaution is to factor out the blocking call from the expression, \eg: \begin{cfa} int ®data® = rtn( mon ); mutex( sout ) sout | "data:" | ®data®; \end{cfa} \subsection{Locale} \index{stream!locale} \index{locale!stream} Cultures use different syntax, called a \newterm{locale}, for printing numbers so they are easier to read, \eg: \begin{cfa} 12®,®345®.®123 §\C[1.25in]{// comma separator, period decimal-point}§ 12®.®345®,®123 §\C{// period separator, comma decimal-point}§ 12§\Sp§345®,®123®.® §\C{// space separator, comma decimal-point, period terminator}\CRT§ \end{cfa} A locale is selected with function ©setlocale©, and the corresponding locale package \emph{must} be installed on the underlying system; ©setlocale© returns ©0p© if the requested locale is unavailable. Furthermore, a locale covers the syntax for many cultural items, \eg address, measurement, money, etc. This discussion applies to item ©LC_NUMERIC© for formatting non-monetary integral and floating-point values. \VRef[Figure]{f:StreamLocale} shows selecting different cultural syntax, which may be associated with one or more countries. \begin{figure} \begin{cfa} #include #include §\C{// setlocale}§ #include §\C{// getenv}§ int main() { void print() { sout | 12 | 123 | 1234 | 12345 | 123456 | 1234567; sout | 12. | 123.1 | 1234.12 | 12345.123 | 123456.1234 | 1234567.12345; sout | nl; } sout | "Default locale off"; print(); sout | "Locale on" | ®setlocale( LC_NUMERIC, getenv( "LANG" ) )®; // enable local locale print(); sout | "German" | ®setlocale( LC_NUMERIC, "de_DE.UTF-8" )®; // enable German locale print(); sout | "Ukraine" | ®setlocale( LC_NUMERIC, "uk_UA.utf8" )®; // enable Ukraine locale print(); sout | "Default locale off" | ®setlocale( LC_NUMERIC, "C" )®; // disable locale print(); } Default locale off 12 123 1234 12345 123456 1234567 12. 123.1 1234.12 12345.123 123456.1234 1234567.12345 Locale on en_US.UTF-8 12 123 1®,®234 12®,®345 123®,®456 1®,®234®,®567 12®.® 123®.®1 1®,®234®.®12 12®,®345®.®123 123®,®456®.®1234 1®,®234®,®567®.®12345 German de_DE.UTF-8 12 123 1®.®234 12®.®345 123®.®456 1®.®234®.®567 12®.® 123®,®1®.® 1®.®234®,®12 12®.®345®,®123 123®.®456®,®1234 1®.®234®.®567®,®12345 Ukraine uk_UA.utf8 12 123 1 234 12 345 123 456 1 234 567 12®.® 123®,®1®.® 1§\Sp§234®,®12®.® 12§\Sp§ 345®,®123®.® 123§\Sp§ 456®,®1234®.® 1§\Sp§ 234§\Sp§567®,®12345®.® Default locale off C 12 123 1234 12345 123456 1234567 12. 123.1 1234.12 12345.123 123456.1234 1234567.12345 \end{cfa} \caption{Stream Locale} \label{f:StreamLocale} \end{figure} \section{String Stream} The stream types ©ostrstream© and ©istrstream© provide all the stream formatting capabilities to/from a C string rather than a stream file. \VRef[Figure]{f:StringStreamProcessing} shows writing (output) to and reading (input) from a C string. The only string stream operations different from a file stream are: \begin{itemize}[topsep=4pt,itemsep=2pt,parsep=0pt] \item constructors to create a stream that writes to a write buffer (©ostrstream©) of ©size©, or reads from a read buffer (©istrstream©) containing a C string terminated with ©'\0'©. \begin{cfa} void ?{}( ostrstream &, char buf[], size_t size ); void ?{}( istrstream & is, char buf[] ); \end{cfa} \item \Indexc{write} (©ostrstream© only) writes all the buffered characters to the specified stream (©stdout© default). \begin{cfa} ostrstream & write( ostrstream & os, FILE * stream = stdout ); \end{cfa} There is no ©read© for ©istrstream©. \end{itemize} \begin{figure} \begin{cfa} #include #include int main() { enum { size = 256 }; char buf[size]; §\C{// output buffer}§ ®ostrstream osstr = { buf, size };® §\C{// bind output buffer/size}§ int i = 3, j = 5, k = 7; double x = 12345678.9, y = 98765.4321e-11; osstr | i | hex(j) | wd(10, k) | sci(x) | unit(eng(y)) | "abc"; write( osstr ); §\C{// write string to stdout}§ printf( "%s", buf ); §\C{// same lines of output}§ sout | i | hex(j) | wd(10, k) | sci(x) | unit(eng(y)) | "abc"; char buf2[] = "12 14 15 3.5 7e4 abc"; §\C{// input buffer}§ ®istrstream isstr = { buf2 };® char s[10]; isstr | i | j | k | x | y | s; sout | i | j | k | x | y | s; } \end{cfa} \begin{cfa}[showspaces=true] 3 0x5 7 1.234568e+07 987.654n abc 3 0x5 7 1.234568e+07 987.654n abc 3 0x5 7 1.234568e+07 987.654n abc 12 14 15 3.5 70000. abc \end{cfa} \caption{String Stream Processing} \label{f:StringStreamProcessing} \end{figure} \begin{comment} \section{Types} \subsection{Type Definitions} \CFA allows users to define new types using the keyword type. \begin{cfa} // SensorValue is a distinct type and represented as an int type SensorValue = int; \end{cfa} A type definition is different from a typedef in C because a typedef just creates an alias for a type, while Do.s type definition creates a distinct type. This means that users can define distinct function overloads for the new type \see{\VRef{s:Overloading} for more information}. For example: \begin{cfa} type SensorValue = int; void printValue(int v) {...} void printValue(SensorValue v) {...} void process(int v) {...} SensorValue s = ...; printValue(s); // calls version with SensorValue argument printValue((int) s); // calls version with int argument process(s); // implicit conversion to int \end{cfa} If SensorValue was defined with a typedef, then these two print functions would not have unique signatures. This can be very useful to create a distinct type that has the same representation as another type. The compiler will assume it can safely convert from the old type to the new type, implicitly. Users may override this and define a function that must be called to convert from one type to another. \begin{cfa} type SensorValue = int; // ()? is the overloaded conversion operator identifier // This function converts an int to a SensorValue SensorValue ()?(int val) { ... } void process(int v) {...} SensorValue s = ...; process(s); // implicit call to conversion operator \end{cfa} In many cases, it is not desired for the compiler to do this implicit conversion. To avoid that, the user can use the explicit modifier on the conversion operator. Any places where the conversion is needed but not explicit (with a cast), will result in a compile-time error. \begin{cfa} type SensorValue = int; // conversion from int to SensorValue; must be explicit explicit SensorValue ()?(int val) { ... } void process(int v) {...} SensorValue s = ...; process(s); // implicit cast to int: compile-time error process((int) s); // explicit cast to int: calls conversion func \end{cfa} The conversion may not require any code, but still need to be explicit; in that case, the syntax can be simplified to: \begin{cfa} type SensorValue = int; explicit SensorValue ()?(int); void process(int v) {...} SensorValue s = ...; process(s); // compile-time error process((int) s); // type is converted, no function is called \end{cfa} \end{comment} \section{Structures} Structures in \CFA are basically the same as structures in C. A structure is defined with the same syntax as in C. When referring to a structure in \CFA, users may omit the struct keyword. \begin{cfa} struct Point { double x; double y; }; Point p = {0.0, 0.0}; \end{cfa} \CFA does not support inheritance among types, but instead uses composition to enable reuse of structure fields. Composition is achieved by embedding one type into another. When type A is embedded in type B, an object with type B may be used as an object of type A, and the fields of type A are directly accessible. Embedding types is achieved using anonymous members. For example, using Point from above: \begin{cfa} void foo(Point p); struct ColoredPoint { Point; // anonymous member (no identifier) int Color; }; ... ColoredPoint cp = ...; cp.x = 10.3; // x from Point is accessed directly cp.color = 0x33aaff; // color is accessed normally foo(cp); // cp can be used directly as a Point \end{cfa} \section{Constructors and Destructors} \CFA supports C initialization of structures, but it also adds constructors for more advanced initialization. Additionally, \CFA adds destructors that are called when a variable is deallocated (variable goes out of scope or object is deleted). These functions take a reference to the structure as a parameter \see{\VRef{s:PointerReference} for more information}. \begin{figure} \begin{cfa} struct Widget { int id; float size; int * optionalint; }; // ?{} is the constructor operator identifier // The first argument is a reference to the type to initialize // Subsequent arguments can be specified for initialization void ?{}( Widget & w ) { §\C{// default constructor}§ w.id = -1; w.size = 0.0; w.optionalint = 0p; } // constructor with values (does not need to include all fields) void ?{}( Widget & w, int id, float size ) { w.id = id; w.size = size; w.optionalint = 0p; } // ^?{} is the destructor operator identifier void ^?{}( Widget & w ) { §\C{// destructor}§ w.id = 0; w.size = 0.0; if ( w.optionalint != 0p ) { free( w.optionalint ); w.optionalint = 0p; } } Widget baz; §\C{// reserve space only}§ Widget foo{}; §\C{// calls default constructor}§ Widget bar{ 23, 2.45 }; §\C{// calls constructor with values}§ baz{ 24, 0.91 }; §\C{// calls constructor with values}§ ?{}( baz, 24, 0.91 ); §\C{// explicit call to constructor}§ ^?{} (bar ); §\C{// explicit call to destructor}§ \end{cfa} \caption{Constructors and Destructors} \end{figure} \section{Overloading} \label{s:Overloading} Overloading refers to the capability of a programmer to define and use multiple objects in a program with the same name. In \CFA, a declaration may overload declarations from outer scopes with the same name, instead of hiding them as is the case in C. This may cause identical C and \CFA programs to behave differently. The compiler selects the appropriate object (overload resolution) based on context information at the place where it is used. Overloading allows programmers to give functions with different signatures but similar semantics the same name, simplifying the interface to users. Disadvantages of overloading are that it can be used to give functions with different semantics the same name, causing confusion, or that the compiler may resolve to a different function from what the programmer expected. \CFA allows overloading of functions, operators, variables, and even the constants 0 and 1. The compiler follows some overload resolution rules to determine the best interpretation of all of these overloads. The best valid interpretations are the valid interpretations that use the fewest unsafe conversions. Of these, the best are those where the functions and objects involved are the least polymorphic. Of these, the best have the lowest total conversion cost, including all implicit conversions in the argument expressions. Of these, the best have the highest total conversion cost for the implicit conversions (if any) applied to the argument expressions. If there is no single best valid interpretation, or if the best valid interpretation is ambiguous, then the resulting interpretation is ambiguous. For details about type inference and overload resolution, please see the \CFA Language Specification. \begin{cfa} int foo(int a, int b) { float sum = 0.0; float special = 1.0; { int sum = 0; // both the float and int versions of sum are available float special = 4.0; // this inner special hides the outer version ... } ... } \end{cfa} \subsection{Constant} The constants 0 and 1 have special meaning. In \CFA, as in C, all scalar types can be incremented and decremented, which is defined in terms of adding or subtracting 1. The operations ©&&©, ©||©, and ©!© can be applied to any scalar arguments and are defined in terms of comparison against 0 (ex. ©(a && b)© becomes ©(a != 0 && b != 0)©). In C, the integer constants 0 and 1 suffice because the integer promotion rules can convert them to any arithmetic type, and the rules for pointer expressions treat constant expressions evaluating to 0 as a special case. However, user-defined arithmetic types often need the equivalent of a 1 or 0 for their functions or operators, polymorphic functions often need 0 and 1 constants of a type matching their polymorphic parameters, and user-defined pointer-like types may need a null value. Defining special constants for a user-defined type is more efficient than defining a conversion to the type from ©bool©. Why just 0 and 1? Why not other integers? No other integers have special status in C. A facility that let programmers declare specific constants..const Rational 12., for instance. would not be much of an improvement. Some facility for defining the creation of values of programmer-defined types from arbitrary integer tokens would be needed. The complexity of such a feature does not seem worth the gain. For example, to define the constants for a complex type, the programmer would define the following: \begin{cfa} struct Complex { double real; double imaginary; } const Complex 0 = {0, 0}; const Complex 1 = {1, 0}; ... Complex a = 0; ... a++; ... if (a) { // same as if (a == 0) ... } \end{cfa} \subsection{Variable} \label{s:VariableOverload} The overload rules of \CFA allow a programmer to define multiple variables with the same name, but different types. Allowing overloading of variable names enables programmers to use the same name across multiple types, simplifying naming conventions and is compatible with the other overloading that is allowed. For example, a developer may want to do the following: \begin{cfa} int pi = 3; float pi = 3.14; char pi = .p.; \end{cfa} \subsection{Function Overloading} Overloaded functions in \CFA are resolved based on the number and type of arguments, type of return value, and the level of specialization required (specialized functions are preferred over generic). The examples below give some basic intuition about how the resolution works. \begin{cfa} // Choose the one with less conversions int doSomething(int value) {...} // option 1 int doSomething(short value) {...} // option 2 int a, b = 4; short c = 2; a = doSomething(b); // chooses option 1 a = doSomething(c); // chooses option 2 // Choose the specialized version over the generic generic(type T) T bar(T rhs, T lhs) {...} // option 3 float bar(float rhs, float lhs){...} // option 4 float a, b, c; double d, e, f; c = bar(a, b); // chooses option 4 // specialization is preferred over unsafe conversions f = bar(d, e); // chooses option 5 \end{cfa} \subsection{Operator} \label{s:Operator} \CFA also allows operators to be overloaded, to simplify the use of user-defined types. Overloading the operators allows the users to use the same syntax for their custom types that they use for built-in types, increasing readability and improving productivity. \CFA uses the following special identifiers to name overloaded operators: \begin{table}[hbt] \centering \begin{tabular}{@{}l@{\hspace{\parindentlnth}}l@{\hspace{\parindentlnth}}l@{}} \begin{tabular}{@{}ll@{}} ©?[?]© & subscripting \impl{?[?]} \\ ©?()© & function call \impl{?()} \\ ©?++© & postfix increment \impl{?++} \\ ©?--© & postfix decrement \impl{?--} \\ ©++?© & prefix increment \impl{++?} \\ ©--?© & prefix decrement \impl{--?} \\ ©*?© & dereference \impl{*?} \\ ©+?© & unary plus \impl{+?} \\ ©-?© & arithmetic negation \impl{-?} \\ ©~?© & bitwise negation \impl{~?} \\ ©!?© & logical complement \impl{"!?} \\ ©?\?© & exponentiation \impl{?\?} \\ ©?*?© & multiplication \impl{?*?} \\ ©?/?© & division \impl{?/?} \\ ©?%?© & remainder \impl{?%?} \\ \end{tabular} & \begin{tabular}{@{}ll@{}} ©?+?© & addition \impl{?+?} \\ ©?-?© & subtraction \impl{?-?} \\ ©?<>?© & right shift \impl{?>>?} \\ ©?=?© & greater than or equal \impl{?>=?} \\ ©?>?© & greater than \impl{?>?} \\ ©?==?© & equality \impl{?==?} \\ ©?!=?© & inequality \impl{?"!=?} \\ ©?&?© & bitwise AND \impl{?&?} \\ ©?^?© & exclusive OR \impl{?^?} \\ ©?|?© & inclusive OR \impl{?"|?} \\ \\ \\ \end{tabular} & \begin{tabular}{@{}ll@{}} ©?=?© & simple assignment \impl{?=?} \\ ©?\=?© & exponentiation assignment \impl{?\=?} \\ ©?*=?© & multiplication assignment \impl{?*=?} \\ ©?/=?© & division assignment \impl{?/=?} \\ ©?%=?© & remainder assignment \impl{?%=?} \\ ©?+=?© & addition assignment \impl{?+=?} \\ ©?-=?© & subtraction assignment \impl{?-=?} \\ ©?<<=?© & left-shift assignment \impl{?<<=?} \\ ©?>>=?© & right-shift assignment \impl{?>>=?} \\ ©?&=?© & bitwise AND assignment \impl{?&=?} \\ ©?^=?© & exclusive OR assignment \impl{?^=?} \\ ©?|=?© & inclusive OR assignment \impl{?"|=?} \\ \\ \\ \\ \end{tabular} \end{tabular} \caption{Operator Identifiers} \label{opids} \end{table} These identifiers are defined such that the question marks in the name identify the location of the operands. These operands represent the parameters to the functions, and define how the operands are mapped to the function call. For example, ©a + b© becomes ©?+?(a, b)©. In the example below, a new type, myComplex, is defined with an overloaded constructor, + operator, and string operator. These operators are called using the normal C syntax. \begin{cfa} type Complex = struct { // define a Complex type double real; double imag; } // Constructor with default values void ?{}(Complex &c, double real = 0.0, double imag = 0.0) { c.real = real; c.imag = imag; } Complex ?+?(Complex lhs, Complex rhs) { Complex sum; sum.real = lhs.real + rhs.real; sum.imag = lhs.imag + rhs.imag; return sum; } String ()?(const Complex c) { // use the string conversions for the structure members return (String)c.real + . + . + (String)c.imag + .i.; } ... Complex a, b, c = {1.0}; // constructor for c w/ default imag ... c = a + b; print(.sum = . + c); \end{cfa} \section{Auto Type-Inferencing} Auto type-inferencing occurs in a declaration where a variable's type is inferred from its initialization ex\-pression type. \begin{cquote} \begin{tabular}{@{}l@{\hspace{3em}}ll@{}} \multicolumn{1}{c@{\hspace{3em}}}{\textbf{\CC}} & \multicolumn{1}{c}{\textbf{\Indexc{gcc}}} \\ \begin{cfa} auto j = 3.0 * 4; int i; auto k = i; \end{cfa} & \begin{cfa} #define expr 3.0 * i typeof(expr) j = expr; int i; typeof(i) k = i; \end{cfa} & \begin{cfa} // use type of initialization expression // use type of primary variable \end{cfa} \end{tabular} \end{cquote} The two important capabilities are: \begin{itemize} \item not determining or writing long generic types, \item ensuring secondary variables, related to a primary variable, always have the same type. \end{itemize} In \CFA, ©typedef© provides a mechanism to alias long type names with short ones, both globally and locally, but not eliminate the use of the short name. \Indexc{gcc} provides ©typeof© to declare a secondary variable from a primary variable. \CFA also relies heavily on the specification of the left-hand side of assignment for type inferencing, so in many cases it is crucial to specify the type of the left-hand side to select the correct type of the right-hand expression. Only for overloaded routines \emph{with the same return type} is variable type-inferencing possible. Finally, ©auto© presents the programming problem of tracking down a type when the type is actually needed. For example, given \begin{cfa} auto j = ®...® \end{cfa} and the need to write a routine to compute using ©j© \begin{cfa} void rtn( ®...® parm ); rtn( j ); \end{cfa} A programmer must work backwards to determine the type of ©j©'s initialization expression, reconstructing the possibly long generic type-name. In this situation, having the type name or a short alias is very useful. There is also the conundrum in type inferencing of when to \emph{\Index{brand}} a type. That is, when is the type of the variable more important than the type of its initialization expression. For example, if a change is made in an initialization expression, it can cause cascading type changes and/or errors. At some point, a variable type needs to remain constant and the expression to be in error when it changes. Given ©typedef© and ©typeof© in \CFA, and the strong need to use the type of left-hand side in inferencing, auto type-inferencing is not supported at this time. Should a significant need arise, this feature can be revisited. \begin{comment} \section{Generics} \CFA supports parametric polymorphism to allow users to define generic functions and types. Generics allow programmers to use type variables in place of concrete types so that the code can be reused with multiple types. The type parameters can be restricted to satisfy a set of constraints. This enables \CFA to build fully compiled generic functions and types, unlike other languages like \Index*[C++]{\CC{}} where templates are expanded or must be explicitly instantiated. \subsection{Generic Functions} Generic functions in \CFA are similar to template functions in \Index*[C++]{\CC{}}, and will sometimes be expanded into specialized versions, just like in \CC. The difference, however, is that generic functions in \CFA can also be separately compiled, using function pointers for callers to pass in all needed functionality for the given type. This means that compiled libraries can contain generic functions that can be used by programs linked with them (statically or dynamically). Another advantage over \CC templates is unlike templates, generic functions are statically checked, even without being instantiated. A simple example of using Do.s parametric polymorphism to create a generic swap function would look like this: \begin{cfa} generic(type T) void swap(T &a, T &b) { T tmp = a; a = b; b = a; } int a, b; swap(a, b); Point p1, p2; swap(p1, p2); \end{cfa} Here, instead of specifying types for the parameters a and b, the function has a generic type parameter, type T. This function can be called with any type, and the compiler will handle generating the proper code for that type, using call site inference to determine the appropriate value for T. \subsection{Bounded Quantification} Some generic functions only work (or make sense) for any type that satisfies a given property. For example, here is a function to pick the minimum of two values of some type. \begin{cfa} generic (type T | bool ?next; } generic (type T) struct LinkedList { LinkedListElem(T) * head; unsigned int size; } generic (type T | bool ?==?(T, T)) bool contains(LinkedList(T) * list, T elem) { for(LinkedListElem * iter = list->head; iter != 0; ++iter) { if (iter->elem == elem) return true; } return false; } \end{cfa} \section{Safety} Safety, along with productivity, is a key goal of Do. This section discusses the safety features that have been included in \CFA to help programmers create more stable, reliable, and secure code. \subsection{Exceptions} \CFA introduces support for exceptions as an easier way to recover from exceptional conditions that may be detected within a block of code. In C, developers can use error codes and special return values to report to a caller that an error occurred in a function. The major problem with error codes is that they can be easily ignored by the caller. Failure to properly check for errors can result in the caller making incorrect assumptions about the current state or about the return value that are very likely to result in errors later on in the program, making the source of the problem more difficult to find when debugging. An unhandled exception on the other hand will cause a crash, revealing the original source of the erroneous state. Exceptions in \CFA allow a different type of control flow. Throwing an exception terminates execution of the current block, invokes the destructors of variables that are local to the block, and propagates the exception to the parent block. The exception is immediately re-thrown from the parent block unless it is caught as described below. \CFA uses keywords similar to \Index*[C++]{\CC{}} for exception handling. An exception is thrown using a throw statement, which accepts one argument. \begin{cfa} ... throw 13; ... \end{cfa} An exception can be caught using a catch statement, which specifies the type of the exception it can catch. A catch is specified immediately after a guarded block to signify that it can catch an exception from that block. A guarded block is specified using the try keyword, followed by a block of code inside of curly braces. \begin{cfa} ... try { throw 13; } catch(int e) { printf(.caught an exception: %d\n., e); } \end{cfa} \end{comment} \section{Concurrency} Concurrency support in \CFA is implemented on top of a highly efficient runtime system of light-weight, M:N, user level threads. The model integrates concurrency features into the language by making the structure type the core unit of concurrency. All communication occurs through method calls, where data is sent via method arguments, and received via the return value. This enables a very familiar interface to all programmers, even those with no parallel programming experience. It also allows the compiler to do static type checking of all communication, a very important safety feature. This controlled communication with type safety has some similarities with channels in \Index*{Go}, and can actually implement channels exactly, as well as create additional communication patterns that channels cannot. Mutex objects, monitors, are used to contain mutual exclusion within an object and synchronization across concurrent threads. \begin{figure} \begin{cfa} #include #include ®® ®coroutine® Fibonacci { int fn; §\C{// used for communication}§ }; void main( Fibonacci & fib ) with( fib ) { §\C{// called on first resume}§ int fn1, fn2; §\C{// retained between resumes}§ fn = 0; fn1 = fn; §\C{// 1st case}§ ®suspend;® §\C{// restart last resume}§ fn = 1; fn2 = fn1; fn1 = fn; §\C{// 2nd case}§ ®suspend;® §\C{// restart last resume}§ for () { fn = fn1 + fn2; fn2 = fn1; fn1 = fn; §\C{// general case}§ ®suspend;® §\C{// restart last resume}§ } } int next( Fibonacci & fib ) with( fib ) { ®resume( fib );® §\C{// restart last suspend}§ return fn; } int main() { Fibonacci f1, f2; for ( 10 ) { §\C{// print N Fibonacci values}§ sout | next( f1 ) | next( f2 ); } } \end{cfa} \vspace*{-5pt} \caption{Fibonacci Coroutine} \label{f:FibonacciCoroutine} \end{figure} \subsection{Coroutine} \Index{Coroutines} are the precursor to threads. \VRef[Figure]{f:FibonacciCoroutine} shows a coroutine that computes the \Index*{Fibonacci} numbers. \subsection{Monitors} A monitor is a structure in \CFA which includes implicit locking of its fields. Users of a monitor interact with it just like any structure, but the compiler handles code as needed to ensure mutual exclusion. An example of the definition of a monitor is shown here: \begin{cfa} type Account = monitor { const unsigned long number; // account number float balance; // account balance }; \end{cfa} \begin{figure} \begin{cfa} #include #include ®® ®monitor® AtomicCnt { int counter; }; void ?{}( AtomicCnt & c, int init = 0 ) with(c) { counter = init; } int inc( AtomicCnt & ®mutex® c, int inc = 1 ) with(c) { return counter += inc; } int dec( AtomicCnt & ®mutex® c, int dec = 1 ) with(c) { return counter -= dec; } forall( ostype & | ostream( ostype ) ) { §\C{// print any stream}§ ostype & ?|?( ostype & os, AtomicCnt c ) { return os | c.counter; } void ?|?( ostype & os, AtomicCnt c ) { (ostype &)(os | c.counter); ends( os ); } } AtomicCnt global; §\C{// shared}§ thread MyThread {}; void main( MyThread & ) { for ( i; 100_000 ) { inc( global ); dec( global ); } } int main() { enum { Threads = 4 }; processor p[Threads - 1]; §\C{// + starting processor}§ { MyThread t[Threads]; } sout | global; §\C{// print 0}§ } \end{cfa} \caption{Atomic-Counter Monitor} \label{f:AtomicCounterMonitor} \end{figure} \begin{comment} Since a monitor structure includes an implicit locking mechanism, it does not make sense to copy a monitor; it is always passed by reference. Users can specify to the compiler whether or not a function will require mutual exclusion of the monitor using the mutex modifier on the parameter. When mutex is specified, the compiler inserts locking before executing the body of the function, and unlocking after the body. This means that a function requiring mutual exclusion could block if the lock is already held by another thread. Blocking on a monitor lock does not block the kernel thread, it simply blocks the user thread, which yields its kernel thread while waiting to obtain the lock. If multiple mutex parameters are specified, they will be locked in parameter order (\ie first parameter is locked first) and unlocked in the reverse order. \begin{cfa} // This function accesses a constant field, it does not require // mutual exclusion export unsigned long getAccountNumber(Account &a) { return a.number; } // This function accesses and modifies a shared field; it // requires mutual exclusion export float withdrawal(mutex Account &a, float amount) { a.balance -= amount; return a.balance; } \end{cfa} Often, one function using a monitor will call another function using that same monitor. If both require mutual exclusion, then the thread would be waiting for itself to release the lock when it calls the inner function. This situation is resolved by allowing recursive entry (reentrant locks), meaning that if the lock is already held by the caller, it can be locked again. It will still be unlocked the same number of times. An example of this situation is shown below: \begin{cfa} // deleting a job from a worker requires mutual exclusion void deleteJob(mutex Worker &w, Job &j) { ... } // transferring requires mutual exclusion and calls deleteJob void transferJob(mutex Worker & from, Worker & to) { ... deleteJob(j); ... } \end{cfa} \end{comment} \subsection{Threads} \CFA also provides a simple mechanism for creating and utilizing user level threads. A thread provides mutual exclusion like a monitor, and also has its own execution state and a thread of control. Similar to a monitor, a thread is defined like a structure: \begin{figure} \begin{cfa} #include #include #include #include thread First { signal_once * lock; }; thread Second { signal_once * lock; }; void ?{}( First * this, signal_once* lock ) { this->lock = lock; } void ?{}( Second * this, signal_once* lock ) { this->lock = lock; } void main( First * this ) { for ( int i = 0; i < 10; i += 1 ) { sout | "First : Suspend No." | i + 1; yield(); } signal( this->lock ); } void main( Second * this ) { wait( this->lock ); for ( int i = 0; i < 10; i += 1 ) { sout | "Second : Suspend No." | i + 1; yield(); } } int main( void ) { signal_once lock; sout | "User main begin"; { processor p; { First f = { &lock }; Second s = { &lock }; } } sout | "User main end"; } \end{cfa} \caption{Simple Threads} \label{f:SimpleThreads} \end{figure} \begin{comment} \section{Modules and Packages } High-level encapsulation is useful for organizing code into reusable units, and accelerating compilation speed. \CFA provides a convenient mechanism for creating, building and sharing groups of functionality that enhances productivity and improves compile time. There are two levels of encapsulation in \CFA, module and package. A module is a logical grouping of functionality that can be easily pulled into another project, much like a module in \Index*{Python} or a package in \Index*{Go}. A module forms a namespace to limit the visibility and prevent naming conflicts of variables. Furthermore, a module is an independent translation unit, which can be compiled separately to accelerate the compilation speed. A package is a physical grouping of one or more modules that is used for code distribution and version management. Package is also the level of granularity at which dependences are managed. A package is similar to the Crate in \Index*{Rust}. \subsection{No Declarations, No Header Files} In C and \Index*[C++]{\CC{}}, it is necessary to declare or define every global variable, global function, and type before it is used in each file. Header files and a preprocessor are normally used to avoid repeating code. Thus, many variables, functions, and types are described twice, which exposes an opportunity for errors and causes additional maintenance work. Instead of following this model, the \CFA tools can extract all of the same information from the code automatically. This information is then stored in the object files for each module, in a format that can quickly be read by the compiler, and stored at the top of the file, for quick access. In addition to the user productivity improvements, this simple change also improves compile time, by saving the information in a simple machine readable format, instead of making the compiler parse the same information over and over from a header file. This seems like a minor change, but according to (Pike, \Index*{Go} at Google: Language Design in the Service of Software Engineering), this simple change can cause massive reductions in compile time. In \CFA, multiple definitions are not necessary. Within a module, all of the module's global definitions are visible throughout the module. For example, the following code compiles, even though ©isOdd© was not declared before being called: \begin{cfa} bool isEven(unsigned int x) { if (x == 0) return true; else return !isOdd(x); } bool isOdd(unsigned int x) { if (x == 1) return true; else return !isEven(x - 2); } \end{cfa} Header files in C are used to expose the declarations from a library, so that they can be used externally. With \CFA, this functionality is replaced with module exports, discussed below. When building a \CFA module which needs to be callable from C code, users can use the tools to generate a header file suitable for including in these C files with all of the needed declarations. In order to interoperate with existing C code, \CFA files can still include header files, the contents of which will be enclosed in a C linkage section to indicate C calling conventions \see{\VRef{s:Interoperability} for more information}. \subsection{Modules} A module typically contains a set of related types and methods, with some objects accessible from outside the package, and some limited to use inside the module. These modules can then be easily shared and reused in multiple projects. As modules are intended to be distributed for reuse, they should generally have stable, well-defined interfaces. \CFA adds the following keywords to express the module systems: module, export, import, as. \subsubsection{Module Declaration} The syntax to declare a module is module moduleName;. The module declaration must be at the beginning of a file, and each file can only belong to one module. If there is no module declaration at the beginning of a file, the file belongs to the global module. A module can span several files. By convention, a module and the files belonging to the module have additional mapping relationship which is described in the Do-Lang Tooling documentation. The moduleName follows the same rules of a variable name, except that it can use slash "/" to indicate the module/sub-module relationship. For example, container/vector is a valid module name, where container is the parent module name, and vector is the sub-module under container. Only the interfaces of a module are visible from outside, when the module is imported. export is a type decorator to declare a module interface. A method, a global variable or a type can be declared as a module interface. Types defined in a module and referenced by an exported function or a variable must be exported, too. The following code is a simple module declaration example. \begin{cfa} module M; //visible outside module M export int f(int i) { return i + 1; } export double aCounter; //not visible outside module M int g(int i) { return i - 1; } double bCounter; \end{cfa} export module moduleName; can be use to re-export all the visible (exported) names in moduleName from the current module. \subsubsection{Module Import} The syntax to import a module is import moduleName; or import moduleName as anotherName;. One package cannot be imported with both of the two types of syntax in one file. A package imported in one file will only be visible in this file. For example, two files, A and B belong to the same module. If file A imports another module, M, the exported names in M are not visible in file B. All of the exported names are visible in the file that imports the module. The exported names can be accessed within a namespace based on the module name in the first syntax (ex moduleName.foo). If moduleName has several elements separated by '/' to describe a sub-module (ex. import container/vector;), the last element in the moduleName is used as the namespace to access the visible names in that module (ex vector.add(...);). The as keyword is used to confine the imported names in a unique namespace (ex. anotherName.foo). anotherName must be a valid identifier (same rules as a variable name) which means it cannot have '/' in it. Conflicts in namespaces will be reported by the compiler. The second method can be used to solve conflicting name problems. The following code snippets show the two situations. \begin{cfa} module util/counter; export int f(int i) { return i+1; } import util/counter; int main() { return counter.f(200); // f() from the package counter } import util/counter as ct; int main() { return ct.f(200); // f() from the package counter } \end{cfa} Additionally, using the .as. syntax, a user can force the compiler to add the imported names into the current namespace using .as ..With these module rules, the following module definitions and imports can be achieved without any problem. \begin{cfa} module M1; export int f(int i) { return i+1;} // visible outside int g(int i) { return i-1;} // not visible outside module M2; int f(int i) { return i * 2; } // not visible outside export int g(int g) { return i / 2; } // visible outside import M1 as .; import M2 as .; int main() { return f(3) + g(4); //f() from M1 and g() from M2; } \end{cfa} \subsubsection{Sub-Module and Module Aggregation} Several modules can be organized in a parent module and sub-modules relationship. The sub-module names are based on hierarchical naming, and use slash, "/", to indicate the relationship. For example, std/vector and std/io are sub-modules of module std. The exported names in a sub-module are NOT visible if the parent module is imported, which means the exported names in the sub-module are not implicitly exported in the parent module. Aggregation is a mechanism to support components and simplified importing. The mechanism is not based on naming but based on manual declaration. For example, the following is the aggregated sequence module. The export {...} is syntactic sugar for many lines of export module aModule;. If an aggregated module is imported, all the included modules in the aggregation are imported. \begin{cfa} module std/sequence; export { module std/vector; module std/list; module std/array; module std/deque; module std/forward_list; module std/queue; module std/stack; }; \end{cfa} After importing the aggregated module, each individual name is still contained in the original name space. For example, vector.add() and list.add() should be used to reference the add methods if there are add methods in both the vector module and the list module. \subsubsection{Import from Repository} When a module is imported, the tools locate the module in the one of the accessible package paths (defined by command line flag or environment variable). The tools also support retrieving modules of a package from external repositories. See Listing 40: Package directory structure \subsubsection{Package Import} Because packages are the places where the building tool looks for modules, there is no code required in the \CFA source file to import a package. In order to use modules in a package, the programmer needs to guide the building tool to locate the right package by 1) Adding the package's parent path into \$DOPATH; or 2) Adding the package dependence into the current project's Do.prj. More details about locating a module in a package are explained in the next section. \subsubsection{Package Versioning} A package must have a version number. The version number is a string. For example "1.0", "1.a", "A1", and "1ec5fab753eb979d3886a491845b8ae152d58c8f" are all valid version numbers. By convention, a package is stored in a directory named packageName-packageVersion. For example, the util package with version 1.1 is stored in a directory named util-1.1. The project description file can optionally specify the version of the package used in the current project. If not defined, because the version number is a string, and all the different versions for the same package will be sorted in increasing order, the package with the largest version number will be used in the compilation. The builder tool will record the specific package version used in the build in the project's "Do.lock" file to enable fully repeatable builds. \subsection{Module and Package Organization} \CFA has two level of encapsulations, module and package. This section explains the object model of modules, packages and other language concepts. It also explains how programmers should organize their code, and the method used by the build tools to locate packages, and import modules for compilation. \subsubsection{Object Model} There are several concepts in Do. \begin{itemize} \item File: a \CFA source file \item Module: a container to organize a set of related types and methods; It has a module name, and several interfaces visible from outside \item Package: a container to organize modules for distribution; It has attributes like name, author, version, dependences, \etc. \item Project: a working set for a \CFA project; It has attributes like name, author, version, dependences, \etc. \end{itemize} The following rules summarize the object model of all the above concepts: \begin{itemize} \item A module contains one or more files \begin{itemize} \item One file can only belong to one module \item A module has its name and interfaces exported \item A file without a module declaration at the beginning belongs to the global module \item \end{itemize} \item A package contains one or more modules \begin{itemize} \item A package has additional meta info described in Do.prj file \item A package may be dependent on other packages. \end{itemize} \item A project contains one or more modules in its source code \begin{itemize} \item A project has additional meta info described in Do.prj file \item A project may be dependent on other packages \item A project can be transformed into a package for distribution \item A project can generate one or more executable binaries \end{itemize} \end{itemize} \subsubsection{Module File Organization} The rules of this section are the conventions to organize module files in one package. The file location of a module in a package must match the module/submodule naming hierarchy. The names separated by slash "/" must match the directory levels. If only one file is used to implement one module, there is no need to put the module implementation file inside a sub-directory. The file can be put inside its parent module's sub-directory with the sub module's name as the file name. Here is an example of a package, util. \begin{cfa} + util Do.prj #package description file heap.do #Case 1: module heap; list.do #Case 1: mdoule list; ring.do #Case 1: module ring; + string #Case 2 impl1.do #module string; + std vector.do list.do + array #Case 3 array1.do #module std/array; array2.do #module std/array; sequence.do #Case 4, module std/sequence; test.do #Case 5 \end{cfa} \begin{itemize} \item Case 1: Each individual file implements a module \item Case 2: Put the implementation of a module under the sub-directory, but there is only one file \item Case 3: Put the implementation of a module under the sub-directory; There are several files to implement one module \item Case 4: One file to express one aggregation \item Case 5: The file does not belong to any module; It is used for testing purpose \end{itemize} The example only uses source code, ".do" files, to show the module file organization. Other module packaging formats, like binary, must also follow the same rules. \subsection{Module File Format} \CFA supports different types of module file formats. \begin{itemize} \item Pure source code format: The files should be organized following the previous section's definition. \item IR format (TBD): The \CFA compiler IR format, similar to the source code format \item Binary format, including ".a" static library or ".so" dynamic linkage library \begin{itemize} \item The file's name must match the right level's module name defined in the previous section \item E.g. "util.so" includes all modules for the package util. \item E.g. "string.so" under the package directory to include files belonging to "module string;" \end{itemize} \item. Archive format \begin{itemize} \item The archive is named as ".dar", and is a zip archive of the source code or the binary for a package \item E.g. "util.dar" is the whole package for util package including the package direction file \end{itemize} \item Hybrid format \begin{itemize} \item A package can be distributed partly in source code, partly in binary format, and/or packaged in the archive format \item The only limitation is that the names of the files must match the module location names defined in previous section \end{itemize} \end{itemize} Package and Module Locating and the \CFA Language Tooling documentation for more details. \subsection{Packages} A package is synonymous with a library in other languages. The intent of the package level encapsulation is to facilitate code distribution, version control, and dependence management. A package is a physical grouping of one or more modules in a directory (an archive file for a directory). The concept of a package is the convention for grouping code, and the contract between the language and the building tool to search for imported modules. \subsubsection{Package Definition} A package is defined by putting a project description file, Do.prj, with one or more modules into a directory. This project description file contains the package's meta data, including package name, author, version, dependences, \etc. It should be in the root of the package directory. The modules in the package could be either source code, or compiled binary format. The location of the module files should follow the module name's path. Here is a simple example of the directory structure of a package, core. It contains a module std and several sub-modules under std. \begin{cfa} + core Do.prj + std + io file.do # module std/io/file; network.do #module std/io/network; + container vector.do #module std/container/vector; list.do #module std/container/list; \end{cfa} \subsubsection{Package Import} Because packages are the places where the building tool looks for modules, there is no code required in the \CFA source file to import a package. In order to use modules in a package, the programmer needs to guide the building tool to locate the right package by 1) Adding the package's parent path into \$DOPATH; or 2) Adding the package dependence into the current project's Do.prj. More details about locating a module in a package are explained in the next section. \subsubsection{Package Versioning} A package must have a version number. The version number is a string. For example "1.0", "1.a", "A1", and "1ec5fab753eb979d3886a491845b8ae152d58c8f" are all valid version numbers. By convention, a package is stored in a directory named packageName-packageVersion. For example, the util package with version 1.1 is stored in a directory named util-1.1. The project description file can optionally specify the version of the package used in the current project. If not defined, because the version number is a string, and all the different versions for the same package will be sorted in increasing order, the package with the largest version number will be used in the compilation. The builder tool will record the specific package version used in the build in the project's "Do.lock" file to enable fully repeatable builds. \subsection{Module and Package Organization} \CFA has two level of encapsulations, module and package. This section explains the object model of modules, packages and other language concepts. It also explains how programmers should organize their code, and the method used by the build tools to locate packages, and import modules for compilation. \subsubsection{Object Model} There are several concepts in Do. \begin{itemize} \item File: a \CFA source file \item Module: a container to organize a set of related types and methods; It has a module name, and several interfaces visible from outside \item Package: a container to organize modules for distribution; It has attributes like name, author, version, dependences, \etc. \item Project: a working set for a \CFA project; It has attributes like name, author, version, dependences, \etc. \end{itemize} The following rules summarize the object model of all the above concepts: \begin{itemize} \item A module contains one or more files \begin{itemize} \item One file can only belong to one module \item A module has its name and interfaces exported \item A file without a module declaration at the beginning belongs to the global module \end{itemize} \item A package contains one or more modules \begin{itemize} \item A package has additional meta info described in Do.prj file \item A package may be dependent on other packages. \end{itemize} \item A project contains one or more modules in its source code \begin{itemize} \item A project has additional meta info described in Do.prj file \item A project may be dependent on other packages \item A project can be transformed into a package for distribution \item A project can generate one or more executable binaries \end{itemize} \end{itemize} \subsubsection{Module File Organization} The rules of this section are the conventions to organize module files in one package. The file location of a module in a package must match the module/submodule naming hierarchy. The names separated by slash "/" must match the directory levels. If only one file is used to implement one module, there is no need to put the module implementation file inside a sub-directory. The file can be put inside its parent module's sub-directory with the sub module's name as the file name. Here is an example of a package, util. \begin{cfa} + util Do.prj #package description file heap.do #Case 1: module heap; list.do #Case 1: mdoule list; ring.do #Case 1: module ring; + string #Case 2 impl1.do #module string; + std vector.do list.do + array #Case 3 array1.do #module std/array; array2.do #module std/array; sequence.do #Case 4, module std/sequence; test.do #Case 5 \end{cfa} \begin{itemize} \item Case 1: Each individual file implements a module \item Case 2: Put the implementation of a module under the sub-directory, but there is only one file \item Case 3: Put the implementation of a module under the sub-directory; There are several files to implement one module \item Case 4: One file to express one aggregation \item Case 5: The file does not belong to any module; It is used for testing purpose \end{itemize} The example only uses source code, ".do" files, to show the module file organization. Other module packaging formats, like binary, must also follow the same rules. \subsubsection{Module File Format} \CFA supports different types of module file formats. \begin{itemize} \item Pure source code format: The files should be organized following the previous section's definition. \item IR format (TBD): The \CFA compiler IR format, similar to the source code format \item Binary format, including ".a" static library or ".so" dynamic linkage library \begin{itemize} \item The file's name must match the right level's module name defined in the previous section \item E.g. "util.so" includes all modules for the package util. \item E.g. "string.so" under the package directory to include files belonging to "module string;" \end{itemize} \item Archive format \begin{itemize} \item The archive is named as ".dar", and is a zip archive of the source code or the binary for a package \item E.g. "util.dar" is the whole package for util package including the package direction file \end{itemize} \item Hybrid format \begin{itemize} \item A package can be distributed partly in source code, partly in binary format, and/or packaged in the archive format \item The only limitation is that the names of the files must match the module location names defined in previous section \end{itemize} \end{itemize} \subsection{Package and Module Locating} The high-level build tools provided by \CFA will handle finding a package in your local filesystem or retrieving it from a repository if necessary, building it if necessary, and linking with it. If a programmer prefers, one can directly call the compiler, docc to build the source files and create and link to static libraries. When a source file imports a module, the \CFA build tool and docc compiler will locate the module according to the following order: \begin{enumerate} \item This source file's directory tree, which is typically the project's src directory \item All of the dependent packages (in a directory or in an archive file) under the current \CFA project's pkg directory \item The dependent packages (in a directory or in an archive file) inside the paths defined in the DOPATH environment variable \item The dependent packages (in a directory or in an archive file) inside the global \CFA SDK installation's pkg directory \item If one dependent package is still not found, the builder tool will automatically retrieve it from the repository defined in the SDK installation's configuration, and store it in the SDK's pkg directory \end{enumerate} The module found first in a package will shadow the modules with the same name in the later packages in the search sequence. \subsubsection{Dependent Package} Dependent packages are those packages containing modules that the current project's source code will import from. Dependent packages are defined implicitly or explicitly in one \CFA project. All of the packages under the current project's pkg directory are implicitly dependent packages. For others, the dependent packages must be defined in the project's Do.prj file. \subsubsection{Package and Module Locating Example} \begin{cfa} # A project's source code tree -------------------------------------- + testProject Do.prj + src main.do + pkg + security-1.1 Do.prj security.do #module security -------------------------------------- # Do.prj -------------------------------------- [dependences] std util = "0.2" -------------------------------------- # main.do --------------------------------------- import security; import std/vector; import container; ---------------------------------------- \end{cfa} \begin{cfa} # pkg directory's source code tree ----------------------------------------- + pkg + std-1.0 Do.prj vector.do #module std/vector; queue.do #module std/queue; + std-1.1 Do.prj vector.do #module std/vector; queue.do #module std/queue; list.do #module std/list; + util-0.1 Do.prj container.do #module container; + security-1.0 security.do #module security; ------------------------------------------ \end{cfa} During the compiling of main.do file import security; The security module appears in both the local security-1.1 package, and the global security-1.0 package. According to the locating sequence, the local security module in security-1.1 will be used. And because the security-1.1 package is under local's pkg directory. No dependence description is required in the project Do.prj file. import std/vector; The std/vector package appears in two different versions' packages in the global path and the project dependence doesn't specify the version. std-1.1 is used in this case. import container; The Do.prj specifies the version 0.2 should be used to locate container module from util package but only version 0.1 is available in the local file system. The builder tool then will try to retrieve it from the web and store it in the global pkg directory. After that, the container module from the newly downloaded package will be used in the compilation. \end{comment} \section{Language Comparisons} \CFA is one of many languages that attempts to improve upon C. In developing \CFA, many other languages were consulted for ideas, constructs, and syntax. Therefore, it is important to show how these languages each compare with Do. In this section, \CFA is compared with what the writers of this document consider to be the closest competitors of Do: \Index*[C++]{\CC{}}, \Index*{Go}, \Index*{Rust}, and \Index*{D}. \begin{comment} \subsection[Comparing Key Features of CFA]{Comparing Key Features of \CFA} {% local change to lstlising to reduce font size \lstset{basicstyle=\linespread{0.9}\sf\relsize{-2}} \subsubsection{Constructors and Destructors} \begin{flushleft} \begin{tabular}{@{}l|l|l|l@{}} \multicolumn{1}{c|}{\textbf{\CFA}} & \multicolumn{1}{c|}{\textbf{\CC}} & \multicolumn{1}{c|}{\textbf{Go}} & \multicolumn{1}{c}{\textbf{Rust}} \\ \hline \begin{cfa} struct Line { float lnth; } // default constructor void ?{}( Line * l ) { l->lnth = 0.0; sout | "default"; } // constructor with length void ?{}( Line * l, float lnth ) { l->lnth = lnth; sout | "lnth" | l->lnth; } // destructor void ^?() { sout | "destroyed"; l.lnth = 0.0; } // usage Line line1; Line line2 = { 3.4 }; \end{cfa} & \begin{C++} class Line { float lnth; // default constructor Line() { cout << "default" << endl; lnth = 0.0; } // constructor with lnth Line( float l ) { cout << "length " << length << endl; length = l; } // destructor ~Line() { cout << "destroyed" << endl; length = 0.0; } } // usage Line line1; Line line2( 3.4 ); \end{C++} & \begin{lstlisting}[language=Golang] type Line struct { length float32 } // default constructor func makeLine() Line { fmt.PrintLn( "default" ) return Line{0.0} } // constructor with length func makeLine( length float32 ) Line { fmt.Printf( "length %v", length ) return Line{length} } // no destructor // usage line1 := makeLine() line2 := makeLine( 3.4 ) \end{lstlisting} & \begin{cfa} struct Line { length: f32 } // default constructor impl Default for Line { fn default () -> Line { println!( "default" ); Line{ length: 0.0 } } } // constructor with length impl Line { fn make( len: f32 ) -> Line { println!( "length: {}", len ); Line{ length: len } } } // destructor impl Drop for Line { fn drop( &mut self ) { self.length = 0.0 } } // usage let line1:Line = Default::default(); Line line2( 3.4 ); \end{cfa} \end{tabular} \end{flushleft} \subsubsection{Operator Overloading} \begin{flushleft} \begin{tabular}{@{}l|l|l|l@{}} \multicolumn{1}{c|}{\textbf{\CFA}} & \multicolumn{1}{c|}{\textbf{\CC}} & \multicolumn{1}{c|}{\textbf{Go}} & \multicolumn{1}{c}{\textbf{Rust}} \\ \hline \begin{cfa} struct Cpx { double re, im; }; // overload addition operator Cpx ?+?( Cpx l, const Cpx r ) { return (Cpx){l.re+l.im, l.im+r.im}; } Cpx a, b, c; c = a + b; \end{cfa} & \begin{cfa} struct Cpx { double re, im; }; // overload addition operator Cpx operator+( Cpx l, const Cpx r ) { return (Cpx){l.re+l.im, l.im+r.im}; } Cpx a, b, c; c = a + b; \end{cfa} & \begin{cfa} // no operator overloading \end{cfa} & \begin{cfa} struct Cpx { re: f32, im: f32 } // overload addition operator impl Add for Cpx { type Output = Cpx fn add(self, r: Cpx) -> Cpx { let mut res = Cpx{re: 0.0, im: 0.0}; res.re = self.re + r.re; res.im = self.im + r.im; return res } } let (a, b, mut c) = ...; c = a + b \end{cfa} \end{tabular} \end{flushleft} \subsubsection{Calling C Functions} \begin{flushleft} \begin{tabular}{@{}l|l|l@{}} \multicolumn{1}{c|}{\textbf{\CFA/\CC}} & \multicolumn{1}{c|}{\textbf{Go}} & \multicolumn{1}{c}{\textbf{Rust}} \\ \hline \begin{cfa}[boxpos=t] extern "C" { #include #include #include } size_t fileSize( const char * path ) { struct stat s; stat(path, &s); return s.st_size; } \end{cfa} & \begin{cfa}[boxpos=t] /* #cgo #include #include #include */ import "C" import "unsafe" func fileSize(path string) C.size_t { var buf C.struct_stat c_string := C.CString(path) C.stat(p, &buf) C.free(unsafe.Pointer(c_string)) return buf._st_size } \end{cfa} & \begin{cfa}[boxpos=t] use libc::{c_int, size_t}; // translated from sys/stat.h #[repr(C)] struct stat_t { ... st_size: size_t, ... } #[link(name = "libc")] extern { fn stat(path: * const u8, buf: * mut stat_t) -> c_int; } fn fileSize(path: * const u8) -> size_t { unsafe { let mut buf: stat_t = uninit(); stat(path, &mut buf); buf.st_size } } \end{cfa} \end{tabular} \end{flushleft} \subsubsection{Generic Functions} \begin{flushleft} \begin{tabular}{@{}l|l|l|l@{}} \multicolumn{1}{c|}{\textbf{\CFA}} & \multicolumn{1}{c|}{\textbf{\CC}} & \multicolumn{1}{c|}{\textbf{Go}} & \multicolumn{1}{c}{\textbf{Rust}} \\ \hline \begin{cfa} generic(type T, type N | { int ? bestN) { bestX = &a[i]; bestN = curN; } } return bestX; } string * longest(int n, string *p) { return maximize(length, n, p); } \end{cfa} & \begin{cfa} template T * maximize(const F &f, int n, T *a) { typedef decltype(f(a[0])) N; T * bestX = NULL; N bestN; for (int i = 0; i < n; i++) { N curN = f(a[i]); if (bestX == NULL || curN > bestN) { bestX = &a[i]; bestN = curN; } } return bestX; } string * longest(int n, string *p) { return maximize( [](const string &s) { return s.length(); }, n, p); } \end{cfa} & \begin{cfa} // Go does not support generics! func maximize( gt func(interface{}, interface{}) bool, f func(interface{}) interface{}, a []interface{}) interface{} { var bestX interface{} = nil var bestN interface{} = nil for _, x := range a { curN := f(x) if bestX == nil || gt(curN, bestN) { bestN = curN bestX = x } } return bestX } func longest( a []interface{}) interface{} { return maximize( func(a, b interface{}) bool { return a.(int) > b.(int) }, func(s interface{}) interface{} { return len(s.(string)) }, a).(string) } \end{cfa} & \begin{cfa} use std::cmp::Ordering; fn maximize N>(f: F, a: &Vec) -> Option<&T> { let mut best_x: Option<&T> = None; let mut best_n: Option = None; for x in a { let n = f(x); if (match best_n { None => true, Some(bn) => n.cmp(&bn) == Ordering::Greater }) { best_x = Some(x); best_n = Some(n); } } return best_x } fn longest(a: &Vec) -> Option<&String> { return maximize(|x: &String| x.len(), a) } \end{cfa} \end{tabular} \end{flushleft} \subsubsection{Modules / Packages} \begin{cfa} \CFA \CC module example/M; export int inc(int val) { return val + 1; } -------------------------------------- //Use the module in another file import example/M; int main() { print(M.inc(100)); return 0; } // Using \CC17 module proposal module example.M; export { int inc(int val); } int inc(inv val) { return val + 1; } -------------------------------------- // Use the module in another file import example.M; int main() { cout << inc(100) << endl; return 0; } Go Rust package example/M; func Inc(val int32) int32 { // Capitalization indicates exported return val + 100 } -------------------------------------- //Use the package in another file package main import .fmt. import "example/M" func main() int32 { fmt.Printf(.%v., M.Inc(100)) } pub mod example { pub mod M { pub inc(val i32) -> i32 { return val + 100; } } } -------------------------------------- //Use the module in another file use example::M; fn main() { println!(.{}., M::inc(100)); } \end{cfa} \subsubsection{Parallel Tasks} \begin{flushleft} \begin{tabular}{@{}l|l|l|l@{}} \multicolumn{1}{c|}{\textbf{\CFA}} & \multicolumn{1}{c|}{\textbf{\CC}} & \multicolumn{1}{c|}{\textbf{Go}} & \multicolumn{1}{c}{\textbf{Rust}} \\ \hline \begin{cfa} task Nonzero { int * data; int start; int end; int* res; }; void ?{}(Nonzero &a, int d[], int s, int e, int* subres) { // constructor a.data = d; a.start = s; a.end = e; a.res = subres; } // implicitly spawn thread here void ?()(NonzeroCounter &a) { int i; int nonzero = 0; for (i=start; c #include std::mutex m; void task(const vector&v, int* res, size_t s, size_t e) { int non_zero = 0; for(size_t i = s; i < e; ++i){ if(v[i]!=0) { non_zero++;} } std::unique_lock lck {m}; *res += non_zero; } int main() { vector data = ...; //data int res = 0; std::thread t1 {task, ref(data), &res, 0, data.size()/2}; std::thread t2 {task, ref(data), &res, data.size()/2, data.size()}; t1.join(); t2.join(); return res; } \end{cfa} & \begin{cfa} package main import "fmt" func nonzero(data []int, c chan int) { nz := 0 for _, v:=range data { if(v!=0) { nz := nz+1 } } c <- nz } func main() { sz := ... data := make([]int, sz) ... // data init go nonzero(data[:len(data)/2], c) go nonzero(data[len(data)/2:], c) n1, n2 := <-c, <-c res := n1 + n2 fmt.Println(res) } \end{cfa} & \begin{cfa} use std::thread; use std::sync:mpsc::channel; fn main() { let sz = ...; let mut data:Vec = Vec::with_capacity(sz as usize); ... //init data let (tx, rx) = channel(); for i in 0..1 { let tx = tx.clone(); let data = data.clone() thread::spawn(move|| { let mut nz := 0; let mut s = 0; let mut e = sz / 2; if i == 1 { s = sz/2; e = data.len(); } for i in s..(e - 1) { if data[i] != 0 ( nz = nz + 1 } } tx.send(nz).unwrap(); }); } let res = rx.recv().unwrap() + rx.recv().unwrap(); println!(.{}., res); } \end{cfa} \end{tabular} \end{flushleft} }% local change to lstlising to reduce font size \subsection{Summary of Language Comparison} \end{comment} \subsection[C++]{\CC} \Index*[C++]{\CC{}} is a general-purpose programming language. It is an imperative, object-oriented and generic programming language, while also providing facilities for low-level memory manipulation. The primary focus of \CC was adding object-oriented programming to C, and this is the primary difference between \CC and \CFA. \CC uses classes to encapsulate data and the functions that operate on that data, and to hide the internal representation of the data. \CFA uses modules instead to perform these same tasks. Classes in \CC also enable inheritance among types. Instead of inheritance, \CFA embraces composition and interfaces to achieve the same goals with more flexibility. There are many studies and articles comparing inheritance and composition (or is-a versus has-a relationships), so we will not go into more detail here (Venners, 1998) (Pike, \Index*{Go} at Google: Language Design in the Service of Software Engineering , 2012). Overloading in \CFA is very similar to overloading in \CC, with the exception of the additional use, in \CFA, of the return type to differentiate between overloaded functions. References and exceptions in \CFA are heavily based on the same features from \CC. The mechanism for interoperating with C code in \CFA is also borrowed from \CC. Both \CFA and \CC provide generics, and the syntax is quite similar. The key difference between the two, is that in \CC templates are expanded at compile time for each type for which the template is instantiated, while in \CFA, function pointers are used to make the generic fully compilable. This means that a generic function can be defined in a compiled library, and still be used as expected from source. \subsection{Go} \Index*{Go}, also commonly referred to as golang, is a programming language developed at Google in 2007~\cite{Go}. It is a statically typed language with syntax loosely derived from that of C, adding garbage collection, type safety, some structural typing capabilities, additional built-in types such as variable-length arrays and key-value maps, and a large standard library. (Wikipedia) Go and \CFA differ significantly in syntax and implementation, but the underlying core concepts of the two languages are aligned. Both Go and \CFA use composition and interfaces as opposed to inheritance to enable encapsulation and abstraction. Both languages (along with their tooling ecosystem) provide a simple packaging mechanism for building units of code for easy sharing and reuse. Both languages also include built-in light weight, user level threading concurrency features that attempt to simplify the effort and thought process required for writing parallel programs while maintaining high performance. Go has a significant runtime which handles the scheduling of its light weight threads, and performs garbage collection, among other tasks. \CFA uses a cooperative scheduling algorithm for its tasks, and uses automatic reference counting to enable advanced memory management without garbage collection. This results in Go requiring significant overhead to interface with C libraries while \CFA has no overhead. \subsection{Rust} \Index*{Rust} is a general-purpose, multi-paradigm, compiled programming language developed by Mozilla Research. It is designed to be a "safe, concurrent, practical language", supporting pure-functional, concurrent-actor[dubious . discuss][citation needed], imperative-procedural, and object-oriented styles. The primary focus of Rust is in safety, especially in concurrent programs. To enforce a high level of safety, Rust has added ownership as a core feature of the language to guarantee memory safety. This safety comes at the cost of a difficult learning curve, a change in the thought model of the program, and often some runtime overhead. Aside from those key differences, Rust and \CFA also have several similarities. Both languages support no overhead interoperability with C and have minimal runtimes. Both languages support inheritance and polymorphism through the use of interfaces (traits). \subsection{D} The \Index*{D} programming language is an object-oriented, imperative, multi-paradigm system programming language created by Walter Bright of Digital Mars and released in 2001. [.] Though it originated as a re-engineering of \CC, D is a distinct language, having redesigned some core \CC features while also taking inspiration from other languages, notably \Index*{Java}, \Index*{Python}, Ruby, C\#, and Eiffel. D and \CFA both start with C and add productivity features. The obvious difference is that D uses classes and inheritance while \CFA uses composition and interfaces. D is closer to \CFA than \CC since it is limited to single inheritance and also supports interfaces. Like \CC, and unlike \CFA, D uses garbage collection and has compile-time expanded templates. D does not have any built-in concurrency constructs in the language, though it does have a standard library for concurrency which includes the low-level primitives for concurrency. \appendix \section{Syntax Ambiguities} C has a number of syntax ambiguities, which are resolved by taking the longest sequence of overlapping characters that constitute a token. For example, the program fragment ©x+++++y© is parsed as \lstinline[showspaces=true]{x ++ ++ + y} because operator tokens ©++© and ©+© overlap. Unfortunately, the longest sequence violates a constraint on increment operators, even though the parse \lstinline[showspaces=true]{x ++ + ++ y} might yield a correct expression. Hence, C programmers are aware that spaces have to added to disambiguate certain syntactic cases. In \CFA, there are ambiguous cases with dereference and operator identifiers, \eg ©int *?*?()©, where the string ©*?*?© can be interpreted as: \begin{cfa} *?§\Sp§*? §\C{// dereference operator, dereference operator}§ *§\Sp§?*? §\C{// dereference, multiplication operator}§ \end{cfa} By default, the first interpretation is selected, which does not yield a meaningful parse. Therefore, \CFA does a lexical look-ahead for the second case, and backtracks to return the leading unary operator and reparses the trailing operator identifier. Otherwise a space is needed between the unary operator and operator identifier to disambiguate this common case. A similar issue occurs with the dereference, ©*?(...)©, and routine-call, ©?()(...)© identifiers. The ambiguity occurs when the deference operator has no parameters: \begin{cfa} *?()§\R{\textvisiblespace...}§ ; *?()§\R{\textvisiblespace...}§(...) ; \end{cfa} requiring arbitrary whitespace look-ahead for the routine-call parameter-list to disambiguate. However, the dereference operator \emph{must} have a parameter/argument to dereference ©*?(...)©. Hence, always interpreting the string ©*?()© as \lstinline[showspaces=true]{* ?()} does not preclude any meaningful program. The remaining cases are with the increment/decrement operators and conditional expression, \eg: \begin{cfa} i++?§\R{\textvisiblespace...}§(...); i?++§\R{\textvisiblespace...}§(...); \end{cfa} requiring arbitrary whitespace look-ahead for the operator parameter-list, even though that interpretation is an incorrect expression (juxtaposed identifiers). Therefore, it is necessary to disambiguate these cases with a space: \begin{cfa} i++§\Sp§? i : 0; i?§\Sp§++i : 0; \end{cfa} \section{C Incompatibles} The following incompatibles exist between \CFA and C, and are similar to Annex C for \CC~\cite{C++14}. \begin{enumerate} \item \begin{description} \item[Change:] add new keywords \\ New keywords are added to \CFA \see{\VRef{s:CFAKeywords}}. \item[Rationale:] keywords added to implement new semantics of \CFA. \item[Effect on original feature:] change to semantics of well-defined feature. \\ Any \Celeven programs using these keywords as identifiers are invalid \CFA programs. \item[Difficulty of converting:] keyword clashes are accommodated by syntactic transformations using the \CFA backquote escape-mechanism \see{\VRef{s:BackquoteIdentifiers}}. \item[How widely used:] clashes among new \CFA keywords and existing identifiers are rare. \end{description} \item \begin{description} \item[Change:] drop K\&R C declarations \\ K\&R declarations allow an implicit base-type of ©int©, if no type is specified, plus an alternate syntax for declaring parameters. \eg: \begin{cfa} x; §\C{// int x}§ *y; §\C{// int * y}§ f( p1, p2 ); §\C{// int f( int p1, int p2 );}§ g( p1, p2 ) int p1, p2; §\C{// int g( int p1, int p2 );}§ \end{cfa} \CFA continues to support K\&R routine definitions: \begin{cfa} f( a, b, c ) §\C{// default int return}§ int a, b; char c; §\C{// K\&R parameter declarations}§ { ... } \end{cfa} \item[Rationale:] dropped from \Celeven standard.\footnote{ At least one type specifier shall be given in the declaration specifiers in each declaration, and in the specifier-qualifier list in each structure declaration and type name~\cite[\S~6.7.2(2)]{C11}} \item[Effect on original feature:] original feature is deprecated. \\ Any old C programs using these K\&R declarations are invalid \CFA programs. \item[Difficulty of converting:] trivial to convert to \CFA. \item[How widely used:] existing usages are rare. \end{description} \item \begin{description} \item[Change:] type of character literal ©int© to ©char© to allow more intuitive overloading: \begin{cfa} int rtn( int i ); int rtn( char c ); rtn( 'x' ); §\C{// programmer expects 2nd rtn to be called}§ \end{cfa} \item[Rationale:] it is more intuitive for the call to ©rtn© to match the second version of definition of ©rtn© rather than the first. In particular, output of ©char© variable now print a character rather than the decimal ASCII value of the character. \begin{cfa} sout | 'x' | " " | (int)'x'; x 120 \end{cfa} Having to cast ©'x'© to ©char© is non-intuitive. \item[Effect on original feature:] change to semantics of well-defined feature that depend on: \begin{cfa} sizeof( 'x' ) == sizeof( int ) \end{cfa} no long work the same in \CFA programs. \item[Difficulty of converting:] simple \item[How widely used:] programs that depend upon ©sizeof( 'x' )© are rare and can be changed to ©sizeof(char)©. \end{description} \item \begin{description} \item[Change:] make string literals ©const©: \begin{cfa} char * p = "abc"; §\C{// valid in C, deprecated in \CFA}§ char * q = expr ? "abc" : "de"; §\C{// valid in C, invalid in \CFA}§ \end{cfa} The type of a string literal is changed from ©[] char© to ©const [] char©. Similarly, the type of a wide string literal is changed from ©[] wchar_t© to ©const [] wchar_t©. \item[Rationale:] This change is a safety issue: \begin{cfa} char * p = "abc"; p[0] = 'w'; §\C{// segment fault or change constant literal}§ \end{cfa} The same problem occurs when passing a string literal to a routine that changes its argument. \item[Effect on original feature:] change to semantics of well-defined feature. \item[Difficulty of converting:] simple syntactic transformation, because string literals can be converted to ©char *©. \item[How widely used:] programs that have a legitimate reason to treat string literals as pointers to potentially modifiable memory are rare. \end{description} \item \begin{description} \item[Change:] remove \newterm{tentative definitions}, which only occurs at file scope: \begin{cfa} int i; §\C{// forward definition}§ int *j = ®&i®; §\C{// forward reference, valid in C, invalid in \CFA}§ int i = 0; §\C{// definition}§ \end{cfa} is valid in C, and invalid in \CFA because duplicate overloaded object definitions at the same scope level are disallowed. This change makes it impossible to define mutually referential file-local static objects, if initializers are restricted to the syntactic forms of C. For example, \begin{cfa} struct X { int i; struct X *next; }; static struct X a; §\C{// forward definition}§ static struct X b = { 0, ®&a® }; §\C{// forward reference, valid in C, invalid in \CFA}§ static struct X a = { 1, &b }; §\C{// definition}§ \end{cfa} \item[Rationale:] avoids having different initialization rules for builtin types and user-defined types. \item[Effect on original feature:] change to semantics of well-defined feature. \item[Difficulty of converting:] the initializer for one of a set of mutually-referential file-local static objects must invoke a routine call to achieve the initialization. \item[How widely used:] seldom \end{description} \item \begin{description} \item[Change:] have ©struct© introduce a scope for nested types: \begin{cfa} enum ®Colour® { R, G, B, Y, C, M }; struct Person { enum ®Colour® { R, G, B }; §\C{// nested type}§ struct Face { §\C{// nested type}§ ®Colour® Eyes, Hair; §\C{// type defined outside (1 level)}§ }; ®.Colour® shirt; §\C{// type defined outside (top level)}§ ®Colour® pants; §\C{// type defined same level}§ Face looks[10]; §\C{// type defined same level}§ }; ®Colour® c = R; §\C{// type/enum defined same level}§ Person®.Colour® pc = Person®.®R; §\C{// type/enum defined inside}§ Person®.®Face pretty; §\C{// type defined inside}§ \end{cfa} In C, the name of the nested types belongs to the same scope as the name of the outermost enclosing structure, \ie the nested types are hoisted to the scope of the outer-most type, which is not useful and confusing. \CFA is C \emph{incompatible} on this issue, and provides semantics similar to \Index*[C++]{\CC{}}. Nested types are not hoisted and can be referenced using the field selection operator ``©.©'', unlike the \CC scope-resolution operator ``©::©''. \item[Rationale:] ©struct© scope is crucial to \CFA as an information structuring and hiding mechanism. \item[Effect on original feature:] change to semantics of well-defined feature. \item[Difficulty of converting:] Semantic transformation. \item[How widely used:] C programs rarely have nest types because they are equivalent to the hoisted version. \end{description} \item \begin{description} \item[Change:] In C++, the name of a nested class is local to its enclosing class. \item[Rationale:] C++ classes have member functions which require that classes establish scopes. \item[Difficulty of converting:] Semantic transformation. To make the struct type name visible in the scope of the enclosing struct, the struct tag could be declared in the scope of the enclosing struct, before the enclosing struct is defined. Example: \begin{cfa} struct Y; §\C{// struct Y and struct X are at the same scope}§ struct X { struct Y { /* ... */ } y; }; \end{cfa} All the definitions of C struct types enclosed in other struct definitions and accessed outside the scope of the enclosing struct could be exported to the scope of the enclosing struct. Note: this is a consequence of the difference in scope rules, which is documented in 3.3. \item[How widely used:] Seldom. \end{description} \item \begin{description} \item[Change:] remove implicit conversion of ©void *© to or from any ©T *© pointer: \begin{cfa} void foo() { int * b = malloc( sizeof(int) ); §\C{// implicitly convert void * to int *}§ char * c = b; §\C{// implicitly convert int * to void *, and then void * to char *}§ } \end{cfa} \item[Rationale:] increase type safety \item[Effect on original feature:] deletion of semantically well-defined feature. \item[Difficulty of converting:] requires adding a cast \see{\VRef{s:DynamicStorageManagement} for better alternatives}: \begin{cfa} int * b = (int *)malloc( sizeof(int) ); char * c = (char *)b; \end{cfa} \item[How widely used:] Significant. Some C translators already give a warning if the cast is not used. \end{description} \item \begin{description} \item[Change:] Types must be declared in declarations, not in expressions In C, a sizeof expression or cast expression may create a new type. For example, \begin{cfa} p = (void*)(struct x {int i;} *)0; \end{cfa} declares a new type, struct x . \item[Rationale:] This prohibition helps to clarify the location of declarations in the source code. \item[Effect on original feature:] Deletion of a semantically welldefined feature. \item[Difficulty of converting:] Syntactic transformation. \item[How widely used:] Seldom. \end{description} \item \begin{description} \item[Change:] comma expression is disallowed as subscript \item[Rationale:] safety issue to prevent subscripting error for multidimensional arrays: ©x[i,j]© instead of ©x[i][j]©, and this syntactic form then taken by \CFA for new style arrays. \item[Effect on original feature:] change to semantics of well-defined feature. \item[Difficulty of converting:] semantic transformation of ©x[i,j]© to ©x[(i,j)]© \item[How widely used:] Seldom. \end{description} \end{enumerate} \section{\texorpdfstring{\CFA Keywords}{Cforall Keywords}} \label{s:CFAKeywords} \CFA introduces the following new \Index{keyword}s, which cannot be used as identifiers. \begin{cquote} \Indexc{basetypeof}, \Indexc{choose}, \Indexc{coroutine}, \Indexc{disable}, \Indexc{enable}, \Indexc{exception}, \Indexc{fallthrough}, \Indexc{fallthru}, \Indexc{finally}, \Indexc{fixup}, \Indexc{forall},\Indexc{generator}, \Indexc{int128}, \Indexc{monitor}, \Indexc{mutex}, \Indexc{one_t}, \Indexc{report}, \Indexc{suspend}, \Indexc{throw}, \Indexc{throwResume}, \Indexc{trait}, \Indexc{try}, \Indexc{virtual}, \Indexc{waitfor}, \Indexc{when}, \Indexc{with}, \Indexc{zero_t} \end{cquote} \CFA introduces the following new \Index{quasi-keyword}s, which can be used as identifiers. \begin{cquote} \Indexc{catch}, \Indexc{catchResume}, \Indexc{finally}, \Indexc{fixup}, \Indexc{or}, \Indexc{timeout} \end{cquote} \begin{comment} \begin{cquote} \begin{tabular}{@{}lllllll@{}} \begin{tabular}{@{}l@{}} \Indexc{basetypeof} \\ \Indexc{choose} \\ \Indexc{coroutine} \\ \Indexc{disable} \\ \end{tabular} & \begin{tabular}{@{}l@{}} \Indexc{enable} \\ \Indexc{exception} \\ \Indexc{fallthrough} \\ \Indexc{fallthru} \\ \end{tabular} & \begin{tabular}{@{}l@{}} \Indexc{finally} \\ \Indexc{fixup} \\ \Indexc{forall} \\ \Indexc{generator} \\ \end{tabular} & \begin{tabular}{@{}l@{}} \Indexc{int128} \\ \Indexc{monitor} \\ \Indexc{mutex} \\ \Indexc{one_t} \\ \end{tabular} & \begin{tabular}{@{}l@{}} \Indexc{report} \\ \Indexc{suspend} \\ \Indexc{throw} \\ \Indexc{throwResume} \\ \end{tabular} & \begin{tabular}{@{}l@{}} \Indexc{trait} \\ \Indexc{try} \\ \Indexc{virtual} \\ \Indexc{waitfor} \\ \end{tabular} & \begin{tabular}{@{}l@{}} \Indexc{when} \\ \Indexc{with} \\ \Indexc{zero_t} \\ \\ \end{tabular} \end{tabular} \end{cquote} \CFA introduces the following new \Index{quasi-keyword}s, which can be used as identifiers. \begin{cquote} \begin{tabular}{@{}ll@{}} \begin{tabular}{@{}l@{}} \Indexc{catch} \\ \Indexc{catchResume} \\ \Indexc{finally} \\ \end{tabular} & \begin{tabular}{@{}l@{}} \Indexc{fixup} \\ \Indexc{or} \\ \Indexc{timeout} \\ \end{tabular} \end{tabular} \end{cquote} \end{comment} \section{Standard Headers} \label{s:StandardHeaders} \Celeven prescribes the following standard header-files~\cite[\S~7.1.2]{C11}: \begin{cquote} \Indexc{assert.h}, \Indexc{complex.h}, \Indexc{ctype.h}, \Indexc{errno.h}, \Indexc{fenv.h}, \Indexc[deletekeywords=float]{float.h}, \Indexc{inttypes.h}, \Indexc{iso646.h}, \Indexc{limits.h}, \Indexc{locale.h}, \Indexc{math.h}, \Indexc{setjmp.h}, \Indexc{signal.h}, \Indexc{stdalign.h}, \Indexc{stdarg.h}, \Indexc{stdatomic.h}, \Indexc{stdbool.h}, \Indexc{stddef.h}, \Indexc{stdint.h}, \Indexc{stdio.h}, \Indexc{stdlib.h}, \Indexc{stdnoreturn.h}, \Indexc{string.h}, \Indexc{tgmath.h}, \Indexc{threads.h}, \Indexc{time.h}, \Indexc{uchar.h}, \Indexc{wchar.h}, \Indexc{wctype.h} \end{cquote} and \CFA adds to this list: \begin{cquote} \Indexc{gmp.h}, \Indexc{malloc.h}, \Indexc{unistd.h} \end{cquote} \begin{comment} \begin{cquote} \begin{tabular}{@{}llllll|l@{}} \multicolumn{6}{c|}{C11} & \multicolumn{1}{c}{\CFA} \\ \hline \begin{tabular}{@{}l@{}} \Indexc{assert.h} \\ \Indexc{complex.h} \\ \Indexc{ctype.h} \\ \Indexc{errno.h} \\ \Indexc{fenv.h} \\ \end{tabular} & \begin{tabular}{@{}l@{}} \Indexc[deletekeywords=float]{float.h} \\ \Indexc{inttypes.h} \\ \Indexc{iso646.h} \\ \Indexc{limits.h} \\ \Indexc{locale.h} \\ \end{tabular} & \begin{tabular}{@{}l@{}} \Indexc{math.h} \\ \Indexc{setjmp.h} \\ \Indexc{signal.h} \\ \Indexc{stdalign.h} \\ \Indexc{stdarg.h} \\ \end{tabular} & \begin{tabular}{@{}l@{}} \Indexc{stdatomic.h} \\ \Indexc{stdbool.h} \\ \Indexc{stddef.h} \\ \Indexc{stdint.h} \\ \Indexc{stdio.h} \\ \end{tabular} & \begin{tabular}{@{}l@{}} \Indexc{stdlib.h} \\ \Indexc{stdnoreturn.h} \\ \Indexc{string.h} \\ \Indexc{tgmath.h} \\ \Indexc{threads.h} \\ \end{tabular} & \begin{tabular}{@{}l@{}} \Indexc{time.h} \\ \Indexc{uchar.h} \\ \Indexc{wchar.h} \\ \Indexc{wctype.h} \\ \\ \end{tabular} & \begin{tabular}{@{}l@{}} \Indexc{gmp.h} \\ \Indexc{malloc.h} \\ \Indexc{unistd.h} \\ \\ \\ \end{tabular} \end{tabular} \end{cquote} \end{comment} For the prescribed head-files, \CFA uses header interposition to wraps these includes in an ©extern "C"©; hence, names in these include files are not mangled\index{mangling!name} \see{\VRef{s:Interoperability}}. All other C header files must be explicitly wrapped in ©extern "C"© to prevent name mangling. This approach is different from \Index*[C++]{\CC{}} where the name-mangling issue is handled internally in C header-files through checks for preprocessor variable ©__cplusplus©, which adds appropriate ©extern "C"© qualifiers. \section{Standard Library} \label{s:StandardLibrary} \index{standard library} The \CFA standard-library extends existing C library routines by adding new function, wrapping existing explicitly-polymorphic C routines into implicitly-polymorphic versions, and adding new \CFA extensions. \subsection{Dynamic Storage-Management} \label{s:DynamicStorageManagement} \index{dynamic storage-management}\index{storage management} Dynamic storage-management in C is based on explicit allocation and deallocation (©malloc©/©free©). Programmer's must manage all allocated storage via its address (pointer) and subsequently deallocate the storage via this address. Storage that is not deallocated becomes inaccessible, called a \newterm{memory leak}, which can only be detected at program termination. Storage freed twice is an error, called a \newterm{duplicate free}, which can sometimes be detected. Storage used after it is deallocated is an error, called using a \newterm{dangling pointer}, which can sometimes be detected. \subsubsection{C Interface} C dynamic storage-management provides the following properties. \begin{description}[leftmargin=*] \item[fill] storage after an allocation with a specified character or value. \item[align] an allocation on a specified memory boundary, \eg, an address multiple of 64 or 128 for cache-line purposes. \item[scale] an allocation size to the specified number of array elements. An array may be filled, resized, or aligned. \item[resize] an existing allocation to decreased or increased its size. In either direction, new storage may or may not be allocated, but if there is a new allocation, as much data from the existing allocation is copied into the new allocation. When new storage is allocated, it may be aligned and storage after copied data may be filled. \end{description} \VRef[Table]{t:AllocationVersusProperties} shows different combinations of storage-management properties provided by the C and \CFA allocation routines. \begin{table} \caption{Allocation Routines versus Storage-Management Properties} \label{t:AllocationVersusProperties} \centering \begin{minipage}{0.75\textwidth} \begin{tabular}{@{}r|l|l|l|l|l@{}} & \multicolumn{1}{c|}{routine} & \multicolumn{1}{c|}{\textbf{fill}} & \textbf{alignment} & \textbf{scale} & \textbf{resize} \\ \hline C & ©malloc© & no & no & no & no \\ & ©calloc© & yes (0 only) & no & yes & no \\ & ©realloc© & copy & no & no & yes \\ & ©reallocarray© & copy & no & yes & yes \\ & ©memalign© & no & yes & no & no \\ & ©aligned_alloc©\footnote{Same as ©memalign© but size is an integral multiple of alignment.} & no & yes & no & no \\ & ©posix_memalign© & no & yes & no & no \\ & ©valloc© & no & yes (page size)& no & no \\ & ©pvalloc©\footnote{Same as ©valloc© but rounds size to multiple of page size.} & no & yes (page size)& no & no \\ \hline \CFA & ©cmemalign© & yes (0 only) & yes & yes & no \\ & ©resize© & no copy & yes & no & yes \\ & ©realloc© & copy & yes & no & yes \\ & ©alloc©\footnote{Multiple overloads with different parameters.} & yes & yes & yes & yes \end{tabular} \end{minipage} \vspace*{-10pt} \end{table} \subsubsection{\CFA Interface} \CFA dynamic memory management: \begin{enumerate}[leftmargin=\parindent] \item extends type safety of all allocation routines by using the left-hand assignment type to determine the allocation size and alignment, and return a matching type for the new storage, which removes many common allocation errors. \begin{cfa} int * ip = (int *)malloc( sizeof(int) ); §\C[2.3in]{// C}§ int * ip = malloc(); §\C{// \CFA type-safe call of C malloc}§ int * ip = calloc(); §\C{// \CFA type-safe call of C calloc}§ struct __attribute__(( aligned(128) )) spinlock { ... }; // cache alignment spinlock * slp = malloc(); §\C{// correct size, alignment, and return type}\CRT§ \end{cfa} Here, the alignment of the ©ip© storage is 16 (default) and 128 for ©slp©. \item introduces the notion of \newterm{sticky properties} used in resizing. All initial allocation properties are remembered and maintained for use should resize require new storage. For example, the initial alignment and fill properties in the initial allocation \begin{cfa} struct __attribute__(( aligned(4096) )) S { ... }; S * sp = calloc( 10 ); §\C{// align 4K and zero fill}§ sp = reallocarray( sp, 100 ); §\C{// preserve 4K alignment and zero fill new storage}§ \end{cfa} are preserved in the resize so the new storage has the same alignment and extra storage after the data copy is zero filled. Without sticky properties it is dangerous to resize, resulting in the C idiom of manually performing the reallocation to maintain correctness, which is error prone. \item provides resizing without data copying, which is useful to repurpose an existing block of storage, rather than freeing the old storage and performing a new allocation. A resize can take advantage of unused storage after the data to preventing a free/reallocation step altogether. \item provides ©free©/©delete© functions that delete a variable number of allocations. \begin{cfa} int * ip = malloc(), * jp = malloc(), * kp = malloc(); double * xp = malloc(), * yp = malloc(), * zp = malloc(); free( ®ip, jp, kp, xp, yp, zp® ); §\C{// multiple deallocations}§ \end{cfa} \item supports constructors for initialization of allocated storage and destructors for deallocation (like \CC). \begin{cfa} struct S { int v; }; §\C{// default constructors}§ void ^?{}( S & ) { ... } §\C{// destructor}§ S & sp = *®new®( 3 ); §\C{// allocate and call constructor}§ sout | sp.v; ®delete®( &sp ); §\C{// call destructor}§ S * spa1 = ®anew®( 10, 5 ), * spa2 = ®anew®( 10, 8 ); §\C{// allocate array and call constructor for each array element}§ for ( i; 10 ) sout | spa1[i].v | spa2[i].v | nonl; sout | nl; ®adelete®( spa1, spa2 ); §\C{// call destructors on all array objects}§ 3 5 8 5 8 5 8 5 8 5 8 5 8 5 8 5 8 5 8 5 8 \end{cfa} Allocation routines ©new©/©anew© allocate a variable/array and initialize storage using the allocated type's constructor. Note, the matching deallocation routines ©delete©/©adelete©. \CC only supports the default constructor for intializing array elements. \begin{C++} S * sp = new S[10]®{5}®; §\C{// disallowed}§ \end{C++} \end{enumerate} In addition, \CFA provides a new allocator interface to further increase orthogonality and usability of dynamic-memory allocation. This interface helps programmers in three ways. \begin{enumerate} \item naming: \CFA regular and ©ttype© polymorphism (similar to \CC variadic templates) is used to encapsulate a wide range of allocation functionality into a single routine name, so programmers do not have to remember multiple routine names for different kinds of dynamic allocations. \item named arguments: individual allocation properties are specified using postfix function call \see{\VRef{s:PostfixFunction}}, so programmers do not have to remember parameter positions in allocation calls. \item safe usage: like the \CFA's C-interface, programmers do not have to specify object size or cast allocation results. \end{enumerate} The polymorphic functions \begin{cfa} T * alloc( ... ); T * alloc( size_t dim, ... ); \end{cfa} are overloaded with a variable number of allocation properties. These allocation properties can be passed as named arguments when calling the \Indexc{alloc} routine. A call without parameters returns an uninitialized dynamically allocated object of type ©T© (\Indexc{malloc}). A call with only the dimension (dim) parameter returns an uninitialized dynamically allocated array of objects with type ©T© (\Indexc{aalloc}). The variable number of arguments consist of allocation properties to specialize the allocation. The properties ©resize© and ©realloc© are associated with an existing allocation variable indicating how its storage is modified. The following allocation property functions may be combined and appear in any order as arguments to ©alloc©, \begin{itemize} \item ©T_align ?`align( size_t alignment )© to align an allocation. The alignment parameter must be $\ge$ the default alignment (©libAlign()© in \CFA) and a power of two, \eg the following return a dynamic object and object array aligned on a 256 and 4096-byte boundary. \begin{cfa} int * i0 = alloc( ®256`align® ); sout | i0 | nl; int * i1 = alloc( 3, ®4096`align® ); for (i; 3 ) sout | &i1[i] | nonl; sout | nl; free( i0, i1 ); 0x5555565699®00® // 256 alignment 0x55555656c®000® 0x5656c004 0x5656c008 // 4K array alignment \end{cfa} \item ©T_fill(T) ?`fill( /* various types */ )© to initialize storage. There are three ways to fill storage: \begin{enumerate} \item A ©char© fills every byte of each object. \item An object of the returned type fills each object. \item An object array pointer fills some or all of the corresponding object array. \end{enumerate} For example: \begin{cfa}[numbers=left] int * i0 = alloc( ®0n`fill® ); sout | *i0 | nl; // 0n disambiguates 0p int * i1 = alloc( ®5`fill® ); sout | *i1 | nl; int * i2 = alloc( ®'\xfe'`fill® ); sout | hex( *i2 ) | nl; int * i3 = alloc( 5, ®5`fill® ); for ( i; 5 ) sout | i3[i] | nonl; sout | nl; int * i4 = alloc( 5, ®0xdeadbeefN`fill® ); for ( i; 5 ) sout | hex( i4[i] ) | nonl; sout | nl; int * i5 = alloc( 5, ®i3`fill® ); for ( i; 5 ) sout | i5[i] | nonl; sout | nl; // completely fill from i3 int * i6 = alloc( 5, ®[i3, 3]`fill® ); for ( i; 5 ) sout | i6[i] | nonl; sout | nl; // partial fill from i3 free( i0, i1, i2, i3, i4, i5, i6 ); \end{cfa} \begin{lstlisting}[numbers=left] 0 5 0xfefefefe 5 5 5 5 5 0xdeadbeef 0xdeadbeef 0xdeadbeef 0xdeadbeef 0xdeadbeef 5 5 5 5 5 5 5 5 -555819298 -555819298 // two undefined values \end{lstlisting} Examples 1 to 3 fill an object with a value or characters. Examples 4 to 7 fill an array of objects with values, another array, or part of an array. \item ©S_resize(T) ?`resize( void * oaddr )© used to resize, realign, and fill, where the old object data is not copied to the new object. The old object type may be different from the new object type, since the values are not used. For example: \begin{cfa}[numbers=left] int * ip = alloc( ®5`fill® ); sout | ip | *ip; ip = alloc( ®ip`resize®, ®256`align®, ®7`fill® ); sout | ip | *ip; double * dp = alloc( ®ip`resize®, ®4096`align®, ®13.5`fill® ); sout | dp | *dp; free( dp ); // DO NOT FREE ip AS ITS STORAGE IS MOVED TO dp \end{cfa} \begin{lstlisting}[numbers=left] 0x555555580a80 5 0x555555581100 7 0x555555587000 13.5 \end{lstlisting} Examples 2 to 3 change the alignment, fill, and size for the initial storage of ©i©. \begin{cfa}[numbers=left] int * ia = alloc( 5, ®5`fill® ); sout | ia | nonl; for ( i; 5 ) sout | ia[i] | nonl; sout | nl; ia = alloc( 10, ®ia`resize®, ®7`fill® ); sout | ia | nonl; for ( i; 10 ) sout | ia[i] | nonl; sout | nl; ia = alloc( 5, ®ia`resize®, ®512`align®, ®13`fill® ); sout | ia | nonl; for ( i; 5 ) sout | ia[i] | nonl; sout | nl;; ia = alloc( 3, ®ia`resize®, ®4096`align®, ®2`fill® ); for ( i; 3 ) sout | &ia[i] | ia[i] | nonl; sout | nl; free( ia ); \end{cfa} \begin{lstlisting}[numbers=left] 0x55555656d540 5 5 5 5 5 0x55555656d480 7 7 7 7 7 7 7 7 7 7 0x55555656fe00 13 13 13 13 13 0x555556570000 2 0x555556570004 2 0x555556570008 2 \end{lstlisting} Examples 2 to 4 change the array size, alignment, and fill initializes all storage because no data is copied. \item ©S_realloc(T) ?`realloc( T * a ))© used to resize, realign, and fill, where the old object data is copied to the new object. The old object type must be the same as the new object type, since the value is used. Note, for ©fill©, only the extra space after copying the data from the old object is filled with the given parameter. For example: \begin{cfa}[numbers=left] int * ip = alloc( ®5`fill® ); sout | ip | *ip; ip = alloc( ®ip`realloc®, ®256`align® ); sout | ip | *ip; ip = alloc( ®ip`realloc®, ®4096`align®, ®13`fill® ); sout | ip | *ip; free( ip ); \end{cfa} \begin{lstlisting}[numbers=left] 0x55555556d5c0 5 0x555555570000 5 0x555555571000 5 \end{lstlisting} Examples 2 to 3 change the alignment for the initial storage of ©i©. The ©13`fill© in example 3 does nothing because no new storage is added. \begin{cfa}[numbers=left] int * ia = alloc( 5, ®5`fill® ); sout | ia | nonl; for ( i; 5 ) sout | ia[i] | nonl; sout | nl; ia = alloc( 10, ®ia`realloc®, ®7`fill® ); sout | ia | nonl; for ( i; 10 ) sout | ia[i] | nonl; sout | nl; ia = alloc( 5, ®ia`realloc®, ®512`align®, ®13`fill® ); sout | ia | nonl; for ( i; 5 ) sout | ia[i] | nonl; sout | nl;; ia = alloc( 3, ®ia`realloc®, ®4096`align®, ®2`fill® ); for ( i; 3 ) sout | &ia[i] | ia[i] | nonl; sout | nl; free( ia ); \end{cfa} \begin{lstlisting}[numbers=left] 0x55555656d540 5 5 5 5 5 0x55555656d480 7 7 7 7 7 7 7 7 7 7 0x555556570e00 5 5 5 5 5 0x5555556571000 5 0x555556571004 5 0x555556571008 5 \end{lstlisting} Examples 2 to 4 change the array size, alignment, and fill does no initialization after the copied data, as no new storage is added. \end{itemize} \medskip \begin{cfa}[aboveskip=0pt,belowskip=0pt] extern "C" { // New C allocation operations. void * aalloc( size_t dim, size_t elemSize );§\indexc{aalloc}§ void * resize( void * oaddr, size_t size );§\indexc{resize}§ void * amemalign( size_t align, size_t dim, size_t elemSize );§\indexc{amemalign}§ void * cmemalign( size_t align, size_t dim, size_t elemSize );§\indexc{cmemalign}§ size_t malloc_alignment( void * addr );§\indexc{malloc_alignment}§ bool malloc_zero_fill( void * addr );§\indexc{malloc_zero_fill}§ size_t malloc_size( void * addr );§\indexc{malloc_size}§ int malloc_stats_fd( int fd );§\indexc{malloc_stats_fd}§ size_t malloc_expansion();§\indexc{malloc_expansion}§ §\C{// heap expansion size (bytes)}§ size_t malloc_mmap_start();§\indexc{malloc_mmap_start}§ §\C{// crossover allocation size from sbrk to mmap}§ size_t malloc_unfreed();§\indexc{malloc_unfreed()}§ §\C{// heap unfreed size (bytes)}§ void malloc_stats_clear();§\indexc{malloc_stats_clear}§ §\C{// clear heap statistics}§ } // New allocation operations. void * resize( void * oaddr, size_t alignment, size_t size ); void * realloc( void * oaddr, size_t alignment, size_t size ); void * reallocarray( void * oaddr, size_t nalign, size_t dim, size_t elemSize ); forall( T & | sized(T) ) { // §\CFA§ safe equivalents, i.e., implicit size specification, eliminate return-type cast T * malloc( void );§\indexc{malloc}§ T * aalloc( size_t dim );§\indexc{aalloc}§ T * calloc( size_t dim );§\indexc{calloc}§ T * resize( T * ptr, size_t size );§\indexc{resize}§ T * resize( T * ptr, size_t alignment, size_t size ); T * realloc( T * ptr, size_t size );§\indexc{realloc}§ T * realloc( T * ptr, size_t alignment, size_t size ); T * reallocarray( T * ptr, size_t dim );§\indexc{reallocarray}§ T * reallocarray( T * ptr, size_t alignment, size_t dim ); T * memalign( size_t align );§\indexc{memalign}§ T * amemalign( size_t align, size_t dim );§\indexc{amemalign}§ T * cmemalign( size_t align, size_t dim );§\indexc{aalloc}§ T * aligned_alloc( size_t align );§\indexc{aligned_alloc}§ int posix_memalign( T ** ptr, size_t align );§\indexc{posix_memalign}§ T * valloc( void );§\indexc{valloc}§ T * pvalloc( void );§\indexc{pvalloc}§ // §\CFA§ safe general allocation, fill, resize, alignment, array T * alloc( ... );§\indexc{alloc}§ §\C{// variable, T size}§ T * alloc( size_t dim, ... ); T_align ?`align( size_t alignment );§\indexc{align}§ T_fill(T) ?`fill( /* various types */ );§\indexc{fill}§ T_resize ?`resize( void * oaddr );§\indexc{resize}§ T_realloc ?`realloc( void * oaddr ));§\indexc{realloc}§ } forall( T &, List ... ) void free( T * ptr, ... ) // deallocation list // §\CFA§ allocation/deallocation and constructor/destructor, non-array types forall( T &, Parms ... | { void ?{}( T &, Parms ); } ) T * new( Parms ... );§\indexc{new}§ forall( T &, List ... | { void ^?{}( T & ); void delete( List ... ); } );§\indexc{delete}§ // §\CFA§ allocation/deallocation and constructor/destructor, array types forall( T & | sized(T), Parms ... | { void ?{}( T &, Parms ); } ) T * anew( size_t dim, Parms ... );§\indexc{anew}§ forall( T & | sized(T) | { void ^?{}( T & ); }, List ... } ) void adelete( T arr[], List ... );§\indexc{adelete}§ \end{cfa} \subsection{Memory Set and Copy} Like safe memory allocation, \CFA provides safe block initialization and copy. While objects should be initialized/copied with constructors/assignment, block operations can be very performant. In certain cases the compiler generates block copy operations, such as assigning structures ©s = t©, however C arrays cannot be assigned. \begin{cquote} \begin{cfa}[aboveskip=0pt,belowskip=0pt] struct S { int i, j, k; }; S s, t, *sp = &s, * tp = &t, sa[10], ta[10]; \end{cfa} \noindent \begin{tabular}{@{}l|l@{}} \multicolumn{1}{@{}c|}{\textbf{\CFA}} & \multicolumn{1}{c@{}}{\textbf{C}} \\ \begin{cfa}[aboveskip=0pt,belowskip=0pt] memset( s, '\0' ); memset( sp, '\0' ); memcpy( s, t ); memcpy( sp, tp ); amemset( sa, '\0', 10 ); amemcpy( sa, ta, 10 ); \end{cfa} & \begin{cfa}[aboveskip=0pt,belowskip=0pt] memset( &s, '\0', sizeof(s) ); memset( sp, '\0', sizeof(s) ); memcpy( &s, &t, sizeof(s) ); memcpy( sp, tp, sizeof(s) ); memset( sa, '\0', sizeof(sa) ); memcpy( sa, ta, sizeof(sa) ); \end{cfa} \end{tabular} \end{cquote} These operations provide uniformity between reference and pointer, so object dereferencing, '©&©', is unnecessary. \begin{cfa} static inline forall( T & | sized(T) ) { // CFA safe initialization/copy, i.e., implicit size specification, non-array types T * memset( T * dest, char fill );§\indexc{memset}§ §\C{// all combinations of pointer/reference}§ T * memset( T & dest, char fill ); T * memcpy( T * dest, const T * src );§\indexc{memcpy}§ §\C{// all combinations of pointer/reference}§ T * memcpy( T & dest, const T & src ); T * memcpy( T * dest, const T & src ); T * memcpy( T & dest, const T * src ); // CFA safe initialization/copy, i.e., implicit size specification, array types T * amemset( T dest[], char fill, size_t dim );§\indexc{memcpy}§ T * amemcpy( T dest[], const T src[], size_t dim ); } \end{cfa} \subsection{String to Value Conversion} \leavevmode \begin{cfa}[aboveskip=0pt,belowskip=0pt] int ato( const char * ptr );§\indexc{ato}§ unsigned int ato( const char * ptr ); long int ato( const char * ptr ); unsigned long int ato( const char * ptr ); long long int ato( const char * ptr ); unsigned long long int ato( const char * ptr ); float ato( const char * ptr ); double ato( const char * ptr ); long double ato( const char * ptr ); float _Complex ato( const char * ptr ); double _Complex ato( const char * ptr ); long double _Complex ato( const char * ptr ); int strto( const char * sptr, char ** eptr, int base ); unsigned int strto( const char * sptr, char ** eptr, int base ); long int strto( const char * sptr, char ** eptr, int base ); unsigned long int strto( const char * sptr, char ** eptr, int base ); long long int strto( const char * sptr, char ** eptr, int base ); unsigned long long int strto( const char * sptr, char ** eptr, int base ); float strto( const char * sptr, char ** eptr ); double strto( const char * sptr, char ** eptr ); long double strto( const char * sptr, char ** eptr ); float _Complex strto( const char * sptr, char ** eptr ); double _Complex strto( const char * sptr, char ** eptr ); long double _Complex strto( const char * sptr, char ** eptr ); \end{cfa} \subsection{Search / Sort} \leavevmode \begin{cfa}[aboveskip=0pt,belowskip=0pt] forall( T | { int ??( T, T ); } ) T max( T t1, T t2 );§\indexc{max}§ forall( T | { T min( T, T ); T max( T, T ); } ) T clamp( T value, T min_val, T max_val );§\indexc{clamp}§ forall( T ) void swap( T * t1, T * t2 );§\indexc{swap}§ \end{cfa} \section{Math Library} \label{s:Math Library} The \CFA math-library wraps explicitly-polymorphic C math-routines into implicitly-polymorphic versions. \subsection{General} \leavevmode \begin{cfa}[aboveskip=0pt,belowskip=0pt] float ?%?( float, float );§\indexc{fmod}§ float fmod( float, float ); double ?%?( double, double ); double fmod( double, double ); long double ?%?( long double, long double ); long double fmod( long double, long double ); float remainder( float, float );§\indexc{remainder}§ double remainder( double, double ); long double remainder( long double, long double ); float remquo( float, float, int * );§\indexc{remquo}§ double remquo( double, double, int * ); long double remquo( long double, long double, int * ); [ int, float ] remquo( float, float ); [ int, double ] remquo( double, double ); [ int, long double ] remquo( long double, long double ); [ int, float ] div( float, float ); [ int, double ] div( double, double ); [ int, long double ] div( long double, long double ); float fma( float, float, float );§\indexc{fma}§ double fma( double, double, double ); long double fma( long double, long double, long double ); float fdim( float, float );§\indexc{fdim}§ double fdim( double, double ); long double fdim( long double, long double ); float nan( const char * );§\indexc{nan}§ double nan( const char * ); long double nan( const char * ); \end{cfa} \subsection{Exponential} \leavevmode \begin{cfa}[aboveskip=0pt,belowskip=0pt] float exp( float );§\indexc{exp}§ double exp( double ); long double exp( long double ); float _Complex exp( float _Complex ); double _Complex exp( double _Complex ); long double _Complex exp( long double _Complex ); float exp2( float );§\indexc{exp2}§ double exp2( double ); long double exp2( long double ); // float _Complex exp2( float _Complex ); // double _Complex exp2( double _Complex ); // long double _Complex exp2( long double _Complex ); float expm1( float );§\indexc{expm1}§ double expm1( double ); long double expm1( long double ); float pow( float, float );§\indexc{pow}§ double pow( double, double ); long double pow( long double, long double ); float _Complex pow( float _Complex, float _Complex ); double _Complex pow( double _Complex, double _Complex ); long double _Complex pow( long double _Complex, long double _Complex ); \end{cfa} \subsection{Logarithm} \leavevmode \begin{cfa}[aboveskip=0pt,belowskip=0pt] float log( float );§\indexc{log}§ double log( double ); long double log( long double ); float _Complex log( float _Complex ); double _Complex log( double _Complex ); long double _Complex log( long double _Complex ); int log2( unsigned int );§\indexc{log2}§ long int log2( unsigned long int ); long long int log2( unsigned long long int ) float log2( float ); double log2( double ); long double log2( long double ); // float _Complex log2( float _Complex ); // double _Complex log2( double _Complex ); // long double _Complex log2( long double _Complex ); float log10( float );§\indexc{log10}§ double log10( double ); long double log10( long double ); // float _Complex log10( float _Complex ); // double _Complex log10( double _Complex ); // long double _Complex log10( long double _Complex ); float log1p( float );§\indexc{log1p}§ double log1p( double ); long double log1p( long double ); int ilogb( float );§\indexc{ilogb}§ int ilogb( double ); int ilogb( long double ); float logb( float );§\indexc{logb}§ double logb( double ); long double logb( long double ); float sqrt( float );§\indexc{sqrt}§ double sqrt( double ); long double sqrt( long double ); float _Complex sqrt( float _Complex ); double _Complex sqrt( double _Complex ); long double _Complex sqrt( long double _Complex ); float cbrt( float );§\indexc{cbrt}§ double cbrt( double ); long double cbrt( long double ); float hypot( float, float );§\indexc{hypot}§ double hypot( double, double ); long double hypot( long double, long double ); \end{cfa} \subsection{Trigonometric} \leavevmode \begin{cfa}[aboveskip=0pt,belowskip=0pt] float sin( float );§\indexc{sin}§ double sin( double ); long double sin( long double ); float _Complex sin( float _Complex ); double _Complex sin( double _Complex ); long double _Complex sin( long double _Complex ); float cos( float );§\indexc{cos}§ double cos( double ); long double cos( long double ); float _Complex cos( float _Complex ); double _Complex cos( double _Complex ); long double _Complex cos( long double _Complex ); float tan( float );§\indexc{tan}§ double tan( double ); long double tan( long double ); float _Complex tan( float _Complex ); double _Complex tan( double _Complex ); long double _Complex tan( long double _Complex ); float asin( float );§\indexc{asin}§ double asin( double ); long double asin( long double ); float _Complex asin( float _Complex ); double _Complex asin( double _Complex ); long double _Complex asin( long double _Complex ); float acos( float );§\indexc{acos}§ double acos( double ); long double acos( long double ); float _Complex acos( float _Complex ); double _Complex acos( double _Complex ); long double _Complex acos( long double _Complex ); float atan( float );§\indexc{atan}§ double atan( double ); long double atan( long double ); float _Complex atan( float _Complex ); double _Complex atan( double _Complex ); long double _Complex atan( long double _Complex ); float atan2( float, float );§\indexc{atan2}§ double atan2( double, double ); long double atan2( long double, long double ); float atan( float, float ); §\C{// alternative name for atan2}§ double atan( double, double );§\indexc{atan}§ long double atan( long double, long double ); \end{cfa} \subsection{Hyperbolic} \leavevmode \begin{cfa}[aboveskip=0pt,belowskip=0pt] float sinh( float );§\indexc{sinh}§ double sinh( double ); long double sinh( long double ); float _Complex sinh( float _Complex ); double _Complex sinh( double _Complex ); long double _Complex sinh( long double _Complex ); float cosh( float );§\indexc{cosh}§ double cosh( double ); long double cosh( long double ); float _Complex cosh( float _Complex ); double _Complex cosh( double _Complex ); long double _Complex cosh( long double _Complex ); float tanh( float );§\indexc{tanh}§ double tanh( double ); long double tanh( long double ); float _Complex tanh( float _Complex ); double _Complex tanh( double _Complex ); long double _Complex tanh( long double _Complex ); float asinh( float );§\indexc{asinh}§ double asinh( double ); long double asinh( long double ); float _Complex asinh( float _Complex ); double _Complex asinh( double _Complex ); long double _Complex asinh( long double _Complex ); float acosh( float );§\indexc{acosh}§ double acosh( double ); long double acosh( long double ); float _Complex acosh( float _Complex ); double _Complex acosh( double _Complex ); long double _Complex acosh( long double _Complex ); float atanh( float );§\indexc{atanh}§ double atanh( double ); long double atanh( long double ); float _Complex atanh( float _Complex ); double _Complex atanh( double _Complex ); long double _Complex atanh( long double _Complex ); \end{cfa} \subsection{Error / Gamma} \leavevmode \begin{cfa}[aboveskip=0pt,belowskip=0pt] float erf( float );§\indexc{erf}§ double erf( double ); long double erf( long double ); float _Complex erf( float _Complex ); double _Complex erf( double _Complex ); long double _Complex erf( long double _Complex ); float erfc( float );§\indexc{erfc}§ double erfc( double ); long double erfc( long double ); float _Complex erfc( float _Complex ); double _Complex erfc( double _Complex ); long double _Complex erfc( long double _Complex ); float lgamma( float );§\indexc{lgamma}§ double lgamma( double ); long double lgamma( long double ); float lgamma( float, int * ); double lgamma( double, int * ); long double lgamma( long double, int * ); float tgamma( float );§\indexc{tgamma}§ double tgamma( double ); long double tgamma( long double ); \end{cfa} \subsection{Nearest Integer} \leavevmode \begin{cfa}[aboveskip=0pt,belowskip=0pt] // n / align * align signed char floor( signed char n, signed char align ); unsigned char floor( unsigned char n, unsigned char align ); short int floor( short int n, short int align ); unsigned short int floor( unsigned short int n, unsigned short int align ); int floor( int n, int align ); unsigned int floor( unsigned int n, unsigned int align ); long int floor( long int n, long int align ); unsigned long int floor( unsigned long int n, unsigned long int align ); long long int floor( long long int n, long long int align ); unsigned long long int floor( unsigned long long int n, unsigned long long int align ); // (n + (align - 1)) / align signed char ceiling_div( signed char n, char align ); unsigned char ceiling_div( unsigned char n, unsigned char align ); short int ceiling_div( short int n, short int align ); unsigned short int ceiling_div( unsigned short int n, unsigned short int align ); int ceiling_div( int n, int align ); unsigned int ceiling_div( unsigned int n, unsigned int align ); long int ceiling_div( long int n, long int align ); unsigned long int ceiling_div( unsigned long int n, unsigned long int align ); long long int ceiling_div( long long int n, long long int align ); unsigned long long int ceiling_div( unsigned long long int n, unsigned long long int align ); // floor( n + (n % align != 0 ? align - 1 : 0), align ) signed char ceiling( signed char n, signed char align ); unsigned char ceiling( unsigned char n, unsigned char align ); short int ceiling( short int n, short int align ); unsigned short int ceiling( unsigned short int n, unsigned short int align ); int ceiling( int n, int align ); unsigned int ceiling( unsigned int n, unsigned int align ); long int ceiling( long int n, long int align ); unsigned long int ceiling( unsigned long int n, unsigned long int align ); long long int ceiling( long long int n, long long int align ); unsigned long long int ceiling( unsigned long long int n, unsigned long long int align ); float floor( float );§\indexc{floor}§ double floor( double ); long double floor( long double ); float ceil( float );§\indexc{ceil}§ double ceil( double ); long double ceil( long double ); float trunc( float );§\indexc{trunc}§ double trunc( double ); long double trunc( long double ); float rint( float );§\indexc{rint}§ long double rint( long double ); long int rint( float ); long int rint( double ); long int rint( long double ); long long int rint( float ); long long int rint( double ); long long int rint( long double ); long int lrint( float );§\indexc{lrint}§ long int lrint( double ); long int lrint( long double ); long long int llrint( float ); long long int llrint( double ); long long int llrint( long double ); float nearbyint( float );§\indexc{nearbyint}§ double nearbyint( double ); long double nearbyint( long double ); float round( float );§\indexc{round}§ long double round( long double ); long int round( float ); long int round( double ); long int round( long double ); long long int round( float ); long long int round( double ); long long int round( long double ); long int lround( float );§\indexc{lround}§ long int lround( double ); long int lround( long double ); long long int llround( float ); long long int llround( double ); long long int llround( long double ); \end{cfa} \subsection{Manipulation} \leavevmode \begin{cfa}[aboveskip=0pt,belowskip=0pt] float copysign( float, float );§\indexc{copysign}§ double copysign( double, double ); long double copysign( long double, long double ); float frexp( float, int * );§\indexc{frexp}§ double frexp( double, int * ); long double frexp( long double, int * ); float ldexp( float, int );§\indexc{ldexp}§ double ldexp( double, int ); long double ldexp( long double, int ); [ float, float ] modf( float );§\indexc{modf}§ float modf( float, float * ); [ double, double ] modf( double ); double modf( double, double * ); [ long double, long double ] modf( long double ); long double modf( long double, long double * ); float nextafter( float, float );§\indexc{nextafter}§ double nextafter( double, double ); long double nextafter( long double, long double ); float nexttoward( float, long double );§\indexc{nexttoward}§ double nexttoward( double, long double ); long double nexttoward( long double, long double ); float scalbn( float, int );§\indexc{scalbn}§ double scalbn( double, int ); long double scalbn( long double, int ); float scalbln( float, long int );§\indexc{scalbln}§ double scalbln( double, long int ); long double scalbln( long double, long int ); \end{cfa} \section{Time Keeping} \label{s:TimeKeeping} %\subsection{\texorpdfstring{\protect\lstinline{Duration}}{Duration}} \subsection{\texorpdfstring{\LstBasicStyle{Duration}}{Duration}} \label{s:Duration} \leavevmode \begin{cfa}[aboveskip=0pt,belowskip=0pt] struct Duration { int64_t tn; §\C{// nanoseconds}§ }; void ?{}( Duration & dur ); void ?{}( Duration & dur, zero_t ); void ?{}( Duration & dur, timeval t ) void ?{}( Duration & dur, timespec t ) Duration ?=?( Duration & dur, zero_t ); Duration ?=?( Duration & dur, timeval t ) Duration ?=?( Duration & dur, timespec t ) Duration +?( Duration rhs ); Duration ?+?( Duration & lhs, Duration rhs ); Duration ?+=?( Duration & lhs, Duration rhs ); Duration -?( Duration rhs ); Duration ?-?( Duration & lhs, Duration rhs ); Duration ?-=?( Duration & lhs, Duration rhs ); Duration ?*?( Duration lhs, int64_t rhs ); Duration ?*?( int64_t lhs, Duration rhs ); Duration ?*=?( Duration & lhs, int64_t rhs ); int64_t ?/?( Duration lhs, Duration rhs ); Duration ?/?( Duration lhs, int64_t rhs ); Duration ?/=?( Duration & lhs, int64_t rhs ); double div( Duration lhs, Duration rhs ); Duration ?%?( Duration lhs, Duration rhs ); Duration ?%=?( Duration & lhs, Duration rhs ); bool ?==?( Duration lhs, zero_t ); bool ?!=?( Duration lhs, zero_t ); bool ?? ( Duration lhs, zero_t ); bool ?>=?( Duration lhs, zero_t ); bool ?==?( Duration lhs, Duration rhs ); bool ?!=?( Duration lhs, Duration rhs ); bool ?? ( Duration lhs, Duration rhs ); bool ?>=?( Duration lhs, Duration rhs ); Duration abs( Duration rhs ); Duration ?`ns( int64_t nsec ); Duration ?`us( int64_t usec ); Duration ?`ms( int64_t msec ); Duration ?`s( int64_t sec ); Duration ?`s( double sec ); Duration ?`m( int64_t min ); Duration ?`m( double min ); Duration ?`h( int64_t hours ); Duration ?`h( double hours ); Duration ?`d( int64_t days ); Duration ?`d( double days ); Duration ?`w( int64_t weeks ); Duration ?`w( double weeks ); int64_t ?`ns( Duration dur ); int64_t ?`us( Duration dur ); int64_t ?`ms( Duration dur ); int64_t ?`s( Duration dur ); int64_t ?`m( Duration dur ); int64_t ?`h( Duration dur ); int64_t ?`d( Duration dur ); int64_t ?`w( Duration dur ); double ?`dns( Duration dur ); double ?`dus( Duration dur ); double ?`dms( Duration dur ); double ?`ds( Duration dur ); double ?`dm( Duration dur ); double ?`dh( Duration dur ); double ?`dd( Duration dur ); double ?`dw( Duration dur ); Duration max( Duration lhs, Duration rhs ); Duration min( Duration lhs, Duration rhs ); forall( ostype & | ostream( ostype ) ) ostype & ?|?( ostype & os, Duration dur ); \end{cfa} %\subsection{\texorpdfstring{\protect\lstinline{timeval}}{timeval}} \subsection{\texorpdfstring{\LstBasicStyle{timeval}}{timeval}} \label{s:timeval} \leavevmode \begin{cfa}[aboveskip=0pt,belowskip=0pt] void ?{}( timeval & t ); void ?{}( timeval & t, zero_t ); void ?{}( timeval & t, time_t sec, suseconds_t usec ); void ?{}( timeval & t, time_t sec ); void ?{}( timeval & t, Time time ); timeval ?=?( timeval & t, zero_t ); timeval ?+?( timeval & lhs, timeval rhs ); timeval ?-?( timeval & lhs, timeval rhs ); bool ?==?( timeval lhs, timeval rhs ); bool ?!=?( timeval lhs, timeval rhs ); \end{cfa} %\subsection{\texorpdfstring{\protect\lstinline{timespec}}{timespec}} \subsection{\texorpdfstring{\LstBasicStyle{timespec}}{timespec}} \label{s:timespec} \leavevmode \begin{cfa}[aboveskip=0pt,belowskip=0pt] void ?{}( timespec & t ); void ?{}( timespec & t, zero_t ); void ?{}( timespec & t, time_t sec, __syscall_slong_t nsec ); void ?{}( timespec & t, time_t sec ); void ?{}( timespec & t, Time time ); timespec ?=?( timespec & t, zero_t ); timespec ?+?( timespec & lhs, timespec rhs ); timespec ?-?( timespec & lhs, timespec rhs ); bool ?==?( timespec lhs, timespec rhs ); bool ?!=?( timespec lhs, timespec rhs ); \end{cfa} %\subsection{\texorpdfstring{\protect\lstinline{itimerval}}{itimerval}} \subsection{\texorpdfstring{\LstBasicStyle{itimerval}}{itimerval}} \label{s:itimerval} \leavevmode \begin{cfa}[aboveskip=0pt,belowskip=0pt] void ?{}( itimerval & itv, Duration alarm ); void ?{}( itimerval & itv, Duration alarm, Duration interval ); \end{cfa} %\subsection{\texorpdfstring{\protect\lstinline{Time}}{Time}} \subsection{\texorpdfstring{\LstBasicStyle{Time}}{Time}} \label{s:Time} \leavevmode \begin{cfa}[aboveskip=0pt,belowskip=0pt] struct Time { uint64_t tn; §\C{// nanoseconds since UNIX epoch}§ }; void ?{}( Time & time ); void ?{}( Time & time, zero_t ); void ?{}( Time & time, timeval t ); void ?{}( Time & time, timespec t ); Time ?=?( Time & time, zero_t ); Time ?=?( Time & time, timeval t ); Time ?=?( Time & time, timespec t ); Time ?+?( Time & lhs, Duration rhs ); Time ?+?( Duration lhs, Time rhs ); Time ?+=?( Time & lhs, Duration rhs ); Duration ?-?( Time lhs, Time rhs ); Time ?-?( Time lhs, Duration rhs ); Time ?-=?( Time & lhs, Duration rhs ); bool ?==?( Time lhs, Time rhs ); bool ?!=?( Time lhs, Time rhs ); bool ??( Time lhs, Time rhs ); bool ?>=?( Time lhs, Time rhs ); int64_t ?`ns( Time t ); char * yy_mm_dd( Time time, char * buf ); char * ?`ymd( Time time, char * buf ); // short form char * mm_dd_yy( Time time, char * buf ); char * ?`mdy( Time time, char * buf ); // short form char * dd_mm_yy( Time time, char * buf ); char * ?`dmy( Time time, char * buf ); // short form size_t strftime( char * buf, size_t size, const char * fmt, Time time ); forall( ostype & | ostream( ostype ) ) ostype & ?|?( ostype & os, Time time ); \end{cfa} \section{Clock} \subsection{C time} \label{s:Ctime} \leavevmode \begin{cfa}[aboveskip=0pt,belowskip=0pt] char * ctime( time_t tp ); char * ctime_r( time_t tp, char * buf ); tm * gmtime( time_t tp ); tm * gmtime_r( time_t tp, tm * result ); tm * localtime( time_t tp ); tm * localtime_r( time_t tp, tm * result ); \end{cfa} %\subsection{\texorpdfstring{\protect\lstinline{Clock}}{Clock}} \subsection{\texorpdfstring{\LstBasicStyle{Clock}}{Clock}} \label{s:Clock} \leavevmode \begin{cfa}[aboveskip=0pt,belowskip=0pt] struct Clock { §\C{// virtual clock}§ Duration offset; §\C{// offset from computer real-time}§ }; void ?{}( Clock & clk ); §\C{// create no offset}§ void ?{}( Clock & clk, Duration adj ); §\C{// create with offset}§ void reset( Clock & clk, Duration adj ); §\C{// change offset}§ Duration resolutionHi(); §\C{// clock resolution in nanoseconds (fine)}§ Duration resolution(); §\C{// clock resolution without nanoseconds (coarse)}§ Time timeHiRes(); §\C{// real time with nanoseconds}§ Time time(); §\C{// real time without nanoseconds}§ Time time( Clock & clk ); §\C{// real time for given clock}§ Time ?()( Clock & clk ); §\C{//\ \ \ \ alternative syntax}§ timeval time( Clock & clk ); §\C{// convert to C time format}§ tm time( Clock & clk ); Duration processor(); §\C{// non-monotonic duration of kernel thread}§ Duration program(); §\C{// non-monotonic duration of program CPU}§ Duration boot(); §\C{// monotonic duration since computer boot}§ \end{cfa} \section{Pseudo Random Number Generator} \label{s:PRNG} Random numbers are values generated independently, i.e., new values do not depend on previous values (independent trials), \eg lottery numbers, shuffled cards, dice roll, coin flip. While a primary goal of programming is computing values that are \emph{not} random, random values are useful in simulation, cryptography, games, etc. A random-number generator is an algorithm that computes independent values. If the algorithm uses deterministic computation (a predictable sequence of values), it generates \emph{pseudo} random numbers versus \emph{true} random numbers. All \newterm{pseudo random-number generators} (\newterm{PRNG}) involve some technique to scramble bits of a value, \eg multiplicative recurrence: \begin{cfa} rand = 33967 * (rand + 1063); // scramble bits \end{cfa} Multiplication of large values adds new least-significant bits and drops most-significant bits. \begin{quote} \begin{tabular}{@{}r|l@{}} bits 63--32 (most) & bits 31--0 (least) \\ \hline ©0x0© & ©0x3e8e36© \\ ©0x5f© & ©0x718c25e1© \\ ©0xad3e© & ©0x7b5f1dbe© \\ ©0xbc3b© & ©0xac69ff19© \\ ©0x1070f© & ©0x2d258dc6© \end{tabular} \end{quote} By dropping bits 63--32, bits 31--0 become scrambled after each multiply. The least-significant bits \emph{appear} random but the same bits are always generated given a fixed starting value, called the \newterm{seed} (value 0x3e8e36 above). Hence, if a program uses the same seed, the same sequence of pseudo-random values is generated from the PRNG. Often the seed is set to another random value like a program's process identifier (\Indexc{getpid}) or time when the program is run; hence, one random value bootstraps another. Finally, a PRNG usually generates a range of large values, \eg ©[0, UINT_MAX]©, which are scaled using the modulus operator, \eg ©prng() % 5© produces random values in the range 0--4. \CFA provides 32/64-bit sequential PRNG type only accessible by a single thread (not thread-safe) and a set of global routines and companion thread PRNG functions accessible by multiple threads without contention. To use the PRNG interface \Textbf{requires including \Indexc{stdlib.hfa}}. \begin{itemize} \item The ©PRNG© types for sequential programs, including coroutining, are: \begin{cfa} struct PRNG32 {}; §\C{// opaque type, no copy or assignment}§ void ?{}( PRNG32 & prng, uint32_t seed ); §\C{// fixed seed}§ void ?{}( PRNG32 & prng ); §\C{// random seed}§ void set_seed( PRNG32 & prng, uint32_t seed ); §\C{// set seed}§ uint32_t get_seed( PRNG32 & prng ); §\C{// get seed}§ uint32_t prng( PRNG32 & prng ); §\C{// [0,UINT\_MAX]}§ uint32_t prng( PRNG32 & prng, uint32_t u ); §\C{// [0,u)}§ uint32_t prng( PRNG32 & prng, uint32_t l, uint32_t u ); §\C{// [l,u]}§ uint32_t calls( PRNG32 & prng ); §\C{// number of calls}§ void copy( PRNG32 & dst, PRNG32 & src ); §\C{// checkpoint PRNG state}§ \end{cfa} \begin{cfa} struct PRNG64 {}; §\C{// opaque type, no copy or assignment}§ void ?{}( PRNG64 & prng, uint64_t seed ); §\C{// fixed seed}§ void ?{}( PRNG64 & prng ); §\C{// random seed}§ void set_seed( PRNG64 & prng, uint64_t seed ); §\C{// set seed}§ uint64_t get_seed( PRNG64 & prng ); §\C{// get seed}§ uint64_t prng( PRNG64 & prng ); §\C{// [0,UINT\_MAX]}§ uint64_t prng( PRNG64 & prng, uint64_t u ); §\C{// [0,u)}§ uint64_t prng( PRNG64 & prng, uint64_t l, uint64_t u ); §\C{// [l,u]}§ uint64_t calls( PRNG64 & prng ); §\C{// number of calls}§ void copy( PRNG64 & dst, PRNG64 & src ); §\C{// checkpoint PRNG state}§ \end{cfa} The type ©PRNG© is aliased to ©PRNG64© on 64-bit architectures and ©PRNG32© on 32-bit architectures. A ©PRNG© object is used to randomize behaviour or values during execution, \eg in games, a character makes a random move or an object takes on a random value. In this scenario, it is useful to have multiple ©PRNG© objects, \eg one per player or object. However, sequential execution is still repeatable given the same starting seeds for all ©PRNG©s. \VRef[Figure]{f:SequentialPRNG} shows an example that creates two sequential ©PRNG©s, sets both to the same seed (1009), and illustrates the three forms for generating random values, where both ©PRNG©s generate the same sequence of values. Note, to prevent accidental PRNG copying, the copy constructor and assignment are hidden. To copy a PRNG for checkpointing, use the explicit ©copy© member. \begin{figure} \begin{cfa} PRNG sprng1, sprng2; §\C{// select appropriate 32/64-bit PRNG}§ ®set_seed( sprng1, 1009 )®; ®set_seed( sprng2, 1009 )®; for ( 10 ) { // Do not cascade prng calls because side-effect functions called in arbitrary order. sout | nlOff | ®prng( sprng1 )®; sout | ®prng( sprng1, 5 )®; sout | ®prng( sprng1, 0, 5 )® | '\t'; sout | ®prng( sprng2 )®; sout | ®prng( sprng2, 5 )®; sout | ®prng( sprng2, 0, 5 )® | nlOn; } \end{cfa} \begin{cquote} \begin{tabular}{@{}ll@{}} \begin{cfa} 37301721 2 2 1681308562 1 3 290112364 3 2 1852700364 4 3 733221210 1 3 1775396023 2 3 123981445 2 3 2062557687 2 0 283934808 1 0 672325890 1 3 \end{cfa} & \begin{cfa} 37301721 2 2 1681308562 1 3 290112364 3 2 1852700364 4 3 733221210 1 3 1775396023 2 3 123981445 2 3 2062557687 2 0 283934808 1 0 672325890 1 3 \end{cfa} \end{tabular} \end{cquote} \caption{Sequential PRNG} \label{f:SequentialPRNG} \end{figure} \item The PRNG global and companion thread functions are for concurrent programming, such as randomizing execution in short-running programs, \eg ©yield( prng() % 5 )©. \begin{cfa} void set_seed( size_t seed ); §\C{// set global seed}§ size_t get_seed(); §\C{// get global seed}§ // SLOWER, global routines size_t prng( void ); §\C{// [0,UINT\_MAX]}§ size_t prng( size_t u ); §\C{// [0,u)}§ size_t prng( size_t l, size_t u ); §\C{// [l,u]}§ // FASTER, thread members size_t prng( §thread\LstStringStyle{\textdollar}§ & th ); §\C{// [0,UINT\_MAX]}§ size_t prng( §thread\LstStringStyle{\textdollar}§ & th, size_t u ); §\C{// [0,u)}§ size_t prng( §thread\LstStringStyle{\textdollar}§ & th, size_t l, size_t u ); §\C{// [l,u]}§ \end{cfa} The only difference between the two sets of ©prng© routines is performance. Because concurrent execution is non-deterministic, seeding the concurrent PRNG is less important, as repeatable execution is impossible. Hence, there is one system-wide PRNG (global seed) but each \CFA thread has its own non-contended PRNG state. If the global seed is set, threads start with this seed, until it is reset and then threads start with the reset seed. Hence, these threads generate the same sequence of random numbers from their specific starting seed. If the global seed is \emph{not} set, threads start with a random seed, until the global seed is set. Hence, these threads generate different sequences of random numbers. If each thread needs its own seed, use a sequential ©PRNG© in each thread. The slower ©prng© global functions, \ie \emph{without} a thread argument, call ©active_thread© internally to indirectly access the current thread's PRNG state, while the faster ©prng© functions, \ie \emph{with} a thread argument, directly access the thread through the thread parameter. If a thread pointer is available, \eg in thread main, eliminating the call to ©active_thread© significantly reduces the cost of accessing the thread's PRNG state. \VRef[Figure]{f:ConcurrentPRNG} shows an example using the slower/faster concurrent PRNG in the program main and a thread. \begin{figure} \begin{cfa} thread T {}; void main( ®T & th® ) { // thread address for ( i; 10 ) { sout | nlOff | ®prng()®; sout | ®prng( 5 )®; sout | ®prng( 0, 5 )® | '\t'; // SLOWER sout | nlOff | ®prng( th )®; sout | ®prng( th, 5 )®; sout | ®prng( th, 0, 5 )® | nlOn; // FASTER } } int main() { set_seed( 1009 ); §\R{thread\LstStringStyle{\textdollar}}§ ®& th = *active_thread()®; // program-main thread-address for ( i; 10 ) { sout | nlOff | ®prng()®; sout | ®prng( 5 )®; sout | ®prng( 0, 5 )® | '\t'; // SLOWER sout | nlOff | ®prng( th )®; sout | ®prng( th, 5 )®; sout | ®prng( th, 0, 5 )® | nlOn; // FASTER } sout | nl; T t; // run thread } \end{cfa} \begin{cquote} \begin{tabular}{@{}ll@{}} \begin{cfa} 37301721 2 2 290112364 3 2 733221210 1 3 123981445 2 3 283934808 1 0 1414344101 1 3 871831898 3 4 2142057611 4 4 802117363 0 4 2346353643 1 3 \end{cfa} & \begin{cfa} 1681308562 1 3 1852700364 4 3 1775396023 2 3 2062557687 2 0 672325890 1 3 873424536 3 4 866783532 0 1 17310256 2 5 492964499 0 0 2143013105 3 2 \end{cfa} \end{tabular} \begin{cfa} // same output as above from thread t \end{cfa} \end{cquote} \caption{Concurrent PRNG} \label{f:ConcurrentPRNG} \end{figure} \end{itemize} \section{Multi-precision Integers} \label{s:MultiPrecisionIntegers} \CFA has an interface to the GMP \Index{multi-precision} signed-integers~\cite{GMP}, similar to the \CC interface provided by GMP. The \CFA interface wraps GMP routines into operator routines to make programming with multi-precision integers identical to using fixed-sized integers. The \CFA type name for multi-precision signed-integers is \Indexc{Int} and the header file is \Indexc{gmp}. \begin{cfa} void ?{}( Int * this ); §\C{// constructor/destructor}§ void ?{}( Int * this, Int init ); void ?{}( Int * this, zero_t ); void ?{}( Int * this, one_t ); void ?{}( Int * this, signed long int init ); void ?{}( Int * this, unsigned long int init ); void ?{}( Int * this, const char * val ); void ^?{}( Int * this ); Int ?=?( Int * lhs, Int rhs ); §\C{// assignment}§ Int ?=?( Int * lhs, long int rhs ); Int ?=?( Int * lhs, unsigned long int rhs ); Int ?=?( Int * lhs, const char * rhs ); char ?=?( char * lhs, Int rhs ); short int ?=?( short int * lhs, Int rhs ); int ?=?( int * lhs, Int rhs ); long int ?=?( long int * lhs, Int rhs ); unsigned char ?=?( unsigned char * lhs, Int rhs ); unsigned short int ?=?( unsigned short int * lhs, Int rhs ); unsigned int ?=?( unsigned int * lhs, Int rhs ); unsigned long int ?=?( unsigned long int * lhs, Int rhs ); long int narrow( Int val ); unsigned long int narrow( Int val ); int ?==?( Int oper1, Int oper2 ); §\C{// comparison}§ int ?==?( Int oper1, long int oper2 ); int ?==?( long int oper2, Int oper1 ); int ?==?( Int oper1, unsigned long int oper2 ); int ?==?( unsigned long int oper2, Int oper1 ); int ?!=?( Int oper1, Int oper2 ); int ?!=?( Int oper1, long int oper2 ); int ?!=?( long int oper1, Int oper2 ); int ?!=?( Int oper1, unsigned long int oper2 ); int ?!=?( unsigned long int oper1, Int oper2 ); int ??( Int oper1, Int oper2 ); int ?>?( Int oper1, long int oper2 ); int ?>?( long int oper1, Int oper2 ); int ?>?( Int oper1, unsigned long int oper2 ); int ?>?( unsigned long int oper1, Int oper2 ); int ?>=?( Int oper1, Int oper2 ); int ?>=?( Int oper1, long int oper2 ); int ?>=?( long int oper1, Int oper2 ); int ?>=?( Int oper1, unsigned long int oper2 ); int ?>=?( unsigned long int oper1, Int oper2 ); Int +?( Int oper ); §\C{// arithmetic}§ Int -?( Int oper ); Int ~?( Int oper ); Int ?&?( Int oper1, Int oper2 ); Int ?&?( Int oper1, long int oper2 ); Int ?&?( long int oper1, Int oper2 ); Int ?&?( Int oper1, unsigned long int oper2 ); Int ?&?( unsigned long int oper1, Int oper2 ); Int ?&=?( Int * lhs, Int rhs ); Int ?|?( Int oper1, Int oper2 ); Int ?|?( Int oper1, long int oper2 ); Int ?|?( long int oper1, Int oper2 ); Int ?|?( Int oper1, unsigned long int oper2 ); Int ?|?( unsigned long int oper1, Int oper2 ); Int ?|=?( Int * lhs, Int rhs ); Int ?^?( Int oper1, Int oper2 ); Int ?^?( Int oper1, long int oper2 ); Int ?^?( long int oper1, Int oper2 ); Int ?^?( Int oper1, unsigned long int oper2 ); Int ?^?( unsigned long int oper1, Int oper2 ); Int ?^=?( Int * lhs, Int rhs ); Int ?+?( Int addend1, Int addend2 ); Int ?+?( Int addend1, long int addend2 ); Int ?+?( long int addend2, Int addend1 ); Int ?+?( Int addend1, unsigned long int addend2 ); Int ?+?( unsigned long int addend2, Int addend1 ); Int ?+=?( Int * lhs, Int rhs ); Int ?+=?( Int * lhs, long int rhs ); Int ?+=?( Int * lhs, unsigned long int rhs ); Int ++?( Int * lhs ); Int ?++( Int * lhs ); Int ?-?( Int minuend, Int subtrahend ); Int ?-?( Int minuend, long int subtrahend ); Int ?-?( long int minuend, Int subtrahend ); Int ?-?( Int minuend, unsigned long int subtrahend ); Int ?-?( unsigned long int minuend, Int subtrahend ); Int ?-=?( Int * lhs, Int rhs ); Int ?-=?( Int * lhs, long int rhs ); Int ?-=?( Int * lhs, unsigned long int rhs ); Int --?( Int * lhs ); Int ?--( Int * lhs ); Int ?*?( Int multiplicator, Int multiplicand ); Int ?*?( Int multiplicator, long int multiplicand ); Int ?*?( long int multiplicand, Int multiplicator ); Int ?*?( Int multiplicator, unsigned long int multiplicand ); Int ?*?( unsigned long int multiplicand, Int multiplicator ); Int ?*=?( Int * lhs, Int rhs ); Int ?*=?( Int * lhs, long int rhs ); Int ?*=?( Int * lhs, unsigned long int rhs ); Int ?/?( Int dividend, Int divisor ); Int ?/?( Int dividend, unsigned long int divisor ); Int ?/?( unsigned long int dividend, Int divisor ); Int ?/?( Int dividend, long int divisor ); Int ?/?( long int dividend, Int divisor ); Int ?/=?( Int * lhs, Int rhs ); Int ?/=?( Int * lhs, long int rhs ); Int ?/=?( Int * lhs, unsigned long int rhs ); [ Int, Int ] div( Int dividend, Int divisor ); [ Int, Int ] div( Int dividend, unsigned long int divisor ); Int ?%?( Int dividend, Int divisor ); Int ?%?( Int dividend, unsigned long int divisor ); Int ?%?( unsigned long int dividend, Int divisor ); Int ?%?( Int dividend, long int divisor ); Int ?%?( long int dividend, Int divisor ); Int ?%=?( Int * lhs, Int rhs ); Int ?%=?( Int * lhs, long int rhs ); Int ?%=?( Int * lhs, unsigned long int rhs ); Int ?<>?( Int shiften, mp_bitcnt_t shift ); Int ?>>=?( Int * lhs, mp_bitcnt_t shift ); Int abs( Int oper ); §\C{// number functions}§ Int fact( unsigned long int N ); Int gcd( Int oper1, Int oper2 ); Int pow( Int base, unsigned long int exponent ); Int pow( unsigned long int base, unsigned long int exponent ); void srandom( gmp_randstate_t state ); Int random( gmp_randstate_t state, mp_bitcnt_t n ); Int random( gmp_randstate_t state, Int n ); Int random( gmp_randstate_t state, mp_size_t max_size ); int sgn( Int oper ); Int sqrt( Int oper ); forall( istype & | istream( istype ) ) istype * ?|?( istype * is, Int * mp ); §\C{// I/O}§ forall( ostype & | ostream( ostype ) ) ostype * ?|?( ostype * os, Int mp ); \end{cfa} \VRef[Figure]{f:MultiPrecisionFactorials} shows \CFA and C factorial programs using the GMP interfaces. (Compile with flag \Indexc{-lgmp} to link with the GMP library.) \begin{figure} \begin{cquote} \begin{tabular}{@{}l@{\hspace{\parindentlnth}}|@{\hspace{\parindentlnth}}l@{}} \multicolumn{1}{@{}c|@{\hspace{\parindentlnth}}}{\textbf{\CFA}} & \multicolumn{1}{@{\hspace{\parindentlnth}}c@{}}{\textbf{C}} \\ \hline \begin{cfa} #include §\indexc{gmp}§ int main( void ) { sout | "Factorial Numbers"; ®Int® fact = 1; sout | 0 | fact; for ( i; 40 ) { fact *= i; sout | i | fact; } } \end{cfa} & \begin{cfa} #include §\indexc{gmp.h}§ int main( void ) { ®gmp_printf®( "Factorial Numbers\n" ); ®mpz_t® fact; ®mpz_init_set_ui®( fact, 1 ); ®gmp_printf®( "%d %Zd\n", 0, fact ); for ( unsigned int i = 1; i <= 40; i += 1 ) { ®mpz_mul_ui®( fact, fact, i ); ®gmp_printf®( "%d %Zd\n", i, fact ); } } \end{cfa} \end{tabular} \end{cquote} \begin{cfa} Factorial Numbers 0 1 1 1 2 2 3 6 4 24 5 120 6 720 7 5040 8 40320 9 362880 10 3628800 11 39916800 12 479001600 13 6227020800 14 87178291200 15 1307674368000 16 20922789888000 17 355687428096000 18 6402373705728000 19 121645100408832000 20 2432902008176640000 21 51090942171709440000 22 1124000727777607680000 23 25852016738884976640000 24 620448401733239439360000 25 15511210043330985984000000 26 403291461126605635584000000 27 10888869450418352160768000000 28 304888344611713860501504000000 29 8841761993739701954543616000000 30 265252859812191058636308480000000 31 8222838654177922817725562880000000 32 263130836933693530167218012160000000 33 8683317618811886495518194401280000000 34 295232799039604140847618609643520000000 35 10333147966386144929666651337523200000000 36 371993326789901217467999448150835200000000 37 13763753091226345046315979581580902400000000 38 523022617466601111760007224100074291200000000 39 20397882081197443358640281739902897356800000000 40 815915283247897734345611269596115894272000000000 \end{cfa} \caption{Multi-precision Factorials} \label{f:MultiPrecisionFactorials} \end{figure} \section{Rational Numbers} \label{s:RationalNumbers} Rational numbers are numbers written as a ratio, \ie as a fraction, where the numerator (top number) and the denominator (bottom number) are whole numbers. When creating and computing with rational numbers, results are constantly reduced to keep the numerator and denominator as small as possible. \begin{cfa}[belowskip=0pt] // implementation struct Rational {§\indexc{Rational}§ long int numerator, denominator; §\C{// invariant: denominator > 0}§ }; // Rational Rational rational(); §\C{// constructors}§ Rational rational( long int n ); Rational rational( long int n, long int d ); void ?{}( Rational * r, zero_t ); void ?{}( Rational * r, one_t ); long int numerator( Rational r ); §\C{// numerator/denominator getter/setter}§ long int numerator( Rational r, long int n ); long int denominator( Rational r ); long int denominator( Rational r, long int d ); int ?==?( Rational l, Rational r ); §\C{// comparison}§ int ?!=?( Rational l, Rational r ); int ??( Rational l, Rational r ); int ?>=?( Rational l, Rational r ); Rational -?( Rational r ); §\C{// arithmetic}§ Rational ?+?( Rational l, Rational r ); Rational ?-?( Rational l, Rational r ); Rational ?*?( Rational l, Rational r ); Rational ?/?( Rational l, Rational r ); double widen( Rational r ); §\C{// conversion}§ Rational narrow( double f, long int md ); forall( istype & | istream( istype ) ) istype * ?|?( istype *, Rational * ); // I/O forall( ostype & | ostream( ostype ) ) ostype * ?|?( ostype *, Rational ); \end{cfa} \bibliographystyle{plain} \bibliography{pl} \addcontentsline{toc}{section}{\indexname} % add index name to table of contents \begin{theindex} Italic page numbers give the location of the main entry for the referenced term. Plain page numbers denote uses of the indexed term. Entries for grammar non-terminals are italicized. A typewriter font is used for grammar terminals and program identifiers. \indexspace \input{user.ind} \end{theindex} \end{document} From: Michael Leslie Brooks To: Peter Buhr , Andrew James Beach , Fangren Yu , Jiada Liang Subject: The White House on Memory-Safe programming Date: Mon, 4 Mar 2024 16:49:53 +0000 I heard tell of this announcement last night. Haven't read the actual report yet. Most mainstream article I can find: https://me.pcmag.com/en/security/22413/white-house-to-developers-using-c-or-c-invites-cybersecurity-risks Less fluffy summary: https://www.developer-tech.com/news/2024/feb/27/white-house-urges-adoption-memory-safe-programming-languages/ Horse's Mouth: https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf "This report focuses on the programming language as a primary building block, and explores hardware architecture and formal methods as complementary approaches" A contrary analysis: https://hackaday.com/2024/02/29/the-white-house-memory-safety-appeal-is-a-security-red-herring/ From: Ian Fox Date: Fri, 10 May 2024 22:11:41 +0200 Subject: Article on C and memory safety To: pabuhr@uwaterloo.ca Hi Dr. Buhr! I came across this article the other day which I thought made some excellent points, and it reminded me of your C forall project (especially with regards to the part about being able to opt in incrementally to the safety features while rewriting a codebase) so I figured you might enjoy it if you hadn't seen it already. All the best! Ian % Local Variables: % % tab-width: 4 % % fill-column: 100 % % compile-command: "make" % % End: %