# Changeset 0638c44 for doc

Ignore:
Timestamp:
May 3, 2016, 9:30:55 AM (6 years ago)
Branches:
aaron-thesis, arm-eh, cleanup-dtors, ctor, deferred_resn, demangler, enum, forall-pointer-decay, gc_noraii, jacob/cs343-translation, jenkins-sandbox, master, memory, new-ast, new-ast-unique-expr, new-env, no_list, persistent-indexer, resolv-new, with_gc
Children:
7937abf, a1d6d80
Parents:
e945826
Message:

more formatting changes to documents, update I/O for examples

Location:
doc
Files:
3 edited

### Legend:

Unmodified
 re945826 %% Created On       : Sat Apr  9 10:06:17 2016 %% Last Modified By : Peter A. Buhr %% Last Modified On : Sat Apr 30 13:52:12 2016 %% Update Count     : 41 %% Last Modified On : Tue May  3 07:59:41 2016 %% Update Count     : 44 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% belowskip=2pt, moredelim=**[is][\color{red}]{®}{®}, % red highlighting moredelim=**[is][\color{blue}]{©}{©}, % blue highlighting % moredelim=**[is][\color{blue}]{©}{©}, % blue highlighting moredelim=[is][\lstset{keywords={}}]{¶}{¶}, % temporarily turn off keywords % literate={\\}{\raisebox{0.3ex}{\ttfamily\upshape \hspace*{-2pt}}}1, % escape \, otherwise used for red highlighting }% \lstMakeShortInline©    % single-character for \lstinline \makeatletter
 re945826 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -*- Mode: Latex -*- %%%%%%%%%%%%%%%%%%%%%%%%%%%% %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -*- Mode: Latex -*- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% Cforall Version 1.0.0 Copyright (C) 2016 University of Waterloo %% %% Created On       : Wed Apr  6 14:52:25 2016 %% Last Modified By : Peter A. Buhr %% Last Modified On : Sat Apr 30 13:45:40 2016 %% Update Count     : 29 %% Last Modified On : Tue May  3 09:23:43 2016 %% Update Count     : 52 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % requires tex packages: texlive-base texlive-latex-base tex-common texlive-humanities texlive-latex-extra texlive-fonts-recommended % red highlighting ®...® (registered trademark sumbol) % blue highlighting ©...© (copyright symbol) % latex escape §...§ (section symbol) % keyword escape ¶...¶ (pilcrow symbol) % inline code ©...© (copyright symbol) emacs: C-q M-) % red highlighting ®...® (registered trademark sumbol) emacs: C-q M-. % latex escape §...§ (section symbol) emacs: C-q M-' % keyword escape ¶...¶ (pilcrow symbol) emacs: C-q M-^ % math escape $...$ (dollar symbol) % Latex packages used in the document. \usepackage[T1]{fontenc}                                % allow Latin1 (extended ASCII) characters \usepackage{textcomp} \usepackage[latin1]{inputenc} \usepackage{upquote} \usepackage{fullpage,times} \usepackage{epic,eepic} \usepackage{xspace} \usepackage{varioref} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % Names used in the document. \newcommand{\Version}{1.0.0} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \setcounter{secnumdepth}{3}                             % number subsubsections \setcounter{tocdepth}{3}                                % subsubsections in table of contents \CFA's scope rules differ from C's in one major respect: a declaration of an identifier may overload\index{overloading} outer declarations of lexically identical identifiers in the same \Index{name space}, instead of hiding them. The outer declaration is hidden if the two declarations have \Index{compatible type}, or if one declares an array type and the other declares a pointer type and the element type and pointed-at type are compatible, or if one has function type and the other is a pointer to a compatible function type, or if one declaration is a \lstinline@type@\use{type} or \lstinline@typedef@\use{typedef} declaration and the other is not.  The outer declaration becomes \Index{visible} when the scope of the inner declaration terminates. \begin{rationale} Hence, a \CFA program can declare an \lstinline@int v@ and a \lstinline@float v@ in the same scope; The outer declaration is hidden if the two declarations have \Index{compatible type}, or if one declares an array type and the other declares a pointer type and the element type and pointed-at type are compatible, or if one has function type and the other is a pointer to a compatible function type, or if one declaration is a ©type©\use{type} or ©typedef©\use{typedef} declaration and the other is not. The outer declaration becomes \Index{visible} when the scope of the inner declaration terminates. \begin{rationale} Hence, a \CFA program can declare an ©int v© and a ©float v© in the same scope; a {\CC} program can not. \end{rationale} Identifiers with \Index{no linkage} always denote unique entities. \begin{rationale} A \CFA program can declare an \lstinline@extern int v@ and an \lstinline@extern float v@; A \CFA program can declare an ©extern int v© and an ©extern float v©; a C program cannot. \end{rationale} \end{lstlisting} The type parameters in an instantiation of a generic type must satisfy any constraints in the forall specifier on the type generator declaration, e.g., \lstinline@sumable@. The type parameters in an instantiation of a generic type must satisfy any constraints in the forall specifier on the type generator declaration, e.g., ©sumable©. The instantiation then has the semantics that would result if the type parameters were substituted into the type generator declaration by macro substitution. In \CFA, these conversions play a role in overload resolution, and collectively are called the \define{safe arithmetic conversion}s. Let \lstinline@int$_r$@ and \lstinline@unsigned$_r$@ be the signed and unsigned integer types with integer conversion rank\index{integer conversion rank}\index{rank|see{integer conversion rank}} $r$. Let \lstinline@unsigned$_{mr}$@ be the unsigned integer type with maximal rank. Let ©int$_r$© and ©unsigned$_r$© be the signed and unsigned integer types with integer conversion rank\index{integer conversion rank}\index{rank|see{integer conversion rank}} $r$. Let ©unsigned$_{mr}$© be the unsigned integer type with maximal rank. The following conversions are \emph{direct} safe arithmetic conversions. The \Index{integer promotion}s. \item For every rank $r$ greater than or equal to the rank of \lstinline@int@, conversion from \lstinline@int$_r$@ to \lstinline@unsigned$_r$@. \item For every rank $r$ greater than or equal to the rank of \lstinline@int@, where \lstinline@int$_{r+1}$@ exists and can represent all values of \lstinline@unsigned$_r$@, conversion from \lstinline@unsigned$_r$@ to \lstinline@int$_{r+1}$@. \item Conversion from \lstinline@unsigned$_{mr}$@ to \lstinline@float@. For every rank $r$ greater than or equal to the rank of ©int©, conversion from ©int$_r$© to ©unsigned$_r$©. \item For every rank $r$ greater than or equal to the rank of ©int©, where ©int$_{r+1}$© exists and can represent all values of ©unsigned$_r$©, conversion from ©unsigned$_r$© to ©int$_{r+1}$©. \item Conversion from ©unsigned$_{mr}$© to ©float©. \item Conversion from an enumerated type to its compatible integer type. \item Conversion from \lstinline@float@ to \lstinline@double@, and from \lstinline@double@ to \lstinline@long double@. \item Conversion from \lstinline@float _Complex@ to \lstinline@double _Complex@, and from \lstinline@double _Complex@ to \lstinline@long double _Complex@. Conversion from ©float© to ©double©, and from ©double© to ©long double©. \item Conversion from ©float _Complex© to ©double _Complex©, and from ©double _Complex© to ©long double _Complex©. \begin{sloppypar} \item Conversion from \lstinline@float _Imaginary@ to \lstinline@double _Imaginary@, and from \lstinline@double _Imaginary@ to \lstinline@long double _Imaginary@, if the implementation supports imaginary types. Conversion from ©float _Imaginary© to ©double _Imaginary©, and from ©double _Imaginary© to ©long double _Imaginary©, if the implementation supports imaginary types. \end{sloppypar} \end{itemize} If type \lstinline@T@ can be converted to type \lstinline@U@ by a safe direct arithmetic conversion and type \lstinline@U@ can be converted to type \lstinline@V@ by a safe arithmetic conversion, then the conversion from \lstinline@T@ to type \lstinline@V@ is an \emph{indirect} safe arithmetic conversion. If type ©T© can be converted to type ©U© by a safe direct arithmetic conversion and type ©U© can be converted to type ©V© by a safe arithmetic conversion, then the conversion from ©T© to type ©V© is an \emph{indirect} safe arithmetic conversion. \begin{rationale} move_to( &cp1, &cp2 ); \end{lstlisting} Thanks to implicit conversion, the two arguments that \lstinline@move_by()@ receives are pointers to \lstinline@cp1@'s second member and \lstinline@cp2@'s second member. Thanks to implicit conversion, the two arguments that ©move_by()© receives are pointers to ©cp1©'s second member and ©cp2©'s second member. a direct safe arithmetic conversion; \item from any object type or incomplete type to \lstinline@void@; \item from a pointer to any non-\lstinline@void@ type to a pointer to \lstinline@void@; from any object type or incomplete type to ©void©; \item from a pointer to any non-©void© type to a pointer to ©void©; \item from a pointer to any type to a pointer to a more qualified version of the type\index{qualified type}; Conversions that are not safe conversions are \define{unsafe conversion}s. \begin{rationale} As in C, there is an implicit conversion from \lstinline@void *@ to any pointer type. As in C, there is an implicit conversion from ©void *© to any pointer type. This is clearly dangerous, and {\CC} does not have this implicit conversion. \CFA\index{deficiencies!void * conversion} keeps it, in the interest of remaining as pure a superset of C as possible, but discourages it by making it unsafe. \begin{itemize} \item The cost of an implicit conversion from \lstinline@int@ to \lstinline@long@ is 1. The cost of an implicit conversion from \lstinline@long@ to \lstinline@double@ is 3, because it is defined in terms of conversions from \lstinline@long@ to \lstinline@unsigned long@, then to \lstinline@float@, and then to \lstinline@double@. \item If \lstinline@int@ can represent all the values of \lstinline@unsigned short@, then the cost of an implicit conversion from \lstinline@unsigned short@ to \lstinline@unsigned@ is 2: \lstinline@unsigned short@ to \lstinline@int@ to \lstinline@unsigned@. Otherwise, \lstinline@unsigned short@ is converted directly to \lstinline@unsigned@, and the cost is 1. \item If \lstinline@long@ can represent all the values of \lstinline@unsigned@, then the conversion cost of \lstinline@unsigned@ to \lstinline@long@ is 1. The cost of an implicit conversion from ©int© to ©long© is 1. The cost of an implicit conversion from ©long© to ©double© is 3, because it is defined in terms of conversions from ©long© to ©unsigned long©, then to ©float©, and then to ©double©. \item If ©int© can represent all the values of ©unsigned short©, then the cost of an implicit conversion from ©unsigned short© to ©unsigned© is 2: ©unsigned short© to ©int© to ©unsigned©. Otherwise, ©unsigned short© is converted directly to ©unsigned©, and the cost is 1. \item If ©long© can represent all the values of ©unsigned©, then the conversion cost of ©unsigned© to ©long© is 1. Otherwise, the conversion is an unsafe conversion, and its conversion cost is undefined. \end{itemize} \begin{syntax} \oldlhs{keyword} \rhs \lstinline@forall@ \rhs \lstinline@lvalue@ \rhs \lstinline@trait@ \rhs \lstinline@dtype@ \rhs \lstinline@ftype@ \rhs \lstinline@otype@ \rhs ©forall© \rhs ©lvalue© \rhs ©trait© \rhs ©dtype© \rhs ©ftype© \rhs ©otype© \end{syntax} \CFA allows operator \Index{overloading} by associating operators with special function identifiers. Furthermore, the constants \lstinline@0@'' and \lstinline@1@'' have special status for many of C's data types (and for many programmer-defined data types as well), so \CFA treats them as overloadable identifiers. Furthermore, the constants ©0©'' and ©1©'' have special status for many of C's data types (and for many programmer-defined data types as well), so \CFA treats them as overloadable identifiers. Programmers can use these identifiers to declare functions and objects that implement operators and constants for their own types. \begin{syntax} \oldlhs{identifier} \rhs \lstinline@0@ \rhs \lstinline@1@ \rhs ©0© \rhs ©1© \end{syntax} \index{constant identifiers}\index{identifiers!for constants} The tokens \lstinline@0@''\impl{0} and \lstinline@1@''\impl{1} are identifiers. \index{constant identifiers}\index{identifiers!for constants} The tokens ©0©''\impl{0} and ©1©''\impl{1} are identifiers. No other tokens defined by the rules for integer constants are considered to be identifiers. \begin{rationale} Why \lstinline@0@'' and \lstinline@1@''? Those integers have special status in C. Why ©0©'' and ©1©''? Those integers have special status in C. All scalar types can be incremented and decremented, which is defined in terms of adding or subtracting 1. The operations \lstinline@&&@'', \lstinline@||@'', and \lstinline@!@'' can be applied to any scalar arguments, and are defined in terms of comparison against 0. The operations ©&&©'', ©||©'', and ©!©'' can be applied to any scalar arguments, and are defined in terms of comparison against 0. A \nonterm{constant-expression} that evaluates to 0 is effectively compatible with every pointer type. In C, the integer constants 0 and 1 suffice because the integer promotion rules can convert them to any arithmetic type, and the rules for pointer expressions treat constant expressions evaluating to 0 as a special case. However, user-defined arithmetic types often need the equivalent of a 1 or 0 for their functions or operators, polymorphic functions often need 0 and 1 constants of a type matching their polymorphic parameters, and user-defined pointer-like types may need a null value. Defining special constants for a user-defined type is more efficient than defining a conversion to the type from \lstinline@_Bool@. Why \emph{just} \lstinline@0@'' and \lstinline@1@''? Why not other integers? No other integers have special status in C. A facility that let programmers declare specific constants---\lstinline@const Rational 12@'', for instance---would not be much of an improvement. Defining special constants for a user-defined type is more efficient than defining a conversion to the type from ©_Bool©. Why \emph{just} ©0©'' and ©1©''? Why not other integers? No other integers have special status in C. A facility that let programmers declare specific constants---©const Rational 12©'', for instance---would not be much of an improvement. Some facility for defining the creation of values of programmer-defined types from arbitrary integer tokens would be needed. The complexity of such a feature doesn't seem worth the gain. \begin{tabular}[t]{ll} %identifier & operation \\ \hline \lstinline@?[?]@ & subscripting \impl{?[?]}\\ \lstinline@?()@ & function call \impl{?()}\\ \lstinline@?++@ & postfix increment \impl{?++}\\ \lstinline@?--@ & postfix decrement \impl{?--}\\ \lstinline@++?@ & prefix increment \impl{++?}\\ \lstinline@--?@ & prefix decrement \impl{--?}\\ \lstinline@*?@ & dereference \impl{*?}\\ \lstinline@+?@ & unary plus \impl{+?}\\ \lstinline@-?@ & arithmetic negation \impl{-?}\\ \lstinline@~?@ & bitwise negation \impl{~?}\\ \lstinline@!?@ & logical complement \impl{"!?}\\ \lstinline@?*?@ & multiplication \impl{?*?}\\ \lstinline@?/?@ & division \impl{?/?}\\ ©?[?]© & subscripting \impl{?[?]}\\ ©?()© & function call \impl{?()}\\ ©?++© & postfix increment \impl{?++}\\ ©?--© & postfix decrement \impl{?--}\\ ©++?© & prefix increment \impl{++?}\\ ©--?© & prefix decrement \impl{--?}\\ ©*?© & dereference \impl{*?}\\ ©+?© & unary plus \impl{+?}\\ ©-?© & arithmetic negation \impl{-?}\\ ©~?© & bitwise negation \impl{~?}\\ ©!?© & logical complement \impl{"!?}\\ ©?*?© & multiplication \impl{?*?}\\ ©?/?© & division \impl{?/?}\\ \end{tabular}\hfil \begin{tabular}[t]{ll} %identifier & operation \\ \hline \lstinline@?%?@ & remainder \impl{?%?}\\ \lstinline@?+?@ & addition \impl{?+?}\\ \lstinline@?-?@ & subtraction \impl{?-?}\\ \lstinline@?<>?@ & right shift \impl{?>>?}\\ \lstinline@?=?@ & greater than or equal \impl{?>=?}\\ \lstinline@?>?@ & greater than \impl{?>?}\\ \lstinline@?==?@ & equality \impl{?==?}\\ \lstinline@?!=?@ & inequality \impl{?"!=?}\\ \lstinline@?&?@ & bitwise AND \impl{?&?}\\ ©?%?© & remainder \impl{?%?}\\ ©?+?© & addition \impl{?+?}\\ ©?-?© & subtraction \impl{?-?}\\ ©?<>?© & right shift \impl{?>>?}\\ ©?=?© & greater than or equal \impl{?>=?}\\ ©?>?© & greater than \impl{?>?}\\ ©?==?© & equality \impl{?==?}\\ ©?!=?© & inequality \impl{?"!=?}\\ ©?&?© & bitwise AND \impl{?&?}\\ \end{tabular}\hfil \begin{tabular}[t]{ll} %identifier & operation \\ \hline \lstinline@?^?@ & exclusive OR \impl{?^?}\\ \lstinline@?|?@ & inclusive OR \impl{?"|?}\\ \lstinline@?=?@ & simple assignment \impl{?=?}\\ \lstinline@?*=?@ & multiplication assignment \impl{?*=?}\\ \lstinline@?/=?@ & division assignment \impl{?/=?}\\ \lstinline@?%=?@ & remainder assignment \impl{?%=?}\\ \lstinline@?+=?@ & addition assignment \impl{?+=?}\\ \lstinline@?-=?@ & subtraction assignment \impl{?-=?}\\ \lstinline@?<<=?@ & left-shift assignment \impl{?<<=?}\\ \lstinline@?>>=?@ & right-shift assignment \impl{?>>=?}\\ \lstinline@?&=?@ & bitwise AND assignment \impl{?&=?}\\ \lstinline@?^=?@ & exclusive OR assignment \impl{?^=?}\\ \lstinline@?|=?@ & inclusive OR assignment \impl{?"|=?}\\ ©?^?© & exclusive OR \impl{?^?}\\ ©?|?© & inclusive OR \impl{?"|?}\\ ©?=?© & simple assignment \impl{?=?}\\ ©?*=?© & multiplication assignment \impl{?*=?}\\ ©?/=?© & division assignment \impl{?/=?}\\ ©?%=?© & remainder assignment \impl{?%=?}\\ ©?+=?© & addition assignment \impl{?+=?}\\ ©?-=?© & subtraction assignment \impl{?-=?}\\ ©?<<=?© & left-shift assignment \impl{?<<=?}\\ ©?>>=?© & right-shift assignment \impl{?>>=?}\\ ©?&=?© & bitwise AND assignment \impl{?&=?}\\ ©?^=?© & exclusive OR assignment \impl{?^=?}\\ ©?|=?© & inclusive OR assignment \impl{?"|=?}\\ \end{tabular} \hfil \begin{rationale} The use of \lstinline@?@'' in identifiers means that some C programs are not \CFA programs.  For instance, the sequence of characters \lstinline@(i < 0)?--i:i@'' is legal in a C program, but a \CFA compiler detects a syntax error because it treats \lstinline@?--@'' as an identifier, not as the two tokens \lstinline@?@'' and \lstinline@--@''. The use of ©?©'' in identifiers means that some C programs are not \CFA programs.  For instance, the sequence of characters ©(i < 0)?--i:i©'' is legal in a C program, but a \CFA compiler detects a syntax error because it treats ©?--©'' as an identifier, not as the two tokens ©?©'' and ©--©''. \end{rationale} \begin{itemize} \item The logical operators \lstinline@&&@'' and \lstinline@||@'', and the conditional operator \lstinline@?:@''. The logical operators ©&&©'' and ©||©'', and the conditional operator ©?:©''. These operators do not always evaluate their operands, and hence can not be properly defined by functions unless some mechanism like call-by-name is added to the language. Note that the definitions of \lstinline@&&@'' and \lstinline@||@'' say that they work by checking that their arguments are unequal to 0, so defining \lstinline@!=@'' and \lstinline@0@'' for user-defined types is enough to allow them to be used in logical expressions. Note that the definitions of ©&&©'' and ©||©'' say that they work by checking that their arguments are unequal to 0, so defining ©!=©'' and ©0©'' for user-defined types is enough to allow them to be used in logical expressions. \item \item The address of'' operator. It would seem useful to define a unary \lstinline@&@'' operator that returns values of some programmer-defined pointer-like type. It would seem useful to define a unary ©&©'' operator that returns values of some programmer-defined pointer-like type. The problem lies with the type of the operator. Consider the expression \lstinline@p = &x@'', where \lstinline@x@ is of type \lstinline@T@ and \lstinline@p@ has the programmer-defined type \lstinline@T_ptr@. The expression might be treated as a call to the unary function \lstinline@&?@''. Now what is the type of the function's parameter? It can not be \lstinline@T@, because then \lstinline@x@ would be passed by value, and there is no way to create a useful pointer-like result from a value. Hence the parameter must have type \lstinline@T *@. But then the expression must be rewritten as \lstinline@p = &?( &x )@'' Consider the expression ©p = &x©'', where ©x© is of type ©T© and ©p© has the programmer-defined type ©T_ptr©. The expression might be treated as a call to the unary function ©&?©''. Now what is the type of the function's parameter? It can not be ©T©, because then ©x© would be passed by value, and there is no way to create a useful pointer-like result from a value. Hence the parameter must have type ©T *©. But then the expression must be rewritten as ©p = &?( &x )©'' ---which doesn't seem like progress! The rule for address-of expressions would have to be something like keep applying address-of functions until you get one that takes a pointer argument, then use the built-in operator and stop''. It seems simpler to define a conversion function from \lstinline@T *@ to \lstinline@T_ptr@. \item The \lstinline@sizeof@ operator. It seems simpler to define a conversion function from ©T *© to ©T_ptr©. \item The ©sizeof© operator. It is already defined for every object type, and intimately tied into the language's storage allocation model. Redefining it seems pointless. \item The member of'' operators \lstinline@.@'' and \lstinline@->@''. The member of'' operators ©.©'' and ©->©''. These are not really infix operators, since their right operand'' is not a value or object. The fewest unsafe conversions'' rule ensures that the usual conversions are done, if possible. The lowest total expression cost'' rule chooses the proper common type. The odd-looking highest argument conversion cost'' rule ensures that, when unary expressions must be converted, conversions of function results are preferred to conversion of function arguments: \lstinline@(double)-i@ will be preferred to \lstinline@-(double)i@. The odd-looking highest argument conversion cost'' rule ensures that, when unary expressions must be converted, conversions of function results are preferred to conversion of function arguments: ©(double)-i© will be preferred to ©-(double)i©. The least polymorphic'' rule reduces the number of polymorphic function calls, since such functions are presumably more expensive than monomorphic functions and since the more specific function is presumably more appropriate. It also gives preference to monomorphic values (such as the \lstinline@int@ \lstinline@0@) over polymorphic values (such as the \Index{null pointer} \lstinline@0@\use{0}). It also gives preference to monomorphic values (such as the ©int© ©0©) over polymorphic values (such as the \Index{null pointer} ©0©\use{0}). However, interpretations that call polymorphic functions are preferred to interpretations that perform unsafe conversions, because those conversions potentially lose accuracy or violate strong typing. \begin{rationale} Predefined functions and constants have internal linkage because that simplifies optimization in traditional compile-and-link environments. For instance, \lstinline@an_int + an_int@'' is equivalent to \lstinline@?+?(an_int, an_int)@''. For instance, ©an_int + an_int©'' is equivalent to ©?+?(an_int, an_int)©''. If integer addition has not been redefined in the current scope, a compiler can generate code to perform the addition directly. If predefined functions had external linkage, this optimization would be difficult. \rhs \nonterm{constant} \rhs \nonterm{string-literal} \rhs \lstinline@(@ \nonterm{expression} \lstinline@)@ \rhs ©(© \nonterm{expression} ©)© \rhs \nonterm{generic-selection} \end{syntax} A \nonterm{constant} or \nonterm{string-literal} has one valid interpretation, which has the type and value defined by {\c11}. The predefined integer identifiers \lstinline@1@'' and \lstinline@0@'' have the integer values 1 and 0, respectively. The other two predefined \lstinline@0@'' identifiers are bound to polymorphic pointer values that, when specialized\index{specialization} with a data type or function type respectively, produce a null pointer of that type. The predefined integer identifiers ©1©'' and ©0©'' have the integer values 1 and 0, respectively. The other two predefined ©0©'' identifiers are bound to polymorphic pointer values that, when specialized\index{specialization} with a data type or function type respectively, produce a null pointer of that type. A parenthesised expression has the same interpretations as the contained \nonterm{expression}. \examples The expression \lstinline@(void *)0@\use{0} specializes the (polymorphic) null pointer to a null pointer to \lstinline@void@. \lstinline@(const void *)0@ does the same, and also uses a safe conversion from \lstinline@void *@ to \lstinline@const void *@. In each case, the null pointer conversion is better\index{best valid interpretations} than the unsafe conversion of the integer \lstinline@0@ to a pointer. The expression ©(void *)0©\use{0} specializes the (polymorphic) null pointer to a null pointer to ©void©. ©(const void *)0© does the same, and also uses a safe conversion from ©void *© to ©const void *©. In each case, the null pointer conversion is better\index{best valid interpretations} than the unsafe conversion of the integer ©0© to a pointer. \begin{rationale} \CFA does not have C's concept of null pointer constants'', which are not typed values but special strings of tokens. The C token \lstinline@0@'' is an expression of type \lstinline@int@ with the value zero'', and it \emph{also} is a null pointer constant. Similarly, \lstinline@(void *)0@ is an expression of type \lstinline@(void *)@ whose value is a null pointer, and it also is a null pointer constant. However, in C, \lstinline@(void *)(void *)0@'' is The C token ©0©'' is an expression of type ©int© with the value zero'', and it \emph{also} is a null pointer constant. Similarly, ©(void *)0© is an expression of type ©(void *)© whose value is a null pointer, and it also is a null pointer constant. However, in C, ©(void *)(void *)0©'' is \emph{not} a null pointer constant, even though it is null-valued, a pointer, and constant! The semantics of C expressions contain many special cases to deal with subexpressions that are null pointer constants. \begin{lstlisting} forall( dtype DT ) DT * const 0; \end{lstlisting} means that \lstinline@0@ is a polymorphic object, and contains a value that can have \emph{any} pointer-to-object type or pointer-to-incomplete type. \end{lstlisting} means that ©0© is a polymorphic object, and contains a value that can have \emph{any} pointer-to-object type or pointer-to-incomplete type. The only such value is the null pointer. Therefore the type \emph{alone} is enough to identify a null pointer. \constraints The best interpretation of the controlling expression shall be unambiguous\index{ambiguous interpretation}, and shall have type compatible with at most one of the types named in its generic association list. If a generic selection has no \lstinline@default@ generic association, the best interpretation of its controlling expression shall have type compatible with exactly one of the types named in its generic association list. If a generic selection has no ©default© generic association, the best interpretation of its controlling expression shall have type compatible with exactly one of the types named in its generic association list. \semantics \lhs{postfix-expression} \rhs \nonterm{primary-expression} \rhs \nonterm{postfix-expression} \lstinline@[@ \nonterm{expression} \lstinline@]@ \rhs \nonterm{postfix-expression} \lstinline@(@ \nonterm{argument-expression-list}\opt \lstinline@)@ \rhs \nonterm{postfix-expression} \lstinline@.@ \nonterm{identifier} \rhs \nonterm{postfix-expression} \lstinline@->@ \nonterm{identifier} \rhs \nonterm{postfix-expression} \lstinline@++@ \rhs \nonterm{postfix-expression} \lstinline@--@ \rhs \lstinline@(@ \nonterm{type-name} \lstinline@)@ \lstinline@{@ \nonterm{initializer-list} \lstinline@}@ \rhs \lstinline@(@ \nonterm{type-name} \lstinline@)@ \lstinline@{@ \nonterm{initializer-list} \lstinline@,@ \lstinline@}@ \rhs \nonterm{postfix-expression} ©[© \nonterm{expression} ©]© \rhs \nonterm{postfix-expression} ©(© \nonterm{argument-expression-list}\opt ©)© \rhs \nonterm{postfix-expression} ©.© \nonterm{identifier} \rhs \nonterm{postfix-expression} ©->© \nonterm{identifier} \rhs \nonterm{postfix-expression} ©++© \rhs \nonterm{postfix-expression} ©--© \rhs ©(© \nonterm{type-name} ©)© ©{© \nonterm{initializer-list} ©}© \rhs ©(© \nonterm{type-name} ©)© ©{© \nonterm{initializer-list} ©,© ©}© \lhs{argument-expression-list} \rhs \nonterm{assignment-expression} \rhs \nonterm{argument-expression-list} \lstinline@,@ \rhs \nonterm{argument-expression-list} ©,© \nonterm{assignment-expression} \end{syntax} The interpretations of subscript expressions are the interpretations of the corresponding function call expressions. \begin{rationale} C defines subscripting as pointer arithmetic in a way that makes \lstinline@a[i]@ and \lstinline@i[a]@ equivalent. \CFA provides the equivalence through a rewrite rule to reduce the number of overloadings of \lstinline@?[?]@. C defines subscripting as pointer arithmetic in a way that makes ©a[i]© and ©i[a]© equivalent. \CFA provides the equivalence through a rewrite rule to reduce the number of overloadings of ©?[?]©. Subscript expressions are rewritten as function calls that pass the first parameter by value. This is somewhat unfortunate, since array-like types tend to be large. The alternative is to use the rewrite rule \lstinline@a[b]@ \rewrite \lstinline@?[?](&(a), b)@''. However, C semantics forbid this approach: the \lstinline@a@ in \lstinline@a[b]@'' can be an arbitrary pointer value, which does not have an address. The alternative is to use the rewrite rule ©a[b]© \rewrite ©?[?](&(a), b)©''. However, C semantics forbid this approach: the ©a© in ©a[b]©'' can be an arbitrary pointer value, which does not have an address. The repetitive form of the predefined identifiers shows up a deficiency\index{deficiencies!pointers \nonterm{postfix-expression} in a function call may have some interpretations that are function designators and some that are not. For those interpretations of the \nonterm{postfix-expression} that are not function designators, the expression is rewritten and becomes a call of a function named \lstinline@?()@''. For those interpretations of the \nonterm{postfix-expression} that are not function designators, the expression is rewritten and becomes a call of a function named ©?()©''. The valid interpretations of the rewritten expression are determined in the manner described below. \begin{itemize} \item if the argument corresponds to a parameter in the function designator's prototype, the argument interpretation must have the same type as the corresponding parameter, or be implicitly convertible to the parameter's type \item if the function designator's type does not include a prototype or if the argument corresponds to \lstinline@...@'' in a prototype, a \Index{default argument promotion} is applied to it. \item if the function designator's type does not include a prototype or if the argument corresponds to ©...©'' in a prototype, a \Index{default argument promotion} is applied to it. \end{itemize} The type of the valid interpretation is the return type of the function designator. \begin{itemize} \item If the declaration of the implicit parameter uses \Index{type-class} \lstinline@type@\use{type}, the implicit argument must be an object type; if it uses \lstinline@dtype@, the implicit argument must be an object type or an incomplete type; and if it uses \lstinline@ftype@, the implicit argument must be a function type. If the declaration of the implicit parameter uses \Index{type-class} ©type©\use{type}, the implicit argument must be an object type; if it uses ©dtype©, the implicit argument must be an object type or an incomplete type; and if it uses ©ftype©, the implicit argument must be a function type. \item if an explicit parameter's type uses any implicit parameters, then the corresponding explicit argument must have a type that is (or can be safely converted\index{safe conversion} to) the type produced by substituting the implicit arguments for the implicit parameters in the explicit parameter type. \begin{rationale} One desirable property of a polymorphic programming language is \define{generalizability}: the ability to replace an abstraction with a more general but equivalent abstraction without requiring changes in any of the uses of the original\cite{Cormack90}. For instance, it should be possible to replace a function \lstinline@int f( int );@'' with \lstinline@forall( otype T ) T f( T );@'' without affecting any calls of \lstinline@f@. For instance, it should be possible to replace a function ©int f( int );©'' with ©forall( otype T ) T f( T );©'' without affecting any calls of ©f©. \CFA\index{deficiencies!generalizability} does not fully possess this property, because f = g( d, f );          // (3) (unsafe conversion to float) \end{lstlisting} If \lstinline@g@ was replaced by \lstinline@forall( otype T ) T g( T, T );@'', the first and second calls would be unaffected, but the third would change: \lstinline@f@ would be converted to \lstinline@double@, and the result would be a \lstinline@double@. Another example is the function \lstinline@void h( int *);@''. This function can be passed a \lstinline@void *@ argument, but the generalization \lstinline@forall( otype T ) void h( T *);@'' can not. In this case, \lstinline@void@ is not a valid value for \lstinline@T@ because it is not an object type. If unsafe conversions were allowed, \lstinline@T@ could be inferred to be \emph{any} object type, which is undesirable. If ©g© was replaced by ©forall( otype T ) T g( T, T );©'', the first and second calls would be unaffected, but the third would change: ©f© would be converted to ©double©, and the result would be a ©double©. Another example is the function ©void h( int *);©''. This function can be passed a ©void *© argument, but the generalization ©forall( otype T ) void h( T *);©'' can not. In this case, ©void© is not a valid value for ©T© because it is not an object type. If unsafe conversions were allowed, ©T© could be inferred to be \emph{any} object type, which is undesirable. \end{rationale} \examples A function called \lstinline@?()@'' might be part of a numerical differentiation package. A function called ©?()©'' might be part of a numerical differentiation package. \begin{lstlisting} extern otype Derivative; d = sin_dx( 12.9 ); \end{lstlisting} Here, the only interpretation of \lstinline@sin_dx@ is as an object of type \lstinline@Derivative@. For that interpretation, the function call is treated as \lstinline@?()( sin_dx, 12.9 )@''. Here, the only interpretation of ©sin_dx© is as an object of type ©Derivative©. For that interpretation, the function call is treated as ©?()( sin_dx, 12.9 )©''. \begin{lstlisting} int f( long );          // (1) int i = f( 5 );         // calls (1) \end{lstlisting} Function (1) provides a valid interpretation of \lstinline@f( 5 )@'', using an implicit \lstinline@int@ to \lstinline@long@ conversion. The other functions do not, since the second requires two arguments, and since there is no implicit conversion from \lstinline@int@ to \lstinline@int *@ that could be used with the third function. Function (1) provides a valid interpretation of ©f( 5 )©'', using an implicit ©int© to ©long© conversion. The other functions do not, since the second requires two arguments, and since there is no implicit conversion from ©int© to ©int *© that could be used with the third function. \begin{lstlisting} double d = h( 1.5 ); \end{lstlisting} \lstinline@1.5@'' is a \lstinline@double@ constant, so \lstinline@T@ is inferred to be \lstinline@double@, and the result of the function call is a \lstinline@double@. ©1.5©'' is a ©double© constant, so ©T© is inferred to be ©double©, and the result of the function call is a ©double©. \begin{lstlisting} forall( otype T, otype U ) void g( T, U );      // (4) forall( otype T ) void g( T, T );                       // (5) forall( otype T ) void g( T, long );                    // (6) forall( otype T ) void g( T, long );            // (6) void g( long, long );                                           // (7) double d; int i; int *p; g( d, d );                      // calls (5) g( d, i );                      // calls (6) g( i, i );                      // calls (7) g( i, p );                      // calls (4) \end{lstlisting} The first call has valid interpretations for all four versions of \lstinline@g@. (6) and (7) are discarded because they involve unsafe \lstinline@double@-to-\lstinline@long@ conversions. (5) is chosen because it is less polymorphic than (4). g( d, d );                                                                      // calls (5) g( d, i );                                                                      // calls (6) g( i, i );                                                                      // calls (7) g( i, p );                                                                      // calls (4) \end{lstlisting} The first call has valid interpretations for all four versions of ©g©. (6) and (7) are discarded because they involve unsafe ©double©-to-©long© conversions. (5) is chosen because it is less polymorphic than (4). For the second call, (7) is again discarded. Of the remaining interpretations for (4), (5), and (6) (with \lstinline@i@ converted to \lstinline@long@), (6) is chosen because it is the least polymorphic. Of the remaining interpretations for (4), (5), and (6) (with ©i© converted to ©long©), (6) is chosen because it is the least polymorphic. The third call has valid interpretations for all of the functions; shuffle( 9, 10 ); \end{lstlisting} The only possibility for \lstinline@U@ is \lstinline@double@, because that is the type used in the only visible \lstinline@max@ function. 9 and 10 must be converted to \lstinline@double@, and \lstinline@min@ must be specialized with \lstinline@T@ bound to \lstinline@double@. \begin{lstlisting} extern void q( int );           // (8) extern void q( void * );        // (9) The only possibility for ©U© is ©double©, because that is the type used in the only visible ©max© function. 9 and 10 must be converted to ©double©, and ©min© must be specialized with ©T© bound to ©double©. \begin{lstlisting} extern void q( int );                                           // (8) extern void q( void * );                                        // (9) extern void r(); q( 0 ); r( 0 ); \end{lstlisting} The \lstinline@int 0@ could be passed to (8), or the \lstinline@(void *)@ \Index{specialization} of the null pointer\index{null pointer} \lstinline@0@\use{0} could be passed to (9). The former is chosen because the \lstinline@int@ \lstinline@0@ is \Index{less polymorphic}. For the same reason, \lstinline@int@ \lstinline@0@ is passed to \lstinline@r()@, even though it has \emph{no} declared parameter types. The ©int 0© could be passed to (8), or the ©(void *)© \Index{specialization} of the null pointer\index{null pointer} ©0©\use{0} could be passed to (9). The former is chosen because the ©int© ©0© is \Index{less polymorphic}. For the same reason, ©int© ©0© is passed to ©r()©, even though it has \emph{no} declared parameter types. \subsubsection{Structure and union members} \semantics In the member selection expression \lstinline@s@.\lstinline@m@'', there shall be at least one interpretation of \lstinline@s@ whose type is a structure type or union type containing a member named \lstinline@m@. If two or more interpretations of \lstinline@s@ have members named \lstinline@m@ with mutually compatible types, then the expression has an \Index{ambiguous interpretation} whose type is the composite type of the types of the members. If an interpretation of \lstinline@s@ has a member \lstinline@m@ whose type is not compatible with any other \lstinline@s@'s \lstinline@m@, then the expression has an interpretation with the member's type. \semantics In the member selection expression ©s©.©m©'', there shall be at least one interpretation of ©s© whose type is a structure type or union type containing a member named ©m©. If two or more interpretations of ©s© have members named ©m© with mutually compatible types, then the expression has an \Index{ambiguous interpretation} whose type is the composite type of the types of the members. If an interpretation of ©s© has a member ©m© whose type is not compatible with any other ©s©'s ©m©, then the expression has an interpretation with the member's type. The expression has no other interpretations. The expression \lstinline@p->m@'' has the same interpretations as the expression \lstinline@(*p).m@''. The expression ©p->m©'' has the same interpretations as the expression ©(*p).m©''. * ?--( _Atomic const restrict volatile T * _Atomic restrict volatile * ); \end{lstlisting} For every extended integer type \lstinline@X@ there exist For every extended integer type ©X© there exist % Don't use predefined: keep this out of prelude.cf. \begin{lstlisting} ?--( volatile X * ), ?--( _Atomic volatile X * ); \end{lstlisting} For every complete enumerated type \lstinline@E@ there exist For every complete enumerated type ©E© there exist % Don't use predefined: keep this out of prelude.cf. \begin{lstlisting} \begin{rationale} Note that \lstinline@++@'' and \lstinline@--@'' are rewritten as function calls that are given a pointer to that operand. (This is true of all operators that modify an operand.) As Hamish Macdonald has pointed out, this forces the modified operand of such expressions to be an lvalue. Note that ©++©'' and ©--©'' are rewritten as function calls that are given a pointer to that operand. (This is true of all operators that modify an operand.) As Hamish Macdonald has pointed out, this forces the modified operand of such expressions to be an lvalue. This partially enforces the C semantic rule that such operands must be \emph{modifiable} lvalues. \end{rationale} \begin{rationale} In C, a semantic rule requires that pointer operands of increment and decrement be pointers to object types. Hence, \lstinline@void *@ objects cannot be incremented. In \CFA, the restriction follows from the use of a \lstinline@type@ parameter in the predefined function definitions, as opposed to \lstinline@dtype@, since only object types can be inferred arguments corresponding to the type parameter \lstinline@T@. Hence, ©void *© objects cannot be incremented. In \CFA, the restriction follows from the use of a ©type© parameter in the predefined function definitions, as opposed to ©dtype©, since only object types can be inferred arguments corresponding to the type parameter ©T©. \end{rationale} \end{lstlisting} \begin{sloppypar} Since \lstinline@&(vs)@ has type \lstinline@volatile short int *@, the best valid interpretation of \lstinline@vs++@ calls the \lstinline@?++@ function with the \lstinline@volatile short *@ parameter. \lstinline@s++@ does the same, applying the safe conversion from \lstinline@short int *@ to \lstinline@volatile short int *@. Note that there is no conversion that adds an \lstinline@_Atomic@ qualifier, so the \lstinline@_Atomic volatile short int@ overloading does not provide a valid interpretation. Since ©&(vs)© has type ©volatile short int *©, the best valid interpretation of ©vs++© calls the ©?++© function with the ©volatile short *© parameter. ©s++© does the same, applying the safe conversion from ©short int *© to ©volatile short int *©. Note that there is no conversion that adds an ©_Atomic© qualifier, so the ©_Atomic volatile short int© overloading does not provide a valid interpretation. \end{sloppypar} There is no safe conversion from \lstinline@const short int *@ to \lstinline@volatile short int *@, and no \lstinline@?++@ function that accepts a \lstinline@const *@ parameter, so \lstinline@cs++@ has no valid interpretations. The best valid interpretation of \lstinline@as++@ calls the \lstinline@short ?++@ function with the \lstinline@_Atomic volatile short int *@ parameter, applying a safe conversion to add the \lstinline@volatile@ qualifier. There is no safe conversion from ©const short int *© to ©volatile short int *©, and no ©?++© function that accepts a ©const *© parameter, so ©cs++© has no valid interpretations. The best valid interpretation of ©as++© calls the ©short ?++© function with the ©_Atomic volatile short int *© parameter, applying a safe conversion to add the ©volatile© qualifier. \begin{lstlisting} char * const restrict volatile * restrict volatile pqpc; ppc++; \end{lstlisting} Since \lstinline@&(pqpc)@ has type \lstinline@char * const restrict volatile * restrict volatile *@, the best valid interpretation of \lstinline@pqpc++@ calls the polymorphic \lstinline@?++@ function with the \lstinline@const restrict volatile T * restrict volatile *@ parameter, inferring \lstinline@T@ to be \lstinline@char *@. \lstinline@ppc++@ calls the same function, again inferring \lstinline@T@ to be \lstinline@char *@, and using the safe conversions from \lstinline@T@ to \lstinline@T const@ \lstinline@restrict volatile@. Since ©&(pqpc)© has type ©char * const restrict volatile * restrict volatile *©, the best valid interpretation of ©pqpc++© calls the polymorphic ©?++© function with the ©const restrict volatile T * restrict volatile *© parameter, inferring ©T© to be ©char *©. ©ppc++© calls the same function, again inferring ©T© to be ©char *©, and using the safe conversions from ©T© to ©T const© ©restrict volatile©. \begin{rationale} \begin{enumerate} \item \lstinline@char * p; p++;@''. The argument to \lstinline@?++@ has type \lstinline@char * *@, and the result has type \lstinline@char *@. The expression would be valid if \lstinline@?++@ were declared by ©char * p; p++;©''. The argument to ©?++© has type ©char * *©, and the result has type ©char *©. The expression would be valid if ©?++© were declared by \begin{lstlisting} forall( otype T ) T * ?++( T * * ); \end{lstlisting} with \lstinline@T@ inferred to be \lstinline@char@. \item \lstinline@char *restrict volatile qp; qp++@''. The result again has type \lstinline@char *@, but the argument now has type \lstinline@char *restrict volatile *@, so it cannot be passed to the hypothetical function declared in point 1. \end{lstlisting} with ©T© inferred to be ©char©. \item ©char *restrict volatile qp; qp++©''. The result again has type ©char *©, but the argument now has type ©char *restrict volatile *©, so it cannot be passed to the hypothetical function declared in point 1. Hence the actual predefined function is \begin{lstlisting} forall( otype T ) T * ?++( T * restrict volatile * ); \end{lstlisting} which also accepts a \lstinline@char * *@ argument, because of the safe conversions that add \lstinline@volatile@ and \lstinline@restrict@ qualifiers. (The parameter is not const-qualified, so constant pointers cannot be incremented.) \item \lstinline@char *_Atomic ap; ap++@''. The result again has type \lstinline@char *@, but no safe conversion adds an \lstinline@_Atomic@ qualifier, so the function in point 2 is not applicable. A separate overloading of \lstinline@?++@ is required. \item \lstinline@char const volatile * pq; pq++@''. Here the result has type \lstinline@char const volatile *@, so a new overloading is needed: \end{lstlisting} which also accepts a ©char * *© argument, because of the safe conversions that add ©volatile© and ©restrict© qualifiers. (The parameter is not const-qualified, so constant pointers cannot be incremented.) \item ©char *_Atomic ap; ap++©''. The result again has type ©char *©, but no safe conversion adds an ©_Atomic© qualifier, so the function in point 2 is not applicable. A separate overloading of ©?++© is required. \item ©char const volatile * pq; pq++©''. Here the result has type ©char const volatile *©, so a new overloading is needed: \begin{lstlisting} forall( otype T ) T const volatile * ?++( T const volatile *restrict volatile * ); \item \lstinline@float *restrict * prp; prp++@''. The \lstinline@restrict@ qualifier is handled just like \lstinline@const@ and \lstinline@volatile@ in the previous case: ©float *restrict * prp; prp++©''. The ©restrict© qualifier is handled just like ©const© and ©volatile© in the previous case: \begin{lstlisting} forall( otype T ) T restrict * ?++( T restrict *restrict volatile * ); \end{lstlisting} with \lstinline@T@ inferred to be \lstinline@float *@. This looks odd, because {\c11} contains a constraint that requires restrict-qualified types to be pointer-to-object types, and \lstinline@T@ is not syntactically a pointer type. \CFA loosens the constraint. \end{lstlisting} with ©T© inferred to be ©float *©. This looks odd, because {\c11} contains a constraint that requires restrict-qualified types to be pointer-to-object types, and ©T© is not syntactically a pointer type. \CFA loosens the constraint. \end{enumerate} \end{rationale} \lhs{unary-expression} \rhs \nonterm{postfix-expression} \rhs \lstinline@++@ \nonterm{unary-expression} \rhs \lstinline@--@ \nonterm{unary-expression} \rhs ©++© \nonterm{unary-expression} \rhs ©--© \nonterm{unary-expression} \rhs \nonterm{unary-operator} \nonterm{cast-expression} \rhs \lstinline@sizeof@ \nonterm{unary-expression} \rhs \lstinline@sizeof@ \lstinline@(@ \nonterm{type-name} \lstinline@)@ \lhs{unary-operator} one of \rhs \lstinline@&@ \lstinline@*@ \lstinline@+@ \lstinline@-@ \lstinline@~@ \lstinline@!@ \rhs ©sizeof© \nonterm{unary-expression} \rhs ©sizeof© ©(© \nonterm{type-name} ©)© \lhs{unary-operator} one of \rhs ©&© ©*© ©+© ©-© ©~© ©!© \end{syntax} * --?( _Atomic const restrict volatile T * _Atomic restrict volatile * ); \end{lstlisting} For every extended integer type \lstinline@X@ there exist For every extended integer type ©X© there exist % Don't use predefined: keep this out of prelude.cf. \begin{lstlisting} --?( _Atomic volatile X * ); \end{lstlisting} For every complete enumerated type \lstinline@E@ there exist For every complete enumerated type ©E© there exist % Don't use predefined: keep this out of prelude.cf. \begin{lstlisting} \constraints The operand of the unary \lstinline@&@'' operator shall have exactly one The operand of the unary ©&©'' operator shall have exactly one \Index{interpretation}\index{ambiguous interpretation}, which shall be unambiguous. \semantics The \lstinline@&@'' expression has one interpretation which is of type \lstinline@T *@, where \lstinline@T@ is the type of the operand. The ©&©'' expression has one interpretation which is of type ©T *©, where ©T© is the type of the operand. The interpretations of an indirection expression are the interpretations of the corresponding function call. forall( ftype FT ) int !?( FT * ); \end{lstlisting} For every extended integer type \lstinline@X@ with \Index{integer conversion rank} greater than the rank of \lstinline@int@ there exist For every extended integer type ©X© with \Index{integer conversion rank} greater than the rank of ©int© there exist % Don't use predefined: keep this out of prelude.cf. \begin{lstlisting} eat_double(-li ); // §\rewrite§ eat_double( -?( li ) ); \end{lstlisting} The valid interpretations of \lstinline@-li@'' (assuming no extended integer types exist) are The valid interpretations of ©-li©'' (assuming no extended integer types exist) are \begin{center} \begin{tabular}{llc} interpretation & result type & expression conversion cost \\ \hline \lstinline@-?( (int)li )@                                       & \lstinline@int@                                       & (unsafe) \\ \lstinline@-?( (unsigned)li)@                           & \lstinline@unsigned int@                      & (unsafe) \\ \lstinline@-?( (long)li)@                                       & \lstinline@long@                                      & 0 \\ \lstinline@-?( (long unsigned int)li)@          & \lstinline@long unsigned int@         & 1 \\ \lstinline@-?( (long long int)li)@                      & \lstinline@long long int@                     & 2 \\ \lstinline@-?( (long long unsigned int)li)@     & \lstinline@long long unsigned int@& 3 \\ \lstinline@-?( (float)li)@                                      & \lstinline@float@                                     & 4 \\ \lstinline@-?( (double)li)@                                     & \lstinline@double@                            & 5 \\ \lstinline@-?( (long double)li)@                        & \lstinline@long double@                       & 6 \\ \lstinline@-?( (_Complex float)li)@                     & \lstinline@float@                                     & (unsafe) \\ \lstinline@-?( (_Complex double)li)@            & \lstinline@double@                            & (unsafe) \\ \lstinline@-?( (_Complex long double)li)@       & \lstinline@long double@                       & (unsafe) \\ ©-?( (int)li )©                                         & ©int©                                         & (unsafe) \\ ©-?( (unsigned)li)©                                     & ©unsigned int©                        & (unsafe) \\ ©-?( (long)li)©                                         & ©long©                                        & 0 \\ ©-?( (long unsigned int)li)©            & ©long unsigned int©           & 1 \\ ©-?( (long long int)li)©                        & ©long long int©                       & 2 \\ ©-?( (long long unsigned int)li)©       & ©long long unsigned int©      & 3 \\ ©-?( (float)li)©                                        & ©float©                                       & 4 \\ ©-?( (double)li)©                                       & ©double©                                      & 5 \\ ©-?( (long double)li)©                          & ©long double©                         & 6 \\ ©-?( (_Complex float)li)©                       & ©float©                                       & (unsafe) \\ ©-?( (_Complex double)li)©                      & ©double©                                      & (unsafe) \\ ©-?( (_Complex long double)li)©         & ©long double©                         & (unsafe) \\ \end{tabular} \end{center} The valid interpretations of the \lstinline@eat_double@ call, with the cost of the argument conversion and the cost of the entire expression, are The valid interpretations of the ©eat_double© call, with the cost of the argument conversion and the cost of the entire expression, are \begin{center} \begin{tabular}{lcc} interpretation & argument cost & expression cost \\ \hline \lstinline@eat_double( (double)-?( (int)li) )@                                  & 7                     & (unsafe) \\ \lstinline@eat_double( (double)-?( (unsigned)li) )@                             & 6                     & (unsafe) \\ \lstinline@eat_double( (double)-?(li) )@                                                & 5                     & $$0+5=5$$ \\ \lstinline@eat_double( (double)-?( (long unsigned int)li) )@    & 4                     & $$1+4=5$$ \\ \lstinline@eat_double( (double)-?( (long long int)li) )@                & 3                     & $$2+3=5$$ \\ \lstinline@eat_double( (double)-?( (long long unsigned int)li) )@& 2            & $$3+2=5$$ \\ \lstinline@eat_double( (double)-?( (float)li) )@                                & 1                     & $$4+1=5$$ \\ \lstinline@eat_double( (double)-?( (double)li) )@                               & 0                     & $$5+0=5$$ \\ \lstinline@eat_double( (double)-?( (long double)li) )@                  & (unsafe)      & (unsafe) \\ \lstinline@eat_double( (double)-?( (_Complex float)li) )@               & (unsafe)      & (unsafe) \\ \lstinline@eat_double( (double)-?( (_Complex double)li) )@              & (unsafe)      & (unsafe) \\ \lstinline@eat_double( (double)-?( (_Complex long double)li) )@ & (unsafe)      & (unsafe) \\ ©eat_double( (double)-?( (int)li) )©                                    & 7                     & (unsafe) \\ ©eat_double( (double)-?( (unsigned)li) )©                               & 6                     & (unsafe) \\ ©eat_double( (double)-?(li) )©                                                  & 5                     & $$0+5=5$$ \\ ©eat_double( (double)-?( (long unsigned int)li) )©              & 4                     & $$1+4=5$$ \\ ©eat_double( (double)-?( (long long int)li) )©                  & 3                     & $$2+3=5$$ \\ ©eat_double( (double)-?( (long long unsigned int)li) )© & 2                     & $$3+2=5$$ \\ ©eat_double( (double)-?( (float)li) )©                                  & 1                     & $$4+1=5$$ \\ ©eat_double( (double)-?( (double)li) )©                                 & 0                     & $$5+0=5$$ \\ ©eat_double( (double)-?( (long double)li) )©                    & (unsafe)      & (unsafe) \\ ©eat_double( (double)-?( (_Complex float)li) )©                 & (unsafe)      & (unsafe) \\ ©eat_double( (double)-?( (_Complex double)li) )©                & (unsafe)      & (unsafe) \\ ©eat_double( (double)-?( (_Complex long double)li) )©   & (unsafe)      & (unsafe) \\ \end{tabular} \end{center} Each has result type \lstinline@void@, so the best must be selected. Each has result type ©void©, so the best must be selected. The interpretations involving unsafe conversions are discarded. The remainder have equal expression conversion costs, so the highest argument conversion cost'' rule is invoked, and the chosen interpretation is \lstinline@eat_double( (double)-?(li) )@. The remainder have equal expression conversion costs, so the highest argument conversion cost'' rule is invoked, and the chosen interpretation is ©eat_double( (double)-?(li) )©. \constraints The operand of \lstinline@sizeof@ or \lstinline@_Alignof@ shall not be \lstinline@type@, \lstinline@dtype@, or \lstinline@ftype@. When the \lstinline@sizeof@\use{sizeof} operator is applied to an expression, the expression shall have exactly one \Index{interpretation}\index{ambiguous interpretation}, which shall be unambiguous. \semantics A \lstinline@sizeof@ or \lstinline@_Alignof@ expression has one interpretation, of type \lstinline@size_t@. When \lstinline@sizeof@ is applied to an identifier declared by a \nonterm{type-declaration} or a The operand of ©sizeof© or ©_Alignof© shall not be ©type©, ©dtype©, or ©ftype©. When the ©sizeof©\use{sizeof} operator is applied to an expression, the expression shall have exactly one \Index{interpretation}\index{ambiguous interpretation}, which shall be unambiguous. \semantics A ©sizeof© or ©_Alignof© expression has one interpretation, of type ©size_t©. When ©sizeof© is applied to an identifier declared by a \nonterm{type-declaration} or a \nonterm{type-parameter}, it yields the size in bytes of the type that implements the operand. When the operand is an opaque type or an inferred type parameter\index{inferred parameter}, the expression is not a constant expression. When \lstinline@_Alignof@ is applied to an identifier declared by a \nonterm{type-declaration} or a When ©_Alignof© is applied to an identifier declared by a \nonterm{type-declaration} or a \nonterm{type-parameter}, it yields the alignment requirement of the type that implements the operand. When the operand is an opaque type or an inferred type parameter\index{inferred parameter}, the expression is not a constant expression. } \end{lstlisting} \lstinline@sizeof Rational@'', although not statically known, is fixed. Within \lstinline@f()@, \lstinline@sizeof(T)@'' is fixed for each call of \lstinline@f()@, but may vary from call to call. ©sizeof Rational©'', although not statically known, is fixed. Within ©f()©, ©sizeof(T)©'' is fixed for each call of ©f()©, but may vary from call to call. \end{rationale} \lhs{cast-expression} \rhs \nonterm{unary-expression} \rhs \lstinline@(@ \nonterm{type-name} \lstinline@)@ \nonterm{cast-expression} \rhs ©(© \nonterm{type-name} ©)© \nonterm{cast-expression} \end{syntax} \constraints The \nonterm{type-name} in a \nonterm{cast-expression} shall not be \lstinline@type@, \lstinline@dtype@, or \lstinline@ftype@. The \nonterm{type-name} in a \nonterm{cast-expression} shall not be ©type©, ©dtype©, or ©ftype©. \semantics In a \Index{cast expression} \lstinline@(@\nonterm{type-name}\lstinline@)e@'', if \nonterm{type-name} is the type of an interpretation of \lstinline@e@, then that interpretation is the only interpretation of the cast expression; otherwise, \lstinline@e@ shall have some interpretation that can be converted to \nonterm{type-name}, and the interpretation of the cast expression is the cast of the interpretation that can be converted at the lowest cost. In a \Index{cast expression} ©(©\nonterm{type-name}©)e©'', if \nonterm{type-name} is the type of an interpretation of ©e©, then that interpretation is the only interpretation of the cast expression; otherwise, ©e© shall have some interpretation that can be converted to \nonterm{type-name}, and the interpretation of the cast expression is the cast of the interpretation that can be converted at the lowest cost. The cast expression's interpretation is ambiguous\index{ambiguous interpretation} if more than one interpretation can be converted at the lowest cost or if the selected interpretation is ambiguous. \lhs{multiplicative-expression} \rhs \nonterm{cast-expression} \rhs \nonterm{multiplicative-expression} \lstinline@*@ \nonterm{cast-expression} \rhs \nonterm{multiplicative-expression} \lstinline@/@ \nonterm{cast-expression} \rhs \nonterm{multiplicative-expression} \lstinline@%@ \nonterm{cast-expression} \rhs \nonterm{multiplicative-expression} ©*© \nonterm{cast-expression} \rhs \nonterm{multiplicative-expression} ©/© \nonterm{cast-expression} \rhs \nonterm{multiplicative-expression} ©%© \nonterm{cast-expression} \end{syntax} ?*?( _Complex long double, _Complex long double ), ?/?( _Complex long double, _Complex long double ); \end{lstlisting} For every extended integer type \lstinline@X@ with \Index{integer conversion rank} greater than the rank of \lstinline@int@ there exist For every extended integer type ©X© with \Index{integer conversion rank} greater than the rank of ©int© there exist % Don't use predefined: keep this out of prelude.cf. \begin{lstlisting} eat_double( li % i ); \end{lstlisting} \lstinline@li % i@'' is rewritten as \lstinline@?%?(li, i )@''. The valid interpretations of \lstinline@?%?(li, i )@, the cost\index{conversion cost} of converting their arguments, and the cost of converting the result to \lstinline@double@ (assuming no extended integer types are present ) are ©li % i©'' is rewritten as ©?%?(li, i )©''. The valid interpretations of ©?%?(li, i )©, the cost\index{conversion cost} of converting their arguments, and the cost of converting the result to ©double© (assuming no extended integer types are present ) are \begin{center} \begin{tabular}{lcc} interpretation & argument cost & result cost \\ \hline \lstinline@ ?%?( (int)li, i )@                                                                          & (unsafe)      & 6     \\ \lstinline@ ?%?( (unsigned)li,(unsigned)i )@                                            & (unsafe)      & 5     \\ \lstinline@ ?%?( li, (long)i )@                                                                         & 1                     & 4     \\ \lstinline@ ?%?( (long unsigned)li,(long unsigned)i )@                          & 3                     & 3     \\ \lstinline@ ?%?( (long long)li,(long long)i )@                                          & 5                     & 2     \\ \lstinline@ ?%?( (long long unsigned)li, (long long unsigned)i )@       & 7                     & 1     \\ \hline © ?%?( (int)li, i )©                                                                            & (unsafe)      & 6     \\ © ?%?( (unsigned)li,(unsigned)i )©                                                      & (unsafe)      & 5     \\ © ?%?( li, (long)i )©                                                                           & 1                     & 4     \\ © ?%?( (long unsigned)li,(long unsigned)i )©                            & 3                     & 3     \\ © ?%?( (long long)li,(long long)i )©                                            & 5                     & 2     \\ © ?%?( (long long unsigned)li, (long long unsigned)i )©         & 7                     & 1     \\ \end{tabular} \end{center} The best interpretation of \lstinline@eat_double( li, i )@ is \lstinline@eat_double( (double)?%?(li, (long)i ))@, which has no unsafe conversions and the lowest total cost. \begin{rationale} {\c11} defines most arithmetic operations to apply an \Index{integer promotion} to any argument that belongs to a type that has an \Index{integer conversion rank} less than that of \lstinline@int@.If \lstinline@s@ is a \lstinline@short int@, \lstinline@s *s@'' does not have type \lstinline@short int@; it is treated as \lstinline@( (int)s ) * ( (int)s )@'', and has type \lstinline@int@. \CFA matches that pattern; it does not predefine \lstinline@short ?*?( short, short )@''. The best interpretation of ©eat_double( li, i )© is ©eat_double( (double)?%?(li, (long)i ))©, which has no unsafe conversions and the lowest total cost. \begin{rationale} {\c11} defines most arithmetic operations to apply an \Index{integer promotion} to any argument that belongs to a type that has an \Index{integer conversion rank} less than that of ©int©. If ©s© is a ©short int©, ©s *s©'' does not have type ©short int©; it is treated as ©( (int)s ) * ( (int)s )©'', and has type ©int©. \CFA matches that pattern; it does not predefine ©short ?*?( short, short )©''. These missing'' operators limit polymorphism. square( s ); \end{lstlisting} Since \CFA does not define a multiplication operator for \lstinline@short int@, \lstinline@square( s )@ is treated as \lstinline@square( (int)s )@, and the result has type \lstinline@int@. Since \CFA does not define a multiplication operator for ©short int©, ©square( s )© is treated as ©square( (int)s )©, and the result has type ©int©. This is mildly surprising, but it follows the {\c11} operator pattern. product( sa, 5); \end{lstlisting} This has no valid interpretations, because \CFA has no conversion from array of \lstinline@short int@'' to array of \lstinline@int@''. This has no valid interpretations, because \CFA has no conversion from array of ©short int©'' to array of ©int©''. The alternatives in such situations include \begin{itemize} \item Defining monomorphic overloadings of \lstinline@product@ for \lstinline@short@ and the other small'' types. \item Defining \lstinline@short ?*?( short, short )@'' within the scope containing the call to \lstinline@product@. \item Defining \lstinline@product@ to take as an argument a conversion function from the small'' type to the operator's argument type. Defining monomorphic overloadings of ©product© for ©short© and the other small'' types. \item Defining ©short ?*?( short, short )©'' within the scope containing the call to ©product©. \item Defining ©product© to take as an argument a conversion function from the small'' type to the operator's argument type. \end{itemize} \end{rationale} \lhs{additive-expression} \rhs \nonterm{multiplicative-expression} \rhs \nonterm{additive-expression} \lstinline@+@ \nonterm{multiplicative-expression} \rhs \nonterm{additive-expression} \lstinline@-@ \nonterm{multiplicative-expression} \rhs \nonterm{additive-expression} ©+© \nonterm{multiplicative-expression} \rhs \nonterm{additive-expression} ©-© \nonterm{multiplicative-expression} \end{syntax} * ?-?( _Atomic const restrict volatile T *, _Atomic const restrict volatile T * ); \end{lstlisting} For every extended integer type \lstinline@X@ with \Index{integer conversion rank} greater than the rank of \lstinline@int@ there exist For every extended integer type ©X© with \Index{integer conversion rank} greater than the rank of ©int© there exist % Don't use predefined: keep this out of prelude.cf. \begin{lstlisting} \begin{rationale} \lstinline@ptrdiff_t@ is an implementation-defined identifier defined in \lstinline@@ that is synonymous with a signed integral type that is large enough to hold the difference between two pointers. ©ptrdiff_t© is an implementation-defined identifier defined in ©© that is synonymous with a signed integral type that is large enough to hold the difference between two pointers. It seems reasonable to use it for pointer addition as well. (This is technically a difference between \CFA and C, which only specifies that pointer addition uses an \emph{integral} argument.) Hence it is also used for subscripting, which is defined in terms of pointer addition. The {\c11} standard uses \lstinline@size_t@ in several cases where a library function takes an argument that is used as a subscript, but \lstinline@size_t@ is unsuitable here because it is an unsigned type. The {\c11} standard uses ©size_t© in several cases where a library function takes an argument that is used as a subscript, but ©size_t© is unsuitable here because it is an unsigned type. \end{rationale} \lhs{shift-expression} \rhs \nonterm{additive-expression} \rhs \nonterm{shift-expression} \lstinline@<<@ \nonterm{additive-expression} \rhs \nonterm{shift-expression} \lstinline@>>@ \nonterm{additive-expression} \rhs \nonterm{shift-expression} ©<<© \nonterm{additive-expression} \rhs \nonterm{shift-expression} ©>>© \nonterm{additive-expression} \end{syntax} long long unsigned int ?<>?( long long unsigned int, int); \end{lstlisting} For every extended integer type \lstinline@X@ with \Index{integer conversion rank} greater than the rank of \lstinline@int@ there exist For every extended integer type ©X© with \Index{integer conversion rank} greater than the rank of ©int© there exist % Don't use predefined: keep this out of prelude.cf. \begin{lstlisting} \lhs{relational-expression} \rhs \nonterm{shift-expression} \rhs \nonterm{relational-expression} \lstinline@< @ \nonterm{shift-expression} \rhs \nonterm{relational-expression} \lstinline@> @ \nonterm{shift-expression} \rhs \nonterm{relational-expression} \lstinline@<=@ \nonterm{shift-expression} \rhs \nonterm{relational-expression} \lstinline@>=@ \nonterm{shift-expression} \rhs \nonterm{relational-expression} ©< © \nonterm{shift-expression} \rhs \nonterm{relational-expression} ©> © \nonterm{shift-expression} \rhs \nonterm{relational-expression} ©<=© \nonterm{shift-expression} \rhs \nonterm{relational-expression} ©>=© \nonterm{shift-expression} \end{syntax} ?>=?( _Atomic const restrict volatile DT *, _Atomic const restrict volatile DT * ); \end{lstlisting} For every extended integer type \lstinline@X@ with \Index{integer conversion rank} greater than the rank of \lstinline@int@ there exist For every extended integer type ©X© with \Index{integer conversion rank} greater than the rank of ©int© there exist % Don't use predefined: keep this out of prelude.cf. \begin{lstlisting} \lhs{equality-expression} \rhs \nonterm{relational-expression} \rhs \nonterm{equality-expression} \lstinline@==@ \nonterm{relational-expression} \rhs \nonterm{equality-expression} \lstinline@!=@ \nonterm{relational-expression} \rhs \nonterm{equality-expression} ©==© \nonterm{relational-expression} \rhs \nonterm{equality-expression} ©!=© \nonterm{relational-expression} \end{syntax} ?==?( forall( ftype FT2) FT2*, forall( ftype FT3) FT3 * ), ?!=?( forall( ftype FT2) FT2*, forall( ftype FT3) FT3 * ); \end{lstlisting} For every extended integer type \lstinline@X@ with \Index{integer conversion rank} greater than the rank of \lstinline@int@ there exist For every extended integer type ©X© with \Index{integer conversion rank} greater than the rank of ©int© there exist % Don't use predefined: keep this out of prelude.cf. \begin{lstlisting} \begin{rationale} The polymorphic equality operations come in three styles: comparisons between pointers of compatible types, between pointers to \lstinline@void@ and pointers to object types or incomplete types, and between the \Index{null pointer} constant and pointers to any type. The polymorphic equality operations come in three styles: comparisons between pointers of compatible types, between pointers to ©void© and pointers to object types or incomplete types, and between the \Index{null pointer} constant and pointers to any type. In the last case, a special constraint rule for null pointer constant operands has been replaced by a consequence of the \CFA type system. \end{rationale} \lhs{AND-expression} \rhs \nonterm{equality-expression} \rhs \nonterm{AND-expression} \lstinline@&@ \nonterm{equality-expression} \rhs \nonterm{AND-expression} ©&© \nonterm{equality-expression} \end{syntax} long long unsigned int ?&?( long long unsigned int, long long unsigned int ); \end{lstlisting} For every extended integer type \lstinline@X@ with \Index{integer conversion rank} greater than the rank of \lstinline@int@ there exist For every extended integer type ©X© with \Index{integer conversion rank} greater than the rank of ©int© there exist % Don't use predefined: keep this out of prelude.cf. \begin{lstlisting} \lhs{exclusive-OR-expression} \rhs \nonterm{AND-expression} \rhs \nonterm{exclusive-OR-expression} \lstinline@^@ \nonterm{AND-expression} \rhs \nonterm{exclusive-OR-expression} ©^© \nonterm{AND-expression} \end{syntax} long long unsigned int ?^?( long long unsigned int, long long unsigned int ); \end{lstlisting} For every extended integer type \lstinline@X@ with \Index{integer conversion rank} greater than the rank of \lstinline@int@ there exist For every extended integer type ©X© with \Index{integer conversion rank} greater than the rank of ©int© there exist % Don't use predefined: keep this out of prelude.cf. \begin{lstlisting} \lhs{inclusive-OR-expression} \rhs \nonterm{exclusive-OR-expression} \rhs \nonterm{inclusive-OR-expression} \lstinline@|@ \nonterm{exclusive-OR-expression} \rhs \nonterm{inclusive-OR-expression} ©|© \nonterm{exclusive-OR-expression} \end{syntax} long long unsigned int ?|?( long long unsigned int, long long unsigned int ); \end{lstlisting} For every extended integer type \lstinline@X@ with \Index{integer conversion rank} greater than the rank of \lstinline@int@ there exist For every extended integer type ©X© with \Index{integer conversion rank} greater than the rank of ©int© there exist % Don't use predefined: keep this out of prelude.cf. \begin{lstlisting} \lhs{logical-AND-expression} \rhs \nonterm{inclusive-OR-expression} \rhs \nonterm{logical-AND-expression} \lstinline@&&@ \nonterm{inclusive-OR-expression} \rhs \nonterm{logical-AND-expression} ©&&© \nonterm{inclusive-OR-expression} \end{syntax} \semantics The operands of the expression \lstinline@a && b@'' are treated as \lstinline@(int)((a)!=0)@'' and \lstinline@(int)((b)!=0)@'', which shall both be unambiguous. The expression has only one interpretation, which is of type \lstinline@int@. \begin{rationale} When the operands of a logical expression are values of built-in types, and \lstinline@!=@'' has not been redefined for those types, the compiler can optimize away the function calls. A common C idiom omits comparisons to \lstinline@0@ in the controlling expressions of loops and \lstinline@if@ statements. For instance, the loop below iterates as long as \lstinline@rp@ points at a \lstinline@Rational@ value that is non-zero. \semantics The operands of the expression ©a && b©'' are treated as ©(int)((a)!=0)©'' and ©(int)((b)!=0)©'', which shall both be unambiguous. The expression has only one interpretation, which is of type ©int©. \begin{rationale} When the operands of a logical expression are values of built-in types, and ©!=©'' has not been redefined for those types, the compiler can optimize away the function calls. A common C idiom omits comparisons to ©0© in the controlling expressions of loops and ©if© statements. For instance, the loop below iterates as long as ©rp© points at a ©Rational© value that is non-zero. \begin{lstlisting} while ( rp && *rp ) { ... } \end{lstlisting} The logical expression calls the \lstinline@Rational@ inequality operator, passing it \lstinline@*rp@ and the \lstinline@Rational 0@, and getting a 1 or 0 as a result. In contrast, {\CC} would apply a programmer-defined \lstinline@Rational@-to-\lstinline@int@ conversion to \lstinline@*rp@ in the equivalent situation. The conversion to \lstinline@int@ would produce a general integer value, which is unfortunate, and possibly dangerous if the conversion was not written with this situation in mind. The logical expression calls the ©Rational© inequality operator, passing it ©*rp© and the ©Rational 0©, and getting a 1 or 0 as a result. In contrast, {\CC} would apply a programmer-defined ©Rational©-to-©int© conversion to ©*rp© in the equivalent situation. The conversion to ©int© would produce a general integer value, which is unfortunate, and possibly dangerous if the conversion was not written with this situation in mind. \end{rationale} \lhs{logical-OR-expression} \rhs \nonterm{logical-AND-expression} \rhs \nonterm{logical-OR-expression} \lstinline@||@ \nonterm{logical-AND-expression} \rhs \nonterm{logical-OR-expression} ©||© \nonterm{logical-AND-expression} \end{syntax} \semantics The operands of the expression \lstinline@a || b@'' are treated as \lstinline@(int)((a)!=0)@'' and \lstinline@(int)((b))!=0)@'', which shall both be unambiguous. The expression has only one interpretation, which is of type \lstinline@int@. The operands of the expression ©a || b©'' are treated as ©(int)((a)!=0)©'' and ©(int)((b))!=0)©'', which shall both be unambiguous. The expression has only one interpretation, which is of type ©int©. \lhs{conditional-expression} \rhs \nonterm{logical-OR-expression} \rhs \nonterm{logical-OR-expression} \lstinline@?@ \nonterm{expression} \lstinline@:@ \nonterm{conditional-expression} \rhs \nonterm{logical-OR-expression} ©?© \nonterm{expression} ©:© \nonterm{conditional-expression} \end{syntax} \semantics In the conditional expression\use{?:} \lstinline@a?b:c@'', if the second and third operands both have an interpretation with \lstinline@void@ type, then the expression has an interpretation with type \lstinline@void@, equivalent to In the conditional expression\use{?:} ©a?b:c©'', if the second and third operands both have an interpretation with ©void© type, then the expression has an interpretation with type ©void©, equivalent to \begin{lstlisting} ( int)(( a)!=0) ? ( void)( b) : ( void)( c) \end{lstlisting} If the second and third operands both have interpretations with non-\lstinline@void@ types, the expression is treated as if it were the call \lstinline@cond((a)!=0, b, c)@'', with \lstinline@cond@ declared as If the second and third operands both have interpretations with non-©void© types, the expression is treated as if it were the call ©cond((a)!=0, b, c)©'', with ©cond© declared as \begin{lstlisting} forall( otype T ) T cond( int, T, T ); rand() ? i : l; \end{lstlisting} The best interpretation infers the expression's type to be \lstinline@long@ and applies the safe \lstinline@int@-to-\lstinline@long@ conversion to \lstinline@i@. The best interpretation infers the expression's type to be ©long© and applies the safe ©int©-to-©long© conversion to ©i©. \begin{lstlisting} rand() ? cip : vip; \end{lstlisting} The expression has type \lstinline@const volatile int *@, with safe conversions applied to the second and third operands to add \lstinline@volatile@ and \lstinline@const@ qualifiers, respectively. The expression has type ©const volatile int *©, with safe conversions applied to the second and third operands to add ©volatile© and ©const© qualifiers, respectively. \begin{lstlisting} rand() ? cip : 0; \end{lstlisting} The expression has type \lstinline@const int *@, with a specialization conversion applied to \lstinline@0@. The expression has type ©const int *©, with a specialization conversion applied to ©0©. \nonterm{assignment-expression} \lhs{assignment-operator} one of \rhs \lstinline@=@\ \ \lstinline@*=@\ \ \lstinline@/=@\ \ \lstinline@%=@\ \ \lstinline@+=@\ \ \lstinline@-=@\ \ \lstinline@<<=@\ \ \lstinline@>>=@\ \ \lstinline@&=@\ \ \lstinline@^=@\ \ \lstinline@|=@ \rhs ©=©\ \ ©*=©\ \ ©/=©\ \ ©%=©\ \ ©+=©\ \ ©-=©\ \ ©<<=©\ \ ©>>=©\ \ ©&=©\ \ ©^=©\ \ ©|=© \end{syntax} \semantics Each interpretation of the left operand of an assignment expression is considered separately. For each interpretation that is a bit-field or is declared with the \lstinline@register@ storage class specifier, the expression has one valid interpretation, with the type of the left operand. For each interpretation that is a bit-field or is declared with the ©register© storage class specifier, the expression has one valid interpretation, with the type of the left operand. The right operand is cast to that type, and the assignment expression is ambiguous if either operand is. For the remaining interpretations, the expression is rewritten, and the interpretations of the assignment expression are the interpretations of the corresponding function call. \end{lstlisting} \begin{rationale} The pattern of overloadings for simple assignment resembles that of pointer increment and decrement, except that the polymorphic pointer assignment functions declare a \lstinline@dtype@ parameter, instead of a \lstinline@type@ parameter, because the left operand may be a pointer to an incomplete type. \end{rationale} For every complete structure or union type \lstinline@S@ there exist The pattern of overloadings for simple assignment resembles that of pointer increment and decrement, except that the polymorphic pointer assignment functions declare a ©dtype© parameter, instead of a ©type© parameter, because the left operand may be a pointer to an incomplete type. \end{rationale} For every complete structure or union type ©S© there exist % Don't use predefined: keep this out of prelude.cf. \begin{lstlisting} \end{lstlisting} For every extended integer type \lstinline@X@ there exist For every extended integer type ©X© there exist % Don't use predefined: keep this out of prelude.cf. \begin{lstlisting} \end{lstlisting} For every complete enumerated type \lstinline@E@ there exist For every complete enumerated type ©E© there exist % Don't use predefined: keep this out of prelude.cf. \begin{lstlisting} \end{lstlisting} \begin{rationale} The right-hand argument is \lstinline@int@ because enumeration constants have type \lstinline@int@. The right-hand argument is ©int© because enumeration constants have type ©int©. \end{rationale} \end{lstlisting} For every extended integer type \lstinline@X@ there exist For every extended integer type ©X© there exist % Don't use predefined: keep this out of prelude.cf. \begin{lstlisting} \end{lstlisting} For every complete enumerated type \lstinline@E@ there exist For every complete enumerated type ©E© there exist % Don't use predefined: keep this out of prelude.cf. \begin{lstlisting} \lhs{expression} \rhs \nonterm{assignment-expression} \rhs \nonterm{expression} \lstinline@,@ \nonterm{assignment-expression} \rhs \nonterm{expression} ©,© \nonterm{assignment-expression} \end{syntax} \semantics In the comma expression \lstinline@a, b@'', the first operand is interpreted as \lstinline@( void )(a)@'', which shall be unambiguous\index{ambiguous interpretation}. In the comma expression ©a, b©'', the first operand is interpreted as ©( void )(a)©'', which shall be unambiguous\index{ambiguous interpretation}. The interpretations of the expression are the interpretations of the second operand. { ... } \end{lstlisting} Without the rule, \lstinline@Complex@ would be a type in the first case, and a parameter name in the second. Without the rule, ©Complex© would be a type in the first case, and a parameter name in the second. \end{rationale} \begin{syntax} \lhs{forall-specifier} \rhs \lstinline@forall@ \lstinline@(@ \nonterm{type-parameter-list} \lstinline@)@ \rhs ©forall© ©(© \nonterm{type-parameter-list} ©)© \end{syntax} } mkPair( T, T ); // illegal \end{lstlisting} If an instance of \lstinline@struct Pair@ was declared later in the current scope, what would the members' type be? If an instance of ©struct Pair© was declared later in the current scope, what would the members' type be? \end{rationale} \end{comment} The \nonterm{type-parameter-list}s and assertions of the \nonterm{forall-specifier}s declare type identifiers, function and object identifiers with \Index{no linkage}. If, in the declaration \lstinline@T D@'', \lstinline@T@ contains \nonterm{forall-specifier}s and \lstinline@D@ has the form If, in the declaration ©T D©'', ©T© contains \nonterm{forall-specifier}s and ©D© has the form \begin{lstlisting} D( §\normalsize\nonterm{parameter-type-list}§ ) \end{lstlisting} then a type identifier declared by one of the \nonterm{forall-specifier}s is an \define{inferred parameter} of the function declarator if and only if it is not an inferred parameter of a function declarator in \lstinline@D@, and it is used in the type of a parameter in the following \end{lstlisting} then a type identifier declared by one of the \nonterm{forall-specifier}s is an \define{inferred parameter} of the function declarator if and only if it is not an inferred parameter of a function declarator in ©D©, and it is used in the type of a parameter in the following \nonterm{type-parameter-list} or it and an inferred parameter are used as arguments of a \Index{specification} in one of the \nonterm{forall-specifier}s. forall( otype T ) T * alloc( void );§\use{alloc}§ int *p = alloc(); \end{lstlisting} Here \lstinline@alloc()@ would receive \lstinline@int@ as an inferred argument, and return an \lstinline@int *@. In general, if a call to \lstinline@alloc()@ is a subexpression of an expression involving polymorphic functions and overloaded identifiers, there could be considerable distance between the call and the subexpression that causes \lstinline@T@ to be bound. With the current restriction, \lstinline@alloc()@ must be given an argument that determines \lstinline@T@: Here ©alloc()© would receive ©int© as an inferred argument, and return an ©int *©. In general, if a call to ©alloc()© is a subexpression of an expression involving polymorphic functions and overloaded identifiers, there could be considerable distance between the call and the subexpression that causes ©T© to be bound. With the current restriction, ©alloc()© must be given an argument that determines ©T©: \begin{lstlisting} forall( otype T ) T * alloc( T initial_value );§\use{alloc}§ forall( otype T ) T fT( T ); \end{lstlisting} \lstinline@fi()@ takes an \lstinline@int@ and returns an \lstinline@int@. \lstinline@fT()@ takes a \lstinline@T@ and returns a \lstinline@T@, for any type \lstinline@T@. ©fi()© takes an ©int© and returns an ©int©. ©fT()© takes a ©T© and returns a ©T©, for any type ©T©. \begin{lstlisting} int (*pfi )( int ) = fi; forall( otype T ) T (*pfT )( T ) = fT; \end{lstlisting} \lstinline@pfi@ and \lstinline@pfT@ are pointers to functions. \lstinline@pfT@ is not polymorphic, but the function it points at is. ©pfi© and ©pfT© are pointers to functions. ©pfT© is not polymorphic, but the function it points at is. \begin{lstlisting} int (*fvpfi( void ))( int ) { } \end{lstlisting} \lstinline@fvpfi()@ and \lstinline@fvpfT()@ are functions taking no arguments and returning pointers to functions. \lstinline@fvpfT()@ is monomorphic, but the function that its return value points at is polymorphic. ©fvpfi()© and ©fvpfT()© are functions taking no arguments and returning pointers to functions. ©fvpfT()© is monomorphic, but the function that its return value points at is polymorphic. \begin{lstlisting} forall( otype T ) int ( *fTpfi( T ) )( int ); forall( otype T, otype U ) U ( *fTpfU( T ) )( U ); \end{lstlisting} \lstinline@fTpfi()@ is a polymorphic function that returns a pointer to a monomorphic function taking an integer and returning an integer. It could return \lstinline@pfi@. \lstinline@fTpfT()@ is subtle: it is a polymorphic function returning a \emph{monomorphic} function taking and returning \lstinline@T@, where \lstinline@T@ is an inferred parameter of \lstinline@fTpfT()@. For instance, in the expression \lstinline@fTpfT(17)@'', \lstinline@T@ is inferred to be \lstinline@int@, and the returned value would have type \lstinline@int ( * )( int )@. \lstinline@fTpfT(17)(13)@'' and \lstinline@fTpfT("yes")("no")@'' are legal, but \lstinline@fTpfT(17)("no")@'' is illegal. \lstinline@fTpfU()@ is polymorphic ( in type \lstinline@T@), and returns a pointer to a function that is polymorphic ( in type \lstinline@U@). \lstinline@f5(17)("no")@'' is a legal expression of type \lstinline@char *@. ©fTpfi()© is a polymorphic function that returns a pointer to a monomorphic function taking an integer and returning an integer. It could return ©pfi©. ©fTpfT()© is subtle: it is a polymorphic function returning a \emph{monomorphic} function taking and returning ©T©, where ©T© is an inferred parameter of ©fTpfT()©. For instance, in the expression ©fTpfT(17)©'', ©T© is inferred to be ©int©, and the returned value would have type ©int ( * )( int )©. ©fTpfT(17)(13)©'' and ©fTpfT("yes")("no")©'' are legal, but ©fTpfT(17)("no")©'' is illegal. ©fTpfU()© is polymorphic ( in type ©T©), and returns a pointer to a function that is polymorphic ( in type ©U©). ©f5(17)("no")©'' is a legal expression of type ©char *©. \begin{lstlisting} forall( otype T, otype U, otype V ) U * f( T *, U, V * const ); forall( otype U, otype V, otype W ) U * g( V *, U, W * const ); \end{lstlisting} The functions \lstinline@f()@ and \lstinline@g()@ have compatible types. The functions ©f()© and ©g()© have compatible types. Let $$f$$ and $$g$$ be their types; then $$f_1$$ = \lstinline@T@, $$f_2$$ = \lstinline@U@, $$f_3$$ = \lstinline@V@, $$g_1$$ = \lstinline@V@, $$g_2$$ = \lstinline@U@, and $$g_3$$ = \lstinline@W@. then $$f_1$$ = ©T©, $$f_2$$ = ©U©, $$f_3$$ = ©V©, $$g_1$$ = ©V©, $$g_2$$ = ©U©, and $$g_3$$ = ©W©. Replacing every $$f_i$$ by $$g_i$$ in $$f$$ gives \begin{lstlisting} \end{lstlisting} which has a return type and parameter list that is compatible with $$g$$. \begin{rationale} The word \lstinline@type@'' in a forall specifier is redundant at the moment, but I want to leave room for inferred parameters of ordinary types in case parameterized types get added one day. The word ©type©'' in a forall specifier is redundant at the moment, but I want to leave room for inferred parameters of ordinary types in case parameterized types get added one day. Even without parameterized types, I might try to allow \subsection{Type qualifiers} \CFA defines a new type qualifier \lstinline@lvalue@\impl{lvalue}\index{lvalue}. \CFA defines a new type qualifier ©lvalue©\impl{lvalue}\index{lvalue}. \begin{syntax} \oldlhs{type-qualifier} \rhs \lstinline@lvalue@ \rhs ©lvalue© \end{syntax} \semantics An object's type may be a restrict-qualified type parameter. \lstinline@restrict@ does not establish any special semantics in that case. ©restrict© does not establish any special semantics in that case. \begin{rationale} \end{rationale} \lstinline@lvalue@ may be used to qualify the return type of a function type. Let \lstinline@T@ be an unqualified version of a type; then the result of calling a function with return type \lstinline@lvalue T@ is a \Index{modifiable lvalue} of type \lstinline@T@. \lstinline@const@\use{const} and \lstinline@volatile@\use{volatile} qualifiers may also be added to indicate that the function result is a constant or volatile lvalue. \begin{rationale} The \lstinline@const@ and \lstinline@volatile@ qualifiers can only be sensibly used to qualify the return type of a function if the \lstinline@lvalue@ qualifier is also used. ©lvalue© may be used to qualify the return type of a function type. Let ©T© be an unqualified version of a type; then the result of calling a function with return type ©lvalue T© is a \Index{modifiable lvalue} of type ©T©. ©const©\use{const} and ©volatile©\use{volatile} qualifiers may also be added to indicate that the function result is a constant or volatile lvalue. \begin{rationale} The ©const© and ©volatile© qualifiers can only be sensibly used to qualify the return type of a function if the ©lvalue© qualifier is also used. \end{rationale} \begin{rationale} \lstinline@lvalue@ provides some of the functionality of {\CC}'s \lstinline@T&@'' ( reference to object of type \lstinline@T@) type. ©lvalue© provides some of the functionality of {\CC}'s ©T&©'' ( reference to object of type ©T©) type. Reference types have four uses in {\CC}. \begin{itemize} \item A reference can be used to define an alias for a complicated lvalue expression, as a way of getting some of the functionality of the Pascal \lstinline@with@ statement. A reference can be used to define an alias for a complicated lvalue expression, as a way of getting some of the functionality of the Pascal ©with© statement. The following {\CC} code gives an example. \begin{lstlisting} A reference parameter can be used to allow a function to modify an argument without forcing the caller to pass the address of the argument. This is most useful for user-defined assignment operators. In {\CC}, plain assignment is done by a function called \lstinline@operator=@'', and the two expressions In {\CC}, plain assignment is done by a function called ©operator=©'', and the two expressions \begin{lstlisting} a = b; operator=( a, b ); \end{lstlisting} are equivalent. If \lstinline@a@ and \lstinline@b@ are of type \lstinline@T@, then the first parameter of \lstinline@operator=@ must have type \lstinline@T&@''. It cannot have type \lstinline@T@, because then assignment couldn't alter the variable, and it can't have type \lstinline@T *@'', because the assignment would have to be written \lstinline@&a = b;@''. In the case of user-defined operators, this could just as well be handled by using pointer types and by changing the rewrite rules so that \lstinline@a = b;@'' is equivalent to \lstinline@operator=(&( a), b )@''. Reference parameters of normal'' functions are Bad Things, because they remove a useful property of C function calls: an argument can only be modified by a function if it is preceded by \lstinline@&@''. If ©a© and ©b© are of type ©T©, then the first parameter of ©operator=© must have type ©T&©''. It cannot have type ©T©, because then assignment couldn't alter the variable, and it can't have type ©T *©'', because the assignment would have to be written ©&a = b;©''. In the case of user-defined operators, this could just as well be handled by using pointer types and by changing the rewrite rules so that ©a = b;©'' is equivalent to ©operator=(&( a), b )©''. Reference parameters of normal'' functions are Bad Things, because they remove a useful property of C function calls: an argument can only be modified by a function if it is preceded by ©&©''. \item References to \Index{const-qualified} types can be used instead of value parameters.  Given the {\CC} function call \lstinline@fiddle( a_thing )@'', where the type of \lstinline@a_thing@ is \lstinline@Thing@, the type of \lstinline@fiddle@ could be either of {\CC} function call ©fiddle( a_thing )©'', where the type of ©a_thing© is ©Thing©, the type of ©fiddle© could be either of \begin{lstlisting} void fiddle( Thing ); void fiddle( const Thing & ); \end{lstlisting} If the second form is used, then constructors and destructors are not invoked to create a temporary variable at the call site ( and it is bad style for the caller to make any assumptions about such things), and within \lstinline@fiddle@ the parameter is subject to the usual problems caused by aliases. The reference form might be chosen for efficiency's sake if \lstinline@Thing@s are too large or their constructors or destructors are too expensive. If the second form is used, then constructors and destructors are not invoked to create a temporary variable at the call site ( and it is bad style for the caller to make any assumptions about such things), and within ©fiddle© the parameter is subject to the usual problems caused by aliases. The reference form might be chosen for efficiency's sake if ©Thing©s are too large or their constructors or destructors are too expensive. An implementation may switch between them without causing trouble for well-behaved clients. This leaves the implementor to define too large'' and too expensive''. void fiddle( const volatile Thing ); \end{lstlisting} with call-by-reference. Since it knows all about the size of \lstinline@Thing@s and the parameter passing mechanism, it should be able to come up with a better definition of too large'', and may be able to make a good guess at too expensive''. Since it knows all about the size of ©Thing©s and the parameter passing mechanism, it should be able to come up with a better definition of too large'', and may be able to make a good guess at too expensive''. \end{itemize} \begin{syntax} \lhs{spec-definition} \rhs \lstinline@spec@ \nonterm{identifier} \lstinline@(@ \nonterm{type-parameter-list} \lstinline@)@ \lstinline@{@ \nonterm{spec-declaration-list}\opt \lstinline@}@ \rhs ©spec© \nonterm{identifier} ©(© \nonterm{type-parameter-list} ©)© ©{© \nonterm{spec-declaration-list}\opt ©}© \lhs{spec-declaration-list} \rhs \nonterm{spec-declaration} \lstinline@;@ \rhs \nonterm{spec-declaration-list} \nonterm{spec-declaration} \lstinline@;@ \rhs \nonterm{spec-declaration} ©;© \rhs \nonterm{spec-declaration-list} \nonterm{spec-declaration} ©;© \lhs{spec-declaration} \rhs \nonterm{specifier-qualifier-list} \nonterm{declarator-list} \lhs{declarator-list} \rhs \nonterm{declarator} \rhs \nonterm{declarator-list} \lstinline@,@ \nonterm{declarator} \rhs \nonterm{declarator-list} ©,© \nonterm{declarator} \end{syntax} \begin{rationale} \rhs \nonterm{assertion-list} \nonterm{assertion} \lhs{assertion} \rhs \lstinline@|@ \nonterm{identifier} \lstinline@(@ \nonterm{type-name-list} \lstinline@)@ \rhs \lstinline@|@ \nonterm{spec-declaration} \rhs ©|© \nonterm{identifier} ©(© \nonterm{type-name-list} ©)© \rhs ©|© \nonterm{spec-declaration} \lhs{type-name-list} \rhs \nonterm{type-name} \rhs \nonterm{type-name-list} \lstinline@,@ \nonterm{type-name} \rhs \nonterm{type-name-list} ©,© \nonterm{type-name} \end{syntax} The \nonterm{type-name-list} shall contain one \nonterm{type-name} argument for each \nonterm{type-parameter} in that specification's \nonterm{spec-parameter-list}. If the \nonterm{type-parameter} uses type-class \lstinline@type@\use{type}, the argument shall be the type name of an \Index{object type}; if it uses \lstinline@dtype@, the argument shall be the type name of an object type or an \Index{incomplete type}; and if it uses \lstinline@ftype@, the argument shall be the type name of a \Index{function type}. \nonterm{type-parameter} uses type-class ©type©\use{type}, the argument shall be the type name of an \Index{object type}; if it uses ©dtype©, the argument shall be the type name of an object type or an \Index{incomplete type}; and if it uses ©ftype©, the argument shall be the type name of a \Index{function type}. \semantics trait sum_list( otype List, otype Element | summable( Element ) | list_of( List, Element ) ) {}; \end{lstlisting} \lstinline@sum_list@ contains seven declarations, which describe a list whose elements can be added up. The assertion \lstinline@|sum_list( i_list, int )@''\use{sum_list} produces the assertion parameters ©sum_list© contains seven declarations, which describe a list whose elements can be added up. The assertion ©|sum_list( i_list, int )©''\use{sum_list} produces the assertion parameters \begin{lstlisting} int ?+=?( int *, int ); \lhs{type-parameter-list} \rhs \nonterm{type-parameter} \rhs \nonterm{type-parameter-list} \lstinline@,@ \nonterm{type-parameter} \rhs \nonterm{type-parameter-list} ©,© \nonterm{type-parameter} \lhs{type-parameter} \rhs \nonterm{type-class} \nonterm{identifier} \nonterm{assertion-list}\opt \lhs{type-class} \rhs \lstinline@type@ \rhs \lstinline@dtype@ \rhs \lstinline@ftype@ \rhs ©type© \rhs ©dtype© \rhs ©ftype© \lhs{type-declaration} \rhs \nonterm{storage-class-specifier}\opt \lstinline@type@ \nonterm{type-declarator-list} \verb|;| \rhs \nonterm{storage-class-specifier}\opt ©type© \nonterm{type-declarator-list} \verb|;| \lhs{type-declarator-list} \rhs \nonterm{type-declarator} \rhs \nonterm{type-declarator-list} \lstinline@,@ \nonterm{type-declarator} \rhs \nonterm{type-declarator-list} ©,© \nonterm{type-declarator} \lhs{type-declarator} \rhs \nonterm{identifier} \nonterm{assertion-list}\opt \lstinline@=@ \nonterm{type-name} \rhs \nonterm{identifier} \nonterm{assertion-list}\opt ©=© \nonterm{type-name} \rhs \nonterm{identifier} \nonterm{assertion-list}\opt \end{syntax} An identifier declared by a \nonterm{type-parameter} has \Index{no linkage}. Identifiers declared with type-class \lstinline@type@\use{type} are \Index{object type}s; those declared with type-class \lstinline@dtype@\use{dtype} are \Index{incomplete type}s; and those declared with type-class \lstinline@ftype@\use{ftype} are \Index{function type}s. Identifiers declared with type-class ©type©\use{type} are \Index{object type}s; those declared with type-class ©dtype©\use{dtype} are \Index{incomplete type}s; and those declared with type-class ©ftype©\use{ftype} are \Index{function type}s. The identifier has \Index{block scope} that terminates at the end of the \nonterm{spec-declaration-list} or polymorphic function that contains the \nonterm{type-parameter}. Within the scope of the declaration, \Index{implicit conversion}s can be performed between the defined type and the implementation type, and between pointers to the defined type and pointers to the implementation type. A type declaration without an \Index{initializer} and without a \Index{storage-class specifier} or with storage-class specifier \lstinline@static@\use{static} defines an \Index{incomplete type}. A type declaration without an \Index{initializer} and without a \Index{storage-class specifier} or with storage-class specifier ©static©\use{static} defines an \Index{incomplete type}. If a \Index{translation unit} or \Index{block} contains one or more such declarations for an identifier, it must contain exactly one definition of the identifier ( but not in an enclosed block, which would define a new type known only within that block). \end{rationale} A type declaration without an initializer and with \Index{storage-class specifier} \lstinline@extern@\use{extern} is an \define{opaque type declaration}. A type declaration without an initializer and with \Index{storage-class specifier} ©extern©\use{extern} is an \define{opaque type declaration}. Opaque types are \Index{object type}s. \end{rationale} An \Index{incomplete type} which is not a qualified version\index{qualified type} of a type is a value of \Index{type-class} \lstinline@dtype@. An object type\index{object types} which is not a qualified version of a type is a value of type-classes \lstinline@type@ and \lstinline@dtype@. An \Index{incomplete type} which is not a qualified version\index{qualified type} of a type is a value of \Index{type-class} ©dtype©. An object type\index{object types} which is not a qualified version of a type is a value of type-classes ©type© and ©dtype©. A \Index{function type} is a value of type-class \lstinline@ftype@. \Index{function type} is a value of type-class ©ftype©. \begin{rationale} Syntactically, a type value is a \nonterm{type-name}, which is a declaration for an object which omits the identifier being declared. Type qualifiers are a weak point of C's type system. Consider the standard library function \lstinline@strchr()@ which, given a string and a character, returns a pointer to the first occurrence of the character in the string. Consider the standard library function ©strchr()© which, given a string and a character, returns a pointer to the first occurrence of the character in the string. \begin{lstlisting} char *strchr( const char *s, int c ) {§\impl{strchr}§ } \end{lstlisting} The parameter \lstinline@s@ must be \lstinline@const char *@, because \lstinline@strchr()@ might be used to search a constant string, but the return type must be \lstinline@char *@, because the result might be used to modify a non-constant string. Hence the body must perform a cast, and ( even worse) \lstinline@strchr()@ provides a type-safe way to attempt to modify constant strings. What is needed is some way to say that \lstinline@s@'s type might contain qualifiers, and the result type has exactly the same qualifiers. The parameter ©s© must be ©const char *©, because ©strchr()© might be used to search a constant string, but the return type must be ©char *©, because the result might be used to modify a non-constant string. Hence the body must perform a cast, and ( even worse) ©strchr()© provides a type-safe way to attempt to modify constant strings. What is needed is some way to say that ©s©'s type might contain qualifiers, and the result type has exactly the same qualifiers. Polymorphic functions do not provide a fix for this deficiency\index{deficiencies!pointers to qualified types}, because type qualifiers are not part of type values. Instead, overloading can be used to define \lstinline@strchr()@ for each combination of qualifiers. Instead, overloading can be used to define ©strchr()© for each combination of qualifiers. \end{rationale} }; \end{lstlisting} Without this restriction, \CFA might require module initialization'' code ( since \lstinline@Rational@ has external linkage, it must be created before any other translation unit instantiates it), and would force an ordering on the initialization of the translation unit that defines \lstinline@Huge@ and the translation that declares \lstinline@Rational@. Without this restriction, \CFA might require module initialization'' code ( since ©Rational© has external linkage, it must be created before any other translation unit instantiates it), and would force an ordering on the initialization of the translation unit that defines ©Huge© and the translation that declares ©Rational©. A benefit of the restriction is that it prevents the declaration in separate translation units of types that contain each other, which would be hard to prevent otherwise. \nonterm{struct-declaration}, type declarations can not be structure members. The form of \nonterm{type-declaration} forbids arrays of, pointers to, and functions returning \lstinline@type@. \nonterm{type-declaration} forbids arrays of, pointers to, and functions returning ©type©. Hence the syntax of \nonterm{type-specifier} does not have to be extended to allow type-valued expressions. It also side-steps the problem of type-valued expressions producing different values in different declarations. §\ldots§ int * ip = new( int ); \end{lstlisting} This looks sensible, but \CFA's declaration-before-use rules mean that \lstinline@T@'' in the function body refers to the parameter, but the \lstinline@T@'' in the return type refers to the meaning of \lstinline@T@ in the scope that contains \lstinline@new@; This looks sensible, but \CFA's declaration-before-use rules mean that ©T©'' in the function body refers to the parameter, but the ©T©'' in the return type refers to the meaning of ©T© in the scope that contains ©new©; it could be undefined, or a type name, or a function or variable name. Nothing good can result from such a situation. f2( v2 ); \end{lstlisting} \lstinline@V1@ is passed by value, so \lstinline@f1()@'s assignment to \lstinline@a[0]@ does not modify v1.  \lstinline@V2@ is converted to a pointer, so \lstinline@f2()@ modifies \lstinline@v2[0]@. ©V1© is passed by value, so ©f1()©'s assignment to ©a[0]© does not modify v1.  ©V2© is converted to a pointer, so ©f2()© modifies ©v2[0]©. A translation unit containing the declarations extern type Complex;§\use{Complex}§ // opaque type declaration extern float abs( Complex );§\use{abs}§ \end{lstlisting} can contain declarations of complex numbers, which can be passed to \lstinline@abs@. Some other translation unit must implement \lstinline@Complex@ and \lstinline@abs@. \end{lstlisting} can contain declarations of complex numbers, which can be passed to ©abs©. Some other translation unit must implement ©Complex© and ©abs©. That unit might contain the declarations \begin{lstlisting} } \end{lstlisting} Note that \lstinline@c@ is implicitly converted to a \lstinline@struct@ so that its components can be retrieved. Note that ©c© is implicitly converted to a ©struct© so that its components can be retrieved. \begin{lstlisting} } \end{lstlisting} \lstinline@t1@ must be cast to its implementation type to prevent infinite recursion. ©t1© must be cast to its implementation type to prevent infinite recursion. \begin{rationale} Within the scope of a type definition, an instance of the type can be viewed as having that type or as having the implementation type. In the \lstinline@Time_of_day@ example, the difference is important. In the ©Time_of_day© example, the difference is important. Different languages have treated the distinction between the abstraction and the implementation in different ways. \begin{itemize} \item Inside a Clu cluster \cite{CLU}, the declaration of an instance states which view applies. Two primitives called \lstinline@up@ and \lstinline@down@ can be used to convert between the views. Two primitives called ©up© and ©down© can be used to convert between the views. \item The Simula class \cite{SIMULA87} is essentially a record type. Since the only operations on a record are member selection and assignment, which can not be overloaded, there is never any ambiguity as to whether the abstraction or the implementation view is being used. In {\CC} \cite{C++}, operations on class instances include assignment and \lstinline@&@'', which can be overloaded. \cite{C++}, operations on class instances include assignment and ©&©'', which can be overloaded. A scope resolution'' operator can be used inside the class to specify whether the abstract or implementation version of the operation should be used. \item In this case, explicit conversions between the derived type and the old type can be used. \end{itemize} \CFA's rules are like Clu's, except that implicit conversions and conversion costs allow it to do away with most uses of \lstinline@up@ and \lstinline@down@. \CFA's rules are like Clu's, except that implicit conversions and conversion costs allow it to do away with most uses of ©up© and ©down©. \end{rationale} \subsubsection{Default functions and objects} A declaration\index{type declaration} of a type identifier \lstinline@T@ with type-class \lstinline@type@ implicitly declares a \define{default assignment} function \lstinline@T ?=?( T *, T )@\use{?=?}, with the same \Index{scope} and \Index{linkage} as the identifier \lstinline@T@. A declaration\index{type declaration} of a type identifier ©T© with type-class ©type© implicitly declares a \define{default assignment} function ©T ?=?( T *, T )©\use{?=?}, with the same \Index{scope} and \Index{linkage} as the identifier ©T©. \begin{rationale} Assignment is central to C's imperative programming style, and every existing C object type has assignment defined for it ( except for array types, which are treated as pointer types for purposes of assignment). Without this rule, nearly every inferred type parameter would need an accompanying assignment assertion parameter. If a type parameter should not have an assignment operation, \lstinline@dtype@ should be used. If a type parameter should not have an assignment operation, ©dtype© should be used. If a type should not have assignment defined, the user can define an assignment function that causes a run-time error, or provide an external declaration but no definition and thus cause a link-time error. \end{rationale} A definition\index{type definition} of a type identifier \lstinline@T@ with \Index{implementation type} \lstinline@I@ and type-class \lstinline@type@ implicitly defines a default assignment function. A definition\index{type definition} of a type identifier \lstinline@T@ with implementation type \lstinline@I@ and an assertion list implicitly defines \define{default function}s and A definition\index{type definition} of a type identifier ©T© with \Index{implementation type} ©I© and type-class ©type© implicitly defines a default assignment function. A definition\index{type definition} of a type identifier ©T© with implementation type ©I© and an assertion list implicitly defines \define{default function}s and \define{default object}s as declared by the assertion declarations. The default objects and functions have the same \Index{scope} and \Index{linkage} as the identifier \lstinline@T@. The default objects and functions have the same \Index{scope} and \Index{linkage} as the identifier ©T©. Their values are determined as follows: \begin{itemize} \item If at the definition of \lstinline@T@ there is visible a declaration of an object with the same name as the default object, and if the type of that object with all occurrence of \lstinline@I@ replaced by \lstinline@T@ is compatible with the type of the default object, then the default object is initialized with that object. Otherwise the scope of the declaration of \lstinline@T@ must contain a definition of the default object. If at the definition of ©T© there is visible a declaration of an object with the same name as the default object, and if the type of that object with all occurrence of ©I© replaced by ©T© is compatible with the type of the default object, then the default object is initialized with that object. Otherwise the scope of the declaration of ©T© must contain a definition of the default object. \item If at the definition of \lstinline@T@ there is visible a declaration of a function with the same name as the default function, and if the type of that function with all occurrence of \lstinline@I@ replaced by \lstinline@T@ is compatible with the type of the default function, then the default function calls that function after converting its arguments and returns the converted result. Otherwise, if \lstinline@I@ contains exactly one anonymous member\index{anonymous member} such that at the definition of \lstinline@T@ there is visible a declaration of a function with the same name as the default function, and the type of that function with all occurrences of the anonymous member's type in its parameter list replaced by \lstinline@T@ is compatible with the type of the default function, then the default function calls that function after converting its arguments and returns the result. Otherwise the scope of the declaration of \lstinline@T@ must contain a definition of the default function. If at the definition of ©T© there is visible a declaration of a function with the same name as the default function, and if the type of that function with all occurrence of ©I© replaced by ©T© is compatible with the type of the default function, then the default function calls that function after converting its arguments and returns the converted result. Otherwise, if ©I© contains exactly one anonymous member\index{anonymous member} such that at the definition of ©T© there is visible a declaration of a function with the same name as the default function, and the type of that function with all occurrences of the anonymous member's type in its parameter list replaced by ©T© is compatible with the type of the default function, then the default function calls that function after converting its arguments and returns the result. Otherwise the scope of the declaration of ©T© must contain a definition of the default function. \end{itemize} \begin{rationale} \end{rationale} A function or object with the same type and name as a default function or object that is declared within the scope of the definition of \lstinline@T@ replaces the default function or object. A function or object with the same type and name as a default function or object that is declared within the scope of the definition of ©T© replaces the default function or object. \examples Pair b = { 1, 1 }; \end{lstlisting} The definition of \lstinline@Pair@ implicitly defines two objects \lstinline@a@ and \lstinline@b@. \lstinline@Pair a@ inherits its value from the \lstinline@struct impl a@. The definition of \lstinline@Pair b@ is compulsory because there is no \lstinline@struct impl b@ to construct a value from. The definition of ©Pair© implicitly defines two objects ©a© and ©b©. ©Pair a© inherits its value from the ©struct impl a©. The definition of ©Pair b© is compulsory because there is no ©struct impl b© to construct a value from. \begin{lstlisting} trait ss( otype T ) { Doodad clone( Doodad ) { ... } \end{lstlisting} The definition of \lstinline@Doodad@ implicitly defines three functions: The definition of ©Doodad© implicitly defines three functions: \begin{lstlisting} Doodad ?=?( Doodad *, Doodad ); void munge( Doodad * ); \end{lstlisting} The assignment function inherits \lstinline@struct doodad@'s assignment function because the types match when \lstinline@struct doodad@ is replaced by \lstinline@Doodad@ throughout. \lstinline@munge()@ inherits \lstinline@Whatsit@'s \lstinline@munge()@ because the types match when \lstinline@Whatsit@ is replaced by \lstinline@Doodad@ in the parameter list. \lstinline@clone()@ does \emph{not} inherit \lstinline@Whatsit@'s \lstinline@clone()@: replacement in the parameter list yields \lstinline@Whatsit clone( Doodad )@'', which is not compatible with \lstinline@Doodad@'s \lstinline@clone()@'s type. Hence the definition of \lstinline@Doodad clone( Doodad )@'' is necessary. The assignment function inherits ©struct doodad©'s assignment function because the types match when ©struct doodad©  is replaced by ©Doodad© throughout. ©munge()© inherits ©Whatsit©'s ©munge()© because the types match when ©Whatsit© is replaced by ©Doodad© in the parameter list. ©clone()© does \emph{not} inherit ©Whatsit©'s ©clone()©: replacement in the parameter list yields ©Whatsit clone( Doodad )©'', which is not compatible with ©Doodad©'s ©clone()©'s type. Hence the definition of ©Doodad clone( Doodad )©'' is necessary. Default functions and objects are subject to the normal scope rules. \begin{syntax} \oldlhs{labeled-statement} \rhs \lstinline@case@ \nonterm{case-value-list} : \nonterm{statement} \rhs ©case© \nonterm{case-value-list} : \nonterm{statement} \lhs{case-value-list} \rhs \nonterm{case-value} \rhs \nonterm{case-value-list} \lstinline@,@ \nonterm{case-value} \rhs \nonterm{case-value-list} ©,© \nonterm{case-value} \lhs{case-value} \rhs \nonterm{constant-expression} \rhs \nonterm{subrange} \lhs{subrange} \rhs \nonterm{constant-expression} \lstinline@~@ \nonterm{constant-expression} \rhs \nonterm{constant-expression} ©~© \nonterm{constant-expression} \end{syntax} case 1~4, 9~14, 27~32: \end{lstlisting} The \lstinline@case@ and \lstinline@default@ clauses are restricted within the \lstinline@switch@ and \lstinline@choose@ statements, precluding Duff's device. The ©case© and ©default© clauses are restricted within the ©switch© and ©choose© statements, precluding Duff's device. \subsection{Expression and null statements} The expression in an expression statement is treated as being cast to \lstinline@void@. The expression in an expression statement is treated as being cast to ©void©. \begin{syntax} \oldlhs{selection-statement} \rhs \lstinline@choose@ \lstinline@(@ \nonterm{expression} \lstinline@)@ \nonterm{statement} \rhs ©choose© ©(© \nonterm{expression} ©)© \nonterm{statement} \end{syntax} The controlling expression \lstinline@E@ in the \lstinline@switch@ and \lstinline@choose@ statement: The controlling expression ©E© in the ©switch© and ©choose© statement: \begin{lstlisting} switch ( E ) ... \end{lstlisting} may have more than one interpretation, but it shall have only one interpretation with an integral type. An \Index{integer promotion} is performed on the expression if necessary. The constant expressions in \lstinline@case@ statements with the switch are converted to the promoted type. The constant expressions in ©case© statements with the switch are converted to the promoted type. \subsubsection[The choose statement]{The \lstinline@choose@ statement} The \lstinline@choose@ statement is the same as the \lstinline@switch@ statement except control transfers to the end of the \lstinline@choose@ statement at a \lstinline@case@ or \lstinline@default@ labeled statement. The \lstinline@fallthru@ statement is used to fall through to the next \lstinline@case@ or \lstinline@default@ labeled statement. The ©choose© statement is the same as the ©switch© statement except control transfers to the end of the ©choose© statement at a ©case© or ©default© labeled statement. The ©fallthru© statement is used to fall through to the next ©case© or ©default© labeled statement. The following have identical meaning: \begin{flushleft} \end{tabular} \end{flushleft} The \lstinline@choose@ statement addresses the problem of accidental fall-through associated with the \lstinline@switch@ statement. The ©choose© statement addresses the problem of accidental fall-through associated with the ©switch© statement. \subsection{Iteration statements} The controlling expression \lstinline@E@ in the loops The controlling expression ©E© in the loops \begin{lstlisting} if ( E ) ... while ( E ) ... do ... while ( E ); \end{lstlisting} is treated as \lstinline@( int )((E)!=0)@''. \end{lstlisting} is treated as ©( int )((E)!=0)©''. The statement \begin{syntax} \oldlhs{jump-statement} \rhs \lstinline@continue@ \nonterm{identifier}\opt \rhs \lstinline@break@ \nonterm{identifier}\opt \rhs ©continue© \nonterm{identifier}\opt \rhs ©break© \nonterm{identifier}\opt \rhs \ldots \rhs \lstinline@throw@ \nonterm{assignment-expression}\opt \rhs \lstinline@throwResume@ \nonterm{assignment-expression}\opt \nonterm{at-expression}\opt \lhs{at-expression} \lstinline@_At@ \nonterm{assignment-expression} \rhs ©throw© \nonterm{assignment-expression}\opt \rhs ©throwResume© \nonterm{assignment-expression}\opt \nonterm{at-expression}\opt \lhs{at-expression} ©_At© \nonterm{assignment-expression} \end{syntax} Labeled \lstinline@continue@ and \lstinline@break@ allow useful but restricted control-flow that reduces the need for the \lstinline@goto@ statement for exiting multiple nested control-structures. Labeled ©continue© and ©break© allow useful but restricted control-flow that reduces the need for the ©goto© statement for exiting multiple nested control-structures. \begin{lstlisting} L1: {                                                   // compound \subsubsection[The continue statement]{The \lstinline@continue@ statement} The identifier in a \lstinline@continue@ statement shall name a label located on an enclosing iteration statement. The identifier in a ©continue© statement shall name a label located on an enclosing iteration statement. \subsubsection[The break statement]{The \lstinline@break@ statement} The identifier in a \lstinline@break@ statement shall name a label located on an enclosing compound, selection or iteration statement. The identifier in a ©break© statement shall name a label located on an enclosing compound, selection or iteration statement. \subsubsection[The return statement]{The \lstinline@return@ statement} An expression in a \lstinline@return@ statement is treated as being cast to the result type of the function. An expression in a ©return© statement is treated as being cast to the result type of the function. \begin{syntax} \lhs{exception-statement} \rhs \lstinline@try@ \nonterm{compound-statement} \nonterm{handler-list} \rhs \lstinline@try@ \nonterm{compound-statement} \nonterm{finally-clause} \rhs \lstinline@try@ \nonterm{compound-statement} \nonterm{handler-list} \nonterm{finally-clause} \rhs ©try© \nonterm{compound-statement} \nonterm{handler-list} \rhs ©try© \nonterm{compound-statement} \nonterm{finally-clause} \rhs ©try© \nonterm{compound-statement} \nonterm{handler-list} \nonterm{finally-clause} \lhs{handler-list} \rhs \nonterm{handler-clause} \rhs \lstinline@catch@ \lstinline@(@ \ldots \lstinline@)@ \nonterm{compound-statement} \rhs \nonterm{handler-clause} \lstinline@catch@ \lstinline@(@ \ldots \lstinline@)@ \nonterm{compound-statement} \rhs \lstinline@catchResume@ \lstinline@(@ \ldots \lstinline@)@ \nonterm{compound-statement} \rhs \nonterm{handler-clause} \lstinline@catchResume@ \lstinline@(@ \ldots \lstinline@)@ \nonterm{compound-statement} \rhs ©catch© ©(© \ldots ©)© \nonterm{compound-statement} \rhs \nonterm{handler-clause} ©catch© ©(© \ldots ©)© \nonterm{compound-statement} \rhs ©catchResume© ©(© \ldots ©)© \nonterm{compound-statement} \rhs \nonterm{handler-clause} ©catchResume© ©(© \ldots ©)© \nonterm{compound-statement} \lhs{handler-clause} \rhs \lstinline@catch@ \lstinline@(@ \nonterm{exception-declaration} \lstinline@)@ \nonterm{compound-statement} \rhs \nonterm{handler-clause} \lstinline@catch@ \lstinline@(@ \nonterm{exception-declaration} \lstinline@)@ \nonterm{compound-statement} \rhs \lstinline@catchResume@ \lstinline@(@ \nonterm{exception-declaration} \lstinline@)@ \nonterm{compound-statement} \rhs \nonterm{handler-clause} \lstinline@catchResume@ \lstinline@(@ \nonterm{exception-declaration} \lstinline@)@ \nonterm{compound-statement} \rhs ©catch© ©(© \nonterm{exception-declaration} ©)© \nonterm{compound-statement} \rhs \nonterm{handler-clause} ©catch© ©(© \nonterm{exception-declaration} ©)© \nonterm{compound-statement} \rhs ©catchResume© ©(© \nonterm{exception-declaration} ©)© \nonterm{compound-statement} \rhs \nonterm{handler-clause} ©catchResume© ©(© \nonterm{exception-declaration} ©)© \nonterm{compound-statement} \lhs{finally-clause} \rhs \lstinline@finally@ \nonterm{compound-statement} \rhs ©finally© \nonterm{compound-statement} \lhs{exception-declaration} \rhs \nonterm{type-specifier} \rhs \nonterm{new-abstract-declarator-tuple} \lhs{asynchronous-statement} \rhs \lstinline@enable@ \nonterm{identifier-list} \nonterm{compound-statement} \rhs \lstinline@disable@ \nonterm{identifier-list} \nonterm{compound-statement} \rhs ©enable© \nonterm{identifier-list} \nonterm{compound-statement} \rhs ©disable© \nonterm{identifier-list} \nonterm{compound-statement} \end{syntax} \subsubsection[The try statement]{The \lstinline@try@ statement} The \lstinline@try@ statement is a block with associated handlers, called a \Index{guarded block}; The ©try© statement is a block with associated handlers, called a \Index{guarded block}; all other blocks are \Index{unguarded block}s. A \lstinline@goto@, \lstinline@break@, \lstinline@return@, or \lstinline@continue@ statement can be used to transfer control out of a try block or handler, but not into one. A ©goto©, ©break©, ©return©, or ©continue© statement can be used to transfer control out of a try block or handler, but not into one. \subsubsection[The enable/disable statements]{The \lstinline@enable@/\lstinline@disable@ statements} The \lstinline@enable@/\lstinline@disable@ statements toggle delivery of \Index{asynchronous exception}s. The ©enable©/©disable© statements toggle delivery of \Index{asynchronous exception}s. \subsection{Predefined macro names} The implementation shall define the macro names \lstinline@__LINE__@, \lstinline@__FILE__@, \lstinline@__DATE__@, and \lstinline@__TIME__@, as in the {\c11} standard. It shall not define the macro name \lstinline@__STDC__@. In addition, the implementation shall define the macro name \lstinline@__CFORALL__@ to be the decimal constant 1. The implementation shall define the macro names ©__LINE__©, ©__FILE__©, ©__DATE__©, and ©__TIME__©, as in the {\c11} standard. It shall not define the macro name ©__STDC__©. In addition, the implementation shall define the macro name ©__CFORALL__© to be the decimal constant 1. The pointer, integral, and floating-point types are all \define{scalar types}. All of these types can be logically negated and compared. The assertion \lstinline@scalar( Complex )@'' should be read as type \lstinline@Complex@ is scalar''. The assertion ©scalar( Complex )©'' should be read as type ©Complex© is scalar''. \begin{lstlisting} trait scalar( otype T ) {§\impl{scalar}§ \end{lstlisting} The various flavors of \lstinline@char@ and \lstinline@int@ and the enumerated types make up the The various flavors of ©char© and ©int© and the enumerated types make up the \define{integral types}. \begin{lstlisting} Modifiable arithmetic lvalues are both modifiable scalar lvalues and arithmetic. Note that this results in the inheritance'' of \lstinline@scalar@ along both paths. Note that this results in the inheritance'' of ©scalar© along both paths. \begin{lstlisting} trait m_l_arithmetic( otype T | m_l_scalar( T ) | arithmetic( T ) ) {§\impl{m_l_arithmetic}§ \subsection{Pointer and array types} Array types can barely be said to exist in {\c11}, since in most cases an array name is treated as a constant pointer to the first element of the array, and the subscript expression \lstinline@a[i]@'' is equivalent to the dereferencing expression \lstinline@(*( a+( i )))@''. Technically, pointer arithmetic and pointer comparisons other than \lstinline@==@'' and \lstinline@!=@'' are only defined for pointers to array elements, but the type system does not enforce those restrictions. Array types can barely be said to exist in {\c11}, since in most cases an array name is treated as a constant pointer to the first element of the array, and the subscript expression ©a[i]©'' is equivalent to the dereferencing expression ©(*( a+( i )))©''. Technically, pointer arithmetic and pointer comparisons other than ©==©'' and ©!=©'' are only defined for pointers to array elements, but the type system does not enforce those restrictions. Consequently, there is no need for a separate array type'' specification. Pointer types are scalar types. Like other scalar types, they have \lstinline@+@'' and \lstinline@-@'' operators, but the types do not match the types of the operations in \lstinline@arithmetic@, so these operators cannot be consolidated in \lstinline@scalar@. Like other scalar types, they have ©+©'' and ©-©'' operators, but the types do not match the types of the operations in ©arithmetic©, so these operators cannot be consolidated in ©scalar©. \begin{lstlisting} trait pointer( type P | scalar( P ) ) {§\impl{pointer}§§\use{scalar}§ Specifications that define the dereference operator ( or subscript operator ) require two parameters, one for the pointer type and one for the pointed-at ( or element ) type. Different specifications are needed for each set of \Index{type qualifier}s, because qualifiers are not included in types. The assertion \lstinline@|ptr_to( Safe_pointer, int )@'' should be read as \lstinline@Safe_pointer@ acts like a pointer to \lstinline@int@''. The assertion ©|ptr_to( Safe_pointer, int )©'' should be read as ©Safe_pointer© acts like a pointer to ©int©''. \begin{lstlisting} trait ptr_to( otype P | pointer( P ), otype T ) {§\impl{ptr_to}§§\use{pointer}§ \end{lstlisting} Assignment to pointers is more complicated than is the case with other types, because the target's type can have extra type qualifiers in the pointed-at type: a \lstinline@T *@'' can be assigned to a \lstinline@const T *@'', a \lstinline@volatile T *@'', and a \lstinline@const volatile T *@''. Again, the pointed-at type is passed in, so that assertions can connect these specifications to the \lstinline@ptr_to@'' specifications. Assignment to pointers is more complicated than is the case with other types, because the target's type can have extra type qualifiers in the pointed-at type: a ©T *©'' can be assigned to a ©const T *©'', a ©volatile T *©'', and a ©const volatile T *©''. Again, the pointed-at type is passed in, so that assertions can connect these specifications to the ©ptr_to©'' specifications. \begin{lstlisting} trait m_l_ptr_to( otype P | m_l_pointer( P ),§\use{m_l_pointer}§§\impl{m_l_ptr_to}§ otype T | ptr_to( P, T )§\use{ptr_to}§ { }; \end{lstlisting} The assertion \lstinline@| m_l_ptr_like( Safe_ptr, const int * )@'' should be read as \lstinline@Safe_ptr@ is a pointer type like \lstinline@const int *@''. This specification has two defects, compared to the original four: there is no automatic assertion that dereferencing a \lstinline@MyP@ produces an lvalue of the type that \lstinline@CP@ points at, and the \lstinline@|m_l_pointer( CP )@'' assertion provides only a weak assurance that the argument passed to \lstinline@CP@ really is a pointer type. The assertion ©| m_l_ptr_like( Safe_ptr, const int * )©'' should be read as ©Safe_ptr© is a pointer type like ©const int *©''. This specification has two defects, compared to the original four: there is no automatic assertion that dereferencing a ©MyP© produces an lvalue of the type that ©CP© points at, and the ©|m_l_pointer( CP )©'' assertion provides only a weak assurance that the argument passed to ©CP© really is a pointer type. Different operators often have related meanings; for instance, in C, \lstinline@+@'', \lstinline@+=@'', and the two versions of \lstinline@++@'' perform variations of addition. for instance, in C, ©+©'', ©+=©'', and the two versions of ©++©'' perform variations of addition. Languages like {\CC} and Ada allow programmers to define operators for new types, but do not require that these relationships be preserved, or even that all of the operators be implemented. Completeness and consistency is left to the good taste and discretion of the programmer. The different comparison operators have obvious relationships, but there is no obvious subset of the operations to use in the implementation of the others. However, it is usually convenient to implement a single comparison function that returns a negative integer, 0, or a positive integer if its first argument is respectively less than, equal to, or greater than its second argument; the library function \lstinline@strcmp@ is an example. C and \CFA have an extra, non-obvious comparison operator: \lstinline@!@'', logical negation, returns 1 if its operand compares equal to 0, and 0 otherwise. the library function ©strcmp© is an example. C and \CFA have an extra, non-obvious comparison operator: ©!©'', logical negation, returns 1 if its operand compares equal to 0, and 0 otherwise. \begin{lstlisting} trait comparable( otype T ) { \end{lstlisting} Note that, although an arithmetic type would certainly provide comparison functions, and an integral type would provide arithmetic operations, there does not have to be any relationship among \lstinline@int_base@, \lstinline@arith_base@ and \lstinline@comparable@. Note that, although an arithmetic type would certainly provide comparison functions, and an integral type would provide arithmetic operations, there does not have to be any relationship among ©int_base©, ©arith_base© and ©comparable©. Note also that these declarations provide guidance and assistance, but they do not define an absolutely minimal set of requirements. A truly minimal implementation of an arithmetic type might only provide \lstinline@0@, \lstinline@1@, and \lstinline@?-=?@, which would be used by polymorphic \lstinline@?+=?@, \lstinline@?*=?@, and \lstinline@?/=?@ functions. Note also that \lstinline@short@ is an integer type in C11 terms, but has no operations! A truly minimal implementation of an arithmetic type might only provide ©0©, ©1©, and ©?-=?©, which would be used by polymorphic ©?+=?©, ©?*=?©, and ©?/=?© functions. Note also that ©short© is an integer type in C11 terms, but has no operations! Restrict allowed to qualify anything, or type/dtype parameters, but only affects pointers. This gets into \lstinline@noalias@ territory. Qualifying anything (\lstinline@short restrict rs@'') means pointer parameters of \lstinline@?++@, etc, would need restrict qualifiers. This gets into ©noalias© territory. Qualifying anything (©short restrict rs©'') means pointer parameters of ©?++©, etc, would need restrict qualifiers. Enumerated types. Color, enum Color ) really make sense? ?++ does, but it adds (int)1. Operators on {,signed,unsigned} char and other small types. \lstinline@?
 re945826 %% Created On       : Wed Apr  6 14:53:29 2016 %% Last Modified By : Peter A. Buhr %% Last Modified On : Sat Apr 30 13:54:32 2016 %% Update Count     : 221 %% Last Modified On : Tue May  3 08:05:33 2016 %% Update Count     : 246 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % requires tex packages: texlive-base texlive-latex-base tex-common texlive-humanities texlive-latex-extra texlive-fonts-recommended % red highlighting ®...® (registered trademark sumbol) % blue highlighting ©...© (copyright symbol) % latex escape §...§ (section symbol) % keyword escape ¶...¶ (pilcrow symbol) % inline code ©...© (copyright symbol) emacs: C-q M-) % red highlighting ®...® (registered trademark sumbol) emacs: C-q M-. % latex escape §...§ (section symbol) emacs: C-q M-' % keyword escape ¶...¶ (pilcrow symbol) emacs: C-q M-^ % math escape $...$ (dollar symbol) \CC~\cite{c++,ANSI14:C++} is an example of a similar project; however, it largely extended the language, and did not address existing problems.\footnote{% Two important existing problems addressed were changing the type of character literals from \lstinline@int@ to \lstinline@char@ and enumerator from \lstinline@int@ to the type of its enumerators.} Two important existing problems addressed were changing the type of character literals from ©int© to ©char© and enumerator from ©int© to the type of its enumerators.} Fortran~\cite{Fortran08}, Ada~\cite{Ada12}, and Cobol~\cite{Cobol14} are examples of programming languages that took an evolutionary approach, where modern language features are added and problems fixed within the framework of the existing language. Java~\cite{Java8}, Go~\cite{Go}, Rust~\cite{Rust} and D~\cite{D} are examples of the revolutionary approach for modernizing C/\CC, resulting in a new language rather than an extension of the descendent. However, it is necessary to differentiate between C and \CFA code because of name overloading, as for \CC. For example, the C math-library provides the following routines for computing the absolute value of the basic type: \lstinline@abs@, \lstinline@labs@, \lstinline@llabs@, \lstinline@fabs@, \lstinline@fabsf@, \lstinline@fabsl@, \lstinline@cabsf@, \lstinline@cabs@, and \lstinline@cabsl@. Whereas, \CFA wraps each of these routines into one with the common name \lstinline@abs@. For example, the C math-library provides the following routines for computing the absolute value of the basic type: ©abs©, ©labs©, ©llabs©, ©fabs©, ©fabsf©, ©fabsl©, ©cabsf©, ©cabs©, and ©cabsl©. Whereas, \CFA wraps each of these routines into one with the common name ©abs©. \begin{lstlisting} char abs( char ); long double _Complex abs( long double _Complex ); \end{lstlisting} The problem is the name clash between the library routine \lstinline@abs@ and the \CFA names \lstinline@abs@. Hence, names appearing in an \lstinline@extern "C"@ block have \newterm{C linkage}. The problem is the name clash between the library routine ©abs© and the \CFA names ©abs©. Hence, names appearing in an ©extern "C"© block have \newterm{C linkage}. Then overloading polymorphism uses a mechanism called \newterm{name mangling} to create unique names that are different from C names, which are not mangled. Hence, there is the same need as in \CC, to know if a name is a C or \CFA name, so it can be correctly formed. There is no way around this problem, other than C's approach of creating unique names for each pairing of operation and type. This example strongly illustrates a core idea in \CFA: \emph{the power of a name}. The name \lstinline@abs@'' evokes the notion of absolute value, and many mathematical types provide the notion of absolute value. Hence, knowing the name \lstinline@abs@ should be sufficient to apply it to any type where it is applicable. The name ©abs©'' evokes the notion of absolute value, and many mathematical types provide the notion of absolute value. Hence, knowing the name ©abs© should be sufficient to apply it to any type where it is applicable. The time savings and safety of using one name uniformly versus $N$ unique names should not be underestimated. \section[Compiling CFA Program]{Compiling \CFA Program} The command \lstinline@cfa@ is used to compile \CFA program(s). This command works like the GNU \lstinline@gcc@\index{gcc} command, e.g.: \begin{lstlisting} cfa [ gcc-options ] C/§\CFA§-files [ assembler/loader-files ] \end{lstlisting} \indexc{cfa}\index{compilation!cfa@\lstinline$cfa$} By default, \CFA programs having the following \lstinline@gcc@ flags turned on: The command ©cfa© is used to compile \CFA program(s). This command works like the GNU ©gcc©\index{gcc} command, e.g.: \begin{lstlisting} cfa§\indexc{cfa}\index{compilation!cfa@©cfa©}§ [ gcc-options ] C/§\CFA§-files [ assembler/loader-files ] \end{lstlisting} By default, \CFA programs having the following ©gcc© flags turned on: \begin{description} \item\hspace*{-4pt}\Indexc{-std=gnu99}\index{compilation option!-std=gnu99@{\lstinline$-std=gnu99$}} \item\hspace*{-4pt}\Indexc{-std=gnu99}\index{compilation option!-std=gnu99@{©-std=gnu99©}} The 1999 C standard plus GNU extensions. \item\hspace*{-4pt}\Indexc{-fgnu89-¶inline¶}\index{compilation option!-fgnu89-inline@{\lstinline$-fgnu89-¶inline¶$}} \item\hspace*{-4pt}\Indexc{-fgnu89-¶inline¶}\index{compilation option!-fgnu89-inline@{©-fgnu89-¶inline¶©}} Use the traditional GNU semantics for inline routines in C99 mode. \end{description} The following new \CFA option is available: \begin{description} \item\hspace*{-4pt}\Indexc{-CFA}\index{compilation option!-CFA@{\lstinline$-CFA$}} \item\hspace*{-4pt}\Indexc{-CFA}\index{compilation option!-CFA@{©-CFA©}} Only the C preprocessor and the \CFA translator steps are performed and the transformed program is written to standard output, which makes it possible to examine the code generated by the \CFA translator. \end{description} The following preprocessor variables are available: \begin{description} \item\hspace*{-4pt}\Indexc{__CFA__}\index{preprocessor variables!__CFA__@{\lstinline$__CFA__$}} \item\hspace*{-4pt}\Indexc{__CFA__}\index{preprocessor variables!__CFA__@{©__CFA__©}} is always available during preprocessing and its value is the current major \Index{version number} of \CFA.\footnote{ The C preprocessor allows only integer values in a preprocessor variable so a value like \Version'' is not allowed. Hence, the need to have three variables for the major, minor and patch version number.} \item\hspace*{-4pt}\Indexc{__CFA_MINOR__}\index{preprocessor variables!__CFA_MINOR__@{\lstinline$__CFA_MINOR__$}} \item\hspace*{-4pt}\Indexc{__CFA_MINOR__}\index{preprocessor variables!__CFA_MINOR__@{©__CFA_MINOR__©}} is always available during preprocessing and its value is the current minor \Index{version number} of \CFA. \item\hspace*{-4pt}\Indexc{__CFA_PATCH__}\index{preprocessor variables!__CFA_PATCH__@\lstinline$__CFA_PATCH__$} \item\hspace*{-4pt}\Indexc{__CFA_PATCH__}\index{preprocessor variables!__CFA_PATCH__@©__CFA_PATCH__©} is always available during preprocessing and its value is the current patch \Index{version number} of \CFA. \item\hspace*{-4pt}\Indexc{__CFORALL__}\index{preprocessor variables!__CFORALL__@\lstinline$__CFORALL__$} \item\hspace*{-4pt}\Indexc{__CFORALL__}\index{preprocessor variables!__CFORALL__@©__CFORALL__©} is always available during preprocessing and it has no value. \end{description} #endif \end{lstlisting} which conditionally includes the correct header file, if the program is compiled using \lstinline@gcc@ or \lstinline@cfa@. which conditionally includes the correct header file, if the program is compiled using ©gcc© or ©cfa©. \begin{enumerate} \item A sequence of underscores is disallowed, e.g., \lstinline@12__34@ is invalid. A sequence of underscores is disallowed, e.g., ©12__34© is invalid. \item Underscores may only appear within a sequence of digits (regardless of the digit radix). In other words, an underscore cannot start or end a sequence of digits, e.g., \lstinline@_1@, \lstinline@1_@ and \lstinline@_1_@ are invalid (actually, the 1st and 3rd examples are identifier names). In other words, an underscore cannot start or end a sequence of digits, e.g., ©_1©, ©1_© and ©_1_© are invalid (actually, the 1st and 3rd examples are identifier names). \item A numeric prefix may end with an underscore; a numeric infix may begin and/or end with an underscore; a numeric suffix may begin with an underscore. For example, the octal \lstinline@0@ or hexadecimal \lstinline@0x@ prefix may end with an underscore \lstinline@0_377@ or \lstinline@0x_ff@; the exponent infix \lstinline@E@ may start or end with an underscore \lstinline@1.0_E10@, \lstinline@1.0E_10@ or \lstinline@1.0_E_10@; the type suffixes \lstinline@U@, \lstinline@L@, etc. may start with an underscore \lstinline@1_U@, \lstinline@1_ll@ or \lstinline@1.0E10_f@. For example, the octal ©0© or hexadecimal ©0x© prefix may end with an underscore ©0_377© or ©0x_ff©; the exponent infix ©E© may start or end with an underscore ©1.0_E10©, ©1.0E_10© or ©1.0_E_10©; the type suffixes ©U©, ©L©, etc. may start with an underscore ©1_U©, ©1_ll© or ©1.0E10_f©. \end{enumerate} It is significantly easier to read and enter long constants when they are broken up into smaller groupings (most cultures use comma or period among digits for the same purpose). C and the new \CFA declarations may appear together in the same program block, but cannot be mixed within a specific declaration. In \CFA declarations, the same tokens are used as in C: the character \lstinline@*@ is used to indicate a pointer, square brackets \lstinline@[@\,\lstinline@]@ are used to represent an array, and parentheses \lstinline@()@ are used to indicate a routine parameter. In \CFA declarations, the same tokens are used as in C: the character ©*© is used to indicate a pointer, square brackets ©[©\,©]© are used to represent an array, and parentheses ©()© are used to indicate a routine parameter. However, unlike C, \CFA type declaration tokens are specified from left to right and the entire type specification is distributed across all variables in the declaration list. For instance, variables \lstinline@x@ and \lstinline@y@ of type pointer to integer are defined in \CFA as follows: For instance, variables ©x© and ©y© of type pointer to integer are defined in \CFA as follows: \begin{quote2} \begin{tabular}{@{}l@{\hspace{30pt}}l@{}} \end{quote2} All type qualifiers, i.e., \lstinline@const@ and \lstinline@volatile@, are used in the normal way with the new declarations but appear left to right, e.g.: All type qualifiers, i.e., ©const© and ©volatile©, are used in the normal way with the new declarations but appear left to right, e.g.: \begin{quote2} \begin{tabular}{@{}l@{\hspace{30pt}}l@{\hspace{20pt}}l@{}} \end{tabular} \end{quote2} All declaration qualifiers, i.e., \lstinline@extern@, \lstinline@static@, etc., are used in the normal way with the new declarations but can only appear at the start of a \CFA routine declaration,\footnote{\label{StorageClassSpecifier} All declaration qualifiers, i.e., ©extern©, ©static©, etc., are used in the normal way with the new declarations but can only appear at the start of a \CFA routine declaration,\footnote{\label{StorageClassSpecifier} The placement of a storage-class specifier other than at the beginning of the declaration specifiers in a declaration is an obsolescent feature.~\cite[\S~6.11.5(1)]{C11}} e.g.: \begin{quote2} \end{quote2} Unsupported are K\&R C declarations where the base type defaults to \lstinline@int@, if no type is specified\footnote{ Unsupported are K\&R C declarations where the base type defaults to ©int©, if no type is specified\footnote{ At least one type specifier shall be given in the declaration specifiers in each declaration, and in the specifier-qualifier list in each structure declaration and type name~\cite[\S~6.7.2(2)]{C11}}, e.g.: \section{Type Operators} The new declaration syntax can be used in other contexts where types are required, e.g., casts and the pseudo-routine \lstinline@sizeof@: The new declaration syntax can be used in other contexts where types are required, e.g., casts and the pseudo-routine ©sizeof©: \begin{quote2} \begin{tabular}{@{}l@{\hspace{30pt}}l@{}} } \end{lstlisting} where routine \lstinline@f@ has three output (return values) and three input parameters. where routine ©f© has three output (return values) and three input parameters. Existing C syntax cannot be extended with multiple return types because it is impossible to embed a single routine name within multiple return type specifications. In detail, the brackets, \lstinline@[]@, enclose the result type, where each return value is named and that name is a local variable of the particular return type.\footnote{ In detail, the brackets, ©[]©, enclose the result type, where each return value is named and that name is a local variable of the particular return type.\footnote{ Michael Tiemann, with help from Doug Lea, provided named return values in g++, circa 1989.} The value of each local return variable is automatically returned at routine termination. int (*f(x))[ 5 ] int x; {} \end{lstlisting} The string \lstinline@int (*f(x))[ 5 ]@'' declares a K\&R style routine of type returning a pointer to an array of 5 integers, while the string \lstinline@[ 5 ] int x@'' declares a \CFA style parameter x of type array of 5 integers. Since the strings overlap starting with the open bracket, \lstinline@[@, there is an ambiguous interpretation for the string. The string ©int (*f(x))[ 5 ]©'' declares a K\&R style routine of type returning a pointer to an array of 5 integers, while the string ©[ 5 ] int x©'' declares a \CFA style parameter x of type array of 5 integers. Since the strings overlap starting with the open bracket, ©[©, there is an ambiguous interpretation for the string. As well, \CFA-style declarations cannot be used to declare parameters for C-style routine-definitions because of the following ambiguity: \begin{lstlisting} int f( int (* foo) );           // foo is redefined as a parameter name \end{lstlisting} The string \lstinline@int (* foo)@'' declares a C-style named-parameter of type pointer to an integer (the parenthesis are superfluous), while the same string declares a \CFA style unnamed parameter of type routine returning integer with unnamed parameter of type pointer to foo. The redefinition of a type name in a parameter list is the only context in C where the character \lstinline@*@ can appear to the left of a type name, and \CFA relies on all type modifier characters appearing to the right of the type name. The string ©int (* foo)©'' declares a C-style named-parameter of type pointer to an integer (the parenthesis are superfluous), while the same string declares a \CFA style unnamed parameter of type routine returning integer with unnamed parameter of type pointer to foo. The redefinition of a type name in a parameter list is the only context in C where the character ©*© can appear to the left of a type name, and \CFA relies on all type modifier characters appearing to the right of the type name. The inability to use \CFA declarations in these two contexts is probably a blessing because it precludes programmers from arbitrarily switching between declarations forms within a declaration contexts. \subsection{Returning Values} Named return values handle the case where it is necessary to define a local variable whose value is then returned in a \lstinline@return@ statement, as in: Named return values handle the case where it is necessary to define a local variable whose value is then returned in a ©return© statement, as in: \begin{lstlisting} int f() { } \end{lstlisting} Because the value in the return variable is automatically returned when a \CFA routine terminates, the \lstinline@return@ statement \emph{does not} contain an expression, as in: Because the value in the return variable is automatically returned when a \CFA routine terminates, the ©return© statement \emph{does not} contain an expression, as in: \begin{lstlisting} ®[ int x ]® f() { } \end{lstlisting} When the return is encountered, the current value of \lstinline@x@ is returned to the calling routine. As well, falling off the end'' of a routine without a \lstinline@return@ statement is permitted, as in: When the return is encountered, the current value of ©x© is returned to the calling routine. As well, falling off the end'' of a routine without a ©return© statement is permitted, as in: \begin{lstlisting} [ int x ] f() { } // implicitly return x \end{lstlisting} In this case, the current value of \lstinline@x@ is returned to the calling routine just as if a \lstinline@return@ had been encountered. In this case, the current value of ©x© is returned to the calling routine just as if a ©return© had been encountered. \end{tabular} \end{quote2} In the left example in C, types \lstinline@C@, \lstinline@U@ and \lstinline@T@ are implicitly hoisted outside of type \lstinline@S@ into the containing block scope. In the right example in \CFA, the types are not hoisted and accessed using the field-selection operator \lstinline@.@'' for type qualification, as does Java, rather than the \CC type-selection operator \lstinline@::@''. In the left example in C, types ©C©, ©U© and ©T© are implicitly hoisted outside of type ©S© into the containing block scope. In the right example in \CFA, the types are not hoisted and accessed using the field-selection operator ©.©'' for type qualification, as does Java, rather than the \CC type-selection operator ©::©''. Nested routines are not first-class, meaning a nested routine cannot be returned if it has references to variables in its enclosing blocks; the only exception is references to the external block of the translation unit, as these variables persist for the duration of the program. The following program in undefined in \CFA (and \lstinline@gcc@\index{gcc}) The following program in undefined in \CFA (and ©gcc©\index{gcc}) \begin{lstlisting} [* [int]( int )] foo() {                // int (*foo())( int ) [ §\emph{exprlist}§ ] \end{lstlisting} where \lstinline@$\emph{exprlist}$@ is a list of one or more expressions separated by commas. The brackets, \lstinline$[]$, allow differentiating between tuples and expressions containing the C comma operator. where ©$\emph{exprlist}$© is a list of one or more expressions separated by commas. The brackets, ©[]©, allow differentiating between tuples and expressions containing the C comma operator. The following are examples of tuples: \begin{lstlisting} [ v+w, x*y, 3.14159, f() ] \end{lstlisting} Tuples are permitted to contain sub-tuples (i.e., nesting), such as \lstinline@[ [ 14, 21 ], 9 ]@, which is a 2-element tuple whose first element is itself a tuple. Tuples are permitted to contain sub-tuples (i.e., nesting), such as ©[ [ 14, 21 ], 9 ]©, which is a 2-element tuple whose first element is itself a tuple. Note, a tuple is not a record (structure); a record denotes a single value with substructure, whereas a tuple is multiple values with no substructure (see flattening coercion in Section 12.1). [ §\emph{typelist}§ ] \end{lstlisting} where \lstinline@$\emph{typelist}$@ is a list of one or more legal \CFA or C type specifications separated by commas, which may include other tuple type specifications. where ©$\emph{typelist}$© is a list of one or more legal \CFA or C type specifications separated by commas, which may include other tuple type specifications. Examples of tuple types include: \begin{lstlisting} [ * [ 5 ] int, * * char, * [ [ int, int ] ] (int, int) ] \end{lstlisting} Like tuples, tuple types may be nested, such as \lstinline@[ [ int, int ], int ]@, which is a 2-element tuple type whose first element is itself a tuple type. Like tuples, tuple types may be nested, such as ©[ [ int, int ], int ]©, which is a 2-element tuple type whose first element is itself a tuple type. Examples of declarations using tuple types are: tuple does not have structure like a record; a tuple is simply converted into a list of components. \begin{rationale} The present implementation of \CFA does not support nested routine calls when the inner routine returns multiple values; i.e., a statement such as \lstinline@g( f() )@ is not supported. The present implementation of \CFA does not support nested routine calls when the inner routine returns multiple values; i.e., a statement such as ©g( f() )© is not supported. Using a temporary variable to store the  results of the inner routine and then passing this variable to the outer routine works, however. \end{rationale} \begin{rationale} Unfortunately, C's syntax for subscripts precluded treating them as tuples. The C subscript list has the form \lstinline@[i][j]...@ and not \lstinline@i, j, ...]@. Therefore, there is no syntactic way for a routine returning multiple values to specify the different subscript values, e.g., \lstinline@f[g()]@ always means a single subscript value because there is only one set of brackets. Fixing this requires a major change to C because the syntactic form \lstinline@M[i, j, k]@ already has a particular meaning: \lstinline@i, j, k@ is a comma expression. The C subscript list has the form ©[i][j]...© and not ©[i, j, ...]©. Therefore, there is no syntactic way for a routine returning multiple values to specify the different subscript values, e.g., ©f[g()]© always means a single subscript value because there is only one set of brackets. Fixing this requires a major change to C because the syntactic form ©M[i, j, k]© already has a particular meaning: ©i, j, k© is a comma expression. \end{rationale} [ a, b, c, d ] = w \end{lstlisting} \lstinline@w@ is implicitly opened to yield a tuple of four values, which are then assigned individually. ©w© is implicitly opened to yield a tuple of four values, which are then assigned individually. A \newterm{flattening coercion} coerces a nested tuple, i.e., a tuple with one or more components, which are themselves tuples, into a flattened tuple, which is a tuple whose components are not tuples, as in: First the right-hand tuple is flattened and then the values are assigned individually. Flattening is also performed on tuple types. For example, the type \lstinline@[ int, [ int, int ], int ]@ can be coerced, using flattening, into the type \lstinline@[ int, int, int, int ]@. For example, the type ©[ int, [ int, int ], int ]© can be coerced, using flattening, into the type ©[ int, int, int, int ]©. A \newterm{structuring coercion} is the opposite of flattening; a tuple is structured into a more complex nested tuple. For example, structuring the tuple \lstinline@[ 1, 2, 3, 4 ]@ into the tuple \lstinline@[ 1, [ 2, 3 ], 4 ]@ or the tuple type \lstinline@[ int, int, int, int ]@ into the tuple type \lstinline@[ int, [ int, int ], int ]@. For example, structuring the tuple ©[ 1, 2, 3, 4 ]© into the tuple ©[ 1, [ 2, 3 ], 4 ]© or the tuple type ©[ int, int, int, int ]© into the tuple type ©[ int, [ int, int ], int ]©. In the following example, the last assignment illustrates all the tuple coercions: \begin{lstlisting} \end{lstlisting} Starting on the right-hand tuple in the last assignment statement, w is opened, producing a tuple of four values; therefore, the right-hand tuple is now the tuple \lstinline@[ [ 1, 2, 3, 4 ], 5 ]@. This tuple is then flattened, yielding \lstinline@[ 1, 2, 3, 4, 5 ]@, which is structured into \lstinline@[ 1, [ 2, 3, 4, 5 ] ]@ to match the tuple type of the left-hand side. The tuple \lstinline@[ 2, 3, 4, 5 ]@ is then closed to create a tuple value. Finally, \lstinline@x@ is assigned \lstinline@1@ and \lstinline@w@ is assigned the tuple value using multiple assignment (see Section 14). therefore, the right-hand tuple is now the tuple ©[ [ 1, 2, 3, 4 ], 5 ]©. This tuple is then flattened, yielding ©[ 1, 2, 3, 4, 5 ]©, which is structured into ©[ 1, [ 2, 3, 4, 5 ] ]© to match the tuple type of the left-hand side. The tuple ©[ 2, 3, 4, 5 ]© is then closed to create a tuple value. Finally, ©x© is assigned ©1© and ©w© is assigned the tuple value using multiple assignment (see Section 14). \begin{rationale} A possible additional language extension is to use the structuring coercion for tuples to initialize a complex record with a tuple. \end{lstlisting} The left-hand side is a tuple of \emph{lvalues}, which is a list of expressions each yielding an address, i.e., any data object that can appear on the left-hand side of a conventional assignment statement. \lstinline@$\emph{expr}$@ is any standard arithmetic expression. ©$\emph{expr}$© is any standard arithmetic expression. Clearly, the types of the entities being assigned must be type compatible with the value of the expression. *a1 = t; *a2 = t; *a3 = t; \end{lstlisting} The temporary \lstinline@t@ is necessary to store the value of the expression to eliminate conversion issues. The temporary ©t© is necessary to store the value of the expression to eliminate conversion issues. The temporaries for the addresses are needed so that locations on the left-hand side do not change as the values are assigned. In this case, \lstinline@y[i]@ uses the previous value of \lstinline@i@ and not the new value set at the beginning of the mass assignment. In this case, ©y[i]© uses the previous value of ©i© and not the new value set at the beginning of the mass assignment. [ x, y, z ] = [ 1, 2, 3 ]; \end{lstlisting} Here, the values \lstinline@1@, \lstinline@2@ and \lstinline@3@ are assigned, respectively, to the variables \lstinline@x@, \lstinline@y@ and \lstinline@z@. Here, the values ©1©, ©2© and ©3© are assigned, respectively, to the variables ©x©, ©y© and ©z©. A more complex example is: \begin{lstlisting} [ i, y[ i ], z ] = [ 1, i, a + b ]; \end{lstlisting} Here, the values \lstinline@1@, \lstinline@i@ and \lstinline@a + b@ are assigned to the variables \lstinline@i@, \lstinline@y[i]@ and \lstinline@z@, respectively. Here, the values ©1©, ©i© and ©a + b© are assigned to the variables ©i©, ©y[i]© and ©z©, respectively. Note, the parallel semantics of multiple assignment ensures: [ x, y ] = [ y, x ]; \end{lstlisting} correctly interchanges (swaps) the values stored in \lstinline@x@ and \lstinline@y@. correctly interchanges (swaps) the values stored in ©x© and ©y©. The following cases are errors: \begin{lstlisting} §\emph{expr}§ -> [ §\emph{fieldlist}§ ] \end{lstlisting} \emph{expr} is any expression yielding a value of type record, e.g., \lstinline@struct@, \lstinline@union@. \emph{expr} is any expression yielding a value of type record, e.g., ©struct©, ©union©. Each element of \emph{ fieldlist} is an element of the record specified by \emph{expr}. A record-field tuple may be used anywhere a tuple can be used. An example of the use of a record-field tuple is also, it is unnecessary to specify all the fields of a struct in a multiple record-field tuple. If a field of a \lstinline@struct@ is itself another \lstinline@struct@, multiple fields of this subrecord can be specified using a nested record-field tuple, as in the following example: If a field of a ©struct© is itself another ©struct©, multiple fields of this subrecord can be specified using a nested record-field tuple, as in the following example: \begin{lstlisting} struct inner { \section{Labelled Break/Continue} While C provides \lstinline@break@ and \lstinline@continue@ statements for altering control flow, both are restricted to one level of nesting for a particular control structure. Unfortunately, this restriction forces programmers to use \lstinline@goto@ to achieve the equivalent for more than one level of nesting. To prevent having to make this switch, the \lstinline@break@ and \lstinline@continue@ are extended with a target label to support static multi-level exit~\cite{Buhr85,Java}. For the labelled \lstinline@break@, it is possible to specify which control structure is the target for exit, as in: While C provides ©break© and ©continue© statements for altering control flow, both are restricted to one level of nesting for a particular control structure. Unfortunately, this restriction forces programmers to use ©goto© to achieve the equivalent for more than one level of nesting. To prevent having to make this switch, the ©break© and ©continue© are extended with a target label to support static multi-level exit~\cite{Buhr85,Java}. For the labelled ©break©, it is possible to specify which control structure is the target for exit, as in: \begin{quote2} \begin{tabular}{@{}l@{\hspace{30pt}}l@{}} \end{quote2} The inner most loop has three exit points, which cause termination of one or more of the three nested loops, respectively. For the labelled \lstinline@continue@, it is possible to specify which control structure is the target for the next loop iteration, as in: For the labelled ©continue©, it is possible to specify which control structure is the target for the next loop iteration, as in: \begin{quote2} \begin{tabular}{@{}l@{\hspace{30pt}}l@{}} \end{quote2} The inner most loop has three restart points, which cause the next loop iteration to begin, respectively. For both \lstinline@break@ and \lstinline@continue@, the target label must be directly associated with a \lstinline@for@, \lstinline@while@ or \lstinline@do@ statement; for \lstinline@break@, the target label can also be associated with a \lstinline@switch@ statement. Both \lstinline@break@ and \lstinline@continue@ with target labels are simply a \lstinline@goto@ restricted in the following ways: For both ©break© and ©continue©, the target label must be directly associated with a ©for©, ©while© or ©do© statement; for ©break©, the target label can also be associated with a ©switch© statement. Both ©break© and ©continue© with target labels are simply a ©goto© restricted in the following ways: \begin{itemize} \item Since they always transfers out of containing control structures, they cannot be used to branch into a control structure. \end{itemize} The advantage of the labelled \lstinline@break@/\lstinline@continue@ is that it allows static multi-level exits without having to use the \lstinline@goto@ statement and ties control flow to the target control structure rather than an arbitrary point in a program. The advantage of the labelled ©break©/©continue© is that it allows static multi-level exits without having to use the ©goto© statement and ties control flow to the target control structure rather than an arbitrary point in a program. Furthermore, the location of the label at the beginning of the target control structure informs the reader that complex control-flow is occurring in the body of the control structure. With \lstinline@goto@, the label at the end of the control structure fails to convey this important clue early enough to the reader. With ©goto©, the label at the end of the control structure fails to convey this important clue early enough to the reader. Finally, using an explicit target for the transfer instead of an implicit target allows new nested loop or switch constructs to be added or removed without affecting other constructs. The implicit targets of the current \lstinline@break@ and \lstinline@continue@, i.e., the closest enclosing loop or \lstinline@switch@, change as certain constructs are added or removed. The implicit targets of the current ©break© and ©continue©, i.e., the closest enclosing loop or ©switch©, change as certain constructs are added or removed. \section{Switch Statement} C allows a number of questionable forms for the \lstinline@switch@ statement: C allows a number of questionable forms for the ©switch© statement: \begin{enumerate} \item By default, the end of a \lstinline@case@ clause\footnote{ In this section, the term \emph{case clause} refers to either a \lstinline@case@ or \lstinline@default@ clause.} \emph{falls through} to the next \lstinline@case@ clause in the \lstinline@switch@ statement; to exit a \lstinline@switch@ statement from a \lstinline@case@ clause requires explicitly terminating the clause with a transfer statement, most commonly \lstinline@break@, as in: By default, the end of a ©case© clause\footnote{ In this section, the term \emph{case clause} refers to either a ©case© or ©default© clause.} \emph{falls through} to the next ©case© clause in the ©switch© statement; to exit a ©switch© statement from a ©case© clause requires explicitly terminating the clause with a transfer statement, most commonly ©break©, as in: \begin{lstlisting} switch ( i ) { \end{lstlisting} In this example, case 2 is always done if case 3 is done. This control flow is difficult to simulate with if statements or a \lstinline@switch@ statement without fall-through as code must be duplicated or placed in a separate routine. This control flow is difficult to simulate with if statements or a ©switch© statement without fall-through as code must be duplicated or placed in a separate routine. C also uses fall-through to handle multiple case-values resulting in the same action, as in: \begin{lstlisting} \end{lstlisting} However, this situation is handled in other languages without fall-through by allowing a list of case values. While fall-through itself is not a problem, the problem occurs when fall-through is the \lstinline@default@, as this semantics is not intuitive to most programmers and is different from virtually all other programming languages with a \lstinline@switch@ statement. Hence, \lstinline@default@ fall-through semantics results in a large number of programming errors as programmers often forget the \lstinline@break@ statement at the end of a \lstinline@case@ clause, resulting in inadvertent fall-through. \item It is possible to place \lstinline@case@ clauses on statements nested \emph{within} the body of the \lstinline@switch@ statement, as in: While fall-through itself is not a problem, the problem occurs when fall-through is the ©default©, as this semantics is not intuitive to most programmers and is different from virtually all other programming languages with a ©switch© statement. Hence, ©default© fall-through semantics results in a large number of programming errors as programmers often forget the ©break© statement at the end of a ©case© clause, resulting in inadvertent fall-through. \item It is possible to place ©case© clauses on statements nested \emph{within} the body of the ©switch© statement, as in: \begin{lstlisting} switch ( i ) { } \end{lstlisting} which unrolls a loop N times (N = 8 above) and uses the \lstinline@switch@ statement to deal with any iterations not a multiple of N. which unrolls a loop N times (N = 8 above) and uses the ©switch© statement to deal with any iterations not a multiple of N. While efficient, this sort of special purpose usage is questionable: \begin{quote} \end{quote} \item It is possible to place the \lstinline@default@ clause anywhere in the list of labelled clauses for a \lstinline@switch@ statement, rather than only at the end. Virtually all programming languages with a \lstinline@switch@ statement require the \lstinline@default@ clause to appear last in the case-clause list. The logic for this semantics is that after checking all the \lstinline@case@ clauses without success, the \lstinline@default@ clause is selected; hence, physically placing the \lstinline@default@ clause at the end of the \lstinline@case@ clause list matches with this semantics. This physical placement can be compared to the physical placement of an \lstinline@else@ clause at the end of a series of connected \lstinline@if@/\lstinline@else@ statements. \item It is possible to place unreachable code at the start of a \lstinline@switch@ statement, as in: It is possible to place the ©default© clause anywhere in the list of labelled clauses for a ©switch© statement, rather than only at the end. Virtually all programming languages with a ©switch© statement require the ©default© clause to appear last in the case-clause list. The logic for this semantics is that after checking all the ©case© clauses without success, the ©default© clause is selected; hence, physically placing the ©default© clause at the end of the ©case© clause list matches with this semantics. This physical placement can be compared to the physical placement of an ©else© clause at the end of a series of connected ©if©/©else© statements. \item It is possible to place unreachable code at the start of a ©switch© statement, as in: \begin{lstlisting} switch ( x ) { } \end{lstlisting} While the declaration of the local variable \lstinline@y@ is useful and its scope is across all \lstinline@case@ clauses, the initialization for such a variable is defined to never be executed because control always transfers over it. Furthermore, any statements before the first \lstinline@case@ clause can only be executed if labelled and transfered to using a \lstinline@goto@, either from outside or inside of the \lstinline@switch@. While the declaration of the local variable ©y© is useful and its scope is across all ©case© clauses, the initialization for such a variable is defined to never be executed because control always transfers over it. Furthermore, any statements before the first ©case© clause can only be executed if labelled and transfered to using a ©goto©, either from outside or inside of the ©switch©. As mentioned, transfer into control structures should be forbidden. Transfers from within the \lstinline@switch@ body using a \lstinline@goto@ are equally unpalatable. Transfers from within the ©switch© body using a ©goto© are equally unpalatable. \end{enumerate} Before discussing potential language changes to deal with these problems, it is worth observing that in a typical C program: \begin{itemize} \item the number of \lstinline@switch@ statements is small, \item most \lstinline@switch@ statements are well formed (i.e., no Duff's device), \item the \lstinline@default@ clause is usually written as the last case-clause, \item and there is only a medium amount of fall-through from one \lstinline@case@ clause to the next, and most of these result from a list of case values executing common code, rather than a sequence of case actions that compound. the number of ©switch© statements is small, \item most ©switch© statements are well formed (i.e., no Duff's device), \item the ©default© clause is usually written as the last case-clause, \item and there is only a medium amount of fall-through from one ©case© clause to the next, and most of these result from a list of case values executing common code, rather than a sequence of case actions that compound. \end{itemize} These observations should help to put the effects of suggested changes into perspective. \begin{enumerate} \item Eliminating the \lstinline@default@ fall-through problem has the greatest potential for affecting existing code. However, even if fall-through is removed, most \lstinline@switch@ statements would continue to work because of the explicit transfers already present at the end of each \lstinline@case@ clause, and the common placement of the \lstinline@default@ clause at the end of the case list. In addition, the above grammar provides for the most common use of fall-through, i.e., a list of \lstinline@case@ clauses executing common code, e.g.: Eliminating the ©default© fall-through problem has the greatest potential for affecting existing code. However, even if fall-through is removed, most ©switch© statements would continue to work because of the explicit transfers already present at the end of each ©case© clause, and the common placement of the ©default© clause at the end of the case list. In addition, the above grammar provides for the most common use of fall-through, i.e., a list of ©case© clauses executing common code, e.g.: \begin{lstlisting} case 1:  case 2:  case 3: ... \end{lstlisting} Nevertheless, reversing the default action would have a non-trivial effect on case actions that compound, such as the above example of processing shell arguments. Therefore, to preserve backwards compatibility, it is necessary to introduce a new kind of \lstinline@switch@ statement, called \lstinline@choose@, with no fall-through semantics. The \lstinline@choose@ statement is identical to the new \lstinline@switch@ statement, except there is no implicit fall-through between case-clauses and the \lstinline@break@ statement applies to the enclosing loop construct (as for the continue statement in a \lstinline@switch@ statement). Therefore, to preserve backwards compatibility, it is necessary to introduce a new kind of ©switch© statement, called ©choose©, with no fall-through semantics. The ©choose© statement is identical to the new ©switch© statement, except there is no implicit fall-through between case-clauses and the ©break© statement applies to the enclosing loop construct (as for the continue statement in a ©switch© statement). It is still possible to fall-through if a case-clause ends with the new keyword fallthru, e.g.: \begin{lstlisting} \item Eliminating Duff's device is straightforward and only invalidates a small amount of very questionable code. The solution is to allow \lstinline@case@ clauses to only appear at the same nesting level as the \lstinline@switch@ body, as is done in most other programming languages with \lstinline@switch@ statements. \item The issue of \lstinline@default@ at locations other than at the end of the cause clause can be solved by using good programming style, and there are a few reasonable situations involving fall-through where the \lstinline@default@ clause may appear is locations other than at the end. The solution is to allow ©case© clauses to only appear at the same nesting level as the ©switch© body, as is done in most other programming languages with ©switch© statements. \item The issue of ©default© at locations other than at the end of the cause clause can be solved by using good programming style, and there are a few reasonable situations involving fall-through where the ©default© clause may appear is locations other than at the end. Therefore, no language change is made for this issue. \item Dealing with unreachable code at the start of a \lstinline@switch@ statement is solved by defining the declaration-list, including any associated initialization, at the start of a \lstinline@switch@ statement body to be executed before the transfer to the appropriate \lstinline@case@ clause. Dealing with unreachable code at the start of a ©switch© statement is solved by defining the declaration-list, including any associated initialization, at the start of a ©switch© statement body to be executed before the transfer to the appropriate ©case© clause. This semantics is the same as for declarations at the start of a loop body, which are executed before each iteration of the loop body. As well, this grammar does not allow statements to appear before the first \lstinline@case@ clause. As well, this grammar does not allow statements to appear before the first ©case© clause. The change is compatible for declarations with initialization in this context because existing code cannot assume the initialization has occurred. The change is incompatible for statements, but any existing code using it is highly questionable, as in: } \end{lstlisting} The statement after the \lstinline@switch@ can never be executed unless it is labelled. If it is labelled, it must be transfered to from outside or inside the \lstinline@switch@ statement, neither of which is acceptable control flow. The statement after the ©switch© can never be executed unless it is labelled. If it is labelled, it must be transfered to from outside or inside the ©switch© statement, neither of which is acceptable control flow. \end{enumerate} \section{Case Clause} C restricts the \lstinline@case@ clause of a \lstinline@switch@ statement to a single value. For multiple \lstinline@case@ clauses associated with the same statement, it is necessary to have multiple \lstinline@case@ clauses rather than multiple values. Requiring a \lstinline@case@ clause for each value does not seem to be in the spirit of brevity normally associated with C. Therefore, the \lstinline@case@ clause is extended with a list of values, as in: C restricts the ©case© clause of a ©switch© statement to a single value. For multiple ©case© clauses associated with the same statement, it is necessary to have multiple ©case© clauses rather than multiple values. Requiring a ©case© clause for each value does not seem to be in the spirit of brevity normally associated with C. Therefore, the ©case© clause is extended with a list of values, as in: \begin{quote2} \begin{tabular}{@{}l@{\hspace{30pt}}l@{\hspace{20pt}}l@{}} The syntax for using references in \CFA is the same as \CC with the exception of reference initialization. Use \lstinline@&@ to specify a reference, and access references just like regular objects, not like pointers (use dot notation to access fields). Use ©&© to specify a reference, and access references just like regular objects, not like pointers (use dot notation to access fields). When initializing a reference, \CFA uses a different syntax which differentiates reference initialization from assignment to a reference. The \lstinline@&@ is used on both sides of the expression to clarify that the address of the reference is being set to the address of the variable to which it refers. The ©&© is used on both sides of the expression to clarify that the address of the reference is being set to the address of the variable to which it refers. \begin{figure} In \CFA, as in C, all scalar types can be incremented and decremented, which is defined in terms of adding or subtracting 1. The operations \lstinline@&&@, \lstinline@||@, and \lstinline@!@ can be applied to any scalar arguments and are defined in terms of comparison against 0 (ex. \lstinline@(a && b)@ becomes \lstinline@(a != 0 && b != 0)@). The operations ©&&©, ©||©, and ©!© can be applied to any scalar arguments and are defined in terms of comparison against 0 (ex. ©(a && b)© becomes ©(a != 0 && b != 0)©). In C, the integer constants 0 and 1 suffice because the integer promotion rules can convert them to any polymorphic parameters, and user-defined pointer-like types may need a null value. Defining special constants for a user-defined type is more efficient than defining a conversion to the type from \lstinline@_Bool@. constants for a user-defined type is more efficient than defining a conversion to the type from ©_Bool©. Why just 0 and 1? Why not other integers? No other integers have special status in C. \begin{tabular}[t]{ll} %identifier & operation \\ \hline \lstinline@?[?]@ & subscripting \impl{?[?]}\\ \lstinline@?()@ & function call \impl{?()}\\ \lstinline@?++@ & postfix increment \impl{?++}\\ \lstinline@?--@ & postfix decrement \impl{?--}\\ \lstinline@++?@ & prefix increment \impl{++?}\\ \lstinline@--?@ & prefix decrement \impl{--?}\\ \lstinline@*?@ & dereference \impl{*?}\\ \lstinline@+?@ & unary plus \impl{+?}\\ \lstinline@-?@ & arithmetic negation \impl{-?}\\ \lstinline@~?@ & bitwise negation \impl{~?}\\ \lstinline@!?@ & logical complement \impl{"!?}\\ \lstinline@?*?@ & multiplication \impl{?*?}\\ \lstinline@?/?@ & division \impl{?/?}\\ ©?[?]© & subscripting \impl{?[?]}\\ ©?()© & function call \impl{?()}\\ ©?++© & postfix increment \impl{?++}\\ ©?--© & postfix decrement \impl{?--}\\ ©++?© & prefix increment \impl{++?}\\ ©--?© & prefix decrement \impl{--?}\\ ©*?© & dereference \impl{*?}\\ ©+?© & unary plus \impl{+?}\\ ©-?© & arithmetic negation \impl{-?}\\ ©~?© & bitwise negation \impl{~?}\\ ©!?© & logical complement \impl{"!?}\\ ©?*?© & multiplication \impl{?*?}\\ ©?/?© & division \impl{?/?}\\ \end{tabular}\hfil \begin{tabular}[t]{ll} %identifier & operation \\ \hline \lstinline@?%?@ & remainder \impl{?%?}\\ \lstinline@?+?@ & addition \impl{?+?}\\ \lstinline@?-?@ & subtraction \impl{?-?}\\ \lstinline@?<>?@ & right shift \impl{?>>?}\\ \lstinline@?=?@ & greater than or equal \impl{?>=?}\\ \lstinline@?>?@ & greater than \impl{?>?}\\ \lstinline@?==?@ & equality \impl{?==?}\\ \lstinline@?!=?@ & inequality \impl{?"!=?}\\ \lstinline@?&?@ & bitwise AND \impl{?&?}\\ ©?%?© & remainder \impl{?%?}\\ ©?+?© & addition \impl{?+?}\\ ©?-?© & subtraction \impl{?-?}\\ ©?<>?© & right shift \impl{?>>?}\\ ©?=?© & greater than or equal \impl{?>=?}\\ ©?>?© & greater than \impl{?>?}\\ ©?==?© & equality \impl{?==?}\\ ©?!=?© & inequality \impl{?"!=?}\\ ©?&?© & bitwise AND \impl{?&?}\\ \end{tabular}\hfil \begin{tabular}[t]{ll} %identifier & operation \\ \hline \lstinline@?^?@ & exclusive OR \impl{?^?}\\ \lstinline@?|?@ & inclusive OR \impl{?"|?}\\ \lstinline@?=?@ & simple assignment \impl{?=?}\\ \lstinline@?*=?@ & multiplication assignment \impl{?*=?}\\ \lstinline@?/=?@ & division assignment \impl{?/=?}\\ \lstinline@?%=?@ & remainder assignment \impl{?%=?}\\ \lstinline@?+=?@ & addition assignment \impl{?+=?}\\ \lstinline@?-=?@ & subtraction assignment \impl{?-=?}\\ \lstinline@?<<=?@ & left-shift assignment \impl{?<<=?}\\ \lstinline@?>>=?@ & right-shift assignment \impl{?>>=?}\\ \lstinline@?&=?@ & bitwise AND assignment \impl{?&=?}\\ \lstinline@?^=?@ & exclusive OR assignment \impl{?^=?}\\ \lstinline@?|=?@ & inclusive OR assignment \impl{?"|=?}\\ ©?^?© & exclusive OR \impl{?^?}\\ ©?|?© & inclusive OR \impl{?"|?}\\ ©?=?© & simple assignment \impl{?=?}\\ ©?*=?© & multiplication assignment \impl{?*=?}\\ ©?/=?© & division assignment \impl{?/=?}\\ ©?%=?© & remainder assignment \impl{?%=?}\\ ©?+=?© & addition assignment \impl{?+=?}\\ ©?-=?© & subtraction assignment \impl{?-=?}\\ ©?<<=?© & left-shift assignment \impl{?<<=?}\\ ©?>>=?© & right-shift assignment \impl{?>>=?}\\ ©?&=?© & bitwise AND assignment \impl{?&=?}\\ ©?^=?© & exclusive OR assignment \impl{?^=?}\\ ©?|=?© & inclusive OR assignment \impl{?"|=?}\\ \end{tabular} \hfil These identifiers are defined such that the question marks in the name identify the location of the operands. These operands represent the parameters to the functions, and define how the operands are mapped to the function call. For example, \lstinline@a + b@ becomes \lstinline@?+?(a, b)@. For example, ©a + b© becomes ©?+?(a, b)©. In the example below, a new type, myComplex, is defined with an overloaded constructor, + operator, and string operator. \begin{quote2} \begin{tabular}{@{}l@{\hspace{30pt}}ll@{}} \multicolumn{1}{c@{\hspace{30pt}}}{\textbf{\CC}}        & \multicolumn{1}{c}{\lstinline@gcc@}\index{gcc} \\ \multicolumn{1}{c@{\hspace{30pt}}}{\textbf{\CC}}        & \multicolumn{1}{c}{©gcc©}\index{gcc} \\ \begin{lstlisting} \end{itemize} In \CFA, \lstinline@typedef@ provides a mechanism to alias long type names with short ones, both globally and locally, but not eliminate the use of the short name. \lstinline@gcc@ provides \lstinline@typeof@ to declare a secondary variable from a primary variable. In \CFA, ©typedef© provides a mechanism to alias long type names with short ones, both globally and locally, but not eliminate the use of the short name. ©gcc© provides ©typeof© to declare a secondary variable from a primary variable. \CFA also relies heavily on the specification of the left-hand side of assignment for type inferencing, so in many cases it is crucial to specify the type of the left-hand side to select the correct type of the right-hand expression. Only for overloaded routines with the same return type is variable type-inferencing possible. Finally, \lstinline@auto@ presents the programming problem of tracking down a type when the type is actually needed. Finally, ©auto© presents the programming problem of tracking down a type when the type is actually needed. For example, given \begin{lstlisting} auto j = ®...® \end{lstlisting} and the need to write a routine to compute using \lstinline@j@ and the need to write a routine to compute using ©j© \begin{lstlisting} void rtn( ®...® parm ); rtn( j ); \end{lstlisting} A programmer must work backwards to determine the type of \lstinline@j@'s initialization expression, reconstructing the possibly long generic type-name. A programmer must work backwards to determine the type of ©j©'s initialization expression, reconstructing the possibly long generic type-name. In this situation, having the type name or a short alias is very useful. At some point, a programmer wants the type of the variable to remain constant and the expression to be in error when it changes. Given \lstinline@typedef@ and \lstinline@typeof@ in \CFA, and the strong need to use the type of left-hand side in inferencing, auto type-inferencing is not supported at this time. Given ©typedef© and ©typeof© in \CFA, and the strong need to use the type of left-hand side in inferencing, auto type-inferencing is not supported at this time. Should a significant need arise, this feature can be revisited. } s; \end{lstlisting} The problem occurs in accesing these fields using the selection operation \lstinline@.@'': The problem occurs in accesing these fields using the selection operation ©.©'': \begin{lstlisting} s.0 = 0;        // ambiguity with floating constant .0 \end{lstlisting} While this sytact is awkward, it is unlikely many programers will name fields of a structure 0 or 1. Like the \CC lexical problem with closing template-syntax, e.g, \lstinline@Foo>®@, this issue can be solved with a more powerful lexer/parser. There are several ambiguous cases with operator identifiers, e.g., \lstinline@int *?*?()@, where the string \lstinline@*?*?@ can be lexed as \lstinline@*@/\lstinline@?*?@ or \lstinline@*?@/\lstinline@*?@. Since it is common practise to put a unary operator juxtaposed to an identifier, e.g., \lstinline@*i@, users will be annoyed if they cannot do this with respect to operator identifiers. Like the \CC lexical problem with closing template-syntax, e.g, ©Foo>®©, this issue can be solved with a more powerful lexer/parser. There are several ambiguous cases with operator identifiers, e.g., ©int *?*?()©, where the string ©*?*?© can be lexed as ©*©/©?*?© or ©*?©/©*?©. Since it is common practise to put a unary operator juxtaposed to an identifier, e.g., ©*i©, users will be annoyed if they cannot do this with respect to operator identifiers. Even with this special hack, there are 5 general cases that cannot be handled. The first case is for the function-call identifier \lstinline@?()@: The first case is for the function-call identifier ©?()©: \begin{lstlisting} int *§\textvisiblespace§?()();  // declaration: space required after '*' *§\textvisiblespace§?()();              // expression: space required after '*' \end{lstlisting} Without the space, the string \lstinline@*?()@ is ambiguous without N character look ahead; it requires scanning ahead to determine if there is a \lstinline@'('@, which is the start of an argument/parameter list. Without the space, the string ©*?()© is ambiguous without N character look ahead; it requires scanning ahead to determine if there is a ©'('©, which is the start of an argument/parameter list. The 4 remaining cases occur in expressions: i§\textvisiblespace§?--i:0;             // space required after '?' \end{lstlisting} In the first two cases, the string \lstinline@i++?@ is ambiguous, where this string can be lexed as \lstinline@i@ / \lstinline@++?@ or \lstinline@i++@ / \lstinline@?@; it requires scanning ahead to determine if there is a \lstinline@'('@, which is the start of an argument list. In the second two cases, the string \lstinline@?++x@ is ambiguous, where this string can be lexed as \lstinline@?++@ / \lstinline@x@ or \lstinline@?@ / y\lstinline@++x@; it requires scanning ahead to determine if there is a \lstinline@'('@, which is the start of an argument list. In the first two cases, the string ©i++?© is ambiguous, where this string can be lexed as ©i© / ©++?© or ©i++© / ©?©; it requires scanning ahead to determine if there is a ©'('©, which is the start of an argument list. In the second two cases, the string ©?++x© is ambiguous, where this string can be lexed as ©?++© / ©x© or ©?© / y©++x©; it requires scanning ahead to determine if there is a ©'('©, which is the start of an argument list. \begin{enumerate} \item Change type of character literal \lstinline@int@ to \lstinline@char@. Change type of character literal ©int© to ©char©. This change allows overloading differentiation argument type matching, e.g.: \begin{lstlisting} \item Change: String literals made \lstinline@const@ \\ The type of a string literal is changed from \lstinline@array of char@ to \lstinline@array of const char@. The type of a wide string literal is changed from \lstinline@array of wchar_t@ to \lstinline@array of const wchar_t@. \\ Change: String literals made ©const© \\ The type of a string literal is changed from ©array of char© to ©array of const char©. The type of a wide string literal is changed from ©array of wchar_t© to ©array of const wchar_t©. \\ Rationale: This avoids calling an inappropriate overloaded function, which might expect to be able to modify its argument. Effect on original feature: Change to semantics of well-defined feature. \\ Difficulty of converting: Simple syntactic transformation, because string literals can be converted to \lstinline@char*;@ (4.2). Difficulty of converting: Simple syntactic transformation, because string literals can be converted to ©char*;© (4.2). The most common cases are handled by a new but deprecated standard conversion: \begin{lstlisting} \CFA is C \emph{incompatible} on this issue, and provides semantics similar to \CC. Nested types are not hoisted and can be referenced using the field selection operator \lstinline@.@'', unlike the \CC scope-resolution operator \lstinline@::@''. Nested types are not hoisted and can be referenced using the field selection operator ©.©'', unlike the \CC scope-resolution operator `©::©''. Given that nested types in C are equivalent to not using them, i.e., they are essentially useless, it is unlikely there are any realistic usages that break because of this incompatibility. %\$ \item A seperator does not appear after a C string ending with the (extended) \Index{ASCII}\index{ASCII!extended} characters: \lstinline@,.:;!?)]}%¢»@ A seperator does not appear after a C string ending with the (extended) \Index{ASCII}\index{ASCII!extended} characters: ©,.:;!?)]}%¢»© \begin{lstlisting}[belowskip=0pt] sout | 1 | ", x" | 2 | ". x" | 3 | ": x" | 4 | "; x" | 5 | "! x" | 6 | "? x" | 7 | ") x" | 8 | "] x" | 9 | "} x"