Changeset 436c0de for doc

Timestamp:

Jun 18, 2017, 9:22:22 AM (6 years ago)

Author:

Rob Schluntz <rschlunt@…>

Branches:

ADT, aaron-thesis, arm-eh, ast-experimental, cleanup-dtors, deferred_resn, demangler, enum, forall-pointer-decay, jacob/cs343-translation, jenkins-sandbox, master, new-ast, new-ast-unique-expr, new-env, no_list, persistent-indexer, pthread-emulation, qualifiedEnum, resolv-new, with_gc

Children:

f1e80d8

Parents:

ade20d0 (diff), 42b0d73 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

Message:

Merge branch 'master' of plg.uwaterloo.ca:/u/cforall/software/cfa/cfa-cc

Conflicts:

src/InitTweak/GenInit.cc

Location:

doc

Files:

• generic_types/refereeReport.txt (added)
• proposals/concurrency/Makefile (modified) (1 diff)
• proposals/concurrency/build/bump_ver.sh (modified) (1 diff)
• proposals/concurrency/build/version (deleted)
• proposals/concurrency/text/basics.tex (modified) (14 diffs)
• proposals/concurrency/text/cforall.tex (added)
• proposals/concurrency/text/concurrency.tex (modified) (7 diffs)
• proposals/concurrency/text/intro.tex (modified) (1 diff)
• proposals/concurrency/thesis.tex (modified) (2 diffs)
• proposals/concurrency/version (added)
• proposals/tagged-struct.txt (added)
• user/user.tex (modified) (62 diffs)
• working/exception/design.txt (modified) (2 diffs)
• working/exception/impl/except.c (deleted)
• working/exception/impl/except.h (deleted)
• working/exception/impl/exception.c (added)
• working/exception/impl/exception.h (added)
• working/exception/impl/main.c (deleted)
• working/exception/impl/resume-main.c (deleted)
• working/exception/impl/test-main.c (added)
• working/exception/translate.c (added)

doc/proposals/concurrency/Makefile

@@ -13 +13 @@
 annex/glossary \
 text/intro \
+text/cforall \
 text/basics \
 text/concurrency \

doc/proposals/concurrency/build/bump_ver.sh

@@ -1 +1 @@
 #!/bin/bash
-if [ ! -f build/version ]; then
-    echo "0.0.0" > build/version
+if [ ! -f version ]; then
+    echo "0.0.0" > version
 fi
 
-sed -r 's/([0-9]+\.[0-9]+.)([0-9]+)/echo "\1\$((\2+1))" > version/ge' build/version > /dev/null
+sed -r 's/([0-9]+\.[0-9]+.)([0-9]+)/echo "\1\$((\2+1))" > version/ge' version > /dev/null

doc/proposals/concurrency/text/basics.tex

@@ -7 +7 @@
 
 \section{Basics of concurrency}
-At its core, concurrency is based on having multiple call stacks and potentially multiple threads of execution for these stacks. Concurrency alone without parallelism only requires having multiple call stacks (or contexts) for a single thread of execution and switching between these call stacks on a regular basis. A minimal concurrency product can be achieved by creating coroutines which instead of context switching between each other, always ask an oracle where to context switch next. While coroutines do not technically require a stack, stackfull coroutines are the closest abstraction to a practical "naked"" call stack. When writing concurrency in terms of coroutines, the oracle effectively becomes a scheduler and the whole system now follows a cooperative threading model \cit. The oracle/scheduler can either be a stackless or stackfull entity and correspondingly require one or two context switches to run a different coroutine but in any case a subset of concurrency related challenges start to appear. For the complete set of concurrency challenges to be present, the only feature missing is preemption. Indeed, concurrency challenges appear with the lack of determinism. Guaranteeing mutual-exclusion or synchronisation are simply ways of limiting the lack of determinism in the system. A scheduler introduces order of execution uncertainty while preemption introduces incertainty about when context-switches occur. Now it is important to understand that uncertainty is not necessarily undesireable, uncertainty can often be used by systems to significantly increase performance and is often the basis of giving the user the illusion that hundred of tasks are running in parallel. Optimal performance in concurrent applications is often obtained by having as little determinism as correctness will allow\cit.
+At its core, concurrency is based on having call-stacks and potentially multiple threads of execution for these stacks. Concurrency without parallelism only requires having multiple call stacks (or contexts) for a single thread of execution, and switching between these call stacks on a regular basis. A minimal concurrency product can be achieved by creating coroutines, which instead of context switching between each other, always ask an oracle where to context switch next. While coroutines do not technically require a stack, stackfull coroutines are the closest abstraction to a practical "naked"" call stack. When writing concurrency in terms of coroutines, the oracle effectively becomes a scheduler and the whole system now follows a cooperative threading-model \cit. The oracle/scheduler can either be a stackless or stackfull entity and correspondingly require one or two context switches to run a different coroutine. In any case, a subset of concurrency related challenges start to appear. For the complete set of concurrency challenges to occur, the only feature missing is preemption. Indeed, concurrency challenges appear with non-determinism. Guaranteeing mutual-exclusion or synchronisation are simply ways of limiting the lack of determinism in a system. A scheduler introduces order of execution uncertainty, while preemption introduces incertainty about where context-switches occur. Now it is important to understand that uncertainty is not necessarily undesireable; uncertainty can often be used by systems to significantly increase performance and is often the basis of giving a user the illusion that tasks are running in parallel. Optimal performance in concurrent applications is often obtained by having as much non-determinism as correctness allows\cit.
 
 \section{\protect\CFA 's Thread Building Blocks}
-% As a system-level language, \CFA should offer both performance and flexibilty as its primary goals, simplicity and user-friendliness being a secondary concern. Therefore, the core of parallelism in \CFA should prioritize power and efficiency. With this said, deconstructing popular paradigms in order to get simple building blocks yields \glspl{uthread} as the core parallelism block. \Glspl{pool} and other parallelism paradigms can then be built on top of the underlying threading model.
-One of the important features that is missing to C is threading. On modern architectures, the lack of threading is becoming less and less forgivable\cite{Sutter05, Sutter05b} and therefore any modern programming language should have the proper tools to allow users to write performant concurrent and/or parallel programs. As an extension of C, \CFA needs to express these concepts an a way that is as natural as possible to programmers used to imperative languages. And being a system level language means programmers will expect to be able to choose precisely which features they need and which cost they are willing to pay.
-
-\section{Coroutines A stepping stone}\label{coroutine}
-While the main focus of this proposal is concurrency and parallelism, as mentionned above it is important to adress coroutines which are actually a significant underlying aspect of the concurrency system. Indeed, while having nothing todo with parallelism and arguably little to do with concurrency, coroutines need to deal with context-switchs and and other context management operations. Therefore, this proposal includes coroutines both as an intermediate step for the implementation of threads and a first class feature of \CFA. Furthermore, many design challenges of threads are at least partially present in designing coroutines, which makes the design effort that much more relevant. The core API of coroutines revolve around two features independent call stacks and \code{suspend}/\code{resume}.
+One of the important features that is missing in C is threading. On modern architectures, a lack of threading is becoming less and less forgivable\cite{Sutter05, Sutter05b}, and therefore modern programming languages must have the proper tools to allow users to write performant concurrent and/or parallel programs. As an extension of C, \CFA needs to express these concepts in a way that is as natural as possible to programmers used to imperative languages. And being a system-level language means programmers expect to choose precisely which features they need and which cost they are willing to pay.
+
+\section{Coroutines: A stepping stone}\label{coroutine}
+While the main focus of this proposal is concurrency and parallelism, as mentionned above it is important to adress coroutines, which are actually a significant underlying aspect of a concurrency system. Indeed, while having nothing todo with parallelism and arguably little to do with concurrency, coroutines need to deal with context-switchs and and other context-management operations. Therefore, this proposal includes coroutines both as an intermediate step for the implementation of threads, and a first class feature of \CFA. Furthermore, many design challenges of threads are at least partially present in designing coroutines, which makes the design effort that much more relevant. The core API of coroutines revolve around two features: independent call stacks and \code{suspend}/\code{resume}.
 
 Here is an example of a solution to the fibonnaci problem using \CFA coroutines:
@@ -26 +25 @@
         }
 
+        // main automacically called on first resume
         void main(Fibonacci* this) {
                 int fn1, fn2;           // retained between resumes
@@ -59 +59 @@
 
 \subsection{Construction}
-One important design challenge for coroutines and threads (shown in section \ref{threads}) is that the runtime system needs to run some code after the user-constructor runs. In the case of the coroutines this challenge is simpler since there is no loss of determinism brough by preemption or scheduling, however, the underlying challenge remains the same for coroutines and threads.
-
-The runtime system needs to create the coroutine's stack and more importantly prepare it for the first resumption. The timing of the creation is non trivial since users both expect to have fully constructed objects once execution enters the coroutine main and to be able to resume the coroutine from the constructor (Obviously we only solve cases where these two statements don't conflict). There are several solutions to this problem but the chosen options effectively forces the design of the coroutine.
-
-Furthermore, \CFA faces an extra challenge which is that polymorphique routines rely on invisible thunks when casted to non-polymorphic routines and these thunks have function scope. For example, the following code, while looking benign, can run into undefined behaviour because of thunks:
+One important design challenge for coroutines and threads (shown in section \ref{threads}) is that the runtime system needs to run code after the user-constructor runs. In the case of coroutines, this challenge is simpler since there is no non-determinism from preemption or scheduling. However, the underlying challenge remains the same for coroutines and threads.
+
+The runtime system needs to create the coroutine's stack and more importantly prepare it for the first resumption. The timing of the creation is non-trivial since users both expect to have fully constructed objects once execution enters the coroutine main and to be able to resume the coroutine from the constructor. Like for regular objects, constructors can still leak coroutines before they are ready. There are several solutions to this problem but the chosen options effectively forces the design of the coroutine.
+
+Furthermore, \CFA faces an extra challenge as polymorphic routines create invisible thunks when casted to non-polymorphic routines and these thunks have function scope. For example, the following code, while looking benign, can run into undefined behaviour because of thunks:
 
 \begin{cfacode}
@@ -78 +78 @@
 }
 \end{cfacode}
-Indeed, the generated C code\footnote{Code trimmed down for brevity} shows that a local thunk is created in order to hold type information:
+The generated C code\footnote{Code trimmed down for brevity} creates a local thunk to hold type information:
 
 \begin{ccode}
@@ -95 +95 @@
 }
 \end{ccode}
-The problem in the this example is that there is a race condition between the start of the execution of \code{noop} on the other thread and the stack frame of \code{bar} being destroyed. This extra challenge limits which solutions are viable because storing the function pointer for too long only increases the chances that the race will end in undefined behavior; i.e. the stack based thunk being destroyed before it was used.
+The problem in this example is a race condition between the start of the execution of \code{noop} on the other thread and the stack frame of \code{bar} being destroyed. This extra challenge limits which solutions are viable because storing the function pointer for too long only increases the chances that the race will end in undefined behavior; i.e. the stack based thunk being destroyed before it was used. This challenge is an extension of challenges that come with second-class routines. Indeed, GCC nested routines also have the limitation that the routines cannot be passed outside of the scope of the functions these were declared in. The case of coroutines and threads is simply an extension of this problem to multiple call-stacks.
 
 \subsection{Alternative: Composition}
-One solution to this challenge would be to use inheritence,
+One solution to this challenge would be to use composition/containement,
 
 \begin{cfacode}
         struct Fibonacci {
               int fn; // used for communication
-              coroutine c;
+              coroutine c; //composition
         };
 
@@ -111 +111 @@
         }
 \end{cfacode}
-
-There are two downsides to this approach. The first, which is relatively minor, is that the base class needs to be made aware of the main routine pointer, regardless of whether we use a parameter or a virtual pointer, this means the coroutine data must be made larger to store a value that is actually a compile time constant (The address of the main routine). The second problem which is both subtle but significant, is that now users can get the initialisation order of there coroutines wrong. Indeed, every field of a \CFA struct will be constructed but in the order of declaration, unless users explicitly write otherwise. This means that users who forget to initialize a the coroutine at the right time may resume the coroutine with an uninitilized object. For coroutines, this is unlikely to be a problem, for threads however, this is a significant problem.
+There are two downsides to this approach. The first, which is relatively minor, is that the base class needs to be made aware of the main routine pointer, regardless of whether a parameter or a virtual pointer is used, this means the coroutine data must be made larger to store a value that is actually a compile time constant (address of the main routine). The second problem, which is both subtle and significant, is that now users can get the initialisation order of there coroutines wrong. Indeed, every field of a \CFA struct is constructed but in declaration order, unless users explicitly write otherwise. This semantics means that users who forget to initialize a the coroutine may resume the coroutine with an uninitilized object. For coroutines, this is unlikely to be a problem, for threads however, this is a significant problem.
 
 \subsection{Alternative: Reserved keyword}
@@ -122 +121 @@
         };
 \end{cfacode}
-
 This mean the compiler can solve problems by injecting code where needed. The downside of this approach is that it makes coroutine a special case in the language. Users who would want to extend coroutines or build their own for various reasons can only do so in ways offered by the language. Furthermore, implementing coroutines without language supports also displays the power of \CFA.
 While this is ultimately the option used for idiomatic \CFA code, coroutines and threads can both be constructed by users without using the language support. The reserved keywords are only present to improve ease of use for the common cases.
@@ -128 +126 @@
 \subsection{Alternative: Lamda Objects}
 
-For coroutines as for threads, many implementations are based on routine pointers or function objects\cit. For example, Boost implements coroutines in terms of four functor object types \code{asymmetric_coroutine<>::pull_type}, \code{asymmetric_coroutine<>::push_type}, \code{symmetric_coroutine<>::call_type}, \code{symmetric_coroutine<>::yield_type}. Often, the canonical threading paradigm in languages is based on function pointers, pthread being one of the most well known example. The main problem of these approach is that the thread usage is limited to a generic handle that must otherwise be wrapped in a custom type. Since the custom type is simple to write and \CFA and solves several issues, added support for routine/lambda based coroutines adds very little.
-
-\subsection{Trait based coroutines}
-
-Finally the underlying approach, which is the one closest to \CFA idioms, is to use trait-based lazy coroutines. This approach defines a coroutine as \say{anything that \say{satisfies the trait \code{is_coroutine} and is used as a coroutine} is a coroutine}. 
+For coroutines as for threads, many implementations are based on routine pointers or function objects\cit. For example, Boost implements coroutines in terms of four functor object types: 
+\begin{cfacode}
+asymmetric_coroutine<>::pull_type
+asymmetric_coroutine<>::push_type
+symmetric_coroutine<>::call_type
+symmetric_coroutine<>::yield_type
+\end{cfacode} 
+Often, the canonical threading paradigm in languages is based on function pointers, pthread being one of the most well known examples. The main problem of this approach is that the thread usage is limited to a generic handle that must otherwise be wrapped in a custom type. Since the custom type is simple to write in \CFA and solves several issues, added support for routine/lambda based coroutines adds very little. 
+
+A variation of this would be to use an simple function pointer in the same way pthread does for threads : 
+\begin{cfacode}
+void foo( coroutine_t cid, void * arg ) {
+        int * value = (int *)arg;
+        //Coroutine body
+}
+
+int main() {
+        int value = 0;
+        coroutine_t cid = coroutine_create( &foo, (void*)&value );
+        coroutine_resume( &cid );
+}
+\end{cfacode}
+This semantic is more common for thread interfaces than coroutines but would work equally well. As discussed in section \ref{threads}, this approach is superseeded by static approaches in terms of expressivity.
+
+\subsection{Alternative: Trait-based coroutines}
+
+Finally the underlying approach, which is the one closest to \CFA idioms, is to use trait-based lazy coroutines. This approach defines a coroutine as anything that satisfies the trait \code{is_coroutine} and is used as a coroutine is a coroutine. 
 
 \begin{cfacode}
@@ -140 +160 @@
 };
 \end{cfacode}
-
-This entails that an object is not a coroutine until \code{resume} (or \code{prime}) is called on the object. Correspondingly, any object that is passed to \code{resume} is a coroutine since it must satisfy the \code{is_coroutine} trait to compile. The advantage of this approach is that users can easily create different types of coroutines, for example, changing the memory foot print of a coroutine is trivial when implementing the \code{get_coroutine} routine. The \CFA keyword \code{coroutine} only has the effect of implementing the getter and forward declarations required for users to only have to implement the main routine. 
+This ensures an object is not a coroutine until \code{resume} (or \code{prime}) is called on the object. Correspondingly, any object that is passed to \code{resume} is a coroutine since it must satisfy the \code{is_coroutine} trait to compile. The advantage of this approach is that users can easily create different types of coroutines, for example, changing the memory foot print of a coroutine is trivial when implementing the \code{get_coroutine} routine. The \CFA keyword \code{coroutine} only has the effect of implementing the getter and forward declarations required for users to only have to implement the main routine. 
+
+\begin{center}
+\begin{tabular}{c c c}
+\begin{cfacode}[tabsize=3]
+coroutine MyCoroutine {
+        int someValue;
+};
+\end{cfacode} & == & \begin{cfacode}[tabsize=3]
+struct MyCoroutine {
+        int someValue;
+        coroutine_desc __cor;
+};
+
+static inline 
+coroutine_desc * get_coroutine( 
+        struct MyCoroutine * this 
+) {
+        return &this->__cor;
+}
+
+void main(struct MyCoroutine * this);
+\end{cfacode}
+\end{tabular}
+\end{center}
+
 
 
 \section{Thread Interface}\label{threads}
-The basic building blocks of multi-threading in \CFA are \glspl{cfathread}. By default these are implemented as \glspl{uthread}, and as such, offer a flexible and lightweight threading interface (lightweight compared to \glspl{kthread}). A thread can be declared using a SUE declaration \code{thread} as follows:
+The basic building blocks of multi-threading in \CFA are \glspl{cfathread}. Both use and kernel threads are supported, where user threads are the concurrency mechanism and kernel threads are the parallel mechanism. User threads offer a flexible and lightweight interface. A thread can be declared using a struct declaration \code{thread} as follows:
 
 \begin{cfacode}
@@ -151 +195 @@
 \end{cfacode}
 
-Like for coroutines, the keyword is a thin wrapper arount a \CFA trait:
+As for coroutines, the keyword is a thin wrapper arount a \CFA trait:
 
 \begin{cfacode}
@@ -170 +214 @@
 \end{cfacode}
 
-In this example, threads of type \code{foo} will start there execution in the \code{void main(foo*)} routine which in this case prints \code{"Hello World!"}. While this proposoal encourages this approach which enforces strongly type programming, users may prefer to use the routine based thread semantics for the sake of simplicity. With these semantics it is trivial to write a thread type that takes a function pointer as parameter and executes it on its stack asynchronously
+In this example, threads of type \code{foo} start execution in the \code{void main(foo*)} routine which prints \code{"Hello World!"}. While this proposoal encourages this approach to enforce strongly-typed programming, users may prefer to use the routine based thread semantics for the sake of simplicity. With these semantics it is trivial to write a thread type that takes a function pointer as parameter and executes it on its stack asynchronously
 \begin{cfacode}
         typedef void (*voidFunc)(void);
@@ -201 +245 @@
 void main() {
         World w;
-        //Thread run forks here
-
-        //Printing "Hello " and "World!" will be run concurrently
+        //Thread forks here
+
+        //Printing "Hello " and "World!" are run concurrently
         sout | "Hello " | endl;
 
@@ -210 +254 @@
 \end{cfacode}
 
-This semantic has several advantages over explicit semantics typesafety is guaranteed, a thread is always started and stopped exaclty once and users cannot make any progamming errors. However, one of the apparent drawbacks of this system is that threads now always form a lattice, that is they are always destroyed in opposite order of construction. While this seems like a significant limitation, existing \CFA semantics can solve this problem. Indeed, using dynamic allocation to create threads will naturally let threads outlive the scope in which the thread was created much like dynamically allocating memory will let objects outlive the scope in which thy were created
+This semantic has several advantages over explicit semantics typesafety is guaranteed, a thread is always started and stopped exaclty once and users cannot make any progamming errors. Another advantage of this semantic is that it naturally scale to multiple threads meaning basic synchronisation is very simple
+
+\begin{cfacode}
+        thread MyThread {
+                //...
+        };
+
+        //main
+        void main(MyThread* this) {
+                //...
+        }
+
+        void foo() {
+                MyThread thrds[10];
+                //Start 10 threads at the beginning of the scope
+
+                DoStuff();
+
+                //Wait for the 10 threads to finish
+        }
+\end{cfacode}
+
+However, one of the apparent drawbacks of this system is that threads now always form a lattice, that is they are always destroyed in opposite order of construction because of block structure. However, storage allocation os not limited to blocks; dynamic allocation can create threads that outlive the scope in which the thread is created much like dynamically allocating memory lets objects outlive the scope in which they are created
 
 \begin{cfacode}
@@ -241 +307 @@
         }
 \end{cfacode}
-
-Another advantage of this semantic is that it naturally scale to multiple threads meaning basic synchronisation is very simple
-
-\begin{cfacode}
-        thread MyThread {
-                //...
-        };
-
-        //main
-        void main(MyThread* this) {
-                //...
-        }
-
-        void foo() {
-                MyThread thrds[10];
-                //Start 10 threads at the beginning of the scope
-
-                DoStuff();
-
-                //Wait for the 10 threads to finish
-        }
-\end{cfacode}

doc/proposals/concurrency/text/concurrency.tex

@@ -4 +4 @@
 % ======================================================================
 % ======================================================================
-Several tool can be used to solve concurrency challenges. Since many of these challenges appear with the use of mutable shared-state, some languages and libraries simply disallow mutable shared-state (Erlang~\cite{Erlang}, Haskell~\cite{Haskell}, Akka (Scala)~\cite{Akka}). In these paradigms, interaction among concurrent objects relies on message passing~\cite{Thoth,Harmony,V-Kernel} or other paradigms that closely relate to networking concepts (channels\cit for example). However, in languages that use routine calls as their core abstraction-mechanism, these approaches force a clear distinction between concurrent and non-concurrent paradigms (i.e., message passing versus routine call). This distinction in turn means that, in order to be effective, programmers need to learn two sets of designs patterns. This distinction can be hidden away in library code, effective use of the librairy still has to take both paradigms into account. Approaches based on shared memory are more closely related to non-concurrent paradigms since they often rely on basic constructs like routine calls and shared objects. At a lower level, non-concurrent paradigms are often implemented as locks and atomic operations. Many such mechanisms have been proposed, including semaphores~\cite{Dijkstra68b} and path expressions~\cite{Campbell74}. However, for productivity reasons it is desireable to have a higher-level construct be the core concurrency paradigm~\cite{HPP:Study}. An approach that is worth mentionning because it is gaining in popularity is transactionnal memory~\cite{Dice10}[Check citation]. While this approach is even pursued by system languages like \CC\cit, the performance and feature set is currently too restrictive to add such a paradigm to a language like C or \CC\cit, which is why it was rejected as the core paradigm for concurrency in \CFA. One of the most natural, elegant, and efficient mechanisms for synchronization and communication, especially for shared memory systems, is the \emph{monitor}. Monitors were first proposed by Brinch Hansen~\cite{Hansen73} and later described and extended by C.A.R.~Hoare~\cite{Hoare74}. Many programming languages---e.g., Concurrent Pascal~\cite{ConcurrentPascal}, Mesa~\cite{Mesa}, Modula~\cite{Modula-2}, Turing~\cite{Turing:old}, Modula-3~\cite{Modula-3}, NeWS~\cite{NeWS}, Emerald~\cite{Emerald}, \uC~\cite{Buhr92a} and Java~\cite{Java}---provide monitors as explicit language constructs. In addition, operating-system kernels and device drivers have a monitor-like structure, although they often use lower-level primitives such as semaphores or locks to simulate monitors. For these reasons, this project proposes monitors as the core concurrency-construct.
+Several tool can be used to solve concurrency challenges. Since many of these challenges appear with the use of mutable shared-state, some languages and libraries simply disallow mutable shared-state (Erlang~\cite{Erlang}, Haskell~\cite{Haskell}, Akka (Scala)~\cite{Akka}). In these paradigms, interaction among concurrent objects relies on message passing~\cite{Thoth,Harmony,V-Kernel} or other paradigms that closely relate to networking concepts (channels\cit for example). However, in languages that use routine calls as their core abstraction-mechanism, these approaches force a clear distinction between concurrent and non-concurrent paradigms (i.e., message passing versus routine call). This distinction in turn means that, in order to be effective, programmers need to learn two sets of designs patterns. While this distinction can be hidden away in library code, effective use of the librairy still has to take both paradigms into account. 
+
+Approaches based on shared memory are more closely related to non-concurrent paradigms since they often rely on basic constructs like routine calls and shared objects. At the lowest level, concurrent paradigms are implemented as atomic operations and locks. Many such mechanisms have been proposed, including semaphores~\cite{Dijkstra68b} and path expressions~\cite{Campbell74}. However, for productivity reasons it is desireable to have a higher-level construct be the core concurrency paradigm~\cite{HPP:Study}. 
+
+An approach that is worth mentionning because it is gaining in popularity is transactionnal memory~\cite{Dice10}[Check citation]. While this approach is even pursued by system languages like \CC\cit, the performance and feature set is currently too restrictive to be the main concurrency paradigm for general purpose language, which is why it was rejected as the core paradigm for concurrency in \CFA. 
+
+One of the most natural, elegant, and efficient mechanisms for synchronization and communication, especially for shared memory systems, is the \emph{monitor}. Monitors were first proposed by Brinch Hansen~\cite{Hansen73} and later described and extended by C.A.R.~Hoare~\cite{Hoare74}. Many programming languages---e.g., Concurrent Pascal~\cite{ConcurrentPascal}, Mesa~\cite{Mesa}, Modula~\cite{Modula-2}, Turing~\cite{Turing:old}, Modula-3~\cite{Modula-3}, NeWS~\cite{NeWS}, Emerald~\cite{Emerald}, \uC~\cite{Buhr92a} and Java~\cite{Java}---provide monitors as explicit language constructs. In addition, operating-system kernels and device drivers have a monitor-like structure, although they often use lower-level primitives such as semaphores or locks to simulate monitors. For these reasons, this project proposes monitors as the core concurrency-construct.
 
 \section{Basics}
-The basic features that concurrency tools neet to offer is support for mutual-exclusion and synchronisation. Mutual-exclusion is the concept that only a fixed number of threads can access a critical section at any given time, where a critical section is the group of instructions on an associated portion of data that requires the limited access. On the other hand, synchronization enforces relative ordering of execution and synchronization tools are used to guarantee that event \textit{X} always happens before \textit{Y}.
+Non-determinism requires concurrent systems to offer support for mutual-exclusion and synchronisation. Mutual-exclusion is the concept that only a fixed number of threads can access a critical section at any given time, where a critical section is a group of instructions on an associated portion of data that requires the restricted access. On the other hand, synchronization enforces relative ordering of execution and synchronization tools numerous mechanisms to establish timing relationships among threads.
 
 \subsection{Mutual-Exclusion}
-As mentionned above, mutual-exclusion is the guarantee that only a fix number of threads can enter a critical section at once. However, many solution exists for mutual exclusion which vary in terms of performance, flexibility and ease of use. Methods range from low level locks, which are fast and flexible but require significant attention to be correct, to  higher level mutual-exclusion methods, which sacrifice some performance in order to improve ease of use. Often by either guaranteeing some problems cannot occur (e.g. being deadlock free) or by offering a more explicit coupling between data and corresponding critical section. For example, the \CC \code{std::atomic<T>} which offer an easy way to express mutual-exclusion on a restricted set of features (.e.g: reading/writing large types atomically). Another challenge with low level locks is composability. Locks are said to not be composable because it takes careful organising for multiple locks to be used and once while preventing deadlocks. Easing composability is another feature higher-level mutual-exclusion mechanisms often offer.
+As mentionned above, mutual-exclusion is the guarantee that only a fix number of threads can enter a critical section at once. However, many solution exists for mutual exclusion which vary in terms of performance, flexibility and ease of use. Methods range from low-level locks, which are fast and flexible but require significant attention to be correct, to  higher-level mutual-exclusion methods, which sacrifice some performance in order to improve ease of use. Ease of use comes by either guaranteeing some problems cannot occur (e.g., being deadlock free) or by offering a more explicit coupling between data and corresponding critical section. For example, the \CC \code{std::atomic<T>} which offer an easy way to express mutual-exclusion on a restricted set of operations (.e.g: reading/writing large types atomically). Another challenge with low-level locks is composability. Locks are not composable because it takes careful organising for multiple locks to be used while preventing deadlocks. Easing composability is another feature higher-level mutual-exclusion mechanisms often offer.
 
 \subsection{Synchronization}
-As for mutual-exclusion, low level synchronisation primitive often offer great performance and good flexibility at the cost of ease of use. Again, higher-level mechanism often simplify usage by adding better coupling between synchronization and data, for example message passing, or offering simple solution to otherwise involved challenges. An example of this is barging. As mentionned above synchronization can be expressed as guaranteeing that event \textit{X} always happens before \textit{Y}. Most of the time synchronisation happens around a critical section, where threads most acquire said critical section in a certain order. However, it may also be desired to be able to guarantee that event \textit{Z} does not occur between \textit{X} and \textit{Y}. This is called barging, where event \textit{X} tries to effect event \textit{Y} but anoter thread races to grab the critical section and emits \textit{Z} before \textit{Y}. Preventing or detecting barging is an involved challenge with low-level locks, which can be made much easier by higher-level constructs.
+As for mutual-exclusion, low level synchronisation primitive often offer good performance and good flexibility at the cost of ease of use. Again, higher-level mechanism often simplify usage by adding better coupling between synchronization and data, .eg., message passing, or offering simple solution to otherwise involved challenges. An example of this is barging. As mentionned above synchronization can be expressed as guaranteeing that event \textit{X} always happens before \textit{Y}. Most of the time synchronisation happens around a critical section, where threads most acquire said critical section in a certain order. However, it may also be desired to be able to guarantee that event \textit{Z} does not occur between \textit{X} and \textit{Y}. This is called barging, where event \textit{X} tries to effect event \textit{Y} but anoter thread races to grab the critical section and emits \textit{Z} before \textit{Y}. Preventing or detecting barging is an involved challenge with low-level locks, which can be made much easier by higher-level constructs.
 
 % ======================================================================
@@ -20 +26 @@
 % ======================================================================
 % ======================================================================
-A monitor is a set of routines that ensure mutual exclusion when accessing shared state. This concept is generally associated with Object-Oriented Languages like Java~\cite{Java} or \uC~\cite{uC++book} but does not strictly require OOP semantics. The only requirements is the ability to declare a handle to a shared object and a set of routines that act on it :
+A monitor is a set of routines that ensure mutual exclusion when accessing shared state. This concept is generally associated with Object-Oriented Languages like Java~\cite{Java} or \uC~\cite{uC++book} but does not strictly require OO semantics. The only requirements is the ability to declare a handle to a shared object and a set of routines that act on it :
 \begin{cfacode}
         typedef /*some monitor type*/ monitor;
@@ -36 +42 @@
 % ======================================================================
 % ======================================================================
-The above monitor example displays some of the intrinsic characteristics. Indeed, it is necessary to use pass-by-reference over pass-by-value for monitor routines. This semantics is important because at their core, monitors are implicit mutual-exclusion objects (locks), and these objects cannot be copied. Therefore, monitors are implicitly non-copyable.
-
-Another aspect to consider is when a monitor acquires its mutual exclusion. For example, a monitor may need to be passed through multiple helper routines that do not acquire the monitor mutual-exclusion on entry. Pass through can be both generic helper routines (\code{swap}, \code{sort}, etc.) or specific helper routines like the following to implement an atomic counter :
+The above monitor example displays some of the intrinsic characteristics. First, it is necessary to use pass-by-reference over pass-by-value for monitor routines. This semantics is important because at their core, monitors are implicit mutual-exclusion objects (locks), and these objects cannot be copied. Therefore, monitors are implicitly non-copyable objects.
+
+Another aspect to consider is when a monitor acquires its mutual exclusion. For example, a monitor may need to be passed through multiple helper routines that do not acquire the monitor mutual-exclusion on entry. Pass through can occur for generic helper routines (\code{swap}, \code{sort}, etc.) or specific helper routines like the following to implement an atomic counter :
 
 \begin{cfacode}
@@ -46 +52 @@
         size_t ++?(counter_t & mutex this); //increment
 
-        //need for mutex is platform dependent here
+        //need for mutex is platform dependent
         void ?{}(size_t * this, counter_t & mutex cnt); //conversion
 \end{cfacode}
@@ -52 +58 @@
 Here, the constructor(\code{?\{\}}) uses the \code{nomutex} keyword to signify that it does not acquire the monitor mutual-exclusion when constructing. This semantics is because an object not yet constructed should never be shared and therefore does not require mutual exclusion. The prefix increment operator uses \code{mutex} to protect the incrementing process from race conditions. Finally, there is a conversion operator from \code{counter_t} to \code{size_t}. This conversion may or may not require the \code{mutex} keyword depending on whether or not reading an \code{size_t} is an atomic operation.
 
-Having both \code{mutex} and \code{nomutex} keywords could be argued to be redundant based on the meaning of a routine having neither of these keywords. For example, given a routine without qualifiers \code{void foo(counter_t & this)} then it is reasonable that it should default to the safest option \code{mutex}. On the other hand, the option of having routine \code{void foo(counter_t & this)} mean \code{nomutex} is unsafe by default and may easily cause subtle errors. In fact \code{nomutex} is the "normal" parameter behaviour, with the \code{nomutex} keyword effectively stating explicitly that "this routine is not special". Another alternative is to make having exactly one of these keywords mandatory, which would provide the same semantics but without the ambiguity of supporting routines neither keyword. Mandatory keywords would also have the added benefit of being self-documented but at the cost of extra typing. While there are several benefits to mandatory keywords, they do bring a few challenges. Mandatory keywords in \CFA would imply that the compiler must know without a doubt wheter or not a parameter is a monitor or not. Since \CFA relies heavily on traits as an abstraction mechanism, the distinction between a type that is a monitor and a type that looks like a monitor can become blurred. For this reason, \CFA only has the \code{mutex} keyword.
+Having both \code{mutex} and \code{nomutex} keywords is redundant based on the meaning of a routine having neither of these keywords. For example, given a routine without qualifiers \code{void foo(counter_t & this)}, then it is reasonable that it should default to the safest option \code{mutex}, whereas assuming \code{nomutex} is unsafe and may cause subtle errors. In fact, \code{nomutex} is the "normal" parameter behaviour, with the \code{nomutex} keyword effectively stating explicitly that "this routine is not special". Another alternative is to make having exactly one of these keywords mandatory, which would provide the same semantics but without the ambiguity of supporting routines neither keyword. Mandatory keywords would also have the added benefit of being self-documented but at the cost of extra typing. While there are several benefits to mandatory keywords, they do bring a few challenges. Mandatory keywords in \CFA would imply that the compiler must know without a doubt wheter or not a parameter is a monitor or not. Since \CFA relies heavily on traits as an abstraction mechanism, the distinction between a type that is a monitor and a type that looks like a monitor can become blurred. For this reason, \CFA only has the \code{mutex} keyword.
 
 
@@ -60 +66 @@
 int f2(const monitor & mutex m);
 int f3(monitor ** mutex m);
-int f4(monitor *[] mutex m);
+int f4(monitor * mutex m []);
 int f5(graph(monitor*) & mutex m);
 \end{cfacode}
@@ -68 +74 @@
 int f1(monitor & mutex m);   //Okay : recommanded case
 int f2(monitor * mutex m);   //Okay : could be an array but probably not
-int f3(monitor [] mutex m);  //Not Okay : Array of unkown length
+int f3(monitor mutex m []);  //Not Okay : Array of unkown length
 int f4(monitor ** mutex m);  //Not Okay : Could be an array
-int f5(monitor *[] mutex m); //Not Okay : Array of unkown length
+int f5(monitor * mutex m []); //Not Okay : Array of unkown length
 \end{cfacode}
 

doc/proposals/concurrency/text/intro.tex

@@ -3 +3 @@
 % ======================================================================
 
-This proposal provides a minimal concurrency API that is simple, efficient and can be reused to build higher-level features. The simplest possible concurrency core is a thread and a lock but this low-level approach is hard to master. An easier approach for users is to support higher-level constructs as the basis of the concurrency in \CFA. Indeed, for highly productive parallel programming, high-level approaches are much more popular~\cite{HPP:Study}. Examples are task based, message passing and implicit threading.
+This proposal provides a minimal concurrency API that is simple, efficient and can be reused to build higher-level features. The simplest possible concurrency system is a thread and a lock but this low-level approach is hard to master. An easier approach for users is to support higher-level constructs as the basis of the concurrency, in \CFA. Indeed, for highly productive parallel programming, high-level approaches are much more popular~\cite{HPP:Study}. Examples are task based, message passing and implicit threading. Therefore a high-level approach is adapted in \CFA
 
-There are actually two problems that need to be solved in the design of concurrency for a programming language: which concurrency tools are available to the users and which parallelism tools are available. While these two concepts are often seen together, they are in fact distinct concepts that require different sorts of tools~\cite{Buhr05a}. Concurrency tools need to handle mutual exclusion and synchronization, while parallelism tools are about performance, cost and resource utilization.
+There are actually two problems that need to be solved in the design of concurrency for a programming language: which concurrency and which parallelism tools are available to the users. While these two concepts are often combined, they are in fact distinct concepts that require different tools~\cite{Buhr05a}. Concurrency tools need to handle mutual exclusion and synchronization, while parallelism tools are about performance, cost and resource utilization.

doc/proposals/concurrency/thesis.tex

@@ -77 +77 @@
 \fancyhf{}
 \cfoot{\thepage}
-\rfoot{v\input{build/version}}
+\rfoot{v\input{version}}
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -94 +94 @@
 
 \input{intro}
+
+\input{cforall}
 
 \input{basics}

doc/user/user.tex

@@ -11 +11 @@
 %% Created On       : Wed Apr  6 14:53:29 2016
 %% Last Modified By : Peter A. Buhr
-%% Last Modified On : Fri Jun  2 10:07:51 2017
-%% Update Count     : 2128
+%% Last Modified On : Fri Jun 16 12:00:01 2017
+%% Update Count     : 2433
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
@@ -43 +43 @@
 \usepackage[pagewise]{lineno}
 \renewcommand{\linenumberfont}{\scriptsize\sffamily}
-\input{common}                                          % bespoke macros used in the document
+\input{common}                                          % common CFA document macros
 \usepackage[dvips,plainpages=false,pdfpagelabels,pdfpagemode=UseNone,colorlinks=true,pagebackref=true,linkcolor=blue,citecolor=blue,urlcolor=blue,pagebackref=true,breaklinks=true]{hyperref}
 \usepackage{breakurl}
@@ -110 +110 @@
 \renewcommand{\subsectionmark}[1]{\markboth{\thesubsection\quad #1}{\thesubsection\quad #1}}
 \pagenumbering{roman}
-\linenumbers                                            % comment out to turn off line numbering
+%\linenumbers                                            % comment out to turn off line numbering
 
 \maketitle
@@ -454 +454 @@
 the type suffixes ©U©, ©L©, etc. may start with an underscore ©1_U©, ©1_ll© or ©1.0E10_f©.
 \end{enumerate}
-It is significantly easier to read and enter long constants when they are broken up into smaller groupings (most cultures use comma or period among digits for the same purpose).
+It is significantly easier to read and enter long constants when they are broken up into smaller groupings (many cultures use comma and/or period among digits for the same purpose).
 This extension is backwards compatible, matches with the use of underscore in variable names, and appears in \Index*{Ada} and \Index*{Java} 8.
 
@@ -464 +464 @@
 \begin{cfa}
 int ®`®otype®`® = 3;                    §\C{// make keyword an identifier}§
-double ®`®choose®`® = 3.5;
-\end{cfa}
-Programs can be converted easily by enclosing keyword identifiers in backquotes, and the backquotes can be removed later when the identifier name is changed to a  non-keyword name.
+double ®`®forall®`® = 3.5;
+\end{cfa}
+Existing C programs with keyword clashes can be converted by enclosing keyword identifiers in backquotes, and eventually the identifier name can be changed to a non-keyword name.
 \VRef[Figure]{f:InterpositionHeaderFile} shows how clashes in C header files (see~\VRef{s:StandardHeaders}) can be handled using preprocessor \newterm{interposition}: ©#include_next© and ©-I filename©:
 
@@ -473 +473 @@
 // include file uses the CFA keyword "otype".
 #if ! defined( otype )                  §\C{// nesting ?}§
-#define otype `otype`
+#define otype ®`®otype®`®               §\C{// make keyword an identifier}§
 #define __CFA_BFD_H__
 #endif // ! otype
@@ -497 +497 @@
 \begin{tabular}{@{}ll@{}}
 \begin{cfa}
-int *x[5]
+int * x[5]
 \end{cfa}
 &
@@ -508 +508 @@
 For example, a routine returning a \Index{pointer} to an array of integers is defined and used in the following way:
 \begin{cfa}
-int (*f())[5] {...};                    §\C{}§
-... (*f())[3] += 1;
+int ®(*®f®())[®5®]® {...};                              §\C{definition}§
+ ... ®(*®f®())[®3®]® += 1;                              §\C{usage}§
 \end{cfa}
 Essentially, the return type is wrapped around the routine name in successive layers (like an \Index{onion}).
@@ -516 +516 @@
 \CFA provides its own type, variable and routine declarations, using a different syntax.
 The new declarations place qualifiers to the left of the base type, while C declarations place qualifiers to the right of the base type.
-In the following example, \R{red} is for the base type and \B{blue} is for the qualifiers.
+In the following example, \R{red} is the base type and \B{blue} is qualifiers.
 The \CFA declarations move the qualifiers to the left of the base type, \ie move the blue to the left of the red, while the qualifiers have the same meaning but are ordered left to right to specify a variable's type.
 \begin{quote2}
@@ -534 +534 @@
 \end{tabular}
 \end{quote2}
-The only exception is bit field specification, which always appear to the right of the base type.
+The only exception is \Index{bit field} specification, which always appear to the right of the base type.
 % Specifically, the character ©*© is used to indicate a pointer, square brackets ©[©\,©]© are used to represent an array or function return value, and parentheses ©()© are used to indicate a routine parameter.
 However, unlike C, \CFA type declaration tokens are distributed across all variables in the declaration list.
@@ -583 +583 @@
 \begin{cfa}
 int z[ 5 ];
-char *w[ 5 ];
-double (*v)[ 5 ];
+char * w[ 5 ];
+double (* v)[ 5 ];
 struct s {
         int f0:3;
-        int *f1;
-        int *f2[ 5 ]
+        int * f1;
+        int * f2[ 5 ]
 };
 \end{cfa}
@@ -637 +637 @@
 \begin{cfa}
 int extern x[ 5 ];
-const int static *y;
+const int static * y;
 \end{cfa}
 &
@@ -658 +658 @@
 \begin{cfa}
 y = (®int *®)x;
-i = sizeof(®int *[ 5 ]®);
+i = sizeof(®int * [ 5 ]®);
 \end{cfa}
 \end{tabular}
@@ -672 +672 @@
 C provides a \newterm{pointer type};
 \CFA adds a \newterm{reference type}.
-These types may be derived from a object or routine type, called the \newterm{referenced type}.
+These types may be derived from an object or routine type, called the \newterm{referenced type}.
 Objects of these types contain an \newterm{address}, which is normally a location in memory, but may also address memory-mapped registers in hardware devices.
 An integer constant expression with the value 0, or such an expression cast to type ©void *©, is called a \newterm{null-pointer constant}.\footnote{
@@ -729 +729 @@
 
 A \Index{pointer}/\Index{reference} object is a generalization of an object variable-name, \ie a mutable address that can point to more than one memory location during its lifetime.
-(Similarly, an integer variable can contain multiple integer literals during its lifetime versus an integer constant representing a single literal during its lifetime, and like a variable name, may not occupy storage as the literal is embedded directly into instructions.)
+(Similarly, an integer variable can contain multiple integer literals during its lifetime versus an integer constant representing a single literal during its lifetime, and like a variable name, may not occupy storage if the literal is embedded directly into instructions.)
 Hence, a pointer occupies memory to store its current address, and the pointer's value is loaded by dereferencing, \eg:
 \begin{quote2}
@@ -758 +758 @@
 \begin{cfa}
 p1 = p2;                                                §\C{// p1 = p2\ \ rather than\ \ *p1 = *p2}§
-p2 = p1 + x;                                    §\C{// p2 = p1 + x\ \ rather than\ \ *p1 = *p1 + x}§
+p2 = p1 + x;                                    §\C{// p2 = p1 + x\ \ rather than\ \ *p2 = *p1 + x}§
 \end{cfa}
 even though the assignment to ©p2© is likely incorrect, and the programmer probably meant:
@@ -765 +765 @@
 ®*®p2 = ®*®p1 + x;                              §\C{// pointed-to value assignment / operation}§
 \end{cfa}
-The C semantics works well for situations where manipulation of addresses is the primary meaning and data is rarely accessed, such as storage management (©malloc©/©free©).
+The C semantics work well for situations where manipulation of addresses is the primary meaning and data is rarely accessed, such as storage management (©malloc©/©free©).
 
 However, in most other situations, the pointed-to value is requested more often than the pointer address.
@@ -799 +799 @@
 For a \CFA reference type, the cancellation on the left-hand side of assignment leaves the reference as an address (\Index{lvalue}):
 \begin{cfa}
-(&®*®)r1 = &x;                                  §\C{// (\&*) cancel giving address of r1 not variable pointed-to by r1}§
+(&®*®)r1 = &x;                                  §\C{// (\&*) cancel giving address in r1 not variable pointed-to by r1}§
 \end{cfa}
 Similarly, the address of a reference can be obtained for assignment or computation (\Index{rvalue}):
 \begin{cfa}
-(&(&®*®)®*®)r3 = &(&®*®)r2;             §\C{// (\&*) cancel giving address of r2, (\&(\&*)*) cancel giving address of r3}§
+(&(&®*®)®*®)r3 = &(&®*®)r2;             §\C{// (\&*) cancel giving address in r2, (\&(\&*)*) cancel giving address in r3}§
 \end{cfa}
 Cancellation\index{cancellation!pointer/reference}\index{pointer!cancellation} works to arbitrary depth.
@@ -824 +824 @@
 As for a pointer type, a reference type may have qualifiers:
 \begin{cfa}
-const int cx = 5;                               §\C{// cannot change cx;}§
-const int & cr = cx;                    §\C{// cannot change what cr points to}§
-®&®cr = &cx;                                    §\C{// can change cr}§
-cr = 7;                                                 §\C{// error, cannot change cx}§
-int & const rc = x;                             §\C{// must be initialized}§
-®&®rc = &x;                                             §\C{// error, cannot change rc}§
-const int & const crc = cx;             §\C{// must be initialized}§
-crc = 7;                                                §\C{// error, cannot change cx}§
-®&®crc = &cx;                                   §\C{// error, cannot change crc}§
-\end{cfa}
-Hence, for type ©& const©, there is no pointer assignment, so ©&rc = &x© is disallowed, and \emph{the address value cannot be the null pointer unless an arbitrary pointer is coerced into the reference}:
-\begin{cfa}
-int & const cr = *0;                    §\C{// where 0 is the int * zero}§
-\end{cfa}
-Note, constant reference-types do not prevent addressing errors because of explicit storage-management:
+const int cx = 5;                                       §\C{// cannot change cx;}§
+const int & cr = cx;                            §\C{// cannot change what cr points to}§
+®&®cr = &cx;                                            §\C{// can change cr}§
+cr = 7;                                                         §\C{// error, cannot change cx}§
+int & const rc = x;                                     §\C{// must be initialized}§
+®&®rc = &x;                                                     §\C{// error, cannot change rc}§
+const int & const crc = cx;                     §\C{// must be initialized}§
+crc = 7;                                                        §\C{// error, cannot change cx}§
+®&®crc = &cx;                                           §\C{// error, cannot change crc}§
+\end{cfa}
+Hence, for type ©& const©, there is no pointer assignment, so ©&rc = &x© is disallowed, and \emph{the address value cannot be the null pointer unless an arbitrary pointer is coerced\index{coercion} into the reference}:
+\begin{cfa}
+int & const cr = *0;                            §\C{// where 0 is the int * zero}§
+\end{cfa}
+Note, constant reference-types do not prevent \Index{addressing errors} because of explicit storage-management:
 \begin{cfa}
 int & const cr = *malloc();
 cr = 5;
-delete &cr;
-cr = 7;                                                 §\C{// unsound pointer dereference}§
-\end{cfa}
-
-Finally, the position of the ©const© qualifier \emph{after} the pointer/reference qualifier causes confuse for C programmers.
+free( &cr );
+cr = 7;                                                         §\C{// unsound pointer dereference}§
+\end{cfa}
+
+The position of the ©const© qualifier \emph{after} the pointer/reference qualifier causes confuse for C programmers.
 The ©const© qualifier cannot be moved before the pointer/reference qualifier for C style-declarations;
-\CFA-style declarations attempt to address this issue:
+\CFA-style declarations (see \VRef{s:Declarations}) attempt to address this issue:
 \begin{quote2}
 \begin{tabular}{@{}l@{\hspace{3em}}l@{}}
@@ -863 +863 @@
 \end{tabular}
 \end{quote2}
-where the \CFA declaration is read left-to-right (see \VRef{s:Declarations}).
+where the \CFA declaration is read left-to-right.
+
+Finally, like pointers, references are usable and composable with other type operators and generators.
+\begin{cfa}
+int w, x, y, z, & ar[3] = { x, y, z }; §\C{// initialize array of references}§
+&ar[1] = &w;                                            §\C{// change reference array element}§
+typeof( ar[1] ) p;                                      §\C{// (gcc) is int, i.e., the type of referenced object}§
+typeof( &ar[1] ) q;                                     §\C{// (gcc) is int \&, i.e., the type of reference}§
+sizeof( ar[1] ) == sizeof( int );       §\C{// is true, i.e., the size of referenced object}§
+sizeof( &ar[1] ) == sizeof( int *)      §\C{// is true, i.e., the size of a reference}§
+\end{cfa}
 
 In contrast to \CFA reference types, \Index*[C++]{\CC{}}'s reference types are all ©const© references, preventing changes to the reference address, so only value assignment is possible, which eliminates half of the \Index{address duality}.
+Also, \CC does not allow \Index{array}s\index{array!reference} of reference\footnote{
+The reason for disallowing arrays of reference is unknown, but possibly comes from references being ethereal (like a textual macro), and hence, replaceable by the referant object.}
 \Index*{Java}'s reference types to objects (all Java objects are on the heap) are like C pointers, which always manipulate the address, and there is no (bit-wise) object assignment, so objects are explicitly cloned by shallow or deep copying, which eliminates half of the address duality.
+
+
+\subsection{Initialization}
 
 \Index{Initialization} is different than \Index{assignment} because initialization occurs on the empty (uninitialized) storage on an object, while assignment occurs on possibly initialized storage of an object.
@@ -872 +887 @@
 Because the object being initialized has no value, there is only one meaningful semantics with respect to address duality: it must mean address as there is no pointed-to value.
 In contrast, the left-hand side of assignment has an address that has a duality.
-Therefore, for pointer/reference initialization, the initializing value must be an address (\Index{lvalue}) not a value (\Index{rvalue}).
-\begin{cfa}
-int * p = &x;                           §\C{// must have address of x}§
-int & r = x;                            §\C{// must have address of x}§
-\end{cfa}
-Therefore, it is superfluous to require explicitly taking the address of the initialization object, even though the type is incorrect.
-Hence, \CFA allows ©r© to be assigned ©x© because it infers a reference for ©x©, by implicitly inserting a address-of operator, ©&©, and it is an error to put an ©&© because the types no longer match.
-Unfortunately, C allows ©p© to be assigned with ©&x© or ©x©, by value, but most compilers warn about the latter assignment as being potentially incorrect.
-(\CFA extends pointer initialization so a variable name is automatically referenced, eliminating the unsafe assignment.)
+Therefore, for pointer/reference initialization, the initializing value must be an address not a value.
+\begin{cfa}
+int * p = &x;                                           §\C{// assign address of x}§
+®int * p = x;®                                          §\C{// assign value of x}§
+int & r = x;                                            §\C{// must have address of x}§
+\end{cfa}
+Like the previous example with C pointer-arithmetic, it is unlikely assigning the value of ©x© into a pointer is meaningful (again, a warning is usually given).
+Therefore, for safety, this context requires an address, so it is superfluous to require explicitly taking the address of the initialization object, even though the type is incorrect.
+Note, this is strictly a convenience and safety feature for a programmer.
+Hence, \CFA allows ©r© to be assigned ©x© because it infers a reference for ©x©, by implicitly inserting a address-of operator, ©&©, and it is an error to put an ©&© because the types no longer match due to the implicit dereference.
+Unfortunately, C allows ©p© to be assigned with ©&x© (address) or ©x© (value), but most compilers warn about the latter assignment as being potentially incorrect.
 Similarly, when a reference type is used for a parameter/return type, the call-site argument does not require a reference operator for the same reason.
 \begin{cfa}
-int & f( int & r );                             §\C{// reference parameter and return}§
-z = f( x ) + f( y );                    §\C{// reference operator added, temporaries needed for call results}§
+int & f( int & r );                                     §\C{// reference parameter and return}§
+z = f( x ) + f( y );                            §\C{// reference operator added, temporaries needed for call results}§
 \end{cfa}
 Within routine ©f©, it is possible to change the argument by changing the corresponding parameter, and parameter ©r© can be locally reassigned within ©f©.
@@ -892 +909 @@
 z = temp1 + temp2;
 \end{cfa}
-This implicit referencing is crucial for reducing the syntactic burden for programmers when using references;
+This \Index{implicit referencing} is crucial for reducing the syntactic burden for programmers when using references;
 otherwise references have the same syntactic  burden as pointers in these contexts.
 
@@ -899 +916 @@
 void f( ®const® int & cr );
 void g( ®const® int * cp );
-f( 3 );                   g( &3 );
-f( x + y );             g( &(x + y) );
+f( 3 );                   g( ®&®3 );
+f( x + y );             g( ®&®(x + y) );
 \end{cfa}
 Here, the compiler passes the address to the literal 3 or the temporary for the expression ©x + y©, knowing the argument cannot be changed through the parameter.
-(The ©&© is necessary for the pointer-type parameter to make the types match, and is a common requirement for a C programmer.)
+The ©&© before the constant/expression for the pointer-type parameter (©g©) is a \CFA extension necessary to type match and is a common requirement before a variable in C (\eg ©scanf©).
+Importantly, ©&3© may not be equal to ©&3©, where the references occur across calls because the temporaries maybe different on each call.
+
 \CFA \emph{extends} this semantics to a mutable pointer/reference parameter, and the compiler implicitly creates the necessary temporary (copying the argument), which is subsequently pointed-to by the reference parameter and can be changed.\footnote{
 If whole program analysis is possible, and shows the parameter is not assigned, \ie it is ©const©, the temporary is unnecessary.}
@@ -909 +928 @@
 void f( int & r );
 void g( int * p );
-f( 3 );                   g( &3 );              §\C{// compiler implicit generates temporaries}§
-f( x + y );             g( &(x + y) );  §\C{// compiler implicit generates temporaries}§
+f( 3 );                   g( ®&®3 );            §\C{// compiler implicit generates temporaries}§
+f( x + y );             g( ®&®(x + y) );        §\C{// compiler implicit generates temporaries}§
 \end{cfa}
 Essentially, there is an implicit \Index{rvalue} to \Index{lvalue} conversion in this case.\footnote{
@@ -917 +936 @@
 
 %\CFA attempts to handle pointers and references in a uniform, symmetric manner.
-However, C handles routine objects in an inconsistent way.
-A routine object is both a pointer and a reference (particle and wave).
+Finally, C handles \Index{routine object}s in an inconsistent way.
+A routine object is both a pointer and a reference (\Index{particle and wave}).
 \begin{cfa}
 void f( int i );
-void (*fp)( int );
-fp = f;                                                 §\C{// reference initialization}§
-fp = &f;                                                §\C{// pointer initialization}§
-fp = *f;                                                §\C{// reference initialization}§
-fp(3);                                                  §\C{// reference invocation}§
-(*fp)(3);                                               §\C{// pointer invocation}§
-\end{cfa}
-A routine object is best described by a ©const© reference:
-\begin{cfa}
-const void (&fr)( int ) = f;
-fr = ...                                                §\C{// error, cannot change code}§
-&fr = ...;                                              §\C{// changing routine reference}§
-fr( 3 );                                                §\C{// reference call to f}§
-(*fr)(3);                                               §\C{// error, incorrect type}§
+void (*fp)( int );                                      §\C{// routine pointer}§
+fp = f;                                                         §\C{// reference initialization}§
+fp = &f;                                                        §\C{// pointer initialization}§
+fp = *f;                                                        §\C{// reference initialization}§
+fp(3);                                                          §\C{// reference invocation}§
+(*fp)(3);                                                       §\C{// pointer invocation}§
+\end{cfa}
+While C's treatment of routine objects has similarity to inferring a reference type in initialization contexts, the examples are assignment not initialization, and all possible forms of assignment are possible (©f©, ©&f©, ©*f©) without regard for type.
+Instead, a routine object should be referenced by a ©const© reference:
+\begin{cfa}
+®const® void (®&® fr)( int ) = f;       §\C{// routine reference}§
+fr = ...                                                        §\C{// error, cannot change code}§
+&fr = ...;                                                      §\C{// changing routine reference}§
+fr( 3 );                                                        §\C{// reference call to f}§
+(*fr)(3);                                                       §\C{// error, incorrect type}§
 \end{cfa}
 because the value of the routine object is a routine literal, \ie the routine code is normally immutable during execution.\footnote{
@@ -940 +960 @@
 \CFA allows this additional use of references for routine objects in an attempt to give a more consistent meaning for them.
 
-This situation is different from inferring with reference type being used ...
-
+
+\subsection{Address-of Semantics}
+
+In C, ©&E© is an rvalue for any expression ©E©.
+\CFA extends the ©&© (address-of) operator as follows:
+\begin{itemize}
+\item
+if ©R© is an \Index{rvalue} of type ©T &$_1$...&$_r$© where $r \ge 1$ references (©&© symbols) than ©&R© has type ©T ®*®&$_{\color{red}2}$...&$_{\color{red}r}$©, \ie ©T© pointer with $r-1$ references (©&© symbols).
+
+\item
+if ©L© is an \Index{lvalue} of type ©T &$_1$...&$_l$© where $l \ge 0$ references (©&© symbols) then ©&L© has type ©T ®*®&$_{\color{red}1}$...&$_{\color{red}l}$©, \ie ©T© pointer with $l$ references (©&© symbols).
+\end{itemize}
+The following example shows the first rule applied to different \Index{rvalue} contexts:
+\begin{cfa}
+int x, * px, ** ppx, *** pppx, **** ppppx;
+int & rx = x, && rrx = rx, &&& rrrx = rrx ;
+x = rrrx;               // rrrx is an lvalue with type int &&& (equivalent to x)
+px = &rrrx;             // starting from rrrx, &rrrx is an rvalue with type int *&&& (&x)
+ppx = &&rrrx;   // starting from &rrrx, &&rrrx is an rvalue with type int **&& (&rx)
+pppx = &&&rrrx; // starting from &&rrrx, &&&rrrx is an rvalue with type int ***& (&rrx)
+ppppx = &&&&rrrx; // starting from &&&rrrx, &&&&rrrx is an rvalue with type int **** (&rrrx)
+\end{cfa}
+The following example shows the second rule applied to different \Index{lvalue} contexts:
+\begin{cfa}
+int x, * px, ** ppx, *** pppx;
+int & rx = x, && rrx = rx, &&& rrrx = rrx ;
+rrrx = 2;               // rrrx is an lvalue with type int &&& (equivalent to x)
+&rrrx = px;             // starting from rrrx, &rrrx is an rvalue with type int *&&& (rx)
+&&rrrx = ppx;   // starting from &rrrx, &&rrrx is an rvalue with type int **&& (rrx)
+&&&rrrx = pppx; // starting from &&rrrx, &&&rrrx is an rvalue with type int ***& (rrrx)
+\end{cfa}
+
+
+\subsection{Conversions}
+
+C provides a basic implicit conversion to simplify variable usage:
+\begin{enumerate}
+\setcounter{enumi}{-1}
+\item
+lvalue to rvalue conversion: ©cv T© converts to ©T©, which allows implicit variable dereferencing.
+\begin{cfa}
+int x;
+x + 1;                  // lvalue variable (int) converts to rvalue for expression
+\end{cfa}
+An rvalue has no type qualifiers (©cv©), so the lvalue qualifiers are dropped.
+\end{enumerate}
+\CFA provides three new implicit conversion for reference types to simplify reference usage.
+\begin{enumerate}
+\item
+reference to rvalue conversion: ©cv T &© converts to ©T©, which allows implicit reference dereferencing.
+\begin{cfa}
+int x, &r = x, f( int p );
+x = ®r® + f( ®r® );  // lvalue reference converts to rvalue
+\end{cfa}
+An rvalue has no type qualifiers (©cv©), so the reference qualifiers are dropped.
+
+\item
+lvalue to reference conversion: \lstinline[deletekeywords={lvalue}]@lvalue-type cv1 T@ converts to ©cv2 T &©, which allows implicitly converting variables to references.
+\begin{cfa}
+int x, &r = ®x®, f( int & p ); // lvalue variable (int) convert to reference (int &)
+f( ®x® );               // lvalue variable (int) convert to reference (int &)
+\end{cfa}
+Conversion can restrict a type, where ©cv1© $\le$ ©cv2©, \eg passing an ©int© to a ©const volatile int &©, which has low cost.
+Conversion can expand a type, where ©cv1© $>$ ©cv2©, \eg passing a ©const volatile int© to an ©int &©, which has high cost (\Index{warning});
+furthermore, if ©cv1© has ©const© but not ©cv2©, a temporary variable is created to preserve the immutable lvalue.
+
+\item
+rvalue to reference conversion: ©T© converts to ©cv T &©, which allows binding references to temporaries.
+\begin{cfa}
+int x, & f( int & p );
+f( ®x + 3® );   // rvalue parameter (int) implicitly converts to lvalue temporary reference (int &)
+®&f®(...) = &x; // rvalue result (int &) implicitly converts to lvalue temporary reference (int &)
+\end{cfa}
+In both case, modifications to the temporary are inaccessible (\Index{warning}).
+Conversion expands the temporary-type with ©cv©, which is low cost since the temporary is inaccessible.
+\end{enumerate}
 
 
 \begin{comment}
-\section{References}
-
-By introducing references in parameter types, users are given an easy way to pass a value by reference, without the need for NULL pointer checks.
-In structures, a reference can replace a pointer to an object that should always have a valid value.
-When a structure contains a reference, all of its constructors must initialize the reference and all instances of this structure must initialize it upon definition.
-
-The syntax for using references in \CFA is the same as \CC with the exception of reference initialization.
-Use ©&© to specify a reference, and access references just like regular objects, not like pointers (use dot notation to access fields).
-When initializing a reference, \CFA uses a different syntax which differentiates reference initialization from assignment to a reference.
-The ©&© is used on both sides of the expression to clarify that the address of the reference is being set to the address of the variable to which it refers.
-
-
 From: Richard Bilson <rcbilson@gmail.com>
 Date: Wed, 13 Jul 2016 01:58:58 +0000
@@ -1118 +1200 @@
 \section{Routine Definition}
 
-\CFA also supports a new syntax for routine definition, as well as ISO C and K\&R routine syntax.
+\CFA also supports a new syntax for routine definition, as well as \Celeven and K\&R routine syntax.
 The point of the new syntax is to allow returning multiple values from a routine~\cite{Galletly96,CLU}, \eg:
 \begin{cfa}
@@ -1138 +1220 @@
 in both cases the type is assumed to be void as opposed to old style C defaults of int return type and unknown parameter types, respectively, as in:
 \begin{cfa}
-[§\,§] g();                                             §\C{// no input or output parameters}§
-[ void ] g( void );                             §\C{// no input or output parameters}§
+[§\,§] g();                                                     §\C{// no input or output parameters}§
+[ void ] g( void );                                     §\C{// no input or output parameters}§
 \end{cfa}
 
@@ -1157 +1239 @@
 \begin{cfa}
 typedef int foo;
-int f( int (* foo) );                   §\C{// foo is redefined as a parameter name}§
+int f( int (* foo) );                           §\C{// foo is redefined as a parameter name}§
 \end{cfa}
 The string ``©int (* foo)©'' declares a C-style named-parameter of type pointer to an integer (the parenthesis are superfluous), while the same string declares a \CFA style unnamed parameter of type routine returning integer with unnamed parameter of type pointer to foo.
@@ -1165 +1247 @@
 C-style declarations can be used to declare parameters for \CFA style routine definitions, \eg:
 \begin{cfa}
-[ int ] f( * int, int * );              §\C{// returns an integer, accepts 2 pointers to integers}§
-[ * int, int * ] f( int );              §\C{// returns 2 pointers to integers, accepts an integer}§
+[ int ] f( * int, int * );                      §\C{// returns an integer, accepts 2 pointers to integers}§
+[ * int, int * ] f( int );                      §\C{// returns 2 pointers to integers, accepts an integer}§
 \end{cfa}
 The reason for allowing both declaration styles in the new context is for backwards compatibility with existing preprocessor macros that generate C-style declaration-syntax, as in:
 \begin{cfa}
 #define ptoa( n, d ) int (*n)[ d ]
-int f( ptoa( p, 5 ) ) ...               §\C{// expands to int f( int (*p)[ 5 ] )}§
-[ int ] f( ptoa( p, 5 ) ) ...   §\C{// expands to [ int ] f( int (*p)[ 5 ] )}§
+int f( ptoa( p, 5 ) ) ...                       §\C{// expands to int f( int (*p)[ 5 ] )}§
+[ int ] f( ptoa( p, 5 ) ) ...           §\C{// expands to [ int ] f( int (*p)[ 5 ] )}§
 \end{cfa}
 Again, programmers are highly encouraged to use one declaration form or the other, rather than mixing the forms.
@@ -1194 +1276 @@
         int z;
         ... x = 0; ... y = z; ...
-        ®return;® §\C{// implicitly return x, y}§
+        ®return;®                                                       §\C{// implicitly return x, y}§
 }
 \end{cfa}
@@ -1204 +1286 @@
 [ int x, int y ] f() {
         ...
-} §\C{// implicitly return x, y}§
+}                                                                               §\C{// implicitly return x, y}§
 \end{cfa}
 In this case, the current values of ©x© and ©y© are returned to the calling routine just as if a ©return© had been encountered.
+
+Named return values may be used in conjunction with named parameter values;
+specifically, a return and parameter can have the same name.
+\begin{cfa}
+[ int x, int y ] f( int, x, int y ) {
+        ...
+}                                                                               §\C{// implicitly return x, y}§
+\end{cfa}
+This notation allows the compiler to eliminate temporary variables in nested routine calls.
+\begin{cfa}
+[ int x, int y ] f( int, x, int y );    §\C{// prototype declaration}§
+int a, b;
+[a, b] = f( f( f( a, b ) ) );
+\end{cfa}
+While the compiler normally ignores parameters names in prototype declarations, here they are used to eliminate temporary return-values by inferring that the results of each call are the inputs of the next call, and ultimately, the left-hand side of the assignment.
+Hence, even without the body of routine ©f© (separate compilation), it is possible to perform a global optimization across routine calls.
+The compiler warns about naming inconsistencies between routine prototype and definition in this case, and behaviour is \Index{undefined} if the programmer is inconsistent.
 
 
@@ -1214 +1313 @@
 as well, parameter names are optional, \eg:
 \begin{cfa}
-[ int x ] f ();                                 §\C{// returning int with no parameters}§
-[ * int ] g (int y);                    §\C{// returning pointer to int with int parameter}§
-[ ] h (int,char);                               §\C{// returning no result with int and char parameters}§
-[ * int,int ] j (int);                  §\C{// returning pointer to int and int, with int parameter}§
+[ int x ] f ();                                                 §\C{// returning int with no parameters}§
+[ * int ] g (int y);                                    §\C{// returning pointer to int with int parameter}§
+[ ] h ( int, char );                                    §\C{// returning no result with int and char parameters}§
+[ * int, int ] j ( int );                               §\C{// returning pointer to int and int, with int parameter}§
 \end{cfa}
 This syntax allows a prototype declaration to be created by cutting and pasting source text from the routine definition header (or vice versa).
@@ -1225 +1324 @@
 \multicolumn{1}{c@{\hspace{3em}}}{\textbf{\CFA}}        & \multicolumn{1}{c}{\textbf{C}}        \\
 \begin{cfa}
-[ int ] f(int), g;
+[ int ] f( int ), g;
 \end{cfa}
 &
 \begin{cfa}
-int f(int), g(int);
+int f( int ), g( int );
 \end{cfa}
 \end{tabular}
@@ -1235 +1334 @@
 Declaration qualifiers can only appear at the start of a \CFA routine declaration,\footref{StorageClassSpecifier} \eg:
 \begin{cfa}
-extern [ int ] f (int);
-static [ int ] g (int);
+extern [ int ] f ( int );
+static [ int ] g ( int );
 \end{cfa}
 
@@ -1244 +1343 @@
 The syntax for pointers to \CFA routines specifies the pointer name on the right, \eg:
 \begin{cfa}
-* [ int x ] () fp;                      §\C{// pointer to routine returning int with no parameters}§
-* [ * int ] (int y) gp;         §\C{// pointer to routine returning pointer to int with int parameter}§
-* [ ] (int,char) hp;            §\C{// pointer to routine returning no result with int and char parameters}§
-* [ * int,int ] (int) jp;       §\C{// pointer to routine returning pointer to int and int, with int parameter}§
+* [ int x ] () fp;                                              §\C{// pointer to routine returning int with no parameters}§
+* [ * int ] (int y) gp;                                 §\C{// pointer to routine returning pointer to int with int parameter}§
+* [ ] (int,char) hp;                                    §\C{// pointer to routine returning no result with int and char parameters}§
+* [ * int,int ] ( int ) jp;                             §\C{// pointer to routine returning pointer to int and int, with int parameter}§
 \end{cfa}
 While parameter names are optional, \emph{a routine name cannot be specified};
 for example, the following is incorrect:
 \begin{cfa}
-* [ int x ] f () fp;            §\C{// routine name "f" is not allowed}§
+* [ int x ] f () fp;                                    §\C{// routine name "f" is not allowed}§
 \end{cfa}
 
@@ -1258 +1357 @@
 \section{Named and Default Arguments}
 
-Named and default arguments~\cite{Hardgrave76}\footnote{
+Named\index{named arguments}\index{arguments!named} and default\index{default arguments}\index{arguments!default} arguments~\cite{Hardgrave76}\footnote{
 Francez~\cite{Francez77} proposed a further extension to the named-parameter passing style, which specifies what type of communication (by value, by reference, by name) the argument is passed to the routine.}
 are two mechanisms to simplify routine call.
@@ -1439 +1538 @@
         int ;                                   §\C{// disallowed, unnamed field}§
         int *;                                  §\C{// disallowed, unnamed field}§
-        int (*)(int);                   §\C{// disallowed, unnamed field}§
+        int (*)( int );                 §\C{// disallowed, unnamed field}§
 };
 \end{cfa}
@@ -1562 +1661 @@
 }
 int main() {
-        * [int](int) fp = foo();        §\C{// int (*fp)(int)}§
+        * [int]( int ) fp = foo();      §\C{// int (*fp)( int )}§
         sout | fp( 3 ) | endl;
 }
@@ -2683 +2782 @@
 
 
-\subsection{Constructors and Destructors}
+\section{Constructors and Destructors}
 
 \CFA supports C initialization of structures, but it also adds constructors for more advanced initialization.
@@ -3014 +3113 @@
 
 
+\begin{comment}
 \section{Generics}
 
@@ -3220 +3320 @@
         }
 \end{cfa}
+\end{comment}
 
 
@@ -3279 +3380 @@
         Complex *p3 = new(0.5, 1.0); // allocate + 2 param constructor
 }
-
 \end{cfa}
 
@@ -3291 +3391 @@
 
 
+\begin{comment}
 \subsection{Unsafe C Constructs}
 
@@ -3301 +3402 @@
 The exact set of unsafe C constructs that will be disallowed in \CFA has not yet been decided, but is sure to include pointer arithmetic, pointer casting, etc.
 Once the full set is decided, the rules will be listed here.
+\end{comment}
 
 
 \section{Concurrency}
-
-Today's processors for nearly all use cases, ranging from embedded systems to large cloud computing servers, are composed of multiple cores, often heterogeneous.
-As machines grow in complexity, it becomes more difficult for a program to make the most use of the hardware available.
-\CFA includes built-in concurrency features to enable high performance and improve programmer productivity on these multi-/many-core machines.
 
 Concurrency support in \CFA is implemented on top of a highly efficient runtime system of light-weight, M:N, user level threads.
@@ -3314 +3412 @@
 This enables a very familiar interface to all programmers, even those with no parallel programming experience.
 It also allows the compiler to do static type checking of all communication, a very important safety feature.
-This controlled communication with type safety has some similarities with channels in \Index*{Go}, and can actually implement
-channels exactly, as well as create additional communication patterns that channels cannot.
+This controlled communication with type safety has some similarities with channels in \Index*{Go}, and can actually implement channels exactly, as well as create additional communication patterns that channels cannot.
 Mutex objects, monitors, are used to contain mutual exclusion within an object and synchronization across concurrent threads.
 
-Three new keywords are added to support these features:
-
-monitor creates a structure with implicit locking when accessing fields
-
-mutex implies use of a monitor requiring the implicit locking
-
-task creates a type with implicit locking, separate stack, and a thread
+\begin{figure}
+\begin{cfa}
+#include <fstream>
+#include <coroutine>
+
+coroutine Fibonacci {
+        int fn;                                                         §\C{// used for communication}§
+};
+void ?{}( Fibonacci * this ) {
+        this->fn = 0;
+}
+void main( Fibonacci * this ) {
+        int fn1, fn2;                                           §\C{// retained between resumes}§
+        this->fn = 0;                                           §\C{// case 0}§
+        fn1 = this->fn;
+        suspend();                                                      §\C{// return to last resume}§
+
+        this->fn = 1;                                           §\C{// case 1}§
+        fn2 = fn1;
+        fn1 = this->fn;
+        suspend();                                                      §\C{// return to last resume}§
+
+        for ( ;; ) {                                            §\C{// general case}§
+                this->fn = fn1 + fn2;
+                fn2 = fn1;
+                fn1 = this->fn;
+                suspend();                                              §\C{// return to last resume}§
+        } // for
+}
+int next( Fibonacci * this ) {
+        resume( this );                                         §\C{// transfer to last suspend}§
+        return this->fn;
+}
+int main() {
+        Fibonacci f1, f2;
+        for ( int i = 1; i <= 10; i += 1 ) {
+                sout | next( &f1 ) | ' ' | next( &f2 ) | endl;
+        } // for
+}
+\end{cfa}
+\caption{Fibonacci Coroutine}
+\label{f:FibonacciCoroutine}
+\end{figure}
+
+
+\subsection{Coroutine}
+
+\Index{Coroutines} are the precursor to tasks.
+\VRef[Figure]{f:FibonacciCoroutine} shows a coroutine that computes the \Index*{Fibonacci} numbers.
 
 
@@ -3339 +3478 @@
 \end{cfa}
 
+\begin{figure}
+\begin{cfa}
+#include <fstream>
+#include <kernel>
+#include <monitor>
+#include <thread>
+
+monitor global_t {
+        int value;
+};
+
+void ?{}(global_t * this) {
+        this->value = 0;
+}
+
+static global_t global;
+
+void increment3( global_t * mutex this ) {
+        this->value += 1;
+}
+void increment2( global_t * mutex this ) {
+        increment3( this );
+}
+void increment( global_t * mutex this ) {
+        increment2( this );
+}
+
+thread MyThread {};
+
+void main( MyThread* this ) {
+        for(int i = 0; i < 1_000_000; i++) {
+                increment( &global );
+        }
+}
+int main(int argc, char* argv[]) {
+        processor p;
+        {
+                MyThread f[4];
+        }
+        sout | global.value | endl;
+}
+\end{cfa}
+\caption{Atomic-Counter Monitor}
+\caption{f:AtomicCounterMonitor}
+\end{figure}
+
+\begin{comment}
 Since a monitor structure includes an implicit locking mechanism, it does not make sense to copy a monitor;
 it is always passed by reference.
@@ -3385 +3571 @@
 }
 \end{cfa}
+\end{comment}
 
 
@@ -3392 +3579 @@
 A task provides mutual exclusion like a monitor, and also has its own execution state and a thread of control.
 Similar to a monitor, a task is defined like a structure:
+
+\begin{figure}
+\begin{cfa}
+#include <fstream>
+#include <kernel>
+#include <stdlib>
+#include <thread>
+
+thread First  { signal_once * lock; };
+thread Second { signal_once * lock; };
+
+void ?{}( First * this, signal_once* lock ) { this->lock = lock; }
+void ?{}( Second * this, signal_once* lock ) { this->lock = lock; }
+
+void main( First * this ) {
+        for ( int i = 0; i < 10; i += 1 ) {
+                sout | "First : Suspend No." | i + 1 | endl;
+                yield();
+        }
+        signal( this->lock );
+}
+
+void main( Second * this ) {
+        wait( this->lock );
+        for ( int i = 0; i < 10; i += 1 ) {
+                sout | "Second : Suspend No." | i + 1 | endl;
+                yield();
+        }
+}
+
+int main( void ) {
+        signal_once lock;
+        sout | "User main begin" | endl;
+        {
+                processor p;
+                {
+                        First  f = { &lock };
+                        Second s = { &lock };
+                }
+        }
+        sout | "User main end" | endl;
+}
+\end{cfa}
+\caption{Simple Tasks}
+\label{f:SimpleTasks}
+\end{figure}
+
+
+\begin{comment}
 \begin{cfa}
 type Adder = task {
@@ -3445 +3681 @@
 \end{cfa}
 
-
 \subsection{Cooperative Scheduling}
 
@@ -3558 +3793 @@
 }
 \end{cfa}
-
-
+\end{comment}
+
+
+\begin{comment}
 \section{Modules and Packages }
 
-\begin{comment}
 High-level encapsulation is useful for organizing code into reusable units, and accelerating compilation speed.
 \CFA provides a convenient mechanism for creating, building and sharing groups of functionality that enhances productivity and improves compile time.
@@ -4226 +4462 @@
 
 
+\begin{comment}
 \subsection[Comparing Key Features of CFA]{Comparing Key Features of \CFA}
 
@@ -4603 +4840 @@
 
 
-\begin{comment}
 \subsubsection{Modules / Packages}
 
@@ -4683 +4919 @@
 }
 \end{cfa}
-\end{comment}
 
 
@@ -4844 +5079 @@
 
 \subsection{Summary of Language Comparison}
-
-
-\subsubsection[C++]{\CC}
+\end{comment}
+
+
+\subsection[C++]{\CC}
 
 \Index*[C++]{\CC{}} is a general-purpose programming language.
@@ -4867 +5103 @@
 
 
-\subsubsection{Go}
+\subsection{Go}
 
 \Index*{Go}, also commonly referred to as golang, is a programming language developed at Google in 2007 [.].
@@ -4883 +5119 @@
 
 
-\subsubsection{Rust}
+\subsection{Rust}
 
 \Index*{Rust} is a general-purpose, multi-paradigm, compiled programming language developed by Mozilla Research.
@@ -4897 +5133 @@
 
 
-\subsubsection{D}
+\subsection{D}
 
 The \Index*{D} programming language is an object-oriented, imperative, multi-paradigm system programming
@@ -5009 +5245 @@
 \item[Rationale:] keywords added to implement new semantics of \CFA.
 \item[Effect on original feature:] change to semantics of well-defined feature. \\
-Any ISO C programs using these keywords as identifiers are invalid \CFA programs.
+Any \Celeven programs using these keywords as identifiers are invalid \CFA programs.
 \item[Difficulty of converting:] keyword clashes are accommodated by syntactic transformations using the \CFA backquote escape-mechanism (see~\VRef{s:BackquoteIdentifiers}).
 \item[How widely used:] clashes among new \CFA keywords and existing identifiers are rare.
@@ -5229 +5465 @@
 hence, names in these include files are not mangled\index{mangling!name} (see~\VRef{s:Interoperability}).
 All other C header files must be explicitly wrapped in ©extern "C"© to prevent name mangling.
+For \Index*[C++]{\CC{}}, the name-mangling issue is handled implicitly because most C header-files are augmented with checks for preprocessor variable ©__cplusplus©, which adds appropriate ©extern "C"© qualifiers.
 
 
@@ -5311 +5548 @@
 }
 
-// §\CFA§ safe initialization/copy
+// §\CFA§ safe initialization/copy, i.e., implicit size specification
 forall( dtype T | sized(T) ) T * memset( T * dest, char c );§\indexc{memset}§
 forall( dtype T | sized(T) ) T * memcpy( T * dest, const T * src );§\indexc{memcpy}§
@@ -5421 +5658 @@
 \leavevmode
 \begin{cfa}[aboveskip=0pt,belowskip=0pt]
-forall( otype T | { int ?<?( T, T ); } )
-T min( T t1, T t2 );§\indexc{min}§
-
-forall( otype T | { int ?>?( T, T ); } )
-T max( T t1, T t2 );§\indexc{max}§
-
-forall( otype T | { T min( T, T ); T max( T, T ); } )
-T clamp( T value, T min_val, T max_val );§\indexc{clamp}§
-
-forall( otype T )
-void swap( T * t1, T * t2 );§\indexc{swap}§
+forall( otype T | { int ?<?( T, T ); } ) T min( T t1, T t2 );§\indexc{min}§
+forall( otype T | { int ?>?( T, T ); } ) T max( T t1, T t2 );§\indexc{max}§
+forall( otype T | { T min( T, T ); T max( T, T ); } ) T clamp( T value, T min_val, T max_val );§\indexc{clamp}§
+forall( otype T ) void swap( T * t1, T * t2 );§\indexc{swap}§
 \end{cfa}
 

doc/working/exception/design.txt

@@ -1 +1 @@
 Design of Exceptions and EHM in Cforall:
 
-Currently this is a combination of ideas and big questions that still have to
-be addressed. It also includes some other error handling options, how they
-interact and compare to exceptions.
+
+Exception Instances:
+Currently, exceptions are integers (like errno).
+
+They are planned to be the new "tagged structures", which allows them to
+exist in a simple hierarchy which shared functionality throughout. However
+the tagged structures are not yet implemented so that will wait.
+
+A single built in exception is at the top of the hierarchy and all other
+exceptions are its children. When you match against an exception, you match
+for an exception and its children, so the top of the hierarchy is used as a
+catch-all option.
+
+The shared functionality across exceptions has not been finalized, but will
+probably include things like human readable descriptions and default handlers.
 
 
-What is an Exception:
+Throwing:
+There are currently two kinds of throws, "throw" for termination and
+"throwResume" for resumption. Both keywords can be used to create a throw
+statement. The kind of throw decides what handlers may catch the exception
+and weither control flow can return to the throw site.
 
-In other words what do we throw? What is matched against, how does it carry
-data with it? A very important question that has not been answered.
+Syntax
+"throw" exception ";"
+"throwResume" exception ";"
 
-Option 1: Strutures
+Non-local throws are allowed for resumption only. A target is an object with
+a stack, with which it may propagate and handle the exception.
 
-Considering the current state of Cforall the most natural form of the
-exception would likely be a struture, implementing a trait repersenting the
-minimum features of an exception. This has many advantages, including arbitray
-fields, some polymorphism and it matches exceptations of many current systems.
+Syntax
+"throwResume" exception "_At" target ";"
 
-The main issue with this is matching, without OOP inheritance there is no
-exception hierarchy. Meaning all handling has to happen on the exact exception
-without the ease of grouping parents. There are several ways to attempt to
-recover this.
-
-The first is with conditional matching (a check after the type has been
-matched) which allows for matching particular values of a known type. However
-this does not dynamically expand and requires an extra step (as opposed to
-mearly allowing one). I would not recomend this as the primary method.
-
-Second is to try and use type casts/conversions to create an implicate
-hierachy, so that a catch clause catches anything of the given type or
-anything that converts to the given type.
-
-Plan9 (from what I know of it) would be a powerful tool here. Even with it,
-creating a hierarchy of types at runtime might be too expencive. Esecially
-since they are less likely to be tree like at that point.
-
-Option 2: Tags
-
-The other option is to introduce a new construct into the language. A tag
-repersents a type of exception, it is not a structure or variable (or even
-a normal type). It may be usable in some of those contexts.
-
-Tags can declare an existing tag as its parent. Tags can be caught by handlers
-that catch their parents. (There is a single base_exception that all other
-exceptions are children of eventually.) This allows for grouping of exceptions
-that repersent similar errors.
-
-Tags should also have some assotiated data, where and on what did the error
-occur. Keeping with the otherness of exception tags and allowing them to be
-expanded, using a parameter list. Each exception can have a list of paramters
-given to it on a throw. Each tag would have a declared list of parameters
-(which could be treated more like a set of fields as well). Child tags must
-use their parent's list as a prefix to their own, so that the parameters can
-be accessed when the child tag is matched against the parent.
-
-Option N: ...
-
-This list is not complete.
+Termination throws unwind the stack until a handler is reached, control moves
+onwards from the end of the handler. Resumption throws do not unwind, if a
+handler is found and control will return to the throw after the exception is
+handled.
 
 
-Seperating Termination and Resumption:
+Catching:
+The catch and handle of an exception is preformed with a try statement, which
+also can have finally clauses to exceute on exit from the scope.
 
-Differentating the types of exceptions based on exception would be hard with
-exceptions as structures. It is possible with exceptions as tags by having
-two base exceptions, one for each type of throw. However recompining them
-to dual types would be harder.
+Syntax
+"try"
+        try-block
+( ("catch" | "catchResume")
+  "(" exception_type [identifier] [";" conditional_expression] ")"
+        catch-block
+)*
+("finally"
+        finally-block
+)?
 
-Reguardless, using different keywords would also be useful for clarity, even
-if it does not add functality. Using the C++ like keywords would be a good
-base. Resumption exceptions could use a different set (ex. raise->handle) or
-use resume as a qualifier on the existing statements.
+Either at least 1 handler clause or the finally clasue must be given on each
+try block. Each handler clause handles 1 of the two types of throws. Each
+handler also specifies a type of exception it handles, and will handle all
+children exceptions as well. In addition, a conditional expression which, if
+included, must be true for the handler to catch the exception.
+
+The two types of handlers may be intermixed. Multiple handlers catching the
+same type may also be used, to allow for fallbacks on false conditionals.
 
 
-Conditional Matching:
+Implementation Overview:
 
-A possible useful feature, it allows for arbitrary checks on a catch block
-instead of merely matching a type. However there are few use cases that
-cannot be avoided with proper use of a type hierarchy, and this shrinks even
-further with a good use of re-throws.
+The implementation has two main parts. The first is just a collection of the
+support definitions we need, the data types and functions used within the
+exception handling code. Second is a translation from Cforall code to C code
+that uses those definitions to throw, catch and handle exceptions.
 
-Also it assumes one sweep, that might also be a problem. But might also give
-it an advantage over re-throws.
+Termination handlers call a specially annotated function, passing it inner
+functions that act as the varius sub-blocks. Termination throws use the
+unwind library that checks the underlying code for those annotations. Each
+time one is found some magic is used to check for a matching handler, if one
+is found control goes to the special function which excecutes the handler and
+returns.
+
+Resumption handlers maintain a linked list of stack allocated nodes that have
+the handler functions attached. Throwing a resumption exception traverses this
+list, and calls each handler, the handlers handle the exception if they can
+and return if they did or not.
+
+Finally clauses just use stack cleanup to force a nested function, which has
+the code from the finally clause, to execute when we leave that section.
 
 
-Alternatives: Implicate Handlers & Return Unions
+Alternative Error Handling: Return Unions
 
-Both act as a kind of local version of an exception. Implicate handlers act as
-resumption exceptions and return unions like termination exceptions. By local
-I mean they work well at one or two levels of calls, but do not cover N levels
-as cleanly.
+Return unions (Maybe and Result), are types that can encode a success or
+other result in a single value. Maybe stores a value or nothing, Result stores
+a value or an error.
 
-Implicate handles require a growing number of function pointers (which should
-not be used very often) to be passed to functions, creating and additional
-preformance cost. Return unions have to be checked and handled at every level,
-which has some preformance cost, but also can significantly clutter code.
-Proper tools can help with the latter.
+For errors that are usually handled quite close to where they occur, these
+can replace exceptions.
 
-However, they may work better at that local level as they do not require stack
-walking or unwinding. In addition they are closer to regular control flow and
-are easier to staticly check. So even if they can't replace exceptions
-(directly) they may still be worth using together.
-
-For instance, consider the Python iterator interface. It uses a single
-function, __next__, to access the next value and to signal the end of the
-sequence. If a value is returned, it is the next value, if the StopIteration
-exception is thrown the sequence has finished.
-
-However almost every use of an iterator will add a try-except block around the
-call site (possibly through for or next) to catch and handle the exception
-immediately, ignoring the advantages of more distant exception handling.
-
-In this case it may be cleaner to use a Maybe for both cases (as in Rust)
-which gives similar results without having to jump to the exception handler.
-This will likely handle the error case more efficiently and the success case a
-bit less so.
-
-It also mixes the error and regular control flow, which can hurt readablity,
-but very little if the handling is simple, for instance providing a default
-value. Similarly, if the error (or alternate outcome) is common enough
-encoding it in the function signature may be good commuication.
+They tend to be faster and require similar or less amounts of code to handle.
+However they can slow down the normal path with some extra conditionals and
+can mix the normal and exceptional control flow path. If handling the error
+is simple, and happens relatively frequently, this might be prefered but in
+other cases it just hurts speed and readability.
 
 In short, these errors seem to be more effective when errors are likely and
@@ -125 +107 @@
 be handled locally, might be better off using these instead of exceptions.
 
-Also the implicate handlers and return unions could use exceptions as well.
-For instance, a useful default might handler might be to throw an exception,
-seaching up the stack for a solution if one is not locally provided.
-
-Or here is a possible helper for unpacking a Result value:
+Also the return unions could use exceptions as well. Getting the improper
+side of a return union might throw an exception. Or we can provide helpers
+for results withe exceptions as in:
                 forall(otype T, otype E | exception(E))
                 T get_or_throw (Result(T, E) * this) {
-                        if (is_success(this)) {
-                                return get_success(this);
+                        if (has_value(this)) {
+                                return get_value(this);
                         } else {
-                                throw get_failure(this);
+                                throw get_error(this);
                         }
                 }
-So they can feed off of each other.