# Changes in /[e6cfa8ff:5b544a6]

Ignore:
Files:
14 edited

Unmodified
Removed
• ## doc/theses/thierry_delisle_PhD/.gitignore

 re6cfa8ff comp_II/build/ comp_II/img/*.fig.bak comp_II/comp_II.pdf comp_II/comp_II.ps
• ## doc/theses/thierry_delisle_PhD/comp_II/Makefile

 re6cfa8ff FIGURES = ${addsuffix .tex, \ base \ empty \ emptybit \ emptytree \ resize \ } mkdir -p${Build} %.tex : %.fig ${Build} %.tex : img/%.fig${Build} fig2dev -L eepic $< >${Build}/$@ %.ps : %.fig |${Build} %.ps : img/%.fig | ${Build} fig2dev -L ps$< > ${Build}/$@ %.pstex : %.fig | ${Build} %.pstex : img/%.fig |${Build} fig2dev -L pstex $< >${Build}/$@ fig2dev -L pstex_t -p${Build}/$@$< > ${Build}/$@_t
• ## doc/theses/thierry_delisle_PhD/comp_II/comp_II.tex

 re6cfa8ff \documentclass[11pt,fullpage]{article} \documentclass[11pt]{article} \usepackage{fullpage} \usepackage[T1]{fontenc} \usepackage[utf8]{inputenc} \usepackage{xcolor} \usepackage{graphicx} \usepackage[hidelinks]{hyperref} \usepackage{epic,eepic} \usepackage{glossaries} \usepackage{textcomp} \usepackage{geometry} \usepackage[hidelinks]{hyperref} %\usepackage[margin=1in]{geometry} %\usepackage{float} % cfa macros used in the document \section{Introduction} \subsection{\CFA and the \CFA concurrency package} \CFA\cit is a modern, polymorphic, non-object-oriented, backwards-compatible extension of the C programming language. It aims to add high productivity features while maintaning the predictible performance of C. As such concurrency in \CFA\cit aims to offer simple and safe high-level tools while still allowing performant code. Concurrent code is written in the syncrhonous programming paradigm but uses \glspl{uthrd} in order to achieve the simplicity and maintainability of synchronous programming without sacrificing the efficiency of asynchronous programing. As such the \CFA scheduler is a user-level scheduler that maps \glspl{uthrd} onto \glspl{kthrd}. The goal of this research is to produce a scheduler that is simple to use and offers acceptable performance in all cases. Here simplicity does not refer to the API but to how much scheduling concerns programmers need to take into account when using the \CFA concurrency package. Therefore, the main goal of this proposal is as follows : \CFA\cit is a modern, polymorphic, non-object-oriented, backwards-compatible extension of the C programming language. It aims to add high-productivity features while maintaning the predictible performance of C. As such, concurrency in \CFA\cit aims to offer simple and safe high-level tools while still allowing performant code. \CFA concurrrent code is written in the synchronous programming paradigm but uses \glspl{uthrd} in order to achieve the simplicity and maintainability of synchronous programming without sacrificing the efficiency of asynchronous programing. As such, the \CFA \emph{scheduler} is a preemptive user-level scheduler that maps \glspl{uthrd} onto \glspl{kthrd}. Scheduling occurs when execution switches from one thread to another, where the second thread is implicitly chosen by the scheduler. This scheduling is an indirect handoff, as opposed to generators and coroutines which explicitly switch to the next generator and coroutine respectively. The cost of switching between two threads for an indirect handoff has two components : the cost of actually context-switching, i.e., changing the relevant registers to move execution from one thread to the other, and the cost of scheduling, i.e., deciding which thread to run next among all the threads ready to run. The first cost is generally constant and fixed, while the scheduling cost can vary based on the system state\footnote{Affecting the context-switch cost is whether it is done in one step, after the scheduling, or in two steps, context-switching to a fixed third-thread before scheduling.}. Adding multiple \glspl{kthrd} does not fundamentally change the scheduler semantics or requirements, it simply adds new correctness requirements, i.e. \textit{linearizability}, and a new dimension to performance: scalability, where scheduling cost now also depends on contention. The more threads switch, the more the administrating cost of scheduling becomes noticeable. It is therefore important to build a scheduler with the lowest possible cost and latency. Another important consideration is \emph{fairness}. In principle, scheduling should give the illusion of perfect fairness, where all threads ready to run are running \emph{simultaneously}. While the illusion of simultaneity is easier to reason about, it can break down if the scheduler allows to much unfairness. Therefore, the scheduler should offer as much fairness as needed to guarantee eventual progress, but use unfairness to help performance. In practice, threads must wait in turn but there can be advantages to unfair scheduling, e.g., the express cash register at a grocery store. The goal of this research is to produce a scheduler that is simple for programmers to understand and offers good performance. Here understandability does not refer to the API but to how much scheduling concerns programmers need to take into account when writing a \CFA concurrent package. Therefore, the main goal of this proposal is : \begin{quote} The \CFA scheduler should be \emph{viable} for any workload. The \CFA scheduler should be \emph{viable} for \emph{any} workload. \end{quote} This objective includes producing a scheduling strategy with minimal fairness guarantees, creating an abstraction layer over the operating system to handle kernel-threads spinning unnecessarily and hide blocking I/O operations and, writing sufficient library tools to allow developpers to properly use the scheduler. For a general purpose scheduler, it is impossible to produce an optimal algorithm as it would require knowledge of the future behaviour of threads. As such, scheduling performance is generally either defined by the best case scenario, a workload to which the scheduler is tailored, or the worst case scenario, i.e., the scheduler behaves no worst than \emph{X}. For this proposal, the performance is evaluated using the second approach to allow \CFA programmers to rely on scheduling performance. A solution to this impossibility is to allow programmers to write their own scheduler, that is not the subject of this proposal, which considers only the default scheduler. As such, it is important that only programmers with exceptionally high performance requirements should need to write their own scheduler and replace the scheduler in this proposal. This objective includes producing a scheduling strategy with sufficient fairness guarantees, creating an abstraction layer over the operating system to handle kernel-threads spinning unnecessarily and hide blocking I/O operations, and writing sufficient library tools to allow developers to indirectly use the scheduler. % =============================================================================== \section{Scheduling for \CFA} While the \CFA concurrency package doesn't have any particular scheduling needs beyond those of any concurrency package which uses \glspl{uthrd}, it is important that the default \CFA Scheduler be viable in general. Indeed, since the \CFA Scheduler does not target any specific workloads, it is unrealistic to demand that it use the best scheduling strategy in all cases. However, it should offer a viable out of the box'' solution for most scheduling problems so that programmers can quickly write performant concurrent without needed to think about which scheduling strategy is more appropriate for their workload. Indeed, only programmers with exceptionnaly high performance requirements should need to write their own scheduler. More specifically, two broad types of schedulering strategies should be avoided in order to avoid penalizing certain types of workloads : feedback-based and priority schedulers. While the \CFA concurrency package does not have any particular scheduling requirements beyond supporting \glspl{uthrd}. Therefore, the detailed requirements of the \CFA scheduler are : \paragraph{Correctness} As with any other concurrent data structure or algorithm, the correctness requirement is paramount. The scheduler cannot allow threads to be dropped from the ready-queue, i.e., scheduled but never run, or be executed multiple times when only being scheduled once. Since \CFA concurrency has no spurious wakeup, this definition of correctness also means the scheduler should have no spurious wakeup. The \CFA scheduler must be correct. \paragraph{Performance} The performance of a scheduler can generally be mesured in terms of scheduling cost, scalability and latency. Scheduling cost is the cost to switch from one thread to another, as mentioned above. For simple applications where a single kernel thread does most of the scheduling, it is generally the dominating cost. When adding many kernel threads, scalability can become an issue, effectively increasing the cost of context-switching when contention is high. Finally, a third axis of performance is tail latency. This measurement is related to fairness and mesures how long is needed for a thread to be run once scheduled but evaluated in the worst cases. The \CFA scheduler should offer good performance in all three metrics. \paragraph{Fairness} Like performance, this requirements has several aspect : eventual progress, predictability and performance reliablility. As a hard requirement, the \CFA scheduler must guarantee eventual progress, i.e., prevent starvation, otherwise the above mentioned illusion of simultaneous execution is broken and the scheduler becomes much more complext to reason about. Beyond this requirement, performance should be predictible and reliable, which means similar workloads achieve similar performance and programmer intuition is respected. An example of this is : a thread that yields agressively should not run more often then other tasks. While this is intuitive, it does not hold true for many work-stealing or feedback based schedulers. The \CFA scheduler must guarantee eventual progress and should be predictible and offer reliable performance. \paragraph{Efficiency} Finally, efficient usage of CPU resources is also an important requirement. This issue is discussed more in depth towards the end of this proposal. It effectively refers to avoiding using CPU power when there are no threads to run, and conversely, use all CPUs available when the workload can benefit from it. Balancing these two states is where the complexity lies. The \CFA scheduler should be efficient with respect to the underlying (shared) computer. To achieve these requirements, I can reject two broad types of scheduling strategies : feedback-based and priority schedulers. \subsection{Feedback-Based Schedulers} Many operating systems use schedulers based on feadback loops in some form, they measure how much CPU a particular thread has used\footnote{Different metrics can be used to here but it is not relevant to the discussion.} and schedule threads based on this metric. These strategies are sensible for operating systems but rely on two assumptions on the workload : Many operating systems use schedulers based on feedback in some form, e.g., measuring how much CPU a particular thread has used\footnote{Different metrics can measured here but it is not relevant to the discussion.} and schedule threads based on this metric. These strategies are sensible for operating systems but rely on two assumptions on the workload : \begin{enumerate} \item Threads live long enough to be scheduled many times. \item Cooperation among all threads is not simply infeasible, it is a security risk. \item Threads live long enough for useful feedback information to be to gathered. \item Threads belong to multiple users so fairness across threads is insufficient. \end{enumerate} While these two assumptions generally hold for operating systems, they may not for \CFA programs. In fact, \CFA uses \glspl{uthrd} which have the explicit goal of reducing the cost of threading primitives to allow many smaller threads. This can naturally lead to have threads with much shorter lifetime and only being scheduled a few times. Scheduling strategies based on feadback loops cannot be effective in these cases because they will not have the opportunity to measure the metrics that underlay the algorithm. Note that the problem of feadback loop convergence (reacting too slowly to scheduling events) is not specific to short lived threads but can also occur with threads that show drastic changes in scheduling event, e.g., threads running for long periods of time and then suddenly blocking and unblocking quickly and repeatedly. In the context of operating systems, these concerns can be overshadowed by a more pressing concern : security. When multiple users are involved, it is possible that some users are malevolent and try to exploit the scheduling strategy in order to achieve some nefarious objective. Security concerns mean that more precise and robust fairness metrics must be used. In the case of the \CFA scheduler, every thread runs in the same user-space and are controlled from the same user. It is then possible to safely ignore the possibility that threads are malevolent and assume that all threads will ignore or cooperate with each other. This allows for a much simpler fairness metric and in this proposal fairness'' will be considered as equal opportunities to run once scheduled. Since feadback is not necessarily feasible within the lifetime of all threads and a simple fairness metric can be used, the scheduling strategy proposed for the \CFA runtime does not user per-threads feedback. Feedback loops in general are not rejected for secondary concerns like idle sleep, but no feedback loop is used to decide which thread to run next. While these two assumptions generally hold for operating systems, they may not for user-level threading. Since \CFA has the explicit goal of allowing many smaller threads, this can naturally lead to threads with much shorter lifetime, only being scheduled a few times. Scheduling strategies based on feedback cannot be effective in these cases because they do not have the opportunity to measure the metrics that underlie the algorithm. Note that the problem of feedback convergence (reacting too slowly to scheduling events) is not specific to short lived threads but can also occur with threads that show drastic changes in scheduling, e.g., threads running for long periods of time and then suddenly blocking and unblocking quickly and repeatedly. In the context of operating systems, these concerns can be overshadowed by a more pressing concern : security. When multiple users are involved, it is possible that some users are malevolent and try to exploit the scheduling strategy in order to achieve some nefarious objective. Security concerns mean that more precise and robust fairness metrics must be used to guarantee fairness across processes created by users as well as threads created within a process. In the case of the \CFA scheduler, every thread runs in the same user-space and are controlled by the same user. Fairness across users is therefore a given and it is then possible to safely ignore the possibility that threads are malevolent. This approach allows for a much simpler fairness metric and in this proposal fairness'' is considered as follows : when multiple threads are cycling through the system, the total ordering of threads being scheduled, i.e., pushed onto the ready-queue, should not differ much from the total ordering of threads being executed, i.e., popped from the ready-queue. Since feedback is not necessarily feasible within the lifetime of all threads and a simple fairness metric can be used, the scheduling strategy proposed for the \CFA runtime does not use per-threads feedback. Feedback in general is not rejected for secondary concerns like idle sleep, but no feedback is used to decide which thread to run next. \subsection{Priority Schedulers} Another broad category of schedulers are priority schedulers. In these scheduling strategies threads have priorities and the runtime schedules the threads with the highest priority before scheduling other threads. Threads with equal priority are scheduled using a secondary strategy, often something simple like round-robin or FIFO. These priority mean that, as long as there is a thread with a higher priority that desires to run, a thread with a lower priority will not run. This possible starving of threads can dramatically increase programming complexity since starving threads and priority inversion (prioritising a lower priority thread) can both lead to serious problems, leaving programmers between a rock and a hard place. An important observation to make is that threads do not need to have explicit priorities for problems to be possible. Indeed, any system with multiple ready-queues and attempts to exhaust one queue before accessing the other queues, could encounter starvation problems. A popular scheduling strategy that suffers from implicit priorities is work-stealing. Work-stealing is generally presented as follows : \begin{itemize} \item Each processor has a list of threads. \end{itemize} Another broad category of schedulers are priority schedulers. In these scheduling strategies, threads have priorities and the runtime schedules the threads with the highest priority before scheduling other threads. Threads with equal priority are scheduled using a secondary strategy, often something simple like round-robin or FIFO. These priority mean that, as long as there is a thread with a higher priority that desires to run, a thread with a lower priority does not run. This possible starving of threads can dramatically increase programming complexity since starving threads and priority inversion (prioritizing a lower priority thread) can both lead to serious problems. An important observation to make is that threads do not need to have explicit priorities for problems to occur. Indeed, any system with multiple ready-queues and attempts to exhaust one queue before accessing the other queues, can encounter starvation problems. A popular scheduling strategy that suffers from implicit priorities is work-stealing. Work-stealing is generally presented as follows, each processor has a list of ready threads. \begin{enumerate} \item Run threads from this'' processor's list. \end{enumerate} In a loaded system\footnote{A loaded system is a system where threads are being run at the same rate they are scheduled}, if a thread does not yield or block for an extended period of time, threads on the same processor list will starve if no other processors can exhaust their list. In a loaded system\footnote{A loaded system is a system where threads are being run at the same rate they are scheduled.}, if a thread does not yield, block or preempt for an extended period of time, threads on the same processor list starve if no other processors exhaust their list. Since priorities can be complex to handle for programmers, the scheduling strategy proposed for the \CFA runtime does not use a strategy with either implicit or explicit thread priorities. \subsection{Schedulers without feadback or priorities} I claim that the ideal default scheduler for the \CFA runtime is a scheduler that offers good scalability and a simple fairness guarantee that is easy for programmers to reason about. The simplest fairness guarantee is to guarantee FIFO ordering, i.e., threads scheduled first will run first. However, enforcing FIFO ordering generally conflicts with scalability across multiple processors because of the additionnal synchronization. Thankfully, strict FIFO is not needed for scheduling. Since concurrency is inherently non-deterministic, fairness concerns in scheduling are only a problem if a thread repeatedly runs before another thread can run\footnote{This is because the non-determinism means that programmers must already handle ordering problems in order to produce correct code and already must rely on weak guarantees, for example that a specific thread will \emph{eventually} run.}. This need for unfairness to persist before problems occur means that the FIFO fairness guarantee can be significantly relaxed without causing problems. For this proposal, the target guarantee is that the \CFA scheduler guarantees \emph{probable} FIFO ordering, which is defined as follows : \subsection{Schedulers without feedback or priorities} This proposal conjectures that is is possible to construct a default scheduler for the \CFA runtime that offers good scalability and a simple fairness guarantee that is easy for programmers to reason about. The simplest fairness guarantee is FIFO ordering, i.e., threads scheduled first run first. However, enforcing FIFO ordering generally conflicts with scalability across multiple processors because of the additionnal synchronization. Thankfully, strict FIFO is not needed for sufficient fairness. Since concurrency is inherently non-deterministic, fairness concerns in scheduling are only a problem if a thread repeatedly runs before another thread can run. This is because the non-determinism means that programmers must already handle ordering problems in order to produce correct code and already must rely on weak guarantees, for example that a specific thread will \emph{eventually} run. Since some reordering does not break correctness, the FIFO fairness guarantee can be significantly relaxed without causing problems. For this proposal, the target guarantee is that the \CFA scheduler provides \emph{probable} FIFO ordering, which allows reordering but makes it improbable that threads are reordered far from their position in total ordering. Scheduling is defined as follows : \begin{itemize} \item Given two threads $X$ and $Y$, the odds that thread $X$ runs $N$ times \emph{after} thread $Y$ is scheduled but \emph{before} it is run, decreases exponentially with regards to $N$. \item Given two threads $X$ and $Y$, the odds that thread $X$ runs $N$ times \emph{after} thread $Y$ is scheduled but \emph{before} it is run, decreases exponentially with regard to $N$. \end{itemize} While this is not a strong guarantee, the probability that problems persist for long period of times decreases exponentially, making persisting problems virtually impossible. \subsection{Real-Time} While the objective of this proposed scheduler is similar to the objective of real-time scheduling, this proposal is not a proposal for real-time scheduler and as such makes no attempt to offer either soft or hard guarantees on scheduling delays. While this is not a bounded guarantee, the probability that unfairness persist for long periods of times decreases exponentially, making persisting unfairness virtually impossible. % =============================================================================== \section{Proposal} \subsection{Ready-Queue} Using trevor's paper\cit as basis, it is simple to build a relaxed FIFO list that is fast and scalable for loaded or overloaded systems. The described queue uses an array of underlying strictly FIFO queue. Pushing new data is done by selecting one of these underlying queues at random, recording a timestamp for the push and pushing to the selected queue. Popping is done by selecting two queues at random and popping from the queue for which the head has the oldest timestamp. In loaded or overloaded systems, it is higly likely that the queues is far from empty, e.i., several tasks are on each of the underlying queues. This means that selecting a queue at random to pop from is higly likely to yield a queue that is not empty. When the ready queue is "more empty", i.e., several of the inner queues are empty, selecting a random queue for popping is less likely to yield a valid selection and more attempts need to be made, resulting in a performance degradation. In cases, with few elements on the ready queue and few processors running, performance can be improved by adding information to help processors find which inner queues are used. Preliminary performance tests indicate that with few processors, a bitmask can be used to identify which inner queues are currently in use. This is especially effective in the single-thread case, where the bitmask will always be up-to-date. Furthermore, modern x86 CPUs have a BMI2 extension which allow using the bitmask with very little overhead over directly accessing the readyqueue offerring decent performance even in cases with many empty inner queues. This technique does not solve the problem completely, it randomly attempts to find a block of 64 queues where at least one is used, instead of attempting to find a used queue. For systems with a large number of cores this does not completely solve the problem, but it is a fixed improvement. The size of the blocks are limited by the maximum size atomic instruction can operate on, therefore atomic instructions on large words would increase the 64 queues per block limit. \TODO double check the next sentence Preliminary result indicate that the bitmask approach with the BMI2 extension can lead to multi-threaded performance that is contention agnostic in the worst case. This result suggests that the contention penalty and the increase performance for additionnal thread cancel each other exactly. This may indicate that a relatively small reduction in contention may tip the performance into positive scalling even for the worst case. It can be noted that in cases of high-contention, the use of the bitmask to find queues that are not empty is much less reliable. Indeed, if contention on the bitmask is high, it means it probably changes significantly between the moment it is read and the actual operation on the queues it represents. Furthermore, the objective of the bitmask is to avoid probing queues that are empty. Therefore, in cases where the bitmask is highly contented, it may be preferrable to probe queues randomly, either until contention decreases or until a prior prefetch of the bitmask completes. Ideally, the scheduler would be able to observe that the bitmask is highly contented and adjust its behaviour appropriately. However, I am not aware of any mechanism to query whether a cacheline is in cache or to run other instructions until a cacheline is fetch without blocking on the cacheline. As such, an alternative that may have a similar impact would be for each thread to have their own bitmask, which would be updated both after each scheduler action and after a certain number of failed probing. If the bitmask has little contention, the local bitmask will be mostly up-to-date and several threads won't need to contend as much on the global bitmask. If the bitmask has significant contention, then fetching it becomes more expensive and threads may as well probe randomly. This solution claims that probing randomly or against an out-of-date bitmask is equivalent. In cases where this is insufficient, another approach is to use a hiearchical data structure. Creating a tree of nodes to reduce contention has been shown to work in similar cases\cit(SNZI: Scalable NonZero Indicators)\footnote{This particular paper seems to be patented in the US. How does that affect \CFA? Can I use it in my work?}. However, this approach may lead to poorer single-threaded performance due to the inherent pointer chasing, as such, it was not considered as the first approach but as a fallback in case the bitmask approach does not satisfy the performance goals. Part of this performance relies on contention being low when there are few threads on the readyqueue. However, this can be assumed reliably if the system handles putting idle processors to sleep, which is addressed in section \ref{sleep}. \subsection{Ready-Queue} \label{sec:queue} A simple ready-queue can be built from a FIFO queue, user-threads are pushed onto the queue when they are ready to run and processors (kernel-threads acting as virtual processors) pop the user-threads from the queue and execute them. Using Trevor's paper\cit as basis, it is simple to build a relaxed FIFO list that is fast and scalable for loaded or overloaded systems. The described queue uses an array of underlying strictly FIFO queues as shown in Figure~\ref{fig:base}\footnote{For this section, the number of underlying queues is assumed to be constant, Section~\ref{sec:resize} will discuss resizing the array.}. Pushing new data is done by selecting one of these underlying queues at random, recording a timestamp for the push and pushing to the selected queue. Popping is done by selecting two queues at random and popping from the queue for which the head has the oldest timestamp. A higher number of underlying queues leads to less contention on each queue and therefore better performance. In a loaded system, it is higly likely the queues are non-empty, i.e., several tasks are on each of the underlying queues. This means that selecting a queue at random to pop from is higly likely to yield a queue with available items. In Figure~\ref{fig:base}, ignoring the ellipsis, the chances of getting an empty queue is 2/7 per pick, meaning two randoms pick will yield an item approximately 9 times out of 10. \begin{figure} \begin{center} %               {\resizebox{0.8\textwidth}{!}{\input{base}}} \input{base} \end{center} \caption{Relaxed FIFO list at the base of the scheduler: an array of strictly FIFO lists. } \label{fig:base} \end{figure} \begin{figure} \begin{center} %               {\resizebox{0.8\textwidth}{!}{\input{empty}}} \input{empty} \end{center} \caption{More empty'' state of the queue: the array contains many empty cells.} \label{fig:empty} \end{figure} When the ready queue is "more empty", i.e., several of the inner queues are empty, selecting a random queue for popping is less likely to yield a valid selection and more attempts need to be made, resulting in a performance degradation. Figure~\ref{fig:empty} shows an example with fewer elements where the chances of getting an empty queue is 5/7 per pick, meaning two randoms pick will yield an item only half the time. Since the overarching queue is not empty, the pop operation \emph{must} find an element before returning and therefore must retry. Overall performance is therefore influenced by the contention on the underlying queues and pop performance is influenced by the items density. This leads to four performance cases, as depicted in Table~\ref{tab:perfcases}. \begin{table} \begin{center} \begin{tabular}{|r|l|l|} \cline{2-3} \multicolumn{1}{r|}{} & \multicolumn{1}{c|}{Many Processors} & \multicolumn{1}{c|}{Few Processors} \\ \hline Many Threads & A: good performance & B: good performance \\ \hline Few Threads  & C: poor performance & D: poor performance \\ \hline \end{tabular} \end{center} \caption{Performance of the relaxed FIFO list in different cases. The number of processors (many or few) refers to the number of kernel-threads \emph{actively} attempting to pop user-threads from the queues, not the total number of kernel-threads. The number of threads (many of few) refers to the number of user-threads ready to be run. Many threads means they outnumber processors significantly and most underlying queues have items, few threads means there are barely more threads than processors and most underlying queues are empty. Cases with fewer threads than processors are discussed in Section~\ref{sec:sleep}.} \label{tab:perfcases} \end{table} Performance can be improved in case~D (Table~\ref{tab:perfcases}) by adding information to help processors find which inner queues are used. This aims to avoid the cost of retrying the pop operation but does not affect contention on the underlying queues and can incur some management cost for both push and pop operations. A bitmask can be used to identify which inner queues are currently in use, as shown in Figure~\ref{fig:emptybit}. This means that processors can often find user-threads in constant time, regardless of how many underlying queues are empty. Furthermore, modern x86 CPUs have an extension (BMI2) which allow using the bitmask with very little overhead compared to a filled readyqueue, offerring decent performance even in cases with many empty inner queues. However, this technique has its limits, with a single word\footnote{Word refers here to however many bits can be written atomicly.} bitmask, the total number of underlying queues in the overarching queue is limited to the number of bits in the word. With a multi-word bitmask, this maximum limit can be increased arbitrarily, but it is not possible to check if the queue is empty by reading the bitmask atomicly. A dense bitmap, i.e., either a single word bitmask or a multi word bitmask where all words are densely packed, also causes additionnal problems in case~C (Table~\ref{tab:perfcases}), which the increased contention on the bitmask both causes new performance degradation and means the accuracy of the bitmask is less reliable due to more hardware threads potentially racing to read and/or update that information. \begin{figure} \begin{center} {\resizebox{0.8\textwidth}{!}{\input{emptybit}}} \end{center} \caption{More empty'' queue with added bitmask to indicate which array cells have items.} \label{fig:emptybit} \end{figure} Another approach is to use a hiearchical data structure, for example Figure~\ref{fig:emptytree}. Creating a tree of nodes to reduce contention has been shown to work in similar cases\cit(SNZI: Scalable NonZero Indicators)\footnote{This particular paper seems to be patented in the US. How does that affect \CFA? Can I use it in my work?}. However, this approach may lead to poorer performance in case~B (Table~\ref{tab:perfcases}) due to the inherent pointer chasing cost and already low contention cost in that case. \begin{figure} \begin{center} {\resizebox{0.8\textwidth}{!}{\input{emptytree}}} \end{center} \caption{More empty'' queue with added binary search tree indicate which array cells have items.} \label{fig:emptytree} \end{figure} Finally, a third approach is to use dense information, similar to the bitmap, but have each thread keep its own independant copies of it. While this approach can offer good scalability \emph{and} low latency, the livelyness of the information can become a problem. In the simple cases, local copies of which underlying queues are empty can become stale and end-up not be useful when for the pop operation. A more serious problem is that reliable information is necessary for some parts of this algorithm to be correct. As mentionned in this section, processors must know \emph{reliably} whether the list is empty or not to decide if they can return \texttt{NULL} or if they must keep looking during a pop operation. Section~\ref{sec:sleep} discusses an other case where reliable information is required for the algorithm to be correct. There is a fundamental tradeoff among these approach. Dense global information about empty underlying queues will help zero-contention cases at the cost of high-contention case. Sparse global information will help high-contention cases but increase latency in zero-contention-cases, to read and aggregate'' the information\footnote{Hiearchical structures, e.g., binary search tree, effectively aggregate information but following pointer chains, learning information for each node. Similarly, other sparse schemes would need to read multiple cachelines to acquire all the information needed.}. Finally, dense local information has both the advantages of low latency in zero-contention cases and scalability in high-contention cases, however the information can become stale making it difficult to use to ensure correctness. The fact that these solutions have these fundamental limits suggest that that a more solution that combines these solutions in an interesting ways. The lock discussed in Section~\ref{sec:resize} also allows for solutions that adapt to the number of processors, which couls also prove useful. \paragraph{Objectives and Existing Work} How much scalability is actually needed is highly debatable, libfibre\cit is has compared favorably to other schedulers in webserver tests\cit and uses a single atomic counter in its scheduling algorithm similarly to the proposed bitmask. As such the single atomic instruction on a shared cacheline may be sufficiently performant. I have built a prototype of this ready-queue (including the bitmask and BMI2 usage, but not the sharded bitmask) and ran performance experiments on it but it is difficult to compare this prototype to a thread scheduler as the prototype is used as a data-queue. I have also integrated this prototype into the \CFA runtime, but have not yet created performance experiments to compare results. I believe that the bitmask approach is currently one of the larger risks of the proposal, early tests lead me to believe it may work but it is not clear that the contention problem can be overcome. The worst-case scenario is a case where the number of processors and the number of ready threads are similar, yet scheduling events are very frequent. Fewer threads should lead to the Idle Sleep mechanism reducing contention while having many threads ready leads to optimal performance. It is difficult to evaluate the likeliness of this worst-case scenario in real workloads. I believe, frequent scheduling events suggest a more bursty'' workload where new work is finely divided among many threads which race to completion. This type of workload would only see a peek of contention close to the end of the work, but no sustained contention. Very fine-grained pipelines are less bursty'', these may lead to more sustained contention. However, they could also easily benefit from a direct hand-off strategy which would circumvent the problem entirely. \subsection{Dynamic Resizing} The \CFA runtime system currently handles dynamically adding and removing processors from clusters at any time. Since this is part of the existing design, the proposed scheduler must also support this behaviour. However, dynamicly resizing the clusters is considered a rare event associated with setup, teardown and major configuration changes. This assumptions is made both in the design of the proposed scheduler as well as in the original design of the \CFA runtime system. As such, the proposed scheduler must honor the correctness of these behaviour but does not have any performance objectives with regards to resizing a cluster. How long adding or removing processors take and how much this disrupts the performance of other threads is considered a secondary concern since it should be amortized over long period of times. This description effectively matches with te description of a Reader-Writer lock, in frequent but invasive updates among frequent (mostly) read operations. In the case of the Ready-Queue described above, read operations are operations that push or pop from the ready-queue but do not invalidate any references to the ready queue data structures. Writes on the other-hand would add or remove inner queues, invalidating references to the array of inner queues in the process. Therefore, the current proposed approach to this problem is the add a per-cluster Reader Writer lock around the ready queue to prevent restructuring of the ready-queue data structure while threads are being pushed or popped. How much scalability is actually needed is highly debatable, libfibre\cit has compared favorably to other schedulers in webserver tests\cit and uses a single atomic counter in its scheduling algorithm similarly to the proposed bitmask. As such, the single atomic instruction on a shared cacheline may be sufficiently performant. I have built a prototype of this ready-queue (including the bitmask and BMI2 usage, but not the sharded bitmask) and ran performance experiments on it but it is difficult to compare this prototype to a thread scheduler as the prototype is used as a data-queue. I have also integrated this prototype into the \CFA runtime, but have not yet created performance experiments to compare results. I believe that the bitmask approach is currently one of the larger risks of the proposal, early tests lead me to believe it may work but it is not clear that the contention problem can be overcome. The worst-case scenario is a case where the number of processors and the number of ready threads are similar, yet scheduling events are very frequent. Fewer threads should lead to the Idle Sleep mechanism discussed in Section~\ref{sec:sleep} to reduce contention while having many threads ready leads to optimal performance. It is difficult to evaluate the likeliness of this worst-case scenario in real workloads. I believe, frequent scheduling events suggest a more bursty'' workload where new work is finely divided among many threads which race to completion. This type of workload would only see a peek of contention close to the end of the work, but no sustained contention. Very fine-grained pipelines are less bursty'', these may lead to more sustained contention. However, they could also easily benefit from a direct hand-off strategy which would circumvent the problem entirely. \subsection{Dynamic Resizing} \label{sec:resize} The \CFA runtime system currently handles dynamically adding and removing processors from clusters at any time. Since this is part of the existing design, the proposed scheduler must also support this behaviour. However, dynamicly resizing the clusters is considered a rare event associated with setup, teardown and major configuration changes. This assumptions is made both in the design of the proposed scheduler as well as in the original design of the \CFA runtime system. As such, the proposed scheduler must honor the correctness of these behaviour but does not have any performance objectives with regards to resizing a cluster. How long adding or removing processors take and how much this disrupts the performance of other threads is considered a secondary concern since it should be amortized over long period of times. However, as mentionned in Section~\ref{sec:queue}, contention on the underlying queues can have a direct impact on performance, the number of underlying queues must therefore be adjusted as the number of processors grows or shrinks. Since the underlying queues are stored in a dense array, changing the number of queues requires resizing the array and therefore moving it. This can introduce memory reclamation problems if not done correctly. \begin{figure} \begin{center} %               {\resizebox{0.8\textwidth}{!}{\input{resize}}} \input{resize} \end{center} \caption{Copy of data structure shown in Figure~\ref{fig:base}. The cells of the array can be modified concurrently but resizing the array, which requires moving it, is not safe to do concurrently. This can also be true of the accompanying data structures used to find non-empty queues.} \label{fig:base2} \end{figure} It is important to note that how the array is used in this case. While the array cells are modified by every push and pop operation, the array itself, i.e., the pointer that would change when resized, is only read during these operations. Therefore the use is this pointer can be described as frequent reads and in frequent writes. This description effectively matches with the description of a Reader-Writer lock, infrequent but invasive updates among frequent read operations. In the case of the Ready-Queue described above, read operations are operations that push or pop from the ready-queue but do not invalidate any references to the ready queue data structures. Writes on the other-hand would add or remove inner queues, invalidating references to the array of inner queues in the process. Therefore, the current proposed approach to this problem is the add a per-cluster Reader Writer lock around the ready queue to prevent restructuring of the ready-queue data structure while threads are being pushed or popped. There are possible alternatives to the Reader Writer lock solution. This problem is effectively a memory reclamation problem and as such there is a large body of research on the subject. However, the RWlock solution is simple and can be leveraged to solve other problems (e.g. processor ordering and memory reclamation of threads) which makes it an attractive solution. \paragraph{Objectives and Existing Work} The lock must offer scalability and performance on par with the actual ready-queue in order not to introduce a new bottle neck. I have already built a lock that fits the desired requirements and preliminary testing show scalability and performance that exceed the target. As such, I do not consider this lock to be a risk on this project. \subsection{Idle Sleep} \label{sleep} As mentionned above, idle sleep is the process of putting processors to sleep while they do not have threads to execute. In this context processors are kernel-threads and sleeping refers to asking the kernel to block a thread. This can be achieved with either thread synchronization operations like pthread\_cond\_wait or using signal operations like sigsuspend. The lock must offer scalability and performance on par with the actual ready-queue in order not to introduce a new bottleneck. I have already built a lock that fits the desired requirements and preliminary testing show scalability and performance that exceed the target. As such, I do not consider this lock to be a risk on this project. \subsection{Idle Sleep} \label{sec:sleep} As mentionned above, idle sleep is the process of putting processors to sleep while they do not have threads to execute. In this context, processors are kernel-threads and sleeping refers to asking the kernel to block a thread. This can be achieved with either thread synchronization operations like pthread\_cond\_wait or using signal operations like sigsuspend. The goal of putting idle processors to sleep is two-fold, it reduces energy consumption in cases where more idle kernel-threads translate to idle hardware threads, and reduces contention on the ready queue, since the otherwise idle processors generally contend trying to pop items from the queue. Since energy efficiency is a growing concern in many industry sectors\cit, there is not real need to solve the contention problem without using idle sleep. Support for idle sleep broadly involves calling the operating system to block the kernel thread but also handling the race between the sleeping and the waking up, and handling which kernel thread should sleep or wake-up. When a processor decides to sleep, there is a race that occurs between it signalling that it will go to sleep (so other processors can find sleeping processors) and actually blocking the kernel thread. This is equivalent to the classic problem of missing signals when using condition variables, the sleepy'' processor indicates that it will sleep but has not yet gone to sleep, if another processor attempts to wake it up, the waking-up operation may claim nothing needs to be done and the signal will have been missed. In cases where threads are scheduled from processors on the current cluster, loosing signals is not necessarily critical, because at least some processors on the cluster are awake. Individual processors always finish shceduling threads before looking for new work, which means that the last processor to go to sleep cannot miss threads scheduled from inside the cluster (if they do, that demonstrates the ready-queue is not linearizable). However, this guarantee does not hold if threads are shceduled from outside the cluster, either due to an external event like timers and I/O, or due to a thread migrating from a different cluster. In this case, missed signals can lead to the cluster deadlocking where it should not\footnote{Clusters should'' never deadlock, but for this proposal, cases where \CFA users \emph{actually} wrote \CFA code that leads to a deadlock it is considered as a deadlock that should'' happen. }. Therefore, it is important that the scheduling of threads include a mechanism where signals \emph{cannot} be missed. For performance reasons, it can be advantageous to have a secondary mechanism that allows signals to be missed in cases where it cannot lead to a deadlock. To be safe, this process must include a handshake'' where it is guaranteed that either~: the sleepy processor notices that a thread was scheduled after it signalled its intent to block or code scheduling threads well see the intent to sleep before scheduling and be able to wake-up the processor. This matter is complicated by the fact that pthread offers few tools to implement this solution and offers no guarantee of ordering of threads waking up for most of these tools. Another issues is trying to avoid kernel sleeping and waking frequently. A possible partial solution is to order the processors so that the one which most recently went to sleep is woken up. This allows other sleeping processors to reach deeper sleep state (when these are available) while keeping hot'' processors warmer. Note that while this generally means organising the processors in a stack, I believe that the unique index provided by the ReaderWriter lock can be reused to strictly order the waking order of processors, causing a LIFO like waking order. While a strict LIFO stack is probably better, using the processor index could proove useful and offer a sufficiently LIFO ordering. When a processor decides to sleep, there is a race that occurs between it signalling that it will go to sleep (so other processors can find sleeping processors) and actually blocking the kernel thread. This is equivalent to the classic problem of missing signals when using condition variables, the sleepy'' processor indicates that it will sleep but has not yet gone to sleep, if another processor attempts to wake it up, the waking-up operation may claim nothing needs to be done and the signal will have been missed. In cases where threads are scheduled from processors on the current cluster, loosing signals is not necessarily critical, because at least some processors on the cluster are awake. Individual processors always finish scheduling threads before looking for new work, which means that the last processor to go to sleep cannot miss threads scheduled from inside the cluster (if they do, that demonstrates the ready-queue is not linearizable). However, this guarantee does not hold if threads are scheduled from outside the cluster, either due to an external event like timers and I/O, or due to a thread migrating from a different cluster. In this case, missed signals can lead to the cluster deadlocking where it should not\footnote{Clusters should'' never deadlock, but for this proposal, cases where \CFA users \emph{actually} wrote \CFA code that leads to a deadlock it is considered as a deadlock that should'' happen. }. Therefore, it is important that the scheduling of threads include a mechanism where signals \emph{cannot} be missed. For performance reasons, it can be advantageous to have a secondary mechanism that allows signals to be missed in cases where it cannot lead to a deadlock. To be safe, this process must include a handshake'' where it is guaranteed that either~: the sleepy processor notices that a thread was scheduled after it signalled its intent to block or code scheduling threads sees the intent to sleep before scheduling and be able to wake-up the processor. This matter is complicated by the fact that pthread offers few tools to implement this solution and offers no guarantee of ordering of threads waking up for most of these tools. Another issues is trying to avoid kernel sleeping and waking frequently. A possible partial solution is to order the processors so that the one which most recently went to sleep is woken up. This allows other sleeping processors to reach deeper sleep state (when these are available) while keeping hot'' processors warmer. Note that while this generally means organising the processors in a stack, I believe that the unique index provided by the ReaderWriter lock can be reused to strictly order the waking order of processors, causing a LIFO like waking order. While a strict LIFO stack is probably better, using the processor index could prove useful and offer a sufficiently LIFO ordering. Finally, another important aspect of Idle Sleep is when should processors make the decision to sleep and when it is appropriate for sleeping processors to be woken up. Processors that are unnecessarily awake lead to unnecessary contention and power consumption, while too many sleeping processors can lead to sub-optimal throughput. Furthermore, transitions from sleeping to awake and vice-versa also add unnecessary latency. There is already a wealth of research on the subject and I do not plan to implement a novel idea for the Idle Sleep heuristic in this project. \paragraph{OS Abstraction} One of the fundamental part of this converting blocking I/O operations into non-blocking ones. This relies on having an underlying asynchronous I/O interface to which to direct the I/O operations. While there exists many different APIs for asynchronous I/O, it is not part of this proposal to create a novel API, simply to use an existing one that is sufficient. uC++ uses the \texttt{select} as its interface, which handles pipes and sockets. It entails significant complexity and has performances problems which make it a less interesting alternative. Another interface which is becoming popular recently\cit is \texttt{epoll}. However, epoll also does not handle file system and seems to have problem to linux pipes and \texttt{TTY}s\cit. A very recent alternative that must still be investigated is \texttt{io\_uring}. It claims to address some of the issues with \texttt{epoll} but is too recent to be confident that it does. Finally, a popular cross-platform alternative is \texttt{libuv}, which offers asynchronous sockets and asynchronous file system operations (among other features). However, as a full-featured library it includes much more than what is needed and could conflict with other features of \CFA unless significant efforts are made to merge them together. One of the fundamental part of converting blocking I/O operations into non-blocking ones is having an underlying asynchronous I/O interface to direct the I/O operations. While there exists many different APIs for asynchronous I/O, it is not part of this proposal to create a novel API, simply to use an existing one that is sufficient. uC++ uses the \texttt{select} as its interface, which handles ttys, pipes and sockets, but not disk. It entails significant complexity and is being replaced which make it a less interesting alternative. Another interface which is becoming popular recently\cit is \texttt{epoll}, which is supposed to be cheaper than \texttt{select}. However, epoll also does not handle file system and seems to have problem to linux pipes and \texttt{TTY}s\cit. A very recent alternative that must still be investigated is \texttt{io\_uring}. It claims to address some of the issues with \texttt{epoll} but is too recent to be confident that it does. Finally, a popular cross-platform alternative is \texttt{libuv}, which offers asynchronous sockets and asynchronous file system operations (among other features). However, as a full-featured library it includes much more than what is needed and could conflict with other features of \CFA unless significant efforts are made to merge them together. \paragraph{Event-Engine} \paragraph{Interface} Finally, for these components to be available, it is necessary to expose them through a synchronous interface. This can be a novel interface but it is preferrable to attempt to intercept the existing POSIX interface in order to be compatible with existing code. This will allow C programs written using this interface to be transparently converted to \CFA with minimal effeort. Where this is not applicable, a novel interface will be created to fill the gaps. Finally, for these components to be available, it is necessary to expose them through a synchronous interface. This can be a novel interface but it is preferrable to attempt to intercept the existing POSIX interface in order to be compatible with existing code. This allows C programs written using this interface to be transparently converted to \CFA with minimal effeort. Where this is not applicable, a novel interface will be created to fill the gaps. \section{Timeline} \cleardoublepage % B I B L I O G R A P H Y % ----------------------------- \addcontentsline{toc}{chapter}{Bibliography} \cleardoublepage \phantomsection         % allows hyperref to link to the correct page \addcontentsline{toc}{section}{\refname} \bibliographystyle{plain} \bibliography{pl,local} % G L O S S A R Y % ----------------------------- \cleardoublepage \phantomsection         % allows hyperref to link to the correct page % G L O S S A R Y % ----------------------------- \addcontentsline{toc}{chapter}{Glossary} \addcontentsline{toc}{section}{Glossary} \printglossary \cleardoublepage \phantomsection         % allows hyperref to link to the correct page \end{document}
• ## doc/user/user.tex

 re6cfa8ff %% Created On       : Wed Apr  6 14:53:29 2016 %% Last Modified By : Peter A. Buhr %% Last Modified On : Sat Jul 13 18:36:18 2019 %% Update Count     : 3876 %% Last Modified On : Fri Mar  6 13:34:52 2020 %% Update Count     : 3924 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Even with all its problems, C continues to be popular because it allows writing software at virtually any level in a computer system without restriction. For system programming, where direct access to hardware, storage management, and real-time issues are a requirement, C is usually the only language of choice. The TIOBE index~\cite{TIOBE} for July 2018 ranks the top five most \emph{popular} programming languages as \Index*{Java} 16\%, C 14\%, \Index*[C++]{\CC{}} 7.5\%, Python 6\%, Visual Basic 4\% = 47.5\%, where the next 50 languages are less than 4\% each, with a long tail. The top 3 rankings over the past 30 years are: The TIOBE index~\cite{TIOBE} for February 2020 ranks the top six most \emph{popular} programming languages as \Index*{Java} 17.4\%, C 16.8\%, Python 9.3\%, \Index*[C++]{\CC{}} 6.2\%, \Csharp 5.9\%, Visual Basic 5.9\% = 61.5\%, where the next 50 languages are less than 2\% each, with a long tail. The top 4 rankings over the past 35 years are: \begin{center} \setlength{\tabcolsep}{10pt} \begin{tabular}{@{}rccccccc@{}} & 2018  & 2013  & 2008  & 2003  & 1998  & 1993  & 1988  \\ \hline Java    & 1             & 2             & 1             & 1             & 16    & -             & -             \\ \R{C}   & \R{2} & \R{1} & \R{2} & \R{2} & \R{1} & \R{1} & \R{1} \\ \CC             & 3             & 4             & 3             & 3             & 2             & 2             & 5             \\ \begin{tabular}{@{}rcccccccc@{}} & 2020  & 2015  & 2010  & 2005  & 2000  & 1995  & 1990  & 1985  \\ \hline Java    & 1             & 2             & 1             & 2             & 3             & -             & -             & -             \\ \R{C}   & \R{2} & \R{1} & \R{2} & \R{1} & \R{1} & \R{2} & \R{1} & \R{1} \\ Python  & 3             & 7             & 6             & 6             & 22    & 21    & -             & -             \\ \CC             & 4             & 4             & 4             & 3             & 2             & 1             & 2             & 12    \\ \end{tabular} \end{center} Keyword clashes are accommodated by syntactic transformations using the \CFA backquote escape-mechanism: \begin{cfa} int ®®otype®® = 3; §\C{// make keyword an identifier}§ double ®®forall®® = 3.5; int ®®otype = 3; §\C{// make keyword an identifier}§ double ®®forall = 3.5; \end{cfa} // include file uses the CFA keyword "with". #if ! defined( with ) §\C{// nesting ?}§ #define with ®®with®® §\C{// make keyword an identifier}§ #define with ®®with §\C{// make keyword an identifier}§ #define __CFA_BFD_H__ #endif ®#include_next §\C{// must have internal check for multiple expansion}§ ® §{\color{red}\#\textbf{include\_next} }§ §\C{// must have internal check for multiple expansion}§ #if defined( with ) && defined( __CFA_BFD_H__ ) §\C{// reset only if set}§ #undef with \section{Exponentiation Operator} C, \CC, and Java (and many other programming languages) have no exponentiation operator\index{exponentiation!operator}\index{operator!exponentiation}, \ie $x^y$, and instead use a routine, like \Indexc{pow}, to perform the exponentiation operation. \CFA extends the basic operators with the exponentiation operator ©?\?©\index{?\\?@©?\?©} and ©?\=?©\index{?\\=?@©\=?©}, as in, ©x \ y© and ©x \= y©, which means $x^y$ and $x \leftarrow x^y$. C, \CC, and Java (and many other programming languages) have no exponentiation operator\index{exponentiation!operator}\index{operator!exponentiation}, \ie $x^y$, and instead use a routine, like \Indexc{pow(x,y)}, to perform the exponentiation operation. \CFA extends the basic operators with the exponentiation operator ©?®\®?©\index{?\\?@©?®\®?©} and ©?\=?©\index{?\\=?@©®\®=?©}, as in, ©x ®\® y© and ©x ®\®= y©, which means $x^y$ and $x \leftarrow x^y$. The priority of the exponentiation operator is between the cast and multiplicative operators, so that ©w * (int)x \ (int)y * z© is parenthesized as ©((w * (((int)x) \ ((int)y))) * z)©. As for \Index{division}, there are exponentiation operators for integral and floating types, including the builtin \Index{complex} types. There are exponentiation operators for integral and floating types, including the builtin \Index{complex} types. Integral exponentiation\index{exponentiation!unsigned integral} is performed with repeated multiplication\footnote{The multiplication computation is $O(\log y)$.} (or shifting if the exponent is 2). Overflow from large exponents or negative exponents return zero. Overflow for a large exponent or negative exponent returns zero. Floating exponentiation\index{exponentiation!floating} is performed using \Index{logarithm}s\index{exponentiation!logarithm}, so the exponent cannot be negative. \begin{cfa} 1 1 256 -64 125 ®0® 3273344365508751233 ®0® ®0® -0.015625 18.3791736799526 0.264715-1.1922i \end{cfa} Note, ©5 ®\® 32© and ©5L ®\® 64© overflow, and ©-4 ®\® -3© is a fraction but stored in an integer so all three computations generate an integral zero. Note, ©5 \ 32© and ©5L \ 64© overflow, and ©-4 \ -3© is a fraction but stored in an integer so all three computations generate an integral zero. Parenthesis are necessary for complex constants or the expression is parsed as ©1.0f+®(®2.0fi \ 3.0f®)®+2.0fi©. The exponentiation operator is available for all the basic types, but for user-defined types, only the integral-computation version is available. OT ?®\®?( OT ep, unsigned long int y ); \end{cfa} The user type ©T© must define multiplication, one, ©1©, and, ©*©. The user type ©T© must define multiplication, one (©1©), and ©*©. \subsection{Loop Control} The ©for©/©while©/©do-while© loop-control allows empty or simplified ranges (see Figure~\ref{f:LoopControlExamples}). \begin{itemize} \item An empty conditional implies ©1©. \item The up-to range ©~©\index{~@©~©} means exclusive range [M,N). \item The up-to range ©~=©\index{~=@©~=©} means inclusive range [M,N]. \item The down-to range ©-~©\index{-~@©-~©} means exclusive range [N,M). \item The down-to range ©-~=©\index{-~=@©-~=©} means inclusive range [N,M]. \item ©@© means put nothing in this field. \item ©0© is the implicit start value; \item ©1© is the implicit increment value. \item The up-to range uses ©+=© for increment; \item The down-to range uses ©-=© for decrement. \item The loop index is polymorphic in the type of the start value or comparison value when start is implicitly ©0©. \end{itemize} \begin{figure} %\section{\texorpdfstring{\protect\lstinline@case@ Clause}{case Clause}} \subsection{\texorpdfstring{\LstKeywordStyle{case} Clause}{case Clause}} C restricts the ©case© clause of a ©switch© statement to a single value. For multiple ©case© clauses associated with the same statement, it is necessary to have multiple ©case© clauses rather than multiple values. Requiring a ©case© clause for each value does not seem to be in the spirit of brevity normally associated with C. Therefore, the ©case© clause is extended with a list of values, as in: \begin{cquote} \begin{tabular}{@{}l|l@{}} \multicolumn{1}{c|}{loop control} & \multicolumn{1}{c}{output} \\ \hline \begin{cfa} sout | nlOff; while ®()® { sout | "empty"; break; } sout | nl; do { sout | "empty"; break; } while ®()®; sout | nl; for ®()® { sout | "empty"; break; } sout | nl; for ( ®0® ) { sout | "A"; } sout | "zero" | nl; for ( ®1® ) { sout | "A"; } sout | nl; for ( ®10® ) { sout | "A"; } sout | nl; for ( ®1 ~= 10 ~ 2® ) { sout | "B"; } sout | nl; for ( ®10 -~= 1 ~ 2® ) { sout | "C"; } sout | nl; for ( ®0.5 ~ 5.5® ) { sout | "D"; } sout | nl; for ( ®5.5 -~ 0.5® ) { sout | "E"; } sout | nl; for ( ®i; 10® ) { sout | i; } sout | nl; for ( ®i; 1 ~= 10 ~ 2® ) { sout | i; } sout | nl; for ( ®i; 10 -~= 1 ~ 2® ) { sout | i; } sout | nl; for ( ®i; 0.5 ~ 5.5® ) { sout | i; } sout | nl; for ( ®i; 5.5 -~ 0.5® ) { sout | i; } sout | nl; for ( ®ui; 2u ~= 10u ~ 2u® ) { sout | ui; } sout | nl; for ( ®ui; 10u -~= 2u ~ 2u® ) { sout | ui; } sout | nl; enum { N = 10 }; for ( ®N® ) { sout | "N"; } sout | nl; for ( ®i; N® ) { sout | i; } sout | nl; for ( ®i; N -~ 0® ) { sout | i; } sout | nl; const int start = 3, comp = 10, inc = 2; for ( ®i; start ~ comp ~ inc + 1® ) { sout | i; } sout | nl; for ( ®i; 1 ~ @® ) { if ( i > 10 ) break; sout | i; } sout | nl; for ( ®i; 10 -~ @® ) { if ( i < 0 ) break; sout | i; } sout | nl; for ( ®i; 2 ~ @ ~ 2® ) { if ( i > 10 ) break; sout | i; } sout | nl; for ( ®i; 2.1 ~ @ ~ @® ) { if ( i > 10.5 ) break; sout | i; i += 1.7; } sout | nl; for ( ®i; 10 -~ @ ~ 2® ) { if ( i < 0 ) break; sout | i; } sout | nl; for ( ®i; 12.1 ~ @ ~ @® ) { if ( i < 2.5 ) break; sout | i; i -= 1.7; } sout | nl; for ( ®i; 5 : j; -5 ~ @® ) { sout | i | j; } sout | nl; for ( ®i; 5 : j; -5 -~ @® ) { sout | i | j; } sout | nl; for ( ®i; 5 : j; -5 ~ @ ~ 2® ) { sout | i | j; } sout | nl; for ( ®i; 5 : j; -5 -~ @ ~ 2® ) { sout | i | j; } sout | nl; for ( ®j; -5 ~ @ : i; 5® ) { sout | i | j; } sout | nl; for ( ®j; -5 -~ @ : i; 5® ) { sout | i | j; } sout | nl; for ( ®j; -5 ~ @ ~ 2 : i; 5® ) { sout | i | j; } sout | nl; for ( ®j; -5 -~ @ ~ 2 : i; 5® ) { sout | i | j; } sout | nl; for ( ®j; -5 -~ @ ~ 2 : i; 5 : k; 1.5 ~ @® ) { sout | i | j | k; } sout | nl; for ( ®j; -5 -~ @ ~ 2 : k; 1.5 ~ @ : i; 5® ) { sout | i | j | k; } sout | nl; for ( ®k; 1.5 ~ @ : j; -5 -~ @ ~ 2 : i; 5® ) { sout | i | j | k; } sout | nl; \begin{tabular}{@{}l@{\hspace{3em}}l@{\hspace{2em}}l@{}} \multicolumn{1}{c@{\hspace{3em}}}{\textbf{\CFA}}        & \multicolumn{1}{c@{\hspace{2em}}}{\textbf{C}} \\ \begin{cfa} switch ( i ) { case ®1, 3, 5®: ... case ®2, 4, 6®: ... } \end{cfa} & \begin{cfa} empty empty empty zero A A A A A A A A A A A B B B B B C C C C C D D D D D E E E E E 0 1 2 3 4 5 6 7 8 9 1 3 5 7 9 10 8 6 4 2 0.5 1.5 2.5 3.5 4.5 5.5 4.5 3.5 2.5 1.5 2 4 6 8 10 10 8 6 4 2 N N N N N N N N N N 0 1 2 3 4 5 6 7 8 9 10 9 8 7 6 5 4 3 2 1 3 6 9 1 2 3 4 5 6 7 8 9 10 10 9 8 7 6 5 4 3 2 1 0 2 4 6 8 10 2.1 3.8 5.5 7.2 8.9 10 8 6 4 2 0 12.1 10.4 8.7 7 5.3 3.6 0 -5 1 -4 2 -3 3 -2 4 -1 0 -5 1 -6 2 -7 3 -8 4 -9 0 -5 1 -3 2 -1 3 1 4 3 0 -5 1 -7 2 -9 3 -11 4 -13 0 -5 1 -4 2 -3 3 -2 4 -1 0 -5 1 -6 2 -7 3 -8 4 -9 0 -5 1 -3 2 -1 3 1 4 3 0 -5 1 -7 2 -9 3 -11 4 -13 0 -5 1.5 1 -7 2.5 2 -9 3.5 3 -11 4.5 4 -13 5.5 0 -5 1.5 1 -7 2.5 2 -9 3.5 3 -11 4.5 4 -13 5.5 0 -5 1.5 1 -7 2.5 2 -9 3.5 3 -11 4.5 4 -13 5.5 switch ( i ) { case 1: case 3 : case 5: ... case 2: case 4 : case 6: ... } \end{cfa} & \begin{cfa} // odd values // even values \end{cfa} \end{tabular} \end{cquote} \caption{Loop Control Examples} \label{f:LoopControlExamples} \end{figure} In addition, subranges are allowed to specify case values.\footnote{ gcc has the same mechanism but awkward syntax, \lstinline@2 ...42@, because a space is required after a number, otherwise the period is a decimal point.} \begin{cfa} switch ( i ) { case ®1~5:® §\C{// 1, 2, 3, 4, 5}§ ... case ®10~15:® §\C{// 10, 11, 12, 13, 14, 15}§ ... } \end{cfa} Lists of subranges are also allowed. \begin{cfa} case ®1~5, 12~21, 35~42®: \end{cfa} %\section{\texorpdfstring{\protect\lstinline@case@ Clause}{case Clause}} \subsection{\texorpdfstring{\LstKeywordStyle{case} Statement}{case Statement}} C restricts the ©case© clause of a ©switch© statement to a single value. For multiple ©case© clauses associated with the same statement, it is necessary to have multiple ©case© clauses rather than multiple values. Requiring a ©case© clause for each value does not seem to be in the spirit of brevity normally associated with C. Therefore, the ©case© clause is extended with a list of values, as in: \begin{cquote} \begin{tabular}{@{}l@{\hspace{3em}}l@{\hspace{2em}}l@{}} \multicolumn{1}{c@{\hspace{3em}}}{\textbf{\CFA}}        & \multicolumn{1}{c@{\hspace{2em}}}{\textbf{C}} \\ \begin{cfa} switch ( i ) { case ®1, 3, 5®: \subsection{Non-terminating and Labelled \texorpdfstring{\LstKeywordStyle{fallthrough}}{Non-terminating and Labelled fallthrough}} The ©fallthrough© clause may be non-terminating within a ©case© clause or have a target label to common code from multiple case clauses. \begin{center} \begin{tabular}{@{}lll@{}} \begin{cfa} choose ( ... ) { case 3: if ( ... ) { ... ®fallthru;® // goto case 4 } else { ... } // implicit break case 4: \end{cfa} & \begin{cfa} choose ( ... ) { case 3: ... ®fallthrough common;® case 4: ... ®fallthrough common;® ®common:® // below fallthrough // at case-clause level ...     // common code for cases 3/4 // implicit break case 4: \end{cfa} & \begin{cfa} choose ( ... ) { case 3: choose ( ... ) { case 4: for ( ... ) { // multi-level transfer ... ®fallthru common;® } ... } ... case ®2, 4, 6®: ... } ®common:® // below fallthrough // at case-clause level \end{cfa} \end{tabular} \end{center} The target label must be below the ©fallthrough© and may not be nested in a control structure, and the target label must be at the same or higher level as the containing ©case© clause and located at the same level as a ©case© clause; the target label may be case ©default©, but only associated with the current ©switch©/©choose© statement. \subsection{Loop Control} The ©for©/©while©/©do-while© loop-control allows empty or simplified ranges (see Figure~\ref{f:LoopControlExamples}). \begin{itemize} \item The loop index is polymorphic in the type of the comparison value N (when the start value is implicit) or the start value M. \item An empty conditional implies comparison value of ©1© (true). \item A comparison N is implicit up-to exclusive range [0,N©®)®©. \item A comparison ©=© N is implicit up-to inclusive range [0,N©®]®©. \item The up-to range M ©~©\index{~@©~©} N means exclusive range [M,N©®)®©. \item The up-to range M ©~=©\index{~=@©~=©} N means inclusive range [M,N©®]®©. \item The down-to range M ©-~©\index{-~@©-~©} N means exclusive range [N,M©®)®©. \item The down-to range M ©-~=©\index{-~=@©-~=©} N means inclusive range [N,M©®]®©. \item ©0© is the implicit start value; \item ©1© is the implicit increment value. \item The up-to range uses operator ©+=© for increment; \item The down-to range uses operator ©-=© for decrement. \item ©@© means put nothing in this field. \item ©:© means start another index. \end{itemize} \begin{figure} \begin{tabular}{@{}l|l@{}} \multicolumn{1}{c|}{loop control} & \multicolumn{1}{c}{output} \\ \hline \begin{cfa}[xleftmargin=0pt] while ®()® { sout | "empty"; break; } do { sout | "empty"; break; } while ®()®; for ®()® { sout | "empty"; break; } for ( ®0® ) { sout | "A"; } sout | "zero"; for ( ®1® ) { sout | "A"; } for ( ®10® ) { sout | "A"; } for ( ®= 10® ) { sout | "A"; } for ( ®1 ~= 10 ~ 2® ) { sout | "B"; } for ( ®10 -~= 1 ~ 2® ) { sout | "C"; } for ( ®0.5 ~ 5.5® ) { sout | "D"; } for ( ®5.5 -~ 0.5® ) { sout | "E"; } for ( ®i; 10® ) { sout | i; } for ( ®i; = 10® ) { sout | i; } for ( ®i; 1 ~= 10 ~ 2® ) { sout | i; } for ( ®i; 10 -~= 1 ~ 2® ) { sout | i; } for ( ®i; 0.5 ~ 5.5® ) { sout | i; } for ( ®i; 5.5 -~ 0.5® ) { sout | i; } for ( ®ui; 2u ~= 10u ~ 2u® ) { sout | ui; } for ( ®ui; 10u -~= 2u ~ 2u® ) { sout | ui; } enum { N = 10 }; for ( ®N® ) { sout | "N"; } for ( ®i; N® ) { sout | i; } for ( ®i; N -~ 0® ) { sout | i; } const int start = 3, comp = 10, inc = 2; for ( ®i; start ~ comp ~ inc + 1® ) { sout | i; } for ( i; 1 ~ ®@® ) { if ( i > 10 ) break; sout | i; } for ( i; 10 -~ ®@® ) { if ( i < 0 ) break; sout | i; } for ( i; 2 ~ ®@® ~ 2 ) { if ( i > 10 ) break; sout | i; } for ( i; 2.1 ~ ®@® ~ ®@® ) { if ( i > 10.5 ) break; sout | i; i += 1.7; } for ( i; 10 -~ ®@® ~ 2 ) { if ( i < 0 ) break; sout | i; } for ( i; 12.1 ~ ®@® ~ ®@® ) { if ( i < 2.5 ) break; sout | i; i -= 1.7; } for ( i; 5 ®:® j; -5 ~ @ ) { sout | i | j; } for ( i; 5 ®:® j; -5 -~ @ ) { sout | i | j; } for ( i; 5 ®:® j; -5 ~ @ ~ 2 ) { sout | i | j; } for ( i; 5 ®:® j; -5 -~ @ ~ 2 ) { sout | i | j; } for ( i; 5 ®:® j; -5 ~ @ ) { sout | i | j; } for ( i; 5 ®:® j; -5 -~ @ ) { sout | i | j; } for ( i; 5 ®:® j; -5 ~ @ ~ 2 ) { sout | i | j; } for ( i; 5 ®:® j; -5 -~ @ ~ 2 ) { sout | i | j; } for ( i; 5 ®:® j; -5 -~ @ ~ 2 ®:® k; 1.5 ~ @ ) { sout | i | j | k; } for ( i; 5 ®:® j; -5 -~ @ ~ 2 ®:® k; 1.5 ~ @ ) { sout | i | j | k; } for ( i; 5 ®:® k; 1.5 ~ @ ®:® j; -5 -~ @ ~ 2 ) { sout | i | j | k; } \end{cfa} & \begin{cfa} switch ( i ) { case 1: case 3 : case 5: ... case 2: case 4 : case 6: ... } \end{cfa} & \begin{cfa} // odd values // even values empty empty empty zero A A A A A A A A A A A A A A A A A A A A A A B B B B B C C C C C D D D D D E E E E E 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 10 1 3 5 7 9 10 8 6 4 2 0.5 1.5 2.5 3.5 4.5 5.5 4.5 3.5 2.5 1.5 2 4 6 8 10 10 8 6 4 2 N N N N N N N N N N 0 1 2 3 4 5 6 7 8 9 10 9 8 7 6 5 4 3 2 1 3 6 9 1 2 3 4 5 6 7 8 9 10 10 9 8 7 6 5 4 3 2 1 0 2 4 6 8 10 2.1 3.8 5.5 7.2 8.9 10 8 6 4 2 0 12.1 10.4 8.7 7. 5.3 3.6 0 -5 1 -4 2 -3 3 -2 4 -1 0 -5 1 -6 2 -7 3 -8 4 -9 0 -5 1 -3 2 -1 3 1 4 3 0 -5 1 -7 2 -9 3 -11 4 -13 0 -5 1 -4 2 -3 3 -2 4 -1 0 -5 1 -6 2 -7 3 -8 4 -9 0 -5 1 -3 2 -1 3 1 4 3 0 -5 1 -7 2 -9 3 -11 4 -13 0 -5 1.5 1 -7 2.5 2 -9 3.5 3 -11 4.5 4 -13 5.5 0 -5 1.5 1 -7 2.5 2 -9 3.5 3 -11 4.5 4 -13 5.5 0 -5 1.5 1 -7 2.5 2 -9 3.5 3 -11 4.5 4 -13 5.5 \end{cfa} \end{tabular} \end{cquote} In addition, subranges are allowed to specify case values.\footnote{ gcc has the same mechanism but awkward syntax, \lstinline@2 ...42@, because a space is required after a number, otherwise the period is a decimal point.} \begin{cfa} switch ( i ) { case ®1~5:® §\C{// 1, 2, 3, 4, 5}§ ... case ®10~15:® §\C{// 10, 11, 12, 13, 14, 15}§ ... } \end{cfa} Lists of subranges are also allowed. \begin{cfa} case ®1~5, 12~21, 35~42®: \end{cfa} \caption{Loop Control Examples} \label{f:LoopControlExamples} \end{figure} % for ()  => for ( ;; ) hence, names in these include files are not mangled\index{mangling!name} (see~\VRef{s:Interoperability}). All other C header files must be explicitly wrapped in ©extern "C"© to prevent name mangling. For \Index*[C++]{\CC{}}, the name-mangling issue is often handled internally in many C header-files through checks for preprocessor variable ©__cplusplus©, which adds appropriate ©extern "C"© qualifiers. This approach is different from \Index*[C++]{\CC{}} where the name-mangling issue is handled internally in C header-files through checks for preprocessor variable ©__cplusplus©, which adds appropriate ©extern "C"© qualifiers. The storage-management routines extend their C equivalents by overloading, alternate names, providing shallow type-safety, and removing the need to specify the allocation size for non-array types. Storage management provides the following capabilities: C storage management provides the following capabilities: \begin{description} \item[fill] after allocation the storage is filled with a specified character. \item[filled] after allocation with a specified character or value. \item[resize] an existing allocation is decreased or increased in size. In either case, new storage may or may not be allocated and, if there is a new allocation, as much data from the existing allocation is copied. an existing allocation to decreased or increased its size. In either case, new storage may or may not be allocated and, if there is a new allocation, as much data from the existing allocation is copied into the new allocation. For an increase in storage size, new storage after the copied data may be filled. \item[alignment] an allocation starts on a specified memory boundary, \eg, an address multiple of 64 or 128 for cache-line purposes. \item[align] an allocation on a specified memory boundary, \eg, an address multiple of 64 or 128 for cache-line purposes. \item[array] the allocation size is scaled to the specified number of array elements. An array may be filled, resized, or aligned. \end{description} The table shows allocation routines supporting different combinations of storage-management capabilities: \begin{center} \begin{tabular}{@{}r|r|l|l|l|l@{}} \VRef[Table]{t:AllocationVersusCapabilities} shows allocation routines supporting different combinations of storage-management capabilities. \begin{table} \centering \begin{minipage}{0.75\textwidth} \begin{tabular}{@{}r|l|l|l|l|l@{}} \multicolumn{1}{c}{}&           & \multicolumn{1}{c|}{fill}     & resize        & alignment     & array \\ \hline C               & ©malloc©                      & no                    & no            & no            & no    \\ & ©calloc©                      & yes (0 only)  & no            & no            & yes   \\ & ©realloc©                     & no/copy               & yes           & no            & no    \\ & ©realloc©                     & copy                  & yes           & no            & no    \\ & ©memalign©            & no                    & no            & yes           & no    \\ & ©aligned_alloc©\footnote{Same as ©memalign© but size is an integral multiple of alignment, which is universally ignored.} & no                    & no            & yes           & no    \\ & ©posix_memalign©      & no                    & no            & yes           & no    \\ & ©valloc©                      & no                    & no            & yes (page size)& no   \\ & ©pvalloc©\footnote{Same as ©valloc© but rounds size to multiple of page size.} & no                    & no            & yes (page size)& no   \\ \hline C11             & ©aligned_alloc©       & no                    & no            & yes           & no    \\ \hline \CFA    & ©alloc©                       & no/copy/yes   & no/yes        & no            & yes   \\ & ©align_alloc©         & no/yes                & no            & yes           & yes   \\ \CFA    & ©cmemalign©           & yes (0 only)  & no            & yes           & yes   \\ & ©realloc©                     & copy                  & yes           & yes           & no    \\ & ©alloc©                       & no                    & yes           & no            & yes   \\ & ©alloc_set©           & yes                   & yes           & no            & yes   \\ & ©alloc_align©         & no                    & yes           & yes           & yes   \\ & ©alloc_align_set©     & yes                   & yes           & yes           & yes   \\ \end{tabular} \end{center} It is impossible to resize with alignment because the underlying ©realloc© allocates storage if more space is needed, and it does not honour alignment from the original allocation. \end{minipage} \caption{Allocation Routines versus Storage-Management Capabilities} \label{t:AllocationVersusCapabilities} \end{table} \CFA memory management extends the type safety of all allocations by using the type of the left-hand-side type to determine the allocation size and return a matching type for the new storage. Type-safe allocation is provided for all C allocation routines and new \CFA allocation routines, \eg in \begin{cfa} int * ip = (int *)malloc( sizeof(int) );                §\C{// C}§ int * ip = malloc();                                                    §\C{// \CFA type-safe version of C malloc}§ int * ip = alloc();                                                             §\C{// \CFA type-safe uniform alloc}§ \end{cfa} the latter two allocations determine the allocation size from the type of ©p© (©int©) and cast the pointer to the allocated storage to ©int *©. \CFA memory management extends allocation safety by implicitly honouring all alignment requirements, \eg in \begin{cfa} struct S { int i; } __attribute__(( aligned( 128 ) )); // cache-line alignment S * sp = malloc();                                                              §\C{// honour type alignment}§ \end{cfa} the storage allocation is implicitly aligned to 128 rather than the default 16. The alignment check is performed at compile time so there is no runtime cost. \CFA memory management extends the resize capability with the notion of \newterm{sticky properties}. Hence, initial allocation capabilities are remembered and maintained when resize requires copying. For example, an initial alignment and fill capability are preserved during a resize copy so the copy has the same alignment and extended storage is filled. Without sticky properties it is dangerous to use ©realloc©, resulting in an idiom of manually performing the reallocation to maintain correctness. \CFA memory management extends allocation to support constructors for initialization of allocated storage, \eg in \begin{cfa} struct S { int i; };                                                    §\C{// cache-line aglinment}§ void ?{}( S & s, int i ) { s.i = i; } // assume ?|? operator for printing an S S & sp = *®new®( 3 );                                                   §\C{// call constructor after allocation}§ sout | sp.i; ®delete®( &sp ); S * spa = ®anew®( 10, 5 );                                              §\C{// allocate array and initialize each array element}§ for ( i; 10 ) sout | spa[i] | nonl; sout | nl; ®adelete®( 10, spa ); \end{cfa} Allocation routines ©new©/©anew© allocate a variable/array and initialize storage using the allocated type's constructor. Note, the matching deallocation routines ©delete©/©adelete©. \leavevmode \begin{cfa}[aboveskip=0pt,belowskip=0pt] // C unsafe allocation extern "C" { void * malloc( size_t size );§\indexc{memset}§ void * calloc( size_t dim, size_t size );§\indexc{calloc}§ void * realloc( void * ptr, size_t size );§\indexc{realloc}§ void * memalign( size_t align, size_t size );§\indexc{memalign}§ int posix_memalign( void ** ptr, size_t align, size_t size );§\indexc{posix_memalign}§ // C unsafe initialization/copy void * memset( void * dest, int c, size_t size ); void * memcpy( void * dest, const void * src, size_t size ); } // C unsafe allocation void * malloc( size_t size );§\indexc{malloc}§ void * calloc( size_t dim, size_t size );§\indexc{calloc}§ void * realloc( void * ptr, size_t size );§\indexc{realloc}§ void * memalign( size_t align, size_t size );§\indexc{memalign}§ void * aligned_alloc( size_t align, size_t size );§\indexc{aligned_alloc}§ int posix_memalign( void ** ptr, size_t align, size_t size );§\indexc{posix_memalign}§ void * cmemalign( size_t alignment, size_t noOfElems, size_t elemSize );§\indexc{cmemalign}§ // CFA // C unsafe initialization/copy void * memset( void * dest, int c, size_t size );§\indexc{memset}§ void * memcpy( void * dest, const void * src, size_t size );§\indexc{memcpy}§ } void * realloc( void * oaddr, size_t nalign, size_t size ); // CFA heap forall( dtype T | sized(T) ) { // §\CFA§ safe equivalents, i.e., implicit size specification // §\CFA§ safe equivalents, i.e., implicit size specification T * malloc( void ); T * calloc( size_t dim ); T * realloc( T * ptr, size_t size ); T * memalign( size_t align ); T * cmemalign( size_t align, size_t dim  ); T * aligned_alloc( size_t align ); int posix_memalign( T ** ptr, size_t align ); // §\CFA§ safe general allocation, fill, resize, array // §\CFA§ safe general allocation, fill, resize, alignment, array T * alloc( void );§\indexc{alloc}§ T * alloc( char fill ); T * alloc( size_t dim ); T * alloc( size_t dim, char fill ); T * alloc( T ptr[], size_t dim ); T * alloc( T ptr[], size_t dim, char fill ); // §\CFA§ safe general allocation, align, fill, array T * align_alloc( size_t align ); T * align_alloc( size_t align, char fill ); T * align_alloc( size_t align, size_t dim ); T * align_alloc( size_t align, size_t dim, char fill ); // §\CFA§ safe initialization/copy, i.e., implicit size specification T * memset( T * dest, char c );§\indexc{memset}§ T * alloc_set( char fill );§\indexc{alloc_set}§ T * alloc_set( T fill ); T * alloc_set( size_t dim, char fill ); T * alloc_set( size_t dim, T fill ); T * alloc_set( size_t dim, const T fill[] ); T * alloc_set( T ptr[], size_t dim, char fill ); T * alloc_align( size_t align ); T * alloc_align( size_t align, size_t dim ); T * alloc_align( T ptr[], size_t align ); // aligned realloc array T * alloc_align( T ptr[], size_t align, size_t dim ); // aligned realloc array T * alloc_align_set( size_t align, char fill ); T * alloc_align_set( size_t align, T fill ); T * alloc_align_set( size_t align, size_t dim, char fill ); T * alloc_align_set( size_t align, size_t dim, T fill ); T * alloc_align_set( size_t align, size_t dim, const T fill[] ); T * alloc_align_set( T ptr[], size_t align, size_t dim, char fill ); // §\CFA§ safe initialization/copy, i.e., implicit size specification T * memset( T * dest, char fill );§\indexc{memset}§ T * memcpy( T * dest, const T * src );§\indexc{memcpy}§ // §\CFA§ safe initialization/copy array T * amemset( T dest[], char c, size_t dim ); // §\CFA§ safe initialization/copy, i.e., implicit size specification, array types T * amemset( T dest[], char fill, size_t dim ); T * amemcpy( T dest[], const T src[], size_t dim ); } // §\CFA§ allocation/deallocation and constructor/destructor forall( dtype T | sized(T), ttype Params | { void ?{}( T *, Params ); } ) T * new( Params p );§\indexc{new}§ forall( dtype T | { void ^?{}( T * ); } ) void delete( T * ptr );§\indexc{delete}§ forall( dtype T, ttype Params | { void ^?{}( T * ); void delete( Params ); } ) // §\CFA§ allocation/deallocation and constructor/destructor, non-array types forall( dtype T | sized(T), ttype Params | { void ?{}( T &, Params ); } ) T * new( Params p );§\indexc{new}§ forall( dtype T | sized(T) | { void ^?{}( T & ); } ) void delete( T * ptr );§\indexc{delete}§ forall( dtype T, ttype Params | sized(T) | { void ^?{}( T & ); void delete( Params ); } ) void delete( T * ptr, Params rest ); // §\CFA§ allocation/deallocation and constructor/destructor, array forall( dtype T | sized(T), ttype Params | { void ?{}( T *, Params ); } ) T * anew( size_t dim, Params p );§\indexc{anew}§ forall( dtype T | sized(T) | { void ^?{}( T * ); } ) void adelete( size_t dim, T arr[] );§\indexc{adelete}§ forall( dtype T | sized(T) | { void ^?{}( T * ); }, ttype Params | { void adelete( Params ); } ) // §\CFA§ allocation/deallocation and constructor/destructor, array types forall( dtype T | sized(T), ttype Params | { void ?{}( T &, Params ); } ) T * anew( size_t dim, Params p );§\indexc{anew}§ forall( dtype T | sized(T) | { void ^?{}( T & ); } ) void adelete( size_t dim, T arr[] );§\indexc{adelete}§ forall( dtype T | sized(T) | { void ^?{}( T & ); }, ttype Params | { void adelete( Params ); } ) void adelete( size_t dim, T arr[], Params rest ); \end{cfa}
• ## libcfa/src/bits/containers.hfa

 re6cfa8ff get_next( *head ) = 0p; verify(*this.tail == 1p); verify( get_next(*head) == 0p ); return head; }

• ## libcfa/src/stdlib.hfa

 re6cfa8ff // Created On       : Thu Jan 28 17:12:35 2016 // Last Modified By : Peter A. Buhr // Last Modified On : Tue Feb  4 08:27:01 2020 // Update Count     : 401 // Last Modified On : Thu Mar  5 11:29:06 2020 // Update Count     : 407 // #include                                                                              // *alloc, strto*, ato* // Reduce includes by explicitly defining these routines. extern "C" { void * memalign( size_t align, size_t size );           // malloc.h void * cmemalign( size_t alignment, size_t noOfElems, size_t elemSize ); // CFA heap void * memset( void * dest, int fill, size_t size ); // string.h void * memcpy( void * dest, const void * src, size_t size ); // string.h void * cmemalign( size_t alignment, size_t noOfElems, size_t elemSize ); // CFA heap } // extern "C" static inline forall( dtype T | sized(T) ) { // C dynamic allocation // Cforall safe equivalents, i.e., implicit size specification T * malloc( void ) { } // posix_memalign // Cforall dynamic allocation // Cforall safe general allocation, fill, resize, array T * alloc( void ) { static inline forall( dtype T | sized(T) ) { // data, non-array types // Cforall safe initialization/copy, i.e., implicit size specification, non-array types T * memset( T * dest, char fill ) { return (T *)memset( dest, fill, sizeof(T) ); static inline forall( dtype T | sized(T) ) { // data, array types // Cforall safe initialization/copy, i.e., implicit size specification, array types T * amemset( T dest[], char fill, size_t dim ) { return (T *)(void *)memset( dest, fill, dim * sizeof(T) ); // C memset } // distribution // allocation/deallocation and constructor/destructor, non-array types // Cforall allocation/deallocation and constructor/destructor, non-array types forall( dtype T | sized(T), ttype Params | { void ?{}( T &, Params ); } ) T * new( Params p ); forall( dtype T | sized(T) | { void ^?{}( T & ); } ) void delete( T * ptr ); forall( dtype T, ttype Params | sized(T) | { void ^?{}( T & ); void delete( Params ); } ) void delete( T * ptr, Params rest ); // allocation/deallocation and constructor/destructor, array types // Cforall allocation/deallocation and constructor/destructor, array types forall( dtype T | sized(T), ttype Params | { void ?{}( T &, Params ); } ) T * anew( size_t dim, Params p ); forall( dtype T | sized(T) | { void ^?{}( T & ); } ) void adelete( size_t dim, T arr[] );
 re6cfa8ff # Escaped Keywords, now Identifiers. color white "\w+" color white "\w+" # Operator Names