Ignore:
Timestamp:
Apr 3, 2017, 7:04:30 PM (5 years ago)
Author:
Rob Schluntz <rschlunt@…>
Branches:
aaron-thesis, arm-eh, cleanup-dtors, deferred_resn, demangler, jacob/cs343-translation, jenkins-sandbox, master, new-ast, new-ast-unique-expr, new-env, no_list, persistent-indexer, resolv-new, with_gc
Children:
fbd7ad6
Parents:
ae6cc8b
Message:

incorporate Peter's feedback, handle many TODOs

File:
1 edited

Legend:

Unmodified
Added
Removed
  • doc/rob_thesis/intro.tex

    rae6cc8b r7493339  
    55\section{\CFA Background}
    66\label{s:background}
    7 \CFA is a modern extension to the C programming language.
     7\CFA is a modern non-object-oriented extension to the C programming language.
    88As it is an extension of C, there is already a wealth of existing C code and principles that govern the design of the language.
    99Among the goals set out in the original design of \CFA, four points stand out \cite{Bilson03}.
     
    1616Therefore, these design principles must be kept in mind throughout the design and development of new language features.
    1717In order to appeal to existing C programmers, great care must be taken to ensure that new features naturally feel like C.
    18 The remainder of this section describes some of the important new features that currently exist in \CFA, to give the reader the necessary context in which the new features presented in this thesis must dovetail. % TODO: harmonize with?
     18The remainder of this section describes some of the important new features that currently exist in \CFA, to give the reader the necessary context in which the new features presented in this thesis must dovetail.
    1919
    2020\subsection{C Background}
     
    3939For example, in the initialization of @a1@, the initializer of @y@ is @7@, and the unnamed initializer @6@ initializes the next subobject, @z@.
    4040Later initializers override earlier initializers, so a subobject for which there is more than one initializer is only initailized by its last initializer.
    41 This can be seen in the initialization of @a0@, where @x@ is designated twice, and thus initialized to @8@.
    42 Note that in \CFA, designations use a colon separator, rather than an equals sign as in C.
     41These semantics can be seen in the initialization of @a0@, where @x@ is designated twice, and thus initialized to @8@.
     42Note that in \CFA, designations use a colon separator, rather than an equals sign as in C, because this syntax is one of the few places that conflicts with the new language features.
    4343
    4444C also provides \emph{compound literal} expressions, which provide a first-class mechanism for creating unnamed objects.
     
    9191
    9292There are times when a function should logically return multiple values.
    93 Since a function in standard C can only return a single value, a programmer must either take in additional return values by address, or the function's designer must create a wrapper structure t0 package multiple return-values.
     93Since a function in standard C can only return a single value, a programmer must either take in additional return values by address, or the function's designer must create a wrapper structure to package multiple return-values.
    9494\begin{cfacode}
    9595int f(int * ret) {        // returns a value through parameter ret
     
    102102\end{cfacode}
    103103The former solution is awkward because it requires the caller to explicitly allocate memory for $n$ result variables, even if they are only temporary values used as a subexpression, or even not used at all.
     104The latter approach:
    104105\begin{cfacode}
    105106struct A {
     
    112113... res3.x ... res3.y ... // use result values
    113114\end{cfacode}
    114 The latter approach requires the caller to either learn the field names of the structure or learn the names of helper routines to access the individual return values.
     115requires the caller to either learn the field names of the structure or learn the names of helper routines to access the individual return values.
    115116Both solutions are syntactically unnatural.
    116117
    117118In \CFA, it is possible to directly declare a function returning mutliple values.
    118 This provides important semantic information to the caller, since return values are only for output.
    119 \begin{cfacode}
    120 [int, int] f() {       // don't need to create a new type
     119This extension provides important semantic information to the caller, since return values are only for output.
     120\begin{cfacode}
     121[int, int] f() {       // no new type
    121122  return [123, 37];
    122123}
    123124\end{cfacode}
    124 However, the ability to return multiple values requires a syntax for accepting the results from a function.
     125However, the ability to return multiple values is useless without a syntax for accepting the results from the function.
     126
    125127In standard C, return values are most commonly assigned directly into local variables, or are used as the arguments to another function call.
    126128\CFA allows both of these contexts to accept multiple return values.
     
    148150  g(f());             // selects (2)
    149151  \end{cfacode}
    150 In this example, the only possible call to @f@ that can produce the two @int@s required by @g@ is the second option.
    151 A similar reasoning holds for assigning into multiple variables.
     152In this example, the only possible call to @f@ that can produce the two @int@s required for assigning into the variables @x@ and @y@ is the second option.
     153A similar reasoning holds calling the function @g@.
    152154
    153155In \CFA, overloading also applies to operator names, known as \emph{operator overloading}.
     
    166168  bool ?<?(A x, A y);
    167169  \end{cfacode}
    168 Notably, the only difference in this example is syntax.
     170Notably, the only difference is syntax.
    169171Most of the operators supported by \CC for operator overloading are also supported in \CFA.
    170172Of notable exception are the logical operators (e.g. @||@), the sequence operator (i.e. @,@), and the member-access operators (e.g. @.@ and \lstinline{->}).
     
    172174Finally, \CFA also permits overloading variable identifiers.
    173175This feature is not available in \CC.
    174   \begin{cfacode} % TODO: pick something better than x? max, zero, one?
     176  \begin{cfacode}
    175177  struct Rational { int numer, denom; };
    176178  int x = 3;               // (1)
     
    186188In this example, there are three definitions of the variable @x@.
    187189Based on the context, \CFA attempts to choose the variable whose type best matches the expression context.
     190When used judiciously, this feature allows names like @MAX@, @MIN@, and @PI@ to apply across many types.
    188191
    189192Finally, the values @0@ and @1@ have special status in standard C.
     
    197200}
    198201\end{cfacode}
    199 Every if statement in C compares the condition with @0@, and every increment and decrement operator is semantically equivalent to adding or subtracting the value @1@ and storing the result.
     202Every if- and iteration-statement in C compares the condition with @0@, and every increment and decrement operator is semantically equivalent to adding or subtracting the value @1@ and storing the result.
    200203Due to these rewrite rules, the values @0@ and @1@ have the types \zero and \one in \CFA, which allow for overloading various operations that connect to @0@ and @1@ \footnote{In the original design of \CFA, @0@ and @1@ were overloadable names \cite[p.~7]{cforall}.}.
    201 The types \zero and \one have special built in implicit conversions to the various integral types, and a conversion to pointer types for @0@, which allows standard C code involving @0@ and @1@ to work as normal.
     204The types \zero and \one have special built-in implicit conversions to the various integral types, and a conversion to pointer types for @0@, which allows standard C code involving @0@ and @1@ to work as normal.
    202205  \begin{cfacode}
    203206  // lvalue is similar to returning a reference in C++
     
    293296This capability allows specifying the same set of assertions in multiple locations, without the repetition and likelihood of mistakes that come with manually writing them out for each function declaration.
    294297
     298An interesting application of return-type resolution and polymorphism is with type-safe @malloc@.
     299\begin{cfacode}
     300forall(dtype T | sized(T))
     301T * malloc() {
     302  return (T*)malloc(sizeof(T)); // call C malloc
     303}
     304int * x = malloc();     // malloc(sizeof(int))
     305double * y = malloc();  // malloc(sizeof(double))
     306
     307struct S { ... };
     308S * s = malloc();       // malloc(sizeof(S))
     309\end{cfacode}
     310The built-in trait @sized@ ensures that size and alignment information for @T@ is available to @malloc@ through @sizeof@ and @_Alignof@ expressions respectively.
     311In calls to @malloc@, the type @T@ is bound based on call-site information, allowing \CFA code to allocate memory without the potential for errors introduced by manually specifying the size of the allocated block.
     312
    295313\section{Invariants}
    296 % TODO: discuss software engineering benefits of ctor/dtors: {pre/post} conditions, invariants
    297 % an important invariant is the state of the environment (memory, resources)
    298 % some objects pass their contract to the object user
    299 An \emph{invariant} is a logical assertion that true for some duration of a program's execution.
     314An \emph{invariant} is a logical assertion that is true for some duration of a program's execution.
    300315Invariants help a programmer to reason about code correctness and prove properties of programs.
    301316
    302317In object-oriented programming languages, type invariants are typically established in a constructor and maintained throughout the object's lifetime.
    303 This is typically achieved through a combination of access control modifiers and a restricted interface.
     318These assertions are typically achieved through a combination of access control modifiers and a restricted interface.
    304319Typically, data which requires the maintenance of an invariant is hidden from external sources using the \emph{private} modifier, which restricts reads and writes to a select set of trusted routines, including member functions.
    305320It is these trusted routines that perform all modifications to internal data in a way that is consistent with the invariant, by ensuring that the invariant holds true at the end of the routine call.
     
    307322In C, the @assert@ macro is often used to ensure invariants are true.
    308323Using @assert@, the programmer can check a condition and abort execution if the condition is not true.
    309 This is a powerful tool that forces the programmer to deal with logical inconsistencies as they occur.
     324This powerful tool forces the programmer to deal with logical inconsistencies as they occur.
    310325For production, assertions can be removed by simply defining the preprocessor macro @NDEBUG@, making it simple to ensure that assertions are 0-cost for a performance intensive application.
    311326\begin{cfacode}
     
    354369\end{dcode}
    355370The D compiler is able to assume that assertions and invariants hold true and perform optimizations based on those assumptions.
    356 
    357 An important invariant is the state of the execution environment, including the heap, the open file table, the state of global variables, etc.
    358 Since resources are finite, it is important to ensure that objects clean up properly when they are finished, restoring the execution environment to a stable state so that new objects can reuse resources.
     371Note, these invariants are internal to the type's correct behaviour.
     372
     373Types also have external invarients with state of the execution environment, including the heap, the open file-table, the state of global variables, etc.
     374Since resources are finite and shared (concurrency), it is important to ensure that objects clean up properly when they are finished, restoring the execution environment to a stable state so that new objects can reuse resources.
    359375
    360376\section{Resource Management}
     
    367383However, whenever a program needs a variable to outlive the block it is created in, the storage must be allocated dynamically with @malloc@ and later released with @free@.
    368384This pattern is extended to more complex objects, such as files and sockets, which also outlive the block where they are created, but at their core is resource management.
    369 Once allocated storage escapes a block, the responsibility for deallocating the storage is not specified in a function's type, that is, that the return value is owned by the caller.
     385Once allocated storage escapes\footnote{In garbage collected languages, such as Java, escape analysis \cite{Choi:1999:EAJ:320385.320386} is used to determine when dynamically allocated objects are strictly contained within a function, which allows the optimizer to allocate them on the stack.} a block, the responsibility for deallocating the storage is not specified in a function's type, that is, that the return value is owned by the caller.
    370386This implicit convention is provided only through documentation about the expectations of functions.
    371387
     
    380396On the other hand, destructors provide a simple mechanism for tearing down an object and resetting the environment in which the object lived.
    381397RAII ensures that if all resources are acquired in a constructor and released in a destructor, there are no resource leaks, even in exceptional circumstances.
    382 A type with at least one non-trivial constructor or destructor will henceforth be referred to as a \emph{managed type}.
     398A type with at least one non-trivial constructor or destructor is henceforth referred to as a \emph{managed type}.
    383399In the context of \CFA, a non-trivial constructor is either a user defined constructor or an auto generated constructor that calls a non-trivial constructor.
    384400
     
    389405There are many kinds of resources that the garbage collector does not understand, such as sockets, open files, and database connections.
    390406In particular, Java supports \emph{finalizers}, which are similar to destructors.
    391 Sadly, finalizers come with far fewer guarantees, to the point where a completely conforming JVM may never call a single finalizer. % TODO: citation JVM spec; http://stackoverflow.com/a/2506514/2386739
    392 Due to operating system resource limits, this is unacceptable for many long running tasks. % TODO: citation?
    393 Instead, the paradigm in Java requires programmers manually keep track of all resource \emph{except} memory, leading many novices and experts alike to forget to close files, etc.
    394 Complicating the picture, uncaught exceptions can cause control flow to change dramatically, leaking a resource which appears on first glance to be closed.
     407Sadly, finalizers are only guaranteed to be called before an object is reclaimed by the garbage collector \cite[p.~373]{Java8}, which may not happen if memory use is not contentious.
     408Due to operating-system resource-limits, this is unacceptable for many long running programs. % TODO: citation?
     409Instead, the paradigm in Java requires programmers to manually keep track of all resources \emph{except} memory, leading many novices and experts alike to forget to close files, etc.
     410Complicating the picture, uncaught exceptions can cause control flow to change dramatically, leaking a resource that appears on first glance to be released.
    395411\begin{javacode}
    396412void write(String filename, String msg) throws Exception {
     
    403419}
    404420\end{javacode}
    405 Any line in this program can throw an exception.
    406 This leads to a profusion of finally blocks around many function bodies, since it isn't always clear when an exception may be thrown.
     421Any line in this program can throw an exception, which leads to a profusion of finally blocks around many function bodies, since it is not always clear when an exception may be thrown.
    407422\begin{javacode}
    408423public void write(String filename, String msg) throws Exception {
     
    422437\end{javacode}
    423438In Java 7, a new \emph{try-with-resources} construct was added to alleviate most of the pain of working with resources, but ultimately it still places the burden squarely on the user rather than on the library designer.
    424 Furthermore, for complete safety this pattern requires nested objects to be declared separately, otherwise resources which can throw an exception on close can leak nested resources. % TODO: cite oracle article http://www.oracle.com/technetwork/articles/java/trywithresources-401775.html?
     439Furthermore, for complete safety this pattern requires nested objects to be declared separately, otherwise resources that can throw an exception on close can leak nested resources \cite{TryWithResources}.
    425440\begin{javacode}
    426441public void write(String filename, String msg) throws Exception {
    427   try (
     442  try (  // try-with-resources
    428443    FileOutputStream out = new FileOutputStream(filename);
    429444    FileOutputStream log = new FileOutputStream("log.txt");
     
    434449}
    435450\end{javacode}
    436 On the other hand, the Java compiler generates more code if more resources are declared, meaning that users must be more familiar with each type and library designers must provide better documentation.
     451Variables declared as part of a try-with-resources statement must conform to the @AutoClosable@ interface, and the compiler implicitly calls @close@ on each of the variables at the end of the block.
     452Depending on when the exception is raised, both @out@ and @log@ are null, @log@ is null, or both are non-null, therefore, the cleanup for these variables at the end is appropriately guarded and conditionally executed to prevent null-pointer exceptions.
     453
     454% TODO: discuss Rust?
     455% Like \CC, Rust \cite{Rust} provides RAII through constructors and destructors.
     456% Smart pointers are deeply integrated in the Rust type-system.
    437457
    438458% D has constructors and destructors that are worth a mention (under classes) https://dlang.org/spec/spec.html
     
    444464Like Java, using the garbage collector means that destructors may never be called, requiring the use of finally statements to ensure dynamically allocated resources that are not managed by the garbage collector, such as open files, are cleaned up.
    445465Since D supports RAII, it is possible to use the same techniques as in \CC to ensure that resources are released in a timely manner.
    446 Finally, D provides a scope guard statement, which allows an arbitrary statement to be executed at normal scope exit with \emph{success}, at exceptional scope exit with \emph{failure}, or at normal and exceptional scope exit with \emph{exit}. % cite? https://dlang.org/spec/statement.html#ScopeGuardStatement
    447 It has been shown that the \emph{exit} form of the scope guard statement can be implemented in a library in \CC. % cite: http://www.drdobbs.com/184403758
    448 
    449 % TODO: discussion of lexical scope vs. dynamic
    450 % see Peter's suggestions
    451 % RAII works in both cases. Guaranteed to work in stack case, works in heap case if root is deleted (but it's dangerous to rely on this, because of exceptions)
     466Finally, D provides a scope guard statement, which allows an arbitrary statement to be executed at normal scope exit with \emph{success}, at exceptional scope exit with \emph{failure}, or at normal and exceptional scope exit with \emph{exit}. % TODO: cite? https://dlang.org/spec/statement.html#ScopeGuardStatement
     467It has been shown that the \emph{exit} form of the scope guard statement can be implemented in a library in \CC \cite{ExceptSafe}.
     468
     469To provide managed types in \CFA, new kinds of constructors and destructors are added to C and discussed in Chapter 2.
    452470
    453471\section{Tuples}
    454472\label{s:Tuples}
    455473In mathematics, tuples are finite-length sequences which, unlike sets, allow duplicate elements.
    456 In programming languages, tuples are a construct that provide fixed-sized heterogeneous lists of elements.
     474In programming languages, tuples provide fixed-sized heterogeneous lists of elements.
    457475Many programming languages have tuple constructs, such as SETL, \KWC, ML, and Scala.
    458476
     
    462480Adding tuples to \CFA has previously been explored by Esteves \cite{Esteves04}.
    463481
    464 The design of tuples in \KWC took much of its inspiration from SETL.
     482The design of tuples in \KWC took much of its inspiration from SETL \cite{SETL}.
    465483SETL is a high-level mathematical programming language, with tuples being one of the primary data types.
    466484Tuples in SETL allow a number of operations, including subscripting, dynamic expansion, and multiple assignment.
     
    470488\begin{cppcode}
    471489tuple<int, int, int> triple(10, 20, 30);
    472 get<1>(triple); // access component 1 => 30
     490get<1>(triple); // access component 1 => 20
    473491
    474492tuple<int, double> f();
     
    482500Tuples are simple data structures with few specific operations.
    483501In particular, it is possible to access a component of a tuple using @std::get<N>@.
    484 Another interesting feature is @std::tie@, which creates a tuple of references, which allows assigning the results of a tuple-returning function into separate local variables, without requiring a temporary variable.
     502Another interesting feature is @std::tie@, which creates a tuple of references, allowing assignment of the results of a tuple-returning function into separate local variables, without requiring a temporary variable.
    485503Tuples also support lexicographic comparisons, making it simple to write aggregate comparators using @std::tie@.
    486504
    487 There is a proposal for \CCseventeen called \emph{structured bindings}, that introduces new syntax to eliminate the need to pre-declare variables and use @std::tie@ for binding the results from a function call. % TODO: cite http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2015/p0144r0.pdf
     505There is a proposal for \CCseventeen called \emph{structured bindings} \cite{StructuredBindings}, that introduces new syntax to eliminate the need to pre-declare variables and use @std::tie@ for binding the results from a function call.
    488506\begin{cppcode}
    489507tuple<int, double> f();
     
    500518Structured bindings allow unpacking any struct with all public non-static data members into fresh local variables.
    501519The use of @&@ allows declaring new variables as references, which is something that cannot be done with @std::tie@, since \CC references do not support rebinding.
    502 This extension requires the use of @auto@ to infer the types of the new variables, so complicated expressions with a non-obvious type must documented with some other mechanism.
     520This extension requires the use of @auto@ to infer the types of the new variables, so complicated expressions with a non-obvious type must be documented with some other mechanism.
    503521Furthermore, structured bindings are not a full replacement for @std::tie@, as it always declares new variables.
    504522
    505523Like \CC, D provides tuples through a library variadic template struct.
    506524In D, it is possible to name the fields of a tuple type, which creates a distinct type.
    507 \begin{dcode} % TODO: cite http://dlang.org/phobos/std_typecons.html
     525% TODO: cite http://dlang.org/phobos/std_typecons.html
     526\begin{dcode}
    508527Tuple!(float, "x", float, "y") point2D;
    509 Tuple!(float, float) float2;  // different types
     528Tuple!(float, float) float2;  // different type from point2D
    510529
    511530point2D[0]; // access first element
     
    521540The @expand@ method produces the components of the tuple as a list of separate values, making it possible to call a function that takes $N$ arguments using a tuple with $N$ components.
    522541
    523 Tuples are a fundamental abstraction in most functional programming languages, such as Standard ML.
     542Tuples are a fundamental abstraction in most functional programming languages, such as Standard ML \cite{sml}.
    524543A function in SML always accepts exactly one argument.
    525544There are two ways to mimic multiple argument functions: the first through currying and the second by accepting tuple arguments.
     
    535554Tuples are a foundational tool in SML, allowing the creation of arbitrarily complex structured data types.
    536555
    537 Scala, like \CC, provides tuple types through the standard library.
     556Scala, like \CC, provides tuple types through the standard library \cite{Scala}.
    538557Scala provides tuples of size 1 through 22 inclusive through generic data structures.
    539558Tuples support named access and subscript access, among a few other operations.
     
    547566\end{scalacode}
    548567In Scala, tuples are primarily used as simple data structures for carrying around multiple values or for returning multiple values from a function.
    549 The 22-element restriction is an odd and arbitrary choice, but in practice it doesn't cause problems since large tuples are uncommon.
     568The 22-element restriction is an odd and arbitrary choice, but in practice it does not cause problems since large tuples are uncommon.
    550569Subscript access is provided through the @productElement@ method, which returns a value of the top-type @Any@, since it is impossible to receive a more precise type from a general subscripting method due to type erasure.
    551570The disparity between named access beginning at @_1@ and subscript access starting at @0@ is likewise an oddity, but subscript access is typically avoided since it discards type information.
     
    553572
    554573
    555 \Csharp has similarly strange limitations, allowing tuples of size up to 7 components. % TODO: cite https://msdn.microsoft.com/en-us/library/system.tuple(v=vs.110).aspx
     574\Csharp also has tuples, but has similarly strange limitations, allowing tuples of size up to 7 components. % TODO: cite https://msdn.microsoft.com/en-us/library/system.tuple(v=vs.110).aspx
    556575The officially supported workaround for this shortcoming is to nest tuples in the 8th component.
    557576\Csharp allows accessing a component of a tuple by using the field @Item$N$@ for components 1 through 7, and @Rest@ for the nested tuple.
    558577
    559 
    560 % TODO: cite 5.3 https://docs.python.org/3/tutorial/datastructures.html
    561 In Python, tuples are immutable sequences that provide packing and unpacking operations.
     578In Python \cite{Python}, tuples are immutable sequences that provide packing and unpacking operations.
    562579While the tuple itself is immutable, and thus does not allow the assignment of components, there is nothing preventing a component from being internally mutable.
    563580The components of a tuple can be accessed by unpacking into multiple variables, indexing, or via field name, like D.
    564581Tuples support multiple assignment through a combination of packing and unpacking, in addition to the common sequence operations.
    565582
    566 % TODO: cite https://developer.apple.com/library/content/documentation/Swift/Conceptual/Swift_Programming_Language/Types.html#//apple_ref/doc/uid/TP40014097-CH31-ID448
    567 Swift, like D, provides named tuples, with components accessed by name, index, or via extractors.
     583Swift \cite{Swift}, like D, provides named tuples, with components accessed by name, index, or via extractors.
    568584Tuples are primarily used for returning multiple values from a function.
    569585In Swift, @Void@ is an alias for the empty tuple, and there are no single element tuples.
     586
     587% TODO: this statement feels like it's too strong
     588Tuples as powerful as the above languages are added to C and discussed in Chapter 3.
    570589
    571590\section{Variadic Functions}
     
    641660A parameter pack matches 0 or more elements, which can be types or expressions depending on the context.
    642661Like other templates, variadic template functions rely on an implicit set of constraints on a type, in this example a @print@ routine.
    643 That is, it is possible to use the @f@ routine any any type provided there is a corresponding @print@ routine, making variadic templates fully open to extension, unlike variadic functions in C.
     662That is, it is possible to use the @f@ routine on any type provided there is a corresponding @print@ routine, making variadic templates fully open to extension, unlike variadic functions in C.
    644663
    645664Recent \CC standards (\CCfourteen, \CCseventeen) expand on the basic premise by allowing variadic template variables and providing convenient expansion syntax to remove the need for recursion in some cases, amongst other things.
     
    672691Unfortunately, Java's use of nominal inheritance means that types must explicitly inherit from classes or interfaces in order to be considered a subclass.
    673692The combination of these two issues greatly restricts the usefulness of variadic functions in Java.
     693
     694Type-safe variadic functions are added to C and discussed in Chapter 4.
Note: See TracChangeset for help on using the changeset viewer.