Changeset 0720e049 for doc

Timestamp:

Aug 11, 2017, 10:33:37 AM (8 years ago)

Author:

Rob Schluntz <rschlunt@…>

Branches:

ADT, aaron-thesis, arm-eh, ast-experimental, cleanup-dtors, deferred_resn, demangler, enum, forall-pointer-decay, jacob/cs343-translation, jenkins-sandbox, master, new-ast, new-ast-unique-expr, new-env, no_list, persistent-indexer, pthread-emulation, qualifiedEnum, resolv-new, with_gc

Children:

54cd58b0

Parents:

3d4b23fa (diff), 59a75cb (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

Message:

Merge branch 'master' of plg.uwaterloo.ca:/u/cforall/software/cfa/cfa-cc

Location:

doc

Files:

• LaTeXmacros/common.tex (modified) (3 diffs)
• LaTeXmacros/lstlang.sty (modified) (2 diffs)
• generic_types/generic_types.bib (deleted)
• generic_types/generic_types.tex (modified) (3 diffs)
• man/README (added)
• man/cfa.1 (added)
• proposals/concurrency/text/concurrency.tex (modified) (17 diffs)
• proposals/concurrency/version (modified) (1 diff)
• proposals/tagged-struct.txt (deleted)
• proposals/virtual.txt (modified) (4 diffs)
• refrat/Makefile (modified) (1 diff)
• refrat/keywords.tex (added)
• refrat/operidents.tex (added)
• refrat/refrat.tex (modified) (7 diffs)
• rob_thesis/Makefile (modified) (1 diff)
• rob_thesis/thesis.tex (modified) (1 diff)
• user/EHMHierarchy.fig (modified) (3 diffs)
• user/Makefile (modified) (1 diff)
• user/user.tex (modified) (68 diffs)
• working/resolver_design.md (modified) (1 diff)

doc/LaTeXmacros/common.tex

@@ -11 +11 @@
 %% Created On       : Sat Apr  9 10:06:17 2016
 %% Last Modified By : Peter A. Buhr
-%% Last Modified On : Thu Jul 13 11:44:59 2017
-%% Update Count     : 335
+%% Last Modified On : Mon Jul 24 21:02:14 2017
+%% Update Count     : 352
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
@@ -134 +134 @@
 
 % inline text and code index (cannot use ©)
-\newcommand{\Indexc}[1]{\lstinline$#1$\index{#1@\lstinline$#1$}}
+\newcommand{\Indexc}[2][\@empty]{\lstinline[#1]$#2$\index{#2@\lstinline[#1]$#2$}}
 % code index (cannot use ©)
-\newcommand{\indexc}[1]{\index{#1@\lstinline$#1$}}
+\newcommand{\indexc}[2][\@empty]{\index{#2@\lstinline[#1]$#2$}}
 
 % Denote newterms in particular font and index them without particular font and in lowercase, e.g., \newterm{abc}.
@@ -234 +234 @@
 basicstyle=\linespread{0.9}\sf,                                                 % reduce line spacing and use sanserif font
 stringstyle=\tt,                                                                                % use typewriter font
-tabsize=6,                                                                                              % N space tabbing
+tabsize=5,                                                                                              % N space tabbing
 xleftmargin=\parindentlnth,                                                             % indent code to paragraph indentation
 extendedchars=true,                                                                             % allow ASCII characters in the range 128-255

doc/LaTeXmacros/lstlang.sty

@@ -8 +8 @@
 %% Created On       : Sat May 13 16:34:42 2017
 %% Last Modified By : Peter A. Buhr
-%% Last Modified On : Wed Jul 12 22:42:09 2017
-%% Update Count     : 12
+%% Last Modified On : Mon Jul 24 20:40:37 2017
+%% Update Count     : 13
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
@@ -112 +112 @@
                 finally, forall, ftype, _Generic, _Imaginary, inline, __label__, lvalue, _Noreturn, one_t, 
                 otype, restrict, _Static_assert, throw, throwResume, trait, try, ttype, typeof, __typeof, 
-                __typeof__, with, zero_t},
+                __typeof__, virtual, with, zero_t},
         morekeywords=[2]{
                 _Atomic, coroutine, is_coroutine, is_monitor, is_thread, monitor, mutex, nomutex, 

doc/generic_types/generic_types.tex

@@ -49 +49 @@
 
 % Useful macros
-\newcommand{\CFA}{C\raisebox{\depth}{\rotatebox{180}{\textsf{A}}}\hspace{-1pt}\xspace} % Cforall symbolic name
-%\newcommand{\CFA}{C$\mathbf\forall$\xspace} % Cforall symbolic name
-\newcommand{\CC}{\rm C\kern-.1em\hbox{+\kern-.25em+}\xspace} % C++ symbolic name
-\newcommand{\CCeleven}{\rm C\kern-.1em\hbox{+\kern-.25em+}11\xspace} % C++11 symbolic name
-\newcommand{\CCfourteen}{\rm C\kern-.1em\hbox{+\kern-.25em+}14\xspace} % C++14 symbolic name
-\newcommand{\CCseventeen}{\rm C\kern-.1em\hbox{+\kern-.25em+}17\xspace} % C++17 symbolic name
-\newcommand{\CCtwenty}{\rm C\kern-.1em\hbox{+\kern-.25em+}20\xspace} % C++20 symbolic name
+\newcommand{\CFAIcon}{\textsf{C}\raisebox{\depth}{\rotatebox{180}{\textsf{A}}}\xspace} % Cforall symbolic name
+\newcommand{\CFA}{\protect\CFAIcon} % safe for section/caption
+\newcommand{\CC}{\textrm{C}\kern-.1em\hbox{+\kern-.25em+}\xspace} % C++ symbolic name
+\newcommand{\CCeleven}{\textrm{C}\kern-.1em\hbox{+\kern-.25em+}11\xspace} % C++11 symbolic name
+\newcommand{\CCfourteen}{\textrm{C}\kern-.1em\hbox{+\kern-.25em+}14\xspace} % C++14 symbolic name
+\newcommand{\CCseventeen}{\textrm{C}\kern-.1em\hbox{+\kern-.25em+}17\xspace} % C++17 symbolic name
+\newcommand{\CCtwenty}{\textrm{C}\kern-.1em\hbox{+\kern-.25em+}20\xspace} % C++20 symbolic name
 \newcommand{\CCV}{\rm C\kern-.1em\hbox{+\kern-.25em+}obj\xspace} % C++ virtual symbolic name
 \newcommand{\Csharp}{C\raisebox{-0.7ex}{\Large$^\sharp$}\xspace} % C# symbolic name
@@ -443 +443 @@
 This function could acquire the layout for @set(T)@ by calling its layout function with the layout of @T@ implicitly passed into the function.
 
-Whether a type is concrete, dtype-static, or dynamic is decided solely on the type parameters and @forall@ clause on a declaration.
-This design allows opaque forward declarations of generic types, \eg @forall(otype T) struct Box@ -- like in C, all uses of @Box(T)@ can be separately compiled, and callers from other translation units know the proper calling conventions to use.
-If the definition of a structure type is included in deciding whether a generic type is dynamic or concrete, some further types may be recognized as dtype-static (\eg @forall(otype T) struct unique_ptr { T * p }@ does not depend on @T@ for its layout, but the existence of an @otype@ parameter means that it \emph{could}.), but preserving separate compilation (and the associated C compatibility) in the existing design is judged to be an appropriate trade-off.
+Whether a type is concrete, dtype-static, or dynamic is decided solely on the @forall@'s type parameters.
+This design allows opaque forward declarations of generic types, \eg @forall(otype T)@ @struct Box@ -- like in C, all uses of @Box(T)@ can be separately compiled, and callers from other translation units know the proper calling conventions to use.
+If the definition of a structure type is included in deciding whether a generic type is dynamic or concrete, some further types may be recognized as dtype-static (\eg @forall(otype T)@ @struct unique_ptr { T * p }@ does not depend on @T@ for its layout, but the existence of an @otype@ parameter means that it \emph{could}.), but preserving separate compilation (and the associated C compatibility) in the existing design is judged to be an appropriate trade-off.
 
 
@@ -855 +855 @@
 }
 \end{lstlisting}
+\begin{sloppypar}
 Tuple expressions are then simply converted directly into compound literals, \eg @[5, 'x', 1.24]@ becomes @(_tuple3(int, char, double)){ 5, 'x', 1.24 }@.
+\end{sloppypar}
 
 \begin{comment}

doc/proposals/concurrency/text/concurrency.tex

@@ -4 +4 @@
 % ======================================================================
 % ======================================================================
-Several tool can be used to solve concurrency challenges. Since many of these challenges appear with the use of mutable shared-state, some languages and libraries simply disallow mutable shared-state (Erlang~\cite{Erlang}, Haskell~\cite{Haskell}, Akka (Scala)~\cite{Akka}). In these paradigms, interaction among concurrent objects relies on message passing~\cite{Thoth,Harmony,V-Kernel} or other paradigms that closely relate to networking concepts (channels\cit for example). However, in languages that use routine calls as their core abstraction-mechanism, these approaches force a clear distinction between concurrent and non-concurrent paradigms (i.e., message passing versus routine call). This distinction in turn means that, in order to be effective, programmers need to learn two sets of designs patterns. While this distinction can be hidden away in library code, effective use of the librairy still has to take both paradigms into account. 
-
-Approaches based on shared memory are more closely related to non-concurrent paradigms since they often rely on basic constructs like routine calls and shared objects. At the lowest level, concurrent paradigms are implemented as atomic operations and locks. Many such mechanisms have been proposed, including semaphores~\cite{Dijkstra68b} and path expressions~\cite{Campbell74}. However, for productivity reasons it is desireable to have a higher-level construct be the core concurrency paradigm~\cite{HPP:Study}. 
-
-An approach that is worth mentionning because it is gaining in popularity is transactionnal memory~\cite{Dice10}[Check citation]. While this approach is even pursued by system languages like \CC\cit, the performance and feature set is currently too restrictive to be the main concurrency paradigm for general purpose language, which is why it was rejected as the core paradigm for concurrency in \CFA. 
+Several tool can be used to solve concurrency challenges. Since many of these challenges appear with the use of mutable shared-state, some languages and libraries simply disallow mutable shared-state (Erlang~\cite{Erlang}, Haskell~\cite{Haskell}, Akka (Scala)~\cite{Akka}). In these paradigms, interaction among concurrent objects relies on message passing~\cite{Thoth,Harmony,V-Kernel} or other paradigms that closely relate to networking concepts (channels\cit for example). However, in languages that use routine calls as their core abstraction-mechanism, these approaches force a clear distinction between concurrent and non-concurrent paradigms (i.e., message passing versus routine call). This distinction in turn means that, in order to be effective, programmers need to learn two sets of designs patterns. While this distinction can be hidden away in library code, effective use of the librairy still has to take both paradigms into account.
+
+Approaches based on shared memory are more closely related to non-concurrent paradigms since they often rely on basic constructs like routine calls and shared objects. At the lowest level, concurrent paradigms are implemented as atomic operations and locks. Many such mechanisms have been proposed, including semaphores~\cite{Dijkstra68b} and path expressions~\cite{Campbell74}. However, for productivity reasons it is desireable to have a higher-level construct be the core concurrency paradigm~\cite{HPP:Study}.
+
+An approach that is worth mentionning because it is gaining in popularity is transactionnal memory~\cite{Dice10}[Check citation]. While this approach is even pursued by system languages like \CC\cit, the performance and feature set is currently too restrictive to be the main concurrency paradigm for general purpose language, which is why it was rejected as the core paradigm for concurrency in \CFA.
 
 One of the most natural, elegant, and efficient mechanisms for synchronization and communication, especially for shared memory systems, is the \emph{monitor}. Monitors were first proposed by Brinch Hansen~\cite{Hansen73} and later described and extended by C.A.R.~Hoare~\cite{Hoare74}. Many programming languages---e.g., Concurrent Pascal~\cite{ConcurrentPascal}, Mesa~\cite{Mesa}, Modula~\cite{Modula-2}, Turing~\cite{Turing:old}, Modula-3~\cite{Modula-3}, NeWS~\cite{NeWS}, Emerald~\cite{Emerald}, \uC~\cite{Buhr92a} and Java~\cite{Java}---provide monitors as explicit language constructs. In addition, operating-system kernels and device drivers have a monitor-like structure, although they often use lower-level primitives such as semaphores or locks to simulate monitors. For these reasons, this project proposes monitors as the core concurrency-construct.
@@ -101 +101 @@
         }
 \end{cfacode}
-The multi-acquisition monitor lock allows a monitor lock to be acquired by both \code{bar} or \code{baz} and acquired again in \code{foo}. In the calls to \code{bar} and \code{baz} the monitors are acquired in opposite order. 
+The multi-acquisition monitor lock allows a monitor lock to be acquired by both \code{bar} or \code{baz} and acquired again in \code{foo}. In the calls to \code{bar} and \code{baz} the monitors are acquired in opposite order.
 
 However, such use leads the lock acquiring order problem. In the example above, the user uses implicit ordering in the case of function \code{foo} but explicit ordering in the case of \code{bar} and \code{baz}. This subtle mistake means that calling these routines concurrently may lead to deadlock and is therefore undefined behavior. As shown on several occasion\cit, solving this problem requires:
@@ -169 +169 @@
 \end{tabular}
 \end{center}
-Notice how the counter is used without any explicit synchronisation and yet supports thread-safe semantics for both reading and writting. 
+Notice how the counter is used without any explicit synchronisation and yet supports thread-safe semantics for both reading and writting.
 
 % ======================================================================
@@ -178 +178 @@
 Depending on the choice of semantics for when monitor locks are acquired, interaction between monitors and \CFA's concept of polymorphism can be complex to support. However, it is shown that entry-point locking solves most of the issues.
 
-First of all, interaction between \code{otype} polymorphism and monitors is impossible since monitors do not support copying. Therefore, the main question is how to support \code{dtype} polymorphism. Since a monitor's main purpose is to ensure mutual exclusion when accessing shared data, this implies that mutual exclusion is only required for routines that do in fact access shared data. However, since \code{dtype} polymorphism always handles incomplete types (by definition), no \code{dtype} polymorphic routine can access shared data since the data requires knowledge about the type. Therefore, the only concern when combining \code{dtype} polymorphism and monitors is to protect access to routines. 
-
-Before looking into complex control flow, it is important to present the difference between the two acquiring options : \gls{callsite-locking} and \gls{entry-point-locking}, i.e. acquiring the monitors before making a mutex routine call or as the first instruction of the mutex routine call. For example:
+First of all, interaction between \code{otype} polymorphism and monitors is impossible since monitors do not support copying. Therefore, the main question is how to support \code{dtype} polymorphism. Since a monitor's main purpose is to ensure mutual exclusion when accessing shared data, this implies that mutual exclusion is only required for routines that do in fact access shared data. However, since \code{dtype} polymorphism always handles incomplete types (by definition), no \code{dtype} polymorphic routine can access shared data since the data requires knowledge about the type. Therefore, the only concern when combining \code{dtype} polymorphism and monitors is to protect access to routines.
+
+Before looking into complex control-flow, it is important to present the difference between the two acquiring options : callsite and entry-point locking, i.e. acquiring the monitors before making a mutex routine call or as the first operation of the mutex routine-call. For example:
 \begin{center}
 \setlength\tabcolsep{1.5pt}
@@ -245 +245 @@
 \end{center}
 
-\Gls{callsite-locking} is inefficient, since any \code{dtype} routine may have to obtain some lock before calling a routine, depending on whether or not the type passed is a monitor. However, with \gls{entry-point-locking} calling a monitor routine becomes exactly the same as calling it from anywhere else. Note that the \code{mutex} keyword relies on the resolver rather than another form of language, which mean that in cases where a generic monitor routine is actually desired, writing a mutex routine is possible with the proper trait. This is possible because monitors are designed in terms a trait. For example:
+\Gls{callsite-locking} is inefficient, since any \code{dtype} routine may have to obtain some lock before calling a routine, depending on whether or not the type passed is a monitor. However, with \gls{entry-point-locking} calling a monitor routine becomes exactly the same as calling it from anywhere else.
+
+Note the \code{mutex} keyword relies on the resolver, which means that in cases where a generic monitor routine is actually desired, writing a mutex routine is possible with the proper trait. This is possible because monitors are designed in terms a trait. For example:
 \begin{cfacode}
 //Incorrect
 //T is not a monitor
 forall(dtype T)
-void foo(T * mutex t); 
+void foo(T * mutex t);
 
 //Correct
-//this function only works on monitors 
+//this function only works on monitors
 //(any monitor)
 forall(dtype T | is_monitor(T))
-void bar(T * mutex t)); 
+void bar(T * mutex t));
 \end{cfacode}
 
@@ -267 +269 @@
 In addition to mutual exclusion, the monitors at the core of \CFA's concurrency can also be used to achieve synchronisation. With monitors, this is generally achieved with internal or external scheduling as in\cit. Since internal scheduling of single monitors is mostly a solved problem, this proposal concentraits on extending internal scheduling to multiple monitors at once. Indeed, like the \gls{group-acquire} semantics, internal scheduling extends to multiple monitors at once in a way that is natural to the user but requires additional complexity on the implementation side.
 
-First, Here is a simple example of such a technique:
+First, here is a simple example of such a technique:
 
 \begin{cfacode}
@@ -289 +291 @@
 \end{cfacode}
 
-There are two details to note here. First, there \code{signal} is a delayed operation, it only unblocks the waiting thread when it reaches the end of the critical section. This is needed to respect mutual-exclusion. Second, in \CFA, \code{condition} have no particular need to be stored inside a monitor, beyond any software engineering reasons. Here routine \code{foo} waits for the \code{signal} from \code{bar} before making further progress, effectively ensuring a basic ordering. 
+There are two details to note here. First, there \code{signal} is a delayed operation, it only unblocks the waiting thread when it reaches the end of the critical section. This is needed to respect mutual-exclusion. Second, in \CFA, \code{condition} have no particular need to be stored inside a monitor, beyond any software engineering reasons. Here routine \code{foo} waits for the \code{signal} from \code{bar} before making further progress, effectively ensuring a basic ordering.
 
 An important aspect to take into account here is that \CFA does not allow barging, which means that once function \code{bar} releases the monitor, foo is guaranteed to resume immediately after (unless some other thread waited on the same condition). This guarantees offers the benefit of not having to loop arount waits in order to guarantee that a condition is still met. The main reason \CFA offers this guarantee is that users can easily introduce barging if it becomes a necessity but adding barging prevention or barging avoidance is more involved without language support. Supporting barging prevention as well as extending internal scheduling to multiple monitors is the main source of complexity in the design of \CFA concurrency.
@@ -317 +319 @@
 \end{pseudo}
 \end{multicols}
-
-The previous example shows the simple case of having two threads (one for each column) and a single monitor A. One thread acquires before waiting (atomically blocking and releasing A) and the other acquires before signalling. There is an important thing to note here, both \code{wait} and \code{signal} must be called with the proper monitor(s) already acquired. This restriction is hidden on the user side in \uC, as it is a logical requirement for barging prevention. 
+The example shows the simple case of having two threads (one for each column) and a single monitor A. One thread acquires before waiting (atomically blocking and releasing A) and the other acquires before signalling. There is an important thing to note here, both \code{wait} and \code{signal} must be called with the proper monitor(s) already acquired. This restriction is hidden on the user side in \uC, as it is a logical requirement for barging prevention.
 
 A direct extension of the previous example is the \gls{group-acquire} version:
@@ -337 +338 @@
 \end{pseudo}
 \end{multicols}
-
 This version uses \gls{group-acquire} (denoted using the \& symbol), but the presence of multiple monitors does not add a particularly new meaning. Synchronization happens between the two threads in exactly the same way and order. The only difference is that mutual exclusion covers more monitors. On the implementation side, handling multiple monitors does add a degree of complexity as the next few examples demonstrate.
 
@@ -397 +397 @@
 \end{center}
 
-It is particularly important to pay attention to code sections 8 and 3, which are where the existing semantics of internal scheduling need to be extended for multiple monitors. The root of the problem is that \gls{group-acquire} is used in a context where one of the monitors is already acquired and is why it is important to define the behaviour of the previous pseudo-code. When the signaller thread reaches the location where it should "release A \& B" (line 17), it must actually transfer ownership of monitor B to the waiting thread. This ownership trasnfer is required in order to prevent barging. Since the signalling thread still needs the monitor A, simply waking up the waiting thread is not an option because it would violate mutual exclusion. We are therefore left with three options:
+It is particularly important to pay attention to code sections 8 and 3, which are where the existing semantics of internal scheduling need to be extended for multiple monitors. The root of the problem is that \gls{group-acquire} is used in a context where one of the monitors is already acquired and is why it is important to define the behaviour of the previous pseudo-code. When the signaller thread reaches the location where it should "release A \& B" (line 16), it must actually transfer ownership of monitor B to the waiting thread. This ownership trasnfer is required in order to prevent barging. Since the signalling thread still needs the monitor A, simply waking up the waiting thread is not an option because it would violate mutual exclusion. There are three options:
 
 \subsubsection{Delaying signals}
-The first more obvious solution to solve the problem of multi-monitor scheduling is to keep ownership of all locks until the last lock is ready to be transferred. It can be argued that that moment is the correct time to transfer ownership when the last lock is no longer needed is what fits most closely to the behaviour of single monitor scheduling. This solution has the main benefit of transferring ownership of groups of monitors, which simplifies the semantics from mutiple objects to a single groupd of object. Effectively making the existing single monitor semantic viable by simply changing monitors to monitor collections.
+The first more obvious solution to solve the problem of multi-monitor scheduling is to keep ownership of all locks until the last lock is ready to be transferred. It can be argued that that moment is the correct time to transfer ownership when the last lock is no longer needed because this semantics fits most closely to the behaviour of single monitor scheduling. This solution has the main benefit of transferring ownership of groups of monitors, which simplifies the semantics from mutiple objects to a single group of object, effectively making the existing single monitor semantic viable by simply changing monitors to monitor collections.
 \begin{multicols}{2}
 Waiter
@@ -424 +424 @@
 \end{pseudo}
 \end{multicols}
-However, this solution can become much more complicated depending on what is executed while secretly holding B. Indeed, nothing prevents a user from signalling monitor A on a different condition variable:
+However, this solution can become much more complicated depending on what is executed while secretly holding B (at line 10). Indeed, nothing prevents a user from signalling monitor A on a different condition variable:
 \newpage
 \begin{multicols}{2}
@@ -459 +459 @@
 \end{multicols}
 
-The goal in this solution is to avoid the need to transfer ownership of a subset of the condition monitors. However, this goal is unreacheable in the previous example. Depending on the order of signals (line 12 and 15) two cases can happen. Note that ordering is not determined by a race condition but by whether signalled threads are enqueued in FIFO or FILO order. However, regardless of the answer, users can move line 15 before line 11 and get the reverse effect.
-
-\paragraph{Case 1: thread 1 will go first.} In this case, the problem is that monitor A needs to be passed to thread 2 when thread 1 is done with it. 
-\paragraph{Case 2: thread 2 will go first.} In this case, the problem is that monitor B needs to be passed to thread 1. This can be done directly or using thread 2 as an intermediate. 
+The goal in this solution is to avoid the need to transfer ownership of a subset of the condition monitors. However, this goal is unreacheable in the previous example. Depending on the order of signals (line 12 and 15) two cases can happen.
+
+\paragraph{Case 1: thread 1 goes first.} In this case, the problem is that monitor A needs to be passed to thread 2 when thread 1 is done with it.
+\paragraph{Case 2: thread 2 goes first.} In this case, the problem is that monitor B needs to be passed to thread 1, which can be done directly or using thread 2 as an intermediate.
 \\
 
+Note that ordering is not determined by a race condition but by whether signalled threads are enqueued in FIFO or FILO order. However, regardless of the answer, users can move line 15 before line 11 and get the reverse effect.
+
 In both cases however, the threads need to be able to distinguish on a per monitor basis which ones need to be released and which ones need to be transferred. Which means monitors cannot be handled as a single homogenous group.
 
 \subsubsection{Dependency graphs}
-In the Listing 1 pseudo-code, there is a solution which would statisfy both barging prevention and mutual exclusion. If ownership of both monitors is transferred to the waiter when the signaller releases A and then the waiter transfers back ownership of A when it releases it then the problem is solved. Dynamically finding the correct order is therefore the second possible solution. The problem it encounters is that it effectively boils down to resolving a dependency graph of ownership requirements. Here even the simplest of code snippets requires two transfers and it seems to increase in a manner closer to polynomial. For example the following code which is just a direct extension to three monitors requires at least three ownership transfer and has multiple solutions: 
+In the Listing 1 pseudo-code, there is a solution which statisfies both barging prevention and mutual exclusion. If ownership of both monitors is transferred to the waiter when the signaller releases A and then the waiter transfers back ownership of A when it releases it then the problem is solved. Dynamically finding the correct order is therefore the second possible solution. The problem it encounters is that it effectively boils down to resolving a dependency graph of ownership requirements. Here even the simplest of code snippets requires two transfers and it seems to increase in a manner closer to polynomial. For example, the following code, which is just a direct extension to three monitors, requires at least three ownership transfer and has multiple solutions:
 
 \begin{multicols}{2}
@@ -496 +498 @@
 
 \subsubsection{Partial signalling}
-Finally, the solution that was chosen for \CFA is to use partial signalling. Consider the following case:
+Finally, the solution that is chosen for \CFA is to use partial signalling. Consider the following case:
 
 \begin{multicols}{2}
@@ -518 +520 @@
 \end{pseudo}
 \end{multicols}
-
-The partial signalling solution transfers ownership of monitor B at lines 10 but does not wake the waiting thread since it is still using monitor A. Only when it reaches line 11 does it actually wakeup the waiting thread. This solution has the benefit that complexity is encapsulated in to only two actions, passing monitors to the next owner when they should be release and conditionnaly waking threads if all conditions are met. Contrary to the other solutions, this solution quickly hits an upper bound on complexity of implementation.
+The partial signalling solution transfers ownership of monitor B at lines 10 but does not wake the waiting thread since it is still using monitor A. Only when it reaches line 11 does it actually wakeup the waiting thread. This solution has the benefit that complexity is encapsulated into only two actions, passing monitors to the next owner when they should be release and conditionnaly waking threads if all conditions are met. Contrary to the other solutions, this solution quickly hits an upper bound on complexity of implementation.
 
 % ======================================================================
@@ -526 +527 @@
 % ======================================================================
 % ======================================================================
-An important note is that, until now, signalling a monitor was a delayed operation. The ownership of the monitor is transferred only when the monitor would have otherwise been released, not at the point of the \code{signal} statement. However, in some cases, it may be more convenient for users to immediately transfer ownership to the thread that is waiting for cooperation. This is achieved using the \code{signal_block} routine\footnote{name to be discussed}.
+An important note is that, until now, signalling a monitor was a delayed operation. The ownership of the monitor is transferred only when the monitor would have otherwise been released, not at the point of the \code{signal} statement. However, in some cases, it may be more convenient for users to immediately transfer ownership to the thread that is waiting for cooperation, which is achieved using the \code{signal_block} routine\footnote{name to be discussed}.
 
 For example here is an example highlighting the difference in behaviour:
@@ -625 +626 @@
         bool inUse;
 public:
-        void P() { 
-                if(inUse) wait(c); 
+        void P() {
+                if(inUse) wait(c);
                 inUse = true;
         }
-        void V() { 
-                inUse = false;          
-                signal(c); 
+        void V() {
+                inUse = false;
+                signal(c);
         }
 }
@@ -639 +640 @@
         bool inUse;
 public:
-        void P() { 
-                if(inUse) _Accept(V); 
+        void P() {
+                if(inUse) _Accept(V);
                 inUse = true;
         }
-        void g() { 
+        void g() {
                 inUse = false;
 

doc/proposals/concurrency/version

@@ -1 @@
-0.9.119
+0.9.122

doc/proposals/virtual.txt

@@ -1 +1 @@
 Proposal for virtual functionality
+
+There are two types of virtual inheritance in this proposal, relaxed
+(implicit) and strict (explicit). Relaxed is the simpler case that uses the
+existing trait system with the addition of trait references and vtables.
+Strict adds some constraints and requires some additional notation but allows
+for down-casting.
+
+Relaxed Virtual Inheritance:
 
 Imagine the following code :
@@ -20 +28 @@
 void draw(line*);
 
-While all the members of this simple UI support drawing creating a UI that easily
-supports both these UI requires some tedious boiler-plate code :
+While all the members of this simple UI support drawing, creating a UI that
+easily supports both these UI requires some tedious boiler-plate code:
 
 enum type_t { text, line };
@@ -41 +49 @@
 }
 
-While this code will work as indented, adding any new widgets or any new widget behaviors
-requires changing existing code to add the desired functionality. To ease this maintenance
-effort required CFA introduces the concept of dynamic types, in a manner similar to C++.
-
-A simple usage of dynamic type with the previous example would look like :
-
-drawable* objects[10];
+While this code will work as implemented, adding any new widgets or any new
+widget behaviors requires changing existing code to add the desired
+functionality. To ease this maintenance effort required CFA introduces the
+concept of trait references.
+
+Using trait references to implement the above gives the following :
+
+trait drawable objects[10];
 fill_objects(objects);
 
 while(running) {
-      for(drawable* object : objects) {
+      for(drawable object : objects) {
             draw(object);
       }
 }
 
-However, this is not currently do-able in the current CFA and furthermore is not
-possible to implement statically. Therefore we need to add a new feature to handle
-having dynamic types like this (That is types that are found dynamically not types
-that change dynamically).
-
-C++ uses inheritance and virtual functions to find the
-desired type dynamically. CFA takes inspiration from this solution.
-
-What we really want to do is express the fact that calling draw() on a object
-should find the dynamic type of the parameter before calling the routine, much like the
-hand written example given above. We can express this by adding the virtual keyword on
-the parameter of the constraints on our trait:
+The keyword trait is optional (by the same rules as the struct keyword). This
+is not currently supported in CFA and the lookup is not possible to implement
+statically. Therefore we need to add a new feature to handle having dynamic
+lookups like this.
+
+What we really want to do is express the fact that calling draw() on a trait
+reference should find the underlying type of the given parameter and find how
+it implements the routine, as in the example with the enumeration and union.
+
+For instance specifying that the drawable trait reference looks up the type
+of the first argument to find the implementation would be :
 
 trait drawable(otype T) {
@@ -73 +81 @@
 };
 
-This expresses the idea that drawable is similar to an abstract base class in C++ and
-also gives meaning to trying to take a pointer of drawable. That is anything that can
-be cast to a drawable pointer has the necessary information to call the draw routine on
-that type. Before that drawable was only a abstract type while now it also points to a
-piece of storage which specify which behavior the object will have at run time.
-
-This storage needs to be allocate somewhere. C++ just adds an invisible pointer at
-the beginning of the struct but we can do something more explicit for users, actually
-have a visible special field :
-
-struct text {
-      char* text;
-      vtable drawable;
-};
-
-struct line{
-      vtable drawable;
-      vec2 start;
-      vec2 end;
-};
-
-With these semantics, adding a "vtable drawable" means that text pointers and line pointers are now
-convertible to drawable pointers. This conversion will not necessarily be a type only change however, indeed,
-the drawable pointer will point to the field "vtable drawable" not the head of the struct. However, since all
-the types are known at compile time, converting pointers becomes a simple offset operations.
-
-The vtable field contains a pointer to a vtable which contains all the information needed for the caller
-to find the function pointer of the desired behavior.
-
-One of the limitations of this design is that it does not support double dispatching, which
-concretely means traits cannot have routines with more than one virtual parameter. This design
-would have many ambiguities if it did support multiple virtual parameter. A futher limitation is 
-that traits over more than one type cannot have vtables meaningfully defined for them, as the 
-particular vtable to use would be a function of the other type(s) the trait is defined over.
-
-It is worth noting that the function pointers in these vtables are bound at object construction, rather than 
-function call-site, as in Cforall's existing polymorphic functions. As such, it is possible that two objects 
-with the same static type would have a different vtable (consider what happens if draw(line*) is overridden 
-between the definitions of two line objects). Given that the virtual drawable* erases static types though, 
-this should not be confusing in practice. A more distressing possibility is that of creating an object that 
-outlives the scope of one of the functions in its vtable. This is certainly a possible bug, but it is of a 
-type that C programmers are familiar with, and should be able to avoid by the usual methods.
-
-Extensibility.
-
-One of the obvious critics of this implementation is that it lacks extensibility for classes
-that cannot be modified (ex: Linux C headers). However this solution can be extended to
-allow more extensibility by adding "Fat pointers".
-
-Indeed, users could already "solve" this issue by writing their own fat pointers as such:
-
-trait MyContext(otype T) {
-      void* get_stack(virtual T*)
-};
-
-void* get_stack(ucontext_t *context);
-
-struct fat_ucontext_t {
-      vtable MyContext;
-      ucontext_t *context;
-}
-
-//Tedious forwarding routine
-void* get_stack(fat_ucontext_t *ptr) {
-      return get_stack(ptr->context);
-}
-
-However, users would have to write all the virtual methods they want to override and make
-them all simply forward to the existing method that takes the corresponding POCO(Plain Old C Object).
-
-The alternative we propose is to use language level fat pointers :
-
-trait MyContext(otype T) {
-      void* get_stack(virtual T*)
-};
-
-void* get_stack(ucontext_t *context);
-
-//The type vptr(ucontext_t) all
-vptr(ucontext_t) context;
-
-These behave exactly as the previous example but all the forwarding routines are automatically generated.
-
-Bikeshedding.
-
-It may be desirable to add fewer new keywords than discussed in this proposal; it is possible that "virtual" 
-could replace both "vtable" and "vptr" above with unambiguous contextual meaning. However, for purposes of 
-clarity in the design discussion it is beneficial to keep the keywords for separate concepts distinct.
-
+This could be implied in simple cases like this one (single parameter on the
+trait and single generic parameter on the function). In more complex cases it
+would have to be explicitly given, or a strong convention would have to be
+enforced (e.g. implementation of trait functions is always drawn from the
+first polymorphic parameter).
+
+Once a function in a trait has been marked as virtual it defines a new
+function that takes in that trait's reference and then dynamically calls the
+underlying type implementation. Hence a trait reference becomes a kind of
+abstract type, cannot be directly instantiated but can still be used.
+
+One of the limitations of this design is that it does not support double
+dispatching, which concretely means traits cannot have routines with more than
+one virtual parameter. The program must have a single table to look up the
+function on. Using trait references with traits with more than one parameter
+is also restricted, initially forbidden, see extension.
+
+Extension: Multi-parameter Virtual Traits:
+
+This implementation can be extended to traits with multiple parameters if
+one is called out as being the virtual trait. For example :
+
+trait iterator(otype T, dtype Item) {
+        Maybe(Item) next(virtual T *);
+}
+
+iterator(int) generators[10];
+
+Which creates a collection of iterators that produce integers, regardless of
+how those iterators are implemented. This may require a note that this trait
+is virtual on T and not Item, but noting it on the functions may be enough.
+
+
+Strict Virtual Inheritance:
+
+One powerful feature relaxed virtual does not support is the idea of down
+casting. Once something has been converted into a trait reference there is
+very little we can do to recover and of the type information, only the trait's
+required function implementations are kept.
+
+To allow down casting strict virtual requires that all traits and structures
+involved be organized into a tree. Each trait or struct must have a unique
+position on this tree (no multiple inheritance).
+
+This is declared as follows :
+
+trait error(otype T) virtual {
+        const char * msg(T *);
+}
+
+trait io_error(otype T) virtual error {
+        FILE * src(T *);
+}
+
+struct eof_error virtual io_error {
+        FILE * fd;
+};
+
+So the trait error is the head of a new tree and io_error is a child of it.
+
+Also the parent trait is implicitly part of the assertions of the children,
+so all children implement the same operations as the parent. By the unique
+path down the tree, we can also uniquely order them so that a prefix of a
+child's vtable has the same format as its parent's.
+
+This gives us an important extra feature, runtime checking of the parent-child
+relationship with a C++ dynamic_cast like operation. Allowing checked
+conversions from trait references to more particular references, which works
+if the underlying type is, or is a child of, the new trait type.
+
+Extension: Multiple Parents
+
+Although each trait/struct must have a unique position on each tree, it could
+have positions on multiple trees. All this requires is the ability to give
+multiple parents, as here :
+
+trait region(otype T) virtual drawable, collider;
+
+The restriction being, the parents must come from different trees. This
+object (and all of its children) can be cast to either tree. This is handled
+by generating a separate vtable for each tree the structure is in.
+
+Extension: Multi-parameter Strict Virtual
+
+If a trait has multiple parameters then one must be called out to be the one
+we generate separate vtables for, as in :
+
+trait example(otype T, otype U) virtual(T) ...
+
+This can generate a separate vtable for each U for which all the T+U
+implementations are provided. These are then separate nodes in the tree (or
+the root of different trees) as if each was created individually. Providing a
+single unique instance of these nodes would be the most difficult aspect of
+this extension, possibly intractable, though with sufficient hoisting and
+link-once duplication it may be possible.
+
+Example:
+
+trait argument(otype T) virtual {
+        char short_name(virtual T *);
+        bool is_set(virtual T *);
+};
+
+trait value_argument(otype T, otype U) virtual(T) argument {
+        U get_value(virtual T *);
+};
+
+Extension: Structural Inheritance
+
+Currently traits must be the internal nodes and structs the leaf nodes.
+Structs could be made internal nodes as well, in which case the child structs
+would likely structurally inherit the fields of their parents.
+
+
+Storing the Virtual Lookup Table (vtable):
+
+We have so far been silent on how the vtable is created, stored and accessed.
+
+Creation happens at compile time. Function pointers are found by using the
+same best match rules as elsewhere (additional rules for defaults from the
+parent may or may not be required). For strict virtual this must happen at the
+global scope and forbidding static functions, to ensure that a single unique
+vtable is created. Similarly, there may have to be stricter matching rules
+for the functions that go into the vtable, possibly requiring an exact match.
+Relaxed virtual could relax both restrictions, if we allow different vtable
+at different conversion (struct to trait reference) sites. If it is allowed
+local functions being bound to a vtable could cause issues when they go out
+of scope, however this should follow the lifetime rules most C programs
+already follow implicitly.
+
+Most vtables should be stored statically, the only exception being some of
+the relaxed vtables that could have local function pointers. These may be able
+to be stack allocated. All vtables should be immutable and require no manual
+cleanup.
+
+Access has two main options:
+
+The first is through the use of fat pointers, or a tuple of pointers. When the
+object is converted to a trait reference, the pointers to its vtables are
+stored along side it.
+
+This allows for compatibility with existing structures (such as those imported
+from C) and is the default storage method unless a different one is given.
+
+The other is by inlining the vtable pointer as "intrusive vtables". This adds
+a field to the structure to the vtable. The trait reference then has a single
+pointer to this field, the vtable includes an offset to find the beginning of
+the structure again.
+
+This is used if you specify a vtable field in the structure. If given in the
+trait the vtable pointer in the trait reference can then become a single
+pointer to the vtable field and use that to recover the original object
+pointer as well as retrieve all operations.
+
+trait drawable(otype T) {
+        vtable drawable;
+};
+
+struct line {
+        vtable drawable;
+        vec2 start;
+        vec2 end;
+};
+
+This inline code allows trait references to be converted to plain pointers
+(although they still must be called specially). The vtable field may just be
+an opaque block of memory or it may allow user access to the vtable. If so
+then there should be some way to retrieve the type of the vtable, which will be
+autogenerated and often unique.
+
+
+Keyword Usage:
+
+It may be desirable to add fewer new keywords than discussed in this proposal.
+It is possible that "virtual" could replace both "vtable" above with
+unambiguous contextual meaning. However, for purposes of clarity in the design
+discussion it is beneficial to keep the keywords for separate concepts distinct.
+
+
+Trait References and Operations:
+
+sizeof(drawable) will return the size of the trait object itself. However :
+
+line a_line;
+drawable widget = a_line;
+sizeof(widget);
+
+Will instead return the sizeof the underlying object, although the trait must
+require that its implementation is sized for there to be a meaningful value
+to return. You may also get the size of the trait reference with
+
+sizeof(&widget);
+
+Calling free on a trait reference will free the memory for the object. It will
+leave the vtables alone, as those are (always?) statically allocated.

doc/refrat/Makefile

@@ -9 +9 @@
 SOURCES = ${addsuffix .tex, \
 refrat \
+keywords \
+operidents \
 }
 

doc/refrat/refrat.tex

@@ -11 +11 @@
 %% Created On       : Wed Apr  6 14:52:25 2016
 %% Last Modified By : Peter A. Buhr
-%% Last Modified On : Fri Jun  2 10:43:14 2017
-%% Update Count     : 83
+%% Last Modified On : Sun Aug  6 10:25:31 2017
+%% Update Count     : 105
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 % requires tex packages: texlive-base texlive-latex-base tex-common texlive-humanities texlive-latex-extra texlive-fonts-recommended
 
-\documentclass[openright,twoside]{report}
+\documentclass[openright,twoside,11pt]{report}
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -37 +37 @@
 \usepackage{mathptmx}                                   % better math font with "times"
 \usepackage[usenames]{color}
-\usepackage[pagewise]{lineno}
-\renewcommand{\linenumberfont}{\scriptsize\sffamily}
-\input{common}                                          % bespoke macros used in the document
+\input{common}                                          % common CFA document macros
 \usepackage[dvips,plainpages=false,pdfpagelabels,pdfpagemode=UseNone,colorlinks=true,pagebackref=true,linkcolor=blue,citecolor=blue,urlcolor=blue,pagebackref=true,breaklinks=true]{hyperref}
 \usepackage{breakurl}
 \renewcommand{\UrlFont}{\small\sf}
 
+\usepackage[pagewise]{lineno}
+\renewcommand{\linenumberfont}{\scriptsize\sffamily}
+\usepackage[firstpage]{draftwatermark}
+\SetWatermarkLightness{0.9}
+
+% Default underscore is too low and wide. Cannot use lstlisting "literate" as replacing underscore
+% removes it as a variable-name character so keywords in variables are highlighted. MUST APPEAR
+% AFTER HYPERREF.
+\renewcommand{\textunderscore}{\leavevmode\makebox[1.2ex][c]{\rule{1ex}{0.075ex}}}
+
 \setlength{\topmargin}{-0.45in}                                                 % move running title into header
 \setlength{\headsep}{0.25in}
@@ -50 +58 @@
 
 \CFAStyle                                                                                               % use default CFA format-style
+\lstnewenvironment{C++}[1][]                            % use C++ style
+{\lstset{language=C++,moredelim=**[is][\protect\color{red}]{®}{®}#1}}
+{}
 
 % inline code ©...© (copyright symbol) emacs: C-q M-)
@@ -87 +98 @@
 
 \date{
-DRAFT \\ \today
+\today
 }% date
 
@@ -112 +123 @@
 
 \clearpage
+\thispagestyle{plain}
 \pdfbookmark[1]{Contents}{section}
 \tableofcontents
 
 \clearpage
+\thispagestyle{plain}
 \pagenumbering{arabic}
 
@@ -417 +430 @@
 
 \begin{syntax}
-\oldlhs{keyword}
-\rhs ©forall©
-\rhs ©lvalue©
-\rhs ©trait©
-\rhs ©dtype©
-\rhs ©ftype©
-\rhs ©otype©
+\lhs{keyword} one of
+\rhs \dots
+\rhs \input{keywords}
 \end{syntax}
 
@@ -469 +478 @@
 
 \begin{table}[hbt]
-\hfil
-\begin{tabular}[t]{ll}
-%identifier & operation \\ \hline
-©?[?]© & subscripting \impl{?[?]}\\
-©?()© & function call \impl{?()}\\
-©?++© & postfix increment \impl{?++}\\
-©?--© & postfix decrement \impl{?--}\\
-©++?© & prefix increment \impl{++?}\\
-©--?© & prefix decrement \impl{--?}\\
-©*?© & dereference \impl{*?}\\
-©+?© & unary plus \impl{+?}\\
-©-?© & arithmetic negation \impl{-?}\\
-©~?© & bitwise negation \impl{~?}\\
-©!?© & logical complement \impl{"!?}\\
-©?*?© & multiplication \impl{?*?}\\
-©?/?© & division \impl{?/?}\\
-\end{tabular}\hfil
-\begin{tabular}[t]{ll}
-%identifier & operation \\ \hline
-©?%?© & remainder \impl{?%?}\\
-©?+?© & addition \impl{?+?}\\
-©?-?© & subtraction \impl{?-?}\\
-©?<<?© & left shift \impl{?<<?}\\
-©?>>?© & right shift \impl{?>>?}\\
-©?<?© & less than \impl{?<?}\\
-©?<=?© & less than or equal \impl{?<=?}\\
-©?>=?© & greater than or equal \impl{?>=?}\\
-©?>?© & greater than \impl{?>?}\\
-©?==?© & equality \impl{?==?}\\
-©?!=?© & inequality \impl{?"!=?}\\
-©?&?© & bitwise AND \impl{?&?}\\
-\end{tabular}\hfil
-\begin{tabular}[t]{ll}
-%identifier & operation \\ \hline
-©?^?© & exclusive OR \impl{?^?}\\
-©?|?© & inclusive OR \impl{?"|?}\\
-©?=?© & simple assignment \impl{?=?}\\
-©?*=?© & multiplication assignment \impl{?*=?}\\
-©?/=?© & division assignment \impl{?/=?}\\
-©?%=?© & remainder assignment \impl{?%=?}\\
-©?+=?© & addition assignment \impl{?+=?}\\
-©?-=?© & subtraction assignment \impl{?-=?}\\
-©?<<=?© & left-shift assignment \impl{?<<=?}\\
-©?>>=?© & right-shift assignment \impl{?>>=?}\\
-©?&=?© & bitwise AND assignment \impl{?&=?}\\
-©?^=?© & exclusive OR assignment \impl{?^=?}\\
-©?|=?© & inclusive OR assignment \impl{?"|=?}\\
-\end{tabular}
-\hfil
+\centering
+\input{operidents}
 \caption{Operator Identifiers}
 \label{opids}

doc/rob_thesis/Makefile

@@ -1 @@
-## Define the appropriate configuration variables.
-
-TeXLIB = .:../LaTeXmacros:../LaTeXmacros/listings:../LaTeXmacros/enumitem:../bibliography/:
+TeXLIB = .:../LaTeXmacros:../bibliography/:
 LaTeX  = TEXINPUTS=${TeXLIB} && export TEXINPUTS && pdflatex -halt-on-error
 BibTeX = BIBINPUTS=${TeXLIB} && export BIBINPUTS && bibtex
 
-## Define the text source files.
+all : thesis.pdf
 
-# SOURCES = ${addsuffix .tex, \
-# thesis \
-# }
+thesis.pdf : Makefile ../LaTeXmacros/common.tex cfa-format.tex thesis.tex intro.tex ctordtor.tex tuples.tex variadic.tex conclusions.tex
+        ${LaTeX} thesis
+        ${BibTeX} thesis
+        ${LaTeX} thesis
+        ${LaTeX} thesis
+        pdf2ps thesis.pdf thesis.ps
 
-# FIGURES = ${addsuffix .tex, \
-# }
-
-# PICTURES = ${addsuffix .pstex, \
-# }
-
-# PROGRAMS = ${addsuffix .tex, \
-# }
-
-# GRAPHS = ${addsuffix .tex, \
-# }
-
-# ## Define the documents that need to be made.
-
-# DOCUMENT = thesis.pdf
-
-# Directives #
-
-# all : ${DOCUMENT}
-
-# clean :
-#       rm -f *.bbl *.aux *.dvi *.idx *.ilg *.ind *.brf *.out *.log *.toc *.blg *.pstex_t *.cf \
-#               ${FIGURES} ${PICTURES} ${PROGRAMS} ${GRAPHS} ${basename ${DOCUMENT}}.ps ${DOCUMENT}
-
-# File Dependencies #
-
-# ${DOCUMENT} : ${basename ${DOCUMENT}}.ps
-#       ps2pdf $<
-
-# ${basename ${DOCUMENT}}.ps : ${basename ${DOCUMENT}}.dvi
-#       dvips $< -o $@
-
-# ${basename ${DOCUMENT}}.dvi : Makefile ${GRAPHS} ${PROGRAMS} ${PICTURES} ${FIGURES} ${SOURCES} ${basename ${DOCUMENT}}.tex \
-#               ../LaTeXmacros/common.tex ../LaTeXmacros/indexstyle ../bibliography/cfa.bib
-#       # Conditionally create an empty *.ind (index) file for inclusion until makeindex is run.
-#       if [ ! -r ${basename $@}.ind ] ; then touch ${basename $@}.ind ; fi
-#       # Must have *.aux file containing citations for bibtex
-#       if [ ! -r ${basename $@}.aux ] ; then ${LaTeX} ${basename $@}.tex ; fi
-#       -${BibTeX} ${basename $@}
-#       # Some citations reference others so run steps again to resolve these citations
-#       ${LaTeX} ${basename $@}.tex
-#       -${BibTeX} ${basename $@}
-#       # Make index from *.aux entries and input index at end of document
-#       makeindex -s ../LaTeXmacros/indexstyle ${basename $@}.idx
-#       ${LaTeX} ${basename $@}.tex
-#       # Run again to get index title into table of contents
-#       ${LaTeX} ${basename $@}.tex
-
-# predefined :
-#       sed -f predefined.sed ${basename ${DOCUMENT}}.tex > ${basename $@}.cf
-
-# ## Define the default recipes.
-
-# %.tex : %.fig
-#       fig2dev -L eepic $< > $@
-
-# %.ps : %.fig
-#       fig2dev -L ps $< > $@
-
-# %.pstex : %.fig
-#       fig2dev -L pstex $< > $@
-#       fig2dev -L pstex_t -p $@ $< > $@_t
-
-
-all:
-        $(LaTeX) thesis
-        $(BibTeX) thesis
-        $(LaTeX) thesis
-        $(LaTeX) thesis
-
-clean:
+clean :
         rm -f *.aux *.bbl *.blg *.lof *.log *.lot *.out *.toc
 
-splotless: clean
-        rm -f thesis.pdf
+spotless : clean
+        rm -f thesis.pdf thesis.ps

doc/rob_thesis/thesis.tex

@@ -135 +135 @@
     pdfpagelabels=true,     % adds page number as label in Acrobat's page count
     bookmarks=true,         % show bookmarks bar?
-    unicode=false,          % non-Latin characters in Acrobat’s bookmarks
-    pdftoolbar=true,        % show Acrobat’s toolbar?
-    pdfmenubar=true,        % show Acrobat’s menu?
+    unicode=false,          % non-Latin characters in Acrobat's bookmarks
+    pdftoolbar=true,        % show Acrobat's toolbar?
+    pdfmenubar=true,        % show Acrobat's menu?
     pdffitwindow=false,     % window fit to page when opened
     pdfstartview={FitH},    % fits the width of the page to the window

doc/user/EHMHierarchy.fig

@@ -1 @@
-#FIG 3.2  Produced by xfig version 3.2.5b
+#FIG 3.2  Produced by xfig version 3.2.5c
 Landscape
 Center
@@ -19 +19 @@
 2 1 0 1 0 7 100 0 -1 0.000 0 0 -1 1 0 2
         1 1 1.00 60.00 90.00
-         1950 1425 3000 1200
+         1950 1425 2925 1200
 2 1 0 1 0 7 100 0 -1 0.000 0 0 -1 1 0 2
         1 1 1.00 60.00 90.00
@@ -29 +29 @@
         1 1 1.00 60.00 90.00
          4950 1950 4950 1725
-4 1 0 100 0 0 12 0.0000 0 135 195 1950 1650 IO\001
-4 1 0 100 0 0 12 0.0000 0 135 870 4950 1650 Arithmetic\001
-4 1 0 100 0 0 12 0.0000 0 135 315 1350 2100 File\001
-4 1 0 100 0 0 12 0.0000 0 135 690 2550 2100 Network\001
-4 1 0 100 0 0 12 0.0000 0 180 1170 3750 2100 DivideByZero\001
-4 1 0 100 0 0 12 0.0000 0 135 750 4950 2100 Overflow\001
-4 1 0 100 0 0 12 0.0000 0 135 855 6000 2100 Underflow\001
-4 1 0 100 0 0 12 0.0000 0 180 840 3450 1200 Exception\001
+4 1 0 50 -1 0 13 0.0000 2 135 225 1950 1650 IO\001
+4 1 0 50 -1 0 13 0.0000 2 135 915 4950 1650 Arithmetic\001
+4 1 0 50 -1 0 13 0.0000 2 150 330 1350 2100 File\001
+4 1 0 50 -1 0 13 0.0000 2 135 735 2550 2100 Network\001
+4 1 0 50 -1 0 13 0.0000 2 180 1215 3750 2100 DivideByZero\001
+4 1 0 50 -1 0 13 0.0000 2 150 810 4950 2100 Overflow\001
+4 1 0 50 -1 0 13 0.0000 2 150 915 6000 2100 Underflow\001
+4 1 0 50 -1 0 13 0.0000 2 180 855 3450 1200 Exception\001

doc/user/Makefile

@@ -9 +9 @@
 SOURCES = ${addsuffix .tex, \
 user \
+../refrat/keywords \
+../refrat/operidents \
 }
 

doc/user/user.tex

@@ -11 +11 @@
 %% Created On       : Wed Apr  6 14:53:29 2016
 %% Last Modified By : Peter A. Buhr
-%% Last Modified On : Thu Jul 13 11:44:57 2017
-%% Update Count     : 2690
+%% Last Modified On : Sun Aug  6 10:24:21 2017
+%% Update Count     : 3036
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
@@ -37 +37 @@
 \usepackage{mathptmx}                                   % better math font with "times"
 \usepackage[usenames]{color}
-\usepackage[pagewise]{lineno}
-\renewcommand{\linenumberfont}{\scriptsize\sffamily}
 \input{common}                                          % common CFA document macros
 \usepackage[dvips,plainpages=false,pdfpagelabels,pdfpagemode=UseNone,colorlinks=true,pagebackref=true,linkcolor=blue,citecolor=blue,urlcolor=blue,pagebackref=true,breaklinks=true]{hyperref}
@@ -44 +42 @@
 \renewcommand{\UrlFont}{\small\sf}
 
+\usepackage[pagewise]{lineno}
+\renewcommand{\linenumberfont}{\scriptsize\sffamily}
+\usepackage[firstpage]{draftwatermark}
+\SetWatermarkLightness{0.9}
+
 % Default underscore is too low and wide. Cannot use lstlisting "literate" as replacing underscore
 % removes it as a variable-name character so keywords in variables are highlighted. MUST APPEAR
 % AFTER HYPERREF.
-\renewcommand{\_}{\leavevmode\makebox[1.2ex][c]{\rule{1ex}{0.075ex}}}
 \renewcommand{\textunderscore}{\leavevmode\makebox[1.2ex][c]{\rule{1ex}{0.075ex}}}
 
@@ -56 +58 @@
 
 \CFAStyle                                                                                               % use default CFA format-style
-
-\lstnewenvironment{C++}[1][]
+\lstnewenvironment{C++}[1][]                            % use C++ style
 {\lstset{language=C++,moredelim=**[is][\protect\color{red}]{®}{®}#1}}
 {}
@@ -78 +79 @@
 \newcommand{\B}[1]{{\Textbf[blue]{#1}}}
 \newcommand{\G}[1]{{\Textbf[OliveGreen]{#1}}}
+\newcommand{\KWC}{K-W C\xspace}
 
 \newsavebox{\LstBox}
@@ -105 +107 @@
 
 \date{
-DRAFT \\ \today
+\today
 }% date
 
@@ -197 +199 @@
 This document is a programmer reference-manual for the \CFA programming language.
 The manual covers the core features of the language and runtime-system, with simple examples illustrating syntax and semantics of each feature.
-The manual does not teach programming, i.e., how to combine the new constructs to build complex programs.
+The manual does not teach programming, \ie how to combine the new constructs to build complex programs.
 A reader should already have an intermediate knowledge of control flow, data structures, and concurrency issues to understand the ideas presented, as well as some experience programming in C/\CC.
 Implementers should refer to the \CFA Programming Language Specification for details about the language syntax and semantics.
@@ -247 +249 @@
 \section{History}
 
-The \CFA project started with \Index*{K-W C}~\cite{Buhr94a,Till89}, which extended C with new declaration syntax, multiple return values from routines, and advanced assignment capabilities using the notion of tuples.
+The \CFA project started with \Index*{Dave Till}\index{Till, Dave}'s \Index*{K-W C}~\cite{Buhr94a,Till89}, which extended C with new declaration syntax, multiple return values from routines, and advanced assignment capabilities using the notion of tuples.
 (See~\cite{Werther96} for similar work in \Index*[C++]{\CC{}}.)
-The first \CFA implementation of these extensions was by Esteves~\cite{Esteves04}.
-
-The signature feature of \CFA is \Index{overload}able \Index{parametric-polymorphic} functions~\cite{forceone:impl,Cormack90,Duggan96} with functions generalized using a ©forall© clause (giving the language its name):
+The first \CFA implementation of these extensions was by \Index*{Rodolfo Esteves}\index{Esteves, Rodolfo}~\cite{Esteves04}.
+
+The signature feature of \CFA is \emph{\Index{overload}able} \Index{parametric-polymorphic} functions~\cite{forceone:impl,Cormack90,Duggan96} with functions generalized using a ©forall© clause (giving the language its name):
 \begin{lstlisting}
 ®forall( otype T )® T identity( T val ) { return val; }
@@ -257 +259 @@
 \end{lstlisting}
 % extending the C type system with parametric polymorphism and overloading, as opposed to the \Index*[C++]{\CC{}} approach of object-oriented extensions.
-\CFA{}\hspace{1pt}'s polymorphism was originally formalized by Ditchfiled~\cite{Ditchfield92}, and first implemented by Bilson~\cite{Bilson03}.
+\CFA{}\hspace{1pt}'s polymorphism was originally formalized by \Index*{Glen Ditchfield}\index{Ditchfield, Glen}~\cite{Ditchfield92}, and first implemented by \Index*{Richard Bilson}\index{Bilson, Richard}~\cite{Bilson03}.
 However, at that time, there was little interesting in extending C, so work did not continue.
 As the saying goes, ``\Index*{What goes around, comes around.}'', and there is now renewed interest in the C programming language because of legacy code-bases, so the \CFA project has been restarted.
@@ -270 +272 @@
 Language developers often state that adequate \Index{library support} takes more work than designing and implementing the language itself.
 Fortunately, \CFA, like \Index*[C++]{\CC{}}, starts with immediate access to all exiting C libraries, and in many cases, can easily wrap library routines with simpler and safer interfaces, at very low cost.
-Hence, \CFA begins by leveraging the large repository of C libraries at little cost.
+Hence, \CFA begins by leveraging the large repository of C libraries, and than allows programmers to incrementally augment their C programs with modern \Index{backward-compatible} features.
 
 \begin{comment}
@@ -318 +320 @@
 \begin{cfa}
 char abs( char );
-®extern "C" {®
-int abs( int );                                                 §\C{// use default C routine for int}§
-®}® // extern "C"
+®extern "C" {® int abs( int ); ®}®              §\C{// use default C routine for int}§
 long int abs( long int );
 long long int abs( long long int );
@@ -335 +335 @@
 Hence, there is the same need as in \CC, to know if a name is a C or \CFA name, so it can be correctly formed.
 There is no way around this problem, other than C's approach of creating unique names for each pairing of operation and type.
+
 This example strongly illustrates a core idea in \CFA: \emph{the \Index{power of a name}}.
 The name ``©abs©'' evokes the notion of absolute value, and many mathematical types provide the notion of absolute value.
@@ -343 +344 @@
 \section[Compiling a CFA Program]{Compiling a \CFA Program}
 
-The command ©cfa© is used to compile \CFA program(s), and is based on the GNU \Indexc{gcc} command, \eg:
-\begin{cfa}
-cfa§\indexc{cfa}\index{compilation!cfa@©cfa©}§ [ gcc-options ] C/§\CFA{}§-files [ assembler/loader-files ]
+The command ©cfa© is used to compile a \CFA program and is based on the \Index{GNU} \Indexc{gcc} command, \eg:
+\begin{cfa}
+cfa§\indexc{cfa}\index{compilation!cfa@©cfa©}§ [ gcc-options ] [ C/§\CFA{}§ source-files ] [ assembler/loader files ]
 \end{cfa}
 \CFA programs having the following ©gcc© flags turned on:
@@ -353 +354 @@
 The 1999 C standard plus GNU extensions.
 \item
-{\lstset{deletekeywords={inline}}
-\Indexc{-fgnu89-inline}\index{compilation option!-fgnu89-inline@{©-fgnu89-inline©}}
+\Indexc[deletekeywords=inline]{-fgnu89-inline}\index{compilation option!-fgnu89-inline@{\lstinline[deletekeywords=inline]$-fgnu89-inline$}}
 Use the traditional GNU semantics for inline routines in C99 mode, which allows inline routines in header files.
-}%
 \end{description}
 The following new \CFA options are available:
@@ -363 +362 @@
 \Indexc{-CFA}\index{compilation option!-CFA@©-CFA©}
 Only the C preprocessor and the \CFA translator steps are performed and the transformed program is written to standard output, which makes it possible to examine the code generated by the \CFA translator.
-The generated code started with the standard \CFA prelude.
+The generated code starts with the standard \CFA \Index{prelude}.
 
 \item
@@ -375 +374 @@
 \Indexc{-nodebug}\index{compilation option!-nodebug@©-nodebug©}
 The program is linked with the non-debugging version of the runtime system, so the execution of the program is faster.
-\Emph{However, no runtime checks or ©assert©s are performed so errors usually result in abnormal program termination.}
+\Emph{However, no runtime checks or ©assert©s are performed so errors usually result in abnormal program behaviour or termination.}
 
 \item
@@ -395 +394 @@
 \textbf{This option is the default.}
 
+\begin{comment}
 \item
 \Indexc{-no-include-stdhdr}\index{compilation option!-no-include-stdhdr@©-no-include-stdhdr©}
 Do not supply ©extern "C"© wrappers for \Celeven standard include files (see~\VRef{s:StandardHeaders}).
 \textbf{This option is \emph{not} the default.}
+\end{comment}
 \end{description}
 
@@ -419 +420 @@
 \item
 \Indexc{__CFA__}\index{preprocessor variables!__CFA__@©__CFA__©},
-\Indexc{__CFORALL__}\index{preprocessor variables!__CFORALL__@©__CFORALL__©} and
+\Indexc{__CFORALL__}\index{preprocessor variables!__CFORALL__@©__CFORALL__©}, and
 \Indexc{__cforall}\index{preprocessor variables!__cforall@©__cforall©}
 are always available during preprocessing and have no value.
@@ -472 +473 @@
 \label{s:BackquoteIdentifiers}
 
-\CFA introduces in new keywords (see \VRef{s:CFAKeywords}) that can clash with existing C variable-names in legacy code.
+\CFA introduces several new keywords (see \VRef{s:CFAKeywords}) that can clash with existing C variable-names in legacy code.
 Keyword clashes are accommodated by syntactic transformations using the \CFA backquote escape-mechanism:
 \begin{cfa}
@@ -478 +479 @@
 double ®`®forall®`® = 3.5;
 \end{cfa}
+
 Existing C programs with keyword clashes can be converted by enclosing keyword identifiers in backquotes, and eventually the identifier name can be changed to a non-keyword name.
-\VRef[Figure]{f:InterpositionHeaderFile} shows how clashes in C header files (see~\VRef{s:StandardHeaders}) can be handled using preprocessor \newterm{interposition}: ©#include_next© and ©-I filename©:
+\VRef[Figure]{f:HeaderFileInterposition} shows how clashes in existing C header-files (see~\VRef{s:StandardHeaders}) can be handled using preprocessor \newterm{interposition}: ©#include_next© and ©-I filename©.
+Several common C header-files with keyword clashes are fixed in the standard \CFA header-library, so there is a seamless programming-experience.
 
 \begin{figure}
 \begin{cfa}
-// include file uses the CFA keyword "otype".
-#if ! defined( otype )                  §\C{// nesting ?}§
-#define otype ®`®otype®`®               §\C{// make keyword an identifier}§
+// include file uses the CFA keyword "with".
+#if ! defined( with )                   §\C{// nesting ?}§
+#define with ®`®with®`®                 §\C{// make keyword an identifier}§
 #define __CFA_BFD_H__
-#endif // ! otype
-
-#®include_next® <bfd.h>                 §\C{// must have internal check for multiple expansion}§
-
-#if defined( otype ) && defined( __CFA_BFD_H__ )        §\C{// reset only if set}§
-#undef otype
+#endif
+
+®#include_next <bfdlink.h>              §\C{// must have internal check for multiple expansion}§
+®
+#if defined( with ) && defined( __CFA_BFD_H__ ) §\C{// reset only if set}§
+#undef with
 #undef __CFA_BFD_H__
-#endif // otype && __CFA_BFD_H__
-\end{cfa}
-\caption{Interposition of Header File}
-\label{f:InterpositionHeaderFile}
+#endif
+\end{cfa}
+\caption{Header-File Interposition}
+\label{f:HeaderFileInterposition}
 \end{figure}
 
@@ -505 +508 @@
 While C provides ©continue© and ©break© statements for altering control flow, both are restricted to one level of nesting for a particular control structure.
 Unfortunately, this restriction forces programmers to use \Indexc{goto} to achieve the equivalent control-flow for more than one level of nesting.
-To prevent having to switch to the ©goto©, \CFA extends the \Indexc{continue}\index{continue@\lstinline $continue$!labelled}\index{labelled!continue@©continue©} and \Indexc{break}\index{break@\lstinline $break$!labelled}\index{labelled!break@©break©} with a target label to support static multi-level exit\index{multi-level exit}\index{static multi-level exit}~\cite{Buhr85}.
+To prevent having to switch to the ©goto©, \CFA extends the \Indexc{continue}\index{continue@\lstinline $continue$!labelled}\index{labelled!continue@©continue©} and \Indexc{break}\index{break@\lstinline $break$!labelled}\index{labelled!break@©break©} with a target label to support static multi-level exit\index{multi-level exit}\index{static multi-level exit}~\cite{Buhr85}, as in Java.
 For both ©continue© and ©break©, the target label must be directly associated with a ©for©, ©while© or ©do© statement;
 for ©break©, the target label can also be associated with a ©switch©, ©if© or compound (©{}©) statement.
-\VRef[Figure]{f:MultiLevelResumeTermination} shows the labelled ©continue© and ©break©, specifying which control structure is the target for exit, and the corresponding C program using only ©goto©.
-The innermost loop has 7 exit points, which cause resumption or termination of one or more of the 7 \Index{nested control-structure}s.
-Java supports both labelled ©continue© and ©break© statements.
+\VRef[Figure]{f:MultiLevelExit} shows ©continue© and ©break© indicating the specific control structure, and the corresponding C program using only ©goto© and labels.
+The innermost loop has 7 exit points, which cause continuation or termination of one or more of the 7 \Index{nested control-structure}s.
 
 \begin{figure}
-\begin{tabular}{@{\hspace{\parindentlnth}}l@{\hspace{1.5em}}l@{}}
-\multicolumn{1}{c@{\hspace{1.5em}}}{\textbf{\CFA}}      & \multicolumn{1}{c}{\textbf{C}}        \\
+\begin{tabular}{@{\hspace{\parindentlnth}}l@{\hspace{\parindentlnth}}l@{\hspace{\parindentlnth}}l@{}}
+\multicolumn{1}{@{\hspace{\parindentlnth}}c@{\hspace{\parindentlnth}}}{\textbf{\CFA}}   & \multicolumn{1}{@{\hspace{\parindentlnth}}c}{\textbf{C}}      \\
 \begin{cfa}
 ®LC:® {
@@ -523 +525 @@
                         ®LF:® for ( ... ) {
                                 ®LW:® while ( ... ) {
-                                        ... break ®LC®; ...                     // terminate compound
-                                        ... break ®LS®; ...                     // terminate switch
-                                        ... break ®LIF®; ...                    // terminate if
-                                        ... continue ®LF;® ...   // resume loop
-                                        ... break ®LF®; ...                     // terminate loop
-                                        ... continue ®LW®; ...   // resume loop
-                                        ... break ®LW®; ...               // terminate loop
+                                        ... break ®LC®; ...
+                                        ... break ®LS®; ...
+                                        ... break ®LIF®; ...
+                                        ... continue ®LF;® ...
+                                        ... break ®LF®; ...
+                                        ... continue ®LW®; ...
+                                        ... break ®LW®; ...
                                 } // while
                         } // for
                 } else {
-                        ... break ®LIF®; ...                                     // terminate if
+                        ... break ®LIF®; ...
                 } // if
         } // switch
@@ -562 +564 @@
 } ®LC:® ;
 \end{cfa}
+&
+\begin{cfa}
+
+
+
+
+
+
+
+// terminate compound
+// terminate switch
+// terminate if
+// continue loop
+// terminate loop
+// continue loop
+// terminate loop
+
+
+
+// terminate if
+
+
+
+\end{cfa}
 \end{tabular}
-\caption{Multi-level Resume/Termination}
-\label{f:MultiLevelResumeTermination}
+\caption{Multi-level Exit}
+\label{f:MultiLevelExit}
 \end{figure}
-
-\begin{comment}
-int main() {
-  LC: {
-          LS: switch ( 1 ) {
-                  case 3:
-                  LIF: if ( 1 ) {
-                          LF: for ( ;; ) {
-                                  LW: while ( 1 ) {
-                                                break LC;                       // terminate compound
-                                                break LS;                       // terminate switch
-                                                break LIF;                      // terminate if
-                                                continue LF;     // resume loop
-                                                break LF;                       // terminate loop
-                                                continue LW;     // resume loop
-                                                break LW;                 // terminate loop
-                                        } // while
-                                } // for
-                        } else {
-                                break LIF;                                       // terminate if
-                        } // if
-                } // switch
-        } // compound
-        {
-                switch ( 1 ) {
-                  case 3:
-                        if ( 1 ) {
-                                for ( ;; ) {
-                                        while ( 1 ) {
-                                                goto LCx;
-                                                goto LSx;
-                                                goto LIF;
-                                                goto LFC;
-                                                goto LFB;
-                                                goto LWC;
-                                                goto LWB;
-                                          LWC: ; } LWB: ;
-                                  LFC: ; } LFB: ;
-                        } else {
-                                goto LIF;
-                        } L3: ;
-                } LSx: ;
-        } LCx: ;
-}
-
-// Local Variables: //
-// tab-width: 4 //
-// End: //
-\end{comment}
-
 
 Both labelled ©continue© and ©break© are a ©goto©\index{goto@\lstinline $goto$!restricted} restricted in the following ways:
@@ -624 +600 @@
 \item
 They cannot branch into a control structure.
-This restriction prevents missing initialization at the start of a control structure resulting in undefined behaviour.
+This restriction prevents missing declarations and/or initializations at the start of a control structure resulting in undefined behaviour.
 \end{itemize}
 The advantage of the labelled ©continue©/©break© is allowing static multi-level exits without having to use the ©goto© statement, and tying control flow to the target control structure rather than an arbitrary point in a program.
-Furthermore, the location of the label at the \emph{beginning} of the target control structure informs the reader that complex control-flow is occurring in the body of the control structure.
+Furthermore, the location of the label at the \emph{beginning} of the target control structure informs the reader (\Index{eye candy}) that complex control-flow is occurring in the body of the control structure.
 With ©goto©, the label is at the end of the control structure, which fails to convey this important clue early enough to the reader.
 Finally, using an explicit target for the transfer instead of an implicit target allows new constructs to be added or removed without affecting existing constructs.
@@ -719 +695 @@
 The problem with this usage is branching into control structures, which is known to cause both comprehension and technical difficulties.
 The comprehension problem occurs from the inability to determine how control reaches a particular point due to the number of branches leading to it.
-The technical problem results from the inability to ensure allocation and initialization of variables when blocks are not entered at the beginning.
-Often transferring into a block can bypass variable declaration and/or its initialization, which results in subsequent errors.
-There are virtually no positive arguments for this kind of control flow, and therefore, there is a strong impetus to eliminate it.
+The technical problem results from the inability to ensure declaration and initialization of variables when blocks are not entered at the beginning.
+There are no positive arguments for this kind of control flow, and therefore, there is a strong impetus to eliminate it.
 Nevertheless, C does have an idiom where this capability is used, known as ``\Index*{Duff's device}''~\cite{Duff83}:
 \begin{cfa}
@@ -921 +896 @@
 class C {
         int i, j;
-        int mem() {              ®// implicit "this" parameter
-                i = 1;          ®// this->i
-®               j = 3;          ®// this->j
-®       }
+        int mem() {                                     §\C{\color{red}// implicit "this" parameter}§
+                i = 1;                                  §\C{\color{red}// this->i}§
+                j = 2;                                  §\C{\color{red}// this->j}§
+        }
 }
 \end{C++}
 Since CFA is non-object-oriented, the equivalent object-oriented program looks like:
 \begin{cfa}
-struct C {
-        int i, j;
-};
-int mem( C &this ) {    // explicit "this" parameter
-        ®this.®i = 1;                     // "this" is not elided
+struct S { int i, j; };
+int mem( S &®this® ) {                  §\C{// explicit "this" parameter}§
+        ®this.®i = 1;                           §\C{// "this" is not elided}§
         ®this.®j = 2;
 }
 \end{cfa}
 but it is cumbersome having to write "©this.©" many times in a member.
-\CFA provides a ©with© clause/statement to elided the "©this.©".
-\begin{cfa}
-int mem( C &this ) ®with this® {
-        i = 1;                  ®// this.i
-®       j = 2;                  ®// this.j
-®}
+
+\CFA provides a ©with© clause/statement (see Pascal~\cite[\S~4.F]{Pascal}) to elided the "©this.©" by opening a scope containing field identifiers, changing the qualified fields into variables and giving an opportunity for optimizing qualified references.
+\begin{cfa}
+int mem( S &this ) ®with this® { §\C{// with clause}§
+        i = 1;                                          §\C{\color{red}// this->i}§
+        j = 2;                                          §\C{\color{red}// this->j}§
+}
 \end{cfa}
 which extends to multiple routine parameters:
 \begin{cfa}
-struct D {
-        double m, n;
-};
-int mem2( C &this1, D &this2 ) ®with this1, this2® {
+struct T { double m, n; };
+int mem2( S &this1, T &this2 ) ®with this1, this2® {
         i = 1; j = 2;
         m = 1.0; n = 2.0;
 }
 \end{cfa}
-The ©with© clause/statement comes from Pascal~\cite[\S~4.F]{Pascal}.
 
 The statement form is used within a block:
@@ -962 +933 @@
         struct S1 { ... } s1;
         struct S2 { ... } s2;
-        ®with s1® {
+        ®with s1® {                     // with statement
                 // access fields of s1 without qualification
                 ®with s2® {  // nesting
-                        // access fields of s2 without qualification
+                        // access fields of s1 and s2 without qualification
                 }
         }
@@ -974 +945 @@
 \end{cfa}
 
-Names clashes when opening multiple structures are ambiguous.
-\begin{cfa}
-struct A { int i; int j; } a, c;
-struct B { int i; int k; } b, c;
+When opening multiple structures, fields with the same name and type are ambiguous and must be fully qualified.
+For fields with the same name but different type, context/cast can be used to disambiguate.
+\begin{cfa}
+struct S { int i; int j; double m; } a, c;
+struct T { int i; int k; int m } b, c;
 ®with a, b® {
-        j + k;                                          §\C{// unambiguous}§
-        i;                                                      §\C{// ambiguous}§
-        a.i + b.i;                                      §\C{// unambiguous}§
-}
-®with c® {                                              §\C{// ambiguous}§
-        // ...
-}
+        j + k;                                          §\C{// unambiguous, unique names define unique types}§
+        i;                                                      §\C{// ambiguous, same name and type}§
+        a.i + b.i;                                      §\C{// unambiguous, qualification defines unique names}§
+        m;                                                      §\C{// ambiguous, same name and no context to define unique type}§
+        m = 5.0;                                        §\C{// unambiguous, same name and context defines unique type}§
+        m = 1;                                          §\C{// unambiguous, same name and context defines unique type}§
+}
+®with c® { ... }                                §\C{// ambiguous, same name and no context}§
+®with (S)c® { ... }                             §\C{// unambiguous, same name and cast defines unique type}§
 \end{cfa}
 
 
 \section{Exception Handling}
+\label{s:ExceptionHandling}
 
 Exception handling provides two mechanism: change of control flow from a raise to a handler, and communication from the raise to the handler.
-\begin{cfa}
-exception void h( int i );
-exception int h( int i, double d );
-
+Transfer of control can be local, within a routine, or non-local, among routines.
+Non-local transfer can cause stack unwinding, \ie non-local routine termination, depending on the kind of raise.
+\begin{cfa}
+exception_t E {};                               §\C{// exception type}§
 void f(...) {
-        ... throw h( 3 );
-        ... i = resume h( 3, 5.1 );
-}
-
+        ... throw E{}; ...                      §\C{// termination}§
+        ... throwResume E{}; ...        §\C{// resumption}§
+}
 try {
         f(...);
-} catch h( int w ) {
-        // reset
-} resume h( int p, double x ) {
-        return 17;  // recover
+} catch( E e : §boolean-predicate§ ) {                  §\C[8cm]{// termination handler}§
+        // recover and continue
+} catchResume( E e : §boolean-predicate§ ) {    §\C{// resumption handler}\CRT§
+        // repair and return
 } finally {
-}
-\end{cfa}
-So the type raised would be the mangled name of the exception prototype and that name would be matched at the handler clauses by comparing the strings.
-The arguments for the call would have to be packed in a message and unpacked at handler clause and then a call made to the handler.
+        // always executed
+}
+\end{cfa}
+The kind of raise and handler match: ©throw© with ©catch© and ©throwResume© with ©catchResume©.
+Then the exception type must match along with any additonal predicate must be true.
+The ©catch© and ©catchResume© handlers may appear in any oder.
+However, the ©finally© clause must appear at the end of the ©try© statement.
 
 
@@ -1222 +1199 @@
 
 
+\section{Exponentiation Operator}
+
+C, \CC, and Java (and many other programming languages) have no exponentiation operator\index{exponentiation!operator}\index{operator!exponentiation}, \ie $x^y$, and instead use a routine, like \Indexc{pow}, to perform the exponentiation operation.
+\CFA extends the basic operators with the exponentiation operator ©?\?©\index{?\\?@\lstinline$?\?$} and ©?\=?©\index{?\\=?@\lstinline$?\=?$}, as in, ©x \ y© and ©x \= y©, which means $x^y$ and $x \leftarrow x^y$.
+The priority of the exponentiation operator is between the cast and multiplicative operators, so that ©w * (int)x \ (int)y * z© is parenthesized as ©((w * (((int)x) \ ((int)y))) * z)©.
+
+As for \Index{division}, there are exponentiation operators for integral and floating-point types, including the builtin \Index{complex} types.
+Unsigned integral exponentiation\index{exponentiation!unsigned integral} is performed with repeated multiplication\footnote{The multiplication computation is optimized to $O(\log y)$.} (or shifting if the base is 2).
+Signed integral exponentiation\index{exponentiation!signed integral} is performed with repeated multiplication (or shifting if the base is 2), but yields a floating-point result because $x^{-y}=1/x^y$.
+Hence, it is important to designate exponent integral-constants as unsigned or signed: ©3 \ 3u© return an integral result, while ©3 \ 3© returns a floating-point result.
+Floating-point exponentiation\index{exponentiation!floating point} is performed using \Index{logarithm}s\index{exponentiation!logarithm}, so the base cannot be negative.
+\begin{cfa}
+sout | 2 ®\® 8u | 4 ®\® 3u | -4 ®\® 3u | 4 ®\® -3 | -4 ®\® -3 | 4.0 ®\® 2.1 | (1.0f+2.0fi) ®\® (3.0f+2.0fi) | endl;
+256 64 -64 0.015625 -0.015625 18.3791736799526 0.264715-1.1922i
+\end{cfa}
+Parenthesis are necessary for the complex constants or the expresion is parsed as ©1.0f+(2.0fi \ 3.0f)+2.0fi©.
+The exponentiation operator is available for all the basic types, but for user-defined types, only the integral-computation versions are available.
+For returning an integral value, the user type ©T© must define multiplication, ©*©, and one, ©1©;
+for returning a floating-point value, an additional divide of type ©T© into a ©double© returning a ©double© (©double ?/?( double, T )©) is necessary for negative exponents.
+
+
 \section{Pointer / Reference}
 
@@ -1230 +1228 @@
 An integer constant expression with the value 0, or such an expression cast to type ©void *©, is called a \newterm{null-pointer constant}.\footnote{
 One way to conceptualize the null pointer is that no variable is placed at this address, so the null-pointer address can be used to denote an uninitialized pointer/reference object;
-\ie the null pointer is guaranteed to compare unequal to a pointer to any object or routine.}
+\ie the null pointer is guaranteed to compare unequal to a pointer to any object or routine.
+In general, a value with special meaning among a set of values is called a \emph{\Index{sentinel value}}, \eg ©-1© as a return code value.}
 An address is \newterm{sound}, if it points to a valid memory location in scope, \ie within the program's execution-environment and has not been freed.
 Dereferencing an \newterm{unsound} address, including the null pointer, is \Index{undefined}, often resulting in a \Index{memory fault}.
@@ -1265 +1264 @@
 \hline
 \begin{cfa}
-lda             r1,100                  // load address of x
-ld               r2,(r1)                  // load value of x
-lda             r3,104                  // load address of y
-st               r2,(r3)                  // store x into y
+lda             r1,100  // load address of x
+ld               r2,(r1)          // load value of x
+lda             r3,104  // load address of y
+st               r2,(r3)          // store x into y
 \end{cfa}
 &
 \begin{cfa}
 
-ld              r2,(100)                // load value of x
-
-st              r2,(104)                // store x into y
+ld              r2,(100)        // load value of x
+
+st              r2,(104)        // store x into y
 \end{cfa}
 \end{tabular}
@@ -1423 +1422 @@
 int w, x, y, z, & ar[3] = { x, y, z }; §\C{// initialize array of references}§
 &ar[1] = &w;                                            §\C{// change reference array element}§
-typeof( ar[1] ) p;                                      §\C{// (gcc) is int, i.e., the type of referenced object}§
-typeof( &ar[1] ) q;                                     §\C{// (gcc) is int \&, i.e., the type of reference}§
-sizeof( ar[1] ) == sizeof( int );       §\C{// is true, i.e., the size of referenced object}§
-sizeof( &ar[1] ) == sizeof( int *)      §\C{// is true, i.e., the size of a reference}§
+typeof( ar[1] ) p;                                      §\C{// (gcc) is int, \ie the type of referenced object}§
+typeof( &ar[1] ) q;                                     §\C{// (gcc) is int \&, \ie the type of reference}§
+sizeof( ar[1] ) == sizeof( int );       §\C{// is true, \ie the size of referenced object}§
+sizeof( &ar[1] ) == sizeof( int *)      §\C{// is true, \ie the size of a reference}§
 \end{cfa}
 
@@ -1571 +1570 @@
 
 \item
-lvalue to reference conversion: \lstinline[deletekeywords={lvalue}]@lvalue-type cv1 T@ converts to ©cv2 T &©, which allows implicitly converting variables to references.
+lvalue to reference conversion: \lstinline[deletekeywords=lvalue]$lvalue-type cv1 T$ converts to ©cv2 T &©, which allows implicitly converting variables to references.
 \begin{cfa}
 int x, &r = ®x®, f( int & p ); // lvalue variable (int) convert to reference (int &)
@@ -1765 +1764 @@
 
 In detail, the brackets, ©[]©, enclose the result type, where each return value is named and that name is a local variable of the particular return type.\footnote{
-\Index*{Michael Tiemann}, with help from \Index*{Doug Lea}, provided named return values in g++, circa 1989.}
+\Index*{Michael Tiemann}\index{Tiemann, Michael}, with help from \Index*{Doug Lea}\index{Lea, Doug}, provided named return values in g++, circa 1989.}
 The value of each local return variable is automatically returned at routine termination.
 Declaration qualifiers can only appear at the start of a routine definition, \eg:
@@ -2224 +2223 @@
 
 
+\section{Tuple}
+
+In C and \CFA, lists of elements appear in several contexts, such as the parameter list of a routine call.
+\begin{cfa}
+f( ®2, x, 3 + i® );                             §\C{// element list}§
+\end{cfa}
+A list of elements is called a \newterm{tuple}, and is different from a \Index{comma expression}.
+
+
+\subsection{Multiple-Return-Value Functions}
+\label{s:MRV_Functions}
+
+In standard C, functions can return at most one value.
+To emulate functions with multiple return values, \emph{\Index{aggregation}} and/or \emph{\Index{aliasing}} is used.
+In the former situation, the function designer creates a record type that combines all of the return values into a single type.
+For example, consider a function returning the most frequently occurring letter in a string, and its frequency.
+This example is complex enough to illustrate that an array is insufficient, since arrays are homogeneous, and demonstrates a potential pitfall that exists with aliasing.
+\begin{cfa}
+struct mf_ret {
+        int freq;
+        char ch;
+};
+
+struct mf_ret most_frequent(const char * str) {
+        char freqs [26] = { 0 };
+        struct mf_ret ret = { 0, 'a' };
+        for (int i = 0; str[i] != '\0'; ++i) {
+                if (isalpha(str[i])) {        // only count letters
+                        int ch = tolower(str[i]);   // convert to lower case
+                        int idx = ch-'a';
+                        if (++freqs[idx] > ret.freq) {  // update on new max
+                          ret.freq = freqs[idx];
+                          ret.ch = ch;
+                        }
+                }
+        }
+        return ret;
+}
+
+const char * str = "hello world";
+struct mf_ret ret = most_frequent(str);
+printf("%s -- %d %c\n", str, ret.freq, ret.ch);
+\end{cfa}
+Of note, the designer must come up with a name for the return type and for each of its fields.
+Unnecessary naming is a common programming language issue, introducing verbosity and a complication of the user's mental model.
+That is, adding another named type creates another association in the programmer's mind that needs to be kept track of when reading and writing code.
+As such, this technique is effective when used sparingly, but can quickly get out of hand if many functions need to return different combinations of types.
+
+In the latter approach, the designer simulates multiple return values by passing the additional return values as pointer parameters.
+The pointer parameters are assigned inside of the routine body to emulate a return.
+Using the same example,
+\begin{cfa}
+int most_frequent(const char * str, char * ret_ch) {
+        char freqs [26] = { 0 };
+        int ret_freq = 0;
+        for (int i = 0; str[i] != '\0'; ++i) {
+                if (isalpha(str[i])) {        // only count letters
+                        int ch = tolower(str[i]);   // convert to lower case
+                        int idx = ch-'a';
+                        if (++freqs[idx] > ret_freq) {  // update on new max
+                          ret_freq = freqs[idx];
+                          *ret_ch = ch;   // assign to out parameter
+                        }
+                }
+        }
+        return ret_freq;  // only one value returned directly
+}
+
+const char * str = "hello world";
+char ch;                            // pre-allocate return value
+int freq = most_frequent(str, &ch); // pass return value as out parameter
+printf("%s -- %d %c\n", str, freq, ch);
+\end{cfa}
+Notably, using this approach, the caller is directly responsible for allocating storage for the additional temporary return values, which complicates the call site with a sequence of variable declarations leading up to the call.
+Also, while a disciplined use of ©const© can give clues about whether a pointer parameter is going to be used as an out parameter, it is not immediately obvious from only the routine signature whether the callee expects such a parameter to be initialized before the call.
+Furthermore, while many C routines that accept pointers are designed so that it is safe to pass ©NULL© as a parameter, there are many C routines that are not null-safe.
+On a related note, C does not provide a standard mechanism to state that a parameter is going to be used as an additional return value, which makes the job of ensuring that a value is returned more difficult for the compiler.
+Interestingly, there is a subtle bug in the previous example, in that ©ret_ch© is never assigned for a string that does not contain any letters, which can lead to undefined behaviour.
+In this particular case, it turns out that the frequency return value also doubles as an error code, where a frequency of 0 means the character return value should be ignored.
+Still, not every routine with multiple return values should be required to return an error code, and error codes are easily ignored, so this is not a satisfying solution.
+As with the previous approach, this technique can simulate multiple return values, but in practice it is verbose and error prone.
+
+In \CFA, functions can be declared to return multiple values with an extension to the function declaration syntax.
+Multiple return values are declared as a comma-separated list of types in square brackets in the same location that the return type appears in standard C function declarations.
+The ability to return multiple values from a function requires a new syntax for the return statement.
+For consistency, the return statement in \CFA accepts a comma-separated list of expressions in square brackets.
+The expression resolution phase of the \CFA translator ensures that the correct form is used depending on the values being returned and the return type of the current function.
+A multiple-returning function with return type ©T© can return any expression that is implicitly convertible to ©T©.
+Using the running example, the ©most_frequent© function can be written using multiple return values as such,
+\begin{cfa}
+[int, char] most_frequent(const char * str) {
+        char freqs [26] = { 0 };
+        int ret_freq = 0;
+        char ret_ch = 'a';  // arbitrary default value for consistent results
+        for (int i = 0; str[i] != '\0'; ++i) {
+                if (isalpha(str[i])) {        // only count letters
+                        int ch = tolower(str[i]);   // convert to lower case
+                        int idx = ch-'a';
+                        if (++freqs[idx] > ret_freq) {  // update on new max
+                          ret_freq = freqs[idx];
+                          ret_ch = ch;
+                        }
+                }
+        }
+        return [ret_freq, ret_ch];
+}
+\end{cfa}
+This approach provides the benefits of compile-time checking for appropriate return statements as in aggregation, but without the required verbosity of declaring a new named type, which precludes the bug seen with out-parameters.
+
+The addition of multiple-return-value functions necessitates a syntax for accepting multiple values at the call-site.
+The simplest mechanism for retaining a return value in C is variable assignment.
+By assigning the return value into a variable, its value can be retrieved later at any point in the program.
+As such, \CFA allows assigning multiple values from a function into multiple variables, using a square-bracketed list of lvalue expressions on the left side.
+\begin{cfa}
+const char * str = "hello world";
+int freq;
+char ch;
+[freq, ch] = most_frequent(str);  // assign into multiple variables
+printf("%s -- %d %c\n", str, freq, ch);
+\end{cfa}
+It is also common to use a function's output as the input to another function.
+\CFA also allows this case, without any new syntax.
+When a function call is passed as an argument to another call, the expression resolver attempts to find the best match of actual arguments to formal parameters given all of the possible expression interpretations in the current scope \cite{Bilson03}.
+For example,
+\begin{cfa}
+void process(int);       // (1)
+void process(char);      // (2)
+void process(int, char); // (3)
+void process(char, int); // (4)
+
+process(most_frequent("hello world"));  // selects (3)
+\end{cfa}
+In this case, there is only one option for a function named ©most_frequent© that takes a string as input.
+This function returns two values, one ©int© and one ©char©.
+There are four options for a function named ©process©, but only two that accept two arguments, and of those the best match is (3), which is also an exact match.
+This expression first calls ©most_frequent("hello world")©, which produces the values ©3© and ©'l'©, which are fed directly to the first and second parameters of (3), respectively.
+
+\section{Tuple Expressions}
+Multiple-return-value functions provide \CFA with a new syntax for expressing a combination of expressions in the return statement and a combination of types in a function signature.
+These notions can be generalized to provide \CFA with \emph{tuple expressions} and \emph{tuple types}.
+A tuple expression is an expression producing a fixed-size, ordered list of values of heterogeneous types.
+The type of a tuple expression is the tuple of the subexpression types, or a \emph{tuple type}.
+In \CFA, a tuple expression is denoted by a comma-separated list of expressions enclosed in square brackets.
+For example, the expression ©[5, 'x', 10.5]© has type ©[int, char, double]©.
+The previous expression has 3 \emph{components}.
+Each component in a tuple expression can be any \CFA expression, including another tuple expression.
+The order of evaluation of the components in a tuple expression is unspecified, to allow a compiler the greatest flexibility for program optimization.
+It is, however, guaranteed that each component of a tuple expression is evaluated for side-effects, even if the result is not used.
+Multiple-return-value functions can equivalently be called \emph{tuple-returning functions}.
+
+\subsection{Tuple Variables}
+The call-site of the ©most_frequent© routine has a notable blemish, in that it required the preallocation of return variables in a manner similar to the aliasing example, since it is impossible to declare multiple variables of different types in the same declaration in standard C.
+In \CFA, it is possible to overcome this restriction by declaring a \emph{tuple variable}.
+\begin{cfa}[emph=ret, emphstyle=\color{red}]
+const char * str = "hello world";
+[int, char] ret = most_frequent(str);  // initialize tuple variable
+printf("%s -- %d %c\n", str, ret);
+\end{cfa}
+It is now possible to accept multiple values into a single piece of storage, in much the same way that it was previously possible to pass multiple values from one function call to another.
+These variables can be used in any of the contexts where a tuple expression is allowed, such as in the ©printf© function call.
+As in the ©process© example, the components of the tuple value are passed as separate parameters to ©printf©, allowing very simple printing of tuple expressions.
+One way to access the individual components is with a simple assignment, as in previous examples.
+\begin{cfa}
+int freq;
+char ch;
+[freq, ch] = ret;
+\end{cfa}
+
+\begin{sloppypar}
+In addition to variables of tuple type, it is also possible to have pointers to tuples, and arrays of tuples.
+Tuple types can be composed of any types, except for array types, since array assignment is disallowed, which makes tuple assignment difficult when a tuple contains an array.
+\begin{cfa}
+[double, int] di;
+[double, int] * pdi
+[double, int] adi[10];
+\end{cfa}
+This examples declares a variable of type ©[double, int]©, a variable of type pointer to ©[double, int]©, and an array of ten ©[double, int]©.
+\end{sloppypar}
+
+\subsection{Tuple Indexing}
+
+At times, it is desirable to access a single component of a tuple-valued expression without creating unnecessary temporary variables to assign to.
+Given a tuple-valued expression ©e© and a compile-time constant integer $i$ where $0 \leq i < n$, where $n$ is the number of components in ©e©, ©e.i© accesses the $i$\textsuperscript{th} component of ©e©.
+For example,
+\begin{cfa}
+[int, double] x;
+[char *, int] f();
+void g(double, int);
+[int, double] * p;
+
+int y = x.0;                                                    §\C{// access int component of x}§
+y = f().1;                                                              §\C{// access int component of f}§
+p->0 = 5;                                                               §\C{// access int component of tuple pointed-to by p}§
+g( x.1, x.0 );                                                  §\C{// rearrange x to pass to g}§
+double z = [x, f()].0.1;                                §\C{// access second component of first component of tuple expression}§
+\end{cfa}
+As seen above, tuple-index expressions can occur on any tuple-typed expression, including tuple-returning functions, square-bracketed tuple expressions, and other tuple-index expressions, provided the retrieved component is also a tuple.
+This feature was proposed for \KWC but never implemented \cite[p.~45]{Till89}.
+
+\subsection{Flattening and Structuring}
+As evident in previous examples, tuples in \CFA do not have a rigid structure.
+In function call contexts, tuples support implicit flattening and restructuring conversions.
+Tuple flattening recursively expands a tuple into the list of its basic components.
+Tuple structuring packages a list of expressions into a value of tuple type.
+\begin{cfa}
+int f(int, int);
+int g([int, int]);
+int h(int, [int, int]);
+[int, int] x;
+int y;
+
+f(x);      // flatten
+g(y, 10);  // structure
+h(x, y);   // flatten & structure
+\end{cfa}
+In \CFA, each of these calls is valid.
+In the call to ©f©, ©x© is implicitly flattened so that the components of ©x© are passed as the two arguments to ©f©.
+For the call to ©g©, the values ©y© and ©10© are structured into a single argument of type ©[int, int]© to match the type of the parameter of ©g©.
+Finally, in the call to ©h©, ©x© is flattened to yield an argument list of length 3, of which the first component of ©x© is passed as the first parameter of ©h©, and the second component of ©x© and ©y© are structured into the second argument of type ©[int, int]©.
+The flexible structure of tuples permits a simple and expressive function-call syntax to work seamlessly with both single- and multiple-return-value functions, and with any number of arguments of arbitrarily complex structure.
+
+In \KWC \cite{Buhr94a,Till89}, there were 4 tuple coercions: opening, closing, flattening, and structuring.
+Opening coerces a tuple value into a tuple of values, while closing converts a tuple of values into a single tuple value.
+Flattening coerces a nested tuple into a flat tuple, \ie it takes a tuple with tuple components and expands it into a tuple with only non-tuple components.
+Structuring moves in the opposite direction, \ie it takes a flat tuple value and provides structure by introducing nested tuple components.
+
+In \CFA, the design has been simplified to require only the two conversions previously described, which trigger only in function call and return situations.
+This simplification is a primary contribution of this thesis to the design of tuples in \CFA.
+Specifically, the expression resolution algorithm examines all of the possible alternatives for an expression to determine the best match.
+In resolving a function call expression, each combination of function value and list of argument alternatives is examined.
+Given a particular argument list and function value, the list of argument alternatives is flattened to produce a list of non-tuple valued expressions.
+Then the flattened list of expressions is compared with each value in the function's parameter list.
+If the parameter's type is not a tuple type, then the current argument value is unified with the parameter type, and on success the next argument and parameter are examined.
+If the parameter's type is a tuple type, then the structuring conversion takes effect, recursively applying the parameter matching algorithm using the tuple's component types as the parameter list types.
+Assuming a successful unification, eventually the algorithm gets to the end of the tuple type, which causes all of the matching expressions to be consumed and structured into a tuple expression.
+For example, in
+\begin{cfa}
+int f(int, [double, int]);
+f([5, 10.2], 4);
+\end{cfa}
+There is only a single definition of ©f©, and 3 arguments with only single interpretations.
+First, the argument alternative list ©[5, 10.2], 4© is flattened to produce the argument list ©5, 10.2, 4©.
+Next, the parameter matching algorithm begins, with $P = $©int© and $A = $©int©, which unifies exactly.
+Moving to the next parameter and argument, $P = $©[double, int]© and $A = $©double©.
+This time, the parameter is a tuple type, so the algorithm applies recursively with $P' = $©double© and $A = $©double©, which unifies exactly.
+Then $P' = $©int© and $A = $©double©, which again unifies exactly.
+At this point, the end of $P'$ has been reached, so the arguments ©10.2, 4© are structured into the tuple expression ©[10.2, 4]©.
+Finally, the end of the parameter list $P$ has also been reached, so the final expression is ©f(5, [10.2, 4])©.
+
+\section{Tuple Assignment}
+\label{s:TupleAssignment}
+An assignment where the left side of the assignment operator has a tuple type is called tuple assignment.
+There are two kinds of tuple assignment depending on whether the right side of the assignment operator has a tuple type or a non-tuple type, called \emph{Multiple} and \emph{Mass} Assignment, respectively.
+\begin{cfa}
+int x;
+double y;
+[int, double] z;
+[y, x] = 3.14;  // mass assignment
+[x, y] = z;     // multiple assignment
+z = 10;         // mass assignment
+z = [x, y];     // multiple assignment
+\end{cfa}
+Let $L_i$ for $i$ in $[0, n)$ represent each component of the flattened left side, $R_i$ represent each component of the flattened right side of a multiple assignment, and $R$ represent the right side of a mass assignment.
+
+For a multiple assignment to be valid, both tuples must have the same number of elements when flattened.
+For example, the following is invalid because the number of components on the left does not match the number of components on the right.
+\begin{cfa}
+[int, int] x, y, z;
+[x, y] = z;   // multiple assignment, invalid 4 != 2
+\end{cfa}
+Multiple assignment assigns $R_i$ to $L_i$ for each $i$.
+That is, ©?=?(&$L_i$, $R_i$)© must be a well-typed expression.
+In the previous example, ©[x, y] = z©, ©z© is flattened into ©z.0, z.1©, and the assignments ©x = z.0© and ©y = z.1© happen.
+
+A mass assignment assigns the value $R$ to each $L_i$.
+For a mass assignment to be valid, ©?=?(&$L_i$, $R$)© must be a well-typed expression.
+These semantics differ from C cascading assignment (\eg ©a=b=c©) in that conversions are applied to $R$ in each individual assignment, which prevents data loss from the chain of conversions that can happen during a cascading assignment.
+For example, ©[y, x] = 3.14© performs the assignments ©y = 3.14© and ©x = 3.14©, which results in the value ©3.14© in ©y© and the value ©3© in ©x©.
+On the other hand, the C cascading assignment ©y = x = 3.14© performs the assignments ©x = 3.14© and ©y = x©, which results in the value ©3© in ©x©, and as a result the value ©3© in ©y© as well.
+
+Both kinds of tuple assignment have parallel semantics, such that each value on the left side and right side is evaluated \emph{before} any assignments occur.
+As a result, it is possible to swap the values in two variables without explicitly creating any temporary variables or calling a function.
+\begin{cfa}
+int x = 10, y = 20;
+[x, y] = [y, x];
+\end{cfa}
+After executing this code, ©x© has the value ©20© and ©y© has the value ©10©.
+
+In \CFA, tuple assignment is an expression where the result type is the type of the left side of the assignment, as in normal assignment.
+That is, a tuple assignment produces the value of the left-hand side after assignment.
+These semantics allow cascading tuple assignment to work out naturally in any context where a tuple is permitted.
+These semantics are a change from the original tuple design in \KWC \cite{Till89}, wherein tuple assignment was a statement that allows cascading assignments as a special case.
+Restricting tuple assignment to statements was an attempt to to fix what was seen as a problem with side-effects, wherein assignment can be used in many different locations, such as in function-call argument position.
+While permitting assignment as an expression does introduce the potential for subtle complexities, it is impossible to remove assignment expressions from \CFA without affecting backwards compatibility.
+Furthermore, there are situations where permitting assignment as an expression improves readability by keeping code succinct and reducing repetition, and complicating the definition of tuple assignment puts a greater cognitive burden on the user.
+In another language, tuple assignment as a statement could be reasonable, but it would be inconsistent for tuple assignment to be the only kind of assignment that is not an expression.
+In addition, \KWC permits the compiler to optimize tuple assignment as a block copy, since it does not support user-defined assignment operators.
+This optimization could be implemented in \CFA, but it requires the compiler to verify that the selected assignment operator is trivial.
+
+The following example shows multiple, mass, and cascading assignment used in one expression
+\begin{cfa}
+        int a, b;
+        double c, d;
+        [void] f([int, int]);
+        f([c, a] = [b, d] = 1.5);  // assignments in parameter list
+\end{cfa}
+The tuple expression begins with a mass assignment of ©1.5© into ©[b, d]©, which assigns ©1.5© into ©b©, which is truncated to ©1©, and ©1.5© into ©d©, producing the tuple ©[1, 1.5]© as a result.
+That tuple is used as the right side of the multiple assignment (\ie, ©[c, a] = [1, 1.5]©) that assigns ©1© into ©c© and ©1.5© into ©a©, which is truncated to ©1©, producing the result ©[1, 1]©.
+Finally, the tuple ©[1, 1]© is used as an expression in the call to ©f©.
+
+\subsection{Tuple Construction}
+Tuple construction and destruction follow the same rules and semantics as tuple assignment, except that in the case where there is no right side, the default constructor or destructor is called on each component of the tuple.
+As constructors and destructors did not exist in previous versions of \CFA or in \KWC, this is a primary contribution of this thesis to the design of tuples.
+\begin{cfa}
+struct S;
+void ?{}(S *);         // (1)
+void ?{}(S *, int);    // (2)
+void ?{}(S * double);  // (3)
+void ?{}(S *, S);      // (4)
+
+[S, S] x = [3, 6.28];  // uses (2), (3), specialized constructors
+[S, S] y;              // uses (1), (1), default constructor
+[S, S] z = x.0;        // uses (4), (4), copy constructor
+\end{cfa}
+In this example, ©x© is initialized by the multiple constructor calls ©?{}(&x.0, 3)© and ©?{}(&x.1, 6.28)©, while ©y© is initialized by two default constructor calls ©?{}(&y.0)© and ©?{}(&y.1)©.
+©z© is initialized by mass copy constructor calls ©?{}(&z.0, x.0)© and ©?{}(&z.1, x.0)©.
+Finally, ©x©, ©y©, and ©z© are destructed, \ie the calls ©^?{}(&x.0)©, ©^?{}(&x.1)©, ©^?{}(&y.0)©, ©^?{}(&y.1)©, ©^?{}(&z.0)©, and ©^?{}(&z.1)©.
+
+It is possible to define constructors and assignment functions for tuple types that provide new semantics, if the existing semantics do not fit the needs of an application.
+For example, the function ©void ?{}([T, U] *, S);© can be defined to allow a tuple variable to be constructed from a value of type ©S©.
+\begin{cfa}
+struct S { int x; double y; };
+void ?{}([int, double] * this, S s) {
+        this->0 = s.x;
+        this->1 = s.y;
+}
+\end{cfa}
+Due to the structure of generated constructors, it is possible to pass a tuple to a generated constructor for a type with a member prefix that matches the type of the tuple.
+For example,
+\begin{cfa}
+struct S { int x; double y; int z };
+[int, double] t;
+S s = t;
+\end{cfa}
+The initialization of ©s© with ©t© works by default because ©t© is flattened into its components, which satisfies the generated field constructor ©?{}(S *, int, double)© to initialize the first two values.
+
+\section{Member-Access Tuple Expression}
+\label{s:MemberAccessTuple}
+It is possible to access multiple fields from a single expression using a \emph{Member-Access Tuple Expression}.
+The result is a single tuple-valued expression whose type is the tuple of the types of the members.
+For example,
+\begin{cfa}
+struct S { int x; double y; char * z; } s;
+s.[x, y, z];
+\end{cfa}
+Here, the type of ©s.[x, y, z]© is ©[int, double, char *]©.
+A member tuple expression has the form ©a.[x, y, z];© where ©a© is an expression with type ©T©, where ©T© supports member access expressions, and ©x, y, z© are all members of ©T© with types ©T$_x$©, ©T$_y$©, and ©T$_z$© respectively.
+Then the type of ©a.[x, y, z]© is ©[T_x, T_y, T_z]©.
+
+Since tuple index expressions are a form of member-access expression, it is possible to use tuple-index expressions in conjunction with member tuple expressions to manually restructure a tuple (\eg, rearrange components, drop components, duplicate components, etc.).
+\begin{cfa}
+[int, int, long, double] x;
+void f(double, long);
+
+f(x.[0, 3]);          // f(x.0, x.3)
+x.[0, 1] = x.[1, 0];  // [x.0, x.1] = [x.1, x.0]
+[long, int, long] y = x.[2, 0, 2];
+\end{cfa}
+
+It is possible for a member tuple expression to contain other member access expressions.
+For example,
+\begin{cfa}
+struct A { double i; int j; };
+struct B { int * k; short l; };
+struct C { int x; A y; B z; } v;
+v.[x, y.[i, j], z.k];
+\end{cfa}
+This expression is equivalent to ©[v.x, [v.y.i, v.y.j], v.z.k]©.
+That is, the aggregate expression is effectively distributed across the tuple, which allows simple and easy access to multiple components in an aggregate, without repetition.
+It is guaranteed that the aggregate expression to the left of the ©.© in a member tuple expression is evaluated exactly once.
+As such, it is safe to use member tuple expressions on the result of a side-effecting function.
+\begin{cfa}
+[int, float, double] f();
+[double, float] x = f().[2, 1];
+\end{cfa}
+
+In \KWC, member tuple expressions are known as \emph{record field tuples} \cite{Till89}.
+Since \CFA permits these tuple-access expressions using structures, unions, and tuples, \emph{member tuple expression} or \emph{field tuple expression} is more appropriate.
+
+It is possible to extend member-access expressions further.
+Currently, a member-access expression whose member is a name requires that the aggregate is a structure or union, while a constant integer member requires the aggregate to be a tuple.
+In the interest of orthogonal design, \CFA could apply some meaning to the remaining combinations as well.
+For example,
+\begin{cfa}
+struct S { int x, y; } s;
+[S, S] z;
+
+s.x;  // access member
+z.0;  // access component
+
+s.1;  // ???
+z.y;  // ???
+\end{cfa}
+One possibility is for ©s.1© to select the second member of ©s©.
+Under this interpretation, it becomes possible to not only access members of a struct by name, but also by position.
+Likewise, it seems natural to open this mechanism to enumerations as well, wherein the left side would be a type, rather than an expression.
+One benefit of this interpretation is familiarity, since it is extremely reminiscent of tuple-index expressions.
+On the other hand, it could be argued that this interpretation is brittle in that changing the order of members or adding new members to a structure becomes a brittle operation.
+This problem is less of a concern with tuples, since modifying a tuple affects only the code that directly uses the tuple, whereas modifying a structure has far reaching consequences for every instance of the structure.
+
+As for ©z.y©, one interpretation is to extend the meaning of member tuple expressions.
+That is, currently the tuple must occur as the member, \ie to the right of the dot.
+Allowing tuples to the left of the dot could distribute the member across the elements of the tuple, in much the same way that member tuple expressions distribute the aggregate across the member tuple.
+In this example, ©z.y© expands to ©[z.0.y, z.1.y]©, allowing what is effectively a very limited compile-time field-sections map operation, where the argument must be a tuple containing only aggregates having a member named ©y©.
+It is questionable how useful this would actually be in practice, since structures often do not have names in common with other structures, and further this could cause maintainability issues in that it encourages programmers to adopt very simple naming conventions to maximize the amount of overlap between different types.
+Perhaps more useful would be to allow arrays on the left side of the dot, which would likewise allow mapping a field access across the entire array, producing an array of the contained fields.
+The immediate problem with this idea is that C arrays do not carry around their size, which would make it impossible to use this extension for anything other than a simple stack allocated array.
+
+Supposing this feature works as described, it would be necessary to specify an ordering for the expansion of member-access expressions versus member-tuple expressions.
+\begin{cfa}
+struct { int x, y; };
+[S, S] z;
+z.[x, y];  // ???
+// => [z.0, z.1].[x, y]
+// => [z.0.x, z.0.y, z.1.x, z.1.y]
+// or
+// => [z.x, z.y]
+// => [[z.0, z.1].x, [z.0, z.1].y]
+// => [z.0.x, z.1.x, z.0.y, z.1.y]
+\end{cfa}
+Depending on exactly how the two tuples are combined, different results can be achieved.
+As such, a specific ordering would need to be imposed to make this feature useful.
+Furthermore, this addition moves a member-tuple expression's meaning from being clear statically to needing resolver support, since the member name needs to be distributed appropriately over each member of the tuple, which could itself be a tuple.
+
+A second possibility is for \CFA to have named tuples, as they exist in Swift and D.
+\begin{cfa}
+typedef [int x, int y] Point2D;
+Point2D p1, p2;
+p1.x + p1.y + p2.x + p2.y;
+p1.0 + p1.1 + p2.0 + p2.1;  // equivalent
+\end{cfa}
+In this simpler interpretation, a tuple type carries with it a list of possibly empty identifiers.
+This approach fits naturally with the named return-value feature, and would likely go a long way towards implementing it.
+
+Ultimately, the first two extensions introduce complexity into the model, with relatively little perceived benefit, and so were dropped from consideration.
+Named tuples are a potentially useful addition to the language, provided they can be parsed with a reasonable syntax.
+
+
+\section{Casting}
+In C, the cast operator is used to explicitly convert between types.
+In \CFA, the cast operator has a secondary use, which is type ascription, since it forces the expression resolution algorithm to choose the lowest cost conversion to the target type.
+That is, a cast can be used to select the type of an expression when it is ambiguous, as in the call to an overloaded function.
+\begin{cfa}
+int f();     // (1)
+double f();  // (2)
+
+f();       // ambiguous - (1),(2) both equally viable
+(int)f();  // choose (2)
+\end{cfa}
+Since casting is a fundamental operation in \CFA, casts need to be given a meaningful interpretation in the context of tuples.
+Taking a look at standard C provides some guidance with respect to the way casts should work with tuples.
+\begin{cfa}[numbers=left]
+int f();
+void g();
+
+(void)f();  // valid, ignore results
+(int)g();   // invalid, void cannot be converted to int
+
+struct A { int x; };
+(struct A)f();  // invalid, int cannot be converted to A
+\end{cfa}
+In C, line 4 is a valid cast, which calls ©f© and discards its result.
+On the other hand, line 5 is invalid, because ©g© does not produce a result, so requesting an ©int© to materialize from nothing is nonsensical.
+Finally, line 8 is also invalid, because in C casts only provide conversion between scalar types \cite[p.~91]{C11}.
+For consistency, this implies that any case wherein the number of components increases as a result of the cast is invalid, while casts that have the same or fewer number of components may be valid.
+
+Formally, a cast to tuple type is valid when $T_n \leq S_m$, where $T_n$ is the number of components in the target type and $S_m$ is the number of components in the source type, and for each $i$ in $[0, n)$, $S_i$ can be cast to $T_i$.
+Excess elements ($S_j$ for all $j$ in $[n, m)$) are evaluated, but their values are discarded so that they are not included in the result expression.
+This discarding naturally follows the way that a cast to void works in C.
+
+For example,
+\begin{cfa}
+        [int, int, int] f();
+        [int, [int, int], int] g();
+
+        ([int, double])f();           // (1) valid
+        ([int, int, int])g();         // (2) valid
+        ([void, [int, int]])g();      // (3) valid
+        ([int, int, int, int])g();    // (4) invalid
+        ([int, [int, int, int]])g();  // (5) invalid
+\end{cfa}
+
+(1) discards the last element of the return value and converts the second element to type double.
+Since ©int© is effectively a 1-element tuple, (2) discards the second component of the second element of the return value of ©g©.
+If ©g© is free of side effects, this is equivalent to ©[(int)(g().0), (int)(g().1.0), (int)(g().2)]©.
+Since ©void© is effectively a 0-element tuple, (3) discards the first and third return values, which is effectively equivalent to ©[(int)(g().1.0), (int)(g().1.1)]©).
+% will this always hold true? probably, as constructors should give all of the conversion power we need. if casts become function calls, what would they look like? would need a way to specify the target type, which seems awkward. Also, C++ basically only has this because classes are closed to extension, while we don't have that problem (can have floating constructors for any type).
+Note that a cast is not a function call in \CFA, so flattening and structuring conversions do not occur for cast expressions.
+As such, (4) is invalid because the cast target type contains 4 components, while the source type contains only 3.
+Similarly, (5) is invalid because the cast ©([int, int, int])(g().1)© is invalid.
+That is, it is invalid to cast ©[int, int]© to ©[int, int, int]©.
+
+\section{Polymorphism}
+Due to the implicit flattening and structuring conversions involved in argument passing, ©otype© and ©dtype© parameters are restricted to matching only with non-tuple types.
+The integration of polymorphism, type assertions, and monomorphic specialization of tuple-assertions are a primary contribution of this thesis to the design of tuples.
+\begin{cfa}
+forall(otype T, dtype U)
+void f(T x, U * y);
+
+f([5, "hello"]);
+\end{cfa}
+In this example, ©[5, "hello"]© is flattened, so that the argument list appears as ©5, "hello"©.
+The argument matching algorithm binds ©T© to ©int© and ©U© to ©const char©, and calls the function as normal.
+
+Tuples can contain otype and dtype components.
+For example, a plus operator can be written to add two triples of a type together.
+\begin{cfa}
+forall(otype T | { T ?+?(T, T); })
+[T, T, T] ?+?([T, T, T] x, [T, T, T] y) {
+        return [x.0+y.0, x.1+y.1, x.2+y.2];
+}
+[int, int, int] x;
+int i1, i2, i3;
+[i1, i2, i3] = x + ([10, 20, 30]);
+\end{cfa}
+Note that due to the implicit tuple conversions, this function is not restricted to the addition of two triples.
+A call to this plus operator type checks as long as a total of 6 non-tuple arguments are passed after flattening, and all of the arguments have a common type that can bind to ©T©, with a pairwise ©?+?© over ©T©.
+For example, these expressions also succeed and produce the same value.
+\begin{cfa}
+([x.0, x.1]) + ([x.2, 10, 20, 30]);  // x + ([10, 20, 30])
+x.0 + ([x.1, x.2, 10, 20, 30]);      // x + ([10, 20, 30])
+\end{cfa}
+This presents a potential problem if structure is important, as these three expressions look like they should have different meanings.
+Furthermore, these calls can be made ambiguous by introducing seemingly different functions.
+\begin{cfa}
+forall(otype T | { T ?+?(T, T); })
+[T, T, T] ?+?([T, T] x, [T, T, T, T]);
+forall(otype T | { T ?+?(T, T); })
+[T, T, T] ?+?(T x, [T, T, T, T, T]);
+\end{cfa}
+It is also important to note that these calls could be disambiguated if the function return types were different, as they likely would be for a reasonable implementation of ©?+?©, since the return type is used in overload resolution.
+Still, these semantics are a deficiency of the current argument matching algorithm, and depending on the function, differing return values may not always be appropriate.
+These issues could be rectified by applying an appropriate conversion cost to the structuring and flattening conversions, which are currently 0-cost conversions in the expression resolver.
+Care would be needed in this case to ensure that exact matches do not incur such a cost.
+\begin{cfa}
+void f([int, int], int, int);
+
+f([0, 0], 0, 0);    // no cost
+f(0, 0, 0, 0);      // cost for structuring
+f([0, 0,], [0, 0]); // cost for flattening
+f([0, 0, 0], 0);    // cost for flattening and structuring
+\end{cfa}
+
+Until this point, it has been assumed that assertion arguments must match the parameter type exactly, modulo polymorphic specialization (\ie, no implicit conversions are applied to assertion arguments).
+This decision presents a conflict with the flexibility of tuples.
+\subsection{Assertion Inference}
+\begin{cfa}
+int f([int, double], double);
+forall(otype T, otype U | { T f(T, U, U); })
+void g(T, U);
+g(5, 10.21);
+\end{cfa}
+If assertion arguments must match exactly, then the call to ©g© cannot be resolved, since the expected type of ©f© is flat, while the only ©f© in scope requires a tuple type.
+Since tuples are fluid, this requirement reduces the usability of tuples in polymorphic code.
+To ease this pain point, function parameter and return lists are flattened for the purposes of type unification, which allows the previous example to pass expression resolution.
+
+This relaxation is made possible by extending the existing thunk generation scheme, as described by Bilson \cite{Bilson03}.
+Now, whenever a candidate's parameter structure does not exactly match the formal parameter's structure, a thunk is generated to specialize calls to the actual function.
+\begin{cfa}
+int _thunk(int _p0, double _p1, double _p2) {
+        return f([_p0, _p1], _p2);
+}
+\end{cfa}
+Essentially, this provides flattening and structuring conversions to inferred functions, improving the compatibility of tuples and polymorphism.
+
+
 \section{Tuples}
 
@@ -2680 +3255 @@
 \begin{cfa}[belowskip=0pt]
 char store[®sepSize®];                                          §\C{// sepSize is the maximum separator size}§
-strcpy( store, sepGet( sout ) );
-sepSet( sout, "_" );
+strcpy( store, sepGet( sout ) );                          §\C{// copy current separator}§
+sepSet( sout, "_" );                                            §\C{// change separator to underscore}§
 sout | 1 | 2 | 3 | endl;
 \end{cfa}
@@ -2688 +3263 @@
 \end{cfa}
 \begin{cfa}[belowskip=0pt]
-sepSet( sout, store );
+sepSet( sout, store );                                          §\C{// change separator back to original}§
 sout | 1 | 2 | 3 | endl;
 \end{cfa}
@@ -3113 +3688 @@
 
 \begin{table}[hbt]
-\hfil
-\begin{tabular}[t]{ll}
-%identifier & operation \\ \hline
-©?[?]© & subscripting \impl{?[?]}\\
-©?()© & function call \impl{?()}\\
-©?++© & postfix increment \impl{?++}\\
-©?--© & postfix decrement \impl{?--}\\
-©++?© & prefix increment \impl{++?}\\
-©--?© & prefix decrement \impl{--?}\\
-©*?© & dereference \impl{*?}\\
-©+?© & unary plus \impl{+?}\\
-©-?© & arithmetic negation \impl{-?}\\
-©~?© & bitwise negation \impl{~?}\\
-©!?© & logical complement \impl{"!?}\\
-©?*?© & multiplication \impl{?*?}\\
-©?/?© & division \impl{?/?}\\
-\end{tabular}\hfil
-\begin{tabular}[t]{ll}
-%identifier & operation \\ \hline
-©?%?© & remainder \impl{?%?}\\
-©?+?© & addition \impl{?+?}\\
-©?-?© & subtraction \impl{?-?}\\
-©?<<?© & left shift \impl{?<<?}\\
-©?>>?© & right shift \impl{?>>?}\\
-©?<?© & less than \impl{?<?}\\
-©?<=?© & less than or equal \impl{?<=?}\\
-©?>=?© & greater than or equal \impl{?>=?}\\
-©?>?© & greater than \impl{?>?}\\
-©?==?© & equality \impl{?==?}\\
-©?!=?© & inequality \impl{?"!=?}\\
-©?&?© & bitwise AND \impl{?&?}\\
-\end{tabular}\hfil
-\begin{tabular}[t]{ll}
-%identifier & operation \\ \hline
-©?^?© & exclusive OR \impl{?^?}\\
-©?|?© & inclusive OR \impl{?"|?}\\
-©?=?© & simple assignment \impl{?=?}\\
-©?*=?© & multiplication assignment \impl{?*=?}\\
-©?/=?© & division assignment \impl{?/=?}\\
-©?%=?© & remainder assignment \impl{?%=?}\\
-©?+=?© & addition assignment \impl{?+=?}\\
-©?-=?© & subtraction assignment \impl{?-=?}\\
-©?<<=?© & left-shift assignment \impl{?<<=?}\\
-©?>>=?© & right-shift assignment \impl{?>>=?}\\
-©?&=?© & bitwise AND assignment \impl{?&=?}\\
-©?^=?© & exclusive OR assignment \impl{?^=?}\\
-©?|=?© & inclusive OR assignment \impl{?"|=?}\\
-\end{tabular}
-\hfil
+\centering
+\input{../refrat/operidents}
 \caption{Operator Identifiers}
 \label{opids}
@@ -3208 +3736 @@
 \section{Auto Type-Inferencing}
 
-Auto type-inferencing occurs in a declaration where a variable's type is inferred from its initialization expression type.
+Auto type-inferencing occurs in a declaration where a variable's type is inferred from its initialization ex\-pression type.
 \begin{quote2}
 \begin{tabular}{@{}l@{\hspace{3em}}ll@{}}
@@ -3237 +3765 @@
 \begin{itemize}
 \item
-preventing having to determine or write out long generic types,
+preventing having to determine or write long generic types,
 \item
 ensure secondary variables, related to a primary variable, always have the same type.
@@ -3245 +3773 @@
 \Indexc{gcc} provides ©typeof© to declare a secondary variable from a primary variable.
 \CFA also relies heavily on the specification of the left-hand side of assignment for type inferencing, so in many cases it is crucial to specify the type of the left-hand side to select the correct type of the right-hand expression.
-Only for overloaded routines with the same return type is variable type-inferencing possible.
+Only for overloaded routines \emph{with the same return type} is variable type-inferencing possible.
 Finally, ©auto© presents the programming problem of tracking down a type when the type is actually needed.
 For example, given
@@ -3261 +3789 @@
 There is also the conundrum in type inferencing of when to \emph{\Index{brand}} a type.
 That is, when is the type of the variable more important than the type of its initialization expression.
-For example, if a change is made in an initialization expression, it can cause hundreds or thousands of cascading type changes and/or errors.
-At some point, a programmer wants the type of the variable to remain constant and the expression to be in error when it changes.
+For example, if a change is made in an initialization expression, it can cause significant cascading type changes and/or errors.
+At some point, a variable type needs to remain constant and the expression to be in error when it changes.
 
 Given ©typedef© and ©typeof© in \CFA, and the strong need to use the type of left-hand side in inferencing, auto type-inferencing is not supported at this time.
@@ -3475 +4003 @@
         }
 \end{cfa}
-\end{comment}
-
-
-\subsection{Memory Management}
-
-
-\subsubsection{Manual Memory Management}
-
-Using malloc and free to dynamically allocate memory exposes several potential, and common, errors.
-First, malloc breaks type safety because it returns a pointer to void.
-There is no relationship between the type that the returned pointer is cast to, and the amount of memory allocated.
-This problem is solved with a type-safe malloc.
-Do.s type-safe malloc does not take any arguments for size.
-Instead, it infers the type based on the return value, and then allocates space for the inferred type.
-
-\begin{cfa}
-float *f = malloc(); // allocates the size of a float
-
-struct S {
-        int i, j, k;
-};
-
-struct S *s = malloc(); // allocates the size of a struct S
-\end{cfa}
-
-In addition to the improved malloc, \CFA also provides a technique for combining allocation and initialization into one step, using the new function.
-For all constructors defined for a given type (see Operator Overloading), a corresponding call to new can be used to allocate and construct that type.
-
-\begin{cfa}
-type Complex = struct {
-        float real;
-        float imag;
-};
-
-// default constructor
-
-void ?{}(Complex &c) {
-        c.real = 0.0;
-        c.imag = 0.0;
-}
-
-
-
-// 2 parameter constructor
-
-void ?{}(Complex &c, float real, float imag) {
-        c.real = real;
-        c.imag = imag;
-}
-
-
-int main() {
-        Complex c1; // No constructor is called
-        Complex c2{}; // Default constructor called
-        Complex c3{1.0, -1.0}; // 2 parameter constructor is called
-
-        Complex *p1 = malloc(); // allocate
-        Complex *p2 = new(); // allocate + default constructor
-        Complex *p3 = new(0.5, 1.0); // allocate + 2 param constructor
-}
-\end{cfa}
-
-
-\subsubsection{Automatic Memory Management}
-
-\CFA may also support automatic memory management to further improve safety.
-If the compiler can insert all of the code needed to manage dynamically allocated memory (automatic reference counting), then developers can avoid problems with dangling pointers, double frees, memory leaks, etc.
-This feature requires further investigation.
-\CFA will not have a garbage collector, but might use some kind of region-based memory management.
-
-
-\begin{comment}
-\subsection{Unsafe C Constructs}
-
-C programmers are able to access all of the low-level tricks that are sometimes needed for close-to-the-hardware programming.
-Some of these practices however are often error-prone and difficult to read and maintain.
-Since \CFA is designed to be safer than C, such constructs are disallowed in \CFA code.
-If a programmer wants to use one of these unsafe C constructs, the unsafe code must be contained in a C linkage block (see Interoperability), which will be compiled like C code.
-This block means that the user is telling the tools, .I know this is unsafe, but I.m going to do it anyway..
-
-The exact set of unsafe C constructs that will be disallowed in \CFA has not yet been decided, but is sure to include pointer arithmetic, pointer casting, etc.
-Once the full set is decided, the rules will be listed here.
 \end{comment}
 
@@ -3780 +4226 @@
 \label{f:SimpleTasks}
 \end{figure}
-
-
-\begin{comment}
-\begin{cfa}
-type Adder = task {
-        int *row;
-        int size;
-        int &subtotal;
-}
-\end{cfa}
-
-A task may define a constructor, which will be called upon allocation and run on the caller.s thread.
-A destructor may also be defined, which is called at deallocation (when a dynamic object is deleted or when a local object goes out of scope).
-After a task is allocated and initialized, its thread is spawned implicitly and begins executing in its function call method.
-All tasks must define this function call method, with a void return value and no additional parameters, or the compiler will report an error.
-Below are example functions for the above Adder task, and its usage to sum up a matrix on multiple threads.
-(Note that this example is designed to display the syntax and functionality, not the best method to solve this problem)
-\begin{cfa}
-void ?{}(Adder &a, int r[], int s, int &st) { // constructor
-        a.row = r;
-        a.size = s;
-        a.subtotal = st;
-}
-
-// implicitly spawn thread and begin execution here
-
-void ?()(Adder &a) {
-        int c;
-        subtotal = 0;
-        for (c=0; c<a.size; ++c) {
-        subtotal += row[c];
-        }
-}
-
-int main() {
-        const int rows = 100, cols = 1000000;
-        int matrix[rows][cols];
-        int subtotals[rows];
-        int total = 0;
-        int r;
-
-        { // create a new scope here for our adders
-        Adder adders[rows];
-        // read in the matrix
-        ...
-        for (r=0; r<rows; ++r) {
-        // tasks are initialized on this thread
-        Adders[r] = {matrix[r], cols, subtotals[r]};
-        Adders[r](); // spawn thread and begin execution
-        }
-        } // adders go out of scope; block here until they all finish
-        total += subtotals[r];
-        printf(.total is %d\n., total);
-}
-\end{cfa}
-
-\subsection{Cooperative Scheduling}
-
-Tasks in \CFA are cooperatively scheduled, meaning that a task will not be interrupted by another task, except at specific yield points.
-In Listing 31, there are no yield points, so each task runs to completion with no interruptions.
-Places where a task could yield include waiting for a lock (explicitly or implicitly), waiting for I/O, or waiting for a specific function (or one of a set of functions) to be called.
-This last option is introduced with the yield function. yield is used to indicate that this task should yield its thread until the specified function is called.
-For example, the code below defines a monitor that maintains a generic list.
-When a task tries to pop from the list, but it is empty, the task should yield until another task puts something into the list, with the push function.
-Similarly, when a task tries to push something onto the list, but it is full, it will yield until another task frees some space with the pop function.
-
-\begin{cfa}
-// type T is used as a generic type for all definitions inside
-// the curly brackets
-
-generic(type T) {
-        type Channel = monitor {
-        List(T) list; // list is a simple generic list type
-        };
-
-        T pop(mutex &Channel(T) ch) {
-        if (ch.list.empty()) {
-        // yield until push is called for this channel
-        yield(push);
-        }
-        return ch.list.pop();
-        }
-
-        void push(mutex &Channel(T)ch, T val) {
-        if (ch.list.full()) {
-        // yield until pop is called for this channel
-        yield(pop);
-        }
-        ch.list.push(val);
-        }
-}
-\end{cfa}
-
-A task can also yield indefinitely by calling yield with no arguments.
-This will tell the scheduler to yield this task until it is resumed by some other task.
-A task can resume another task by using its functional call operator.
-The code below shows a simple ping-pong example, where two tasks yield back and forth to each other using these methods.
-
-\begin{cfa}
-type Ping = task {
-        Pong *partner;
-};
-
-void ?{}(Ping &p, Pong *partner = 0) {
-        p.partner = partner;
-}
-
-void ?()(Ping &p) {
-        for(;;) { // loop forever
-        printf(.ping\n.);
-        partner(); // resumes the partner task
-        yield(); // yields this task
-        }
-}
-
-type Pong = task {
-        Ping *partner;
-};
-
-void ?{}(Pong &p, Ping *partner = 0) {
-        p.partner = partner;
-}
-
-void ?()(Pong &p) {
-        for(;;) { // loop forever
-        yield(); // yields this task
-        printf(.pong/n.);
-        partner(); // resumes the partner task
-        }
-}
-
-void main() {
-        Ping ping; // allocate ping
-        Pong pong{ping}; // allocate, initialize, and start pong
-        Ping{pong}; // initialize and start ping
-}
-\end{cfa}
-
-The same functionality can be accomplished by providing functions to be called by the partner task.
-\begin{cfa}
-type Pingpong = task {
-        String msg;
-        Pingpong *partner;
-};
-
-void ?{}(Pingpong &p, String msg, Pingpong *partner = 0) {
-        p.msg = msg;
-        p.partner = partner;
-}
-
-void ?()(Pingpong &p) {
-        for(;;) {
-        yield(go);
-        }
-}
-
-void go(Pingpong &p) {
-        print(.%(p.msg)\n.);
-        go(p.partner);
-}
-
-void main() {
-        Pingpong ping = {.ping.};
-        Pingpong pong = {.pong., ping};
-        ping.partner = pong;
-        go(ping);
-}
-\end{cfa}
-\end{comment}
 
 
@@ -4609 +4886 @@
 
 
-\section{Comparison with Other Languages}
+\section{Language Comparisons}
 
 \CFA is one of many languages that attempts to improve upon C.
@@ -5344 +5621 @@
 
 
-\section{\texorpdfstring{\CFA Keywords}{Cforall Keywords}}
-\label{s:CFAKeywords}
-
-\CFA introduces the following new keywords.
-
-\begin{quote2}
-\begin{tabular}{lllll}
-\begin{tabular}{@{}l@{}}
-©_At©                   \\
-©catch©                 \\
-©catchResume©   \\
-©choose©                \\
-©coroutine©             \\
-\end{tabular}
-&
-\begin{tabular}{@{}l@{}}
-©disable©               \\
-©dtype©                 \\
-©enable©                \\
-©fallthrough©   \\
-©fallthru©              \\
-\end{tabular}
-&
-\begin{tabular}{@{}l@{}}
-©finally©               \\
-©forall©                \\
-©ftype©                 \\
-©lvalue©                \\
-©monitor©               \\
-\end{tabular}
-&
-\begin{tabular}{@{}l@{}}
-©mutex©                 \\
-©one_t©                 \\
-©otype©                 \\
-©throw©                 \\
-©throwResume©   \\
-\end{tabular}
-&
-\begin{tabular}{@{}l@{}}
-©trait©                 \\
-©try©                   \\
-©ttype©                 \\
-©zero_t©                \\
-                                \\
-\end{tabular}
-\end{tabular}
-\end{quote2}
-
-
-\section{Incompatible}
+\section{C Incompatibles}
 
 The following incompatibles exist between \CFA and C, and are similar to Annex C for \CC~\cite{C++14}.
@@ -5422 +5649 @@
 g( p1, p2 ) int p1, p2;                 §\C{// int g( int p1, int p2 );}§
 \end{cfa}
-\CFA supports K\&R routine definitions:
+\CFA continues to support K\&R routine definitions:
 \begin{cfa}
 f( a, b, c )                                    §\C{// default int return}§
@@ -5495 +5722 @@
 struct X { int i; struct X *next; };
 static struct X a;                              §\C{// forward definition}§
-static struct X b = { 0, ®&a® };        §\C{// forward reference, valid in C, invalid in \CFA}§
+static struct X b = { 0, ®&a® };§\C{// forward reference, valid in C, invalid in \CFA}§
 static struct X a = { 1, &b };  §\C{// definition}§
 \end{cfa}
@@ -5510 +5737 @@
 enum ®Colour® { R, G, B, Y, C, M };
 struct Person {
-        enum ®Colour® { R, G, B };      §\C{// nested type}§
+        enum ®Colour® { R, G, B };      §\C[7cm]{// nested type}§
         struct Face {                           §\C{// nested type}§
                 ®Colour® Eyes, Hair;    §\C{// type defined outside (1 level)}§
@@ -5519 +5746 @@
 };
 ®Colour® c = R;                                 §\C{// type/enum defined same level}§
-Person®.Colour® pc = Person®.®R;        §\C{// type/enum defined inside}§
-Person®.®Face pretty;                   §\C{// type defined inside}§
+Person®.Colour® pc = Person®.®R;§\C{// type/enum defined inside}§
+Person®.®Face pretty;                   §\C{// type defined inside}\CRT§
 \end{cfa}
 In C, the name of the nested types belongs to the same scope as the name of the outermost enclosing structure, \ie the nested types are hoisted to the scope of the outer-most type, which is not useful and confusing.
@@ -5549 +5776 @@
 \item
 \begin{description}
+\item[Change:] remove implicit conversion of ©void *© to or from any ©T *© pointer:
+\begin{cfa}
+void foo() {
+        int * b = malloc( sizeof(int) );        §\C{// implicitly convert void * to int *}§
+        char * c = b;                           §\C{// implicitly convert int * to void *, and then void * to char *}§
+}
+\end{cfa}
+\item[Rationale:] increase type safety
+\item[Effect on original feature:] deletion of semantically well-defined feature.
+\item[Difficulty of converting:] requires adding a cast (see \VRef{s:StorageManagement} for better alternatives):
+\begin{cfa}
+        int * b = (int *)malloc( sizeof(int) );
+        char * c = (char *)b;
+\end{cfa}
+\item[How widely used:] Significant.
+Some C translators already give a warning if the cast is not used.
+\end{description}
+
+\item
+\begin{description}
+\item[Change:] Types must be declared in declarations, not in expressions
+In C, a sizeof expression or cast expression may create a new type. For example,
+\begin{cfa}
+p = (void*)(struct x {int i;} *)0;
+\end{cfa}
+declares a new type, struct x .
+\item[Rationale:] This prohibition helps to clarify the location of declarations in the source code.
+\item[Effect on original feature:] Deletion of a semantically welldefined feature.
+\item[Difficulty of converting:] Syntactic transformation.
+\item[How widely used:] Seldom.
+\end{description}
+
+\item
+\begin{description}
 \item[Change:] comma expression is disallowed as subscript
 \item[Rationale:] safety issue to prevent subscripting error for multidimensional arrays: ©x[i,j]© instead of ©x[i][j]©, and this syntactic form then taken by \CFA for new style arrays.
 \item[Effect on original feature:] change to semantics of well-defined feature.
 \item[Difficulty of converting:] semantic transformation of ©x[i,j]© to ©x[(i,j)]©
-\item[How widely used:] seldom.
+\item[How widely used:] Seldom.
 \end{description}
 \end{enumerate}
 
 
+\section{\texorpdfstring{\CFA Keywords}{Cforall Keywords}}
+\label{s:CFAKeywords}
+
+\CFA introduces the following new keywords.
+
+\begin{quote2}
+\input{../refrat/keywords}
+\end{quote2}
+
+
 \section{Standard Headers}
 \label{s:StandardHeaders}
@@ -5563 +5834 @@
 \Celeven prescribes the following standard header-files~\cite[\S~7.1.2]{C11} and \CFA adds to this list:
 \begin{quote2}
-\lstset{deletekeywords={float}}
-\begin{tabular}{@{}llll|l@{}}
-\multicolumn{4}{c|}{C11} & \multicolumn{1}{c}{\CFA}             \\
+\begin{tabular}{@{}llllll|l@{}}
+\multicolumn{6}{c|}{C11} & \multicolumn{1}{c}{\CFA}             \\
 \hline
 \begin{tabular}{@{}l@{}}
@@ -5573 +5843 @@
 \Indexc{errno.h}                \\
 \Indexc{fenv.h}                 \\
-\Indexc{float.h}                \\
-\Indexc{inttypes.h}             \\
-\Indexc{iso646.h}               \\
 \end{tabular}
 &
 \begin{tabular}{@{}l@{}}
+\Indexc[deletekeywords=float]{float.h} \\
+\Indexc{inttypes.h}             \\
+\Indexc{iso646.h}               \\
 \Indexc{limits.h}               \\
 \Indexc{locale.h}               \\
+\end{tabular}
+&
+\begin{tabular}{@{}l@{}}
 \Indexc{math.h}                 \\
 \Indexc{setjmp.h}               \\
@@ -5586 +5859 @@
 \Indexc{stdalign.h}             \\
 \Indexc{stdarg.h}               \\
-\Indexc{stdatomic.h}    \\
 \end{tabular}
 &
 \begin{tabular}{@{}l@{}}
+\Indexc{stdatomic.h}    \\
 \Indexc{stdbool.h}              \\
 \Indexc{stddef.h}               \\
 \Indexc{stdint.h}               \\
 \Indexc{stdio.h}                \\
+\end{tabular}
+&
+\begin{tabular}{@{}l@{}}
 \Indexc{stdlib.h}               \\
 \Indexc{stdnoreturn.h}  \\
 \Indexc{string.h}               \\
 \Indexc{tgmath.h}               \\
+\Indexc{threads.h}              \\
 \end{tabular}
 &
 \begin{tabular}{@{}l@{}}
-\Indexc{threads.h}              \\
 \Indexc{time.h}                 \\
 \Indexc{uchar.h}                \\
@@ -5607 +5883 @@
 \Indexc{wctype.h}               \\
                                                 \\
-                                                \\
-                                                \\
 \end{tabular}
 &
 \begin{tabular}{@{}l@{}}
+\Indexc{gmp.h}                  \\
+\Indexc{malloc.h}               \\
 \Indexc{unistd.h}               \\
-\Indexc{gmp.h}                  \\
-                                                \\
-                                                \\
-                                                \\
-                                                \\
                                                 \\
                                                 \\
@@ -5626 +5897 @@
 hence, names in these include files are not mangled\index{mangling!name} (see~\VRef{s:Interoperability}).
 All other C header files must be explicitly wrapped in ©extern "C"© to prevent name mangling.
-For \Index*[C++]{\CC{}}, the name-mangling issue is handled implicitly because most C header-files are augmented with checks for preprocessor variable ©__cplusplus©, which adds appropriate ©extern "C"© qualifiers.
+For \Index*[C++]{\CC{}}, the name-mangling issue is often handled internally in many C header-files through checks for preprocessor variable ©__cplusplus©, which adds appropriate ©extern "C"© qualifiers.
 
 
@@ -5636 +5907 @@
 
 \subsection{Storage Management}
+\label{s:StorageManagement}
 
 The storage-management routines extend their C equivalents by overloading, alternate names, providing shallow type-safety, and removing the need to specify the allocation size for non-array types.
@@ -5655 +5927 @@
 The table shows allocation routines supporting different combinations of storage-management capabilities:
 \begin{center}
-\begin{tabular}{@{}lr|l|l|l|l@{}}
-                &                                       & \multicolumn{1}{c|}{fill}     & resize        & alignment     & array \\
+\begin{tabular}{@{}r|r|l|l|l|l@{}}
+\multicolumn{1}{c}{}&           & \multicolumn{1}{c|}{fill}     & resize        & alignment     & array \\
 \hline
 C               & ©malloc©                      & no                    & no            & no            & no    \\
@@ -5663 +5935 @@
                 & ©memalign©            & no                    & no            & yes           & no    \\
                 & ©posix_memalign©      & no                    & no            & yes           & no    \\
+\hline
 C11             & ©aligned_alloc©       & no                    & no            & yes           & no    \\
+\hline
 \CFA    & ©alloc©                       & no/copy/yes   & no/yes        & no            & yes   \\
                 & ©align_alloc©         & no/yes                & no            & yes           & yes   \\
@@ -5847 +6121 @@
 long double remainder( long double, long double );
 
-[ int, float ] remquo( float, float );§\indexc{remquo}§
-float remquo( float, float, int * );
+float remquo( float, float, int * );§\indexc{remquo}§
+double remquo( double, double, int * );
+long double remquo( long double, long double, int * );
+[ int, float ] remquo( float, float );
 [ int, double ] remquo( double, double );
-double remquo( double, double, int * );
 [ int, long double ] remquo( long double, long double );
-long double remquo( long double, long double, int * );
-
-[ int, float ] div( float, float );                                             // alternative name for remquo
-float div( float, float, int * );§\indexc{div}§
+
+float div( float, float, int * );§\indexc{div}§ §\C{// alternative name for remquo}§
+double div( double, double, int * );
+long double div( long double, long double, int * );
+[ int, float ] div( float, float );
 [ int, double ] div( double, double );
-double div( double, double, int * );
 [ int, long double ] div( long double, long double );
-long double div( long double, long double, int * );
 
 float fma( float, float, float );§\indexc{fma}§
@@ -5889 +6163 @@
 double exp2( double );
 long double exp2( long double );
-float _Complex exp2( float _Complex );
-double _Complex exp2( double _Complex );
-long double _Complex exp2( long double _Complex );
+// float _Complex exp2( float _Complex );
+// double _Complex exp2( double _Complex );
+// long double _Complex exp2( long double _Complex );
 
 float expm1( float );§\indexc{expm1}§
@@ -5897 +6171 @@
 long double expm1( long double );
 
+float pow( float, float );§\indexc{pow}§
+double pow( double, double );
+long double pow( long double, long double );
+float _Complex pow( float _Complex, float _Complex );
+double _Complex pow( double _Complex, double _Complex );
+long double _Complex pow( long double _Complex, long double _Complex );
+\end{cfa}
+
+
+\subsection{Logarithm}
+
+\leavevmode
+\begin{cfa}[aboveskip=0pt,belowskip=0pt]
 float log( float );§\indexc{log}§
 double log( double );
@@ -5907 +6194 @@
 double log2( double );
 long double log2( long double );
-float _Complex log2( float _Complex );
-double _Complex log2( double _Complex );
-long double _Complex log2( long double _Complex );
+// float _Complex log2( float _Complex );
+// double _Complex log2( double _Complex );
+// long double _Complex log2( long double _Complex );
 
 float log10( float );§\indexc{log10}§
 double log10( double );
 long double log10( long double );
-float _Complex log10( float _Complex );
-double _Complex log10( double _Complex );
-long double _Complex log10( long double _Complex );
+// float _Complex log10( float _Complex );
+// double _Complex log10( double _Complex );
+// long double _Complex log10( long double _Complex );
 
 float log1p( float );§\indexc{log1p}§
@@ -5929 +6216 @@
 double logb( double );
 long double logb( long double );
-\end{cfa}
-
-
-\subsection{Power}
-
-\leavevmode
-\begin{cfa}[aboveskip=0pt,belowskip=0pt]
+
 float sqrt( float );§\indexc{sqrt}§
 double sqrt( double );
@@ -5950 +6231 @@
 double hypot( double, double );
 long double hypot( long double, long double );
-
-float pow( float, float );§\indexc{pow}§
-double pow( double, double );
-long double pow( long double, long double );
-float _Complex pow( float _Complex, float _Complex );
-double _Complex pow( double _Complex, double _Complex );
-long double _Complex pow( long double _Complex, long double _Complex );
 \end{cfa}
 
@@ -6010 +6284 @@
 long double atan2( long double, long double );
 
-float atan( float, float );                                                             // alternative name for atan2
+float atan( float, float );                                     §\C{// alternative name for atan2}§
 double atan( double, double );§\indexc{atan}§
 long double atan( long double, long double );
@@ -6198 +6472 @@
 
 \begin{cfa}
-void ?{}( Int * this );                                 §\C{// constructor}§
+void ?{}( Int * this );                                 §\C{// constructor/destructor}§
 void ?{}( Int * this, Int init );
 void ?{}( Int * this, zero_t );
@@ -6453 +6727 @@
 // implementation
 struct Rational {§\indexc{Rational}§
-        long int numerator, denominator;                                        // invariant: denominator > 0
+        long int numerator, denominator;        §\C{// invariant: denominator > 0}§
 }; // Rational
 

doc/working/resolver_design.md

@@ -91 +91 @@
 ## Conversion Costs ##
 Each possible resolution of an expression has a _cost_ tuple consisting of 
-the following components: _unsafe_ conversion cost, _polymorphic_ 
-specialization cost, _safe_ conversion cost, a count of _explicit_ 
-conversions, and _qualifier_ conversion cost. 
+the following components:
+1. _unsafe_ conversion cost: summed degree of unsafe conversions; unlike CFA03, this is not a simple count of conversions (for symmetry with the safe conversions)
+2. _polymorphic unifications_: count of parameters and return values bound to some polymorphic type for boxing
+3. _type variables_: number of polymorphic type variables bound
+4. negated _type specializations_: Each type assertion specializes the polymorphism, thus decreasing the cost; nested polymorphic types (e.g. `T*`) are also counted as specializations
+5. _safe_ conversions: summed degree of safe conversions
+6. _qualifier_ conversions: summed degree of qualifier and reference conversions
 These components are lexically-ordered and can be summed element-wise; 
 summation starts at `(0, 0, 0, 0, 0)`.
+
+**TODO** update below for consistency with this
 
 ### Lvalue and Qualifier Conversions ###