Changeset b067d9b for doc/papers

Timestamp:

Oct 29, 2019, 4:01:24 PM (6 years ago)

Author:

Thierry Delisle <tdelisle@…>

Branches:

ADT, arm-eh, ast-experimental, enum, forall-pointer-decay, jacob/cs343-translation, jenkins-sandbox, master, new-ast, new-ast-unique-expr, pthread-emulation, qualifiedEnum

Children:

773db65, 9421f3d8

Parents:

7951100 (diff), 8364209 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

Message:

Merge branch 'master' of plg.uwaterloo.ca:software/cfa/cfa-cc

Location:

doc/papers

Files:

• AMA/AMA-stix/ama/WileyNJD-v2.cls (modified) (5 diffs)
• OOPSLA17/Makefile (modified) (4 diffs)
• concurrency/Makefile (modified) (4 diffs)
• concurrency/Paper.tex (modified) (33 diffs)
• concurrency/SPEOldPaper.pdf (added)
• concurrency/annex/local.bib (modified) (2 diffs)
• concurrency/examples/C++Cor-ts.cpp (added)
• concurrency/examples/Fib.c (added)
• concurrency/examples/Fib.cfa (added)
• concurrency/examples/Fib.cpp (added)
• concurrency/examples/Fib.py (added)
• concurrency/examples/Fib.sim (added)
• concurrency/examples/Fib1.c (added)
• concurrency/examples/Fib2.c (added)
• concurrency/examples/Fib2.cfa (added)
• concurrency/examples/Fib2.cpp (added)
• concurrency/examples/Fib2.py (added)
• concurrency/examples/Fib3.c (added)
• concurrency/examples/Fib3.cc (added)
• concurrency/examples/FibRefactor.py (added)
• concurrency/examples/Fmt.sim (added)
• concurrency/examples/Format.c (added)
• concurrency/examples/Format.cc (added)
• concurrency/examples/Format.cfa (added)
• concurrency/examples/Format.cpp (added)
• concurrency/examples/Format.data (added)
• concurrency/examples/Format.py (added)
• concurrency/examples/Format.sim (added)
• concurrency/examples/Format1.c (added)
• concurrency/examples/PingPong.c (added)
• concurrency/examples/PingPong.cc (added)
• concurrency/examples/Pingpong.cc (added)
• concurrency/examples/Pingpong.cfa (added)
• concurrency/examples/Pingpong.py (added)
• concurrency/examples/Pingpong2.cfa (added)
• concurrency/examples/ProdCons.cfa (added)
• concurrency/examples/ProdCons.cpp (added)
• concurrency/examples/ProdCons.py (added)
• concurrency/examples/ProdCons.sim (added)
• concurrency/examples/RWMonitor.cfa (added)
• concurrency/examples/Refactor.py (added)
• concurrency/examples/counter.cpp (added)
• concurrency/figures/CondSigWait.fig (added)
• concurrency/figures/FullCoroutinePhases.fig (added)
• concurrency/figures/FullProdConsStack.fig (added)
• concurrency/figures/RunTimeStructure.fig (added)
• concurrency/figures/corlayout.fig (added)
• concurrency/figures/ext_monitor.fig (modified) (1 diff)
• concurrency/figures/monitor.fig (modified) (1 diff)
• concurrency/figures/monitor.old.fig (added)
• concurrency/mail (added)
• concurrency/mail2 (added)
• concurrency/style/cfa-format.tex (deleted)
• general/.gitignore (modified) (1 diff)
• general/Makefile (modified) (5 diffs)
• general/Paper.tex (modified) (124 diffs)
• general/fig.tex (added)

doc/papers/AMA/AMA-stix/ama/WileyNJD-v2.cls

@@ -1854 +1854 @@
     \vspace*{8.5\p@}%
     \rightskip0pt\raggedright\hspace*{7\p@}\hbox{\reset@font\abstractfont{\absheadfont#1}}\par\vskip3pt% LN20feb2016
-    {\abstractfont\baselineskip15pt\ifFWabstract\hsize\textwidth\fi#2\par\vspace*{0\p@}}%
+    {\abstractfont\baselineskip15pt\ifFWabstract\hsize\textwidth\fi\hsize0.68\textwidth#2\par\vspace*{0\p@}}%
     \addcontentsline{toc}{section}{\abstractname}%
 }}%\abstract{}%
@@ -1882 +1882 @@
 }%
 %
-\def\fundinginfohead#1{\gdef\@fundinginfo@head{#1}}\fundinginfohead{Funding Information}%
+\def\fundinginfohead#1{\gdef\@fundinginfo@head{#1}}\fundinginfohead{Funding information}%
 \def\fundinginfoheadtext#1{\gdef\@fundinginfo@head@text{#1}}\fundinginfoheadtext{}%
 \gdef\@fundinginfo{{%
@@ -2319 +2319 @@
 %% Keywords %%
 
-\def\keywords#1{\def\@keywords{{\keywordsheadfont\textbf{KEYWORDS:}\par\removelastskip\nointerlineskip\vskip6pt \keywordsfont#1\par}}}\def\@keywords{}%
+\def\keywords#1{\def\@keywords{{\keywordsheadfont\textbf{KEYWORDS}\par\removelastskip\nointerlineskip\vskip6pt \keywordsfont#1\par}}}\def\@keywords{}%
 
 \def\@fnsymbol#1{\ifcase#1\or \dagger\or \ddagger\or
@@ -2444 +2444 @@
      \@afterheading}
 
-\renewcommand\section{\@startsection{section}{1}{\z@}{-27pt \@plus -2pt \@minus -2pt}{12\p@}{\sectionfont}}%
-\renewcommand\subsection{\@startsection{subsection}{2}{\z@}{-23pt \@plus -2pt \@minus -2pt}{5\p@}{\subsectionfont}}%
+\renewcommand\section{\@startsection{section}{1}{\z@}{-25pt \@plus -2pt \@minus -2pt}{12\p@}{\sectionfont}}%
+\renewcommand\subsection{\@startsection{subsection}{2}{\z@}{-22pt \@plus -2pt \@minus -2pt}{5\p@}{\subsectionfont}}%
 \renewcommand\subsubsection{\@startsection{subsubsection}{3}{\z@}{-20pt \@plus -2pt \@minus -2pt}{2\p@}{\subsubsectionfont}}%
 %
@@ -3406 +3406 @@
 \hskip-\parindentvalue\fbox{\vbox{\noindent\@jnlcitation}}}%
 
-\AtEndDocument{\ifappendixsec\else\printjnlcitation\fi}%
+%\AtEndDocument{\ifappendixsec\else\printjnlcitation\fi}%
 
 %% Misc math macros %%

doc/papers/OOPSLA17/Makefile

@@ -33 +33 @@
 
 DOCUMENT = generic_types.pdf
+BASE = ${basename ${DOCUMENT}}
 
 # Directives #
@@ -41 +42 @@
 
 clean :
-        @rm -frv ${DOCUMENT} ${basename ${DOCUMENT}}.ps ${Build}
+        @rm -frv ${DOCUMENT} ${BASE}.ps ${Build}
 
 # File Dependencies #
 
-${DOCUMENT} : ${basename ${DOCUMENT}}.ps
+${DOCUMENT} : ${BASE}.ps
         ps2pdf $<
 
-${basename ${DOCUMENT}}.ps : ${basename ${DOCUMENT}}.dvi
+${BASE}.ps : ${BASE}.dvi
         dvips ${Build}/$< -o $@
 
-${basename ${DOCUMENT}}.dvi : Makefile ${Build} ${GRAPHS} ${PROGRAMS} ${PICTURES} ${FIGURES} ${SOURCES} ../../bibliography/pl.bib
+${BASE}.dvi : Makefile ${GRAPHS} ${PROGRAMS} ${PICTURES} ${FIGURES} ${SOURCES} \
+                ../../bibliography/pl.bib | ${Build}
         # Must have *.aux file containing citations for bibtex
         if [ ! -r ${basename $@}.aux ] ; then ${LaTeX} ${basename $@}.tex ; fi
@@ -63 +65 @@
 ## Define the default recipes.
 
-${Build}:
+${Build} :
         mkdir -p ${Build}
 
@@ -69 +71 @@
         gnuplot -e Build="'${Build}/'" evaluation/timing.gp
 
-%.tex : %.fig
+%.tex : %.fig | ${Build}
         fig2dev -L eepic $< > ${Build}/$@
 
-%.ps : %.fig
+%.ps : %.fig | ${Build}
         fig2dev -L ps $< > ${Build}/$@
 
-%.pstex : %.fig
+%.pstex : %.fig | ${Build}
         fig2dev -L pstex $< > ${Build}/$@
         fig2dev -L pstex_t -p ${Build}/$@ $< > ${Build}/$@_t

doc/papers/concurrency/Makefile

@@ -4 +4 @@
 Figures = figures
 Macros = ../AMA/AMA-stix/ama
-TeXLIB = .:annex:../../LaTeXmacros:${Macros}:${Build}:../../bibliography:
+TeXLIB = .:../../LaTeXmacros:${Macros}:${Build}:
 LaTeX  = TEXINPUTS=${TeXLIB} && export TEXINPUTS && latex -halt-on-error -output-directory=${Build}
-BibTeX = BIBINPUTS=${TeXLIB} && export BIBINPUTS && bibtex
+BibTeX = BIBINPUTS=annex:../../bibliography: && export BIBINPUTS && bibtex
 
 MAKEFLAGS = --no-print-directory # --silent
@@ -15 +15 @@
 SOURCES = ${addsuffix .tex, \
 Paper \
-style/style \
-style/cfa-format \
 }
 
 FIGURES = ${addsuffix .tex, \
-monitor \
-ext_monitor \
 int_monitor \
 dependency \
+RunTimeStructure \
 }
 
 PICTURES = ${addsuffix .pstex, \
+FullProdConsStack \
+FullCoroutinePhases \
+corlayout \
+CondSigWait \
+monitor \
+ext_monitor \
 system \
 monitor_structs \
@@ -59 +62 @@
         dvips ${Build}/$< -o $@
 
-${BASE}.dvi : Makefile ${Build} ${BASE}.out.ps WileyNJD-AMA.bst ${GRAPHS} ${PROGRAMS} ${PICTURES} ${FIGURES} ${SOURCES} \
-                annex/local.bib ../../bibliography/pl.bib
+${BASE}.dvi : Makefile ${BASE}.out.ps WileyNJD-AMA.bst ${GRAPHS} ${PROGRAMS} ${PICTURES} ${FIGURES} ${SOURCES} \
+                annex/local.bib ../../bibliography/pl.bib | ${Build}
         # Must have *.aux file containing citations for bibtex
         if [ ! -r ${basename $@}.aux ] ; then ${LaTeX} ${basename $@}.tex ; fi
-        ${BibTeX} ${Build}/${basename $@}
+        -${BibTeX} ${Build}/${basename $@}
         # Some citations reference others so run again to resolve these citations
         ${LaTeX} ${basename $@}.tex
-        ${BibTeX} ${Build}/${basename $@}
+        -${BibTeX} ${Build}/${basename $@}
         # Run again to finish citations
         ${LaTeX} ${basename $@}.tex
@@ -72 +75 @@
 ## Define the default recipes.
 
-${Build}:
+${Build} :
         mkdir -p ${Build}
 
-${BASE}.out.ps: ${Build}
+${BASE}.out.ps : | ${Build}
         ln -fs ${Build}/Paper.out.ps .
 
-WileyNJD-AMA.bst:
+WileyNJD-AMA.bst :
         ln -fs ../AMA/AMA-stix/ama/WileyNJD-AMA.bst .
 
-%.tex : %.fig ${Build}
+%.tex : %.fig | ${Build}
         fig2dev -L eepic $< > ${Build}/$@
 
-%.ps : %.fig ${Build}
+%.ps : %.fig | ${Build}
         fig2dev -L ps $< > ${Build}/$@
 
-%.pstex : %.fig ${Build}
+%.pstex : %.fig | ${Build}
         fig2dev -L pstex $< > ${Build}/$@
         fig2dev -L pstex_t -p ${Build}/$@ $< > ${Build}/$@_t

doc/papers/concurrency/Paper.tex

@@ -3 +3 @@
 \articletype{RESEARCH ARTICLE}%
 
-\received{26 April 2016}
-\revised{6 June 2016}
-\accepted{6 June 2016}
+% Referees
+% Doug Lea, dl@cs.oswego.edu, SUNY Oswego
+% Herb Sutter, hsutter@microsoft.com, Microsoft Corp
+% Gor Nishanov, gorn@microsoft.com, Microsoft Corp
+% James Noble, kjx@ecs.vuw.ac.nz, Victoria University of Wellington, School of Engineering and Computer Science
+
+\received{XXXXX}
+\revised{XXXXX}
+\accepted{XXXXX}
 
 \raggedbottom
@@ -15 +21 @@
 \usepackage{epic,eepic}
 \usepackage{xspace}
+\usepackage{enumitem}
 \usepackage{comment}
 \usepackage{upquote}                                            % switch curled `'" to straight
@@ -21 +28 @@
 \renewcommand{\thesubfigure}{(\Alph{subfigure})}
 \captionsetup{justification=raggedright,singlelinecheck=false}
-\usepackage{siunitx}
-\sisetup{binary-units=true}
+\usepackage{dcolumn}                                            % align decimal points in tables
+\usepackage{capt-of}
+\setlength{\multicolsep}{6.0pt plus 2.0pt minus 1.5pt}
 
 \hypersetup{breaklinks=true}
@@ -32 +40 @@
 \renewcommand{\linenumberfont}{\scriptsize\sffamily}
 
+\renewcommand{\topfraction}{0.8}                        % float must be greater than X of the page before it is forced onto its own page
+\renewcommand{\bottomfraction}{0.8}                     % float must be greater than X of the page before it is forced onto its own page
+\renewcommand{\floatpagefraction}{0.8}          % float must be greater than X of the page before it is forced onto its own page
 \renewcommand{\textfraction}{0.0}                       % the entire page maybe devoted to floats with no text on the page at all
 
@@ -132 +143 @@
 \makeatother
 
-\newenvironment{cquote}{%
-        \list{}{\lstset{resetmargins=true,aboveskip=0pt,belowskip=0pt}\topsep=3pt\parsep=0pt\leftmargin=\parindentlnth\rightmargin\leftmargin}%
-        \item\relax
-}{%
-        \endlist
-}% cquote
+\newenvironment{cquote}
+               {\list{}{\lstset{resetmargins=true,aboveskip=0pt,belowskip=0pt}\topsep=3pt\parsep=0pt\leftmargin=\parindentlnth\rightmargin\leftmargin}%
+                \item\relax}
+               {\endlist}
+
+%\newenvironment{cquote}{%
+%\list{}{\lstset{resetmargins=true,aboveskip=0pt,belowskip=0pt}\topsep=3pt\parsep=0pt\leftmargin=\parindentlnth\rightmargin\leftmargin}%
+%\item\relax%
+%}{%
+%\endlist%
+%}% cquote
 
 % CFA programming language, based on ANSI C (with some gcc additions)
@@ -145 +161 @@
                 auto, _Bool, catch, catchResume, choose, _Complex, __complex, __complex__, __const, __const__,
                 coroutine, disable, dtype, enable, exception, __extension__, fallthrough, fallthru, finally,
-                __float80, float80, __float128, float128, forall, ftype, _Generic, _Imaginary, __imag, __imag__,
+                __float80, float80, __float128, float128, forall, ftype, generator, _Generic, _Imaginary, __imag, __imag__,
                 inline, __inline, __inline__, __int128, int128, __label__, monitor, mutex, _Noreturn, one_t, or,
                 otype, restrict, __restrict, __restrict__, __signed, __signed__, _Static_assert, thread,
                 _Thread_local, throw, throwResume, timeout, trait, try, ttype, typeof, __typeof, __typeof__,
                 virtual, __volatile, __volatile__, waitfor, when, with, zero_t},
-        moredirectives={defined,include_next}%
+        moredirectives={defined,include_next},
+        % replace/adjust listing characters that look bad in sanserif
+        literate={-}{\makebox[1ex][c]{\raisebox{0.4ex}{\rule{0.8ex}{0.1ex}}}}1 {^}{\raisebox{0.6ex}{$\scriptstyle\land\,$}}1
+                {~}{\raisebox{0.3ex}{$\scriptstyle\sim\,$}}1 % {`}{\ttfamily\upshape\hspace*{-0.1ex}`}1
+                {<}{\textrm{\textless}}1 {>}{\textrm{\textgreater}}1
+                {<-}{$\leftarrow$}2 {=>}{$\Rightarrow$}2 {->}{\makebox[1ex][c]{\raisebox{0.5ex}{\rule{0.8ex}{0.075ex}}}\kern-0.2ex{\textrm{\textgreater}}}2,
 }
 
@@ -167 +188 @@
 aboveskip=4pt,                                                                                  % spacing above/below code block
 belowskip=3pt,
-% replace/adjust listing characters that look bad in sanserif
-literate={-}{\makebox[1ex][c]{\raisebox{0.4ex}{\rule{0.8ex}{0.1ex}}}}1 {^}{\raisebox{0.6ex}{$\scriptstyle\land\,$}}1
-        {~}{\raisebox{0.3ex}{$\scriptstyle\sim\,$}}1 % {`}{\ttfamily\upshape\hspace*{-0.1ex}`}1
-        {<}{\textrm{\textless}}1 {>}{\textrm{\textgreater}}1
-        {<-}{$\leftarrow$}2 {=>}{$\Rightarrow$}2 {->}{\makebox[1ex][c]{\raisebox{0.5ex}{\rule{0.8ex}{0.075ex}}}\kern-0.2ex{\textrm{\textgreater}}}2,
 moredelim=**[is][\color{red}]{`}{`},
 }% lstset
@@ -197 +213 @@
 }
 
+% Go programming language: https://github.com/julienc91/listings-golang/blob/master/listings-golang.sty
+\lstdefinelanguage{Golang}{
+        morekeywords=[1]{package,import,func,type,struct,return,defer,panic,recover,select,var,const,iota,},
+        morekeywords=[2]{string,uint,uint8,uint16,uint32,uint64,int,int8,int16,int32,int64,
+                bool,float32,float64,complex64,complex128,byte,rune,uintptr, error,interface},
+        morekeywords=[3]{map,slice,make,new,nil,len,cap,copy,close,true,false,delete,append,real,imag,complex,chan,},
+        morekeywords=[4]{for,break,continue,range,goto,switch,case,fallthrough,if,else,default,},
+        morekeywords=[5]{Println,Printf,Error,},
+        sensitive=true,
+        morecomment=[l]{//},
+        morecomment=[s]{/*}{*/},
+        morestring=[b]',
+        morestring=[b]",
+        morestring=[s]{`}{`},
+        % replace/adjust listing characters that look bad in sanserif
+        literate={-}{\makebox[1ex][c]{\raisebox{0.4ex}{\rule{0.8ex}{0.1ex}}}}1 {^}{\raisebox{0.6ex}{$\scriptstyle\land\,$}}1
+                {~}{\raisebox{0.3ex}{$\scriptstyle\sim\,$}}1 % {`}{\ttfamily\upshape\hspace*{-0.1ex}`}1
+                {<}{\textrm{\textless}}1 {>}{\textrm{\textgreater}}1
+                {<-}{\makebox[2ex][c]{\textrm{\textless}\raisebox{0.5ex}{\rule{0.8ex}{0.075ex}}}}2,
+}
+
 \lstnewenvironment{cfa}[1][]
 {\lstset{#1}}
@@ -207 +244 @@
 {}
 \lstnewenvironment{Go}[1][]
-{\lstset{#1}}
+{\lstset{language=Golang,moredelim=**[is][\protect\color{red}]{`}{`},#1}\lstset{#1}}
+{}
+\lstnewenvironment{python}[1][]
+{\lstset{language=python,moredelim=**[is][\protect\color{red}]{`}{`},#1}\lstset{#1}}
 {}
 
@@ -222 +262 @@
 }
 
-\title{\texorpdfstring{Concurrency in \protect\CFA}{Concurrency in Cforall}}
+\newbox\myboxA
+\newbox\myboxB
+\newbox\myboxC
+\newbox\myboxD
+
+\title{\texorpdfstring{Advanced Control-flow and Concurrency in \protect\CFA}{Advanced Control-flow in Cforall}}
 
 \author[1]{Thierry Delisle}
@@ -232 +277 @@
 \corres{*Peter A. Buhr, Cheriton School of Computer Science, University of Waterloo, 200 University Avenue West, Waterloo, ON, N2L 3G1, Canada. \email{pabuhr{\char`\@}uwaterloo.ca}}
 
-\fundingInfo{Natural Sciences and Engineering Research Council of Canada}
+% \fundingInfo{Natural Sciences and Engineering Research Council of Canada}
 
 \abstract[Summary]{
-\CFA is a modern, polymorphic, \emph{non-object-oriented} extension of the C programming language.
-This paper discusses the design of the concurrency and parallelism features in \CFA, and the concurrent runtime-system.
-These features are created from scratch as ISO C lacks concurrency, relying largely on the pthreads library.
-Coroutines and lightweight (user) threads are introduced into the language.
-In addition, monitors are added as a high-level mechanism for mutual exclusion and synchronization.
-A unique contribution is allowing multiple monitors to be safely acquired simultaneously.
-All features respect the expectations of C programmers, while being fully integrate with the \CFA polymorphic type-system and other language features.
-Finally, experimental results are presented to compare the performance of the new features with similar mechanisms in other concurrent programming-languages.
+\CFA is a polymorphic, non-object-oriented, concurrent, backwards-compatible extension of the C programming language.
+This paper discusses the design philosophy and implementation of its advanced control-flow and concurrent/parallel features, along with the supporting runtime written in \CFA.
+These features are created from scratch as ISO C has only low-level and/or unimplemented concurrency, so C programmers continue to rely on library features like pthreads.
+\CFA introduces modern language-level control-flow mechanisms, like generators, coroutines, user-level threading, and monitors for mutual exclusion and synchronization.
+% Library extension for executors, futures, and actors are built on these basic mechanisms.
+The runtime provides significant programmer simplification and safety by eliminating spurious wakeup and monitor barging.
+The runtime also ensures multiple monitors can be safely acquired \emph{simultaneously} (deadlock free), and this feature is fully integrated with all monitor synchronization mechanisms.
+All control-flow features integrate with the \CFA polymorphic type-system and exception handling, while respecting the expectations and style of C programmers.
+Experimental results show comparable performance of the new features with similar mechanisms in other concurrent programming languages.
 }%
 
-\keywords{concurrency, parallelism, coroutines, threads, monitors, runtime, C, Cforall}
+\keywords{generator, coroutine, concurrency, parallelism, thread, monitor, runtime, C, \CFA (Cforall)}
 
 
@@ -256 +302 @@
 \section{Introduction}
 
-This paper provides a minimal concurrency \newterm{Application Program Interface} (API) that is simple, efficient and can be used to build other concurrency features.
-While the simplest concurrency system is a thread and a lock, this low-level approach is hard to master.
-An easier approach for programmers is to support higher-level constructs as the basis of concurrency.
-Indeed, for highly productive concurrent programming, high-level approaches are much more popular~\cite{Hochstein05}.
-Examples of high-level approaches are task (work) based~\cite{TBB}, implicit threading~\cite{OpenMP}, monitors~\cite{Java}, channels~\cite{CSP,Go}, and message passing~\cite{Erlang,MPI}.
-
-The following terminology is used.
-A \newterm{thread} is a fundamental unit of execution that runs a sequence of code and requires a stack to maintain state.
-Multiple simultaneous threads give rise to \newterm{concurrency}, which requires locking to ensure safe communication and access to shared data.
-% Correspondingly, concurrency is defined as the concepts and challenges that occur when multiple independent (sharing memory, timing dependencies, \etc) concurrent threads are introduced.
-\newterm{Locking}, and by extension \newterm{locks}, are defined as a mechanism to prevent progress of threads to provide safety.
-\newterm{Parallelism} is running multiple threads simultaneously.
-Parallelism implies \emph{actual} simultaneous execution, where concurrency only requires \emph{apparent} simultaneous execution.
-As such, parallelism only affects performance, which is observed through differences in space and/or time at runtime.
-
-Hence, there are two problems to be solved: concurrency and parallelism.
-While these two concepts are often combined, they are distinct, requiring different tools~\cite[\S~2]{Buhr05a}.
-Concurrency tools handle synchronization and mutual exclusion, while parallelism tools handle performance, cost and resource utilization.
-
-The proposed concurrency API is implemented in a dialect of C, called \CFA.
-The paper discusses how the language features are added to the \CFA translator with respect to parsing, semantic, and type checking, and the corresponding high-performance runtime-library to implement the concurrency features.
-
-
-\section{\CFA Overview}
-
-The following is a quick introduction to the \CFA language, specifically tailored to the features needed to support concurrency.
-Extended versions and explanation of the following code examples are available at the \CFA website~\cite{Cforall} or in Moss~\etal~\cite{Moss18}.
-
-\CFA is an extension of ISO-C, and hence, supports all C paradigms.
-%It is a non-object-oriented system-language, meaning most of the major abstractions have either no runtime overhead or can be opted out easily.
-Like C, the basics of \CFA revolve around structures and routines.
-Virtually all of the code generated by the \CFA translator respects C memory layouts and calling conventions.
-While \CFA is not an object-oriented language, lacking the concept of a receiver (\eg @this@) and nominal inheritance-relationships, C does have a notion of objects: ``region of data storage in the execution environment, the contents of which can represent values''~\cite[3.15]{C11}.
-While some \CFA features are common in object-oriented programming-languages, they are an independent capability allowing \CFA to adopt them while retaining a procedural paradigm.
-
-
-\subsection{References}
-
-\CFA provides multi-level rebindable references, as an alternative to pointers, which significantly reduces syntactic noise.
-\begin{cfa}
-int x = 1, y = 2, z = 3;
-int * p1 = &x, ** p2 = &p1,  *** p3 = &p2,      $\C{// pointers to x}$
-        `&` r1 = x,  `&&` r2 = r1,  `&&&` r3 = r2;      $\C{// references to x}$
-int * p4 = &z, `&` r4 = z;
-
-*p1 = 3; **p2 = 3; ***p3 = 3;       // change x
-r1 =  3;     r2 = 3;      r3 = 3;        // change x: implicit dereferences *r1, **r2, ***r3
-**p3 = &y; *p3 = &p4;                // change p1, p2
-`&`r3 = &y; `&&`r3 = &`&`r4;             // change r1, r2: cancel implicit dereferences (&*)**r3, (&(&*)*)*r3, &(&*)r4
-\end{cfa}
-A reference is a handle to an object, like a pointer, but is automatically dereferenced by the specified number of levels.
-Referencing (address-of @&@) a reference variable cancels one of the implicit dereferences, until there are no more implicit references, after which normal expression behaviour applies.
-
-
-\subsection{\texorpdfstring{\protect\lstinline{with} Statement}{with Statement}}
-\label{s:WithStatement}
-
-Heterogeneous data is aggregated into a structure/union.
-To reduce syntactic noise, \CFA provides a @with@ statement (see Pascal~\cite[\S~4.F]{Pascal}) to elide aggregate field-qualification by opening a scope containing the field identifiers.
-\begin{cquote}
-\vspace*{-\baselineskip}%???
-\lstDeleteShortInline@%
-\begin{cfa}
-struct S { char c; int i; double d; };
-struct T { double m, n; };
-// multiple aggregate parameters
-\end{cfa}
-\begin{tabular}{@{}l@{\hspace{2\parindentlnth}}|@{\hspace{2\parindentlnth}}l@{}}
-\begin{cfa}
-void f( S & s, T & t ) {
-        `s.`c; `s.`i; `s.`d;
-        `t.`m; `t.`n;
-}
-\end{cfa}
-&
-\begin{cfa}
-void f( S & s, T & t ) `with ( s, t )` {
-        c; i; d;                // no qualification
-        m; n;
-}
-\end{cfa}
-\end{tabular}
-\lstMakeShortInline@%
-\end{cquote}
-Object-oriented programming languages only provide implicit qualification for the receiver.
-
-In detail, the @with@ statement has the form:
-\begin{cfa}
-$\emph{with-statement}$:
-        'with' '(' $\emph{expression-list}$ ')' $\emph{compound-statement}$
-\end{cfa}
-and may appear as the body of a routine or nested within a routine body.
-Each expression in the expression-list provides a type and object.
-The type must be an aggregate type.
-(Enumerations are already opened.)
-The object is the implicit qualifier for the open structure-fields.
-All expressions in the expression list are open in parallel within the compound statement, which is different from Pascal, which nests the openings from left to right.
-
-
-\subsection{Overloading}
-
-\CFA maximizes the ability to reuse names via overloading to aggressively address the naming problem.
-Both variables and routines may be overloaded, where selection is based on types, and number of returns (as in Ada~\cite{Ada}) and arguments.
-\begin{cquote}
-\vspace*{-\baselineskip}%???
-\lstDeleteShortInline@%
-\begin{cfa}
-// selection based on type
-\end{cfa}
-\begin{tabular}{@{}l@{\hspace{2\parindentlnth}}|@{\hspace{2\parindentlnth}}l@{}}
-\begin{cfa}
-const short int `MIN` = -32768;
-const int `MIN` = -2147483648;
-const long int `MIN` = -9223372036854775808L;
-\end{cfa}
-&
-\begin{cfa}
-short int si = `MIN`;
-int i = `MIN`;
-long int li = `MIN`;
-\end{cfa}
-\end{tabular}
-\begin{cfa}
-// selection based on type and number of parameters
-\end{cfa}
-\begin{tabular}{@{}l@{\hspace{2.7\parindentlnth}}|@{\hspace{2\parindentlnth}}l@{}}
-\begin{cfa}
-void `f`( void );
-void `f`( char );
-void `f`( int, double );
-\end{cfa}
-&
-\begin{cfa}
-`f`();
-`f`( 'a' );
-`f`( 3, 5.2 );
-\end{cfa}
-\end{tabular}
-\begin{cfa}
-// selection based on type and number of returns
-\end{cfa}
-\begin{tabular}{@{}l@{\hspace{2\parindentlnth}}|@{\hspace{2\parindentlnth}}l@{}}
-\begin{cfa}
-char `f`( int );
-double `f`( int );
-[char, double] `f`( int );
-\end{cfa}
-&
-\begin{cfa}
-char c = `f`( 3 );
-double d = `f`( 3 );
-[d, c] = `f`( 3 );
-\end{cfa}
-\end{tabular}
-\lstMakeShortInline@%
-\end{cquote}
-Overloading is important for \CFA concurrency since the runtime system relies on creating different types to represent concurrency objects.
-Therefore, overloading is necessary to prevent the need for long prefixes and other naming conventions to prevent name clashes.
-As seen in Section~\ref{basics}, routine @main@ is heavily overloaded.
-
-Variable overloading is useful in the parallel semantics of the @with@ statement for fields with the same name:
-\begin{cfa}
-struct S { int `i`; int j; double m; } s;
-struct T { int `i`; int k; int m; } t;
-with ( s, t ) {
-        j + k;                                                                  $\C{// unambiguous, s.j + t.k}$
-        m = 5.0;                                                                $\C{// unambiguous, s.m = 5.0}$
-        m = 1;                                                                  $\C{// unambiguous, t.m = 1}$
-        int a = m;                                                              $\C{// unambiguous, a = t.m }$
-        double b = m;                                                   $\C{// unambiguous, b = s.m}$
-        int c = `s.i` + `t.i`;                                  $\C{// unambiguous, qualification}$
-        (double)m;                                                              $\C{// unambiguous, cast s.m}$
-}
-\end{cfa}
-For parallel semantics, both @s.i@ and @t.i@ are visible the same type, so only @i@ is ambiguous without qualification.
-
-
-\subsection{Operators}
-
-Overloading also extends to operators.
-Operator-overloading syntax creates a routine name with an operator symbol and question marks for the operands:
-\begin{cquote}
-\lstDeleteShortInline@%
-\begin{tabular}{@{}ll@{\hspace{\parindentlnth}}|@{\hspace{\parindentlnth}}l@{}}
-\begin{cfa}
-int ++? (int op);
-int ?++ (int op);
-int `?+?` (int op1, int op2);
-int ?<=?(int op1, int op2);
-int ?=? (int & op1, int op2);
-int ?+=?(int & op1, int op2);
-\end{cfa}
-&
-\begin{cfa}
-// unary prefix increment
-// unary postfix increment
-// binary plus
-// binary less than
-// binary assignment
-// binary plus-assignment
-\end{cfa}
-&
-\begin{cfa}
-struct S { int i, j; };
-S `?+?`( S op1, S op2) { // add two structures
-        return (S){op1.i + op2.i, op1.j + op2.j};
-}
-S s1 = {1, 2}, s2 = {2, 3}, s3;
-s3 = s1 `+` s2;         // compute sum: s3 == {2, 5}
-\end{cfa}
-\end{tabular}
-\lstMakeShortInline@%
-\end{cquote}
-While concurrency does not use operator overloading directly, it provides an introduction for the syntax of constructors.
-
-
-\subsection{Parametric Polymorphism}
-\label{s:ParametricPolymorphism}
-
-The signature feature of \CFA is parametric-polymorphic routines~\cite{} with routines generalized using a @forall@ clause (giving the language its name), which allow separately compiled routines to support generic usage over multiple types.
-For example, the following sum routine works for any type that supports construction from 0 and addition \commenttd{constructors have not been introduced yet.}:
-\begin{cfa}
-forall( otype T | { void `?{}`( T *, zero_t ); T `?+?`( T, T ); } ) // constraint type, 0 and +
-T sum( T a[$\,$], size_t size ) {
-        `T` total = { `0` };                                    $\C{// initialize by 0 constructor}$
-        for ( size_t i = 0; i < size; i += 1 )
-                total = total `+` a[i];                         $\C{// select appropriate +}$
-        return total;
-}
-S sa[5];
-int i = sum( sa, 5 );                                           $\C{// use S's 0 construction and +}$
-\end{cfa}
-
-\CFA provides \newterm{traits} to name a group of type assertions, where the trait name allows specifying the same set of assertions in multiple locations, preventing repetition mistakes at each routine declaration:
-\begin{cfa}
-trait `sumable`( otype T ) {
-        void `?{}`( T &, zero_t );                              $\C{// 0 literal constructor}$
-        T `?+?`( T, T );                                                $\C{// assortment of additions}$
-        T ?+=?( T &, T );
-        T ++?( T & );
-        T ?++( T & );
-};
-forall( otype T `| sumable( T )` )                      $\C{// use trait}$
-T sum( T a[$\,$], size_t size );
-\end{cfa}
-
-Assertions can be @otype@ or @dtype@.
-@otype@ refers to a ``complete'' object, \ie an object has a size, default constructor, copy constructor, destructor and an assignment operator.
-@dtype@ only guarantees an object has a size and alignment.
-
-Using the return type for discrimination, it is possible to write a type-safe @alloc@ based on the C @malloc@:
-\begin{cfa}
-forall( dtype T | sized(T) ) T * alloc( void ) { return (T *)malloc( sizeof(T) ); }
-int * ip = alloc();                                                     $\C{// select type and size from left-hand side}$
-double * dp = alloc();
-struct S {...} * sp = alloc();
-\end{cfa}
-where the return type supplies the type/size of the allocation, which is impossible in most type systems.
-
-
-\subsection{Constructors / Destructors}
-
-Object lifetime is a challenge in non-managed programming languages.
-\CFA responds with \CC-like constructors and destructors:
-\begin{cfa}
-struct VLA { int len, * data; };                        $\C{// variable length array of integers}$
-void ?{}( VLA & vla ) with ( vla ) { len = 10;  data = alloc( len ); }  $\C{// default constructor}$
-void ?{}( VLA & vla, int size, char fill ) with ( vla ) { len = size;  data = alloc( len, fill ); } // initialization
-void ?{}( VLA & vla, VLA other ) { vla.len = other.len;  vla.data = other.data; } $\C{// copy, shallow}$
-void ^?{}( VLA & vla ) with ( vla ) { free( data ); } $\C{// destructor}$
-{
-        VLA  x,            y = { 20, 0x01 },     z = y; $\C{// z points to y}$
-        //    x{};         y{ 20, 0x01 };          z{ z, y };
-        ^x{};                                                                   $\C{// deallocate x}$
-        x{};                                                                    $\C{// reallocate x}$
-        z{ 5, 0xff };                                                   $\C{// reallocate z, not pointing to y}$
-        ^y{};                                                                   $\C{// deallocate y}$
-        y{ x };                                                                 $\C{// reallocate y, points to x}$
-        x{};                                                                    $\C{// reallocate x, not pointing to y}$
-        //  ^z{};  ^y{};  ^x{};
-}
-\end{cfa}
-Like \CC, construction is implicit on allocation (stack/heap) and destruction is implicit on deallocation.
-The object and all their fields are constructed/destructed.
-\CFA also provides @new@ and @delete@, which behave like @malloc@ and @free@, in addition to constructing and destructing objects:
-\begin{cfa}
-{       struct S s = {10};                                              $\C{// allocation, call constructor}$
-        ...
-}                                                                                       $\C{// deallocation, call destructor}$
-struct S * s = new();                                           $\C{// allocation, call constructor}$
-...
-delete( s );                                                            $\C{// deallocation, call destructor}$
-\end{cfa}
-\CFA concurrency uses object lifetime as a means of synchronization and/or mutual exclusion.
-
-
-\section{Concurrency Basics}\label{basics}
-
-At its core, concurrency is based on multiple call-stacks and scheduling threads executing on these stacks.
-Multiple call stacks (or contexts) and a single thread of execution, called \newterm{coroutining}~\cite{Conway63,Marlin80}, does \emph{not} imply concurrency~\cite[\S~2]{Buhr05a}.
-In coroutining, the single thread is self-scheduling across the stacks, so execution is deterministic, \ie given fixed inputs, the execution path to the outputs is fixed and predictable.
-A \newterm{stackless} coroutine executes on the caller's stack~\cite{Python} but this approach is restrictive, \eg preventing modularization and supporting only iterator/generator-style programming;
-a \newterm{stackfull} coroutine executes on its own stack, allowing full generality.
-Only stackfull coroutines are a stepping-stone to concurrency.
-
-The transition to concurrency, even for execution with a single thread and multiple stacks, occurs when coroutines also context switch to a scheduling oracle, introducing non-determinism from the coroutine perspective~\cite[\S~3]{Buhr05a}.
-Therefore, a minimal concurrency system is possible using coroutines (see Section \ref{coroutine}) in conjunction with a scheduler to decide where to context switch next.
-The resulting execution system now follows a cooperative threading-model, called \newterm{non-preemptive scheduling}.
-
-Because the scheduler is special, it can either be a stackless or stackfull coroutine. \commenttd{I dislike this sentence, it seems imply 1-step vs 2-step but also seems to say that some kind of coroutine is required, which is not the case.}
-For stackless, the scheduler performs scheduling on the stack of the current coroutine and switches directly to the next coroutine, so there is one context switch.
-For stackfull, the current coroutine switches to the scheduler, which performs scheduling, and it then switches to the next coroutine, so there are two context switches.
-A stackfull scheduler is often used for simplicity and security, even through there is a slightly higher runtime-cost. \commenttd{I'm not a fan of the fact that we don't quantify this but yet imply it is negligeable.}
-
-Regardless of the approach used, a subset of concurrency related challenges start to appear.
-For the complete set of concurrency challenges to occur, the missing feature is \newterm{preemption}, where context switching occurs randomly between any two instructions, often based on a timer interrupt, called \newterm{preemptive scheduling}.
-While a scheduler introduces uncertainty in the order of execution, preemption introduces uncertainty where context switches occur.
-Interestingly, uncertainty is necessary for the runtime (operating) system to give the illusion of parallelism on a single processor and increase performance on multiple processors.
-The reason is that only the runtime has complete knowledge about resources and how to best utilized them.
-However, the introduction of unrestricted non-determinism results in the need for \newterm{mutual exclusion} and \newterm{synchronization} to restrict non-determinism for correctness;
-otherwise, it is impossible to write meaningful programs.
-Optimal performance in concurrent applications is often obtained by having as much non-determinism as correctness allows.
-
-
-\subsection{\protect\CFA's Thread Building Blocks}
-
-An important missing feature in C is threading\footnote{While the C11 standard defines a ``threads.h'' header, it is minimal and defined as optional.
-As such, library support for threading is far from widespread.
-At the time of writing the paper, neither \protect\lstinline|gcc| nor \protect\lstinline|clang| support ``threads.h'' in their standard libraries.}.
-In modern programming languages, a lack of threading is unacceptable~\cite{Sutter05, Sutter05b}, and therefore existing and new programming languages must have tools for writing efficient concurrent programs to take advantage of parallelism.
-As an extension of C, \CFA needs to express these concepts in a way that is as natural as possible to programmers familiar with imperative languages.
-Furthermore, because C is a system-level language, programmers expect to choose precisely which features they need and which cost they are willing to pay.
-Hence, concurrent programs should be written using high-level mechanisms, and only step down to lower-level mechanisms when performance bottlenecks are encountered.
-
-
-\subsection{Coroutines: A Stepping Stone}\label{coroutine}
-
-While the focus of this discussion is concurrency and parallelism, it is important to address coroutines, which are a significant building block of a concurrency system.
-Coroutines are generalized routines allowing execution to be temporarily suspend and later resumed.
-Hence, unlike a normal routine, a coroutine may not terminate when it returns to its caller, allowing it to be restarted with the values and execution location present at the point of suspension.
-This capability is accomplish via the coroutine's stack, where suspend/resume context switch among stacks.
-Because threading design-challenges are present in coroutines, their design effort is relevant, and this effort can be easily exposed to programmers giving them a useful new programming paradigm because a coroutine handles the class of problems that need to retain state between calls, \eg plugins, device drivers, and finite-state machines.
-Therefore, the core \CFA coroutine-API for has two fundamental features: independent call-stacks and @suspend@/@resume@ operations.
-
-For example, a problem made easier with coroutines is unbounded generators, \eg generating an infinite sequence of Fibonacci numbers, where Figure~\ref{f:C-fibonacci} shows conventional approaches for writing a Fibonacci generator in C.
-\begin{displaymath}
-\mathsf{fib}(n) = \left \{
-\begin{array}{ll}
-0                                       & n = 0         \\
-1                                       & n = 1         \\
-\mathsf{fib}(n-1) + \mathsf{fib}(n-2)   & n \ge 2       \\
-\end{array}
-\right.
-\end{displaymath}
-Figure~\ref{f:GlobalVariables} illustrates the following problems:
-unique unencapsulated global variables necessary to retain state between calls;
-only one Fibonacci generator;
-execution state must be explicitly retained via explicit state variables.
-Figure~\ref{f:ExternalState} addresses these issues:
-unencapsulated program global variables become encapsulated structure variables;
-unique global variables are replaced by multiple Fibonacci objects;
-explicit execution state is removed by precomputing the first two Fibonacci numbers and returning $\mathsf{fib}(n-2)$.
+This paper discusses the design philosophy and implementation of advanced language-level control-flow and concurrent/parallel features in \CFA~\cite{Moss18,Cforall} and its runtime, which is written entirely in \CFA.
+\CFA is a modern, polymorphic, non-object-oriented\footnote{
+\CFA has features often associated with object-oriented programming languages, such as constructors, destructors, virtuals and simple inheritance.
+However, functions \emph{cannot} be nested in structures, so there is no lexical binding between a structure and set of functions (member/method) implemented by an implicit \lstinline@this@ (receiver) parameter.},
+backwards-compatible extension of the C programming language.
+In many ways, \CFA is to C as Scala~\cite{Scala} is to Java, providing a \emph{research vehicle} for new typing and control-flow capabilities on top of a highly popular programming language allowing immediate dissemination.
+Within the \CFA framework, new control-flow features are created from scratch because ISO \Celeven defines only a subset of the \CFA extensions, where the overlapping features are concurrency~\cite[\S~7.26]{C11}.
+However, \Celeven concurrency is largely wrappers for a subset of the pthreads library~\cite{Butenhof97,Pthreads}, and \Celeven and pthreads concurrency is simple, based on thread fork/join in a function and mutex/condition locks, which is low-level and error-prone;
+no high-level language concurrency features are defined.
+Interestingly, almost a decade after publication of the \Celeven standard, neither gcc-8, clang-9 nor msvc-19 (most recent versions) support the \Celeven include @threads.h@, indicating little interest in the C11 concurrency approach (possibly because the effort to add concurrency to \CC).
+Finally, while the \Celeven standard does not state a threading model, the historical association with pthreads suggests implementations would adopt kernel-level threading (1:1)~\cite{ThreadModel}.
+
+In contrast, there has been a renewed interest during the past decade in user-level (M:N, green) threading in old and new programming languages.
+As multi-core hardware became available in the 1980/90s, both user and kernel threading were examined.
+Kernel threading was chosen, largely because of its simplicity and fit with the simpler operating systems and hardware architectures at the time, which gave it a performance advantage~\cite{Drepper03}.
+Libraries like pthreads were developed for C, and the Solaris operating-system switched from user (JDK 1.1~\cite{JDK1.1}) to kernel threads.
+As a result, languages like Java, Scala, Objective-C~\cite{obj-c-book}, \CCeleven~\cite{C11}, and C\#~\cite{Csharp} adopt the 1:1 kernel-threading model, with a variety of presentation mechanisms.
+From 2000 onwards, languages like Go~\cite{Go}, Erlang~\cite{Erlang}, Haskell~\cite{Haskell}, D~\cite{D}, and \uC~\cite{uC++,uC++book} have championed the M:N user-threading model, and many user-threading libraries have appeared~\cite{Qthreads,MPC,Marcel}, including putting green threads back into Java~\cite{Quasar}.
+The main argument for user-level threading is that it is lighter weight than kernel threading (locking and context switching do not cross the kernel boundary), so there is less restriction on programming styles that encourage large numbers of threads performing medium work units to facilitate load balancing by the runtime~\cite{Verch12}.
+As well, user-threading facilitates a simpler concurrency approach using thread objects that leverage sequential patterns versus events with call-backs~\cite{Adya02,vonBehren03}.
+Finally, performant user-threading implementations (both time and space) meet or exceed direct kernel-threading implementations, while achieving the programming advantages of high concurrency levels and safety.
+
+A further effort over the past two decades is the development of language memory models to deal with the conflict between language features and compiler/hardware optimizations, \ie some language features are unsafe in the presence of aggressive sequential optimizations~\cite{Buhr95a,Boehm05}.
+The consequence is that a language must provide sufficient tools to program around safety issues, as inline and library code is all sequential to the compiler.
+One solution is low-level qualifiers and functions (\eg @volatile@ and atomics) allowing \emph{programmers} to explicitly write safe (race-free~\cite{Boehm12}) programs.
+A safer solution is high-level language constructs so the \emph{compiler} knows the optimization boundaries, and hence, provides implicit safety.
+This problem is best known with respect to concurrency, but applies to other complex control-flow, like exceptions\footnote{
+\CFA exception handling will be presented in a separate paper.
+The key feature that dovetails with this paper is nonlocal exceptions allowing exceptions to be raised across stacks, with synchronous exceptions raised among coroutines and asynchronous exceptions raised among threads, similar to that in \uC~\cite[\S~5]{uC++}
+} and coroutines.
+Finally, language solutions allow matching constructs with language paradigm, \ie imperative and functional languages often have different presentations of the same concept to fit their programming model.
+
+Finally, it is important for a language to provide safety over performance \emph{as the default}, allowing careful reduction of safety for performance when necessary.
+Two concurrency violations of this philosophy are \emph{spurious wakeup} (random wakeup~\cite[\S~8]{Buhr05a}) and \emph{barging}\footnote{
+The notion of competitive succession instead of direct handoff, \ie a lock owner releases the lock and an arriving thread acquires it ahead of preexisting waiter threads.
+} (signals-as-hints~\cite[\S~8]{Buhr05a}), where one is a consequence of the other, \ie once there is spurious wakeup, signals-as-hints follow.
+However, spurious wakeup is \emph{not} a foundational concurrency property~\cite[\S~8]{Buhr05a}, it is a performance design choice.
+Similarly, signals-as-hints are often a performance decision.
+We argue removing spurious wakeup and signals-as-hints make concurrent programming significantly safer because it removes local non-determinism and matches with programmer expectation.
+(Author experience teaching concurrency is that students are highly confused by these semantics.)
+Clawing back performance, when local non-determinism is unimportant, should be an option not the default.
+
+\begin{comment}
+Most augmented traditional (Fortran 18~\cite{Fortran18}, Cobol 14~\cite{Cobol14}, Ada 12~\cite{Ada12}, Java 11~\cite{Java11}) and new languages (Go~\cite{Go}, Rust~\cite{Rust}, and D~\cite{D}), except \CC, diverge from C with different syntax and semantics, only interoperate indirectly with C, and are not systems languages, for those with managed memory.
+As a result, there is a significant learning curve to move to these languages, and C legacy-code must be rewritten.
+While \CC, like \CFA, takes an evolutionary approach to extend C, \CC's constantly growing complex and interdependent features-set (\eg objects, inheritance, templates, etc.) mean idiomatic \CC code is difficult to use from C, and C programmers must expend significant effort learning \CC.
+Hence, rewriting and retraining costs for these languages, even \CC, are prohibitive for companies with a large C software-base.
+\CFA with its orthogonal feature-set, its high-performance runtime, and direct access to all existing C libraries circumvents these problems.
+\end{comment}
+
+\CFA embraces user-level threading, language extensions for advanced control-flow, and safety as the default.
+We present comparative examples so the reader can judge if the \CFA control-flow extensions are better and safer than those in other concurrent, imperative programming languages, and perform experiments to show the \CFA runtime is competitive with other similar mechanisms.
+The main contributions of this work are:
+\begin{itemize}[topsep=3pt,itemsep=1pt]
+\item
+language-level generators, coroutines and user-level threading, which respect the expectations of C programmers.
+\item
+monitor synchronization without barging, and the ability to safely acquiring multiple monitors \emph{simultaneously} (deadlock free), while seamlessly integrating these capabilities with all monitor synchronization mechanisms.
+\item
+providing statically type-safe interfaces that integrate with the \CFA polymorphic type-system and other language features.
+% \item
+% library extensions for executors, futures, and actors built on the basic mechanisms.
+\item
+a runtime system with no spurious wakeup.
+\item
+a dynamic partitioning mechanism to segregate the execution environment for specialized requirements.
+% \item
+% a non-blocking I/O library
+\item
+experimental results showing comparable performance of the new features with similar mechanisms in other programming languages.
+\end{itemize}
+
+Section~\ref{s:StatefulFunction} begins advanced control by introducing sequential functions that retain data and execution state between calls, which produces constructs @generator@ and @coroutine@.
+Section~\ref{s:Concurrency} begins concurrency, or how to create (fork) and destroy (join) a thread, which produces the @thread@ construct.
+Section~\ref{s:MutualExclusionSynchronization} discusses the two mechanisms to restricted nondeterminism when controlling shared access to resources (mutual exclusion) and timing relationships among threads (synchronization).
+Section~\ref{s:Monitor} shows how both mutual exclusion and synchronization are safely embedded in the @monitor@ and @thread@ constructs.
+Section~\ref{s:CFARuntimeStructure} describes the large-scale mechanism to structure (cluster) threads and virtual processors (kernel threads).
+Section~\ref{s:Performance} uses a series of microbenchmarks to compare \CFA threading with pthreads, Java OpenJDK-9, Go 1.12.6 and \uC 7.0.0.
+
+
+\section{Stateful Function}
+\label{s:StatefulFunction}
+
+The stateful function is an old idea~\cite{Conway63,Marlin80} that is new again~\cite{C++20Coroutine19}, where execution is temporarily suspended and later resumed, \eg plugin, device driver, finite-state machine.
+Hence, a stateful function may not end when it returns to its caller, allowing it to be restarted with the data and execution location present at the point of suspension.
+This capability is accomplished by retaining a data/execution \emph{closure} between invocations.
+If the closure is fixed size, we call it a \emph{generator} (or \emph{stackless}), and its control flow is restricted, \eg suspending outside the generator is prohibited.
+If the closure is variable size, we call it a \emph{coroutine} (or \emph{stackful}), and as the names implies, often implemented with a separate stack with no programming restrictions.
+Hence, refactoring a stackless coroutine may require changing it to stackful.
+A foundational property of all \emph{stateful functions} is that resume/suspend \emph{do not} cause incremental stack growth, \ie resume/suspend operations are remembered through the closure not the stack.
+As well, activating a stateful function is \emph{asymmetric} or \emph{symmetric}, identified by resume/suspend (no cycles) and resume/resume (cycles).
+A fixed closure activated by modified call/return is faster than a variable closure activated by context switching.
+Additionally, any storage management for the closure (especially in unmanaged languages, \ie no garbage collection) must also be factored into design and performance.
+Therefore, selecting between stackless and stackful semantics is a tradeoff between programming requirements and performance, where stackless is faster and stackful is more general.
+Note, creation cost is amortized across usage, so activation cost is usually the dominant factor.
 
 \begin{figure}
 \centering
-\newbox\myboxA
 \begin{lrbox}{\myboxA}
 \begin{cfa}[aboveskip=0pt,belowskip=0pt]
-`int f1, f2, state = 1;`   // single global variables
-int fib() {
-        int fn;
-        `switch ( state )` {  // explicit execution state
-          case 1: fn = 0;  f1 = fn;  state = 2;  break;
-          case 2: fn = 1;  f2 = f1;  f1 = fn;  state = 3;  break;
-          case 3: fn = f1 + f2;  f2 = f1;  f1 = fn;  break;
-        }
+typedef struct {
+        int fn1, fn;
+} Fib;
+#define FibCtor { 1, 0 }
+int fib( Fib * f ) {
+
+
+
+        int fn = f->fn; f->fn = f->fn1;
+                f->fn1 = f->fn + fn;
         return fn;
+
 }
 int main() {
-
-        for ( int i = 0; i < 10; i += 1 ) {
-                printf( "%d\n", fib() );
-        }
+        Fib f1 = FibCtor, f2 = FibCtor;
+        for ( int i = 0; i < 10; i += 1 )
+                printf( "%d %d\n",
+                           fib( &f1 ), fib( &f2 ) );
 }
 \end{cfa}
 \end{lrbox}
 
-\newbox\myboxB
 \begin{lrbox}{\myboxB}
 \begin{cfa}[aboveskip=0pt,belowskip=0pt]
-#define FIB_INIT `{ 0, 1 }`
-typedef struct { int f2, f1; } Fib;
-int fib( Fib * f ) {
-
-        int ret = f->f2;
-        int fn = f->f1 + f->f2;
-        f->f2 = f->f1; f->f1 = fn;
-
-        return ret;
+`generator` Fib {
+        int fn1, fn;
+};
+
+void `main(Fib & fib)` with(fib) {
+
+        [fn1, fn] = [1, 0];
+        for () {
+                `suspend;`
+                [fn1, fn] = [fn, fn + fn1];
+
+        }
 }
 int main() {
-        Fib f1 = FIB_INIT, f2 = FIB_INIT;
-        for ( int i = 0; i < 10; i += 1 ) {
-                printf( "%d %d\n", fib( &f1 ), fib( &f2 ) );
+        Fib f1, f2;
+        for ( 10 )
+                sout | `resume( f1 )`.fn
+                         | `resume( f2 )`.fn;
+}
+\end{cfa}
+\end{lrbox}
+
+\begin{lrbox}{\myboxC}
+\begin{cfa}[aboveskip=0pt,belowskip=0pt]
+typedef struct {
+        int fn1, fn;  void * `next`;
+} Fib;
+#define FibCtor { 1, 0, NULL }
+Fib * comain( Fib * f ) {
+        if ( f->next ) goto *f->next;
+        f->next = &&s1;
+        for ( ;; ) {
+                return f;
+          s1:; int fn = f->fn + f->fn1;
+                        f->fn1 = f->fn; f->fn = fn;
         }
 }
+int main() {
+        Fib f1 = FibCtor, f2 = FibCtor;
+        for ( int i = 0; i < 10; i += 1 )
+                printf("%d %d\n",comain(&f1)->fn,
+                                 comain(&f2)->fn);
+}
 \end{cfa}
 \end{lrbox}
 
-\subfloat[3 States: global variables]{\label{f:GlobalVariables}\usebox\myboxA}
-\qquad
-\subfloat[1 State: external variables]{\label{f:ExternalState}\usebox\myboxB}
-\caption{C Fibonacci Implementations}
-\label{f:C-fibonacci}
+\subfloat[C asymmetric generator]{\label{f:CFibonacci}\usebox\myboxA}
+\hspace{3pt}
+\vrule
+\hspace{3pt}
+\subfloat[\CFA asymmetric generator]{\label{f:CFAFibonacciGen}\usebox\myboxB}
+\hspace{3pt}
+\vrule
+\hspace{3pt}
+\subfloat[C generator implementation]{\label{f:CFibonacciSim}\usebox\myboxC}
+\caption{Fibonacci (output) asymmetric generator}
+\label{f:FibonacciAsymmetricGenerator}
 
 \bigskip
 
-\newbox\myboxA
 \begin{lrbox}{\myboxA}
 \begin{cfa}[aboveskip=0pt,belowskip=0pt]
-`coroutine` Fib { int fn; };
-void main( Fib & fib ) with( fib ) {
-        int f1, f2;
-        fn = 0;  f1 = fn;  `suspend()`;
-        fn = 1;  f2 = f1;  f1 = fn;  `suspend()`;
-        for ( ;; ) {
-                fn = f1 + f2;  f2 = f1;  f1 = fn;  `suspend()`;
+`generator Fmt` {
+        char ch;
+        int g, b;
+};
+void ?{}( Fmt & fmt ) { `resume(fmt);` } // constructor
+void ^?{}( Fmt & f ) with(f) { $\C[1.75in]{// destructor}$
+        if ( g != 0 || b != 0 ) sout | nl; }
+void `main( Fmt & f )` with(f) {
+        for () { $\C{// until destructor call}$
+                for ( ; g < 5; g += 1 ) { $\C{// groups}$
+                        for ( ; b < 4; b += 1 ) { $\C{// blocks}$
+                                `suspend;` $\C{// wait for character}$
+                                while ( ch == '\n' ) `suspend;` // ignore
+                                sout | ch;                                              // newline
+                        } sout | " ";  // block spacer
+                } sout | nl; // group newline
         }
 }
-int next( Fib & fib ) with( fib ) {
-        `resume( fib );`
-        return fn;
-}
 int main() {
-        Fib f1, f2;
-        for ( int i = 1; i <= 10; i += 1 ) {
-                sout | next( f1 ) | next( f2 ) | endl;
+        Fmt fmt; $\C{// fmt constructor called}$
+        for () {
+                sin | fmt.ch; $\C{// read into generator}$
+          if ( eof( sin ) ) break;
+                `resume( fmt );`
         }
-}
+
+} $\C{// fmt destructor called}\CRT$
 \end{cfa}
 \end{lrbox}
-\newbox\myboxB
+
 \begin{lrbox}{\myboxB}
 \begin{cfa}[aboveskip=0pt,belowskip=0pt]
-`coroutine` Fib { int ret; };
-void main( Fib & f ) with( fib ) {
-        int fn, f1 = 1, f2 = 0;
+typedef struct {
+        void * next;
+        char ch;
+        int g, b;
+} Fmt;
+void comain( Fmt * f ) {
+        if ( f->next ) goto *f->next;
+        f->next = &&s1;
         for ( ;; ) {
-                ret = f2;
-
-                fn = f1 + f2;  f2 = f1;  f1 = fn; `suspend();`
+                for ( f->g = 0; f->g < 5; f->g += 1 ) {
+                        for ( f->b = 0; f->b < 4; f->b += 1 ) {
+                                return;
+                          s1:;  while ( f->ch == '\n' ) return;
+                                printf( "%c", f->ch );
+                        } printf( " " );
+                } printf( "\n" );
         }
 }
-int next( Fib & fib ) with( fib ) {
-        `resume( fib );`
-        return ret;
-}
-
-
-
-
-
-
+int main() {
+        Fmt fmt = { NULL };  comain( &fmt ); // prime
+        for ( ;; ) {
+                scanf( "%c", &fmt.ch );
+          if ( feof( stdin ) ) break;
+                comain( &fmt );
+        }
+        if ( fmt.g != 0 || fmt.b != 0 ) printf( "\n" );
+}
 \end{cfa}
 \end{lrbox}
-\subfloat[3 States, internal variables]{\label{f:Coroutine3States}\usebox\myboxA}
-\qquad\qquad
-\subfloat[1 State, internal variables]{\label{f:Coroutine1State}\usebox\myboxB}
-\caption{\CFA Coroutine Fibonacci Implementations}
-\label{f:fibonacci-cfa}
+
+\subfloat[\CFA asymmetric generator]{\label{f:CFAFormatGen}\usebox\myboxA}
+\hspace{3pt}
+\vrule
+\hspace{3pt}
+\subfloat[C generator simulation]{\label{f:CFormatSim}\usebox\myboxB}
+\hspace{3pt}
+\caption{Formatter (input) asymmetric generator}
+\label{f:FormatterAsymmetricGenerator}
 \end{figure}
 
-Using a coroutine, it is possible to express the Fibonacci formula directly without any of the C problems.
-Figure~\ref{f:Coroutine3States} creates a @coroutine@ type:
-\begin{cfa}
-`coroutine` Fib { int fn; };
-\end{cfa}
-which provides communication, @fn@, for the \newterm{coroutine main}, @main@, which runs on the coroutine stack, and possibly multiple interface routines @next@.
-Like the structure in Figure~\ref{f:ExternalState}, the coroutine type allows multiple instances, where instances of this type are passed to the (overloaded) coroutine main.
-The coroutine main's stack holds the state for the next generation, @f1@ and @f2@, and the code has the three suspend points, representing the three states in the Fibonacci formula, to context switch back to the caller's resume.
-The interface routine @next@, takes a Fibonacci instance and context switches to it using @resume@;
-on restart, the Fibonacci field, @fn@, contains the next value in the sequence, which is returned.
-The first @resume@ is special because it cocalls the coroutine at its coroutine main and allocates the stack;
-when the coroutine main returns, its stack is deallocated.
-Hence, @Fib@ is an object at creation, transitions to a coroutine on its first resume, and transitions back to an object when the coroutine main finishes.
-Figure~\ref{f:Coroutine1State} shows the coroutine version of the C version in Figure~\ref{f:ExternalState}.
-Coroutine generators are called \newterm{output coroutines} because values are only returned.
-
-Figure~\ref{f:CFAFmt} shows an \newterm{input coroutine}, @Format@, for restructuring text into groups of characters of fixed-size blocks.
-For example, the input of the left is reformatted into the output on the right.
-\begin{quote}
+Stateful functions appear as generators, coroutines, and threads, where presentations are based on function objects or pointers~\cite{Butenhof97, C++14, MS:VisualC++, BoostCoroutines15}.
+For example, Python presents generators as a function object:
+\begin{python}
+def Gen():
+        ... `yield val` ...
+gen = Gen()
+for i in range( 10 ):
+        print( next( gen ) )
+\end{python}
+Boost presents coroutines in terms of four functor object-types:
+\begin{cfa}
+asymmetric_coroutine<>::pull_type
+asymmetric_coroutine<>::push_type
+symmetric_coroutine<>::call_type
+symmetric_coroutine<>::yield_type
+\end{cfa}
+and many languages present threading using function pointers, @pthreads@~\cite{Butenhof97}, \Csharp~\cite{Csharp}, Go~\cite{Go}, and Scala~\cite{Scala}, \eg pthreads:
+\begin{cfa}
+void * rtn( void * arg ) { ... }
+int i = 3, rc;
+pthread_t t; $\C{// thread id}$
+`rc = pthread_create( &t, rtn, (void *)i );` $\C{// create and initialized task, type-unsafe input parameter}$
+\end{cfa}
+% void mycor( pthread_t cid, void * arg ) {
+%       int * value = (int *)arg;                               $\C{// type unsafe, pointer-size only}$
+%       // thread body
+% }
+% int main() {
+%       int input = 0, output;
+%       coroutine_t cid = coroutine_create( &mycor, (void *)&input ); $\C{// type unsafe, pointer-size only}$
+%       coroutine_resume( cid, (void *)input, (void **)&output ); $\C{// type unsafe, pointer-size only}$
+% }
+\CFA's preferred presentation model for generators/coroutines/threads is a hybrid of objects and functions, with an object-oriented flavour.
+Essentially, the generator/coroutine/thread function is semantically coupled with a generator/coroutine/thread custom type.
+The custom type solves several issues, while accessing the underlying mechanisms used by the custom types is still allowed.
+
+
+\subsection{Generator}
+
+Stackless generators have the potential to be very small and fast, \ie as small and fast as function call/return for both creation and execution.
+The \CFA goal is to achieve this performance target, possibly at the cost of some semantic complexity.
+A series of different kinds of generators and their implementation demonstrate how this goal is accomplished.
+
+Figure~\ref{f:FibonacciAsymmetricGenerator} shows an unbounded asymmetric generator for an infinite sequence of Fibonacci numbers written in C and \CFA, with a simple C implementation for the \CFA version.
+This generator is an \emph{output generator}, producing a new result on each resumption.
+To compute Fibonacci, the previous two values in the sequence are retained to generate the next value, \ie @fn1@ and @fn@, plus the execution location where control restarts when the generator is resumed, \ie top or middle.
+An additional requirement is the ability to create an arbitrary number of generators (of any kind), \ie retaining one state in global variables is insufficient;
+hence, state is retained in a closure between calls.
+Figure~\ref{f:CFibonacci} shows the C approach of manually creating the closure in structure @Fib@, and multiple instances of this closure provide multiple Fibonacci generators.
+The C version only has the middle execution state because the top execution state is declaration initialization.
+Figure~\ref{f:CFAFibonacciGen} shows the \CFA approach, which also has a manual closure, but replaces the structure with a custom \CFA @generator@ type.
+This generator type is then connected to a function that \emph{must be named \lstinline|main|},\footnote{
+The name \lstinline|main| has special meaning in C, specifically the function where a program starts execution.
+Hence, overloading this name for other starting points (generator/coroutine/thread) is a logical extension.}
+called a \emph{generator main},which takes as its only parameter a reference to the generator type.
+The generator main contains @suspend@ statements that suspend execution without ending the generator versus @return@.
+For the Fibonacci generator-main,\footnote{
+The \CFA \lstinline|with| opens an aggregate scope making its fields directly accessible, like Pascal \lstinline|with|, but using parallel semantics.
+Multiple aggregates may be opened.}
+the top initialization state appears at the start and the middle execution state is denoted by statement @suspend@.
+Any local variables in @main@ \emph{are not retained} between calls;
+hence local variables are only for temporary computations \emph{between} suspends.
+All retained state \emph{must} appear in the generator's type.
+As well, generator code containing a @suspend@ cannot be refactored into a helper function called by the generator, because @suspend@ is implemented via @return@, so a return from the helper function goes back to the current generator not the resumer.
+The generator is started by calling function @resume@ with a generator instance, which begins execution at the top of the generator main, and subsequent @resume@ calls restart the generator at its point of last suspension.
+Resuming an ended (returned) generator is undefined.
+Function @resume@ returns its argument generator so it can be cascaded in an expression, in this case to print the next Fibonacci value @fn@ computed in the generator instance.
+Figure~\ref{f:CFibonacciSim} shows the C implementation of the \CFA generator only needs one additional field, @next@, to handle retention of execution state.
+The computed @goto@ at the start of the generator main, which branches after the previous suspend, adds very little cost to the resume call.
+Finally, an explicit generator type provides both design and performance benefits, such as multiple type-safe interface functions taking and returning arbitrary types.\footnote{
+The \CFA operator syntax uses \lstinline|?| to denote operands, which allows precise definitions for pre, post, and infix operators, \eg \lstinline|++?|, \lstinline|?++|, and \lstinline|?+?|, in addition \lstinline|?\{\}| denotes a constructor, as in \lstinline|foo `f` = `\{`...`\}`|, \lstinline|^?\{\}| denotes a destructor, and \lstinline|?()| is \CC function call \lstinline|operator()|.
+}%
+\begin{cfa}
+int ?()( Fib & fib ) { return `resume( fib )`.fn; } $\C[3.9in]{// function-call interface}$
+int ?()( Fib & fib, int N ) { for ( N - 1 ) `fib()`; return `fib()`; } $\C{// use function-call interface to skip N values}$
+double ?()( Fib & fib ) { return (int)`fib()` / 3.14159; } $\C{// different return type, cast prevents recursive call}\CRT$
+sout | (int)f1() | (double)f1() | f2( 2 ); // alternative interface, cast selects call based on return type, step 2 values
+\end{cfa}
+Now, the generator can be a separately compiled opaque-type only accessed through its interface functions.
+For contrast, Figure~\ref{f:PythonFibonacci} shows the equivalent Python Fibonacci generator, which does not use a generator type, and hence only has a single interface, but an implicit closure.
+
+Having to manually create the generator closure by moving local-state variables into the generator type is an additional programmer burden.
+(This restriction is removed by the coroutine in Section~\ref{s:Coroutine}.)
+This requirement follows from the generality of variable-size local-state, \eg local state with a variable-length array requires dynamic allocation because the array size is unknown at compile time.
+However, dynamic allocation significantly increases the cost of generator creation/destruction and is a showstopper for embedded real-time programming.
+But more importantly, the size of the generator type is tied to the local state in the generator main, which precludes separate compilation of the generator main, \ie a generator must be inlined or local state must be dynamically allocated.
+With respect to safety, we believe static analysis can discriminate local state from temporary variables in a generator, \ie variable usage spanning @suspend@, and generate a compile-time error.
+Finally, our current experience is that most generator problems have simple data state, including local state, but complex execution state, so the burden of creating the generator type is small.
+As well, C programmers are not afraid of this kind of semantic programming requirement, if it results in very small, fast generators.
+
+Figure~\ref{f:CFAFormatGen} shows an asymmetric \newterm{input generator}, @Fmt@, for restructuring text into groups of characters of fixed-size blocks, \ie the input on the left is reformatted into the output on the right, where newlines are ignored.
+\begin{center}
 \tt
 \begin{tabular}{@{}l|l@{}}
 \multicolumn{1}{c|}{\textbf{\textrm{input}}} & \multicolumn{1}{c}{\textbf{\textrm{output}}} \\
-abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz
+\begin{tabular}[t]{@{}ll@{}}
+abcdefghijklmnopqrstuvwxyz \\
+abcdefghijklmnopqrstuvwxyz
+\end{tabular}
 &
 \begin{tabular}[t]{@{}lllll@{}}
@@ -758 +666 @@
 \end{tabular}
 \end{tabular}
-\end{quote}
-The example takes advantage of resuming a coroutine in the constructor to prime the loops so the first character sent for formatting appears inside the nested loops.
-The destruction provides a newline if formatted text ends with a full line.
-Figure~\ref{f:CFmt} shows the C equivalent formatter, where the loops of the coroutine are flatten (linearized) and rechecked on each call because execution location is not retained between calls.
+\end{center}
+The example takes advantage of resuming a generator in the constructor to prime the loops so the first character sent for formatting appears inside the nested loops.
+The destructor provides a newline, if formatted text ends with a full line.
+Figure~\ref{f:CFormatSim} shows the C implementation of the \CFA input generator with one additional field and the computed @goto@.
+For contrast, Figure~\ref{f:PythonFormatter} shows the equivalent Python format generator with the same properties as the Fibonacci generator.
+
+Figure~\ref{f:DeviceDriverGen} shows a \emph{killer} asymmetric generator, a device-driver, because device drivers caused 70\%-85\% of failures in Windows/Linux~\cite{Swift05}.
+Device drives follow the pattern of simple data state but complex execution state, \ie finite state-machine (FSM) parsing a protocol.
+For example, the following protocol:
+\begin{center}
+\ldots\, STX \ldots\, message \ldots\, ESC ETX \ldots\, message \ldots\, ETX 2-byte crc \ldots
+\end{center}
+is a network message beginning with the control character STX, ending with an ETX, and followed by a 2-byte cyclic-redundancy check.
+Control characters may appear in a message if preceded by an ESC.
+When a message byte arrives, it triggers an interrupt, and the operating system services the interrupt by calling the device driver with the byte read from a hardware register.
+The device driver returns a status code of its current state, and when a complete message is obtained, the operating system knows the message is in the message buffer.
+Hence, the device driver is an input/output generator.
+
+Note, the cost of creating and resuming the device-driver generator, @Driver@, is virtually identical to call/return, so performance in an operating-system kernel is excellent.
+As well, the data state is small, where variables @byte@ and @msg@ are communication variables for passing in message bytes and returning the message, and variables @lnth@, @crc@, and @sum@ are local variable that must be retained between calls and are manually hoisted into the generator type.
+% Manually, detecting and hoisting local-state variables is easy when the number is small.
+In contrast, the execution state is large, with one @resume@ and seven @suspend@s.
+Hence, the key benefits of the generator are correctness, safety, and maintenance because the execution states are transcribed directly into the programming language rather than using a table-driven approach.
+Because FSMs can be complex and frequently occur in important domains, direct generator support is important in a system programming language.
 
 \begin{figure}
@@ -767 +695 @@
 \newbox\myboxA
 \begin{lrbox}{\myboxA}
+\begin{python}[aboveskip=0pt,belowskip=0pt]
+def Fib():
+        fn1, fn = 0, 1
+        while True:
+                `yield fn1`
+                fn1, fn = fn, fn1 + fn
+f1 = Fib()
+f2 = Fib()
+for i in range( 10 ):
+        print( next( f1 ), next( f2 ) )
+
+
+
+
+
+
+\end{python}
+\end{lrbox}
+
+\newbox\myboxB
+\begin{lrbox}{\myboxB}
+\begin{python}[aboveskip=0pt,belowskip=0pt]
+def Fmt():
+        try:
+                while True:
+                        for g in range( 5 ):
+                                for b in range( 4 ):
+                                        print( `(yield)`, end='' )
+                                print( '  ', end='' )
+                        print()
+        except GeneratorExit:
+                if g != 0 | b != 0:
+                        print()
+fmt = Fmt()
+`next( fmt )`                    # prime, next prewritten
+for i in range( 41 ):
+        `fmt.send( 'a' );`      # send to yield
+\end{python}
+\end{lrbox}
+\subfloat[Fibonacci]{\label{f:PythonFibonacci}\usebox\myboxA}
+\hspace{3pt}
+\vrule
+\hspace{3pt}
+\subfloat[Formatter]{\label{f:PythonFormatter}\usebox\myboxB}
+\caption{Python generator}
+\label{f:PythonGenerator}
+
+\bigskip
+
+\begin{tabular}{@{}l|l@{}}
 \begin{cfa}[aboveskip=0pt,belowskip=0pt]
-`coroutine` Format {
-        char ch;   // used for communication
-        int g, b;  // global because used in destructor
+enum Status { CONT, MSG, ESTX,
+                                ELNTH, ECRC };
+`generator` Driver {
+        Status status;
+        unsigned char byte, * msg; // communication
+        unsigned int lnth, sum;      // local state
+        unsigned short int crc;
 };
-void main( Format & fmt ) with( fmt ) {
-        for ( ;; ) {
-                for ( g = 0; g < 5; g += 1 ) {      // group
-                        for ( b = 0; b < 4; b += 1 ) { // block
-                                `suspend();`
-                                sout | ch;              // separator
+void ?{}( Driver & d, char * m ) { d.msg = m; }
+Status next( Driver & d, char b ) with( d ) {
+        byte = b; `resume( d );` return status;
+}
+void main( Driver & d ) with( d ) {
+        enum { STX = '\002', ESC = '\033',
+                        ETX = '\003', MaxMsg = 64 };
+  msg: for () { // parse message
+                status = CONT;
+                lnth = 0; sum = 0;
+                while ( byte != STX ) `suspend;`
+          emsg: for () {
+                        `suspend;` // process byte
+\end{cfa}
+&
+\begin{cfa}[aboveskip=0pt,belowskip=0pt]
+                        choose ( byte ) { // switch with implicit break
+                          case STX:
+                                status = ESTX; `suspend;` continue msg;
+                          case ETX:
+                                break emsg;
+                          case ESC:
+                                `suspend;`
                         }
-                        sout | "  ";               // separator
+                        if ( lnth >= MaxMsg ) { // buffer full ?
+                                status = ELNTH; `suspend;` continue msg; }
+                        msg[lnth++] = byte;
+                        sum += byte;
                 }
-                sout | endl;
+                msg[lnth] = '\0'; // terminate string
+                `suspend;`
+                crc = byte << 8;
+                `suspend;`
+                status = (crc | byte) == sum ? MSG : ECRC;
+                `suspend;`
         }
 }
-void ?{}( Format & fmt ) { `resume( fmt );` }
-void ^?{}( Format & fmt ) with( fmt ) {
-        if ( g != 0 || b != 0 ) sout | endl;
-}
-void format( Format & fmt ) {
-        `resume( fmt );`
+\end{cfa}
+\end{tabular}
+\caption{Device-driver generator for communication protocol}
+\label{f:DeviceDriverGen}
+\end{figure}
+
+Figure~\ref{f:CFAPingPongGen} shows a symmetric generator, where the generator resumes another generator, forming a resume/resume cycle.
+(The trivial cycle is a generator resuming itself.)
+This control flow is similar to recursion for functions but without stack growth.
+The steps for symmetric control-flow are creating, executing, and terminating the cycle.
+Constructing the cycle must deal with definition-before-use to close the cycle, \ie, the first generator must know about the last generator, which is not within scope.
+(This issue occurs for any cyclic data structure.)
+% The example creates all the generators and then assigns the partners that form the cycle.
+% Alternatively, the constructor can assign the partners as they are declared, except the first, and the first-generator partner is set after the last generator declaration to close the cycle.
+Once the cycle is formed, the program main resumes one of the generators, and the generators can then traverse an arbitrary cycle using @resume@ to activate partner generator(s).
+Terminating the cycle is accomplished by @suspend@ or @return@, both of which go back to the stack frame that started the cycle (program main in the example).
+The starting stack-frame is below the last active generator because the resume/resume cycle does not grow the stack.
+Also, since local variables are not retained in the generator function, it does not contain any objects with destructors that must be called, so the  cost is the same as a function return.
+Destructor cost occurs when the generator instance is deallocated, which is easily controlled by the programmer.
+
+Figure~\ref{f:CPingPongSim} shows the implementation of the symmetric generator, where the complexity is the @resume@, which needs an extension to the calling convention to perform a forward rather than backward jump.
+This jump-starts at the top of the next generator main to re-execute the normal calling convention to make space on the stack for its local variables.
+However, before the jump, the caller must reset its stack (and any registers) equivalent to a @return@, but subsequently jump forward.
+This semantics is basically a tail-call optimization, which compilers already perform.
+The example shows the assembly code to undo the generator's entry code before the direct jump.
+This assembly code depends on what entry code is generated, specifically if there are local variables and the level of optimization.
+To provide this new calling convention requires a mechanism built into the compiler, which is beyond the scope of \CFA at this time.
+Nevertheless, it is possible to hand generate any symmetric generators for proof of concept and performance testing.
+A compiler could also eliminate other artifacts in the generator simulation to further increase performance, \eg LLVM has various coroutine support~\cite{CoroutineTS}, and \CFA can leverage this support should it fork @clang@.
+
+\begin{figure}
+\centering
+\begin{lrbox}{\myboxA}
+\begin{cfa}[aboveskip=0pt,belowskip=0pt]
+`generator PingPong` {
+        const char * name;
+        int N;
+        int i;                          // local state
+        PingPong & partner; // rebindable reference
+};
+
+void `main( PingPong & pp )` with(pp) {
+        for ( ; i < N; i += 1 ) {
+                sout | name | i;
+                `resume( partner );`
+        }
 }
 int main() {
-        Format fmt;
-        eof: for ( ;; ) {
-                sin | fmt.ch;
-          if ( eof( sin ) ) break eof;
-                format( fmt );
+        enum { N = 5 };
+        PingPong ping = {"ping",N,0}, pong = {"pong",N,0};
+        &ping.partner = &pong;  &pong.partner = &ping;
+        `resume( ping );`
+}
+\end{cfa}
+\end{lrbox}
+
+\begin{lrbox}{\myboxB}
+\begin{cfa}[escapechar={},aboveskip=0pt,belowskip=0pt]
+typedef struct PingPong {
+        const char * name;
+        int N, i;
+        struct PingPong * partner;
+        void * next;
+} PingPong;
+#define PPCtor(name, N) {name,N,0,NULL,NULL}
+void comain( PingPong * pp ) {
+        if ( pp->next ) goto *pp->next;
+        pp->next = &&cycle;
+        for ( ; pp->i < pp->N; pp->i += 1 ) {
+                printf( "%s %d\n", pp->name, pp->i );
+                asm( "mov  %0,%%rdi" : "=m" (pp->partner) );
+                asm( "mov  %rdi,%rax" );
+                asm( "popq %rbx" );
+                asm( "jmp  comain" );
+          cycle: ;
+        }
+}
+\end{cfa}
+\end{lrbox}
+
+\subfloat[\CFA symmetric generator]{\label{f:CFAPingPongGen}\usebox\myboxA}
+\hspace{3pt}
+\vrule
+\hspace{3pt}
+\subfloat[C generator simulation]{\label{f:CPingPongSim}\usebox\myboxB}
+\hspace{3pt}
+\caption{Ping-Pong symmetric generator}
+\label{f:PingPongSymmetricGenerator}
+\end{figure}
+
+Finally, part of this generator work was inspired by the recent \CCtwenty generator proposal~\cite{C++20Coroutine19} (which they call coroutines).
+Our work provides the same high-performance asymmetric generators as \CCtwenty, and extends their work with symmetric generators.
+An additional \CCtwenty generator feature allows @suspend@ and @resume@ to be followed by a restricted compound statement that is executed after the current generator has reset its stack but before calling the next generator, specified with \CFA syntax:
+\begin{cfa}
+... suspend`{ ... }`;
+... resume( C )`{ ... }` ...
+\end{cfa}
+Since the current generator's stack is released before calling the compound statement, the compound statement can only reference variables in the generator's type.
+This feature is useful when a generator is used in a concurrent context to ensure it is stopped before releasing a lock in the compound statement, which might immediately allow another thread to resume the generator.
+Hence, this mechanism provides a general and safe handoff of the generator among competing threads.
+
+
+\subsection{Coroutine}
+\label{s:Coroutine}
+
+Stackful coroutines extend generator semantics, \ie there is an implicit closure and @suspend@ may appear in a helper function called from the coroutine main.
+A coroutine is specified by replacing @generator@ with @coroutine@ for the type.
+Coroutine generality results in higher cost for creation, due to dynamic stack allocation, execution, due to context switching among stacks, and terminating, due to possible stack unwinding and dynamic stack deallocation.
+A series of different kinds of coroutines and their implementations demonstrate how coroutines extend generators.
+
+First, the previous generator examples are converted to their coroutine counterparts, allowing local-state variables to be moved from the generator type into the coroutine main.
+\begin{description}
+\item[Fibonacci]
+Move the declaration of @fn1@ to the start of coroutine main.
+\begin{cfa}[xleftmargin=0pt]
+void main( Fib & fib ) with(fib) {
+        `int fn1;`
+\end{cfa}
+\item[Formatter]
+Move the declaration of @g@ and @b@ to the for loops in the coroutine main.
+\begin{cfa}[xleftmargin=0pt]
+for ( `g`; 5 ) {
+        for ( `b`; 4 ) {
+\end{cfa}
+\item[Device Driver]
+Move the declaration of @lnth@ and @sum@ to their points of initialization.
+\begin{cfa}[xleftmargin=0pt]
+        status = CONT;
+        `unsigned int lnth = 0, sum = 0;`
+        ...
+        `unsigned short int crc = byte << 8;`
+\end{cfa}
+\item[PingPong]
+Move the declaration of @i@ to the for loop in the coroutine main.
+\begin{cfa}[xleftmargin=0pt]
+void main( PingPong & pp ) with(pp) {
+        for ( `i`; N ) {
+\end{cfa}
+\end{description}
+It is also possible to refactor code containing local-state and @suspend@ statements into a helper function, like the computation of the CRC for the device driver.
+\begin{cfa}
+unsigned int Crc() {
+        `suspend;`
+        unsigned short int crc = byte << 8;
+        `suspend;`
+        status = (crc | byte) == sum ? MSG : ECRC;
+        return crc;
+}
+\end{cfa}
+A call to this function is placed at the end of the driver's coroutine-main.
+For complex finite-state machines, refactoring is part of normal program abstraction, especially when code is used in multiple places.
+Again, this complexity is usually associated with execution state rather than data state.
+
+\begin{comment}
+Figure~\ref{f:Coroutine3States} creates a @coroutine@ type, @`coroutine` Fib { int fn; }@, which provides communication, @fn@, for the \newterm{coroutine main}, @main@, which runs on the coroutine stack, and possibly multiple interface functions, \eg @next@.
+Like the structure in Figure~\ref{f:ExternalState}, the coroutine type allows multiple instances, where instances of this type are passed to the (overloaded) coroutine main.
+The coroutine main's stack holds the state for the next generation, @f1@ and @f2@, and the code represents the three states in the Fibonacci formula via the three suspend points, to context switch back to the caller's @resume@.
+The interface function @next@, takes a Fibonacci instance and context switches to it using @resume@;
+on restart, the Fibonacci field, @fn@, contains the next value in the sequence, which is returned.
+The first @resume@ is special because it allocates the coroutine stack and cocalls its coroutine main on that stack;
+when the coroutine main returns, its stack is deallocated.
+Hence, @Fib@ is an object at creation, transitions to a coroutine on its first resume, and transitions back to an object when the coroutine main finishes.
+Figure~\ref{f:Coroutine1State} shows the coroutine version of the C version in Figure~\ref{f:ExternalState}.
+Coroutine generators are called \newterm{output coroutines} because values are only returned.
+
+\begin{figure}
+\centering
+\newbox\myboxA
+% \begin{lrbox}{\myboxA}
+% \begin{cfa}[aboveskip=0pt,belowskip=0pt]
+% `int fn1, fn2, state = 1;`   // single global variables
+% int fib() {
+%       int fn;
+%       `switch ( state )` {  // explicit execution state
+%         case 1: fn = 0;  fn1 = fn;  state = 2;  break;
+%         case 2: fn = 1;  fn2 = fn1;  fn1 = fn;  state = 3;  break;
+%         case 3: fn = fn1 + fn2;  fn2 = fn1;  fn1 = fn;  break;
+%       }
+%       return fn;
+% }
+% int main() {
+%
+%       for ( int i = 0; i < 10; i += 1 ) {
+%               printf( "%d\n", fib() );
+%       }
+% }
+% \end{cfa}
+% \end{lrbox}
+\begin{lrbox}{\myboxA}
+\begin{cfa}[aboveskip=0pt,belowskip=0pt]
+#define FibCtor { 0, 1 }
+typedef struct { int fn1, fn; } Fib;
+int fib( Fib * f ) {
+
+        int ret = f->fn1;
+        f->fn1 = f->fn;
+        f->fn = ret + f->fn;
+        return ret;
+}
+
+
+
+int main() {
+        Fib f1 = FibCtor, f2 = FibCtor;
+        for ( int i = 0; i < 10; i += 1 ) {
+                printf( "%d %d\n",
+                                fib( &f1 ), fib( &f2 ) );
         }
 }
@@ -805 +1006 @@
 \begin{lrbox}{\myboxB}
 \begin{cfa}[aboveskip=0pt,belowskip=0pt]
-struct Format {
-        char ch;
-        int g, b;
-};
-void format( struct Format * fmt ) {
-        if ( fmt->ch != -1 ) {      // not EOF ?
-                printf( "%c", fmt->ch );
-                fmt->b += 1;
-                if ( fmt->b == 4 ) {  // block
-                        printf( "  " );      // separator
-                        fmt->b = 0;
-                        fmt->g += 1;
-                }
-                if ( fmt->g == 5 ) {  // group
-                        printf( "\n" );     // separator
-                        fmt->g = 0;
-                }
-        } else {
-                if ( fmt->g != 0 || fmt->b != 0 ) printf( "\n" );
+`coroutine` Fib { int fn1; };
+void main( Fib & fib ) with( fib ) {
+        int fn;
+        [fn1, fn] = [0, 1];
+        for () {
+                `suspend;`
+                [fn1, fn] = [fn, fn1 + fn];
         }
 }
+int ?()( Fib & fib ) with( fib ) {
+        return `resume( fib )`.fn1;
+}
 int main() {
-        struct Format fmt = { 0, 0, 0 };
-        for ( ;; ) {
-                scanf( "%c", &fmt.ch );
-          if ( feof( stdin ) ) break;
-                format( &fmt );
-        }
-        fmt.ch = -1;
-        format( &fmt );
-}
+        Fib f1, f2;
+        for ( 10 ) {
+                sout | f1() | f2();
+}
+
+
 \end{cfa}
 \end{lrbox}
-\subfloat[\CFA Coroutine]{\label{f:CFAFmt}\usebox\myboxA}
+
+\newbox\myboxC
+\begin{lrbox}{\myboxC}
+\begin{python}[aboveskip=0pt,belowskip=0pt]
+
+def Fib():
+
+        fn1, fn = 0, 1
+        while True:
+                `yield fn1`
+                fn1, fn = fn, fn1 + fn
+
+
+// next prewritten
+
+
+f1 = Fib()
+f2 = Fib()
+for i in range( 10 ):
+        print( next( f1 ), next( f2 ) )
+
+
+
+\end{python}
+\end{lrbox}
+
+\subfloat[C]{\label{f:GlobalVariables}\usebox\myboxA}
+\hspace{3pt}
+\vrule
+\hspace{3pt}
+\subfloat[\CFA]{\label{f:ExternalState}\usebox\myboxB}
+\hspace{3pt}
+\vrule
+\hspace{3pt}
+\subfloat[Python]{\label{f:ExternalState}\usebox\myboxC}
+\caption{Fibonacci generator}
+\label{f:C-fibonacci}
+\end{figure}
+
+\bigskip
+
+\newbox\myboxA
+\begin{lrbox}{\myboxA}
+\begin{cfa}[aboveskip=0pt,belowskip=0pt]
+`coroutine` Fib { int fn; };
+void main( Fib & fib ) with( fib ) {
+        fn = 0;  int fn1 = fn; `suspend`;
+        fn = 1;  int fn2 = fn1;  fn1 = fn; `suspend`;
+        for () {
+                fn = fn1 + fn2; fn2 = fn1; fn1 = fn; `suspend`; }
+}
+int next( Fib & fib ) with( fib ) { `resume( fib );` return fn; }
+int main() {
+        Fib f1, f2;
+        for ( 10 )
+                sout | next( f1 ) | next( f2 );
+}
+\end{cfa}
+\end{lrbox}
+\newbox\myboxB
+\begin{lrbox}{\myboxB}
+\begin{python}[aboveskip=0pt,belowskip=0pt]
+
+def Fibonacci():
+        fn = 0; fn1 = fn; `yield fn`  # suspend
+        fn = 1; fn2 = fn1; fn1 = fn; `yield fn`
+        while True:
+                fn = fn1 + fn2; fn2 = fn1; fn1 = fn; `yield fn`
+
+
+f1 = Fibonacci()
+f2 = Fibonacci()
+for i in range( 10 ):
+        print( `next( f1 )`, `next( f2 )` ) # resume
+
+\end{python}
+\end{lrbox}
+\subfloat[\CFA]{\label{f:Coroutine3States}\usebox\myboxA}
 \qquad
-\subfloat[C Linearized]{\label{f:CFmt}\usebox\myboxB}
-\caption{Formatting text into lines of 5 blocks of 4 characters.}
-\label{f:fmt-line}
+\subfloat[Python]{\label{f:Coroutine1State}\usebox\myboxB}
+\caption{Fibonacci input coroutine, 3 states, internal variables}
+\label{f:cfa-fibonacci}
 \end{figure}
-
-The previous examples are \newterm{asymmetric (semi) coroutine}s because one coroutine always calls a resuming routine for another coroutine, and the resumed coroutine always suspends back to its last resumer, similar to call/return for normal routines
-However, there is no stack growth because @resume@/@suspend@ context switch to existing stack-frames rather than create new ones.
-\newterm{Symmetric (full) coroutine}s have a coroutine call a resuming routine for another coroutine, which eventually forms a resuming-call cycle.
-(The trivial cycle is a coroutine resuming itself.)
-This control flow is similar to recursion for normal routines, but again there is no stack growth from the context switch.
+\end{comment}
 
 \begin{figure}
@@ -857 +1118 @@
 \begin{cfa}
 `coroutine` Prod {
-        Cons & c;
+        Cons & c;                       // communication
         int N, money, receipt;
 };
 void main( Prod & prod ) with( prod ) {
         // 1st resume starts here
-        for ( int i = 0; i < N; i += 1 ) {
+        for ( i; N ) {
                 int p1 = random( 100 ), p2 = random( 100 );
-                sout | p1 | " " | p2 | endl;
+                sout | p1 | " " | p2;
                 int status = delivery( c, p1, p2 );
-                sout | " $" | money | endl | status | endl;
+                sout | " $" | money | nl | status;
                 receipt += 1;
         }
         stop( c );
-        sout | "prod stops" | endl;
+        sout | "prod stops";
 }
 int payment( Prod & prod, int money ) {
@@ -891 +1152 @@
 \begin{cfa}
 `coroutine` Cons {
-        Prod & p;
+        Prod & p;                       // communication
         int p1, p2, status;
-        _Bool done;
+        bool done;
 };
 void ?{}( Cons & cons, Prod & p ) {
-        &cons.p = &p;
+        &cons.p = &p; // reassignable reference
         cons.[status, done ] = [0, false];
 }
-void ^?{}( Cons & cons ) {}
 void main( Cons & cons ) with( cons ) {
         // 1st resume starts here
         int money = 1, receipt;
         for ( ; ! done; ) {
-                sout | p1 | " " | p2 | endl | " $" | money | endl;
+                sout | p1 | " " | p2 | nl | " $" | money;
                 status += 1;
                 receipt = payment( p, money );
-                sout | " #" | receipt | endl;
+                sout | " #" | receipt;
                 money += 1;
         }
-        sout | "cons stops" | endl;
+        sout | "cons stops";
 }
 int delivery( Cons & cons, int p1, int p2 ) {
@@ -921 +1181 @@
         `resume( cons );`
 }
+
 \end{cfa}
 \end{tabular}
-\caption{Producer / consumer: resume-resume cycle, bi-directional communication}
+\caption{Producer / consumer: resume-resume cycle, bidirectional communication}
 \label{f:ProdCons}
 \end{figure}
 
-Figure~\ref{f:ProdCons} shows a producer/consumer symmetric-coroutine performing bi-directional communication.
-Since the solution involves a full-coroutining cycle, the program main creates one coroutine in isolation, passes this coroutine to its partner, and closes the cycle at the call to @start@.
-The @start@ routine communicates both the number of elements to be produced and the consumer into the producer's coroutine structure.
-Then the @resume@ to @prod@ creates @prod@'s stack with a frame for @prod@'s coroutine main at the top, and context switches to it.
-@prod@'s coroutine main starts, creates local variables that are retained between coroutine activations, and executes $N$ iterations, each generating two random values, calling the consumer to deliver the values, and printing the status returned from the consumer.
+Figure~\ref{f:ProdCons} shows the ping-pong example in Figure~\ref{f:CFAPingPongGen} extended into a producer/consumer symmetric-coroutine performing bidirectional communication.
+This example is illustrative because both producer/consumer have two interface functions with @resume@s that suspend execution in these interface (helper) functions.
+The program main creates the producer coroutine, passes it to the consumer coroutine in its initialization, and closes the cycle at the call to @start@ along with the number of items to be produced.
+The first @resume@ of @prod@ creates @prod@'s stack with a frame for @prod@'s coroutine main at the top, and context switches to it.
+@prod@'s coroutine main starts, creates local-state variables that are retained between coroutine activations, and executes $N$ iterations, each generating two random values, calling the consumer to deliver the values, and printing the status returned from the consumer.
 
 The producer call to @delivery@ transfers values into the consumer's communication variables, resumes the consumer, and returns the consumer status.
-For the first resume, @cons@'s stack is initialized, creating local variables retained between subsequent activations of the coroutine.
-The consumer iterates until the @done@ flag is set, prints, increments status, and calls back to the producer via @payment@, and on return from @payment@, prints the receipt from the producer and increments @money@ (inflation).
-The call from the consumer to the @payment@ introduces the cycle between producer and consumer.
+On the first resume, @cons@'s stack is created and initialized, holding local-state variables retained between subsequent activations of the coroutine.
+The consumer iterates until the @done@ flag is set, prints the values delivered by the producer, increments status, and calls back to the producer via @payment@, and on return from @payment@, prints the receipt from the producer and increments @money@ (inflation).
+The call from the consumer to @payment@ introduces the cycle between producer and consumer.
 When @payment@ is called, the consumer copies values into the producer's communication variable and a resume is executed.
-The context switch restarts the producer at the point where it was last context switched, so it continues in @delivery@ after the resume.
-
+The context switch restarts the producer at the point where it last context switched, so it continues in @delivery@ after the resume.
 @delivery@ returns the status value in @prod@'s coroutine main, where the status is printed.
 The loop then repeats calling @delivery@, where each call resumes the consumer coroutine.
@@ -945 +1205 @@
 The consumer increments and returns the receipt to the call in @cons@'s coroutine main.
 The loop then repeats calling @payment@, where each call resumes the producer coroutine.
-
-After iterating $N$ times, the producer calls @stop@.
-The @done@ flag is set to stop the consumer's execution and a resume is executed.
-The context switch restarts @cons@ in @payment@ and it returns with the last receipt.
-The consumer terminates its loops because @done@ is true, its @main@ terminates, so @cons@ transitions from a coroutine back to an object, and @prod@ reactivates after the resume in @stop@.
-@stop@ returns and @prod@'s coroutine main terminates.
-The program main restarts after the resume in @start@.
-@start@ returns and the program main terminates.
-
-
-\subsection{Coroutine Implementation}
-
-A significant implementation challenge for coroutines (and threads, see section \ref{threads}) is adding extra fields and executing code after/before the coroutine constructor/destructor and coroutine main to create/initialize/de-initialize/destroy extra fields and the stack.
-There are several solutions to this problem and the chosen option forced the \CFA coroutine design.
-
-Object-oriented inheritance provides extra fields and code in a restricted context, but it requires programmers to explicitly perform the inheritance:
-\begin{cfa}
-struct mycoroutine $\textbf{\textsf{inherits}}$ baseCoroutine { ... }
-\end{cfa}
-and the programming language (and possibly its tool set, \eg debugger) may need to understand @baseCoroutine@ because of the stack.
-Furthermore, the execution of constructs/destructors is in the wrong order for certain operations, \eg for threads;
-\eg, if the thread is implicitly started, it must start \emph{after} all constructors, because the thread relies on a completely initialized object, but the inherited constructor runs \emph{before} the derived.
-
-An alternatively is composition:
-\begin{cfa}
-struct mycoroutine {
-        ... // declarations
+Figure~\ref{f:ProdConsRuntimeStacks} shows the runtime stacks of the program main, and the coroutine mains for @prod@ and @cons@ during the cycling.
+
+\begin{figure}
+\begin{center}
+\input{FullProdConsStack.pstex_t}
+\end{center}
+\vspace*{-10pt}
+\caption{Producer / consumer runtime stacks}
+\label{f:ProdConsRuntimeStacks}
+
+\medskip
+
+\begin{center}
+\input{FullCoroutinePhases.pstex_t}
+\end{center}
+\vspace*{-10pt}
+\caption{Ping / Pong coroutine steps}
+\label{f:PingPongFullCoroutineSteps}
+\end{figure}
+
+Terminating a coroutine cycle is more complex than a generator cycle, because it requires context switching to the program main's \emph{stack} to shutdown the program, whereas generators started by the program main run on its stack.
+Furthermore, each deallocated coroutine must guarantee all destructors are run for object allocated in the coroutine type \emph{and} allocated on the coroutine's stack at the point of suspension, which can be arbitrarily deep.
+When a coroutine's main ends, its stack is already unwound so any stack allocated objects with destructors have been finalized.
+The na\"{i}ve semantics for coroutine-cycle termination is to context switch to the last resumer, like executing a @suspend@/@return@ in a generator.
+However, for coroutines, the last resumer is \emph{not} implicitly below the current stack frame, as for generators, because each coroutine's stack is independent.
+Unfortunately, it is impossible to determine statically if a coroutine is in a cycle and unrealistic to check dynamically (graph-cycle problem).
+Hence, a compromise solution is necessary that works for asymmetric (acyclic) and symmetric (cyclic) coroutines.
+
+Our solution is to context switch back to the first resumer (starter) once the coroutine ends.
+This semantics works well for the most common asymmetric and symmetric coroutine usage patterns.
+For asymmetric coroutines, it is common for the first resumer (starter) coroutine to be the only resumer.
+All previous generators converted to coroutines have this property.
+For symmetric coroutines, it is common for the cycle creator to persist for the lifetime of the cycle.
+Hence, the starter coroutine is remembered on the first resume and ending the coroutine resumes the starter.
+Figure~\ref{f:ProdConsRuntimeStacks} shows this semantic by the dashed lines from the end of the coroutine mains: @prod@ starts @cons@ so @cons@ resumes @prod@ at the end, and the program main starts @prod@ so @prod@ resumes the program main at the end.
+For other scenarios, it is always possible to devise a solution with additional programming effort, such as forcing the cycle forward (backward) to a safe point before starting termination.
+
+The producer/consumer example does not illustrate the full power of the starter semantics because @cons@ always ends first.
+Assume generator @PingPong@ is converted to a coroutine.
+Figure~\ref{f:PingPongFullCoroutineSteps} shows the creation, starter, and cyclic execution steps of the coroutine version.
+The program main creates (declares) coroutine instances @ping@ and @pong@.
+Next, program main resumes @ping@, making it @ping@'s starter, and @ping@'s main resumes @pong@'s main, making it @pong@'s starter.
+Execution forms a cycle when @pong@ resumes @ping@, and cycles $N$ times.
+By adjusting $N$ for either @ping@/@pong@, it is possible to have either one finish first, instead of @pong@ always ending first.
+If @pong@ ends first, it resumes its starter @ping@ in its coroutine main, then @ping@ ends and resumes its starter the program main in function @start@.
+If @ping@ ends first, it resumes its starter the program main in function @start@.
+Regardless of the cycle complexity, the starter stack always leads back to the program main, but the stack can be entered at an arbitrary point.
+Once back at the program main, coroutines @ping@ and @pong@ are deallocated.
+For generators, deallocation runs the destructors for all objects in the generator type.
+For coroutines, deallocation deals with objects in the coroutine type and must also run the destructors for any objects pending on the coroutine's stack for any unterminated coroutine.
+Hence, if a coroutine's destructor detects the coroutine is not ended, it implicitly raises a cancellation exception (uncatchable exception) at the coroutine and resumes it so the cancellation exception can propagate to the root of the coroutine's stack destroying all local variable on the stack.
+So the \CFA semantics for the generator and coroutine, ensure both can be safely deallocated at any time, regardless of their current state, like any other aggregate object.
+Explicitly raising normal exceptions at another coroutine can replace flag variables, like @stop@, \eg @prod@ raises a @stop@ exception at @cons@ after it finishes generating values and resumes @cons@, which catches the @stop@ exception to terminate its loop.
+
+Finally, there is an interesting effect for @suspend@ with symmetric coroutines.
+A coroutine must retain its last resumer to suspend back because the resumer is on a different stack.
+These reverse pointers allow @suspend@ to cycle \emph{backwards}, which may be useful in certain cases.
+However, there is an anomaly if a coroutine resumes itself, because it overwrites its last resumer with itself, losing the ability to resume the last external resumer.
+To prevent losing this information, a self-resume does not overwrite the last resumer.
+
+
+\subsection{Generator / Coroutine Implementation}
+
+A significant implementation challenge for generators/coroutines (and threads in Section~\ref{s:threads}) is adding extra fields to the custom types and related functions, \eg inserting code after/before the coroutine constructor/destructor and @main@ to create/initialize/de-initialize/destroy any extra fields, \eg stack.
+There are several solutions to these problem, which follow from the object-oriented flavour of adopting custom types.
+
+For object-oriented languages, inheritance is used to provide extra fields and code via explicit inheritance:
+\begin{cfa}[morekeywords={class,inherits}]
+class myCoroutine inherits baseCoroutine { ... }
+\end{cfa}
+% The problem is that the programming language and its tool chain, \eg debugger, @valgrind@, need to understand @baseCoroutine@ because it infers special property, so type @baseCoroutine@ becomes a de facto keyword and all types inheriting from it are implicitly custom types.
+The problem is that some special properties are not handled by existing language semantics, \eg the execution of constructors/destructors is in the wrong order to implicitly start threads because the thread must start \emph{after} all constructors as it relies on a completely initialized object, but the inherited constructor runs \emph{before} the derived.
+Alternatives, such as explicitly starting threads as in Java, are repetitive and forgetting to call start is a common source of errors.
+An alternative is composition:
+\begin{cfa}
+struct myCoroutine {
+        ... // declaration/communication variables
         baseCoroutine dummy; // composition, last declaration
 }
 \end{cfa}
-which also requires an explicit declaration that must be the last one to ensure correct initialization order.
+which also requires an explicit declaration that must be last to ensure correct initialization order.
 However, there is nothing preventing wrong placement or multiple declarations.
 
-For coroutines as for threads, many implementations are based on routine pointers or routine objects~\cite{Butenhof97, C++14, MS:VisualC++, BoostCoroutines15}.
-For example, Boost implements coroutines in terms of four functor object-types:
-\begin{cfa}
-asymmetric_coroutine<>::pull_type
-asymmetric_coroutine<>::push_type
-symmetric_coroutine<>::call_type
-symmetric_coroutine<>::yield_type
-\end{cfa}
-Similarly, the canonical threading paradigm is often based on routine pointers, \eg @pthread@~\cite{pthreads}, \Csharp~\cite{Csharp}, Go~\cite{Go}, and Scala~\cite{Scala}.
-However, the generic thread-handle (identifier) is limited (few operations), unless it is wrapped in a custom type.
-\begin{cfa}
-void mycor( coroutine_t cid, void * arg ) {
-        int * value = (int *)arg;                               $\C{// type unsafe, pointer-size only}$
-        // Coroutine body
-}
-int main() {
-        int input = 0, output;
-        coroutine_t cid = coroutine_create( &mycor, (void *)&input ); $\C{// type unsafe, pointer-size only}$
-        coroutine_resume( cid, (void *)input, (void **)&output ); $\C{// type unsafe, pointer-size only}$
-}
-\end{cfa}
-Since the custom type is simple to write in \CFA and solves several issues, added support for routine/lambda-based coroutines adds very little.
-
-Note, the type @coroutine_t@ must be an abstract handle to the coroutine, because the coroutine descriptor and its stack are non-copyable.
-Copying the coroutine descriptor results in copies being out of date with the current state of the stack.
-Correspondingly, copying the stack results is copies being out of date with coroutine descriptor, and pointers in the stack being out of date to data on the stack.
-(There is no mechanism in C to find all stack-specific pointers and update them as part of a copy.)
-
-The selected approach is to use language support by introducing a new kind of aggregate (structure):
-\begin{cfa}
-coroutine Fibonacci {
-        int fn; // communication variables
-};
-\end{cfa}
-The @coroutine@ keyword means the compiler (and tool set) can find and inject code where needed.
-The downside of this approach is that it makes coroutine a special case in the language.
-Users wanting to extend coroutines or build their own for various reasons can only do so in ways offered by the language.
-Furthermore, implementing coroutines without language supports also displays the power of a programming language.
-While this is ultimately the option used for idiomatic \CFA code, coroutines and threads can still be constructed without using the language support.
-The reserved keyword eases use for the common cases.
-
-Part of the mechanism to generalize coroutines is using a \CFA trait, which defines a coroutine as anything satisfying the trait @is_coroutine@, and this trait is used to restrict coroutine-manipulation routines:
+\CFA custom types make any special properties explicit to the language and its tool chain, \eg the language code-generator knows where to inject code
+% and when it is unsafe to perform certain optimizations,
+and IDEs using simple parsing can find and manipulate types with special properties.
+The downside of this approach is that it makes custom types a special case in the language.
+Users wanting to extend custom types or build their own can only do so in ways offered by the language.
+Furthermore, implementing custom types without language support may display the power of a programming language.
+\CFA blends the two approaches, providing custom type for idiomatic \CFA code, while extending and building new custom types is still possible, similar to Java concurrency with builtin and library.
+
+Part of the mechanism to generalize custom types is the \CFA trait~\cite[\S~2.3]{Moss18}, \eg the definition for custom-type @coroutine@ is anything satisfying the trait @is_coroutine@, and this trait both enforces and restricts the coroutine-interface functions.
 \begin{cfa}
 trait is_coroutine( `dtype` T ) {
@@ -1025 +1302 @@
         coroutine_desc * get_coroutine( T & );
 };
-forall( `dtype` T | is_coroutine(T) ) void suspend( T & );
-forall( `dtype` T | is_coroutine(T) ) void resume( T & );
-\end{cfa}
-The @dtype@ property of the trait ensures the coroutine descriptor is non-copyable, so all coroutines must be passed by reference (pointer).
-The routine definitions ensures there is a statically-typed @main@ routine that is the starting point (first stack frame) of a coroutine, and a mechanism to get (read) the currently executing coroutine handle.
-The @main@ routine has no return value or additional parameters because the coroutine type allows an arbitrary number of interface routines with corresponding arbitrary typed input/output values versus fixed ones.
-The generic routines @suspend@ and @resume@ can be redefined, but any object passed to them is a coroutine since it must satisfy the @is_coroutine@ trait to compile.
-The advantage of this approach is that users can easily create different types of coroutines, for example, changing the memory layout of a coroutine is trivial when implementing the @get_coroutine@ routine, and possibly redefining @suspend@ and @resume@.
-The \CFA keyword @coroutine@ implicitly implements the getter and forward declarations required for implementing the coroutine main:
+forall( `dtype` T | is_coroutine(T) ) void $suspend$( T & ), resume( T & );
+\end{cfa}
+Note, copying generators/coroutines/threads is not meaningful.
+For example, both the resumer and suspender descriptors can have bidirectional pointers;
+copying these coroutines does not update the internal pointers so behaviour of both copies would be difficult to understand.
+Furthermore, two coroutines cannot logically execute on the same stack.
+A deep coroutine copy, which copies the stack, is also meaningless in an unmanaged language (no garbage collection), like C, because the stack may contain pointers to object within it that require updating for the copy.
+The \CFA @dtype@ property provides no \emph{implicit} copying operations and the @is_coroutine@ trait provides no \emph{explicit} copying operations, so all coroutines must be passed by reference (pointer).
+The function definitions ensure there is a statically typed @main@ function that is the starting point (first stack frame) of a coroutine, and a mechanism to get (read) the coroutine descriptor from its handle.
+The @main@ function has no return value or additional parameters because the coroutine type allows an arbitrary number of interface functions with corresponding arbitrary typed input/output values versus fixed ones.
+The advantage of this approach is that users can easily create different types of coroutines, \eg changing the memory layout of a coroutine is trivial when implementing the @get_coroutine@ function, and possibly redefining \textsf{suspend} and @resume@.
+
+The \CFA custom-type @coroutine@ implicitly implements the getter and forward declarations for the coroutine main.
 \begin{cquote}
 \begin{tabular}{@{}ccc@{}}
@@ -1069 +1350 @@
 \end{tabular}
 \end{cquote}
-The combination of these two approaches allows an easy and concise specification to coroutining (and concurrency) for normal users, while more advanced users have tighter control on memory layout and initialization.
-
-
-\subsection{Thread Interface}
-\label{threads}
-
-Both user and kernel threads are supported, where user threads provide concurrency and kernel threads provide parallelism.
-Like coroutines and for the same design reasons, the selected approach for user threads is to use language support by introducing a new kind of aggregate (structure) and a \CFA trait:
+The combination of custom types and fundamental @trait@ description of these types allows a concise specification for programmers and tools, while more advanced programmers can have tighter control over memory layout and initialization.
+
+Figure~\ref{f:CoroutineMemoryLayout} shows different memory-layout options for a coroutine (where a task is similar).
+The coroutine handle is the @coroutine@ instance containing programmer specified type global/communication variables across interface functions.
+The coroutine descriptor contains all implicit declarations needed by the runtime, \eg @suspend@/@resume@, and can be part of the coroutine handle or separate.
+The coroutine stack can appear in a number of locations and be fixed or variable sized.
+Hence, the coroutine's stack could be a VLS\footnote{
+We are examining variable-sized structures (VLS), where fields can be variable-sized structures or arrays.
+Once allocated, a VLS is fixed sized.}
+on the allocating stack, provided the allocating stack is large enough.
+For a VLS stack allocation/deallocation is an inexpensive adjustment of the stack pointer, modulo any stack constructor costs (\eg initial frame setup).
+For heap stack allocation, allocation/deallocation is an expensive heap allocation (where the heap can be a shared resource), modulo any stack constructor costs.
+With heap stack allocation, it is also possible to use a split (segmented) stack calling convention, available with gcc and clang, so the stack is variable sized.
+Currently, \CFA supports stack/heap allocated descriptors but only fixed-sized heap allocated stacks.
+In \CFA debug-mode, the fixed-sized stack is terminated with a write-only page, which catches most stack overflows.
+Experience teaching concurrency with \uC~\cite{CS343} shows fixed-sized stacks are rarely an issue for students.
+Split-stack allocation is under development but requires recompilation of legacy code, which may be impossible.
+
+\begin{figure}
+\centering
+\input{corlayout.pstex_t}
+\caption{Coroutine memory layout}
+\label{f:CoroutineMemoryLayout}
+\end{figure}
+
+
+\section{Concurrency}
+\label{s:Concurrency}
+
+Concurrency is nondeterministic scheduling of independent sequential execution paths (threads), where each thread has its own stack.
+A single thread with multiple call stacks, \newterm{coroutining}~\cite{Conway63,Marlin80}, does \emph{not} imply concurrency~\cite[\S~2]{Buhr05a}.
+In coroutining, coroutines self-schedule the thread across stacks so execution is deterministic.
+(It is \emph{impossible} to generate a concurrency error when coroutining.)
+However, coroutines are a stepping stone towards concurrency.
+
+The transition to concurrency, even for a single thread with multiple stacks, occurs when coroutines context switch to a \newterm{scheduling coroutine}, introducing non-determinism from the coroutine perspective~\cite[\S~3,]{Buhr05a}.
+Therefore, a minimal concurrency system requires coroutines \emph{in conjunction with a nondeterministic scheduler}.
+The resulting execution system now follows a cooperative threading model~\cite{Adya02,libdill}, called \newterm{non-preemptive scheduling}.
+Adding \newterm{preemption} introduces non-cooperative scheduling, where context switching occurs randomly between any two instructions often based on a timer interrupt, called \newterm{preemptive scheduling}.
+While a scheduler introduces uncertain execution among explicit context switches, preemption introduces uncertainty by introducing implicit context switches.
+Uncertainty gives the illusion of parallelism on a single processor and provides a mechanism to access and increase performance on multiple processors.
+The reason is that the scheduler/runtime have complete knowledge about resources and how to best utilized them.
+However, the introduction of unrestricted nondeterminism results in the need for \newterm{mutual exclusion} and \newterm{synchronization}, which restrict nondeterminism for correctness;
+otherwise, it is impossible to write meaningful concurrent programs.
+Optimal concurrent performance is often obtained by having as much nondeterminism as mutual exclusion and synchronization correctness allow.
+
+A scheduler can either be a stackless or stackful.
+For stackless, the scheduler performs scheduling on the stack of the current coroutine and switches directly to the next coroutine, so there is one context switch.
+For stackful, the current coroutine switches to the scheduler, which performs scheduling, and it then switches to the next coroutine, so there are two context switches.
+The \CFA runtime uses a stackful scheduler for uniformity and security.
+
+
+\subsection{Thread}
+\label{s:threads}
+
+Threading needs the ability to start a thread and wait for its completion.
+A common API for this ability is @fork@ and @join@.
+\begin{cquote}
+\begin{tabular}{@{}lll@{}}
+\multicolumn{1}{c}{\textbf{Java}} & \multicolumn{1}{c}{\textbf{\Celeven}} & \multicolumn{1}{c}{\textbf{pthreads}} \\
+\begin{cfa}
+class MyTask extends Thread {...}
+mytask t = new MyTask(...);
+`t.start();` // start
+// concurrency
+`t.join();` // wait
+\end{cfa}
+&
+\begin{cfa}
+class MyTask { ... } // functor
+MyTask mytask;
+`thread t( mytask, ... );` // start
+// concurrency
+`t.join();` // wait
+\end{cfa}
+&
+\begin{cfa}
+void * rtn( void * arg ) {...}
+pthread_t t;  int i = 3;
+`pthread_create( &t, rtn, (void *)i );` // start
+// concurrency
+`pthread_join( t, NULL );` // wait
+\end{cfa}
+\end{tabular}
+\end{cquote}
+\CFA has a simpler approach using a custom @thread@ type and leveraging declaration semantics (allocation/deallocation), where threads implicitly @fork@ after construction and @join@ before destruction.
+\begin{cfa}
+thread MyTask {};
+void main( MyTask & this ) { ... }
+int main() {
+        MyTask team`[10]`; $\C[2.5in]{// allocate stack-based threads, implicit start after construction}$
+        // concurrency
+} $\C{// deallocate stack-based threads, implicit joins before destruction}$
+\end{cfa}
+This semantic ensures a thread is started and stopped exactly once, eliminating some programming error, and scales to multiple threads for basic (termination) synchronization.
+For block allocation to arbitrary depth, including recursion, threads are created/destroyed in a lattice structure (tree with top and bottom).
+Arbitrary topologies are possible using dynamic allocation, allowing threads to outlive their declaration scope, identical to normal dynamic allocation.
+\begin{cfa}
+MyTask * factory( int N ) { ... return `anew( N )`; } $\C{// allocate heap-based threads, implicit start after construction}$
+int main() {
+        MyTask * team = factory( 10 );
+        // concurrency
+        `delete( team );` $\C{// deallocate heap-based threads, implicit joins before destruction}\CRT$
+}
+\end{cfa}
+
+Figure~\ref{s:ConcurrentMatrixSummation} shows concurrently adding the rows of a matrix and then totalling the subtotals sequentially, after all the row threads have terminated.
+The program uses heap-based threads because each thread needs different constructor values.
+(Python provides a simple iteration mechanism to initialize array elements to different values allowing stack allocation.)
+The allocation/deallocation pattern appears unusual because allocated objects are immediately deallocated without any intervening code.
+However, for threads, the deletion provides implicit synchronization, which is the intervening code.
+% While the subtotals are added in linear order rather than completion order, which slightly inhibits concurrency, the computation is restricted by the critical-path thread (\ie the thread that takes the longest), and so any inhibited concurrency is very small as totalling the subtotals is trivial.
+
+\begin{figure}
+\begin{cfa}
+`thread` Adder { int * row, cols, & subtotal; } $\C{// communication variables}$
+void ?{}( Adder & adder, int row[], int cols, int & subtotal ) {
+        adder.[ row, cols, &subtotal ] = [ row, cols, &subtotal ];
+}
+void main( Adder & adder ) with( adder ) {
+        subtotal = 0;
+        for ( c; cols ) { subtotal += row[c]; }
+}
+int main() {
+        const int rows = 10, cols = 1000;
+        int matrix[rows][cols], subtotals[rows], total = 0;
+        // read matrix
+        Adder * adders[rows];
+        for ( r; rows; ) { $\C{// start threads to sum rows}$
+                adders[r] = `new( matrix[r], cols, &subtotals[r] );`
+        }
+        for ( r; rows ) { $\C{// wait for threads to finish}$
+                `delete( adders[r] );` $\C{// termination join}$
+                total += subtotals[r]; $\C{// total subtotal}$
+        }
+        sout | total;
+}
+\end{cfa}
+\caption{Concurrent matrix summation}
+\label{s:ConcurrentMatrixSummation}
+\end{figure}
+
+
+\subsection{Thread Implementation}
+
+Threads in \CFA are user level run by runtime kernel threads (see Section~\ref{s:CFARuntimeStructure}), where user threads provide concurrency and kernel threads provide parallelism.
+Like coroutines, and for the same design reasons, \CFA provides a custom @thread@ type and a @trait@ to enforce and restrict the task-interface functions.
 \begin{cquote}
 \begin{tabular}{@{}c@{\hspace{3\parindentlnth}}c@{}}
 \begin{cfa}
 thread myThread {
-        // communication variables
+        ... // declaration/communication variables
 };
 
@@ -1089 +1509 @@
 \begin{cfa}
 trait is_thread( `dtype` T ) {
-      void main( T & );
-      thread_desc * get_thread( T & );
-      void ^?{}( T & `mutex` );
+        void main( T & );
+        thread_desc * get_thread( T & );
+        void ^?{}( T & `mutex` );
 };
 \end{cfa}
 \end{tabular}
 \end{cquote}
-(The qualifier @mutex@ for the destructor parameter is discussed in Section~\ref{s:Monitors}.)
-Like a coroutine, the statically-typed @main@ routine is the starting point (first stack frame) of a user thread.
-The difference is that a coroutine borrows a thread from its caller, so the first thread resuming a coroutine creates an instance of @main@;
-whereas, a user thread receives its own thread from the runtime system, which starts in @main@ as some point after the thread constructor is run.\footnote{
-The \lstinline@main@ routine is already a special routine in C (where the program begins), so it is a natural extension of the semantics to use overloading to declare mains for different coroutines/threads (the normal main being the main of the initial thread).}
-No return value or additional parameters are necessary for this routine because the task type allows an arbitrary number of interface routines with corresponding arbitrary typed input/output values.
-
-\begin{comment} % put in appendix with coroutine version ???
-As such the @main@ routine of a thread can be defined as
-\begin{cfa}
-thread foo {};
-
-void main(foo & this) {
-        sout | "Hello World!" | endl;
-}
-\end{cfa}
-
-In this example, threads of type @foo@ start execution in the @void main(foo &)@ routine, which prints @"Hello World!".@ While this paper encourages this approach to enforce strongly typed programming, users may prefer to use the routine-based thread semantics for the sake of simplicity.
-With the static semantics it is trivial to write a thread type that takes a routine pointer as a parameter and executes it on its stack asynchronously.
-\begin{cfa}
-typedef void (*voidRtn)(int);
-
-thread RtnRunner {
-        voidRtn func;
-        int arg;
-};
-
-void ?{}(RtnRunner & this, voidRtn inRtn, int arg) {
-        this.func = inRtn;
-        this.arg  = arg;
-}
-
-void main(RtnRunner & this) {
-        // thread starts here and runs the routine
-        this.func( this.arg );
-}
-
-void hello(/*unused*/ int) {
-        sout | "Hello World!" | endl;
-}
-
-int main() {
-        RtnRunner f = {hello, 42};
-        return 0?
-}
-\end{cfa}
-A consequence of the strongly typed approach to main is that memory layout of parameters and return values to/from a thread are now explicitly specified in the \textbf{api}.
-\end{comment}
-
-For user threads to be useful, it must be possible to start and stop the underlying thread, and wait for it to complete execution.
-While using an API such as @fork@ and @join@ is relatively common, such an interface is awkward and unnecessary.
-A simple approach is to use allocation/deallocation principles, and have threads implicitly @fork@ after construction and @join@ before destruction.
-\begin{cfa}
-thread World {};
-void main( World & this ) {
-        sout | "World!" | endl;
-}
-int main() {
-        World w`[10]`;                                                  $\C{// implicit forks after creation}$
-        sout | "Hello " | endl;                                 $\C{// "Hello " and 10 "World!" printed concurrently}$
-}                                                                                       $\C{// implicit joins before destruction}$
-\end{cfa}
-This semantics ensures a thread is started and stopped exactly once, eliminating some programming error, and scales to multiple threads for basic (termination) synchronization.
-This tree-structure (lattice) create/delete from C block-structure is generalized by using dynamic allocation, so threads can outlive the scope in which they are created, much like dynamically allocating memory lets objects outlive the scope in which they are created.
-\begin{cfa}
-int main() {
-        MyThread * heapLived;
-        {
-                MyThread blockLived;                            $\C{// fork block-based thread}$
-                heapLived = `new`( MyThread );          $\C{// fork heap-based thread}$
-                ...
-        }                                                                               $\C{// join block-based thread}$
-        ...
-        `delete`( heapLived );                                  $\C{// join heap-based thread}$
-}
-\end{cfa}
-The heap-based approach allows arbitrary thread-creation topologies, with respect to fork/join-style concurrency.
-
-Figure~\ref{s:ConcurrentMatrixSummation} shows concurrently adding the rows of a matrix and then totalling the subtotals sequential, after all the row threads have terminated.
-The program uses heap-based threads because each thread needs different constructor values.
-(Python provides a simple iteration mechanism to initialize array elements to different values allowing stack allocation.)
-The allocation/deallocation pattern appears unusual because allocated objects are immediately deleted without any intervening code.
-However, for threads, the deletion provides implicit synchronization, which is the intervening code.
-While the subtotals are added in linear order rather than completion order, which slight inhibits concurrency, the computation is restricted by the critical-path thread (\ie the thread that takes the longest), and so any inhibited concurrency is very small as totalling the subtotals is trivial.
-
-\begin{figure}
-\begin{cfa}
-thread Adder {
-    int * row, cols, & subtotal;                        $\C{// communication}$
-};
-void ?{}( Adder & adder, int row[], int cols, int & subtotal ) {
-    adder.[ row, cols, &subtotal ] = [ row, cols, &subtotal ];
-}
-void main( Adder & adder ) with( adder ) {
-    subtotal = 0;
-    for ( int c = 0; c < cols; c += 1 ) {
-                subtotal += row[c];
-    }
-}
-int main() {
-    const int rows = 10, cols = 1000;
-    int matrix[rows][cols], subtotals[rows], total = 0;
-    // read matrix
-    Adder * adders[rows];
-    for ( int r = 0; r < rows; r += 1 ) {       $\C{// start threads to sum rows}$
-                adders[r] = new( matrix[r], cols, &subtotals[r] );
-    }
-    for ( int r = 0; r < rows; r += 1 ) {       $\C{// wait for threads to finish}$
-                delete( adders[r] );                            $\C{// termination join}$
-                total += subtotals[r];                          $\C{// total subtotal}$
-    }
-    sout | total | endl;
-}
-\end{cfa}
-\caption{Concurrent Matrix Summation}
-\label{s:ConcurrentMatrixSummation}
-\end{figure}
+Like coroutines, the @dtype@ property prevents \emph{implicit} copy operations and the @is_thread@ trait provides no \emph{explicit} copy operations, so threads must be passed by reference (pointer).
+Similarly, the function definitions ensure there is a statically typed @main@ function that is the thread starting point (first stack frame), a mechanism to get (read) the thread descriptor from its handle, and a special destructor to prevent deallocation while the thread is executing.
+(The qualifier @mutex@ for the destructor parameter is discussed in Section~\ref{s:Monitor}.)
+The difference between the coroutine and thread is that a coroutine borrows a thread from its caller, so the first thread resuming a coroutine creates the coroutine's stack and starts running the coroutine main on the stack;
+whereas, a thread is scheduling for execution in @main@ immediately after its constructor is run.
+No return value or additional parameters are necessary for this function because the @thread@ type allows an arbitrary number of interface functions with corresponding arbitrary typed input/output values.
 
 
 \section{Mutual Exclusion / Synchronization}
-
-Uncontrolled non-deterministic execution is meaningless.
-To reestablish meaningful execution requires mechanisms to reintroduce determinism (\ie restrict non-determinism), called mutual exclusion and synchronization, where mutual exclusion is an access-control mechanism on data shared by threads, and synchronization is a timing relationship among threads~\cite[\S~4]{Buhr05a}.
-Since many deterministic challenges appear with the use of mutable shared state, some languages/libraries disallow it, \eg Erlang~\cite{Erlang}, Haskell~\cite{Haskell}, Akka~\cite{Akka} (Scala).
-In these paradigms, interaction among concurrent objects is performed by stateless message-passing~\cite{Thoth,Harmony,V-Kernel} or other paradigms closely relate to networking concepts (\eg channels~\cite{CSP,Go}).
-However, in call/return-based languages, these approaches force a clear distinction (\ie introduce a new programming paradigm) between regular and concurrent computation (\ie routine call versus message passing).
-Hence, a programmer must learn and manipulate two sets of design patterns.
+\label{s:MutualExclusionSynchronization}
+
+Unrestricted nondeterminism is meaningless as there is no way to know when the result is completed without synchronization.
+To produce meaningful execution requires clawing back some determinism using mutual exclusion and synchronization, where mutual exclusion provides access control for threads using shared data, and synchronization is a timing relationship among threads~\cite[\S~4]{Buhr05a}.
+Some concurrent systems eliminate mutable shared-state by switching to stateless communication like message passing~\cite{Thoth,Harmony,V-Kernel,MPI} (Erlang, MPI), channels~\cite{CSP} (CSP,Go), actors~\cite{Akka} (Akka, Scala), or functional techniques (Haskell).
+However, these approaches introduce a new communication mechanism for concurrency different from the standard communication using function call/return.
+Hence, a programmer must learn and manipulate two sets of design/programming patterns.
 While this distinction can be hidden away in library code, effective use of the library still has to take both paradigms into account.
-In contrast, approaches based on statefull models more closely resemble the standard call/return programming-model, resulting in a single programming paradigm.
-
-At the lowest level, concurrent control is implemented by atomic operations, upon which different kinds of locks mechanism are constructed, \eg semaphores~\cite{Dijkstra68b}, barriers, and path expressions~\cite{Campbell74}.
+In contrast, approaches based on stateful models more closely resemble the standard call/return programming model, resulting in a single programming paradigm.
+
+At the lowest level, concurrent control is implemented by atomic operations, upon which different kinds of locking mechanisms are constructed, \eg semaphores~\cite{Dijkstra68b}, barriers, and path expressions~\cite{Campbell74}.
 However, for productivity it is always desirable to use the highest-level construct that provides the necessary efficiency~\cite{Hochstein05}.
 A newer approach for restricting non-determinism is transactional memory~\cite{Herlihy93}.
-While this approach is pursued in hardware~\cite{Nakaike15} and system languages, like \CC~\cite{Cpp-Transactions}, the performance and feature set is still too restrictive to be the main concurrency paradigm for system languages, which is why it was rejected as the core paradigm for concurrency in \CFA.
+While this approach is pursued in hardware~\cite{Nakaike15} and system languages, like \CC~\cite{Cpp-Transactions}, the performance and feature set is still too restrictive to be the main concurrency paradigm for system languages, which is why it is rejected as the core paradigm for concurrency in \CFA.
 
 One of the most natural, elegant, and efficient mechanisms for mutual exclusion and synchronization for shared-memory systems is the \emph{monitor}.
-First proposed by Brinch Hansen~\cite{Hansen73} and later described and extended by C.A.R.~Hoare~\cite{Hoare74}, many concurrent programming-languages provide monitors as an explicit language construct: \eg Concurrent Pascal~\cite{ConcurrentPascal}, Mesa~\cite{Mesa}, Modula~\cite{Modula-2}, Turing~\cite{Turing:old}, Modula-3~\cite{Modula-3}, NeWS~\cite{NeWS}, Emerald~\cite{Emerald}, \uC~\cite{Buhr92a} and Java~\cite{Java}.
+First proposed by Brinch Hansen~\cite{Hansen73} and later described and extended by C.A.R.~Hoare~\cite{Hoare74}, many concurrent programming languages provide monitors as an explicit language construct: \eg Concurrent Pascal~\cite{ConcurrentPascal}, Mesa~\cite{Mesa}, Modula~\cite{Modula-2}, Turing~\cite{Turing:old}, Modula-3~\cite{Modula-3}, NeWS~\cite{NeWS}, Emerald~\cite{Emerald}, \uC~\cite{Buhr92a} and Java~\cite{Java}.
 In addition, operating-system kernels and device drivers have a monitor-like structure, although they often use lower-level primitives such as mutex locks or semaphores to simulate monitors.
-For these reasons, \CFA selected monitors as the core high-level concurrency-construct, upon which higher-level approaches can be easily constructed.
+For these reasons, \CFA selected monitors as the core high-level concurrency construct, upon which higher-level approaches can be easily constructed.
 
 
 \subsection{Mutual Exclusion}
 
-A group of instructions manipulating a specific instance of shared data that must be performed atomically is called an (individual) \newterm{critical-section}~\cite{Dijkstra65}.
-The generalization is called a \newterm{group critical-section}~\cite{Joung00}, where multiple tasks with the same session may use the resource simultaneously, but different sessions may not use the resource simultaneously.
-The readers/writer problem~\cite{Courtois71} is an instance of a group critical-section, where readers have the same session and all writers have a unique session.
-\newterm{Mutual exclusion} enforces that the correct kind and number of threads are using a critical section.
+A group of instructions manipulating a specific instance of shared data that must be performed atomically is called a \newterm{critical section}~\cite{Dijkstra65}, which is enforced by \newterm{simple mutual-exclusion}.
+The generalization is called a \newterm{group critical-section}~\cite{Joung00}, where multiple tasks with the same session use the resource simultaneously and different sessions are segregated, which is enforced by \newterm{complex mutual-exclusion} providing the correct kind and number of threads using a group critical-section.
+The readers/writer problem~\cite{Courtois71} is an instance of a group critical-section, where readers share a session but writers have a unique session.
 
 However, many solutions exist for mutual exclusion, which vary in terms of performance, flexibility and ease of use.
 Methods range from low-level locks, which are fast and flexible but require significant attention for correctness, to higher-level concurrency techniques, which sacrifice some performance to improve ease of use.
-Ease of use comes by either guaranteeing some problems cannot occur (\eg deadlock free), or by offering a more explicit coupling between shared data and critical section.
-For example, the \CC @std::atomic<T>@ offers an easy way to express mutual-exclusion on a restricted set of operations (\eg reading/writing) for numerical types.
+Ease of use comes by either guaranteeing some problems cannot occur, \eg deadlock free, or by offering a more explicit coupling between shared data and critical section.
+For example, the \CC @std::atomic<T>@ offers an easy way to express mutual-exclusion on a restricted set of operations, \eg reading/writing, for numerical types.
 However, a significant challenge with locks is composability because it takes careful organization for multiple locks to be used while preventing deadlock.
 Easing composability is another feature higher-level mutual-exclusion mechanisms can offer.
@@ -1256 +1564 @@
 Synchronization enforces relative ordering of execution, and synchronization tools provide numerous mechanisms to establish these timing relationships.
 Low-level synchronization primitives offer good performance and flexibility at the cost of ease of use;
-higher-level mechanisms often simplify usage by adding better coupling between synchronization and data (\eg message passing), or offering a simpler solution to otherwise involved challenges, \eg barrier lock.
-Often synchronization is used to order access to a critical section, \eg ensuring a reader thread is the next kind of thread to enter a critical section.
-If a writer thread is scheduled for next access, but another reader thread acquires the critical section first, that reader has \newterm{barged}.
+higher-level mechanisms often simplify usage by adding better coupling between synchronization and data, \eg receive-specific versus receive-any thread in message passing or offering specialized solutions, \eg barrier lock.
+Often synchronization is used to order access to a critical section, \eg ensuring a waiting writer thread enters the critical section before a calling reader thread.
+If the calling reader is scheduled before the waiting writer, the reader has barged.
 Barging can result in staleness/freshness problems, where a reader barges ahead of a writer and reads temporally stale data, or a writer barges ahead of another writer overwriting data with a fresh value preventing the previous value from ever being read (lost computation).
-Preventing or detecting barging is an involved challenge with low-level locks, which can be made much easier by higher-level constructs.
-This challenge is often split into two different approaches: barging avoidance and barging prevention.
-Algorithms that allow a barger, but divert it until later using current synchronization state (flags), are avoiding the barger;
-algorithms that preclude a barger from entering during synchronization in the critical section prevent barging completely.
-Techniques like baton-pass locks~\cite{Andrews89} between threads instead of unconditionally releasing locks is an example of barging prevention.
-
-
-\section{Monitors}
-\label{s:Monitors}
-
-A \textbf{monitor} is a set of routines that ensure mutual exclusion when accessing shared state.
-More precisely, a monitor is a programming technique that binds mutual exclusion to routine scope, as opposed to locks, where mutual-exclusion is defined by acquire/release calls, independent of lexical context (analogous to block and heap storage allocation).
-The strong association with the call/return paradigm eases programmability, readability and maintainability, at a slight cost in flexibility and efficiency.
-
-Note, like coroutines/threads, both locks and monitors require an abstract handle to reference them, because at their core, both mechanisms are manipulating non-copyable shared state.
-Copying a lock is insecure because it is possible to copy an open lock and then use the open copy when the original lock is closed to simultaneously access the shared data.
-Copying a monitor is secure because both the lock and shared data are copies, but copying the shared data is meaningless because it no longer represents a unique entity.
-As for coroutines/tasks, a non-copyable (@dtype@) trait is used to capture this requirement, so all locks/monitors must be passed by reference (pointer).
+Preventing or detecting barging is an involved challenge with low-level locks, which is made easier through higher-level constructs.
+This challenge is often split into two different approaches: barging avoidance and prevention.
+Algorithms that unconditionally releasing a lock for competing threads to acquire use barging avoidance during synchronization to force a barging thread to wait;
+algorithms that conditionally hold locks during synchronization, \eg baton-passing~\cite{Andrews89}, prevent barging completely.
+
+
+\section{Monitor}
+\label{s:Monitor}
+
+A \textbf{monitor} is a set of functions that ensure mutual exclusion when accessing shared state.
+More precisely, a monitor is a programming technique that implicitly binds mutual exclusion to static function scope, as opposed to locks, where mutual-exclusion is defined by acquire/release calls, independent of lexical context (analogous to block and heap storage allocation).
+Restricting acquire/release points eases programming, comprehension, and maintenance, at a slight cost in flexibility and efficiency.
+\CFA uses a custom @monitor@ type and leverages declaration semantics (deallocation) to protect active or waiting threads in a monitor.
+
+The following is a \CFA monitor implementation of an atomic counter.
+\begin{cfa}[morekeywords=nomutex]
+`monitor` Aint { int cnt; }; $\C[4.25in]{// atomic integer counter}$
+int ++?( Aint & `mutex`$\(_{opt}\)$ this ) with( this ) { return ++cnt; } $\C{// increment}$
+int ?=?( Aint & `mutex`$\(_{opt}\)$ lhs, int rhs ) with( lhs ) { cnt = rhs; } $\C{// conversions with int}\CRT$
+int ?=?( int & lhs, Aint & `mutex`$\(_{opt}\)$ rhs ) with( rhs ) { lhs = cnt; }
+\end{cfa}
+% The @Aint@ constructor, @?{}@, uses the \lstinline[morekeywords=nomutex]@nomutex@ qualifier indicating mutual exclusion is unnecessary during construction because an object is inaccessible (private) until after it is initialized.
+% (While a constructor may publish its address into a global variable, doing so generates a race-condition.)
+The prefix increment operation, @++?@, is normally @mutex@, indicating mutual exclusion is necessary during function execution, to protect the incrementing from race conditions, unless there is an atomic increment instruction for the implementation type.
+The assignment operators provide bidirectional conversion between an atomic and normal integer without accessing field @cnt@;
+these operations only need @mutex@, if reading/writing the implementation type is not atomic.
+The atomic counter is used without any explicit mutual-exclusion and provides thread-safe semantics, which is similar to the \CC template @std::atomic@.
+\begin{cfa}
+int i = 0, j = 0, k = 5;
+Aint x = { 0 }, y = { 0 }, z = { 5 }; $\C{// no mutex required}$
+++x; ++y; ++z; $\C{// safe increment by multiple threads}$
+x = 2; y = i; z = k; $\C{// conversions}$
+i = x; j = y; k = z;
+\end{cfa}
+
+\CFA monitors have \newterm{multi-acquire} semantics so the thread in the monitor may acquire it multiple times without deadlock, allowing recursion and calling other interface functions.
+\begin{cfa}
+monitor M { ... } m;
+void foo( M & mutex m ) { ... } $\C{// acquire mutual exclusion}$
+void bar( M & mutex m ) { $\C{// acquire mutual exclusion}$
+        ... `bar( m );` ... `foo( m );` ... $\C{// reacquire mutual exclusion}$
+}
+\end{cfa}
+\CFA monitors also ensure the monitor lock is released regardless of how an acquiring function ends (normal or exceptional), and returning a shared variable is safe via copying before the lock is released.
+Similar safety is offered by \emph{explicit} mechanisms like \CC RAII;
+monitor \emph{implicit} safety ensures no programmer usage errors.
+Furthermore, RAII mechanisms cannot handle complex synchronization within a monitor, where the monitor lock may not be released on function exit because it is passed to an unblocking thread;
+RAII is purely a mutual-exclusion mechanism (see Section~\ref{s:Scheduling}).
+
+
+\subsection{Monitor Implementation}
+
+For the same design reasons, \CFA provides a custom @monitor@ type and a @trait@ to enforce and restrict the monitor-interface functions.
+\begin{cquote}
+\begin{tabular}{@{}c@{\hspace{3\parindentlnth}}c@{}}
+\begin{cfa}
+monitor M {
+        ... // shared data
+};
+
+\end{cfa}
+&
 \begin{cfa}
 trait is_monitor( `dtype` T ) {
@@ -1284 +1636 @@
 };
 \end{cfa}
+\end{tabular}
+\end{cquote}
+The @dtype@ property prevents \emph{implicit} copy operations and the @is_monitor@ trait provides no \emph{explicit} copy operations, so monitors must be passed by reference (pointer).
+% Copying a lock is insecure because it is possible to copy an open lock and then use the open copy when the original lock is closed to simultaneously access the shared data.
+% Copying a monitor is secure because both the lock and shared data are copies, but copying the shared data is meaningless because it no longer represents a unique entity.
+Similarly, the function definitions ensures there is a mechanism to get (read) the monitor descriptor from its handle, and a special destructor to prevent deallocation if a thread using the shared data.
+The custom monitor type also inserts any locks needed to implement the mutual exclusion semantics.
 
 
@@ -1289 +1648 @@
 \label{s:MutexAcquisition}
 
-While correctness implicitly implies a monitor's mutual exclusion is acquired and released, there are implementation options about when and where the locking/unlocking occurs.
+While the monitor lock provides mutual exclusion for shared data, there are implementation options for when and where the locking/unlocking occurs.
 (Much of this discussion also applies to basic locks.)
-For example, a monitor may need to be passed through multiple helper routines before it becomes necessary to acquire the monitor mutual-exclusion.
-\begin{cfa}[morekeywords=nomutex]
-monitor Aint { int cnt; };                                      $\C{// atomic integer counter}$
-void ?{}( Aint & `nomutex` this ) with( this ) { cnt = 0; } $\C{// constructor}$
-int ?=?( Aint & `mutex`$\(_{opt}\)$ lhs, int rhs ) with( lhs ) { cnt = rhs; } $\C{// conversions}$
-void ?{}( int & this, Aint & `mutex`$\(_{opt}\)$ v ) { this = v.cnt; }
-int ?=?( int & lhs, Aint & `mutex`$\(_{opt}\)$ rhs ) with( rhs ) { lhs = cnt; }
-int ++?( Aint & `mutex`$\(_{opt}\)$ this ) with( this ) { return ++cnt; } $\C{// increment}$
-\end{cfa}
-The @Aint@ constructor, @?{}@, uses the \lstinline[morekeywords=nomutex]@nomutex@ qualifier indicating mutual exclusion is unnecessary during construction because an object is inaccessible (private) until after it is initialized.
-(While a constructor may publish its address into a global variable, doing so generates a race-condition.)
-The conversion operators for initializing and assigning with a normal integer only need @mutex@, if reading/writing the implementation type is not atomic.
-Finally, the prefix increment operato, @++?@, is normally @mutex@ to protect the incrementing from race conditions, unless there is an atomic increment instruction for the implementation type.
-
-The atomic counter is used without any explicit mutual-exclusion and provides thread-safe semantics, which is similar to the \CC template @std::atomic@.
-\begin{cfa}
-Aint x, y, z;
-++x; ++y; ++z;                                                          $\C{// safe increment by multiple threads}$
-x = 2; y = 2; z = 2;                                            $\C{// conversions}$
-int i = x, j = y, k = z;
-i = x; j = y; k = z;
-\end{cfa}
-
-For maximum usability, monitors have \newterm{multi-acquire} semantics allowing a thread to acquire it multiple times without deadlock.
-For example, atomically printing the contents of a binary tree:
-\begin{cfa}
-monitor Tree {
-        Tree * left, right;
-        // value
-};
-void print( Tree & mutex tree ) {                       $\C{// prefix traversal}$
-        // write value
-        print( tree->left );                                    $\C{// multiply acquire monitor lock on each recursion}$
-        print( tree->right );
-}
-\end{cfa}
-
-Mandatory monitor qualifiers have the benefit of being self-documented, but requiring both @mutex@ and \lstinline[morekeywords=nomutex]@nomutex@ for all monitor parameter is redundant.
-Instead, one of qualifier semantics can be the default, and the other required.
-For example, assume the safe @mutex@ option for a monitor parameter because assuming \lstinline[morekeywords=nomutex]@nomutex@ may cause subtle errors.
-On the other hand, assuming \lstinline[morekeywords=nomutex]@nomutex@ is the \emph{normal} parameter behaviour, stating explicitly ``this parameter is not special''.
+For example, a monitor may be passed through multiple helper functions before it is necessary to acquire the monitor's mutual exclusion.
+
+The benefit of mandatory monitor qualifiers is self-documentation, but requiring both @mutex@ and \lstinline[morekeywords=nomutex]@nomutex@ for all monitor parameters is redundant.
+Instead, the semantics has one qualifier as the default and the other required.
+For example, make the safe @mutex@ qualifier the default because assuming \lstinline[morekeywords=nomutex]@nomutex@ may cause subtle errors.
+Alternatively, make the unsafe \lstinline[morekeywords=nomutex]@nomutex@ qualifier the default because it is the \emph{normal} parameter semantics while @mutex@ parameters are rare.
 Providing a default qualifier implies knowing whether a parameter is a monitor.
-Since \CFA relies heavily on traits as an abstraction mechanism, the distinction between a type that is a monitor and a type that looks like a monitor can become blurred.
+Since \CFA relies heavily on traits as an abstraction mechanism, types can coincidentally match the monitor trait but not be a monitor, similar to inheritance where a shape and playing card can both be drawable.
 For this reason, \CFA requires programmers to identify the kind of parameter with the @mutex@ keyword and uses no keyword to mean \lstinline[morekeywords=nomutex]@nomutex@.
 
 The next semantic decision is establishing which parameter \emph{types} may be qualified with @mutex@.
-Given:
+The following has monitor parameter types that are composed of multiple objects.
 \begin{cfa}
 monitor M { ... }
-int f1( M & mutex m );
-int f2( M * mutex m );
-int f3( M * mutex m[] );
-int f4( stack( M * ) & mutex m );
-\end{cfa}
-the issue is that some of these parameter types are composed of multiple objects.
-For @f1@, there is only a single parameter object.
-Adding indirection in @f2@ still identifies a single object.
-However, the matrix in @f3@ introduces multiple objects.
-While shown shortly, multiple acquisition is possible;
-however array lengths are often unknown in C.
-This issue is exacerbated in @f4@, where the data structure must be safely traversed to acquire all of its elements.
-
-To make the issue tractable, \CFA only acquires one monitor per parameter with at most one level of indirection.
-However, the C type-system has an ambiguity with respects to arrays.
-Is the argument for @f2@ a single object or an array of objects?
-If it is an array, only the first element of the array is acquired, which seems unsafe;
-hence, @mutex@ is disallowed for array parameters.
-\begin{cfa}
-int f1( M & mutex m );                                          $\C{// allowed: recommended case}$
-int f2( M * mutex m );                                          $\C{// disallowed: could be an array}$
-int f3( M mutex m[$\,$] );                                      $\C{// disallowed: array length unknown}$
-int f4( M ** mutex m );                                         $\C{// disallowed: could be an array}$
-int f5( M * mutex m[$\,$] );                            $\C{// disallowed: array length unknown}$
-\end{cfa}
-% Note, not all array routines have distinct types: @f2@ and @f3@ have the same type, as do @f4@ and @f5@.
-% However, even if the code generation could tell the difference, the extra information is still not sufficient to extend meaningfully the monitor call semantic.
-
-For object-oriented monitors, calling a mutex member \emph{implicitly} acquires mutual exclusion of the receiver object, @`rec`.foo(...)@.
-\CFA has no receiver, and hence, must use an explicit mechanism to specify which object has mutual exclusion acquired.
-A positive consequence of this design decision is the ability to support multi-monitor routines.
-\begin{cfa}
-int f( M & mutex x, M & mutex y );              $\C{// multiple monitor parameter of any type}$
-M m1, m2;
-f( m1, m2 );
-\end{cfa}
-(While object-oriented monitors can be extended with a mutex qualifier for multiple-monitor members, no prior example of this feature could be found.)
-In practice, writing multi-locking routines that do not deadlocks is tricky.
-Having language support for such a feature is therefore a significant asset for \CFA.
-
-The capability to acquire multiple locks before entering a critical section is called \newterm{bulk acquire}.
-In previous example, \CFA guarantees the order of acquisition is consistent across calls to different routines using the same monitors as arguments.
-This consistent ordering means acquiring multiple monitors is safe from deadlock.
-However, users can force the acquiring order.
-For example, notice the use of @mutex@/\lstinline[morekeywords=nomutex]@nomutex@ and how this affects the acquiring order:
-\begin{cfa}
-void foo( M & mutex m1, M & mutex m2 );         $\C{// acquire m1 and m2}$
+int f1( M & mutex m ); $\C{// single parameter object}$
+int f2( M * mutex m ); $\C{// single or multiple parameter object}$
+int f3( M * mutex m[$\,$] ); $\C{// multiple parameter object}$
+int f4( stack( M * ) & mutex m ); $\C{// multiple parameters object}$
+\end{cfa}
+Function @f1@ has a single parameter object, while @f2@'s indirection could be a single or multi-element array, where static array size is often unknown in C.
+Function @f3@ has a multiple object matrix, and @f4@ a multiple object data structure.
+While shown shortly, multiple object acquisition is possible, but the number of objects must be statically known.
+Therefore, \CFA only acquires one monitor per parameter with at most one level of indirection, excluding pointers as it is impossible to statically determine the size.
+
+For object-oriented monitors, \eg Java, calling a mutex member \emph{implicitly} acquires mutual exclusion of the receiver object, @`rec`.foo(...)@.
+\CFA has no receiver, and hence, the explicit @mutex@ qualifier is used to specify which objects acquire mutual exclusion.
+A positive consequence of this design decision is the ability to support multi-monitor functions,\footnote{
+While object-oriented monitors can be extended with a mutex qualifier for multiple-monitor members, no prior example of this feature could be found.}
+called \newterm{bulk acquire}.
+\CFA guarantees acquisition order is consistent across calls to @mutex@ functions using the same monitors as arguments, so acquiring multiple monitors is safe from deadlock.
+Figure~\ref{f:BankTransfer} shows a trivial solution to the bank transfer problem~\cite{BankTransfer}, where two resources must be locked simultaneously, using \CFA monitors with implicit locking and \CC with explicit locking.
+A \CFA programmer only has to manage when to acquire mutual exclusion;
+a \CC programmer must select the correct lock and acquisition mechanism from a panoply of locking options.
+Making good choices for common cases in \CFA simplifies the programming experience and enhances safety.
+
+\begin{figure}
+\centering
+\begin{lrbox}{\myboxA}
+\begin{cfa}[aboveskip=0pt,belowskip=0pt]
+monitor BankAccount {
+
+        int balance;
+} b1 = { 0 }, b2 = { 0 };
+void deposit( BankAccount & `mutex` b,
+                        int deposit ) with(b) {
+        balance += deposit;
+}
+void transfer( BankAccount & `mutex` my,
+        BankAccount & `mutex` your, int me2you ) {
+
+        deposit( my, -me2you ); // debit
+        deposit( your, me2you ); // credit
+}
+`thread` Person { BankAccount & b1, & b2; };
+void main( Person & person ) with(person) {
+        for ( 10_000_000 ) {
+                if ( random() % 3 ) deposit( b1, 3 );
+                if ( random() % 3 ) transfer( b1, b2, 7 );
+        }
+}
+int main() {
+        `Person p1 = { b1, b2 }, p2 = { b2, b1 };`
+
+} // wait for threads to complete
+\end{cfa}
+\end{lrbox}
+
+\begin{lrbox}{\myboxB}
+\begin{cfa}[aboveskip=0pt,belowskip=0pt]
+struct BankAccount {
+        `recursive_mutex m;`
+        int balance = 0;
+} b1, b2;
+void deposit( BankAccount & b, int deposit ) {
+        `scoped_lock lock( b.m );`
+        b.balance += deposit;
+}
+void transfer( BankAccount & my,
+                        BankAccount & your, int me2you ) {
+        `scoped_lock lock( my.m, your.m );`
+        deposit( my, -me2you ); // debit
+        deposit( your, me2you ); // credit
+}
+
+void person( BankAccount & b1, BankAccount & b2 ) {
+        for ( int i = 0; i < 10$'$000$'$000; i += 1 ) {
+                if ( random() % 3 ) deposit( b1, 3 );
+                if ( random() % 3 ) transfer( b1, b2, 7 );
+        }
+}
+int main() {
+        `thread p1(person, ref(b1), ref(b2)), p2(person, ref(b2), ref(b1));`
+        `p1.join(); p2.join();`
+}
+\end{cfa}
+\end{lrbox}
+
+\subfloat[\CFA]{\label{f:CFABank}\usebox\myboxA}
+\hspace{3pt}
+\vrule
+\hspace{3pt}
+\subfloat[\CC]{\label{f:C++Bank}\usebox\myboxB}
+\hspace{3pt}
+\caption{Bank transfer problem}
+\label{f:BankTransfer}
+\end{figure}
+
+Users can still force the acquiring order by using @mutex@/\lstinline[morekeywords=nomutex]@nomutex@.
+\begin{cfa}
+void foo( M & mutex m1, M & mutex m2 ); $\C{// acquire m1 and m2}$
 void bar( M & mutex m1, M & /* nomutex */ m2 ) { $\C{// acquire m1}$
-        ... foo( m1, m2 ); ...                                  $\C{// acquire m2}$
+        ... foo( m1, m2 ); ... $\C{// acquire m2}$
 }
 void baz( M & /* nomutex */ m1, M & mutex m2 ) { $\C{// acquire m2}$
-        ... foo( m1, m2 ); ...                                  $\C{// acquire m1}$
-}
-\end{cfa}
-The multi-acquire semantics allows @bar@ or @baz@ to acquire a monitor lock and reacquire it in @foo@.
-In the calls to @bar@ and @baz@, the monitors are acquired in opposite order.
-
-However, such use leads to lock acquiring order problems resulting in deadlock~\cite{Lister77}, where detecting it requires dynamically tracking of monitor calls, and dealing with it requires implement rollback semantics~\cite{Dice10}.
-In \CFA, safety is guaranteed by using bulk acquire of all monitors to shared objects, whereas other monitor systems provide no aid.
-While \CFA provides only a partial solution, the \CFA partial solution handles many useful cases.
-\begin{cfa}
-monitor Bank { ... };
-void deposit( Bank & `mutex` b, int deposit );
-void transfer( Bank & `mutex` mybank, Bank & `mutex` yourbank, int me2you) {
-        deposit( mybank, `-`me2you );                   $\C{// debit}$
-        deposit( yourbank, me2you );                    $\C{// credit}$
-}
-\end{cfa}
-This example shows a trivial solution to the bank-account transfer problem~\cite{BankTransfer}.
-Without multi- and bulk acquire, the solution to this problem requires careful engineering.
-
-
-\subsection{\protect\lstinline|mutex| statement} \label{mutex-stmt}
-
-The monitor call-semantics associate all locking semantics to routines.
-Like Java, \CFA offers an alternative @mutex@ statement to reduce refactoring and naming.
+        ... foo( m1, m2 ); ... $\C{// acquire m1}$
+}
+\end{cfa}
+The bulk-acquire semantics allow @bar@ or @baz@ to acquire a monitor lock and reacquire it in @foo@.
+The calls to @bar@ and @baz@ acquired the monitors in opposite order, possibly resulting in deadlock.
+However, this case is the simplest instance of the \emph{nested-monitor problem}~\cite{Lister77}, where monitors are acquired in sequence versus bulk.
+Detecting the nested-monitor problem requires dynamic tracking of monitor calls, and dealing with it requires rollback semantics~\cite{Dice10}.
+\CFA does not deal with this fundamental problem.
+
+Finally, like Java, \CFA offers an alternative @mutex@ statement to reduce refactoring and naming.
 \begin{cquote}
-\begin{tabular}{@{}c|@{\hspace{\parindentlnth}}c@{}}
-routine call & @mutex@ statement \\
-\begin{cfa}
-monitor M {};
+\renewcommand{\arraystretch}{0.0}
+\begin{tabular}{@{}l@{\hspace{3\parindentlnth}}l@{}}
+\multicolumn{1}{c}{\textbf{\lstinline@mutex@ call}} & \multicolumn{1}{c}{\lstinline@mutex@ \textbf{statement}} \\
+\begin{cfa}[aboveskip=0pt,belowskip=0pt]
+monitor M { ... };
 void foo( M & mutex m1, M & mutex m2 ) {
         // critical section
@@ -1429 +1788 @@
 \end{cfa}
 &
-\begin{cfa}
+\begin{cfa}[aboveskip=0pt,belowskip=0pt]
 
 void bar( M & m1, M & m2 ) {
@@ -1442 +1801 @@
 
 
-\section{Internal Scheduling}
-\label{s:InternalScheduling}
-
-While monitor mutual-exclusion provides safe access to shared data, the monitor data may indicate that a thread accessing it cannot proceed, \eg a bounded buffer, Figure~\ref{f:GenericBoundedBuffer}, may be full/empty so produce/consumer threads must block.
+\subsection{Scheduling}
+\label{s:Scheduling}
+
+% There are many aspects of scheduling in a concurrency system, all related to resource utilization by waiting threads, \ie which thread gets the resource next.
+% Different forms of scheduling include access to processors by threads (see Section~\ref{s:RuntimeStructureCluster}), another is access to a shared resource by a lock or monitor.
+This section discusses monitor scheduling for waiting threads eligible for entry, \ie which thread gets the shared resource next. (See Section~\ref{s:RuntimeStructureCluster} for scheduling threads on virtual processors.)
+While monitor mutual-exclusion provides safe access to shared data, the monitor data may indicate that a thread accessing it cannot proceed, \eg a bounded buffer may be full/empty so produce/consumer threads must block.
 Leaving the monitor and trying again (busy waiting) is impractical for high-level programming.
-Monitors eliminate busy waiting by providing internal synchronization to schedule threads needing access to the shared data, where the synchronization is blocking (threads are parked) versus spinning.
-The synchronization is generally achieved with internal~\cite{Hoare74} or external~\cite[\S~2.9.2]{uC++} scheduling, where \newterm{scheduling} is defined as indicating which thread acquires the critical section next.
+Monitors eliminate busy waiting by providing synchronization to schedule threads needing access to the shared data, where threads block versus spinning.
+Synchronization is generally achieved with internal~\cite{Hoare74} or external~\cite[\S~2.9.2]{uC++} scheduling.
 \newterm{Internal scheduling} is characterized by each thread entering the monitor and making an individual decision about proceeding or blocking, while \newterm{external scheduling} is characterized by an entering thread making a decision about proceeding for itself and on behalf of other threads attempting entry.
-
-Figure~\ref{f:BBInt} shows a \CFA bounded-buffer with internal scheduling, where producers/consumers enter the monitor, see the buffer is full/empty, and block on an appropriate condition lock, @full@/@empty@.
-The @wait@ routine atomically blocks the calling thread and implicitly releases the monitor lock(s) for all monitors in the routine's parameter list.
-The appropriate condition lock is signalled to unblock an opposite kind of thread after an element is inserted/removed from the buffer.
-Signalling is unconditional, because signalling an empty condition lock does nothing.
-Signalling semantics cannot have the signaller and signalled thread in the monitor simultaneously, which means:
-\begin{enumerate}
-\item
-The signalling thread returns immediately, and the signalled thread continues.
-\item
-The signalling thread continues and the signalled thread is marked for urgent unblocking at the next scheduling point (exit/wait).
-\item
-The signalling thread blocks but is marked for urgrent unblocking at the next scheduling point and the signalled thread continues.
-\end{enumerate}
-The first approach is too restrictive, as it precludes solving a reasonable class of problems (\eg dating service).
-\CFA supports the next two semantics as both are useful.
-Finally, while it is common to store a @condition@ as a field of the monitor, in \CFA, a @condition@ variable can be created/stored independently.
-Furthermore, a condition variable is tied to a \emph{group} of monitors on first use (called \newterm{branding}), which means that using internal scheduling with distinct sets of monitors requires one condition variable per set of monitors.
+Finally, \CFA monitors do not allow calling threads to barge ahead of signalled threads, which simplifies synchronization among threads in the monitor and increases correctness.
+If barging is allowed, synchronization between a signaller and signallee is difficult, often requiring additional flags and multiple unblock/block cycles.
+In fact, signals-as-hints is completely opposite from that proposed by Hoare in the seminal paper on monitors~\cite[p.~550]{Hoare74}.
+% \begin{cquote}
+% However, we decree that a signal operation be followed immediately by resumption of a waiting program, without possibility of an intervening procedure call from yet a third program.
+% It is only in this way that a waiting program has an absolute guarantee that it can acquire the resource just released by the signalling program without any danger that a third program will interpose a monitor entry and seize the resource instead.~\cite[p.~550]{Hoare74}
+% \end{cquote}
+Furthermore, \CFA concurrency has no spurious wakeup~\cite[\S~9]{Buhr05a}, which eliminates an implicit form of self barging.
+Hence, a \CFA @wait@ statement is not enclosed in a @while@ loop retesting a blocking predicate, which can cause thread starvation due to barging.
+
+Figure~\ref{f:MonitorScheduling} shows general internal/external scheduling (for the bounded-buffer example in Figure~\ref{f:InternalExternalScheduling}).
+External calling threads block on the calling queue, if the monitor is occupied, otherwise they enter in FIFO order.
+Internal threads block on condition queues via @wait@ and reenter from the condition in FIFO order.
+Alternatively, internal threads block on urgent from the @signal_block@ or @waitfor@, and reenter implicitly when the monitor becomes empty, \ie, the thread in the monitor exits or waits.
+
+There are three signalling mechanisms to unblock waiting threads to enter the monitor.
+Note, signalling cannot have the signaller and signalled thread in the monitor simultaneously because of the mutual exclusion, so either the signaller or signallee can proceed.
+For internal scheduling, threads are unblocked from condition queues using @signal@, where the signallee is moved to urgent and the signaller continues (solid line).
+Multiple signals move multiple signallees to urgent until the condition is empty.
+When the signaller exits or waits, a thread blocked on urgent is processed before calling threads to prevent barging.
+(Java conceptually moves the signalled thread to the calling queue, and hence, allows barging.)
+The alternative unblock is in the opposite order using @signal_block@, where the signaller is moved to urgent and the signallee continues (dashed line), and is implicitly unblocked from urgent when the signallee exits or waits.
+
+For external scheduling, the condition queues are not used;
+instead threads are unblocked directly from the calling queue using @waitfor@ based on function names requesting mutual exclusion.
+(The linear search through the calling queue to locate a particular call can be reduced to $O(1)$.)
+The @waitfor@ has the same semantics as @signal_block@, where the signalled thread executes before the signallee, which waits on urgent.
+Executing multiple @waitfor@s from different signalled functions causes the calling threads to move to urgent.
+External scheduling requires urgent to be a stack, because the signaller expects to execute immediately after the specified monitor call has exited or waited.
+Internal scheduling behaves the same for an urgent stack or queue, except for multiple signalling, where the threads unblock from urgent in reverse order from signalling.
+If the restart order is important, multiple signalling by a signal thread can be transformed into daisy-chain signalling among threads, where each thread signals the next thread.
+We tried both a stack for @waitfor@ and queue for signalling, but that resulted in complex semantics about which thread enters next.
+Hence, \CFA uses a single urgent stack to correctly handle @waitfor@ and adequately support both forms of signalling.
+
+\begin{figure}
+\centering
+% \subfloat[Scheduling Statements] {
+% \label{fig:SchedulingStatements}
+% {\resizebox{0.45\textwidth}{!}{\input{CondSigWait.pstex_t}}}
+\input{CondSigWait.pstex_t}
+% }% subfloat
+% \quad
+% \subfloat[Bulk acquire monitor] {
+% \label{fig:BulkMonitor}
+% {\resizebox{0.45\textwidth}{!}{\input{ext_monitor.pstex_t}}}
+% }% subfloat
+\caption{Monitor Scheduling}
+\label{f:MonitorScheduling}
+\end{figure}
+
+Figure~\ref{f:BBInt} shows a \CFA generic bounded-buffer with internal scheduling, where producers/consumers enter the monitor, detect the buffer is full/empty, and block on an appropriate condition variable, @full@/@empty@.
+The @wait@ function atomically blocks the calling thread and implicitly releases the monitor lock(s) for all monitors in the function's parameter list.
+The appropriate condition variable is signalled to unblock an opposite kind of thread after an element is inserted/removed from the buffer.
+Signalling is unconditional, because signalling an empty condition variable does nothing.
+It is common to declare condition variables as monitor fields to prevent shared access, hence no locking is required for access as the conditions are protected by the monitor lock.
+In \CFA, a condition variable can be created/stored independently.
+% To still prevent expensive locking on access, a condition variable is tied to a \emph{group} of monitors on first use, called \newterm{branding}, resulting in a low-cost boolean test to detect sharing from other monitors.
+
+% Signalling semantics cannot have the signaller and signalled thread in the monitor simultaneously, which means:
+% \begin{enumerate}
+% \item
+% The signalling thread returns immediately and the signalled thread continues.
+% \item
+% The signalling thread continues and the signalled thread is marked for urgent unblocking at the next scheduling point (exit/wait).
+% \item
+% The signalling thread blocks but is marked for urgent unblocking at the next scheduling point and the signalled thread continues.
+% \end{enumerate}
+% The first approach is too restrictive, as it precludes solving a reasonable class of problems, \eg dating service (see Figure~\ref{f:DatingService}).
+% \CFA supports the next two semantics as both are useful.
 
 \begin{figure}
@@ -1481 +1894 @@
         };
         void ?{}( Buffer(T) & buffer ) with(buffer) {
-                [front, back, count] = 0;
+                front = back = count = 0;
         }
-
         void insert( Buffer(T) & mutex buffer, T elem )
                                 with(buffer) {
@@ -1500 +1912 @@
 \end{lrbox}
 
+% \newbox\myboxB
+% \begin{lrbox}{\myboxB}
+% \begin{cfa}[aboveskip=0pt,belowskip=0pt]
+% forall( otype T ) { // distribute forall
+%       monitor Buffer {
+%
+%               int front, back, count;
+%               T elements[10];
+%       };
+%       void ?{}( Buffer(T) & buffer ) with(buffer) {
+%               [front, back, count] = 0;
+%       }
+%       T remove( Buffer(T) & mutex buffer ); // forward
+%       void insert( Buffer(T) & mutex buffer, T elem )
+%                               with(buffer) {
+%               if ( count == 10 ) `waitfor( remove, buffer )`;
+%               // insert elem into buffer
+%
+%       }
+%       T remove( Buffer(T) & mutex buffer ) with(buffer) {
+%               if ( count == 0 ) `waitfor( insert, buffer )`;
+%               // remove elem from buffer
+%
+%               return elem;
+%       }
+% }
+% \end{cfa}
+% \end{lrbox}
+
 \newbox\myboxB
 \begin{lrbox}{\myboxB}
 \begin{cfa}[aboveskip=0pt,belowskip=0pt]
-forall( otype T ) { // distribute forall
-        monitor Buffer {
-
-                int front, back, count;
-                T elements[10];
-        };
-        void ?{}( Buffer(T) & buffer ) with(buffer) {
-                [front, back, count] = 0;
-        }
-        T remove( Buffer(T) & mutex buffer ); // forward
-        void insert( Buffer(T) & mutex buffer, T elem )
-                                with(buffer) {
-                if ( count == 10 ) `waitfor( remove, buffer )`;
-                // insert elem into buffer
-
-        }
-        T remove( Buffer(T) & mutex buffer ) with(buffer) {
-                if ( count == 0 ) `waitfor( insert, buffer )`;
-                // remove elem from buffer
-
-                return elem;
-        }
-}
+monitor ReadersWriter {
+        int rcnt, wcnt; // readers/writer using resource
+};
+void ?{}( ReadersWriter & rw ) with(rw) {
+        rcnt = wcnt = 0;
+}
+void EndRead( ReadersWriter & mutex rw ) with(rw) {
+        rcnt -= 1;
+}
+void EndWrite( ReadersWriter & mutex rw ) with(rw) {
+        wcnt = 0;
+}
+void StartRead( ReadersWriter & mutex rw ) with(rw) {
+        if ( wcnt > 0 ) `waitfor( EndWrite, rw );`
+        rcnt += 1;
+}
+void StartWrite( ReadersWriter & mutex rw ) with(rw) {
+        if ( wcnt > 0 ) `waitfor( EndWrite, rw );`
+        else while ( rcnt > 0 ) `waitfor( EndRead, rw );`
+        wcnt = 1;
+}
+
 \end{cfa}
 \end{lrbox}
 
-\subfloat[Internal Scheduling]{\label{f:BBInt}\usebox\myboxA}
-%\qquad
-\subfloat[External Scheduling]{\label{f:BBExt}\usebox\myboxB}
-\caption{Generic Bounded-Buffer}
-\label{f:GenericBoundedBuffer}
+\subfloat[Generic bounded buffer, internal scheduling]{\label{f:BBInt}\usebox\myboxA}
+\hspace{3pt}
+\vrule
+\hspace{3pt}
+\subfloat[Readers / writer lock, external scheduling]{\label{f:RWExt}\usebox\myboxB}
+
+\caption{Internal / external scheduling}
+\label{f:InternalExternalScheduling}
 \end{figure}
 
-Figure~\ref{f:BBExt} shows a \CFA bounded-buffer with external scheduling, where producers/consumers detecting a full/empty buffer block and prevent more producers/consumers from entering the monitor until the buffer has a free/empty slot.
-External scheduling is controlled by the @waitfor@ statement, which atomically blocks the calling thread, releases the monitor lock, and restricts the routine calls that can next acquire mutual exclusion.
+Figure~\ref{f:BBInt} can be transformed into external scheduling by removing the condition variables and signals/waits, and adding the following lines at the locations of the current @wait@s in @insert@/@remove@, respectively.
+\begin{cfa}[aboveskip=2pt,belowskip=1pt]
+if ( count == 10 ) `waitfor( remove, buffer )`;       |      if ( count == 0 ) `waitfor( insert, buffer )`;
+\end{cfa}
+Here, the producers/consumers detects a full/\-empty buffer and prevents more producers/consumers from entering the monitor until there is a free/empty slot in the buffer.
+External scheduling is controlled by the @waitfor@ statement, which atomically blocks the calling thread, releases the monitor lock, and restricts the function calls that can next acquire mutual exclusion.
 If the buffer is full, only calls to @remove@ can acquire the buffer, and if the buffer is empty, only calls to @insert@ can acquire the buffer.
-Threads making calls to routines that are currently excluded block outside (externally) of the monitor on a calling queue, versus blocking on condition queues inside the monitor.
-
-Both internal and external scheduling extend to multiple monitors in a natural way.
-\begin{cfa}
-monitor M { `condition e`; ... };
-void foo( M & mutex m1, M & mutex m2 ) {
-        ... wait( `e` ); ...                                    $\C{// wait( e, m1, m2 )}$
-        ... wait( `e, m1` ); ...
-        ... wait( `e, m2` ); ...
-}
-
-void rtn$\(_1\)$( M & mutex m1, M & mutex m2 );
-void rtn$\(_2\)$( M & mutex m1 );
-void bar( M & mutex m1, M & mutex m2 ) {
-        ... waitfor( `rtn` ); ...                               $\C{// waitfor( rtn\(_1\), m1, m2 )}$
-        ... waitfor( `rtn, m1` ); ...                   $\C{// waitfor( rtn\(_2\), m1 )}$
-}
-\end{cfa}
-For @wait( e )@, the default semantics is to atomically block the signaller and release all acquired mutex types in the parameter list, \ie @wait( e, m1, m2 )@.
-To override the implicit multi-monitor wait, specific mutex parameter(s) can be specified, \eg @wait( e, m1 )@.
-Wait statically verifies the released monitors are the acquired mutex-parameters so unconditional release is safe.
-Similarly, for @waitfor( rtn, ... )@, the default semantics is to atomically block the acceptor and release all acquired mutex types in the parameter list, \ie @waitfor( rtn, m1, m2 )@.
-To override the implicit multi-monitor wait, specific mutex parameter(s) can be specified, \eg @waitfor( rtn, m1 )@.
-Waitfor statically verifies the released monitors are the same as the acquired mutex-parameters of the given routine or routine pointer.
-To statically verify the released monitors match with the accepted routine's mutex parameters, the routine (pointer) prototype must be accessible.
-
-Given the ability to release a subset of acquired monitors can result in a \newterm{nested monitor}~\cite{Lister77} deadlock.
-\begin{cfa}
-void foo( M & mutex m1, M & mutex m2 ) {
-        ... wait( `e, m1` ); ...                                $\C{// release m1, keeping m2 acquired )}$
-void baz( M & mutex m1, M & mutex m2 ) {        $\C{// must acquire m1 and m2 )}$
-        ... signal( `e` ); ...
-\end{cfa}
-The @wait@ only releases @m1@ so the signalling thread cannot acquire both @m1@ and @m2@ to  enter @baz@ to get to the @signal@.
-While deadlock issues can occur with multiple/nesting acquisition, this issue results from the fact that locks, and by extension monitors, are not perfectly composable.
-
-Finally, an important aspect of monitor implementation is barging, \ie can calling threads barge ahead of signalled threads?
-If barging is allowed, synchronization between a singller and signallee is difficult, often requiring multiple unblock/block cycles (looping around a wait rechecking if a condition is met).
-\begin{quote}
-However, we decree that a signal operation be followed immediately by resumption of a waiting program, without possibility of an intervening procedure call from yet a third program.
-It is only in this way that a waiting program has an absolute guarantee that it can acquire the resource just released by the signalling program without any danger that a third program will interpose a monitor entry and seize the resource instead.~\cite[p.~550]{Hoare74}
-\end{quote}
-\CFA scheduling \emph{precludes} barging, which simplifies synchronization among threads in the monitor and increases correctness.
-For example, there are no loops in either bounded buffer solution in Figure~\ref{f:GenericBoundedBuffer}.
-Supporting barging prevention as well as extending internal scheduling to multiple monitors is the main source of complexity in the design and implementation of \CFA concurrency.
-
-
-\subsection{Barging Prevention}
-
-Figure~\ref{f:BargingPrevention} shows \CFA code where bulk acquire adds complexity to the internal-signalling semantics.
-The complexity begins at the end of the inner @mutex@ statement, where the semantics of internal scheduling need to be extended for multiple monitors.
-The problem is that bulk acquire is used in the inner @mutex@ statement where one of the monitors is already acquired.
-When the signalling thread reaches the end of the inner @mutex@ statement, it should transfer ownership of @m1@ and @m2@ to the waiting thread to prevent barging into the outer @mutex@ statement by another thread.
-However, both the signalling and signalled threads still need monitor @m1@.
-
-\begin{figure}
-\newbox\myboxA
-\begin{lrbox}{\myboxA}
-\begin{cfa}[aboveskip=0pt,belowskip=0pt]
-monitor M m1, m2;
-condition c;
-mutex( m1 ) {
-        ...
-        mutex( m1, m2 ) {
-                ... `wait( c )`; // block and release m1, m2
-                // m1, m2 acquired
-        } // $\LstCommentStyle{\color{red}release m2}$
-        // m1 acquired
-} // release m1
-\end{cfa}
-\end{lrbox}
-
-\newbox\myboxB
-\begin{lrbox}{\myboxB}
-\begin{cfa}[aboveskip=0pt,belowskip=0pt]
-
-
-mutex( m1 ) {
-        ...
-        mutex( m1, m2 ) {
-                ... `signal( c )`; ...
-                // m1, m2 acquired
-        } // $\LstCommentStyle{\color{red}release m2}$
-        // m1 acquired
-} // release m1
-\end{cfa}
-\end{lrbox}
-
-\newbox\myboxC
-\begin{lrbox}{\myboxC}
-\begin{cfa}[aboveskip=0pt,belowskip=0pt]
-
-
-mutex( m1 ) {
-        ... `wait( c )`; ...
-        // m1 acquired
-} // $\LstCommentStyle{\color{red}release m1}$
-
-
-
-
-\end{cfa}
-\end{lrbox}
-
-\begin{cquote}
-\subfloat[Waiting Thread]{\label{f:WaitingThread}\usebox\myboxA}
-\hspace{2\parindentlnth}
-\subfloat[Signalling Thread]{\label{f:SignallingThread}\usebox\myboxB}
-\hspace{2\parindentlnth}
-\subfloat[Other Waiting Thread]{\label{f:SignallingThread}\usebox\myboxC}
-\end{cquote}
-\caption{Barging Prevention}
-\label{f:BargingPrevention}
-\end{figure}
-
-The obvious solution to the problem of multi-monitor scheduling is to keep ownership of all locks until the last lock is ready to be transferred.
-It can be argued that that moment is when the last lock is no longer needed, because this semantics fits most closely to the behaviour of single-monitor scheduling.
-This solution has the main benefit of transferring ownership of groups of monitors, which simplifies the semantics from multiple objects to a single group of objects, effectively making the existing single-monitor semantic viable by simply changing monitors to monitor groups.
-This solution releases the monitors once every monitor in a group can be released.
-However, since some monitors are never released (\eg the monitor of a thread), this interpretation means a group might never be released.
-A more interesting interpretation is to transfer the group until all its monitors are released, which means the group is not passed further and a thread can retain its locks.
-
-However, listing \ref{f:int-secret} shows this solution can become much more complicated depending on what is executed while secretly holding B at line \ref{line:secret}, while avoiding the need to transfer ownership of a subset of the condition monitors.
-Figure~\ref{f:dependency} shows a slightly different example where a third thread is waiting on monitor @A@, using a different condition variable.
-Because the third thread is signalled when secretly holding @B@, the goal  becomes unreachable.
-Depending on the order of signals (listing \ref{f:dependency} line \ref{line:signal-ab} and \ref{line:signal-a}) two cases can happen:
-
-\begin{comment}
-\paragraph{Case 1: thread $\alpha$ goes first.} In this case, the problem is that monitor @A@ needs to be passed to thread $\beta$ when thread $\alpha$ is done with it.
-\paragraph{Case 2: thread $\beta$ goes first.} In this case, the problem is that monitor @B@ needs to be retained and passed to thread $\alpha$ along with monitor @A@, which can be done directly or possibly using thread $\beta$ as an intermediate.
-\\
-
-Note that ordering is not determined by a race condition but by whether signalled threads are enqueued in FIFO or FILO order.
-However, regardless of the answer, users can move line \ref{line:signal-a} before line \ref{line:signal-ab} and get the reverse effect for listing \ref{f:dependency}.
-
-In both cases, the threads need to be able to distinguish, on a per monitor basis, which ones need to be released and which ones need to be transferred, which means knowing when to release a group becomes complex and inefficient (see next section) and therefore effectively precludes this approach.
-
-
-\subsubsection{Dependency graphs}
-
-\begin{figure}
-\begin{multicols}{3}
-Thread $\alpha$
-\begin{cfa}[numbers=left, firstnumber=1]
-acquire A
-        acquire A & B
-                wait A & B
-        release A & B
-release A
-\end{cfa}
-\columnbreak
-Thread $\gamma$
-\begin{cfa}[numbers=left, firstnumber=6, escapechar=|]
-acquire A
-        acquire A & B
-                |\label{line:signal-ab}|signal A & B
-        |\label{line:release-ab}|release A & B
-        |\label{line:signal-a}|signal A
-|\label{line:release-a}|release A
-\end{cfa}
-\columnbreak
-Thread $\beta$
-\begin{cfa}[numbers=left, firstnumber=12, escapechar=|]
-acquire A
-        wait A
-|\label{line:release-aa}|release A
-\end{cfa}
-\end{multicols}
-\begin{cfa}[caption={Pseudo-code for the three thread example.},label={f:dependency}]
-\end{cfa}
-\begin{center}
-\input{dependency}
-\end{center}
-\caption{Dependency graph of the statements in listing \ref{f:dependency}}
-\label{fig:dependency}
-\end{figure}
-
-In listing \ref{f:int-bulk-cfa}, there is a solution that satisfies both barging prevention and mutual exclusion.
-If ownership of both monitors is transferred to the waiter when the signaller releases @A & B@ and then the waiter transfers back ownership of @A@ back to the signaller when it releases it, then the problem is solved (@B@ is no longer in use at this point).
-Dynamically finding the correct order is therefore the second possible solution.
-The problem is effectively resolving a dependency graph of ownership requirements.
-Here even the simplest of code snippets requires two transfers and has a super-linear complexity.
-This complexity can be seen in listing \ref{f:explosion}, which is just a direct extension to three monitors, requires at least three ownership transfer and has multiple solutions.
-Furthermore, the presence of multiple solutions for ownership transfer can cause deadlock problems if a specific solution is not consistently picked; In the same way that multiple lock acquiring order can cause deadlocks.
-\begin{figure}
-\begin{multicols}{2}
-\begin{cfa}
-acquire A
-        acquire B
-                acquire C
-                        wait A & B & C
-                release C
-        release B
-release A
-\end{cfa}
-
-\columnbreak
-
-\begin{cfa}
-acquire A
-        acquire B
-                acquire C
-                        signal A & B & C
-                release C
-        release B
-release A
-\end{cfa}
-\end{multicols}
-\begin{cfa}[caption={Extension to three monitors of listing \ref{f:int-bulk-cfa}},label={f:explosion}]
-\end{cfa}
-\end{figure}
-
-Given the three threads example in listing \ref{f:dependency}, figure \ref{fig:dependency} shows the corresponding dependency graph that results, where every node is a statement of one of the three threads, and the arrows the dependency of that statement (\eg $\alpha1$ must happen before $\alpha2$).
-The extra challenge is that this dependency graph is effectively post-mortem, but the runtime system needs to be able to build and solve these graphs as the dependencies unfold.
-Resolving dependency graphs being a complex and expensive endeavour, this solution is not the preferred one.
-
-\subsubsection{Partial Signalling} \label{partial-sig}
-\end{comment}
-
-Finally, the solution that is chosen for \CFA is to use partial signalling.
-Again using listing \ref{f:int-bulk-cfa}, the partial signalling solution transfers ownership of monitor @B@ at lines \ref{line:signal1} to the waiter but does not wake the waiting thread since it is still using monitor @A@.
-Only when it reaches line \ref{line:lastRelease} does it actually wake up the waiting thread.
-This solution has the benefit that complexity is encapsulated into only two actions: passing monitors to the next owner when they should be released and conditionally waking threads if all conditions are met.
-This solution has a much simpler implementation than a dependency graph solving algorithms, which is why it was chosen.
-Furthermore, after being fully implemented, this solution does not appear to have any significant downsides.
-
-Using partial signalling, listing \ref{f:dependency} can be solved easily:
-\begin{itemize}
-        \item When thread $\gamma$ reaches line \ref{line:release-ab} it transfers monitor @B@ to thread $\alpha$ and continues to hold monitor @A@.
-        \item When thread $\gamma$ reaches line \ref{line:release-a}  it transfers monitor @A@ to thread $\beta$  and wakes it up.
-        \item When thread $\beta$  reaches line \ref{line:release-aa} it transfers monitor @A@ to thread $\alpha$ and wakes it up.
-\end{itemize}
-
-
-\subsection{Signalling: Now or Later}
+Threads calling excluded functions block outside of (external to) the monitor on the calling queue, versus blocking on condition queues inside of (internal to) the monitor.
+Figure~\ref{f:RWExt} shows a readers/writer lock written using external scheduling, where a waiting reader detects a writer using the resource and restricts further calls until the writer exits by calling @EndWrite@.
+The writer does a similar action for each reader or writer using the resource.
+Note, no new calls to @StarRead@/@StartWrite@ may occur when waiting for the call to @EndRead@/@EndWrite@.
+External scheduling allows waiting for events from other threads while restricting unrelated events, that would otherwise have to wait on conditions in the monitor.
+The mechnaism can be done in terms of control flow, \eg Ada @accept@ or \uC @_Accept@, or in terms of data, \eg Go @select@ on channels.
+While both mechanisms have strengths and weaknesses, this project uses the control-flow mechanism to be consistent with other language features.
+% Two challenges specific to \CFA for external scheduling are loose object-definitions (see Section~\ref{s:LooseObjectDefinitions}) and multiple-monitor functions (see Section~\ref{s:Multi-MonitorScheduling}).
+
+Figure~\ref{f:DatingService} shows a dating service demonstrating non-blocking and blocking signalling.
+The dating service matches girl and boy threads with matching compatibility codes so they can exchange phone numbers.
+A thread blocks until an appropriate partner arrives.
+The complexity is exchanging phone numbers in the monitor because of the mutual-exclusion property.
+For signal scheduling, the @exchange@ condition is necessary to block the thread finding the match, while the matcher unblocks to take the opposite number, post its phone number, and unblock the partner.
+For signal-block scheduling, the implicit urgent-queue replaces the explict @exchange@-condition and @signal_block@ puts the finding thread on the urgent condition and unblocks the matcher.
+The dating service is an example of a monitor that cannot be written using external scheduling because it requires knowledge of calling parameters to make scheduling decisions, and parameters of waiting threads are unavailable;
+as well, an arriving thread may not find a partner and must wait, which requires a condition variable, and condition variables imply internal scheduling.
+Furthermore, barging corrupts the dating service during an exchange because a barger may also match and change the phone numbers, invalidating the previous exchange phone number.
+Putting loops around the @wait@s does not correct the problem;
+the simple solution must be restructured to account for barging.
 
 \begin{figure}
@@ -1784 +2016 @@
         int GirlPhNo, BoyPhNo;
         condition Girls[CCodes], Boys[CCodes];
-        condition exchange;
+        `condition exchange;`
 };
 int girl( DS & mutex ds, int phNo, int ccode ) {
@@ -1790 +2022 @@
                 wait( Girls[ccode] );
                 GirlPhNo = phNo;
-                exchange.signal();
+                `signal( exchange );`
         } else {
                 GirlPhNo = phNo;
-                signal( Boys[ccode] );
-                exchange.wait();
-        } // if
+                `signal( Boys[ccode] );`
+                `wait( exchange );`
+        }
         return BoyPhNo;
 }
@@ -1820 +2052 @@
         } else {
                 GirlPhNo = phNo; // make phone number available
-                signal_block( Boys[ccode] ); // restart boy
+                `signal_block( Boys[ccode] );` // restart boy
 
         } // if
@@ -1834 +2066 @@
 \qquad
 \subfloat[\lstinline@signal_block@]{\label{f:DatingSignalBlock}\usebox\myboxB}
-\caption{Dating service. }
-\label{f:Dating service}
+\caption{Dating service}
+\label{f:DatingService}
 \end{figure}
 
-An important note is that, until now, signalling a monitor was a delayed operation.
-The ownership of the monitor is transferred only when the monitor would have otherwise been released, not at the point of the @signal@ statement.
-However, in some cases, it may be more convenient for users to immediately transfer ownership to the thread that is waiting for cooperation, which is achieved using the @signal_block@ routine.
-
-The example in table \ref{tbl:datingservice} highlights the difference in behaviour.
-As mentioned, @signal@ only transfers ownership once the current critical section exits; this behaviour requires additional synchronization when a two-way handshake is needed.
-To avoid this explicit synchronization, the @condition@ type offers the @signal_block@ routine, which handles the two-way handshake as shown in the example.
-This feature removes the need for a second condition variables and simplifies programming.
-Like every other monitor semantic, @signal_block@ uses barging prevention, which means mutual-exclusion is baton-passed both on the front end and the back end of the call to @signal_block@, meaning no other thread can acquire the monitor either before or after the call.
-
-% ======================================================================
-% ======================================================================
-\section{External scheduling} \label{extsched}
-% ======================================================================
-% ======================================================================
-An alternative to internal scheduling is external scheduling (see Table~\ref{tbl:sched}).
-
-\begin{comment}
-\begin{table}
-\begin{tabular}{|c|c|c|}
-Internal Scheduling & External Scheduling & Go\\
-\hline
-\begin{uC++}[tabsize=3]
-_Monitor Semaphore {
-        condition c;
-        bool inUse;
-public:
-        void P() {
-                if(inUse)
-                        wait(c);
-                inUse = true;
-        }
-        void V() {
-                inUse = false;
-                signal(c);
-        }
-}
-\end{uC++}&\begin{uC++}[tabsize=3]
-_Monitor Semaphore {
-
-        bool inUse;
-public:
-        void P() {
-                if(inUse)
-                        _Accept(V);
-                inUse = true;
-        }
-        void V() {
-                inUse = false;
-
-        }
-}
-\end{uC++}&\begin{Go}[tabsize=3]
-type MySem struct {
-        inUse bool
-        c     chan bool
-}
-
-// acquire
-func (s MySem) P() {
-        if s.inUse {
-                select {
-                case <-s.c:
-                }
-        }
-        s.inUse = true
-}
-
-// release
-func (s MySem) V() {
-        s.inUse = false
-
-        // This actually deadlocks
-        // when single thread
-        s.c <- false
-}
-\end{Go}
+In summation, for internal scheduling, non-blocking signalling (as in the producer/consumer example) is used when the signaller is providing the cooperation for a waiting thread;
+the signaller enters the monitor and changes state, detects a waiting threads that can use the state, performs a non-blocking signal on the condition queue for the waiting thread, and exits the monitor to run concurrently.
+The waiter unblocks next from the urgent queue, uses/takes the state, and exits the monitor.
+Blocking signal is the reverse, where the waiter is providing the cooperation for the signalling thread;
+the signaller enters the monitor, detects a waiting thread providing the necessary state, performs a blocking signal to place it on the urgent queue and unblock the waiter.
+The waiter changes state and exits the monitor, and the signaller unblocks next from the urgent queue to use/take the state.
+
+Both internal and external scheduling extend to multiple monitors in a natural way.
+\begin{cquote}
+\begin{tabular}{@{}l@{\hspace{3\parindentlnth}}l@{}}
+\begin{cfa}
+monitor M { `condition e`; ... };
+void foo( M & mutex m1, M & mutex m2 ) {
+        ... wait( `e` ); ...   // wait( e, m1, m2 )
+        ... wait( `e, m1` ); ...
+        ... wait( `e, m2` ); ...
+}
+\end{cfa}
+&
+\begin{cfa}
+void rtn$\(_1\)$( M & mutex m1, M & mutex m2 );
+void rtn$\(_2\)$( M & mutex m1 );
+void bar( M & mutex m1, M & mutex m2 ) {
+        ... waitfor( `rtn` ); ...       // $\LstCommentStyle{waitfor( rtn\(_1\), m1, m2 )}$
+        ... waitfor( `rtn, m1` ); ... // $\LstCommentStyle{waitfor( rtn\(_2\), m1 )}$
+}
+\end{cfa}
 \end{tabular}
-\caption{Different forms of scheduling.}
-\label{tbl:sched}
-\end{table}
-\end{comment}
-
-This method is more constrained and explicit, which helps users reduce the non-deterministic nature of concurrency.
-Indeed, as the following examples demonstrate, external scheduling allows users to wait for events from other threads without the concern of unrelated events occurring.
-External scheduling can generally be done either in terms of control flow (\eg Ada with @accept@, \uC with @_Accept@) or in terms of data (\eg Go with channels).
-Of course, both of these paradigms have their own strengths and weaknesses, but for this project, control-flow semantics was chosen to stay consistent with the rest of the languages semantics.
-Two challenges specific to \CFA arise when trying to add external scheduling with loose object definitions and multiple-monitor routines.
-The previous example shows a simple use @_Accept@ versus @wait@/@signal@ and its advantages.
-Note that while other languages often use @accept@/@select@ as the core external scheduling keyword, \CFA uses @waitfor@ to prevent name collisions with existing socket \textbf{api}s.
-
-For the @P@ member above using internal scheduling, the call to @wait@ only guarantees that @V@ is the last routine to access the monitor, allowing a third routine, say @isInUse()@, acquire mutual exclusion several times while routine @P@ is waiting.
-On the other hand, external scheduling guarantees that while routine @P@ is waiting, no other routine than @V@ can acquire the monitor.
-
-% ======================================================================
-% ======================================================================
-\subsection{Loose Object Definitions}
-% ======================================================================
-% ======================================================================
-In \uC, a monitor class declaration includes an exhaustive list of monitor operations.
-Since \CFA is not object oriented, monitors become both more difficult to implement and less clear for a user:
-
-\begin{cfa}
-monitor A {};
-
-void f(A & mutex a);
-void g(A & mutex a) {
-        waitfor(f); // Obvious which f() to wait for
-}
-
-void f(A & mutex a, int); // New different F added in scope
-void h(A & mutex a) {
-        waitfor(f); // Less obvious which f() to wait for
-}
-\end{cfa}
-
-Furthermore, external scheduling is an example where implementation constraints become visible from the interface.
-Here is the cfa-code for the entering phase of a monitor:
-\begin{center}
-\begin{tabular}{l}
-\begin{cfa}
-        if monitor is free
-                enter
-        elif already own the monitor
-                continue
-        elif monitor accepts me
-                enter
-        else
-                block
-\end{cfa}
-\end{tabular}
-\end{center}
-For the first two conditions, it is easy to implement a check that can evaluate the condition in a few instructions.
-However, a fast check for @monitor accepts me@ is much harder to implement depending on the constraints put on the monitors.
-Indeed, monitors are often expressed as an entry queue and some acceptor queue as in Figure~\ref{fig:ClassicalMonitor}.
+\end{cquote}
+For @wait( e )@, the default semantics is to atomically block the signaller and release all acquired mutex parameters, \ie @wait( e, m1, m2 )@.
+To override the implicit multi-monitor wait, specific mutex parameter(s) can be specified, \eg @wait( e, m1 )@.
+Wait cannot statically verifies the released monitors are the acquired mutex-parameters without disallowing separately compiled helper functions calling @wait@.
+While \CC supports bulk locking, @wait@ only accepts a single lock for a condition variable, so bulk locking with condition variables is asymmetric.
+Finally, a signaller,
+\begin{cfa}
+void baz( M & mutex m1, M & mutex m2 ) {
+        ... signal( e ); ...
+}
+\end{cfa}
+must have acquired at least the same locks as the waiting thread signalled from a condition queue to allow the locks to be passed, and hence, prevent barging.
+
+Similarly, for @waitfor( rtn )@, the default semantics is to atomically block the acceptor and release all acquired mutex parameters, \ie @waitfor( rtn, m1, m2 )@.
+To override the implicit multi-monitor wait, specific mutex parameter(s) can be specified, \eg @waitfor( rtn, m1 )@.
+@waitfor@ does statically verify the monitor types passed are the same as the acquired mutex-parameters of the given function or function pointer, hence the function (pointer) prototype must be accessible.
+% When an overloaded function appears in an @waitfor@ statement, calls to any function with that name are accepted.
+% The rationale is that members with the same name should perform a similar function, and therefore, all should be eligible to accept a call.
+Overloaded functions can be disambiguated using a cast
+\begin{cfa}
+void rtn( M & mutex m );
+`int` rtn( M & mutex m );
+waitfor( (`int` (*)( M & mutex ))rtn, m );
+\end{cfa}
+
+The ability to release a subset of acquired monitors can result in a \newterm{nested monitor}~\cite{Lister77} deadlock.
+\begin{cfa}
+void foo( M & mutex m1, M & mutex m2 ) {
+        ... wait( `e, m1` ); ...                                $\C{// release m1, keeping m2 acquired )}$
+void bar( M & mutex m1, M & mutex m2 ) {        $\C{// must acquire m1 and m2 )}$
+        ... signal( `e` ); ...
+\end{cfa}
+The @wait@ only releases @m1@ so the signalling thread cannot acquire @m1@ and @m2@ to enter @bar@ and @signal@ the condition.
+While deadlock can occur with multiple/nesting acquisition, this is a consequence of locks, and by extension monitors, not being perfectly composable.
+
+
+
+\subsection{\texorpdfstring{Extended \protect\lstinline@waitfor@}{Extended waitfor}}
+
+Figure~\ref{f:ExtendedWaitfor} shows the extended form of the @waitfor@ statement to conditionally accept one of a group of mutex functions, with an optional statement to be performed \emph{after} the mutex function finishes.
+For a @waitfor@ clause to be executed, its @when@ must be true and an outstanding call to its corresponding member(s) must exist.
+The \emph{conditional-expression} of a @when@ may call a function, but the function must not block or context switch.
+If there are multiple acceptable mutex calls, selection occurs top-to-bottom (prioritized) among the @waitfor@ clauses, whereas some programming languages with similar mechanisms accept nondeterministically for this case, \eg Go \lstinline[morekeywords=select]@select@.
+If some accept guards are true and there are no outstanding calls to these members, the acceptor is blocked until a call to one of these members is made.
+If there is a @timeout@ clause, it provides an upper bound on waiting.
+If all the accept guards are false, the statement does nothing, unless there is a terminating @else@ clause with a true guard, which is executed instead.
+Hence, the terminating @else@ clause allows a conditional attempt to accept a call without blocking.
+If both @timeout@ and @else@ clause are present, the @else@ must be conditional, or the @timeout@ is never triggered.
+There is also a traditional future wait queue (not shown) (\eg Microsoft (@WaitForMultipleObjects@)), to wait for a specified number of future elements in the queue.
 
 \begin{figure}
 \centering
-\subfloat[Classical Monitor] {
-\label{fig:ClassicalMonitor}
-{\resizebox{0.45\textwidth}{!}{\input{monitor}}}
-}% subfloat
-\qquad
-\subfloat[bulk acquire Monitor] {
-\label{fig:BulkMonitor}
-{\resizebox{0.45\textwidth}{!}{\input{ext_monitor}}}
-}% subfloat
-\caption{External Scheduling Monitor}
+\begin{cfa}
+`when` ( $\emph{conditional-expression}$ )      $\C{// optional guard}$
+        waitfor( $\emph{mutex-member-name}$ ) $\emph{statement}$ $\C{// action after call}$
+`or` `when` ( $\emph{conditional-expression}$ ) $\C{// any number of functions}$
+        waitfor( $\emph{mutex-member-name}$ ) $\emph{statement}$
+`or`    ...
+`when` ( $\emph{conditional-expression}$ ) $\C{// optional guard}$
+        `timeout` $\emph{statement}$ $\C{// optional terminating timeout clause}$
+`when` ( $\emph{conditional-expression}$ ) $\C{// optional guard}$
+        `else`  $\emph{statement}$ $\C{// optional terminating clause}$
+\end{cfa}
+\caption{Extended \protect\lstinline@waitfor@}
+\label{f:ExtendedWaitfor}
 \end{figure}
 
-There are other alternatives to these pictures, but in the case of the left picture, implementing a fast accept check is relatively easy.
-Restricted to a fixed number of mutex members, N, the accept check reduces to updating a bitmask when the acceptor queue changes, a check that executes in a single instruction even with a fairly large number (\eg 128) of mutex members.
-This approach requires a unique dense ordering of routines with an upper-bound and that ordering must be consistent across translation units.
-For OO languages these constraints are common, since objects only offer adding member routines consistently across translation units via inheritance.
-However, in \CFA users can extend objects with mutex routines that are only visible in certain translation unit.
-This means that establishing a program-wide dense-ordering among mutex routines can only be done in the program linking phase, and still could have issues when using dynamically shared objects.
-
-The alternative is to alter the implementation as in Figure~\ref{fig:BulkMonitor}.
-Here, the mutex routine called is associated with a thread on the entry queue while a list of acceptable routines is kept separate.
-Generating a mask dynamically means that the storage for the mask information can vary between calls to @waitfor@, allowing for more flexibility and extensions.
-Storing an array of accepted routine pointers replaces the single instruction bitmask comparison with dereferencing a pointer followed by a linear search.
-Furthermore, supporting nested external scheduling (\eg listing \ref{f:nest-ext}) may now require additional searches for the @waitfor@ statement to check if a routine is already queued.
+Note, a group of conditional @waitfor@ clauses is \emph{not} the same as a group of @if@ statements, \eg:
+\begin{cfa}
+if ( C1 ) waitfor( mem1 );                       when ( C1 ) waitfor( mem1 );
+else if ( C2 ) waitfor( mem2 );         or when ( C2 ) waitfor( mem2 );
+\end{cfa}
+The left example only accepts @mem1@ if @C1@ is true or only @mem2@ if @C2@ is true.
+The right example accepts either @mem1@ or @mem2@ if @C1@ and @C2@ are true.
+
+An interesting use of @waitfor@ is accepting the @mutex@ destructor to know when an object is deallocated, \eg assume the bounded buffer is restructred from a monitor to a thread with the following @main@.
+\begin{cfa}
+void main( Buffer(T) & buffer ) with(buffer) {
+        for () {
+                `waitfor( ^?{}, buffer )` break;
+                or when ( count != 20 ) waitfor( insert, buffer ) { ... }
+                or when ( count != 0 ) waitfor( remove, buffer ) { ... }
+        }
+        // clean up
+}
+\end{cfa}
+When the program main deallocates the buffer, it first calls the buffer's destructor, which is accepted, the destructor runs, and the buffer is deallocated.
+However, the buffer thread cannot continue after the destructor call because the object is gone;
+hence, clean up in @main@ cannot occur, which means destructors for local objects are not run.
+To make this useful capability work, the semantics for accepting the destructor is the same as @signal@, \ie the destructor call is placed on urgent and the acceptor continues execution, which ends the loop, cleans up, and the thread terminates.
+Then, the destructor caller unblocks from urgent to deallocate the object.
+Accepting the destructor is the idiomatic way in \CFA to terminate a thread performing direct communication.
+
+
+\subsection{Bulk Barging Prevention}
+
+Figure~\ref{f:BulkBargingPrevention} shows \CFA code where bulk acquire adds complexity to the internal-signalling semantics.
+The complexity begins at the end of the inner @mutex@ statement, where the semantics of internal scheduling need to be extended for multiple monitors.
+The problem is that bulk acquire is used in the inner @mutex@ statement where one of the monitors is already acquired.
+When the signalling thread reaches the end of the inner @mutex@ statement, it should transfer ownership of @m1@ and @m2@ to the waiting threads to prevent barging into the outer @mutex@ statement by another thread.
+However, both the signalling and waiting threads W1 and W2 need some subset of monitors @m1@ and @m2@.
+\begin{cquote}
+condition c: (order 1) W2(@m2@), W1(@m1@,@m2@)\ \ \ or\ \ \ (order 2) W1(@m1@,@m2@), W2(@m2@) \\
+S: acq. @m1@ $\rightarrow$ acq. @m1,m2@ $\rightarrow$ @signal(c)@ $\rightarrow$ rel. @m2@ $\rightarrow$ pass @m2@ unblock W2 (order 2) $\rightarrow$ rel. @m1@ $\rightarrow$ pass @m1,m2@ unblock W1 \\
+\hspace*{2.75in}$\rightarrow$ rel. @m1@ $\rightarrow$ pass @m1,m2@ unblock W1 (order 1)
+\end{cquote}
 
 \begin{figure}
-\begin{cfa}[caption={Example of nested external scheduling},label={f:nest-ext}]
-monitor M {};
-void foo( M & mutex a ) {}
-void bar( M & mutex b ) {
-        // Nested in the waitfor(bar, c) call
-        waitfor(foo, b);
-}
-void baz( M & mutex c ) {
-        waitfor(bar, c);
-}
-
-\end{cfa}
+\newbox\myboxA
+\begin{lrbox}{\myboxA}
+\begin{cfa}[aboveskip=0pt,belowskip=0pt]
+monitor M m1, m2;
+condition c;
+mutex( m1 ) { // $\LstCommentStyle{\color{red}outer}$
+        ...
+        mutex( m1, m2 ) { // $\LstCommentStyle{\color{red}inner}$
+                ... `signal( c )`; ...
+                // m1, m2 still acquired
+        } // $\LstCommentStyle{\color{red}release m2}$
+        // m1 acquired
+} // release m1
+\end{cfa}
+\end{lrbox}
+
+\newbox\myboxB
+\begin{lrbox}{\myboxB}
+\begin{cfa}[aboveskip=0pt,belowskip=0pt]
+
+
+mutex( m1 ) {
+        ...
+        mutex( m1, m2 ) {
+                ... `wait( c )`; // release m1, m2
+                // m1, m2 reacquired
+        } // $\LstCommentStyle{\color{red}release m2}$
+        // m1 acquired
+} // release m1
+\end{cfa}
+\end{lrbox}
+
+\newbox\myboxC
+\begin{lrbox}{\myboxC}
+\begin{cfa}[aboveskip=0pt,belowskip=0pt]
+
+
+mutex( m2 ) {
+        ... `wait( c )`; // release m2
+        // m2 reacquired
+} // $\LstCommentStyle{\color{red}release m2}$
+
+
+
+
+\end{cfa}
+\end{lrbox}
+
+\begin{cquote}
+\subfloat[Signalling Thread (S)]{\label{f:SignallingThread}\usebox\myboxA}
+\hspace{3\parindentlnth}
+\subfloat[Waiting Thread (W1)]{\label{f:WaitingThread}\usebox\myboxB}
+\hspace{2\parindentlnth}
+\subfloat[Waiting Thread (W2)]{\label{f:OtherWaitingThread}\usebox\myboxC}
+\end{cquote}
+\caption{Bulk Barging Prevention}
+\label{f:BulkBargingPrevention}
 \end{figure}
 
-Note that in the right picture, tasks need to always keep track of the monitors associated with mutex routines, and the routine mask needs to have both a routine pointer and a set of monitors, as is discussed in the next section.
-These details are omitted from the picture for the sake of simplicity.
-
-At this point, a decision must be made between flexibility and performance.
-Many design decisions in \CFA achieve both flexibility and performance, for example polymorphic routines add significant flexibility but inlining them means the optimizer can easily remove any runtime cost.
-Here, however, the cost of flexibility cannot be trivially removed.
-In the end, the most flexible approach has been chosen since it allows users to write programs that would otherwise be  hard to write.
-This decision is based on the assumption that writing fast but inflexible locks is closer to a solved problem than writing locks that are as flexible as external scheduling in \CFA.
-
-% ======================================================================
-% ======================================================================
+One scheduling solution is for the signaller S to keep ownership of all locks until the last lock is ready to be transferred, because this semantics fits most closely to the behaviour of single-monitor scheduling.
+However, this solution is inefficient if W2 waited first and can be immediate passed @m2@ when released, while S retains @m1@ until completion of the outer mutex statement.
+If W1 waited first, the signaller must retain @m1@ amd @m2@ until completion of the outer mutex statement and then pass both to W1.
+% Furthermore, there is an execution sequence where the signaller always finds waiter W2, and hence, waiter W1 starves.
+To support this efficient semantics (and prevent barging), the implementation maintains a list of monitors acquired for each blocked thread.
+When a signaller exits or waits in a monitor function/statement, the front waiter on urgent is unblocked if all its monitors are released.
+Implementing a fast subset check for the necessary released monitors is important.
+% The benefit is encapsulating complexity into only two actions: passing monitors to the next owner when they should be released and conditionally waking threads if all conditions are met.
+
+
+\subsection{Loose Object Definitions}
+\label{s:LooseObjectDefinitions}
+
+In an object-oriented programming language, a class includes an exhaustive list of operations.
+A new class can add members via static inheritance but the subclass still has an exhaustive list of operations.
+(Dynamic member adding, \eg JavaScript~\cite{JavaScript}, is not considered.)
+In the object-oriented scenario, the type and all its operators are always present at compilation (even separate compilation), so it is possible to number the operations in a bit mask and use an $O(1)$ compare with a similar bit mask created for the operations specified in a @waitfor@.
+
+However, in \CFA, monitor functions can be statically added/removed in translation units, making a fast subset check difficult.
+\begin{cfa}
+        monitor M { ... }; // common type, included in .h file
+translation unit 1
+        void `f`( M & mutex m );
+        void g( M & mutex m ) { waitfor( `f`, m ); }
+translation unit 2
+        void `f`( M & mutex m ); $\C{// replacing f and g for type M in this translation unit}$
+        void `g`( M & mutex m );
+        void h( M & mutex m ) { waitfor( `f`, m ) or waitfor( `g`, m ); } $\C{// extending type M in this translation unit}$
+\end{cfa}
+The @waitfor@ statements in each translation unit cannot form a unique bit-mask because the monitor type does not carry that information.
+Hence, function pointers are used to identify the functions listed in the @waitfor@ statement, stored in a variable-sized array.
+Then, the same implementation approach used for the urgent stack is used for the calling queue.
+Each caller has a list of monitors acquired, and the @waitfor@ statement performs a (usually short) linear search matching functions in the @waitfor@ list with called functions, and then verifying the associated mutex locks can be transfers.
+(A possible way to construct a dense mapping is at link or load-time.)
+
+
 \subsection{Multi-Monitor Scheduling}
-% ======================================================================
-% ======================================================================
-
-External scheduling, like internal scheduling, becomes significantly more complex when introducing multi-monitor syntax.
-Even in the simplest possible case, some new semantics needs to be established:
-\begin{cfa}
-monitor M {};
-
-void f(M & mutex a);
-
-void g(M & mutex b, M & mutex c) {
-        waitfor(f); // two monitors M => unknown which to pass to f(M & mutex)
-}
-\end{cfa}
-The obvious solution is to specify the correct monitor as follows:
-
-\begin{cfa}
-monitor M {};
-
-void f(M & mutex a);
-
-void g(M & mutex a, M & mutex b) {
-        // wait for call to f with argument b
-        waitfor(f, b);
-}
-\end{cfa}
-This syntax is unambiguous.
-Both locks are acquired and kept by @g@.
-When routine @f@ is called, the lock for monitor @b@ is temporarily transferred from @g@ to @f@ (while @g@ still holds lock @a@).
-This behaviour can be extended to the multi-monitor @waitfor@ statement as follows.
-
-\begin{cfa}
-monitor M {};
-
-void f(M & mutex a, M & mutex b);
-
-void g(M & mutex a, M & mutex b) {
-        // wait for call to f with arguments a and b
-        waitfor(f, a, b);
-}
-\end{cfa}
-
-Note that the set of monitors passed to the @waitfor@ statement must be entirely contained in the set of monitors already acquired in the routine. @waitfor@ used in any other context is undefined behaviour.
-
-An important behaviour to note is when a set of monitors only match partially:
-
-\begin{cfa}
-mutex struct A {};
-
-mutex struct B {};
-
-void g(A & mutex a, B & mutex b) {
-        waitfor(f, a, b);
-}
-
-A a1, a2;
-B b;
-
-void foo() {
-        g(a1, b); // block on accept
-}
-
-void bar() {
-        f(a2, b); // fulfill cooperation
-}
-\end{cfa}
-While the equivalent can happen when using internal scheduling, the fact that conditions are specific to a set of monitors means that users have to use two different condition variables.
-In both cases, partially matching monitor sets does not wakeup the waiting thread.
-It is also important to note that in the case of external scheduling the order of parameters is irrelevant; @waitfor(f,a,b)@ and @waitfor(f,b,a)@ are indistinguishable waiting condition.
-
-% ======================================================================
-% ======================================================================
-\subsection{\protect\lstinline|waitfor| Semantics}
-% ======================================================================
-% ======================================================================
-
-Syntactically, the @waitfor@ statement takes a routine identifier and a set of monitors.
-While the set of monitors can be any list of expressions, the routine name is more restricted because the compiler validates at compile time the validity of the routine type and the parameters used with the @waitfor@ statement.
-It checks that the set of monitors passed in matches the requirements for a routine call.
-Figure~\ref{f:waitfor} shows various usages of the waitfor statement and which are acceptable.
-The choice of the routine type is made ignoring any non-@mutex@ parameter.
-One limitation of the current implementation is that it does not handle overloading, but overloading is possible.
+\label{s:Multi-MonitorScheduling}
+
+External scheduling, like internal scheduling, becomes significantly more complex for multi-monitor semantics.
+Even in the simplest case, new semantics need to be established.
+\begin{cfa}
+monitor M { ... };
+void f( M & mutex m1 );
+void g( M & mutex m1, M & mutex m2 ) { `waitfor( f );` } $\C{// pass m1 or m2 to f?}$
+\end{cfa}
+The solution is for the programmer to disambiguate:
+\begin{cfa}
+waitfor( f, `m2` ); $\C{// wait for call to f with argument m2}$
+\end{cfa}
+Both locks are acquired by function @g@, so when function @f@ is called, the lock for monitor @m2@ is passed from @g@ to @f@, while @g@ still holds lock @m1@.
+This behaviour can be extended to the multi-monitor @waitfor@ statement.
+\begin{cfa}
+monitor M { ... };
+void f( M & mutex m1, M & mutex m2 );
+void g( M & mutex m1, M & mutex m2 ) { waitfor( f, `m1, m2` ); $\C{// wait for call to f with arguments m1 and m2}$
+\end{cfa}
+Again, the set of monitors passed to the @waitfor@ statement must be entirely contained in the set of monitors already acquired by the accepting function.
+Also, the order of the monitors in a @waitfor@ statement is unimportant.
+
+Figure~\ref{f:UnmatchedMutexSets} shows an example where, for internal and external scheduling with multiple monitors, a signalling or accepting thread must match exactly, \ie partial matching results in waiting.
+For both examples, the set of monitors is disjoint so unblocking is impossible.
+
 \begin{figure}
-\begin{cfa}[caption={Various correct and incorrect uses of the waitfor statement},label={f:waitfor}]
-monitor A{};
-monitor B{};
-
-void f1( A & mutex );
-void f2( A & mutex, B & mutex );
-void f3( A & mutex, int );
-void f4( A & mutex, int );
-void f4( A & mutex, double );
-
-void foo( A & mutex a1, A & mutex a2, B & mutex b1, B & b2 ) {
-        A * ap = & a1;
-        void (*fp)( A & mutex ) = f1;
-
-        waitfor(f1, a1);     // Correct : 1 monitor case
-        waitfor(f2, a1, b1); // Correct : 2 monitor case
-        waitfor(f3, a1);     // Correct : non-mutex arguments are ignored
-        waitfor(f1, *ap);    // Correct : expression as argument
-
-        waitfor(f1, a1, b1); // Incorrect : Too many mutex arguments
-        waitfor(f2, a1);     // Incorrect : Too few mutex arguments
-        waitfor(f2, a1, a2); // Incorrect : Mutex arguments don't match
-        waitfor(f1, 1);      // Incorrect : 1 not a mutex argument
-        waitfor(f9, a1);     // Incorrect : f9 routine does not exist
-        waitfor(*fp, a1 );   // Incorrect : fp not an identifier
-        waitfor(f4, a1);     // Incorrect : f4 ambiguous
-
-        waitfor(f2, a1, b2); // Undefined behaviour : b2 not mutex
-}
-\end{cfa}
+\centering
+\begin{lrbox}{\myboxA}
+\begin{cfa}[aboveskip=0pt,belowskip=0pt]
+monitor M1 {} m11, m12;
+monitor M2 {} m2;
+condition c;
+void f( M1 & mutex m1, M2 & mutex m2 ) {
+        signal( c );
+}
+void g( M1 & mutex m1, M2 & mutex m2 ) {
+        wait( c );
+}
+g( `m11`, m2 ); // block on wait
+f( `m12`, m2 ); // cannot fulfil
+\end{cfa}
+\end{lrbox}
+
+\begin{lrbox}{\myboxB}
+\begin{cfa}[aboveskip=0pt,belowskip=0pt]
+monitor M1 {} m11, m12;
+monitor M2 {} m2;
+
+void f( M1 & mutex m1, M2 & mutex m2 ) {
+
+}
+void g( M1 & mutex m1, M2 & mutex m2 ) {
+        waitfor( f, m1, m2 );
+}
+g( `m11`, m2 ); // block on accept
+f( `m12`, m2 ); // cannot fulfil
+\end{cfa}
+\end{lrbox}
+\subfloat[Internal scheduling]{\label{f:InternalScheduling}\usebox\myboxA}
+\hspace{3pt}
+\vrule
+\hspace{3pt}
+\subfloat[External scheduling]{\label{f:ExternalScheduling}\usebox\myboxB}
+\caption{Unmatched \protect\lstinline@mutex@ sets}
+\label{f:UnmatchedMutexSets}
 \end{figure}
 
-Finally, for added flexibility, \CFA supports constructing a complex @waitfor@ statement using the @or@, @timeout@ and @else@.
-Indeed, multiple @waitfor@ clauses can be chained together using @or@; this chain forms a single statement that uses baton pass to any routine that fits one of the routine+monitor set passed in.
-To enable users to tell which accepted routine executed, @waitfor@s are followed by a statement (including the null statement @;@) or a compound statement, which is executed after the clause is triggered.
-A @waitfor@ chain can also be followed by a @timeout@, to signify an upper bound on the wait, or an @else@, to signify that the call should be non-blocking, which checks for a matching routine call already arrived and otherwise continues.
-Any and all of these clauses can be preceded by a @when@ condition to dynamically toggle the accept clauses on or off based on some current state.
-Figure~\ref{f:waitfor2} demonstrates several complex masks and some incorrect ones.
+
+\subsection{\texorpdfstring{\protect\lstinline@mutex@ Threads}{mutex Threads}}
+
+Threads in \CFA can also be monitors to allow \emph{direct communication} among threads, \ie threads can have mutex functions that are called by other threads.
+Hence, all monitor features are available when using threads.
+Figure~\ref{f:DirectCommunication} shows a comparison of direct call communication in \CFA with direct channel communication in Go.
+(Ada provides a similar mechanism to the \CFA direct communication.)
+The program main in both programs communicates directly with the other thread versus indirect communication where two threads interact through a passive monitor.
+Both direct and indirection thread communication are valuable tools in structuring concurrent programs.
 
 \begin{figure}
-\lstset{language=CFA,deletedelim=**[is][]{`}{`}}
-\begin{cfa}
-monitor A{};
-
-void f1( A & mutex );
-void f2( A & mutex );
-
-void foo( A & mutex a, bool b, int t ) {
-        waitfor(f1, a);                                                 $\C{// Correct : blocking case}$
-
-        waitfor(f1, a) {                                                $\C{// Correct : block with statement}$
-                sout | "f1" | endl;
+\centering
+\begin{lrbox}{\myboxA}
+\begin{cfa}[aboveskip=0pt,belowskip=0pt]
+
+struct Msg { int i, j; };
+thread GoRtn { int i;  float f;  Msg m; };
+void mem1( GoRtn & mutex gortn, int i ) { gortn.i = i; }
+void mem2( GoRtn & mutex gortn, float f ) { gortn.f = f; }
+void mem3( GoRtn & mutex gortn, Msg m ) { gortn.m = m; }
+void ^?{}( GoRtn & mutex ) {}
+
+void main( GoRtn & gortn ) with( gortn ) {  // thread starts
+
+        for () {
+
+                `waitfor( mem1, gortn )` sout | i;  // wait for calls
+                or `waitfor( mem2, gortn )` sout | f;
+                or `waitfor( mem3, gortn )` sout | m.i | m.j;
+                or `waitfor( ^?{}, gortn )` break;
+
         }
-        waitfor(f1, a) {                                                $\C{// Correct : block waiting for f1 or f2}$
-                sout | "f1" | endl;
-        } or waitfor(f2, a) {
-                sout | "f2" | endl;
+
+}
+int main() {
+        GoRtn gortn; $\C[2.0in]{// start thread}$
+        `mem1( gortn, 0 );` $\C{// different calls}\CRT$
+        `mem2( gortn, 2.5 );`
+        `mem3( gortn, (Msg){1, 2} );`
+
+
+} // wait for completion
+\end{cfa}
+\end{lrbox}
+
+\begin{lrbox}{\myboxB}
+\begin{Go}[aboveskip=0pt,belowskip=0pt]
+func main() {
+        type Msg struct{ i, j int }
+
+        ch1 := make( chan int )
+        ch2 := make( chan float32 )
+        ch3 := make( chan Msg )
+        hand := make( chan string )
+        shake := make( chan string )
+        gortn := func() { $\C[1.5in]{// thread starts}$
+                var i int;  var f float32;  var m Msg
+                L: for {
+                        select { $\C{// wait for messages}$
+                          case `i = <- ch1`: fmt.Println( i )
+                          case `f = <- ch2`: fmt.Println( f )
+                          case `m = <- ch3`: fmt.Println( m )
+                          case `<- hand`: break L $\C{// sentinel}$
+                        }
+                }
+                `shake <- "SHAKE"` $\C{// completion}$
         }
-        waitfor(f1, a); or else;                                $\C{// Correct : non-blocking case}$
-
-        waitfor(f1, a) {                                                $\C{// Correct : non-blocking case}$
-                sout | "blocked" | endl;
-        } or else {
-                sout | "didn't block" | endl;
+
+        go gortn() $\C{// start thread}$
+        `ch1 <- 0` $\C{// different messages}$
+        `ch2 <- 2.5`
+        `ch3 <- Msg{1, 2}`
+        `hand <- "HAND"` $\C{// sentinel value}$
+        `<- shake` $\C{// wait for completion}\CRT$
+}
+\end{Go}
+\end{lrbox}
+
+\subfloat[\CFA]{\label{f:CFAwaitfor}\usebox\myboxA}
+\hspace{3pt}
+\vrule
+\hspace{3pt}
+\subfloat[Go]{\label{f:Gochannel}\usebox\myboxB}
+\caption{Direct communication}
+\label{f:DirectCommunication}
+\end{figure}
+
+\begin{comment}
+The following shows an example of two threads directly calling each other and accepting calls from each other in a cycle.
+\begin{cfa}
+\end{cfa}
+\vspace{-0.8\baselineskip}
+\begin{cquote}
+\begin{tabular}{@{}l@{\hspace{3\parindentlnth}}l@{}}
+\begin{cfa}
+thread Ping {} pi;
+void ping( Ping & mutex ) {}
+void main( Ping & pi ) {
+        for ( 10 ) {
+                `waitfor( ping, pi );`
+                `pong( po );`
         }
-        waitfor(f1, a) {                                                $\C{// Correct : block at most 10 seconds}$
-                sout | "blocked" | endl;
-        } or timeout( 10`s) {
-                sout | "didn't block" | endl;
+}
+int main() {}
+\end{cfa}
+&
+\begin{cfa}
+thread Pong {} po;
+void pong( Pong & mutex ) {}
+void main( Pong & po ) {
+        for ( 10 ) {
+                `ping( pi );`
+                `waitfor( pong, po );`
         }
-        // Correct : block only if b == true if b == false, don't even make the call
-        when(b) waitfor(f1, a);
-
-        // Correct : block only if b == true if b == false, make non-blocking call
-        waitfor(f1, a); or when(!b) else;
-
-        // Correct : block only of t > 1
-        waitfor(f1, a); or when(t > 1) timeout(t); or else;
-
-        // Incorrect : timeout clause is dead code
-        waitfor(f1, a); or timeout(t); or else;
-
-        // Incorrect : order must be waitfor [or waitfor... [or timeout] [or else]]
-        timeout(t); or waitfor(f1, a); or else;
-}
-\end{cfa}
-\caption{Correct and incorrect uses of the or, else, and timeout clause around a waitfor statement}
-\label{f:waitfor2}
-\end{figure}
-
-% ======================================================================
-% ======================================================================
-\subsection{Waiting For The Destructor}
-% ======================================================================
-% ======================================================================
-An interesting use for the @waitfor@ statement is destructor semantics.
-Indeed, the @waitfor@ statement can accept any @mutex@ routine, which includes the destructor (see section \ref{data}).
-However, with the semantics discussed until now, waiting for the destructor does not make any sense, since using an object after its destructor is called is undefined behaviour.
-The simplest approach is to disallow @waitfor@ on a destructor.
-However, a more expressive approach is to flip ordering of execution when waiting for the destructor, meaning that waiting for the destructor allows the destructor to run after the current @mutex@ routine, similarly to how a condition is signalled.
-\begin{figure}
-\begin{cfa}[caption={Example of an executor which executes action in series until the destructor is called.},label={f:dtor-order}]
-monitor Executer {};
-struct  Action;
-
-void ^?{}   (Executer & mutex this);
-void execute(Executer & mutex this, const Action & );
-void run    (Executer & mutex this) {
-        while(true) {
-                   waitfor(execute, this);
-                or waitfor(^?{}   , this) {
-                        break;
-                }
-        }
-}
-\end{cfa}
-\end{figure}
-For example, listing \ref{f:dtor-order} shows an example of an executor with an infinite loop, which waits for the destructor to break out of this loop.
-Switching the semantic meaning introduces an idiomatic way to terminate a task and/or wait for its termination via destruction.
-
-
-% ######     #    ######     #    #       #       ####### #       ###  #####  #     #
-% #     #   # #   #     #   # #   #       #       #       #        #  #     # ##   ##
-% #     #  #   #  #     #  #   #  #       #       #       #        #  #       # # # #
-% ######  #     # ######  #     # #       #       #####   #        #   #####  #  #  #
-% #       ####### #   #   ####### #       #       #       #        #        # #     #
-% #       #     # #    #  #     # #       #       #       #        #  #     # #     #
-% #       #     # #     # #     # ####### ####### ####### ####### ###  #####  #     #
-\section{Parallelism}
-Historically, computer performance was about processor speeds and instruction counts.
-However, with heat dissipation being a direct consequence of speed increase, parallelism has become the new source for increased performance~\cite{Sutter05, Sutter05b}.
-In this decade, it is no longer reasonable to create a high-performance application without caring about parallelism.
-Indeed, parallelism is an important aspect of performance and more specifically throughput and hardware utilization.
-The lowest-level approach of parallelism is to use \textbf{kthread} in combination with semantics like @fork@, @join@, \etc.
-However, since these have significant costs and limitations, \textbf{kthread} are now mostly used as an implementation tool rather than a user oriented one.
-There are several alternatives to solve these issues that all have strengths and weaknesses.
-While there are many variations of the presented paradigms, most of these variations do not actually change the guarantees or the semantics, they simply move costs in order to achieve better performance for certain workloads.
-
-\section{Paradigms}
-\subsection{User-Level Threads}
-A direct improvement on the \textbf{kthread} approach is to use \textbf{uthread}.
-These threads offer most of the same features that the operating system already provides but can be used on a much larger scale.
-This approach is the most powerful solution as it allows all the features of multithreading, while removing several of the more expensive costs of kernel threads.
-The downside is that almost none of the low-level threading problems are hidden; users still have to think about data races, deadlocks and synchronization issues.
-These issues can be somewhat alleviated by a concurrency toolkit with strong guarantees, but the parallelism toolkit offers very little to reduce complexity in itself.
-
-Examples of languages that support \textbf{uthread} are Erlang~\cite{Erlang} and \uC~\cite{uC++book}.
-
-\subsection{Fibers : User-Level Threads Without Preemption} \label{fibers}
-A popular variant of \textbf{uthread} is what is often referred to as \textbf{fiber}.
-However, \textbf{fiber} do not present meaningful semantic differences with \textbf{uthread}.
-The significant difference between \textbf{uthread} and \textbf{fiber} is the lack of \textbf{preemption} in the latter.
-Advocates of \textbf{fiber} list their high performance and ease of implementation as major strengths, but the performance difference between \textbf{uthread} and \textbf{fiber} is controversial, and the ease of implementation, while true, is a weak argument in the context of language design.
-Therefore this proposal largely ignores fibers.
-
-An example of a language that uses fibers is Go~\cite{Go}
-
-\subsection{Jobs and Thread Pools}
-An approach on the opposite end of the spectrum is to base parallelism on \textbf{pool}.
-Indeed, \textbf{pool} offer limited flexibility but at the benefit of a simpler user interface.
-In \textbf{pool} based systems, users express parallelism as units of work, called jobs, and a dependency graph (either explicit or implicit) that ties them together.
-This approach means users need not worry about concurrency but significantly limit the interaction that can occur among jobs.
-Indeed, any \textbf{job} that blocks also block the underlying worker, which effectively means the CPU utilization, and therefore throughput, suffers noticeably.
-It can be argued that a solution to this problem is to use more workers than available cores.
-However, unless the number of jobs and the number of workers are comparable, having a significant number of blocked jobs always results in idles cores.
-
-The gold standard of this implementation is Intel's TBB library~\cite{TBB}.
-
-\subsection{Paradigm Performance}
-While the choice between the three paradigms listed above may have significant performance implications, it is difficult to pin down the performance implications of choosing a model at the language level.
-Indeed, in many situations one of these paradigms may show better performance but it all strongly depends on the workload.
-Having a large amount of mostly independent units of work to execute almost guarantees equivalent performance across paradigms and that the \textbf{pool}-based system has the best efficiency thanks to the lower memory overhead (\ie no thread stack per job).
-However, interactions among jobs can easily exacerbate contention.
-User-level threads allow fine-grain context switching, which results in better resource utilization, but a context switch is more expensive and the extra control means users need to tweak more variables to get the desired performance.
-Finally, if the units of uninterrupted work are large, enough the paradigm choice is largely amortized by the actual work done.
-
-\section{The \protect\CFA\ Kernel : Processors, Clusters and Threads}\label{kernel}
-A \textbf{cfacluster} is a group of \textbf{kthread} executed in isolation. \textbf{uthread} are scheduled on the \textbf{kthread} of a given \textbf{cfacluster}, allowing organization between \textbf{uthread} and \textbf{kthread}.
-It is important that \textbf{kthread} belonging to a same \textbf{cfacluster} have homogeneous settings, otherwise migrating a \textbf{uthread} from one \textbf{kthread} to the other can cause issues.
-A \textbf{cfacluster} also offers a pluggable scheduler that can optimize the workload generated by the \textbf{uthread}.
-
-\textbf{cfacluster} have not been fully implemented in the context of this paper.
-Currently \CFA only supports one \textbf{cfacluster}, the initial one.
-
-\subsection{Future Work: Machine Setup}\label{machine}
-While this was not done in the context of this paper, another important aspect of clusters is affinity.
-While many common desktop and laptop PCs have homogeneous CPUs, other devices often have more heterogeneous setups.
-For example, a system using \textbf{numa} configurations may benefit from users being able to tie clusters and/or kernel threads to certain CPU cores.
-OS support for CPU affinity is now common~\cite{affinityLinux, affinityWindows, affinityFreebsd, affinityNetbsd, affinityMacosx}, which means it is both possible and desirable for \CFA to offer an abstraction mechanism for portable CPU affinity.
-
-\subsection{Paradigms}\label{cfaparadigms}
-Given these building blocks, it is possible to reproduce all three of the popular paradigms.
-Indeed, \textbf{uthread} is the default paradigm in \CFA.
-However, disabling \textbf{preemption} on a cluster means threads effectively become fibers.
-Since several \textbf{cfacluster} with different scheduling policy can coexist in the same application, this allows \textbf{fiber} and \textbf{uthread} to coexist in the runtime of an application.
-Finally, it is possible to build executors for thread pools from \textbf{uthread} or \textbf{fiber}, which includes specialized jobs like actors~\cite{Actors}.
-
-
-
-\section{Behind the Scenes}
-There are several challenges specific to \CFA when implementing concurrency.
-These challenges are a direct result of bulk acquire and loose object definitions.
-These two constraints are the root cause of most design decisions in the implementation.
-Furthermore, to avoid contention from dynamically allocating memory in a concurrent environment, the internal-scheduling design is (almost) entirely free of mallocs.
-This approach avoids the chicken and egg problem~\cite{Chicken} of having a memory allocator that relies on the threading system and a threading system that relies on the runtime.
-This extra goal means that memory management is a constant concern in the design of the system.
-
-The main memory concern for concurrency is queues.
-All blocking operations are made by parking threads onto queues and all queues are designed with intrusive nodes, where each node has pre-allocated link fields for chaining, to avoid the need for memory allocation.
-Since several concurrency operations can use an unbound amount of memory (depending on bulk acquire), statically defining information in the intrusive fields of threads is insufficient.The only way to use a variable amount of memory without requiring memory allocation is to pre-allocate large buffers of memory eagerly and store the information in these buffers.
-Conveniently, the call stack fits that description and is easy to use, which is why it is used heavily in the implementation of internal scheduling, particularly variable-length arrays.
-Since stack allocation is based on scopes, the first step of the implementation is to identify the scopes that are available to store the information, and which of these can have a variable-length array.
-The threads and the condition both have a fixed amount of memory, while @mutex@ routines and blocking calls allow for an unbound amount, within the stack size.
-
-Note that since the major contributions of this paper are extending monitor semantics to bulk acquire and loose object definitions, any challenges that are not resulting of these characteristics of \CFA are considered as solved problems and therefore not discussed.
-
-% ======================================================================
-% ======================================================================
-\section{Mutex Routines}
-% ======================================================================
-% ======================================================================
-
-The first step towards the monitor implementation is simple @mutex@ routines.
-In the single monitor case, mutual-exclusion is done using the entry/exit procedure in listing \ref{f:entry1}.
-The entry/exit procedures do not have to be extended to support multiple monitors.
-Indeed it is sufficient to enter/leave monitors one-by-one as long as the order is correct to prevent deadlock~\cite{Havender68}.
-In \CFA, ordering of monitor acquisition relies on memory ordering.
-This approach is sufficient because all objects are guaranteed to have distinct non-overlapping memory layouts and mutual-exclusion for a monitor is only defined for its lifetime, meaning that destroying a monitor while it is acquired is undefined behaviour.
-When a mutex call is made, the concerned monitors are aggregated into a variable-length pointer array and sorted based on pointer values.
-This array persists for the entire duration of the mutual-exclusion and its ordering reused extensively.
-\begin{figure}
-\begin{multicols}{2}
-Entry
-\begin{cfa}
-if monitor is free
-        enter
-elif already own the monitor
-        continue
-else
-        block
-increment recursions
-\end{cfa}
-\columnbreak
-Exit
-\begin{cfa}
-decrement recursion
-if recursion == 0
-        if entry queue not empty
-                wake-up thread
-\end{cfa}
-\end{multicols}
-\begin{cfa}[caption={Initial entry and exit routine for monitors},label={f:entry1}]
-\end{cfa}
-\end{figure}
-
-\subsection{Details: Interaction with polymorphism}
-Depending on the choice of semantics for when monitor locks are acquired, interaction between monitors and \CFA's concept of polymorphism can be more complex to support.
-However, it is shown that entry-point locking solves most of the issues.
-
-First of all, interaction between @otype@ polymorphism (see Section~\ref{s:ParametricPolymorphism}) and monitors is impossible since monitors do not support copying.
-Therefore, the main question is how to support @dtype@ polymorphism.
-It is important to present the difference between the two acquiring options: \textbf{callsite-locking} and entry-point locking, \ie acquiring the monitors before making a mutex routine-call or as the first operation of the mutex routine-call.
-For example:
+}
+
+\end{cfa}
+\end{tabular}
+\end{cquote}
+% \lstMakeShortInline@%
+% \caption{Threads ping/pong using external scheduling}
+% \label{f:pingpong}
+% \end{figure}
+Note, the ping/pong threads are globally declared, @pi@/@po@, and hence, start (and possibly complete) before the program main starts.
+\end{comment}
+
+
+\subsection{Execution Properties}
+
+Table~\ref{t:ObjectPropertyComposition} shows how the \CFA high-level constructs cover 3 fundamental execution properties: thread, stateful function, and mutual exclusion.
+Case 1 is a basic object, with none of the new execution properties.
+Case 2 allows @mutex@ calls to Case 1 to protect shared data.
+Case 3 allows stateful functions to suspend/resume but restricts operations because the state is stackless.
+Case 4 allows @mutex@ calls to Case 3 to protect shared data.
+Cases 5 and 6 are the same as 3 and 4 without restriction because the state is stackful.
+Cases 7 and 8 are rejected because a thread cannot execute without a stackful state in a preemptive environment when context switching from the signal handler.
+Cases 9 and 10 have a stackful thread without and with @mutex@ calls.
+For situations where threads do not require direct communication, case 9 provides faster creation/destruction by eliminating @mutex@ setup.
+
 \begin{table}
-\begin{center}
-\begin{tabular}{|c|c|c|}
-Mutex & \textbf{callsite-locking} & \textbf{entry-point-locking} \\
-call & cfa-code & cfa-code \\
+\caption{Object property composition}
+\centering
+\label{t:ObjectPropertyComposition}
+\renewcommand{\arraystretch}{1.25}
+%\setlength{\tabcolsep}{5pt}
+\begin{tabular}{c|c||l|l}
+\multicolumn{2}{c||}{object properties} & \multicolumn{2}{c}{mutual exclusion} \\
 \hline
-\begin{cfa}[tabsize=3]
-void foo(monitor& mutex a){
-
-        // Do Work
-        //...
-
-}
-
-void main() {
-        monitor a;
-
-        foo(a);
-
-}
-\end{cfa} & \begin{cfa}[tabsize=3]
-foo(& a) {
-
-        // Do Work
-        //...
-
-}
-
-main() {
-        monitor a;
-        acquire(a);
-        foo(a);
-        release(a);
-}
-\end{cfa} & \begin{cfa}[tabsize=3]
-foo(& a) {
-        acquire(a);
-        // Do Work
-        //...
-        release(a);
-}
-
-main() {
-        monitor a;
-
-        foo(a);
-
-}
-\end{cfa}
-\end{tabular}
-\end{center}
-\caption{Call-site vs entry-point locking for mutex calls}
-\label{tbl:locking-site}
-\end{table}
-
-Note the @mutex@ keyword relies on the type system, which means that in cases where a generic monitor-routine is desired, writing the mutex routine is possible with the proper trait, \eg:
-\begin{cfa}
-// Incorrect: T may not be monitor
-forall(dtype T)
-void foo(T * mutex t);
-
-// Correct: this routine only works on monitors (any monitor)
-forall(dtype T | is_monitor(T))
-void bar(T * mutex t));
-\end{cfa}
-
-Both entry point and \textbf{callsite-locking} are feasible implementations.
-The current \CFA implementation uses entry-point locking because it requires less work when using \textbf{raii}, effectively transferring the burden of implementation to object construction/destruction.
-It is harder to use \textbf{raii} for call-site locking, as it does not necessarily have an existing scope that matches exactly the scope of the mutual exclusion, \ie the routine body.
-For example, the monitor call can appear in the middle of an expression.
-Furthermore, entry-point locking requires less code generation since any useful routine is called multiple times but there is only one entry point for many call sites.
-
-% ======================================================================
-% ======================================================================
-\section{Threading} \label{impl:thread}
-% ======================================================================
-% ======================================================================
-
-Figure \ref{fig:system1} shows a high-level picture if the \CFA runtime system in regards to concurrency.
-Each component of the picture is explained in detail in the flowing sections.
-
-\begin{figure}
-\begin{center}
-{\resizebox{\textwidth}{!}{\input{system.pstex_t}}}
-\end{center}
-\caption{Overview of the entire system}
-\label{fig:system1}
-\end{figure}
-
-\subsection{Processors}
-Parallelism in \CFA is built around using processors to specify how much parallelism is desired. \CFA processors are object wrappers around kernel threads, specifically @pthread@s in the current implementation of \CFA.
-Indeed, any parallelism must go through operating-system libraries.
-However, \textbf{uthread} are still the main source of concurrency, processors are simply the underlying source of parallelism.
-Indeed, processor \textbf{kthread} simply fetch a \textbf{uthread} from the scheduler and run it; they are effectively executers for user-threads.
-The main benefit of this approach is that it offers a well-defined boundary between kernel code and user code, for example, kernel thread quiescing, scheduling and interrupt handling.
-Processors internally use coroutines to take advantage of the existing context-switching semantics.
-
-\subsection{Stack Management}
-One of the challenges of this system is to reduce the footprint as much as possible.
-Specifically, all @pthread@s created also have a stack created with them, which should be used as much as possible.
-Normally, coroutines also create their own stack to run on, however, in the case of the coroutines used for processors, these coroutines run directly on the \textbf{kthread} stack, effectively stealing the processor stack.
-The exception to this rule is the Main Processor, \ie the initial \textbf{kthread} that is given to any program.
-In order to respect C user expectations, the stack of the initial kernel thread, the main stack of the program, is used by the main user thread rather than the main processor, which can grow very large.
-
-\subsection{Context Switching}
-As mentioned in section \ref{coroutine}, coroutines are a stepping stone for implementing threading, because they share the same mechanism for context-switching between different stacks.
-To improve performance and simplicity, context-switching is implemented using the following assumption: all context-switches happen inside a specific routine call.
-This assumption means that the context-switch only has to copy the callee-saved registers onto the stack and then switch the stack registers with the ones of the target coroutine/thread.
-Note that the instruction pointer can be left untouched since the context-switch is always inside the same routine
-Threads, however, do not context-switch between each other directly.
-They context-switch to the scheduler.
-This method is called a 2-step context-switch and has the advantage of having a clear distinction between user code and the kernel where scheduling and other system operations happen.
-Obviously, this doubles the context-switch cost because threads must context-switch to an intermediate stack.
-The alternative 1-step context-switch uses the stack of the ``from'' thread to schedule and then context-switches directly to the ``to'' thread.
-However, the performance of the 2-step context-switch is still superior to a @pthread_yield@ (see section \ref{results}).
-Additionally, for users in need for optimal performance, it is important to note that having a 2-step context-switch as the default does not prevent \CFA from offering a 1-step context-switch (akin to the Microsoft @SwitchToFiber@~\cite{switchToWindows} routine).
-This option is not currently present in \CFA, but the changes required to add it are strictly additive.
-
-\subsection{Preemption} \label{preemption}
-Finally, an important aspect for any complete threading system is preemption.
-As mentioned in section \ref{basics}, preemption introduces an extra degree of uncertainty, which enables users to have multiple threads interleave transparently, rather than having to cooperate among threads for proper scheduling and CPU distribution.
-Indeed, preemption is desirable because it adds a degree of isolation among threads.
-In a fully cooperative system, any thread that runs a long loop can starve other threads, while in a preemptive system, starvation can still occur but it does not rely on every thread having to yield or block on a regular basis, which reduces significantly a programmer burden.
-Obviously, preemption is not optimal for every workload.
-However any preemptive system can become a cooperative system by making the time slices extremely large.
-Therefore, \CFA uses a preemptive threading system.
-
-Preemption in \CFA\footnote{Note that the implementation of preemption is strongly tied with the underlying threading system.
-For this reason, only the Linux implementation is cover, \CFA does not run on Windows at the time of writting} is based on kernel timers, which are used to run a discrete-event simulation.
-Every processor keeps track of the current time and registers an expiration time with the preemption system.
-When the preemption system receives a change in preemption, it inserts the time in a sorted order and sets a kernel timer for the closest one, effectively stepping through preemption events on each signal sent by the timer.
-These timers use the Linux signal {\tt SIGALRM}, which is delivered to the process rather than the kernel-thread.
-This results in an implementation problem, because when delivering signals to a process, the kernel can deliver the signal to any kernel thread for which the signal is not blocked, \ie:
-\begin{quote}
-A process-directed signal may be delivered to any one of the threads that does not currently have the signal blocked.
-If more than one of the threads has the signal unblocked, then the kernel chooses an arbitrary thread to which to deliver the signal.
-SIGNAL(7) - Linux Programmer's Manual
-\end{quote}
-For the sake of simplicity, and in order to prevent the case of having two threads receiving alarms simultaneously, \CFA programs block the {\tt SIGALRM} signal on every kernel thread except one.
-
-Now because of how involuntary context-switches are handled, the kernel thread handling {\tt SIGALRM} cannot also be a processor thread.
-Hence, involuntary context-switching is done by sending signal {\tt SIGUSR1} to the corresponding proces\-sor and having the thread yield from inside the signal handler.
-This approach effectively context-switches away from the signal handler back to the kernel and the signal handler frame is eventually unwound when the thread is scheduled again.
-As a result, a signal handler can start on one kernel thread and terminate on a second kernel thread (but the same user thread).
-It is important to note that signal handlers save and restore signal masks because user-thread migration can cause a signal mask to migrate from one kernel thread to another.
-This behaviour is only a problem if all kernel threads, among which a user thread can migrate, differ in terms of signal masks\footnote{Sadly, official POSIX documentation is silent on what distinguishes ``async-signal-safe'' routines from other routines}.
-However, since the kernel thread handling preemption requires a different signal mask, executing user threads on the kernel-alarm thread can cause deadlocks.
-For this reason, the alarm thread is in a tight loop around a system call to @sigwaitinfo@, requiring very little CPU time for preemption.
-One final detail about the alarm thread is how to wake it when additional communication is required (\eg on thread termination).
-This unblocking is also done using {\tt SIGALRM}, but sent through the @pthread_sigqueue@.
-Indeed, @sigwait@ can differentiate signals sent from @pthread_sigqueue@ from signals sent from alarms or the kernel.
-
-\subsection{Scheduler}
-Finally, an aspect that was not mentioned yet is the scheduling algorithm.
-Currently, the \CFA scheduler uses a single ready queue for all processors, which is the simplest approach to scheduling.
-Further discussion on scheduling is present in section \ref{futur:sched}.
-
-% ======================================================================
-% ======================================================================
-\section{Internal Scheduling} \label{impl:intsched}
-% ======================================================================
-% ======================================================================
-The following figure is the traditional illustration of a monitor (repeated from page~\pageref{fig:ClassicalMonitor} for convenience):
-
-\begin{figure}
-\begin{center}
-{\resizebox{0.4\textwidth}{!}{\input{monitor}}}
-\end{center}
-\caption{Traditional illustration of a monitor}
-\end{figure}
-
-This picture has several components, the two most important being the entry queue and the AS-stack.
-The entry queue is an (almost) FIFO list where threads waiting to enter are parked, while the acceptor/signaller (AS) stack is a FILO list used for threads that have been signalled or otherwise marked as running next.
-
-For \CFA, this picture does not have support for blocking multiple monitors on a single condition.
-To support bulk acquire two changes to this picture are required.
-First, it is no longer helpful to attach the condition to \emph{a single} monitor.
-Secondly, the thread waiting on the condition has to be separated across multiple monitors, seen in figure \ref{fig:monitor_cfa}.
-
-\begin{figure}
-\begin{center}
-{\resizebox{0.8\textwidth}{!}{\input{int_monitor}}}
-\end{center}
-\caption{Illustration of \CFA Monitor}
-\label{fig:monitor_cfa}
-\end{figure}
-
-This picture and the proper entry and leave algorithms (see listing \ref{f:entry2}) is the fundamental implementation of internal scheduling.
-Note that when a thread is moved from the condition to the AS-stack, it is conceptually split into N pieces, where N is the number of monitors specified in the parameter list.
-The thread is woken up when all the pieces have popped from the AS-stacks and made active.
-In this picture, the threads are split into halves but this is only because there are two monitors.
-For a specific signalling operation every monitor needs a piece of thread on its AS-stack.
-
-\begin{figure}
-\begin{multicols}{2}
-Entry
-\begin{cfa}
-if monitor is free
-        enter
-elif already own the monitor
-        continue
-else
-        block
-increment recursion
-
-\end{cfa}
-\columnbreak
-Exit
-\begin{cfa}
-decrement recursion
-if recursion == 0
-        if signal_stack not empty
-                set_owner to thread
-                if all monitors ready
-                        wake-up thread
-
-        if entry queue not empty
-                wake-up thread
-\end{cfa}
-\end{multicols}
-\begin{cfa}[caption={Entry and exit routine for monitors with internal scheduling},label={f:entry2}]
-\end{cfa}
-\end{figure}
-
-The solution discussed in \ref{s:InternalScheduling} can be seen in the exit routine of listing \ref{f:entry2}.
-Basically, the solution boils down to having a separate data structure for the condition queue and the AS-stack, and unconditionally transferring ownership of the monitors but only unblocking the thread when the last monitor has transferred ownership.
-This solution is deadlock safe as well as preventing any potential barging.
-The data structures used for the AS-stack are reused extensively for external scheduling, but in the case of internal scheduling, the data is allocated using variable-length arrays on the call stack of the @wait@ and @signal_block@ routines.
-
-\begin{figure}
-\begin{center}
-{\resizebox{0.8\textwidth}{!}{\input{monitor_structs.pstex_t}}}
-\end{center}
-\caption{Data structures involved in internal/external scheduling}
-\label{fig:structs}
-\end{figure}
-
-Figure \ref{fig:structs} shows a high-level representation of these data structures.
-The main idea behind them is that, a thread cannot contain an arbitrary number of intrusive ``next'' pointers for linking onto monitors.
-The @condition node@ is the data structure that is queued onto a condition variable and, when signalled, the condition queue is popped and each @condition criterion@ is moved to the AS-stack.
-Once all the criteria have been popped from their respective AS-stacks, the thread is woken up, which is what is shown in listing \ref{f:entry2}.
-
-% ======================================================================
-% ======================================================================
-\section{External Scheduling}
-% ======================================================================
-% ======================================================================
-Similarly to internal scheduling, external scheduling for multiple monitors relies on the idea that waiting-thread queues are no longer specific to a single monitor, as mentioned in section \ref{extsched}.
-For internal scheduling, these queues are part of condition variables, which are still unique for a given scheduling operation (\ie no signal statement uses multiple conditions).
-However, in the case of external scheduling, there is no equivalent object which is associated with @waitfor@ statements.
-This absence means the queues holding the waiting threads must be stored inside at least one of the monitors that is acquired.
-These monitors being the only objects that have sufficient lifetime and are available on both sides of the @waitfor@ statement.
-This requires an algorithm to choose which monitor holds the relevant queue.
-It is also important that said algorithm be independent of the order in which users list parameters.
-The proposed algorithm is to fall back on monitor lock ordering (sorting by address) and specify that the monitor that is acquired first is the one with the relevant waiting queue.
-This assumes that the lock acquiring order is static for the lifetime of all concerned objects but that is a reasonable constraint.
-
-This algorithm choice has two consequences:
-\begin{itemize}
-        \item The queue of the monitor with the lowest address is no longer a true FIFO queue because threads can be moved to the front of the queue.
-These queues need to contain a set of monitors for each of the waiting threads.
-Therefore, another thread whose set contains the same lowest address monitor but different lower priority monitors may arrive first but enter the critical section after a thread with the correct pairing.
-        \item The queue of the lowest priority monitor is both required and potentially unused.
-Indeed, since it is not known at compile time which monitor is the monitor which has the lowest address, every monitor needs to have the correct queues even though it is possible that some queues go unused for the entire duration of the program, for example if a monitor is only used in a specific pair.
-\end{itemize}
-Therefore, the following modifications need to be made to support external scheduling:
-\begin{itemize}
-        \item The threads waiting on the entry queue need to keep track of which routine they are trying to enter, and using which set of monitors.
-The @mutex@ routine already has all the required information on its stack, so the thread only needs to keep a pointer to that information.
-        \item The monitors need to keep a mask of acceptable routines.
-This mask contains for each acceptable routine, a routine pointer and an array of monitors to go with it.
-It also needs storage to keep track of which routine was accepted.
-Since this information is not specific to any monitor, the monitors actually contain a pointer to an integer on the stack of the waiting thread.
-Note that if a thread has acquired two monitors but executes a @waitfor@ with only one monitor as a parameter, setting the mask of acceptable routines to both monitors will not cause any problems since the extra monitor will not change ownership regardless.
-This becomes relevant when @when@ clauses affect the number of monitors passed to a @waitfor@ statement.
-        \item The entry/exit routines need to be updated as shown in listing \ref{f:entry3}.
-\end{itemize}
-
-\subsection{External Scheduling - Destructors}
-Finally, to support the ordering inversion of destructors, the code generation needs to be modified to use a special entry routine.
-This routine is needed because of the storage requirements of the call order inversion.
-Indeed, when waiting for the destructors, storage is needed for the waiting context and the lifetime of said storage needs to outlive the waiting operation it is needed for.
-For regular @waitfor@ statements, the call stack of the routine itself matches this requirement but it is no longer the case when waiting for the destructor since it is pushed on to the AS-stack for later.
-The @waitfor@ semantics can then be adjusted correspondingly, as seen in listing \ref{f:entry-dtor}
-
-\begin{figure}
-\begin{multicols}{2}
-Entry
-\begin{cfa}
-if monitor is free
-        enter
-elif already own the monitor
-        continue
-elif matches waitfor mask
-        push criteria to AS-stack
-        continue
-else
-        block
-increment recursion
-\end{cfa}
-\columnbreak
-Exit
-\begin{cfa}
-decrement recursion
-if recursion == 0
-        if signal_stack not empty
-                set_owner to thread
-                if all monitors ready
-                        wake-up thread
-                endif
-        endif
-
-        if entry queue not empty
-                wake-up thread
-        endif
-\end{cfa}
-\end{multicols}
-\begin{cfa}[caption={Entry and exit routine for monitors with internal scheduling and external scheduling},label={f:entry3}]
-\end{cfa}
-\end{figure}
-
-\begin{figure}
-\begin{multicols}{2}
-Destructor Entry
-\begin{cfa}
-if monitor is free
-        enter
-elif already own the monitor
-        increment recursion
-        return
-create wait context
-if matches waitfor mask
-        reset mask
-        push self to AS-stack
-        baton pass
-else
-        wait
-increment recursion
-\end{cfa}
-\columnbreak
-Waitfor
-\begin{cfa}
-if matching thread is already there
-        if found destructor
-                push destructor to AS-stack
-                unlock all monitors
-        else
-                push self to AS-stack
-                baton pass
-        endif
-        return
-endif
-if non-blocking
-        Unlock all monitors
-        Return
-endif
-
-push self to AS-stack
-set waitfor mask
-block
-return
-\end{cfa}
-\end{multicols}
-\begin{cfa}[caption={Pseudo code for the \protect\lstinline|waitfor| routine and the \protect\lstinline|mutex| entry routine for destructors},label={f:entry-dtor}]
-\end{cfa}
-\end{figure}
-
-
-% ======================================================================
-% ======================================================================
-\section{Putting It All Together}
-% ======================================================================
-% ======================================================================
-
-
-\section{Threads As Monitors}
-As it was subtly alluded in section \ref{threads}, @thread@s in \CFA are in fact monitors, which means that all monitor features are available when using threads.
-For example, here is a very simple two thread pipeline that could be used for a simulator of a game engine:
-\begin{figure}
-\begin{cfa}[caption={Toy simulator using \protect\lstinline|thread|s and \protect\lstinline|monitor|s.},label={f:engine-v1}]
-// Visualization declaration
-thread Renderer {} renderer;
-Frame * simulate( Simulator & this );
-
-// Simulation declaration
-thread Simulator{} simulator;
-void render( Renderer & this );
-
-// Blocking call used as communication
-void draw( Renderer & mutex this, Frame * frame );
-
-// Simulation loop
-void main( Simulator & this ) {
-        while( true ) {
-                Frame * frame = simulate( this );
-                draw( renderer, frame );
-        }
-}
-
-// Rendering loop
-void main( Renderer & this ) {
-        while( true ) {
-                waitfor( draw, this );
-                render( this );
-        }
-}
-\end{cfa}
-\end{figure}
-One of the obvious complaints of the previous code snippet (other than its toy-like simplicity) is that it does not handle exit conditions and just goes on forever.
-Luckily, the monitor semantics can also be used to clearly enforce a shutdown order in a concise manner:
-\begin{figure}
-\begin{cfa}[caption={Same toy simulator with proper termination condition.},label={f:engine-v2}]
-// Visualization declaration
-thread Renderer {} renderer;
-Frame * simulate( Simulator & this );
-
-// Simulation declaration
-thread Simulator{} simulator;
-void render( Renderer & this );
-
-// Blocking call used as communication
-void draw( Renderer & mutex this, Frame * frame );
-
-// Simulation loop
-void main( Simulator & this ) {
-        while( true ) {
-                Frame * frame = simulate( this );
-                draw( renderer, frame );
-
-                // Exit main loop after the last frame
-                if( frame->is_last ) break;
-        }
-}
-
-// Rendering loop
-void main( Renderer & this ) {
-        while( true ) {
-                   waitfor( draw, this );
-                or waitfor( ^?{}, this ) {
-                        // Add an exit condition
-                        break;
-                }
-
-                render( this );
-        }
-}
-
-// Call destructor for simulator once simulator finishes
-// Call destructor for renderer to signify shutdown
-\end{cfa}
-\end{figure}
-
-\section{Fibers \& Threads}
-As mentioned in section \ref{preemption}, \CFA uses preemptive threads by default but can use fibers on demand.
-Currently, using fibers is done by adding the following line of code to the program~:
-\begin{cfa}
-unsigned int default_preemption() {
-        return 0;
-}
-\end{cfa}
-This routine is called by the kernel to fetch the default preemption rate, where 0 signifies an infinite time-slice, \ie no preemption.
-However, once clusters are fully implemented, it will be possible to create fibers and \textbf{uthread} in the same system, as in listing \ref{f:fiber-uthread}
-\begin{figure}
-\lstset{language=CFA,deletedelim=**[is][]{`}{`}}
-\begin{cfa}[caption={Using fibers and \textbf{uthread} side-by-side in \CFA},label={f:fiber-uthread}]
-// Cluster forward declaration
-struct cluster;
-
-// Processor forward declaration
-struct processor;
-
-// Construct clusters with a preemption rate
-void ?{}(cluster& this, unsigned int rate);
-// Construct processor and add it to cluster
-void ?{}(processor& this, cluster& cluster);
-// Construct thread and schedule it on cluster
-void ?{}(thread& this, cluster& cluster);
-
-// Declare two clusters
-cluster thread_cluster = { 10`ms };                     // Preempt every 10 ms
-cluster fibers_cluster = { 0 };                         // Never preempt
-
-// Construct 4 processors
-processor processors[4] = {
-        //2 for the thread cluster
-        thread_cluster;
-        thread_cluster;
-        //2 for the fibers cluster
-        fibers_cluster;
-        fibers_cluster;
-};
-
-// Declares thread
-thread UThread {};
-void ?{}(UThread& this) {
-        // Construct underlying thread to automatically
-        // be scheduled on the thread cluster
-        (this){ thread_cluster }
-}
-
-void main(UThread & this);
-
-// Declares fibers
-thread Fiber {};
-void ?{}(Fiber& this) {
-        // Construct underlying thread to automatically
-        // be scheduled on the fiber cluster
-        (this.__thread){ fibers_cluster }
-}
-
-void main(Fiber & this);
-\end{cfa}
-\end{figure}
-
-
-% ======================================================================
-% ======================================================================
-\section{Performance Results} \label{results}
-% ======================================================================
-% ======================================================================
-\section{Machine Setup}
-Table \ref{tab:machine} shows the characteristics of the machine used to run the benchmarks.
-All tests were made on this machine.
-\begin{table}
-\begin{center}
-\begin{tabular}{| l | r | l | r |}
-\hline
-Architecture            & x86\_64                       & NUMA node(s)  & 8 \\
-\hline
-CPU op-mode(s)          & 32-bit, 64-bit                & Model name    & AMD Opteron\texttrademark  Processor 6380 \\
-\hline
-Byte Order                      & Little Endian                 & CPU Freq              & 2.5\si{\giga\hertz} \\
-\hline
-CPU(s)                  & 64                            & L1d cache     & \SI{16}{\kibi\byte} \\
-\hline
-Thread(s) per core      & 2                             & L1i cache     & \SI{64}{\kibi\byte} \\
-\hline
-Core(s) per socket      & 8                             & L2 cache              & \SI{2048}{\kibi\byte} \\
-\hline
-Socket(s)                       & 4                             & L3 cache              & \SI{6144}{\kibi\byte} \\
+thread  & stateful                              & \multicolumn{1}{c|}{No} & \multicolumn{1}{c}{Yes} \\
 \hline
 \hline
-Operating system                & Ubuntu 16.04.3 LTS    & Kernel                & Linux 4.4-97-generic \\
+No              & No                                    & \textbf{1}\ \ \ aggregate type                & \textbf{2}\ \ \ @monitor@ aggregate type \\
 \hline
-Compiler                        & GCC 6.3               & Translator    & CFA 1 \\
+No              & Yes (stackless)               & \textbf{3}\ \ \ @generator@                   & \textbf{4}\ \ \ @monitor@ @generator@ \\
 \hline
-Java version            & OpenJDK-9             & Go version    & 1.9.2 \\
+No              & Yes (stackful)                & \textbf{5}\ \ \ @coroutine@                   & \textbf{6}\ \ \ @monitor@ @coroutine@ \\
 \hline
+Yes             & No / Yes (stackless)  & \textbf{7}\ \ \ {\color{red}rejected} & \textbf{8}\ \ \ {\color{red}rejected} \\
+\hline
+Yes             & Yes (stackful)                & \textbf{9}\ \ \ @thread@                              & \textbf{10}\ \ @monitor@ @thread@ \\
 \end{tabular}
-\end{center}
-\caption{Machine setup used for the tests}
-\label{tab:machine}
 \end{table}
 
-\section{Micro Benchmarks}
-All benchmarks are run using the same harness to produce the results, seen as the @BENCH()@ macro in the following examples.
-This macro uses the following logic to benchmark the code:
-\begin{cfa}
-#define BENCH(run, result) \
-        before = gettime(); \
-        run; \
-        after  = gettime(); \
-        result = (after - before) / N;
-\end{cfa}
-The method used to get time is @clock_gettime(CLOCK_THREAD_CPUTIME_ID);@.
-Each benchmark is using many iterations of a simple call to measure the cost of the call.
-The specific number of iterations depends on the specific benchmark.
-
-\subsection{Context-Switching}
-The first interesting benchmark is to measure how long context-switches take.
-The simplest approach to do this is to yield on a thread, which executes a 2-step context switch.
-Yielding causes the thread to context-switch to the scheduler and back, more precisely: from the \textbf{uthread} to the \textbf{kthread} then from the \textbf{kthread} back to the same \textbf{uthread} (or a different one in the general case).
-In order to make the comparison fair, coroutines also execute a 2-step context-switch by resuming another coroutine which does nothing but suspending in a tight loop, which is a resume/suspend cycle instead of a yield.
-Figure~\ref{f:ctx-switch} shows the code for coroutines and threads with the results in table \ref{tab:ctx-switch}.
-All omitted tests are functionally identical to one of these tests.
-The difference between coroutines and threads can be attributed to the cost of scheduling.
+
+\subsection{Low-level Locks}
+
+For completeness and efficiency, \CFA provides a standard set of low-level locks: recursive mutex, condition, semaphore, barrier, \etc, and atomic instructions: @fetchAssign@, @fetchAdd@, @testSet@, @compareSet@, \etc.
+Some of these low-level mechanism are used in the \CFA runtime, but we strongly advocate using high-level mechanisms whenever possible.
+
+
+% \section{Parallelism}
+% \label{s:Parallelism}
+%
+% Historically, computer performance was about processor speeds.
+% However, with heat dissipation being a direct consequence of speed increase, parallelism is the new source for increased performance~\cite{Sutter05, Sutter05b}.
+% Therefore, high-performance applications must care about parallelism, which requires concurrency.
+% The lowest-level approach of parallelism is to use \newterm{kernel threads} in combination with semantics like @fork@, @join@, \etc.
+% However, kernel threads are better as an implementation tool because of complexity and higher cost.
+% Therefore, different abstractions are often layered onto kernel threads to simplify them, \eg pthreads.
+%
+%
+% \subsection{User Threads}
+%
+% A direct improvement on kernel threads is user threads, \eg Erlang~\cite{Erlang} and \uC~\cite{uC++book}.
+% This approach provides an interface that matches the language paradigms, gives more control over concurrency by the language runtime, and an abstract (and portable) interface to the underlying kernel threads across operating systems.
+% In many cases, user threads can be used on a much larger scale (100,000 threads).
+% Like kernel threads, user threads support preemption, which maximizes nondeterminism, but increases the potential for concurrency errors: race, livelock, starvation, and deadlock.
+% \CFA adopts user-threads to provide more flexibility and a low-cost mechanism to build any other concurrency approach, \eg thread pools and actors~\cite{Actors}.
+%
+% A variant of user thread is \newterm{fibres}, which removes preemption, \eg Go~\cite{Go} @goroutine@s.
+% Like functional programming, which removes mutation and its associated problems, removing preemption from concurrency reduces nondeterminism, making race and deadlock errors more difficult to generate.
+% However, preemption is necessary for fairness and to reduce tail-latency.
+% For concurrency that relies on spinning, if all cores spin the system is livelocked, whereas preemption breaks the livelock.
+
+
+\begin{comment}
+\subsection{Thread Pools}
+
+In contrast to direct threading is indirect \newterm{thread pools}, \eg Java @executor@, where small jobs (work units) are inserted into a work pool for execution.
+If the jobs are dependent, \ie interact, there is an implicit/explicit dependency graph that ties them together.
+While removing direct concurrency, and hence the amount of context switching, thread pools significantly limit the interaction that can occur among jobs.
+Indeed, jobs should not block because that also blocks the underlying thread, which effectively means the CPU utilization, and therefore throughput, suffers.
+While it is possible to tune the thread pool with sufficient threads, it becomes difficult to obtain high throughput and good core utilization as job interaction increases.
+As well, concurrency errors return, which threads pools are suppose to mitigate.
+
 \begin{figure}
+\centering
+\begin{tabular}{@{}l|l@{}}
+\begin{cfa}
+struct Adder {
+    int * row, cols;
+};
+int operator()() {
+        subtotal = 0;
+        for ( int c = 0; c < cols; c += 1 )
+                subtotal += row[c];
+        return subtotal;
+}
+void ?{}( Adder * adder, int row[$\,$], int cols, int & subtotal ) {
+        adder.[rows, cols, subtotal] = [rows, cols, subtotal];
+}
+
+
+
+
+\end{cfa}
+&
+\begin{cfa}
+int main() {
+        const int rows = 10, cols = 10;
+        int matrix[rows][cols], subtotals[rows], total = 0;
+        // read matrix
+        Executor executor( 4 ); // kernel threads
+        Adder * adders[rows];
+        for ( r; rows ) { // send off work for executor
+                adders[r] = new( matrix[r], cols, &subtotal[r] );
+                executor.send( *adders[r] );
+        }
+        for ( r; rows ) {       // wait for results
+                delete( adders[r] );
+                total += subtotals[r];
+        }
+        sout | total;
+}
+\end{cfa}
+\end{tabular}
+\caption{Executor}
+\end{figure}
+\end{comment}
+
+
+\section{Runtime Structure}
+\label{s:CFARuntimeStructure}
+
+Figure~\ref{f:RunTimeStructure} illustrates the runtime structure of a \CFA program.
+In addition to the new kinds of objects introduced by \CFA, there are two more runtime entities used to control parallel execution: cluster and (virtual) processor.
+An executing thread is illustrated by its containment in a processor.
+
+\begin{figure}
+\centering
+\input{RunTimeStructure}
+\caption{\CFA Runtime structure}
+\label{f:RunTimeStructure}
+\end{figure}
+
+
+\subsection{Cluster}
+\label{s:RuntimeStructureCluster}
+
+A \newterm{cluster} is a collection of threads and virtual processors (abstract kernel-thread) that execute the (user) threads from its own ready queue (like an OS executing kernel threads).
+The purpose of a cluster is to control the amount of parallelism that is possible among threads, plus scheduling and other execution defaults.
+The default cluster-scheduler is single-queue multi-server, which provides automatic load-balancing of threads on processors.
+However, the design allows changing the scheduler, \eg multi-queue multi-server with work-stealing/sharing across the virtual processors.
+If several clusters exist, both threads and virtual processors, can be explicitly migrated from one cluster to another.
+No automatic load balancing among clusters is performed by \CFA.
+
+When a \CFA program begins execution, it creates a user cluster with a single processor and a special processor to handle preemption that does not execute user threads.
+The user cluster is created to contain the application user-threads.
+Having all threads execute on the one cluster often maximizes utilization of processors, which minimizes runtime.
+However, because of limitations of scheduling requirements (real-time), NUMA architecture, heterogeneous hardware, or issues with the underlying operating system, multiple clusters are sometimes necessary.
+
+
+\subsection{Virtual Processor}
+\label{s:RuntimeStructureProcessor}
+
+A virtual processor is implemented by a kernel thread (\eg UNIX process), which are scheduled for execution on a hardware processor by the underlying operating system.
+Programs may use more virtual processors than hardware processors.
+On a multiprocessor, kernel threads are distributed across the hardware processors resulting in virtual processors executing in parallel.
+(It is possible to use affinity to lock a virtual processor onto a particular hardware processor~\cite{affinityLinux, affinityWindows, affinityFreebsd, affinityNetbsd, affinityMacosx}, which is used when caching issues occur or for heterogeneous hardware processors.)
+The \CFA runtime attempts to block unused processors and unblock processors as the system load increases;
+balancing the workload with processors is difficult because it requires future knowledge, \ie what will the applicaton workload do next.
+Preemption occurs on virtual processors rather than user threads, via operating-system interrupts.
+Thus virtual processors execute user threads, where preemption frequency applies to a virtual processor, so preemption occurs randomly across the executed user threads.
+Turning off preemption transforms user threads into fibres.
+
+
+\begin{comment}
+\section{Implementation}
+\label{s:Implementation}
+
+A primary implementation challenge is avoiding contention from dynamically allocating memory because of bulk acquire, \eg the internal-scheduling design is (almost) free of allocations.
+All blocking operations are made by parking threads onto queues, therefore all queues are designed with intrusive nodes, where each node has preallocated link fields for chaining.
+Furthermore, several bulk-acquire operations need a variable amount of memory.
+This storage is allocated at the base of a thread's stack before blocking, which means programmers must add a small amount of extra space for stacks.
+
+In \CFA, ordering of monitor acquisition relies on memory ordering to prevent deadlock~\cite{Havender68}, because all objects have distinct non-overlapping memory layouts, and mutual-exclusion for a monitor is only defined for its lifetime.
+When a mutex call is made, pointers to the concerned monitors are aggregated into a variable-length array and sorted.
+This array persists for the entire duration of the mutual exclusion and is used extensively for synchronization operations.
+
+To improve performance and simplicity, context switching occurs inside a function call, so only callee-saved registers are copied onto the stack and then the stack register is switched;
+the corresponding registers are then restored for the other context.
+Note, the instruction pointer is untouched since the context switch is always inside the same function.
+Experimental results (not presented) for a stackless or stackful scheduler (1 versus 2 context switches) (see Section~\ref{s:Concurrency}) show the performance is virtually equivalent, because both approaches are dominated by locking to prevent a race condition.
+
+All kernel threads (@pthreads@) created a stack.
+Each \CFA virtual processor is implemented as a coroutine and these coroutines run directly on the kernel-thread stack, effectively stealing this stack.
+The exception to this rule is the program main, \ie the initial kernel thread that is given to any program.
+In order to respect C expectations, the stack of the initial kernel thread is used by program main rather than the main processor, allowing it to grow dynamically as in a normal C program.
+\end{comment}
+
+
+\subsection{Preemption}
+
+Nondeterministic preemption provides fairness from long-running threads, and forces concurrent programmers to write more robust programs, rather than relying on code between cooperative scheduling to be atomic.
+This atomic reliance can fail on multi-core machines, because execution across cores is nondeterministic.
+A different reason for not supporting preemption is that it significantly complicates the runtime system, \eg Microsoft runtime does not support interrupts and on Linux systems, interrupts are complex (see below).
+Preemption is normally handled by setting a countdown timer on each virtual processor.
+When the timer expires, an interrupt is delivered, and the interrupt handler resets the countdown timer, and if the virtual processor is executing in user code, the signal handler performs a user-level context-switch, or if executing in the language runtime kernel, the preemption is ignored or rolled forward to the point where the runtime kernel context switches back to user code.
+Multiple signal handlers may be pending.
+When control eventually switches back to the signal handler, it returns normally, and execution continues in the interrupted user thread, even though the return from the signal handler may be on a different kernel thread than the one where the signal is delivered.
+The only issue with this approach is that signal masks from one kernel thread may be restored on another as part of returning from the signal handler;
+therefore, the same signal mask is required for all virtual processors in a cluster.
+Because preemption frequency is usually long (1 millisecond) performance cost is negligible.
+
+Linux switched a decade ago from specific to arbitrary process signal-delivery for applications with multiple kernel threads.
+\begin{cquote}
+A process-directed signal may be delivered to any one of the threads that does not currently have the signal blocked.
+If more than one of the threads has the signal unblocked, then the kernel chooses an arbitrary thread to which it will deliver the signal.
+SIGNAL(7) - Linux Programmer's Manual
+\end{cquote}
+Hence, the timer-expiry signal, which is generated \emph{externally} by the Linux kernel to an application, is delivered to any of its Linux subprocesses (kernel threads).
+To ensure each virtual processor receives a preemption signal, a discrete-event simulation is run on a special virtual processor, and only it sets and receives timer events.
+Virtual processors register an expiration time with the discrete-event simulator, which is inserted in sorted order.
+The simulation sets the countdown timer to the value at the head of the event list, and when the timer expires, all events less than or equal to the current time are processed.
+Processing a preemption event sends an \emph{internal} @SIGUSR1@ signal to the registered virtual processor, which is always delivered to that processor.
+
+
+\subsection{Debug Kernel}
+
+There are two versions of the \CFA runtime kernel: debug and non-debug.
+The debugging version has many runtime checks and internal assertions, \eg stack (non-writable) guard page, and checks for stack overflow whenever context switches occur among coroutines and threads, which catches most stack overflows.
+After a program is debugged, the non-debugging version can be used to significantly decrease space and increase performance.
+
+
+\section{Performance}
+\label{s:Performance}
+
+To verify the implementation of the \CFA runtime, a series of microbenchmarks are performed comparing \CFA with pthreads, Java OpenJDK-9, Go 1.12.6 and \uC 7.0.0.
+For comparison, the package must be multi-processor (M:N), which excludes libdill/libmil~\cite{libdill} (M:1)), and use a shared-memory programming model, \eg not message passing.
+The benchmark computer is an AMD Opteron\texttrademark\ 6380 NUMA 64-core, 8 socket, 2.5 GHz processor, running Ubuntu 16.04.6 LTS, and \CFA/\uC are compiled with gcc 6.5.
+
+All benchmarks are run using the following harness. (The Java harness is augmented to circumvent JIT issues.)
+\begin{cfa}
+unsigned int N = 10_000_000;
+#define BENCH( `run` ) Time before = getTimeNsec();  `run;`  Duration result = (getTimeNsec() - before) / N;
+\end{cfa}
+The method used to get time is @clock_gettime( CLOCK_REALTIME )@.
+Each benchmark is performed @N@ times, where @N@ varies depending on the benchmark;
+the total time is divided by @N@ to obtain the average time for a benchmark.
+Each benchmark experiment is run 31 times.
+All omitted tests for other languages are functionally identical to the \CFA tests and available online~\cite{CforallBenchMarks}.
+% tar --exclude=.deps --exclude=Makefile --exclude=Makefile.in --exclude=c.c --exclude=cxx.cpp --exclude=fetch_add.c -cvhf benchmark.tar benchmark
+
+\paragraph{Object Creation}
+
+Object creation is measured by creating/deleting the specific kind of concurrent object.
+Figure~\ref{f:creation} shows the code for \CFA, with results in Table~\ref{tab:creation}.
+The only note here is that the call stacks of \CFA coroutines are lazily created, therefore without priming the coroutine to force stack creation, the creation cost is artificially low.
+
 \begin{multicols}{2}
-\CFA Coroutines
-\begin{cfa}
-coroutine GreatSuspender {};
-void main(GreatSuspender& this) {
-        while(true) { suspend(); }
-}
+\lstset{language=CFA,moredelim=**[is][\color{red}]{@}{@},deletedelim=**[is][]{`}{`}}
+\begin{cfa}
+@thread@ MyThread {};
+void @main@( MyThread & ) {}
 int main() {
-        GreatSuspender s;
-        resume(s);
+        BENCH( for ( N ) { @MyThread m;@ } )
+        sout | result`ns;
+}
+\end{cfa}
+\captionof{figure}{\CFA object-creation benchmark}
+\label{f:creation}
+
+\columnbreak
+
+\vspace*{-16pt}
+\captionof{table}{Object creation comparison (nanoseconds)}
+\label{tab:creation}
+
+\begin{tabular}[t]{@{}r*{3}{D{.}{.}{5.2}}@{}}
+\multicolumn{1}{@{}c}{} & \multicolumn{1}{c}{Median} & \multicolumn{1}{c}{Average} & \multicolumn{1}{c@{}}{Std Dev} \\
+\CFA Coroutine Lazy             & 13.2          & 13.1          & 0.44          \\
+\CFA Coroutine Eager    & 531.3         & 536.0         & 26.54         \\
+\CFA Thread                             & 2074.9        & 2066.5        & 170.76        \\
+\uC Coroutine                   & 89.6          & 90.5          & 1.83          \\
+\uC Thread                              & 528.2         & 528.5         & 4.94          \\
+Goroutine                               & 4068.0        & 4113.1        & 414.55        \\
+Java Thread                             & 103848.5      & 104295.4      & 2637.57       \\
+Pthreads                                & 33112.6       & 33127.1       & 165.90
+\end{tabular}
+\end{multicols}
+
+
+\paragraph{Context-Switching}
+
+In procedural programming, the cost of a function call is important as modularization (refactoring) increases.
+(In many cases, a compiler inlines function calls to eliminate this cost.)
+Similarly, when modularization extends to coroutines/tasks, the time for a context switch becomes a relevant factor.
+The coroutine test is from resumer to suspender and from suspender to resumer, which is two context switches.
+The thread test is using yield to enter and return from the runtime kernel, which is two context switches.
+The difference in performance between coroutine and thread context-switch is the cost of scheduling for threads, whereas coroutines are self-scheduling.
+Figure~\ref{f:ctx-switch} only shows the \CFA code for coroutines/threads (other systems are similar) with all results in Table~\ref{tab:ctx-switch}.
+
+\begin{multicols}{2}
+\lstset{language=CFA,moredelim=**[is][\color{red}]{@}{@},deletedelim=**[is][]{`}{`}}
+\begin{cfa}[aboveskip=0pt,belowskip=0pt]
+@coroutine@ C {} c;
+void main( C & ) { for ( ;; ) { @suspend;@ } }
+int main() { // coroutine test
+        BENCH( for ( N ) { @resume( c );@ } )
+        sout | result`ns;
+}
+int main() { // task test
+        BENCH( for ( N ) { @yield();@ } )
+        sout | result`ns;
+}
+\end{cfa}
+\captionof{figure}{\CFA context-switch benchmark}
+\label{f:ctx-switch}
+
+\columnbreak
+
+\vspace*{-16pt}
+\captionof{table}{Context switch comparison (nanoseconds)}
+\label{tab:ctx-switch}
+\begin{tabular}{@{}r*{3}{D{.}{.}{3.2}}@{}}
+\multicolumn{1}{@{}c}{} & \multicolumn{1}{c}{Median} &\multicolumn{1}{c}{Average} & \multicolumn{1}{c@{}}{Std Dev} \\
+C function              & 1.8   & 1.8   & 0.01  \\
+\CFA generator  & 2.4   & 2.2   & 0.25  \\
+\CFA Coroutine  & 36.2  & 36.2  & 0.25  \\
+\CFA Thread             & 93.2  & 93.5  & 2.09  \\
+\uC Coroutine   & 52.0  & 52.1  & 0.51  \\
+\uC Thread              & 96.2  & 96.3  & 0.58  \\
+Goroutine               & 141.0 & 141.3 & 3.39  \\
+Java Thread             & 374.0 & 375.8 & 10.38 \\
+Pthreads Thread & 361.0 & 365.3 & 13.19
+\end{tabular}
+\end{multicols}
+
+
+\paragraph{Mutual-Exclusion}
+
+Uncontented mutual exclusion, which frequently occurs, is measured by entering/leaving a critical section.
+For monitors, entering and leaving a monitor function is measured.
+To put the results in context, the cost of entering a non-inline function and the cost of acquiring and releasing a @pthread_mutex@ lock is also measured.
+Figure~\ref{f:mutex} shows the code for \CFA with all results in Table~\ref{tab:mutex}.
+Note, the incremental cost of bulk acquire for \CFA, which is largely a fixed cost for small numbers of mutex objects.
+
+\begin{multicols}{2}
+\lstset{language=CFA,moredelim=**[is][\color{red}]{@}{@},deletedelim=**[is][]{`}{`}}
+\begin{cfa}
+@monitor@ M {} m1/*, m2, m3, m4*/;
+void __attribute__((noinline))
+do_call( M & @mutex m/*, m2, m3, m4*/@ ) {}
+int main() {
         BENCH(
-                for(size_t i=0; i<n; i++) {
-                        resume(s);
-                },
-                result
+                for( N ) do_call( m1/*, m2, m3, m4*/ );
         )
-        printf("%llu\n", result);
-}
-\end{cfa}
+        sout | result`ns;
+}
+\end{cfa}
+\captionof{figure}{\CFA acquire/release mutex benchmark}
+\label{f:mutex}
+
 \columnbreak
-\CFA Threads
-\begin{cfa}
-
-
-
-
-int main() {
-
-
-        BENCH(
-                for(size_t i=0; i<n; i++) {
-                        yield();
-                },
-                result
-        )
-        printf("%llu\n", result);
-}
-\end{cfa}
+
+\vspace*{-16pt}
+\captionof{table}{Mutex comparison (nanoseconds)}
+\label{tab:mutex}
+\begin{tabular}{@{}r*{3}{D{.}{.}{3.2}}@{}}
+\multicolumn{1}{@{}c}{} & \multicolumn{1}{c}{Median} &\multicolumn{1}{c}{Average} & \multicolumn{1}{c@{}}{Std Dev} \\
+test and test-and-test lock             & 19.1  & 18.9  & 0.40  \\
+\CFA @mutex@ function, 1 arg.   & 45.9  & 46.6  & 1.45  \\
+\CFA @mutex@ function, 2 arg.   & 105.0 & 104.7 & 3.08  \\
+\CFA @mutex@ function, 4 arg.   & 165.0 & 167.6 & 5.65  \\
+\uC @monitor@ member rtn.               & 54.0  & 53.7  & 0.82  \\
+Java synchronized method                & 31.0  & 31.1  & 0.50  \\
+Pthreads Mutex Lock                             & 33.6  & 32.6  & 1.14
+\end{tabular}
 \end{multicols}
-\begin{cfa}[caption={\CFA benchmark code used to measure context-switches for coroutines and threads.},label={f:ctx-switch}]
-\end{cfa}
-\end{figure}
-
-\begin{table}
-\begin{center}
-\begin{tabular}{| l | S[table-format=5.2,table-number-alignment=right] | S[table-format=5.2,table-number-alignment=right] | S[table-format=5.2,table-number-alignment=right] |}
-\cline{2-4}
-\multicolumn{1}{c |}{} & \multicolumn{1}{c |}{ Median } &\multicolumn{1}{c |}{ Average } & \multicolumn{1}{c |}{ Standard Deviation} \\
-\hline
-Kernel Thread   & 241.5 & 243.86        & 5.08 \\
-\CFA Coroutine  & 38            & 38            & 0    \\
-\CFA Thread             & 103           & 102.96        & 2.96 \\
-\uC Coroutine   & 46            & 45.86 & 0.35 \\
-\uC Thread              & 98            & 99.11 & 1.42 \\
-Goroutine               & 150           & 149.96        & 3.16 \\
-Java Thread             & 289           & 290.68        & 8.72 \\
-\hline
-\end{tabular}
-\end{center}
-\caption{Context Switch comparison.
-All numbers are in nanoseconds(\si{\nano\second})}
-\label{tab:ctx-switch}
-\end{table}
-
-\subsection{Mutual-Exclusion}
-The next interesting benchmark is to measure the overhead to enter/leave a critical-section.
-For monitors, the simplest approach is to measure how long it takes to enter and leave a monitor routine.
-Figure~\ref{f:mutex} shows the code for \CFA.
-To put the results in context, the cost of entering a non-inline routine and the cost of acquiring and releasing a @pthread_mutex@ lock is also measured.
-The results can be shown in table \ref{tab:mutex}.
-
-\begin{figure}
-\begin{cfa}[caption={\CFA benchmark code used to measure mutex routines.},label={f:mutex}]
-monitor M {};
-void __attribute__((noinline)) call( M & mutex m /*, m2, m3, m4*/ ) {}
-
-int main() {
-        M m/*, m2, m3, m4*/;
-        BENCH(
-                for(size_t i=0; i<n; i++) {
-                        call(m/*, m2, m3, m4*/);
-                },
-                result
-        )
-        printf("%llu\n", result);
-}
-\end{cfa}
-\end{figure}
-
-\begin{table}
-\begin{center}
-\begin{tabular}{| l | S[table-format=5.2,table-number-alignment=right] | S[table-format=5.2,table-number-alignment=right] | S[table-format=5.2,table-number-alignment=right] |}
-\cline{2-4}
-\multicolumn{1}{c |}{} & \multicolumn{1}{c |}{ Median } &\multicolumn{1}{c |}{ Average } & \multicolumn{1}{c |}{ Standard Deviation} \\
-\hline
-C routine                                               & 2             & 2             & 0    \\
-FetchAdd + FetchSub                             & 26            & 26            & 0    \\
-Pthreads Mutex Lock                             & 31            & 31.86 & 0.99 \\
-\uC @monitor@ member routine            & 30            & 30            & 0    \\
-\CFA @mutex@ routine, 1 argument        & 41            & 41.57 & 0.9  \\
-\CFA @mutex@ routine, 2 argument        & 76            & 76.96 & 1.57 \\
-\CFA @mutex@ routine, 4 argument        & 145           & 146.68        & 3.85 \\
-Java synchronized routine                       & 27            & 28.57 & 2.6  \\
-\hline
-\end{tabular}
-\end{center}
-\caption{Mutex routine comparison.
-All numbers are in nanoseconds(\si{\nano\second})}
-\label{tab:mutex}
-\end{table}
-
-\subsection{Internal Scheduling}
-The internal-scheduling benchmark measures the cost of waiting on and signalling a condition variable.
-Figure~\ref{f:int-sched} shows the code for \CFA, with results table \ref{tab:int-sched}.
-As with all other benchmarks, all omitted tests are functionally identical to one of these tests.
-
-\begin{figure}
-\begin{cfa}[caption={Benchmark code for internal scheduling},label={f:int-sched}]
+
+
+\paragraph{External Scheduling}
+
+External scheduling is measured using a cycle of two threads calling and accepting the call using the @waitfor@ statement.
+Figure~\ref{f:ext-sched} shows the code for \CFA, with results in Table~\ref{tab:ext-sched}.
+Note, the incremental cost of bulk acquire for \CFA, which is largely a fixed cost for small numbers of mutex objects.
+
+\begin{multicols}{2}
+\lstset{language=CFA,moredelim=**[is][\color{red}]{@}{@},deletedelim=**[is][]{`}{`}}
+\vspace*{-16pt}
+\begin{cfa}
 volatile int go = 0;
-condition c;
-monitor M {};
-M m1;
-
-void __attribute__((noinline)) do_call( M & mutex a1 ) { signal(c); }
-
+@monitor@ M {} m;
 thread T {};
-void ^?{}( T & mutex this ) {}
-void main( T & this ) {
-        while(go == 0) { yield(); }
-        while(go == 1) { do_call(m1); }
-}
-int  __attribute__((noinline)) do_wait( M & mutex a1 ) {
-        go = 1;
-        BENCH(
-                for(size_t i=0; i<n; i++) {
-                        wait(c);
-                },
-                result
-        )
-        printf("%llu\n", result);
-        go = 0;
-        return 0;
+void __attribute__((noinline))
+do_call( M & @mutex@ ) {}
+void main( T & ) {
+        while ( go == 0 ) { yield(); }
+        while ( go == 1 ) { do_call( m ); }
+}
+int __attribute__((noinline))
+do_wait( M & @mutex@ m ) {
+        go = 1; // continue other thread
+        BENCH( for ( N ) { @waitfor( do_call, m );@ } )
+        go = 0; // stop other thread
+        sout | result`ns;
 }
 int main() {
         T t;
-        return do_wait(m1);
-}
-\end{cfa}
-\end{figure}
-
-\begin{table}
-\begin{center}
-\begin{tabular}{| l | S[table-format=5.2,table-number-alignment=right] | S[table-format=5.2,table-number-alignment=right] | S[table-format=5.2,table-number-alignment=right] |}
-\cline{2-4}
-\multicolumn{1}{c |}{} & \multicolumn{1}{c |}{ Median } &\multicolumn{1}{c |}{ Average } & \multicolumn{1}{c |}{ Standard Deviation} \\
-\hline
-Pthreads Condition Variable                     & 5902.5        & 6093.29       & 714.78 \\
-\uC @signal@                                    & 322           & 323   & 3.36   \\
-\CFA @signal@, 1 @monitor@      & 352.5 & 353.11        & 3.66   \\
-\CFA @signal@, 2 @monitor@      & 430           & 430.29        & 8.97   \\
-\CFA @signal@, 4 @monitor@      & 594.5 & 606.57        & 18.33  \\
-Java @notify@                           & 13831.5       & 15698.21      & 4782.3 \\
-\hline
+        do_wait( m );
+}
+\end{cfa}
+\captionof{figure}{\CFA external-scheduling benchmark}
+\label{f:ext-sched}
+
+\columnbreak
+
+\vspace*{-16pt}
+\captionof{table}{External-scheduling comparison (nanoseconds)}
+\label{tab:ext-sched}
+\begin{tabular}{@{}r*{3}{D{.}{.}{3.2}}@{}}
+\multicolumn{1}{@{}c}{} & \multicolumn{1}{c}{Median} &\multicolumn{1}{c}{Average} & \multicolumn{1}{c@{}}{Std Dev} \\
+\CFA @waitfor@, 1 @monitor@     & 376.4 & 376.8 & 7.63  \\
+\CFA @waitfor@, 2 @monitor@     & 491.4 & 492.0 & 13.31 \\
+\CFA @waitfor@, 4 @monitor@     & 681.0 & 681.7 & 19.10 \\
+\uC @_Accept@                           & 331.1 & 331.4 & 2.66
 \end{tabular}
-\end{center}
-\caption{Internal scheduling comparison.
-All numbers are in nanoseconds(\si{\nano\second})}
-\label{tab:int-sched}
-\end{table}
-
-\subsection{External Scheduling}
-The Internal scheduling benchmark measures the cost of the @waitfor@ statement (@_Accept@ in \uC).
-Figure~\ref{f:ext-sched} shows the code for \CFA, with results in table \ref{tab:ext-sched}.
-As with all other benchmarks, all omitted tests are functionally identical to one of these tests.
-
-\begin{figure}
-\begin{cfa}[caption={Benchmark code for external scheduling},label={f:ext-sched}]
+\end{multicols}
+
+
+\paragraph{Internal Scheduling}
+
+Internal scheduling is measured using a cycle of two threads signalling and waiting.
+Figure~\ref{f:int-sched} shows the code for \CFA, with results in Table~\ref{tab:int-sched}.
+Note, the incremental cost of bulk acquire for \CFA, which is largely a fixed cost for small numbers of mutex objects.
+Java scheduling is significantly greater because the benchmark explicitly creates multiple thread in order to prevent the JIT from making the program sequential, \ie removing all locking.
+
+\begin{multicols}{2}
+\lstset{language=CFA,moredelim=**[is][\color{red}]{@}{@},deletedelim=**[is][]{`}{`}}
+\begin{cfa}
 volatile int go = 0;
-monitor M {};
-M m1;
+@monitor@ M { @condition c;@ } m;
+void __attribute__((noinline))
+do_call( M & @mutex@ a1 ) { @signal( c );@ }
 thread T {};
-
-void __attribute__((noinline)) do_call( M & mutex a1 ) {}
-
-void ^?{}( T & mutex this ) {}
 void main( T & this ) {
-        while(go == 0) { yield(); }
-        while(go == 1) { do_call(m1); }
-}
-int  __attribute__((noinline)) do_wait( M & mutex a1 ) {
-        go = 1;
-        BENCH(
-                for(size_t i=0; i<n; i++) {
-                        waitfor(call, a1);
-                },
-                result
-        )
-        printf("%llu\n", result);
-        go = 0;
-        return 0;
+        while ( go == 0 ) { yield(); }
+        while ( go == 1 ) { do_call( m ); }
+}
+int  __attribute__((noinline))
+do_wait( M & mutex m ) with(m) {
+        go = 1; // continue other thread
+        BENCH( for ( N ) { @wait( c );@ } );
+        go = 0; // stop other thread
+        sout | result`ns;
 }
 int main() {
         T t;
-        return do_wait(m1);
-}
-\end{cfa}
-\end{figure}
-
-\begin{table}
-\begin{center}
-\begin{tabular}{| l | S[table-format=5.2,table-number-alignment=right] | S[table-format=5.2,table-number-alignment=right] | S[table-format=5.2,table-number-alignment=right] |}
-\cline{2-4}
-\multicolumn{1}{c |}{} & \multicolumn{1}{c |}{ Median } &\multicolumn{1}{c |}{ Average } & \multicolumn{1}{c |}{ Standard Deviation} \\
-\hline
-\uC @Accept@                                    & 350           & 350.61        & 3.11  \\
-\CFA @waitfor@, 1 @monitor@     & 358.5 & 358.36        & 3.82  \\
-\CFA @waitfor@, 2 @monitor@     & 422           & 426.79        & 7.95  \\
-\CFA @waitfor@, 4 @monitor@     & 579.5 & 585.46        & 11.25 \\
-\hline
+        do_wait( m );
+}
+\end{cfa}
+\captionof{figure}{\CFA Internal-scheduling benchmark}
+\label{f:int-sched}
+
+\columnbreak
+
+\vspace*{-16pt}
+\captionof{table}{Internal-scheduling comparison (nanoseconds)}
+\label{tab:int-sched}
+\bigskip
+
+\begin{tabular}{@{}r*{3}{D{.}{.}{5.2}}@{}}
+\multicolumn{1}{@{}c}{} & \multicolumn{1}{c}{Median} & \multicolumn{1}{c}{Average} & \multicolumn{1}{c@{}}{Std Dev} \\
+\CFA @signal@, 1 @monitor@      & 372.6         & 374.3         & 14.17         \\
+\CFA @signal@, 2 @monitor@      & 492.7         & 494.1         & 12.99         \\
+\CFA @signal@, 4 @monitor@      & 749.4         & 750.4         & 24.74         \\
+\uC @signal@                            & 320.5         & 321.0         & 3.36          \\
+Java @notify@                           & 10160.5       & 10169.4       & 267.71        \\
+Pthreads Cond. Variable         & 4949.6        & 5065.2        & 363
 \end{tabular}
-\end{center}
-\caption{External scheduling comparison.
-All numbers are in nanoseconds(\si{\nano\second})}
-\label{tab:ext-sched}
-\end{table}
-
-
-\subsection{Object Creation}
-Finally, the last benchmark measures the cost of creation for concurrent objects.
-Figure~\ref{f:creation} shows the code for @pthread@s and \CFA threads, with results shown in table \ref{tab:creation}.
-As with all other benchmarks, all omitted tests are functionally identical to one of these tests.
-The only note here is that the call stacks of \CFA coroutines are lazily created, therefore without priming the coroutine, the creation cost is very low.
-
-\begin{figure}
-\begin{center}
-@pthread@
-\begin{cfa}
-int main() {
-        BENCH(
-                for(size_t i=0; i<n; i++) {
-                        pthread_t thread;
-                        if(pthread_create(&thread,NULL,foo,NULL)<0) {
-                                perror( "failure" );
-                                return 1;
-                        }
-
-                        if(pthread_join(thread, NULL)<0) {
-                                perror( "failure" );
-                                return 1;
-                        }
-                },
-                result
-        )
-        printf("%llu\n", result);
-}
-\end{cfa}
-
-
-
-\CFA Threads
-\begin{cfa}
-int main() {
-        BENCH(
-                for(size_t i=0; i<n; i++) {
-                        MyThread m;
-                },
-                result
-        )
-        printf("%llu\n", result);
-}
-\end{cfa}
-\end{center}
-\caption{Benchmark code for \protect\lstinline|pthread|s and \CFA to measure object creation}
-\label{f:creation}
-\end{figure}
-
-\begin{table}
-\begin{center}
-\begin{tabular}{| l | S[table-format=5.2,table-number-alignment=right] | S[table-format=5.2,table-number-alignment=right] | S[table-format=5.2,table-number-alignment=right] |}
-\cline{2-4}
-\multicolumn{1}{c |}{} & \multicolumn{1}{c |}{ Median } &\multicolumn{1}{c |}{ Average } & \multicolumn{1}{c |}{ Standard Deviation} \\
-\hline
-Pthreads                        & 26996 & 26984.71      & 156.6  \\
-\CFA Coroutine Lazy     & 6             & 5.71  & 0.45   \\
-\CFA Coroutine Eager    & 708           & 706.68        & 4.82   \\
-\CFA Thread                     & 1173.5        & 1176.18       & 15.18  \\
-\uC Coroutine           & 109           & 107.46        & 1.74   \\
-\uC Thread                      & 526           & 530.89        & 9.73   \\
-Goroutine                       & 2520.5        & 2530.93       & 61,56  \\
-Java Thread                     & 91114.5       & 92272.79      & 961.58 \\
-\hline
-\end{tabular}
-\end{center}
-\caption{Creation comparison.
-All numbers are in nanoseconds(\si{\nano\second}).}
-\label{tab:creation}
-\end{table}
-
+\end{multicols}
 
 
 \section{Conclusion}
-This paper has achieved a minimal concurrency \textbf{api} that is simple, efficient and usable as the basis for higher-level features.
-The approach presented is based on a lightweight thread-system for parallelism, which sits on top of clusters of processors.
-This M:N model is judged to be both more efficient and allow more flexibility for users.
-Furthermore, this document introduces monitors as the main concurrency tool for users.
-This paper also offers a novel approach allowing multiple monitors to be accessed simultaneously without running into the Nested Monitor Problem~\cite{Lister77}.
-It also offers a full implementation of the concurrency runtime written entirely in \CFA, effectively the largest \CFA code base to date.
-
-
-% ======================================================================
-% ======================================================================
+
+Advanced control-flow will always be difficult, especially when there is temporal ordering and nondeterminism.
+However, many systems exacerbate the difficulty through their presentation mechanisms.
+This paper shows it is possible to present a hierarchy of control-flow features, generator, coroutine, thread, and monitor, providing an integrated set of high-level, efficient, and maintainable control-flow features.
+Eliminated from \CFA are spurious wakeup and barging, which are nonintuitive and lead to errors, and having to work with a bewildering set of low-level locks and acquisition techniques.
+\CFA high-level race-free monitors and tasks provide the core mechanisms for mutual exclusion and synchronization, without having to resort to magic qualifiers like @volatile@/@atomic@.
+Extending these mechanisms to handle high-level deadlock-free bulk acquire across both mutual exclusion and synchronization is a unique contribution.
+The \CFA runtime provides concurrency based on a preemptive M:N user-level threading-system, executing in clusters, which encapsulate scheduling of work on multiple kernel threads providing parallelism.
+The M:N model is judged to be efficient and provide greater flexibility than a 1:1 threading model.
+These concepts and the \CFA runtime-system are written in the \CFA language, extensively leveraging the \CFA type-system, which demonstrates the expressiveness of the \CFA language.
+Performance comparisons with other concurrent systems/languages show the \CFA approach is competitive across all low-level operations, which translates directly into good performance in well-written concurrent applications.
+C programmers should feel comfortable using these mechanisms for developing complex control-flow in applications, with the ability to obtain maximum available performance by selecting mechanisms at the appropriate level of need.
+
+
 \section{Future Work}
-% ======================================================================
-% ======================================================================
-
-\subsection{Performance} \label{futur:perf}
-This paper presents a first implementation of the \CFA concurrency runtime.
-Therefore, there is still significant work to improve performance.
-Many of the data structures and algorithms may change in the future to more efficient versions.
-For example, the number of monitors in a single bulk acquire is only bound by the stack size, this is probably unnecessarily generous.
-It may be possible that limiting the number helps increase performance.
-However, it is not obvious that the benefit would be significant.
-
-\subsection{Flexible Scheduling} \label{futur:sched}
+
+While control flow in \CFA has a strong start, development is still underway to complete a number of missing features.
+
+\paragraph{Flexible Scheduling}
+\label{futur:sched}
+
 An important part of concurrency is scheduling.
 Different scheduling algorithms can affect performance (both in terms of average and variation).
 However, no single scheduler is optimal for all workloads and therefore there is value in being able to change the scheduler for given programs.
-One solution is to offer various tweaking options to users, allowing the scheduler to be adjusted to the requirements of the workload.
-However, in order to be truly flexible, it would be interesting to allow users to add arbitrary data and arbitrary scheduling algorithms.
-For example, a web server could attach Type-of-Service information to threads and have a ``ToS aware'' scheduling algorithm tailored to this specific web server.
-This path of flexible schedulers will be explored for \CFA.
-
-\subsection{Non-Blocking I/O} \label{futur:nbio}
-While most of the parallelism tools are aimed at data parallelism and control-flow parallelism, many modern workloads are not bound on computation but on IO operations, a common case being web servers and XaaS (anything as a service).
-These types of workloads often require significant engineering around amortizing costs of blocking IO operations.
-At its core, non-blocking I/O is an operating system level feature that allows queuing IO operations (\eg network operations) and registering for notifications instead of waiting for requests to complete.
-In this context, the role of the language makes Non-Blocking IO easily available and with low overhead.
-The current trend is to use asynchronous programming using tools like callbacks and/or futures and promises, which can be seen in frameworks like Node.js~\cite{NodeJs} for JavaScript, Spring MVC~\cite{SpringMVC} for Java and Django~\cite{Django} for Python.
-However, while these are valid solutions, they lead to code that is harder to read and maintain because it is much less linear.
-
-\subsection{Other Concurrency Tools} \label{futur:tools}
-While monitors offer a flexible and powerful concurrent core for \CFA, other concurrency tools are also necessary for a complete multi-paradigm concurrency package.
-Examples of such tools can include simple locks and condition variables, futures and promises~\cite{promises}, executors and actors.
-These additional features are useful when monitors offer a level of abstraction that is inadequate for certain tasks.
-
-\subsection{Implicit Threading} \label{futur:implcit}
-Simpler applications can benefit greatly from having implicit parallelism.
-That is, parallelism that does not rely on the user to write concurrency.
-This type of parallelism can be achieved both at the language level and at the library level.
-The canonical example of implicit parallelism is parallel for loops, which are the simplest example of a divide and conquer algorithms~\cite{uC++book}.
-Table \ref{f:parfor} shows three different code examples that accomplish point-wise sums of large arrays.
-Note that none of these examples explicitly declare any concurrency or parallelism objects.
-
-\begin{table}
-\begin{center}
-\begin{tabular}[t]{|c|c|c|}
-Sequential & Library Parallel & Language Parallel \\
-\begin{cfa}[tabsize=3]
-void big_sum(
-        int* a, int* b,
-        int* o,
-        size_t len)
-{
-        for(
-                int i = 0;
-                i < len;
-                ++i )
-        {
-                o[i]=a[i]+b[i];
-        }
-}
-
-
-
-
-
-int* a[10000];
-int* b[10000];
-int* c[10000];
-//... fill in a & b
-big_sum(a,b,c,10000);
-\end{cfa} &\begin{cfa}[tabsize=3]
-void big_sum(
-        int* a, int* b,
-        int* o,
-        size_t len)
-{
-        range ar(a, a+len);
-        range br(b, b+len);
-        range or(o, o+len);
-        parfor( ai, bi, oi,
-        [](     int* ai,
-                int* bi,
-                int* oi)
-        {
-                oi=ai+bi;
-        });
-}
-
-
-int* a[10000];
-int* b[10000];
-int* c[10000];
-//... fill in a & b
-big_sum(a,b,c,10000);
-\end{cfa}&\begin{cfa}[tabsize=3]
-void big_sum(
-        int* a, int* b,
-        int* o,
-        size_t len)
-{
-        parfor (ai,bi,oi)
-            in (a, b, o )
-        {
-                oi = ai + bi;
-        }
-}
-
-
-
-
-
-
-
-int* a[10000];
-int* b[10000];
-int* c[10000];
-//... fill in a & b
-big_sum(a,b,c,10000);
-\end{cfa}
-\end{tabular}
-\end{center}
-\caption{For loop to sum numbers: Sequential, using library parallelism and language parallelism.}
-\label{f:parfor}
-\end{table}
-
-Implicit parallelism is a restrictive solution and therefore has its limitations.
-However, it is a quick and simple approach to parallelism, which may very well be sufficient for smaller applications and reduces the amount of boilerplate needed to start benefiting from parallelism in modern CPUs.
-
-
-% A C K N O W L E D G E M E N T S
-% -------------------------------
+One solution is to offer various tuning options, allowing the scheduler to be adjusted to the requirements of the workload.
+However, to be truly flexible, a pluggable scheduler is necessary.
+Currently, the \CFA pluggable scheduler is too simple to handle complex scheduling, \eg quality of service and real-time, where the scheduler must interact with mutex objects to deal with issues like priority inversion~\cite{Buhr00b}.
+
+\paragraph{Non-Blocking I/O}
+\label{futur:nbio}
+
+Many modern workloads are not bound by computation but IO operations, a common case being web servers and XaaS~\cite{XaaS} (anything as a service).
+These types of workloads require significant engineering to amortizing costs of blocking IO-operations.
+At its core, non-blocking I/O is an operating-system level feature queuing IO operations, \eg network operations, and registering for notifications instead of waiting for requests to complete.
+Current trends use asynchronous programming like callbacks, futures, and/or promises, \eg Node.js~\cite{NodeJs} for JavaScript, Spring MVC~\cite{SpringMVC} for Java, and Django~\cite{Django} for Python.
+However, these solutions lead to code that is hard to create, read and maintain.
+A better approach is to tie non-blocking I/O into the concurrency system to provide ease of use with low overhead, \eg thread-per-connection web-services.
+A non-blocking I/O library is currently under development for \CFA.
+
+\paragraph{Other Concurrency Tools}
+\label{futur:tools}
+
+While monitors offer flexible and powerful concurrency for \CFA, other concurrency tools are also necessary for a complete multi-paradigm concurrency package.
+Examples of such tools can include futures and promises~\cite{promises}, executors and actors.
+These additional features are useful for applications that can be constructed without shared data and direct blocking.
+As well, new \CFA extensions should make it possible to create a uniform interface for virtually all mutual exclusion, including monitors and low-level locks.
+
+\paragraph{Implicit Threading}
+\label{futur:implcit}
+
+Basic concurrent (embarrassingly parallel) applications can benefit greatly from implicit concurrency, where sequential programs are converted to concurrent, possibly with some help from pragmas to guide the conversion.
+This type of concurrency can be achieved both at the language level and at the library level.
+The canonical example of implicit concurrency is concurrent nested @for@ loops, which are amenable to divide and conquer algorithms~\cite{uC++book}.
+The \CFA language features should make it possible to develop a reasonable number of implicit concurrency mechanism to solve basic HPC data-concurrency problems.
+However, implicit concurrency is a restrictive solution with significant limitations, so it can never replace explicit concurrent programming.
+
+
 \section{Acknowledgements}
 
-Thanks to Aaron Moss, Rob Schluntz and Andrew Beach for their work on the \CFA project as well as all the discussions which helped concretize the ideas in this paper.
-Partial funding was supplied by the Natural Sciences and Engineering Research Council of Canada and a corporate partnership with Huawei Ltd.
-
-
-% B I B L I O G R A P H Y
-% -----------------------------
-%\bibliographystyle{plain}
+The authors would like to recognize the design assistance of Aaron Moss, Rob Schluntz, Andrew Beach and Michael Brooks on the features described in this paper.
+Funding for this project has been provided by Huawei Ltd.\ (\url{http://www.huawei.com}). %, and Peter Buhr is partially funded by the Natural Sciences and Engineering Research Council of Canada.
+
+{%
+\fontsize{9bp}{12bp}\selectfont%
 \bibliography{pl,local}
-
+}%
 
 \end{document}

doc/papers/concurrency/annex/local.bib

@@ -46 +46 @@
     title       = {Thread Building Blocks},
     howpublished= {Intel, \url{https://www.threadingbuildingblocks.org}},
-    note        = {Accessed: 2018-3},
+    optnote     = {Accessed: 2018-3},
 }
 
@@ -66 +66 @@
 }
 
-@article{BankTransfer,
+@misc{BankTransfer,
         key     = {Bank Transfer},
         keywords        = {Bank Transfer},
         title   = {Bank Account Transfer Problem},
-        publisher       = {Wiki Wiki Web},
-        address = {http://wiki.c2.com},
+        howpublished    = {Wiki Wiki Web, \url{http://wiki.c2.com/?BankAccountTransferProblem}},
         year            = 2010
 }

doc/papers/concurrency/figures/ext_monitor.fig

@@ -8 +8 @@
 -2
 1200 2
-5 1 0 1 -1 -1 0 0 -1 0.000 0 1 0 0 3150.000 3450.000 3150 3150 2850 3450 3150 3750
-5 1 0 1 -1 -1 0 0 -1 0.000 0 1 0 0 3150.000 4350.000 3150 4050 2850 4350 3150 4650
-6 5850 1950 6150 2250
-1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 6000 2100 105 105 6000 2100 6105 2205
-4 1 -1 0 0 0 10 0.0000 2 105 90 6000 2160 d\001
+5 1 0 1 -1 -1 0 0 -1 0.000 0 1 0 0 1500.000 3600.000 1500 3300 1200 3600 1500 3900
+5 1 0 1 -1 -1 0 0 -1 0.000 0 1 0 0 1500.000 4500.000 1500 4200 1200 4500 1500 4800
+6 4200 2100 4500 2400
+1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 4350 2250 105 105 4350 2250 4455 2355
+4 1 -1 0 0 0 10 0.0000 2 105 90 4350 2310 d\001
 -6
-6 5100 2100 5400 2400
-1 3 0 1 -1 -1 1 0 4 0.000 1 0.0000 5250 2250 105 105 5250 2250 5355 2250
-4 1 -1 0 0 0 10 0.0000 2 105 120 5250 2295 X\001
+6 4200 1800 4500 2100
+1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 4350 1950 105 105 4350 1950 4455 2055
+4 1 -1 0 0 0 10 0.0000 2 105 90 4350 2010 b\001
 -6
-6 5100 1800 5400 2100
-1 3 0 1 -1 -1 1 0 4 0.000 1 0.0000 5250 1950 105 105 5250 1950 5355 1950
-4 1 -1 0 0 0 10 0.0000 2 105 120 5250 2010 Y\001
+6 1420 5595 5625 5805
+1 3 0 1 -1 -1 0 0 20 0.000 1 0.0000 1500 5700 80 80 1500 5700 1580 5780
+1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 2850 5700 105 105 2850 5700 2955 5805
+1 3 0 1 -1 -1 0 0 4 0.000 1 0.0000 4350 5700 105 105 4350 5700 4455 5805
+4 0 -1 0 0 0 12 0.0000 2 135 1035 3075 5775 blocked task\001
+4 0 -1 0 0 0 12 0.0000 2 135 870 1650 5775 active task\001
+4 0 -1 0 0 0 12 0.0000 2 135 1050 4575 5775 routine mask\001
 -6
-6 5850 1650 6150 1950
-1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 6000 1800 105 105 6000 1800 6105 1905
-4 1 -1 0 0 0 10 0.0000 2 105 90 6000 1860 b\001
+6 3450 1950 3750 2550
+1 3 0 1 -1 -1 1 0 4 0.000 1 0.0000 3600 2100 105 105 3600 2100 3705 2100
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+         3450 1950 3750 1950 3750 2550 3450 2550 3450 1950
+4 1 4 0 0 0 10 0.0000 2 105 120 3600 2160 Y\001
 -6
-6 3070 5445 7275 5655
-1 3 0 1 -1 -1 0 0 20 0.000 1 0.0000 3150 5550 80 80 3150 5550 3230 5630
-1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 4500 5550 105 105 4500 5550 4605 5655
-1 3 0 1 -1 -1 0 0 4 0.000 1 0.0000 6000 5550 105 105 6000 5550 6105 5655
-4 0 -1 0 0 0 12 0.0000 2 135 1035 4725 5625 blocked task\001
-4 0 -1 0 0 0 12 0.0000 2 135 870 3300 5625 active task\001
-4 0 -1 0 0 0 12 0.0000 2 135 1050 6225 5625 routine mask\001
+6 3450 2250 3750 2550
+1 3 0 1 -1 -1 1 0 4 0.000 1 0.0000 3600 2400 105 105 3600 2400 3705 2400
+4 1 4 0 0 0 10 0.0000 2 105 120 3600 2445 X\001
 -6
-1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 3300 3600 105 105 3300 3600 3405 3705
-1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 3600 3600 105 105 3600 3600 3705 3705
-1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 6600 3900 105 105 6600 3900 6705 4005
-1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 6900 3900 105 105 6900 3900 7005 4005
-1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 6000 2700 105 105 6000 2700 6105 2805
-1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 6000 2400 105 105 6000 2400 6105 2505
-1 3 0 1 -1 -1 0 0 20 0.000 1 0.0000 5100 4575 80 80 5100 4575 5180 4655
+1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 1650 3750 105 105 1650 3750 1755 3855
+1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 1950 3750 105 105 1950 3750 2055 3855
+1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 4950 4050 105 105 4950 4050 5055 4155
+1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 5250 4050 105 105 5250 4050 5355 4155
+1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 4350 2850 105 105 4350 2850 4455 2955
+1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 4350 2550 105 105 4350 2550 4455 2655
+1 3 0 1 -1 -1 0 0 20 0.000 1 0.0000 3450 4725 80 80 3450 4725 3530 4805
 2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-         4050 2925 5475 2925 5475 3225 4050 3225 4050 2925
+         2400 3075 3825 3075 3825 3375 2400 3375 2400 3075
 2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 4
-         3150 3750 3750 3750 3750 4050 3150 4050
+         1500 3900 2100 3900 2100 4200 1500 4200
 2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 3
-         3150 3450 3750 3450 3900 3675
+         1500 3600 2100 3600 2250 3825
 2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 2
-         3750 3150 3600 3375
+         2100 3300 1950 3525
 2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 3
-         3150 4350 3750 4350 3900 4575
+         1500 4500 2100 4500 2250 4725
 2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 2
-         3750 4050 3600 4275
+         2100 4200 1950 4425
 2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 4
-         3150 4650 3750 4650 3750 4950 4950 4950
+         1500 4800 2100 4800 2100 5100 3300 5100
 2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 2
-         6450 3750 6300 3975
+         4800 3900 4650 4125
 2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 2
-         4950 4950 5175 5100
+         3300 5100 3525 5250
 2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 9
-         5250 4950 6450 4950 6450 4050 7050 4050 7050 3750 6450 3750
-         6450 2850 6150 2850 6150 1650
+         3600 5100 4800 5100 4800 4200 5400 4200 5400 3900 4800 3900
+         4800 3000 4500 3000 4500 1800
 2 2 1 1 -1 -1 0 0 -1 4.000 0 0 0 0 0 5
-         5850 4200 5850 3300 4350 3300 4350 4200 5850 4200
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 1 2
+         4200 4350 4200 3450 2700 3450 2700 4350 4200 4350
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
         1 1 1.00 60.00 120.00
-        7 1 1.00 60.00 120.00
-         5250 3150 5250 2400
+         3600 3225 3600 2550
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+         4050 3000 4500 3150
 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-         3150 3150 3750 3150 3750 2850 5700 2850 5700 1650
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-         5700 2850 6150 3000
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-         5100 1800 5400 1800 5400 2400 5100 2400 5100 1800
-4 1 -1 0 0 0 10 0.0000 2 75 75 6000 2745 a\001
-4 1 -1 0 0 0 10 0.0000 2 75 75 6000 2445 c\001
-4 1 -1 0 0 0 12 0.0000 2 135 315 5100 5325 exit\001
-4 1 -1 0 0 0 12 0.0000 2 135 135 3300 3075 A\001
-4 1 -1 0 0 0 12 0.0000 2 135 795 3300 4875 condition\001
-4 1 -1 0 0 0 12 0.0000 2 135 135 3300 5100 B\001
-4 0 -1 0 0 0 12 0.0000 2 135 420 6600 3675 stack\001
-4 0 -1 0 0 0 12 0.0000 2 180 750 6600 3225 acceptor/\001
-4 0 -1 0 0 0 12 0.0000 2 180 750 6600 3450 signalled\001
-4 1 -1 0 0 0 12 0.0000 2 135 795 3300 2850 condition\001
-4 1 -1 0 0 0 12 0.0000 2 165 420 6000 1350 entry\001
-4 1 -1 0 0 0 12 0.0000 2 135 495 6000 1575 queue\001
-4 0 -1 0 0 0 12 0.0000 2 135 525 6300 2400 arrival\001
-4 0 -1 0 0 0 12 0.0000 2 135 630 6300 2175 order of\001
-4 1 -1 0 0 0 12 0.0000 2 135 525 5100 3675 shared\001
-4 1 -1 0 0 0 12 0.0000 2 135 735 5100 3975 variables\001
-4 0 0 50 -1 0 11 0.0000 2 165 855 4275 3150 Acceptables\001
-4 0 0 50 -1 0 11 0.0000 2 120 165 5775 2700 W\001
-4 0 0 50 -1 0 11 0.0000 2 120 135 5775 2400 X\001
-4 0 0 50 -1 0 11 0.0000 2 120 105 5775 2100 Z\001
-4 0 0 50 -1 0 11 0.0000 2 120 135 5775 1800 Y\001
+         1500 3300 2100 3300 2100 3000 4050 3000 4050 1800
+4 1 -1 0 0 0 10 0.0000 2 75 75 4350 2895 a\001
+4 1 -1 0 0 0 10 0.0000 2 75 75 4350 2595 c\001
+4 1 -1 0 0 0 12 0.0000 2 135 315 3450 5475 exit\001
+4 1 -1 0 0 0 12 0.0000 2 135 135 1650 3225 A\001
+4 1 -1 0 0 0 12 0.0000 2 135 795 1650 5025 condition\001
+4 1 -1 0 0 0 12 0.0000 2 135 135 1650 5250 B\001
+4 0 -1 0 0 0 12 0.0000 2 135 420 4950 3825 stack\001
+4 0 -1 0 0 0 12 0.0000 2 180 750 4950 3375 acceptor/\001
+4 0 -1 0 0 0 12 0.0000 2 180 750 4950 3600 signalled\001
+4 1 -1 0 0 0 12 0.0000 2 135 795 1650 3000 condition\001
+4 0 -1 0 0 0 12 0.0000 2 135 525 4650 2550 arrival\001
+4 0 -1 0 0 0 12 0.0000 2 135 630 4650 2325 order of\001
+4 1 -1 0 0 0 12 0.0000 2 135 525 3450 3825 shared\001
+4 1 -1 0 0 0 12 0.0000 2 135 735 3450 4125 variables\001
+4 0 4 50 -1 0 11 0.0000 2 120 135 4075 2025 X\001
+4 0 4 50 -1 0 11 0.0000 2 120 135 4075 2325 Y\001
+4 0 4 50 -1 0 11 0.0000 2 120 135 4075 2625 Y\001
+4 0 4 50 -1 0 11 0.0000 2 120 135 4075 2925 X\001
+4 0 -1 0 0 3 12 0.0000 2 150 540 4950 4425 urgent\001
+4 1 0 50 -1 0 11 0.0000 2 165 600 3075 3300 accepted\001
+4 1 -1 0 0 0 12 0.0000 2 165 960 4275 1725 entry queue\001

doc/papers/concurrency/figures/monitor.fig

@@ -8 +8 @@
 -2
 1200 2
-5 1 0 1 -1 -1 0 0 -1 0.000 0 1 0 0 1500.000 2700.000 1500 2400 1200 2700 1500 3000
-5 1 0 1 -1 -1 0 0 -1 0.000 0 1 0 0 1500.000 3600.000 1500 3300 1200 3600 1500 3900
-6 4200 1200 4500 1500
-1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 4350 1350 105 105 4350 1350 4455 1455
-4 1 -1 0 0 0 10 0.0000 2 105 90 4350 1410 d\001
+5 1 0 1 -1 -1 0 0 -1 0.000 0 1 0 0 1500.000 3300.000 1500 3000 1200 3300 1500 3600
+5 1 0 1 -1 -1 0 0 -1 0.000 0 1 0 0 1500.000 4200.000 1500 3900 1200 4200 1500 4500
+6 1350 5250 5325 5550
+1 3 0 1 -1 -1 0 0 20 0.000 1 0.0000 1500 5400 80 80 1500 5400 1580 5480
+1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 2850 5400 105 105 2850 5400 2955 5505
+1 3 0 1 -1 -1 0 0 4 0.000 1 0.0000 4350 5400 105 105 4350 5400 4455 5505
+4 0 -1 0 0 0 12 0.0000 2 180 765 4575 5475 duplicate\001
+4 0 -1 0 0 0 12 0.0000 2 135 1035 3075 5475 blocked task\001
+4 0 -1 0 0 0 12 0.0000 2 135 870 1650 5475 active task\001
 -6
-6 4200 900 4500 1200
-1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 4350 1050 105 105 4350 1050 4455 1155
-4 1 -1 0 0 0 10 0.0000 2 105 90 4350 1110 b\001
+6 4200 1800 4500 2100
+1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 4350 1950 105 105 4350 1950 4455 2055
+4 1 -1 0 0 0 10 0.0000 2 105 90 4350 2010 d\001
 -6
-6 2400 1500 2700 1800
-1 3 0 1 -1 -1 1 0 4 0.000 1 0.0000 2550 1650 105 105 2550 1650 2655 1650
-4 1 -1 0 0 0 10 0.0000 2 105 90 2550 1710 b\001
+6 4200 1500 4500 1800
+1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 4350 1650 105 105 4350 1650 4455 1755
+4 1 -1 0 0 0 10 0.0000 2 105 90 4350 1710 b\001
 -6
-6 2400 1800 2700 2100
-1 3 0 1 -1 -1 1 0 4 0.000 1 0.0000 2550 1950 105 105 2550 1950 2655 1950
-4 1 -1 0 0 0 10 0.0000 2 75 75 2550 1995 a\001
--6
-6 3300 1500 3600 1800
-1 3 0 1 -1 -1 1 0 4 0.000 1 0.0000 3450 1650 105 105 3450 1650 3555 1650
-4 1 -1 0 0 0 10 0.0000 2 105 90 3450 1710 d\001
--6
-6 1350 4650 5325 4950
-1 3 0 1 -1 -1 0 0 20 0.000 1 0.0000 1500 4800 80 80 1500 4800 1580 4880
-1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 2850 4800 105 105 2850 4800 2955 4905
-1 3 0 1 -1 -1 0 0 4 0.000 1 0.0000 4350 4800 105 105 4350 4800 4455 4905
-4 0 -1 0 0 0 12 0.0000 2 180 765 4575 4875 duplicate\001
-4 0 -1 0 0 0 12 0.0000 2 135 1035 3075 4875 blocked task\001
-4 0 -1 0 0 0 12 0.0000 2 135 870 1650 4875 active task\001
--6
-1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 1650 2850 105 105 1650 2850 1755 2955
-1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 1950 2850 105 105 1950 2850 2055 2955
-1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 4950 3150 105 105 4950 3150 5055 3255
-1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 5250 3150 105 105 5250 3150 5355 3255
-1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 4350 1950 105 105 4350 1950 4455 2055
-1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 4350 1650 105 105 4350 1650 4455 1755
-1 3 0 1 -1 -1 0 0 20 0.000 1 0.0000 3450 3825 80 80 3450 3825 3530 3905
-1 3 0 1 -1 -1 1 0 4 0.000 1 0.0000 3450 1950 105 105 3450 1950 3555 1950
+1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 1650 3450 105 105 1650 3450 1755 3555
+1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 1950 3450 105 105 1950 3450 2055 3555
+1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 4950 3750 105 105 4950 3750 5055 3855
+1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 5250 3750 105 105 5250 3750 5355 3855
+1 3 0 1 -1 -1 0 0 20 0.000 1 0.0000 3450 4425 80 80 3450 4425 3530 4505
+1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 4350 2550 105 105 4350 2550 4455 2655
+1 3 0 1 -1 -1 0 0 -1 0.000 1 0.0000 4350 2250 105 105 4350 2250 4455 2355
+2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 5
+         1500 3000 2100 3000 2100 2700 2400 2700 2400 2100
+2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 4
+         1500 3600 2100 3600 2100 3900 1500 3900
+2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 3
+         1500 3300 2100 3300 2250 3525
 2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 2
-         2400 2100 2625 2250
+         2100 3000 1950 3225
+2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 3
+         1500 4200 2100 4200 2250 4425
 2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 2
-         3300 2100 3525 2250
+         2100 3900 1950 4125
+2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 4
+         1500 4500 2100 4500 2100 4800 3300 4800
 2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 2
-         4200 2100 4425 2250
-2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 5
-         1500 2400 2100 2400 2100 2100 2400 2100 2400 1500
+         4800 3600 4650 3825
+2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 2
+         3300 4800 3525 4950
+2 2 1 1 -1 -1 0 0 -1 4.000 0 0 0 0 0 5
+         4200 4050 4200 3150 2700 3150 2700 4050 4200 4050
 2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 4
-         1500 3000 2100 3000 2100 3300 1500 3300
-2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 3
-         1500 2700 2100 2700 2250 2925
-2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 2
-         2100 2400 1950 2625
-2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 3
-         1500 3600 2100 3600 2250 3825
-2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 2
-         2100 3300 1950 3525
-2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 4
-         1500 3900 2100 3900 2100 4200 3300 4200
-2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 2
-         4800 3000 4650 3225
-2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 2
-         3300 4200 3525 4350
-2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 4
-         3600 1500 3600 2100 4200 2100 4200 900
-2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 4
-         2700 1500 2700 2100 3300 2100 3300 1500
+         3600 2100 3600 2700 4050 2700 4050 1500
 2 1 0 1 -1 -1 0 0 -1 0.000 0 0 -1 0 0 9
-         3600 4200 4800 4200 4800 3300 5400 3300 5400 3000 4800 3000
-         4800 2100 4500 2100 4500 900
-2 2 1 1 -1 -1 0 0 -1 4.000 0 0 0 0 0 5
-         4200 3450 4200 2550 2700 2550 2700 3450 4200 3450
-4 1 -1 0 0 0 10 0.0000 2 75 75 4350 1995 a\001
-4 1 -1 0 0 0 10 0.0000 2 75 75 4350 1695 c\001
-4 1 -1 0 0 0 12 0.0000 2 135 315 3450 4575 exit\001
-4 1 -1 0 0 0 12 0.0000 2 135 135 1650 2325 A\001
-4 1 -1 0 0 0 12 0.0000 2 135 795 1650 4125 condition\001
-4 1 -1 0 0 0 12 0.0000 2 135 135 1650 4350 B\001
-4 0 -1 0 0 0 12 0.0000 2 135 420 4950 2925 stack\001
-4 0 -1 0 0 0 12 0.0000 2 180 750 4950 2475 acceptor/\001
-4 0 -1 0 0 0 12 0.0000 2 180 750 4950 2700 signalled\001
-4 1 -1 0 0 0 12 0.0000 2 135 795 1650 2100 condition\001
-4 1 -1 0 0 0 12 0.0000 2 135 135 2550 1425 X\001
-4 1 -1 0 0 0 12 0.0000 2 135 135 3450 1425 Y\001
-4 1 -1 0 0 0 12 0.0000 2 165 420 4350 600 entry\001
-4 1 -1 0 0 0 12 0.0000 2 135 495 4350 825 queue\001
-4 0 -1 0 0 0 12 0.0000 2 135 525 4650 1650 arrival\001
-4 0 -1 0 0 0 12 0.0000 2 135 630 4650 1425 order of\001
-4 1 -1 0 0 0 12 0.0000 2 135 525 3450 2925 shared\001
-4 1 -1 0 0 0 12 0.0000 2 135 735 3450 3225 variables\001
-4 1 -1 0 0 0 12 0.0000 2 120 510 3000 975 mutex\001
-4 1 -1 0 0 0 10 0.0000 2 75 75 3450 1995 c\001
-4 1 -1 0 0 0 12 0.0000 2 135 570 3000 1200 queues\001
+         3600 4800 4800 4800 4800 3900 5400 3900 5400 3600 4800 3600
+         4800 2700 4500 2700 4500 1500
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+         4050 2700 4500 2850
+4 1 -1 0 0 0 12 0.0000 2 135 315 3450 5175 exit\001
+4 1 -1 0 0 0 12 0.0000 2 135 795 1650 4725 condition\001
+4 1 -1 0 0 0 12 0.0000 2 135 135 1650 4950 B\001
+4 0 -1 0 0 0 12 0.0000 2 135 420 4950 3525 stack\001
+4 0 -1 0 0 0 12 0.0000 2 180 750 4950 3075 acceptor/\001
+4 0 -1 0 0 0 12 0.0000 2 180 750 4950 3300 signalled\001
+4 1 -1 0 0 0 12 0.0000 2 135 525 3450 3525 shared\001
+4 1 -1 0 0 0 12 0.0000 2 135 735 3450 3825 variables\001
+4 0 -1 0 0 3 12 0.0000 2 150 540 4950 4125 urgent\001
+4 1 -1 0 0 0 10 0.0000 2 75 75 4350 2595 a\001
+4 1 -1 0 0 0 10 0.0000 2 75 75 4350 2295 c\001
+4 0 -1 0 0 0 12 0.0000 2 135 525 4650 2250 arrival\001
+4 0 -1 0 0 0 12 0.0000 2 135 630 4650 2025 order of\001
+4 0 4 50 -1 0 11 0.0000 2 120 135 4075 1725 X\001
+4 0 4 50 -1 0 11 0.0000 2 120 135 4075 2025 Y\001
+4 0 4 50 -1 0 11 0.0000 2 120 135 4075 2325 Y\001
+4 0 4 50 -1 0 11 0.0000 2 120 135 4075 2625 X\001
+4 1 -1 0 0 0 12 0.0000 2 165 960 4275 1425 entry queue\001

doc/papers/general/.gitignore

@@ -4 +4 @@
 *.ps
 
-Paper.tex.plain
 mail
 Paper.out.ps

doc/papers/general/Makefile

@@ -4 +4 @@
 Figures = figures
 Macros = ../AMA/AMA-stix/ama
-TeXLIB = .:${Macros}:${Build}:../../bibliography:
+TeXLIB = .:${Macros}:${Build}:
 LaTeX  = TEXINPUTS=${TeXLIB} && export TEXINPUTS && latex -halt-on-error -output-directory=${Build}
-BibTeX = BIBINPUTS=${TeXLIB} && export BIBINPUTS && bibtex
+BibTeX = BIBINPUTS=../../bibliography: && export BIBINPUTS && bibtex
 
 MAKEFLAGS = --no-print-directory # --silent
@@ -46 +46 @@
 
 Paper.zip :
-        zip -x general/.gitignore -x general/"*AMA*" -x general/Paper.out.ps -x general/Paper.tex.plain -x general/evaluation.zip -x general/mail -x general/response -x general/test.c -x general/evaluation.zip -x general/Paper.tex.plain -x general/Paper.ps -x general/Paper.pdf -x general/"*build*" -x general/evaluation/.gitignore -x general/evaluation/timing.xlsx -r Paper.zip general
+        zip -x general/.gitignore -x general/Paper.out.ps -x general/Paper.tex.plain -x -x general/WileyNJD-AMA.bst general/"*evaluation*" -x general/evaluation.zip \
+                -x general/mail -x general/response -x general/test.c -x general/Paper.ps -x general/"*build*" -r Paper.zip general pl.bib
 
 evaluation.zip :
-        zip -x evaluation/.gitignore  -x evaluation/timing.xlsx -x evaluation/timing.dat -r evaluation.zip evaluation
+        zip -x evaluation/.gitignore -x evaluation/timing.xlsx -x evaluation/timing.dat -r evaluation.zip evaluation
 
 # File Dependencies #
@@ -59 +60 @@
         dvips ${Build}/$< -o $@
 
-${BASE}.dvi : Makefile ${Build} ${BASE}.out.ps WileyNJD-AMA.bst ${GRAPHS} ${PROGRAMS} ${PICTURES} ${FIGURES} ${SOURCES} \
-                ../../bibliography/pl.bib
+${BASE}.dvi : Makefile ${BASE}.out.ps ${Macros}/WileyNJD-v2.cls WileyNJD-AMA.bst ${GRAPHS} ${PROGRAMS} ${PICTURES} ${FIGURES} ${SOURCES} \
+                ../../bibliography/pl.bib | ${Build}
         # Must have *.aux file containing citations for bibtex
         if [ ! -r ${basename $@}.aux ] ; then ${LaTeX} ${basename $@}.tex ; fi
@@ -75 +76 @@
         mkdir -p ${Build}
 
-${BASE}.out.ps : ${Build}
+${BASE}.out.ps : | ${Build}
         ln -fs ${Build}/Paper.out.ps .
 
@@ -84 +85 @@
         gnuplot -e Build="'${Build}/'" evaluation/timing.gp
 
-%.tex : %.fig ${Build}
+%.tex : %.fig | ${Build}
         fig2dev -L eepic $< > ${Build}/$@
 
-%.ps : %.fig ${Build}
+%.ps : %.fig | ${Build}
         fig2dev -L ps $< > ${Build}/$@
 
-%.pstex : %.fig ${Build}
+%.pstex : %.fig | ${Build}
         fig2dev -L pstex $< > ${Build}/$@
         fig2dev -L pstex_t -p ${Build}/$@ $< > ${Build}/$@_t

doc/papers/general/Paper.tex

@@ -1 +1 @@
 \documentclass[AMA,STIX1COL]{WileyNJD-v2}
+\setlength\typewidth{170mm}
+\setlength\textwidth{170mm}
 
 \articletype{RESEARCH ARTICLE}%
 
-\received{26 April 2016}
-\revised{6 June 2016}
-\accepted{6 June 2016}
-
+\received{12 March 2018}
+\revised{8 May 2018}
+\accepted{28 June 2018}
+
+\setlength\typewidth{168mm}
+\setlength\textwidth{168mm}
 \raggedbottom
 
@@ -187 +191 @@
 }
 
-\title{\texorpdfstring{\protect\CFA : Adding Modern Programming Language Features to C}{Cforall : Adding Modern Programming Language Features to C}}
+\title{\texorpdfstring{\protect\CFA : Adding modern programming language features to C}{Cforall : Adding modern programming language features to C}}
 
 \author[1]{Aaron Moss}
 \author[1]{Robert Schluntz}
-\author[1]{Peter A. Buhr*}
+\author[1]{Peter A. Buhr}
 \authormark{MOSS \textsc{et al}}
 
-\address[1]{\orgdiv{Cheriton School of Computer Science}, \orgname{University of Waterloo}, \orgaddress{\state{Waterloo, ON}, \country{Canada}}}
-
-\corres{*Peter A. Buhr, Cheriton School of Computer Science, University of Waterloo, 200 University Avenue West, Waterloo, ON, N2L 3G1, Canada. \email{pabuhr{\char`\@}uwaterloo.ca}}
+\address[1]{\orgdiv{Cheriton School of Computer Science}, \orgname{University of Waterloo}, \orgaddress{\state{Waterloo, Ontario}, \country{Canada}}}
+
+\corres{Peter A. Buhr, Cheriton School of Computer Science, University of Waterloo, 200 University Avenue West, Waterloo, ON N2L 3G1, Canada. \email{pabuhr{\char`\@}uwaterloo.ca}}
 
 \fundingInfo{Natural Sciences and Engineering Research Council of Canada}
 
 \abstract[Summary]{
-The C programming language is a foundational technology for modern computing with millions of lines of code implementing everything from hobby projects to commercial operating-systems.
-This installation base and the programmers producing it represent a massive software-engineering investment spanning decades and likely to continue for decades more.
-Nevertheless, C, first standardized almost forty years ago, lacks many features that make programming in more modern languages safer and more productive.
-
-The goal of the \CFA project (pronounced ``C-for-all'') is to create an extension of C that provides modern safety and productivity features while still ensuring strong backwards compatibility with C and its programmers.
-Prior projects have attempted similar goals but failed to honour C programming-style;
-for instance, adding object-oriented or functional programming with garbage collection is a non-starter for many C developers.
-Specifically, \CFA is designed to have an orthogonal feature-set based closely on the C programming paradigm, so that \CFA features can be added \emph{incrementally} to existing C code-bases, and C programmers can learn \CFA extensions on an as-needed basis, preserving investment in existing code and programmers.
-This paper presents a quick tour of \CFA features showing how their design avoids shortcomings of similar features in C and other C-like languages.
-Finally, experimental results are presented to validate several of the new features.
+The C programming language is a foundational technology for modern computing with millions of lines of code implementing everything from hobby projects to commercial operating systems.
+This installation base and the programmers producing it represent a massive software engineering investment spanning decades and likely to continue for decades more.
+Nevertheless, C, which was first standardized almost 30 years ago, lacks many features that make programming in more modern languages safer and more productive.
+The goal of the \CFA project (pronounced ``C for all'') is to create an extension of C that provides modern safety and productivity features while still ensuring strong backward compatibility with C and its programmers.
+Prior projects have attempted similar goals but failed to honor the C programming style;
+for instance, adding object-oriented or functional programming with garbage collection is a nonstarter for many C developers.
+Specifically, \CFA is designed to have an orthogonal feature set based closely on the C programming paradigm, so that \CFA features can be added \emph{incrementally} to existing C code bases, and C programmers can learn \CFA extensions on an as-needed basis, preserving investment in existing code and programmers.
+This paper presents a quick tour of \CFA features, showing how their design avoids shortcomings of similar features in C and other C-like languages.
+Experimental results are presented to validate several of the new features.
 }%
 
-\keywords{generic types, tuple types, variadic types, polymorphic functions, C, Cforall}
+\keywords{C, Cforall, generic types, polymorphic functions, tuple types, variadic types}
 
 
 \begin{document}
-\linenumbers                                            % comment out to turn off line numbering
+%\linenumbers                                            % comment out to turn off line numbering
 
 \maketitle
 
 
+\vspace*{-10pt}
 \section{Introduction}
 
-The C programming language is a foundational technology for modern computing with millions of lines of code implementing everything from hobby projects to commercial operating-systems.
-This installation base and the programmers producing it represent a massive software-engineering investment spanning decades and likely to continue for decades more.
-The TIOBE~\cite{TIOBE} ranks the top 5 most \emph{popular} programming languages as: Java 15\%, \Textbf{C 12\%}, \Textbf{\CC 5.5\%}, Python 5\%, \Csharp 4.5\% = 42\%, where the next 50 languages are less than 4\% each with a long tail.
-The top 3 rankings over the past 30 years are:
+The C programming language is a foundational technology for modern computing with millions of lines of code implementing everything from hobby projects to commercial operating systems.
+This installation base and the programmers producing it represent a massive software engineering investment spanning decades and likely to continue for decades more.
+The TIOBE index~\cite{TIOBE} ranks the top five most \emph{popular} programming languages as Java 15\%, \Textbf{C 12\%}, \Textbf{\CC 5.5\%}, and Python 5\%, \Csharp 4.5\% = 42\%, where the next 50 languages are less than 4\% each with a long tail.
+The top three rankings over the past 30 years are as follows.
 \begin{center}
 \setlength{\tabcolsep}{10pt}
-\lstDeleteShortInline@%
-\begin{tabular}{@{}rccccccc@{}}
-                & 2018  & 2013  & 2008  & 2003  & 1998  & 1993  & 1988  \\ \hline
-Java    & 1             & 2             & 1             & 1             & 18    & -             & -             \\
+\fontsize{9bp}{11bp}\selectfont
+\lstDeleteShortInline@%
+\begin{tabular}{@{}cccccccc@{}}
+                & 2018  & 2013  & 2008  & 2003  & 1998  & 1993  & 1988  \\
+Java    & 1             & 2             & 1             & 1             & 18    & --    & --    \\
 \Textbf{C}& \Textbf{2} & \Textbf{1} & \Textbf{2} & \Textbf{2} & \Textbf{1} & \Textbf{1} & \Textbf{1} \\
 \CC             & 3             & 4             & 3             & 3             & 2             & 2             & 5             \\
@@ -241 +246 @@
 Love it or hate it, C is extremely popular, highly used, and one of the few systems languages.
 In many cases, \CC is often used solely as a better C.
-Nevertheless, C, first standardized almost forty years ago~\cite{ANSI89:C}, lacks many features that make programming in more modern languages safer and more productive.
-
-\CFA (pronounced ``C-for-all'', and written \CFA or Cforall) is an evolutionary extension of the C programming language that adds modern language-features to C, while maintaining source and runtime compatibility in the familiar C programming model.
-The four key design goals for \CFA~\cite{Bilson03} are:
-(1) The behaviour of standard C code must remain the same when translated by a \CFA compiler as when translated by a C compiler;
-(2) Standard C code must be as fast and as small when translated by a \CFA compiler as when translated by a C compiler;
-(3) \CFA code must be at least as portable as standard C code;
-(4) Extensions introduced by \CFA must be translated in the most efficient way possible.
-These goals ensure existing C code-bases can be converted to \CFA incrementally with minimal effort, and C programmers can productively generate \CFA code without training beyond the features being used.
-\CC is used similarly, but has the disadvantages of multiple legacy design-choices that cannot be updated and active divergence of the language model from C, requiring significant effort and training to incrementally add \CC to a C-based project.
-
-All languages features discussed in this paper are working, except some advanced exception-handling features.
-Not discussed in this paper are the integrated concurrency-constructs and user-level threading-library~\cite{Delisle18}.
+Nevertheless, C, which was first standardized almost 30 years ago~\cite{ANSI89:C}, lacks many features that make programming in more modern languages safer and more productive.
+
+\CFA (pronounced ``C for all'' and written \CFA or Cforall) is an evolutionary extension of the C programming language that adds modern language features to C, while maintaining source and runtime compatibility in the familiar C programming model.
+The four key design goals for \CFA~\cite{Bilson03} are as follows:
+(1) the behavior of standard C code must remain the same when translated by a \CFA compiler as when translated by a C compiler;
+(2) the standard C code must be as fast and as small when translated by a \CFA compiler as when translated by a C compiler;
+(3) the \CFA code must be at least as portable as standard C code;
+(4) extensions introduced by \CFA must be translated in the most efficient way possible.
+These goals ensure that the existing C code bases can be converted into \CFA incrementally with minimal effort, and C programmers can productively generate \CFA code without training beyond the features being used.
+\CC is used similarly but has the disadvantages of multiple legacy design choices that cannot be updated and active divergence of the language model from C, requiring significant effort and training to incrementally add \CC to a C-based project.
+
+All language features discussed in this paper are working, except some advanced exception-handling features.
+Not discussed in this paper are the integrated concurrency constructs and user-level threading library~\cite{Delisle18}.
 \CFA is an \emph{open-source} project implemented as a source-to-source translator from \CFA to the gcc-dialect of C~\cite{GCCExtensions}, allowing it to leverage the portability and code optimizations provided by gcc, meeting goals (1)--(3).
-Ultimately, a compiler is necessary for advanced features and optimal performance.
 % @plg2[9]% cd cfa-cc/src; cloc ArgTweak CodeGen CodeTools Common Concurrency ControlStruct Designators GenPoly InitTweak MakeLibCfa.cc MakeLibCfa.h Parser ResolvExpr SymTab SynTree Tuples driver prelude main.cc 
 % -------------------------------------------------------------------------------
@@ -270 +274 @@
 % SUM:                           223           8203           8263          46479
 % -------------------------------------------------------------------------------
-The \CFA translator is 200+ files and 46,000+ lines of code written in C/\CC.
-Starting with a translator versus a compiler makes it easier and faster to generate and debug C object-code rather than intermediate, assembler or machine code.
-The translator design is based on the \emph{visitor pattern}, allowing multiple passes over the abstract code-tree, which works well for incrementally adding new feature through additional visitor passes.
-At the heart of the translator is the type resolver, which handles the polymorphic function/type overload-resolution.
+The \CFA translator is 200+ files and 46\,000+ lines of code written in C/\CC.
+A translator versus a compiler makes it easier and faster to generate and debug the C object code rather than the intermediate, assembler, or machine code;
+ultimately, a compiler is necessary for advanced features and optimal performance.
+% The translator design is based on the \emph{visitor pattern}, allowing multiple passes over the abstract code-tree, which works well for incrementally adding new feature through additional visitor passes.
+Two key translator components are expression analysis, determining expression validity and what operations are required for its implementation, and code generation, dealing with multiple forms of overloading, polymorphism, and multiple return values by converting them into the C code for a C compiler that supports none of these features.
+Details of these components are available in chapters 2 and 3 in the work of Bilson~\cite{Bilson03} and form the base for the current \CFA translator.
 % @plg2[8]% cd cfa-cc/src; cloc libcfa
 % -------------------------------------------------------------------------------
@@ -288 +294 @@
 % SUM:                           100           1895           2785          11763
 % -------------------------------------------------------------------------------
-The \CFA runtime system is 100+ files and 11,000+ lines of code, written in \CFA.
+The \CFA runtime system is 100+ files and 11\,000+ lines of code, written in \CFA.
 Currently, the \CFA runtime is the largest \emph{user} of \CFA providing a vehicle to test the language features and implementation.
 % @plg2[6]% cd cfa-cc/src; cloc tests examples benchmark
@@ -305 +311 @@
 % SUM:                           290          13175           3400          27776
 % -------------------------------------------------------------------------------
-The \CFA tests are 290+ files and 27,000+ lines of code.
-The tests illustrate syntactic and semantic features in \CFA, plus a growing number of runtime benchmarks.
-The tests check for correctness and are used for daily regression testing of 3800+ commits.
-
-Finally, it is impossible to describe a programming language without usages before definitions.
-Therefore, syntax and semantics appear before explanations, and related work (Section~\ref{s:RelatedWork}) is deferred until \CFA is presented;
-hence, patience is necessary until details are discussed.
-
-
+% The \CFA tests are 290+ files and 27,000+ lines of code.
+% The tests illustrate syntactic and semantic features in \CFA, plus a growing number of runtime benchmarks.
+% The tests check for correctness and are used for daily regression testing of 3800+ commits.
+
+Finally, it is impossible to describe a programming language without usage before definition.
+Therefore, syntax and semantics appear before explanations;
+hence, patience is necessary until sufficient details are presented and discussed.
+Similarly, a detailed comparison with other programming languages is postponed until Section~\ref{s:RelatedWork}.
+
+
+\vspace*{-6pt}
 \section{Polymorphic Functions}
 
-\CFA introduces both ad-hoc and parametric polymorphism to C, with a design originally formalized by Ditchfield~\cite{Ditchfield92}, and first implemented by Bilson~\cite{Bilson03}.
-Shortcomings are identified in existing approaches to generic and variadic data types in C-like languages and how these shortcomings are avoided in \CFA.
-Specifically, the solution is both reusable and type-checked, as well as conforming to the design goals of \CFA with ergonomic use of existing C abstractions.
+\CFA introduces both ad hoc and parametric polymorphism to C, with a design originally formalized by Ditchfield~\cite{Ditchfield92} and first implemented by Bilson~\cite{Bilson03}.
+Shortcomings are identified in the existing approaches to generic and variadic data types in C-like languages and how these shortcomings are avoided in \CFA.
+Specifically, the solution is both reusable and type checked, as well as conforming to the design goals of \CFA with ergonomic use of existing C abstractions.
 The new constructs are empirically compared with C and \CC approaches via performance experiments in Section~\ref{sec:eval}.
 
 
-\subsection{Name Overloading}
+\vspace*{-6pt}
+\subsection{Name overloading}
 \label{s:NameOverloading}
 
 \begin{quote}
-There are only two hard things in Computer Science: cache invalidation and \emph{naming things} -- Phil Karlton
+``There are only two hard things in Computer Science: cache invalidation and \emph{naming things}.''---Phil Karlton
 \end{quote}
 \vspace{-9pt}
-C already has a limited form of ad-hoc polymorphism in its basic arithmetic operators, which apply to a variety of different types using identical syntax. 
+C already has a limited form of ad hoc polymorphism in its basic arithmetic operators, which apply to a variety of different types using identical syntax. 
 \CFA extends the built-in operator overloading by allowing users to define overloads for any function, not just operators, and even any variable;
 Section~\ref{sec:libraries} includes a number of examples of how this overloading simplifies \CFA programming relative to C. 
 Code generation for these overloaded functions and variables is implemented by the usual approach of mangling the identifier names to include a representation of their type, while \CFA decides which overload to apply based on the same ``usual arithmetic conversions'' used in C to disambiguate operator overloads.
-As an example:
+
+\newpage
 \begin{cfa}
 int max = 2147483647;                                           $\C[4in]{// (1)}$
@@ -339 +349 @@
 int max( int a, int b ) { return a < b ? b : a; }  $\C{// (3)}$
 double max( double a, double b ) { return a < b ? b : a; }  $\C{// (4)}\CRT$
-max( 7, -max );                                         $\C{// uses (3) and (1), by matching int from constant 7}$
+max( 7, -max );                                         $\C[3in]{// uses (3) and (1), by matching int from constant 7}$
 max( max, 3.14 );                                       $\C{// uses (4) and (2), by matching double from constant 3.14}$
 max( max, -max );                                       $\C{// ERROR, ambiguous}$
-int m = max( max, -max );                       $\C{// uses (3) and (1) twice, by matching return type}$
+int m = max( max, -max );                       $\C{// uses (3) and (1) twice, by matching return type}\CRT$
 \end{cfa}
 
@@ -348 +358 @@
 In some cases, hundreds of names can be reduced to tens, resulting in a significant cognitive reduction.
 In the above, the name @max@ has a consistent meaning, and a programmer only needs to remember the single concept: maximum.
-To prevent significant ambiguities, \CFA uses the return type in selecting overloads, \eg in the assignment to @m@, the compiler use @m@'s type to unambiguously select the most appropriate call to function @max@ (as does Ada).
+To prevent significant ambiguities, \CFA uses the return type in selecting overloads, \eg in the assignment to @m@, the compiler uses @m@'s type to unambiguously select the most appropriate call to function @max@ (as does Ada).
 As is shown later, there are a number of situations where \CFA takes advantage of available type information to disambiguate, where other programming languages generate ambiguities.
 
-\Celeven added @_Generic@ expressions~\cite[\S~6.5.1.1]{C11}, which is used with preprocessor macros to provide ad-hoc polymorphism;
+\Celeven added @_Generic@ expressions (see section~6.5.1.1 of the ISO/IEC 9899~\cite{C11}), which is used with preprocessor macros to provide ad hoc polymorphism;
 however, this polymorphism is both functionally and ergonomically inferior to \CFA name overloading. 
-The macro wrapping the generic expression imposes some limitations;
-\eg, it cannot implement the example above, because the variables @max@ are ambiguous with the functions @max@. 
+The macro wrapping the generic expression imposes some limitations, for instance, it cannot implement the example above, because the variables @max@ are ambiguous with the functions @max@. 
 Ergonomic limitations of @_Generic@ include the necessity to put a fixed list of supported types in a single place and manually dispatch to appropriate overloads, as well as possible namespace pollution from the dispatch functions, which must all have distinct names.
-\CFA supports @_Generic@ expressions for backwards compatibility, but it is an unnecessary mechanism. \TODO{actually implement that}
+\CFA supports @_Generic@ expressions for backward compatibility, but it is an unnecessary mechanism.
 
 % http://fanf.livejournal.com/144696.html
@@ -363 +372 @@
 
 
-\subsection{\texorpdfstring{\protect\lstinline{forall} Functions}{forall Functions}}
+\vspace*{-10pt}
+\subsection{\texorpdfstring{\protect\lstinline{forall} functions}{forall functions}}
 \label{sec:poly-fns}
 
-The signature feature of \CFA is parametric-polymorphic functions~\cite{forceone:impl,Cormack90,Duggan96} with functions generalized using a @forall@ clause (giving the language its name):
+The signature feature of \CFA is parametric-polymorphic functions~\cite{forceone:impl,Cormack90,Duggan96} with functions generalized using a @forall@ clause (giving the language its name).
 \begin{cfa}
 `forall( otype T )` T identity( T val ) { return val; }
@@ -373 +383 @@
 This @identity@ function can be applied to any complete \newterm{object type} (or @otype@).
 The type variable @T@ is transformed into a set of additional implicit parameters encoding sufficient information about @T@ to create and return a variable of that type.
-The \CFA implementation passes the size and alignment of the type represented by an @otype@ parameter, as well as an assignment operator, constructor, copy constructor and destructor.
-If this extra information is not needed, \eg for a pointer, the type parameter can be declared as a \newterm{data type} (or @dtype@).
-
-In \CFA, the polymorphic runtime-cost is spread over each polymorphic call, because more arguments are passed to polymorphic functions;
-the experiments in Section~\ref{sec:eval} show this overhead is similar to \CC virtual-function calls.
-A design advantage is that, unlike \CC template-functions, \CFA polymorphic-functions are compatible with C \emph{separate compilation}, preventing compilation and code bloat.
-
-Since bare polymorphic-types provide a restricted set of available operations, \CFA provides a \newterm{type assertion}~\cite[pp.~37-44]{Alphard} mechanism to provide further type information, where type assertions may be variable or function declarations that depend on a polymorphic type-variable.
-For example, the function @twice@ can be defined using the \CFA syntax for operator overloading:
+The \CFA implementation passes the size and alignment of the type represented by an @otype@ parameter, as well as an assignment operator, constructor, copy constructor, and destructor.
+If this extra information is not needed, for instance, for a pointer, the type parameter can be declared as a \newterm{data type} (or @dtype@).
+
+In \CFA, the polymorphic runtime cost is spread over each polymorphic call, because more arguments are passed to polymorphic functions;
+the experiments in Section~\ref{sec:eval} show this overhead is similar to \CC virtual function calls.
+A design advantage is that, unlike \CC template functions, \CFA polymorphic functions are compatible with C \emph{separate compilation}, preventing compilation and code bloat.
+
+Since bare polymorphic types provide a restricted set of available operations, \CFA provides a \newterm{type assertion}~\cite[pp.~37-44]{Alphard} mechanism to provide further type information, where type assertions may be variable or function declarations that depend on a polymorphic type variable.
+For example, the function @twice@ can be defined using the \CFA syntax for operator overloading.
 \begin{cfa}
 forall( otype T `| { T ?+?(T, T); }` ) T twice( T x ) { return x `+` x; }  $\C{// ? denotes operands}$
 int val = twice( twice( 3.7 ) );  $\C{// val == 14}$
 \end{cfa}
-which works for any type @T@ with a matching addition operator.
-The polymorphism is achieved by creating a wrapper function for calling @+@ with @T@ bound to @double@, then passing this function to the first call of @twice@.
-There is now the option of using the same @twice@ and converting the result to @int@ on assignment, or creating another @twice@ with type parameter @T@ bound to @int@ because \CFA uses the return type~\cite{Cormack81,Baker82,Ada} in its type analysis.
-The first approach has a late conversion from @double@ to @int@ on the final assignment, while the second has an early conversion to @int@.
-\CFA minimizes the number of conversions and their potential to lose information, so it selects the first approach, which corresponds with C-programmer intuition.
+This works for any type @T@ with a matching addition operator.
+The polymorphism is achieved by creating a wrapper function for calling @+@ with the @T@ bound to @double@ and then passing this function to the first call of @twice@.
+There is now the option of using the same @twice@ and converting the result into @int@ on assignment or creating another @twice@ with the type parameter @T@ bound to @int@ because \CFA uses the return type~\cite{Cormack81,Baker82,Ada} in its type analysis.
+The first approach has a late conversion from @double@ to @int@ on the final assignment, whereas the second has an early conversion to @int@.
+\CFA minimizes the number of conversions and their potential to lose information;
+hence, it selects the first approach, which corresponds with C programmer intuition.
 
 Crucial to the design of a new programming language are the libraries to access thousands of external software features.
-Like \CC, \CFA inherits a massive compatible library-base, where other programming languages must rewrite or provide fragile inter-language communication with C.
-A simple example is leveraging the existing type-unsafe (@void *@) C @bsearch@ to binary search a sorted float array:
+Like \CC, \CFA inherits a massive compatible library base, where other programming languages must rewrite or provide fragile interlanguage communication with C.
+A simple example is leveraging the existing type-unsafe (@void *@) C @bsearch@ to binary search a sorted float array.
 \begin{cfa}
 void * bsearch( const void * key, const void * base, size_t nmemb, size_t size,
@@ -404 +415 @@
 double * val = (double *)bsearch( &key, vals, 10, sizeof(vals[0]), comp ); $\C{// search sorted array}$
 \end{cfa}
-which can be augmented simply with generalized, type-safe, \CFA-overloaded wrappers:
+This can be augmented simply with generalized, type-safe, \CFA-overloaded wrappers.
 \begin{cfa}
 forall( otype T | { int ?<?( T, T ); } ) T * bsearch( T key, const T * arr, size_t size ) {
@@ -418 +429 @@
 \end{cfa}
 The nested function @comp@ provides the hidden interface from typed \CFA to untyped (@void *@) C, plus the cast of the result.
-Providing a hidden @comp@ function in \CC is awkward as lambdas do not use C calling-conventions and template declarations cannot appear at block scope.
-As well, an alternate kind of return is made available: position versus pointer to found element.
-\CC's type-system cannot disambiguate between the two versions of @bsearch@ because it does not use the return type in overload resolution, nor can \CC separately compile a template @bsearch@.
+% FIX
+Providing a hidden @comp@ function in \CC is awkward as lambdas do not use C calling conventions and template declarations cannot appear in block scope.
+In addition, an alternate kind of return is made available: position versus pointer to found element.
+\CC's type system cannot disambiguate between the two versions of @bsearch@ because it does not use the return type in overload resolution, nor can \CC separately compile a template @bsearch@.
 
 \CFA has replacement libraries condensing hundreds of existing C functions into tens of \CFA overloaded functions, all without rewriting the actual computations (see Section~\ref{sec:libraries}).
@@ -430 +442 @@
 \end{cfa}
 
-Call-site inferencing and nested functions provide a localized form of inheritance.
+Call site inferencing and nested functions provide a localized form of inheritance.
 For example, the \CFA @qsort@ only sorts in ascending order using @<@.
-However, it is trivial to locally change this behaviour:
+However, it is trivial to locally change this behavior.
 \begin{cfa}
 forall( otype T | { int ?<?( T, T ); } ) void qsort( const T * arr, size_t size ) { /* use C qsort */ }
 int main() {
-        int ?<?( double x, double y ) { return x `>` y; } $\C{// locally override behaviour}$
+        int ?<?( double x, double y ) { return x `>` y; } $\C{// locally override behavior}$
         qsort( vals, 10 );                                                      $\C{// descending sort}$
 }
 \end{cfa}
 The local version of @?<?@ performs @?>?@ overriding the built-in @?<?@ so it is passed to @qsort@.
-Hence, programmers can easily form local environments, adding and modifying appropriate functions, to maximize reuse of other existing functions and types.
-
-To reduce duplication, it is possible to distribute a group of @forall@ (and storage-class qualifiers) over functions/types, so each block declaration is prefixed by the group (see example in Appendix~\ref{s:CforallStack}).
+Therefore, programmers can easily form local environments, adding and modifying appropriate functions, to maximize the reuse of other existing functions and types.
+
+To reduce duplication, it is possible to distribute a group of @forall@ (and storage-class qualifiers) over functions/types, such that each block declaration is prefixed by the group (see the example in Appendix~\ref{s:CforallStack}).
 \begin{cfa}
 forall( otype `T` ) {                                                   $\C{// distribution block, add forall qualifier to declarations}$
@@ -454 +466 @@
 
 
-\vspace*{-2pt}
 \subsection{Traits}
 
-\CFA provides \newterm{traits} to name a group of type assertions, where the trait name allows specifying the same set of assertions in multiple locations, preventing repetition mistakes at each function declaration:
-
+\CFA provides \newterm{traits} to name a group of type assertions, where the trait name allows specifying the same set of assertions in multiple locations, preventing repetition mistakes at each function declaration.
 \begin{cquote}
 \lstDeleteShortInline@%
@@ -485 +495 @@
 \end{cquote}
 
-Note, the @sumable@ trait does not include a copy constructor needed for the right side of @?+=?@ and return;
-it is provided by @otype@, which is syntactic sugar for the following trait:
+Note that the @sumable@ trait does not include a copy constructor needed for the right side of @?+=?@ and return;
+it is provided by @otype@, which is syntactic sugar for the following trait.
 \begin{cfa}
 trait otype( dtype T | sized(T) ) {  // sized is a pseudo-trait for types with known size and alignment
@@ -495 +505 @@
 };
 \end{cfa}
-Given the information provided for an @otype@, variables of polymorphic type can be treated as if they were a complete type: stack-allocatable, default or copy-initialized, assigned, and deleted.
-
-In summation, the \CFA type-system uses \newterm{nominal typing} for concrete types, matching with the C type-system, and \newterm{structural typing} for polymorphic types.
+Given the information provided for an @otype@, variables of polymorphic type can be treated as if they were a complete type: stack allocatable, default or copy initialized, assigned, and deleted.
+
+In summation, the \CFA type system uses \newterm{nominal typing} for concrete types, matching with the C type system, and \newterm{structural typing} for polymorphic types.
 Hence, trait names play no part in type equivalence;
 the names are simply macros for a list of polymorphic assertions, which are expanded at usage sites.
-Nevertheless, trait names form a logical subtype-hierarchy with @dtype@ at the top, where traits often contain overlapping assertions, \eg operator @+@.
-Traits are used like interfaces in Java or abstract base-classes in \CC, but without the nominal inheritance-relationships.
-Instead, each polymorphic function (or generic type) defines the structural type needed for its execution (polymorphic type-key), and this key is fulfilled at each call site from the lexical environment, which is similar to Go~\cite{Go} interfaces.
-Hence, new lexical scopes and nested functions are used extensively to create local subtypes, as in the @qsort@ example, without having to manage a nominal-inheritance hierarchy.
+Nevertheless, trait names form a logical subtype hierarchy with @dtype@ at the top, where traits often contain overlapping assertions, \eg operator @+@.
+Traits are used like interfaces in Java or abstract base classes in \CC, but without the nominal inheritance relationships.
+Instead, each polymorphic function (or generic type) defines the structural type needed for its execution (polymorphic type key), and this key is fulfilled at each call site from the lexical environment, which is similar to the Go~\cite{Go} interfaces.
+Hence, new lexical scopes and nested functions are used extensively to create local subtypes, as in the @qsort@ example, without having to manage a nominal inheritance hierarchy.
 % (Nominal inheritance can be approximated with traits using marker variables or functions, as is done in Go.)
 
@@ -534 +544 @@
 
 A significant shortcoming of standard C is the lack of reusable type-safe abstractions for generic data structures and algorithms.
-Broadly speaking, there are three approaches to implement abstract data-structures in C.
-One approach is to write bespoke data-structures for each context in which they are needed.
-While this approach is flexible and supports integration with the C type-checker and tooling, it is also tedious and error-prone, especially for more complex data structures.
-A second approach is to use @void *@-based polymorphism, \eg the C standard-library functions @bsearch@ and @qsort@, which allow reuse of code with common functionality.
-However, basing all polymorphism on @void *@ eliminates the type-checker's ability to ensure that argument types are properly matched, often requiring a number of extra function parameters, pointer indirection, and dynamic allocation that is not otherwise needed.
-A third approach to generic code is to use preprocessor macros, which does allow the generated code to be both generic and type-checked, but errors may be difficult to interpret.
+Broadly speaking, there are three approaches to implement abstract data structures in C.
+One approach is to write bespoke data structures for each context in which they are needed.
+While this approach is flexible and supports integration with the C type checker and tooling, it is also tedious and error prone, especially for more complex data structures.
+A second approach is to use @void *@-based polymorphism, \eg the C standard library functions @bsearch@ and @qsort@, which allow for the reuse of code with common functionality.
+However, basing all polymorphism on @void *@ eliminates the type checker's ability to ensure that argument types are properly matched, often requiring a number of extra function parameters, pointer indirection, and dynamic allocation that is otherwise not needed.
+A third approach to generic code is to use preprocessor macros, which does allow the generated code to be both generic and type checked, but errors may be difficult to interpret.
 Furthermore, writing and using preprocessor macros is unnatural and inflexible.
 
-\CC, Java, and other languages use \newterm{generic types} to produce type-safe abstract data-types.
-\CFA generic types integrate efficiently and naturally with the existing polymorphic functions, while retaining backwards compatibility with C and providing separate compilation.
+\CC, Java, and other languages use \newterm{generic types} to produce type-safe abstract data types.
+\CFA generic types integrate efficiently and naturally with the existing polymorphic functions, while retaining backward compatibility with C and providing separate compilation.
 However, for known concrete parameters, the generic-type definition can be inlined, like \CC templates.
 
-A generic type can be declared by placing a @forall@ specifier on a @struct@ or @union@ declaration, and instantiated using a parenthesized list of types after the type name:
+A generic type can be declared by placing a @forall@ specifier on a @struct@ or @union@ declaration and instantiated using a parenthesized list of types after the type name.
 \begin{cquote}
 \lstDeleteShortInline@%
@@ -574 +584 @@
 
 \CFA classifies generic types as either \newterm{concrete} or \newterm{dynamic}.
-Concrete types have a fixed memory layout regardless of type parameters, while dynamic types vary in memory layout depending on their type parameters.
+Concrete types have a fixed memory layout regardless of type parameters, whereas dynamic types vary in memory layout depending on their type parameters.
 A \newterm{dtype-static} type has polymorphic parameters but is still concrete.
 Polymorphic pointers are an example of dtype-static types;
-given some type variable @T@, @T@ is a polymorphic type, as is @T *@, but @T *@ has a fixed size and can therefore be represented by @void *@ in code generation.
-
-\CFA generic types also allow checked argument-constraints.
-For example, the following declaration of a sorted set-type ensures the set key supports equality and relational comparison:
+given some type variable @T@, @T@ is a polymorphic type, as is @T *@, but @T *@ has a fixed size and can, therefore, be represented by @void *@ in code generation.
+
+\CFA generic types also allow checked argument constraints.
+For example, the following declaration of a sorted set type ensures the set key supports equality and relational comparison.
 \begin{cfa}
 forall( otype Key | { _Bool ?==?(Key, Key); _Bool ?<?(Key, Key); } ) struct sorted_set;
@@ -586 +596 @@
 
 
-\subsection{Concrete Generic-Types}
-
-The \CFA translator template-expands concrete generic-types into new structure types, affording maximal inlining.
-To enable inter-operation among equivalent instantiations of a generic type, the translator saves the set of instantiations currently in scope and reuses the generated structure declarations where appropriate.
-A function declaration that accepts or returns a concrete generic-type produces a declaration for the instantiated structure in the same scope, which all callers may reuse.
-For example, the concrete instantiation for @pair( const char *, int )@ is:
+\subsection{Concrete generic types}
+
+The \CFA translator template expands concrete generic types into new structure types, affording maximal inlining.
+To enable interoperation among equivalent instantiations of a generic type, the translator saves the set of instantiations currently in scope and reuses the generated structure declarations where appropriate.
+A function declaration that accepts or returns a concrete generic type produces a declaration for the instantiated structure in the same scope, which all callers may reuse.
+For example, the concrete instantiation for @pair( const char *, int )@ is
 \begin{cfa}
 struct _pair_conc0 {
@@ -598 +608 @@
 \end{cfa}
 
-A concrete generic-type with dtype-static parameters is also expanded to a structure type, but this type is used for all matching instantiations.
-In the above example, the @pair( F *, T * )@ parameter to @value@ is such a type; its expansion is below and it is used as the type of the variables @q@ and @r@ as well, with casts for member access where appropriate:
+A concrete generic type with dtype-static parameters is also expanded to a structure type, but this type is used for all matching instantiations.
+In the above example, the @pair( F *, T * )@ parameter to @value@ is such a type; its expansion is below, and it is used as the type of the variables @q@ and @r@ as well, with casts for member access where appropriate.
 \begin{cfa}
 struct _pair_conc1 {
@@ -607 +617 @@
 
 
-\subsection{Dynamic Generic-Types}
-
-Though \CFA implements concrete generic-types efficiently, it also has a fully general system for dynamic generic types.
-As mentioned in Section~\ref{sec:poly-fns}, @otype@ function parameters (in fact all @sized@ polymorphic parameters) come with implicit size and alignment parameters provided by the caller.
-Dynamic generic-types also have an \newterm{offset array} containing structure-member offsets.
-A dynamic generic-@union@ needs no such offset array, as all members are at offset 0, but size and alignment are still necessary.
-Access to members of a dynamic structure is provided at runtime via base-displacement addressing with the structure pointer and the member offset (similar to the @offsetof@ macro), moving a compile-time offset calculation to runtime.
+\subsection{Dynamic generic types}
+
+Though \CFA implements concrete generic types efficiently, it also has a fully general system for dynamic generic types.
+As mentioned in Section~\ref{sec:poly-fns}, @otype@ function parameters (in fact, all @sized@ polymorphic parameters) come with implicit size and alignment parameters provided by the caller.
+Dynamic generic types also have an \newterm{offset array} containing structure-member offsets.
+A dynamic generic @union@ needs no such offset array, as all members are at offset 0, but size and alignment are still necessary.
+Access to members of a dynamic structure is provided at runtime via base displacement addressing
+% FIX
+using the structure pointer and the member offset (similar to the @offsetof@ macro), moving a compile-time offset calculation to runtime.
 
 The offset arrays are statically generated where possible.
-If a dynamic generic-type is declared to be passed or returned by value from a polymorphic function, the translator can safely assume the generic type is complete (\ie has a known layout) at any call-site, and the offset array is passed from the caller;
+If a dynamic generic type is declared to be passed or returned by value from a polymorphic function, the translator can safely assume that the generic type is complete (\ie has a known layout) at any call site, and the offset array is passed from the caller;
 if the generic type is concrete at the call site, the elements of this offset array can even be statically generated using the C @offsetof@ macro.
-As an example, the body of the second @value@ function is implemented as:
+As an example, the body of the second @value@ function is implemented as
 \begin{cfa}
 _assign_T( _retval, p + _offsetof_pair[1] ); $\C{// return *p.second}$
 \end{cfa}
-@_assign_T@ is passed in as an implicit parameter from @otype T@, and takes two @T *@ (@void *@ in the generated code), a destination and a source; @_retval@ is the pointer to a caller-allocated buffer for the return value, the usual \CFA method to handle dynamically-sized return types.
-@_offsetof_pair@ is the offset array passed into @value@; this array is generated at the call site as:
+\newpage
+\noindent
+Here, @_assign_T@ is passed in as an implicit parameter from @otype T@, and takes two @T *@ (@void *@ in the generated code), a destination and a source, and @_retval@ is the pointer to a caller-allocated buffer for the return value, the usual \CFA method to handle dynamically sized return types.
+@_offsetof_pair@ is the offset array passed into @value@;
+this array is generated at the call site as
 \begin{cfa}
 size_t _offsetof_pair[] = { offsetof( _pair_conc0, first ), offsetof( _pair_conc0, second ) }
 \end{cfa}
 
-In some cases the offset arrays cannot be statically generated.
-For instance, modularity is generally provided in C by including an opaque forward-declaration of a structure and associated accessor and mutator functions in a header file, with the actual implementations in a separately-compiled @.c@ file.
-\CFA supports this pattern for generic types, but the caller does not know the actual layout or size of the dynamic generic-type, and only holds it by a pointer.
+In some cases, the offset arrays cannot be statically generated.
+For instance, modularity is generally provided in C by including an opaque forward declaration of a structure and associated accessor and mutator functions in a header file, with the actual implementations in a separately compiled @.c@ file.
+\CFA supports this pattern for generic types, but the caller does not know the actual layout or size of the dynamic generic type and only holds it by a pointer.
 The \CFA translator automatically generates \newterm{layout functions} for cases where the size, alignment, and offset array of a generic struct cannot be passed into a function from that function's caller.
 These layout functions take as arguments pointers to size and alignment variables and a caller-allocated array of member offsets, as well as the size and alignment of all @sized@ parameters to the generic structure (un@sized@ parameters are forbidden from being used in a context that affects layout).
@@ -640 +655 @@
 Whether a type is concrete, dtype-static, or dynamic is decided solely on the @forall@'s type parameters.
 This design allows opaque forward declarations of generic types, \eg @forall(otype T)@ @struct Box@ -- like in C, all uses of @Box(T)@ can be separately compiled, and callers from other translation units know the proper calling conventions to use.
-If the definition of a structure type is included in deciding whether a generic type is dynamic or concrete, some further types may be recognized as dtype-static (\eg @forall(otype T)@ @struct unique_ptr { T * p }@ does not depend on @T@ for its layout, but the existence of an @otype@ parameter means that it \emph{could}.), but preserving separate compilation (and the associated C compatibility) in the existing design is judged to be an appropriate trade-off.
+If the definition of a structure type is included in deciding whether a generic type is dynamic or concrete, some further types may be recognized as dtype-static (\eg @forall(otype T)@ @struct unique_ptr { T * p }@ does not depend on @T@ for its layout, but the existence of an @otype@ parameter means that it \emph{could}.);
+however, preserving separate compilation (and the associated C compatibility) in the existing design is judged to be an appropriate trade-off.
 
 
@@ -653 +669 @@
 }
 \end{cfa}
-Since @pair( T *, T * )@ is a concrete type, there are no implicit parameters passed to @lexcmp@, so the generated code is identical to a function written in standard C using @void *@, yet the \CFA version is type-checked to ensure the members of both pairs and the arguments to the comparison function match in type.
-
-Another useful pattern enabled by reused dtype-static type instantiations is zero-cost \newterm{tag-structures}.
-Sometimes information is only used for type-checking and can be omitted at runtime, \eg:
+Since @pair( T *, T * )@ is a concrete type, there are no implicit parameters passed to @lexcmp@;
+hence, the generated code is identical to a function written in standard C using @void *@, yet the \CFA version is type checked to ensure members of both pairs and arguments to the comparison function match in type.
+
+Another useful pattern enabled by reused dtype-static type instantiations is zero-cost \newterm{tag structures}.
+Sometimes, information is only used for type checking and can be omitted at runtime.
 \begin{cquote}
 \lstDeleteShortInline@%
@@ -675 +692 @@
                                                         half_marathon;
 scalar(litres) two_pools = pool + pool;
-`marathon + pool;`      // ERROR, mismatched types
+`marathon + pool;` // ERROR, mismatched types
 \end{cfa}
 \end{tabular}
 \lstMakeShortInline@%
 \end{cquote}
-@scalar@ is a dtype-static type, so all uses have a single structure definition, containing @unsigned long@, and can share the same implementations of common functions like @?+?@.
+Here, @scalar@ is a dtype-static type;
+hence, all uses have a single structure definition, containing @unsigned long@, and can share the same implementations of common functions like @?+?@.
 These implementations may even be separately compiled, unlike \CC template functions.
-However, the \CFA type-checker ensures matching types are used by all calls to @?+?@, preventing nonsensical computations like adding a length to a volume.
+However, the \CFA type checker ensures matching types are used by all calls to @?+?@, preventing nonsensical computations like adding a length to a volume.
 
 
@@ -688 +706 @@
 \label{sec:tuples}
 
-In many languages, functions can return at most one value;
+In many languages, functions can return, at most, one value;
 however, many operations have multiple outcomes, some exceptional.
 Consider C's @div@ and @remquo@ functions, which return the quotient and remainder for a division of integer and float values, respectively.
@@ -699 +717 @@
 double r = remquo( 13.5, 5.2, &q );                     $\C{// return remainder, alias quotient}$
 \end{cfa}
-@div@ aggregates the quotient/remainder in a structure, while @remquo@ aliases a parameter to an argument.
+Here, @div@ aggregates the quotient/remainder in a structure, whereas @remquo@ aliases a parameter to an argument.
 Both approaches are awkward.
-Alternatively, a programming language can directly support returning multiple values, \eg in \CFA:
+% FIX
+Alternatively, a programming language can directly support returning multiple values, \eg \CFA provides the following.
 \begin{cfa}
 [ int, int ] div( int num, int den );           $\C{// return two integers}$
@@ -712 +731 @@
 This approach is straightforward to understand and use;
 therefore, why do few programming languages support this obvious feature or provide it awkwardly?
-To answer, there are complex consequences that cascade through multiple aspects of the language, especially the type-system.
-This section show these consequences and how \CFA handles them.
+To answer, there are complex consequences that cascade through multiple aspects of the language, especially the type system.
+This section shows these consequences and how \CFA handles them.
 
 
 \subsection{Tuple Expressions}
 
-The addition of multiple-return-value functions (MRVF) are \emph{useless} without a syntax for accepting multiple values at the call-site.
+The addition of multiple-return-value functions (MRVFs) is \emph{useless} without a syntax for accepting multiple values at the call site.
 The simplest mechanism for capturing the return values is variable assignment, allowing the values to be retrieved directly.
 As such, \CFA allows assigning multiple values from a function into multiple variables, using a square-bracketed list of lvalue expressions (as above), called a \newterm{tuple}.
 
-However, functions also use \newterm{composition} (nested calls), with the direct consequence that MRVFs must also support composition to be orthogonal with single-returning-value functions (SRVF), \eg:
+However, functions also use \newterm{composition} (nested calls), with the direct consequence that MRVFs must also support composition to be orthogonal with single-returning-value functions (SRVFs), \eg, \CFA provides the following.
 \begin{cfa}
 printf( "%d %d\n", div( 13, 5 ) );                      $\C{// return values seperated into arguments}$
 \end{cfa}
 Here, the values returned by @div@ are composed with the call to @printf@ by flattening the tuple into separate arguments.
-However, the \CFA type-system must support significantly more complex composition:
+However, the \CFA type-system must support significantly more complex composition.
 \begin{cfa}
 [ int, int ] foo$\(_1\)$( int );                        $\C{// overloaded foo functions}$
@@ -734 +753 @@
 `bar`( foo( 3 ), foo( 3 ) );
 \end{cfa}
-The type-resolver only has the tuple return-types to resolve the call to @bar@ as the @foo@ parameters are identical, which involves unifying the possible @foo@ functions with @bar@'s parameter list.
-No combination of @foo@s are an exact match with @bar@'s parameters, so the resolver applies C conversions.
+The type resolver only has the tuple return types to resolve the call to @bar@ as the @foo@ parameters are identical, which involves unifying the possible @foo@ functions with @bar@'s parameter list.
+No combination of @foo@s is an exact match with @bar@'s parameters;
+thus, the resolver applies C conversions.
+% FIX
 The minimal cost is @bar( foo@$_1$@( 3 ), foo@$_2$@( 3 ) )@, giving (@int@, {\color{ForestGreen}@int@}, @double@) to (@int@, {\color{ForestGreen}@double@}, @double@) with one {\color{ForestGreen}safe} (widening) conversion from @int@ to @double@ versus ({\color{red}@double@}, {\color{ForestGreen}@int@}, {\color{ForestGreen}@int@}) to ({\color{red}@int@}, {\color{ForestGreen}@double@}, {\color{ForestGreen}@double@}) with one {\color{red}unsafe} (narrowing) conversion from @double@ to @int@ and two safe conversions.
 
 
-\subsection{Tuple Variables}
+\subsection{Tuple variables}
 
 An important observation from function composition is that new variable names are not required to initialize parameters from an MRVF.
-\CFA also allows declaration of tuple variables that can be initialized from an MRVF, since it can be awkward to declare multiple variables of different types, \eg:
+\CFA also allows declaration of tuple variables that can be initialized from an MRVF, since it can be awkward to declare multiple variables of different types.
+\newpage
 \begin{cfa}
 [ int, int ] qr = div( 13, 5 );                         $\C{// tuple-variable declaration and initialization}$
 [ double, double ] qr = div( 13.5, 5.2 );
 \end{cfa}
-where the tuple variable-name serves the same purpose as the parameter name(s).
+Here, the tuple variable name serves the same purpose as the parameter name(s).
 Tuple variables can be composed of any types, except for array types, since array sizes are generally unknown in C.
 
-One way to access the tuple-variable components is with assignment or composition:
+One way to access the tuple variable components is with assignment or composition.
 \begin{cfa}
 [ q, r ] = qr;                                                          $\C{// access tuple-variable components}$
 printf( "%d %d\n", qr );
 \end{cfa}
-\CFA also supports \newterm{tuple indexing} to access single components of a tuple expression:
+\CFA also supports \newterm{tuple indexing} to access single components of a tuple expression.
 \begin{cfa}
 [int, int] * p = &qr;                                           $\C{// tuple pointer}$
@@ -766 +788 @@
 
 
-\subsection{Flattening and Restructuring}
+\subsection{Flattening and restructuring}
 
 In function call contexts, tuples support implicit flattening and restructuring conversions.
 Tuple flattening recursively expands a tuple into the list of its basic components.
-Tuple structuring packages a list of expressions into a value of tuple type, \eg:
+Tuple structuring packages a list of expressions into a value of tuple type.
 \begin{cfa}
 int f( int, int );
@@ -781 +803 @@
 h( x, y );                                                                      $\C{// flatten and structure}$
 \end{cfa}
-In the call to @f@, @x@ is implicitly flattened so the components of @x@ are passed as the two arguments.
+In the call to @f@, @x@ is implicitly flattened so the components of @x@ are passed as two arguments.
 In the call to @g@, the values @y@ and @10@ are structured into a single argument of type @[int, int]@ to match the parameter type of @g@.
 Finally, in the call to @h@, @x@ is flattened to yield an argument list of length 3, of which the first component of @x@ is passed as the first parameter of @h@, and the second component of @x@ and @y@ are structured into the second argument of type @[int, int]@.
-The flexible structure of tuples permits a simple and expressive function call syntax to work seamlessly with both SRVF and MRVF, and with any number of arguments of arbitrarily complex structure.
-
-
-\subsection{Tuple Assignment}
-
+The flexible structure of tuples permits a simple and expressive function call syntax to work seamlessly with both SRVFs and MRVFs with any number of arguments of arbitrarily complex structure.
+
+
+\subsection{Tuple assignment}
+
+\enlargethispage{-10pt}
 An assignment where the left side is a tuple type is called \newterm{tuple assignment}.
-There are two kinds of tuple assignment depending on whether the right side of the assignment operator has a tuple type or a non-tuple type, called \newterm{multiple} and \newterm{mass assignment}, respectively.
+There are two kinds of tuple assignment depending on whether the right side of the assignment operator has a tuple type or a nontuple type, called \newterm{multiple} and \newterm{mass assignment}, respectively.
 \begin{cfa}
 int x = 10;
@@ -800 +823 @@
 [y, x] = 3.14;                                                          $\C{// mass assignment}$
 \end{cfa}
-Both kinds of tuple assignment have parallel semantics, so that each value on the left and right side is evaluated before any assignments occur.
+Both kinds of tuple assignment have parallel semantics, so that each value on the left and right sides is evaluated before any assignments occur.
 As a result, it is possible to swap the values in two variables without explicitly creating any temporary variables or calling a function, \eg, @[x, y] = [y, x]@.
 This semantics means mass assignment differs from C cascading assignment (\eg @a = b = c@) in that conversions are applied in each individual assignment, which prevents data loss from the chain of conversions that can happen during a cascading assignment.
-For example, @[y, x] = 3.14@ performs the assignments @y = 3.14@ and @x = 3.14@, yielding @y == 3.14@ and @x == 3@;
-whereas, C cascading assignment @y = x = 3.14@ performs the assignments @x = 3.14@ and @y = x@, yielding @3@ in @y@ and @x@.
+For example, @[y, x] = 3.14@ performs the assignments @y = 3.14@ and @x = 3.14@, yielding @y == 3.14@ and @x == 3@, whereas C cascading assignment @y = x = 3.14@ performs the assignments @x = 3.14@ and @y = x@, yielding @3@ in @y@ and @x@.
 Finally, tuple assignment is an expression where the result type is the type of the left-hand side of the assignment, just like all other assignment expressions in C.
-This example shows mass, multiple, and cascading assignment used in one expression:
+This example shows mass, multiple, and cascading assignment used in one expression.
 \begin{cfa}
 [void] f( [int, int] );
@@ -813 +835 @@
 
 
-\subsection{Member Access}
-
-It is also possible to access multiple members from a single expression using a \newterm{member-access}.
-The result is a single tuple-valued expression whose type is the tuple of the types of the members, \eg:
+\subsection{Member access}
+
+It is also possible to access multiple members from a single expression using a \newterm{member access}.
+The result is a single tuple-valued expression whose type is the tuple of the types of the members.
 \begin{cfa}
 struct S { int x; double y; char * z; } s;
@@ -830 +852 @@
 [int, int, int] y = x.[2, 0, 2];                        $\C{// duplicate: [y.0, y.1, y.2] = [x.2, x.0.x.2]}$
 \end{cfa}
-It is also possible for a member access to contain other member accesses, \eg:
+It is also possible for a member access to contain other member accesses.
 \begin{cfa}
 struct A { double i; int j; };
@@ -897 +919 @@
 
 Tuples also integrate with \CFA polymorphism as a kind of generic type.
-Due to the implicit flattening and structuring conversions involved in argument passing, @otype@ and @dtype@ parameters are restricted to matching only with non-tuple types, \eg:
+Due to the implicit flattening and structuring conversions involved in argument passing, @otype@ and @dtype@ parameters are restricted to matching only with nontuple types.
 \begin{cfa}
 forall( otype T, dtype U ) void f( T x, U * y );
 f( [5, "hello"] );
 \end{cfa}
-where @[5, "hello"]@ is flattened, giving argument list @5, "hello"@, and @T@ binds to @int@ and @U@ binds to @const char@.
+Here, @[5, "hello"]@ is flattened, giving argument list @5, "hello"@, and @T@ binds to @int@ and @U@ binds to @const char@.
 Tuples, however, may contain polymorphic components.
 For example, a plus operator can be written to sum two triples.
@@ -920 +942 @@
 g( 5, 10.21 );
 \end{cfa}
+\newpage
 Hence, function parameter and return lists are flattened for the purposes of type unification allowing the example to pass expression resolution.
 This relaxation is possible by extending the thunk scheme described by Bilson~\cite{Bilson03}.
@@ -930 +953 @@
 
 
-\subsection{Variadic Tuples}
+\subsection{Variadic tuples}
 \label{sec:variadic-tuples}
 
-To define variadic functions, \CFA adds a new kind of type parameter, @ttype@ (tuple type).
-Matching against a @ttype@ parameter consumes all remaining argument components and packages them into a tuple, binding to the resulting tuple of types.
-In a given parameter list, there must be at most one @ttype@ parameter that occurs last, which matches normal variadic semantics, with a strong feeling of similarity to \CCeleven variadic templates.
+To define variadic functions, \CFA adds a new kind of type parameter, \ie @ttype@ (tuple type).
+Matching against a @ttype@ parameter consumes all the remaining argument components and packages them into a tuple, binding to the resulting tuple of types.
+In a given parameter list, there must be, at most, one @ttype@ parameter that occurs last, which matches normal variadic semantics, with a strong feeling of similarity to \CCeleven variadic templates.
 As such, @ttype@ variables are also called \newterm{argument packs}.
 
@@ -941 +964 @@
 Since nothing is known about a parameter pack by default, assertion parameters are key to doing anything meaningful.
 Unlike variadic templates, @ttype@ polymorphic functions can be separately compiled.
-For example, a generalized @sum@ function:
+For example, the following is a generalized @sum@ function. 
 \begin{cfa}
 int sum$\(_0\)$() { return 0; }
@@ -950 +973 @@
 \end{cfa}
 Since @sum@\(_0\) does not accept any arguments, it is not a valid candidate function for the call @sum(10, 20, 30)@.
-In order to call @sum@\(_1\), @10@ is matched with @x@, and the argument resolution moves on to the argument pack @rest@, which consumes the remainder of the argument list and @Params@ is bound to @[20, 30]@.
+In order to call @sum@\(_1\), @10@ is matched with @x@, and the argument resolution moves on to the argument pack @rest@, which consumes the remainder of the argument list, and @Params@ is bound to @[20, 30]@.
 The process continues until @Params@ is bound to @[]@, requiring an assertion @int sum()@, which matches @sum@\(_0\) and terminates the recursion.
 Effectively, this algorithm traces as @sum(10, 20, 30)@ $\rightarrow$ @10 + sum(20, 30)@ $\rightarrow$ @10 + (20 + sum(30))@ $\rightarrow$ @10 + (20 + (30 + sum()))@ $\rightarrow$ @10 + (20 + (30 + 0))@.
 
-It is reasonable to take the @sum@ function a step further to enforce a minimum number of arguments:
+It is reasonable to take the @sum@ function a step further to enforce a minimum number of arguments.
 \begin{cfa}
 int sum( int x, int y ) { return x + y; }
@@ -961 +984 @@
 }
 \end{cfa}
-One more step permits the summation of any sumable type with all arguments of the same type:
+One more step permits the summation of any sumable type with all arguments of the same type.
 \begin{cfa}
 trait sumable( otype T ) {
@@ -990 +1013 @@
 This example showcases a variadic-template-like decomposition of the provided argument list.
 The individual @print@ functions allow printing a single element of a type.
-The polymorphic @print@ allows printing any list of types, where as each individual type has a @print@ function.
+The polymorphic @print@ allows printing any list of types, where each individual type has a @print@ function.
 The individual print functions can be used to build up more complicated @print@ functions, such as @S@, which cannot be done with @printf@ in C.
 This mechanism is used to seamlessly print tuples in the \CFA I/O library (see Section~\ref{s:IOLibrary}).
 
 Finally, it is possible to use @ttype@ polymorphism to provide arbitrary argument forwarding functions.
-For example, it is possible to write @new@ as a library function:
+For example, it is possible to write @new@ as a library function.
 \begin{cfa}
 forall( otype R, otype S ) void ?{}( pair(R, S) *, R, S );
@@ -1004 +1027 @@
 \end{cfa}
 The @new@ function provides the combination of type-safe @malloc@ with a \CFA constructor call, making it impossible to forget constructing dynamically allocated objects.
-This function provides the type-safety of @new@ in \CC, without the need to specify the allocated type again, thanks to return-type inference.
+This function provides the type safety of @new@ in \CC, without the need to specify the allocated type again, due to return-type inference.
 
 
@@ -1010 +1033 @@
 
 Tuples are implemented in the \CFA translator via a transformation into \newterm{generic types}.
-For each $N$, the first time an $N$-tuple is seen in a scope a generic type with $N$ type parameters is generated, \eg:
+For each $N$, the first time an $N$-tuple is seen in a scope, a generic type with $N$ type parameters is generated.
+For example, the following
 \begin{cfa}
 [int, int] f() {
@@ -1017 +1041 @@
 }
 \end{cfa}
-is transformed into:
+is transformed into
 \begin{cfa}
 forall( dtype T0, dtype T1 | sized(T0) | sized(T1) ) struct _tuple2 {
@@ -1083 +1107 @@
 
 The various kinds of tuple assignment, constructors, and destructors generate GNU C statement expressions.
-A variable is generated to store the value produced by a statement expression, since its members may need to be constructed with a non-trivial constructor and it may need to be referred to multiple time, \eg in a unique expression.
+A variable is generated to store the value produced by a statement expression, since its members may need to be constructed with a nontrivial constructor and it may need to be referred to multiple time, \eg in a unique expression.
 The use of statement expressions allows the translator to arbitrarily generate additional temporary variables as needed, but binds the implementation to a non-standard extension of the C language.
 However, there are other places where the \CFA translator makes use of GNU C extensions, such as its use of nested functions, so this restriction is not new.
@@ -1091 +1115 @@
 \section{Control Structures}
 
-\CFA identifies inconsistent, problematic, and missing control structures in C, and extends, modifies, and adds control structures to increase functionality and safety.
-
-
-\subsection{\texorpdfstring{\protect\lstinline{if} Statement}{if Statement}}
-
-The @if@ expression allows declarations, similar to @for@ declaration expression:
+\CFA identifies inconsistent, problematic, and missing control structures in C, as well as extends, modifies, and adds control structures to increase functionality and safety.
+
+
+\subsection{\texorpdfstring{\protect\lstinline@if@ statement}{if statement}}
+
+The @if@ expression allows declarations, similar to the @for@ declaration expression.
 \begin{cfa}
 if ( int x = f() ) ...                                          $\C{// x != 0}$
@@ -1103 +1127 @@
 \end{cfa}
 Unless a relational expression is specified, each variable is compared not equal to 0, which is the standard semantics for the @if@ expression, and the results are combined using the logical @&&@ operator.\footnote{\CC only provides a single declaration always compared not equal to 0.}
-The scope of the declaration(s) is local to the @if@ statement but exist within both the ``then'' and ``else'' clauses.
-
-
-\subsection{\texorpdfstring{\protect\lstinline{switch} Statement}{switch Statement}}
+The scope of the declaration(s) is local to the @if@ statement but exists within both the ``then'' and ``else'' clauses.
+
+
+\subsection{\texorpdfstring{\protect\lstinline@switch@ statement}{switch statement}}
 
 There are a number of deficiencies with the C @switch@ statements: enumerating @case@ lists, placement of @case@ clauses, scope of the switch body, and fall through between case clauses.
 
-C has no shorthand for specifying a list of case values, whether the list is non-contiguous or contiguous\footnote{C provides this mechanism via fall through.}.
-\CFA provides a shorthand for a non-contiguous list:
+C has no shorthand for specifying a list of case values, whether the list is noncontiguous or contiguous\footnote{C provides this mechanism via fall through.}.
+\CFA provides a shorthand for a noncontiguous list:
 \begin{cquote}
 \lstDeleteShortInline@%
@@ -1126 +1150 @@
 \lstMakeShortInline@%
 \end{cquote}
-for a contiguous list:\footnote{gcc has the same mechanism but awkward syntax, \lstinline@2 ...42@, as a space is required after a number, otherwise the first period is a decimal point.}
+for a contiguous list:\footnote{gcc has the same mechanism but awkward syntax, \lstinline@2 ...42@, as a space is required after a number;
+otherwise, the first period is a decimal point.}
 \begin{cquote}
 \lstDeleteShortInline@%
@@ -1157 +1182 @@
 }
 \end{cfa}
-\CFA precludes this form of transfer \emph{into} a control structure because it causes undefined behaviour, especially with respect to missed initialization, and provides very limited functionality.
-
-C allows placement of declaration within the @switch@ body and unreachable code at the start, resulting in undefined behaviour:
+\CFA precludes this form of transfer \emph{into} a control structure because it causes an undefined behavior, especially with respect to missed initialization, and provides very limited functionality.
+
+C allows placement of declaration within the @switch@ body and unreachable code at the start, resulting in an undefined behavior.
 \begin{cfa}
 switch ( x ) {
@@ -1176 +1201 @@
 
 C @switch@ provides multiple entry points into the statement body, but once an entry point is selected, control continues across \emph{all} @case@ clauses until the end of the @switch@ body, called \newterm{fall through};
-@case@ clauses are made disjoint by the @break@ statement.
+@case@ clauses are made disjoint by the @break@
+\newpage
+\noindent
+statement.
 While fall through \emph{is} a useful form of control flow, it does not match well with programmer intuition, resulting in errors from missing @break@ statements.
-For backwards compatibility, \CFA provides a \emph{new} control structure, @choose@, which mimics @switch@, but reverses the meaning of fall through (see Figure~\ref{f:ChooseSwitchStatements}), similar to Go.
+For backward compatibility, \CFA provides a \emph{new} control structure, \ie @choose@, which mimics @switch@, but reverses the meaning of fall through (see Figure~\ref{f:ChooseSwitchStatements}), similar to Go.
 
 \begin{figure}
 \centering
+\fontsize{9bp}{11bp}\selectfont
 \lstDeleteShortInline@%
 \begin{tabular}{@{}l|@{\hspace{\parindentlnth}}l@{}}
@@ -1218 +1247 @@
 \end{tabular}
 \lstMakeShortInline@%
-\caption{\lstinline|choose| versus \lstinline|switch| Statements}
+\caption{\lstinline|choose| versus \lstinline|switch| statements}
 \label{f:ChooseSwitchStatements}
+\vspace*{-11pt}
 \end{figure}
 
-Finally, Figure~\ref{f:FallthroughStatement} shows @fallthrough@ may appear in contexts other than terminating a @case@ clause, and have an explicit transfer label allowing separate cases but common final-code for a set of cases.
+Finally, Figure~\ref{f:FallthroughStatement} shows @fallthrough@ may appear in contexts other than terminating a @case@ clause and have an explicit transfer label allowing separate cases but common final code for a set of cases.
 The target label must be below the @fallthrough@ and may not be nested in a control structure, \ie @fallthrough@ cannot form a loop, and the target label must be at the same or higher level as the containing @case@ clause and located at the same level as a @case@ clause;
 the target label may be case @default@, but only associated with the current @switch@/@choose@ statement.
@@ -1228 +1258 @@
 \begin{figure}
 \centering
+\fontsize{9bp}{11bp}\selectfont
 \lstDeleteShortInline@%
 \begin{tabular}{@{}l|@{\hspace{\parindentlnth}}l@{}}
@@ -1256 +1287 @@
 \end{tabular}
 \lstMakeShortInline@%
-\caption{\lstinline|fallthrough| Statement}
+\caption{\lstinline|fallthrough| statement}
 \label{f:FallthroughStatement}
+\vspace*{-11pt}
 \end{figure}
 
 
-\subsection{\texorpdfstring{Labelled \protect\lstinline{continue} / \protect\lstinline{break}}{Labelled continue / break}}
+\vspace*{-8pt}
+\subsection{\texorpdfstring{Labeled \protect\lstinline@continue@ / \protect\lstinline@break@}{Labeled continue / break}}
 
 While C provides @continue@ and @break@ statements for altering control flow, both are restricted to one level of nesting for a particular control structure.
-Unfortunately, this restriction forces programmers to use @goto@ to achieve the equivalent control-flow for more than one level of nesting.
-To prevent having to switch to the @goto@, \CFA extends the @continue@ and @break@ with a target label to support static multi-level exit~\cite{Buhr85}, as in Java.
+Unfortunately, this restriction forces programmers to use @goto@ to achieve the equivalent control flow for more than one level of nesting.
+To prevent having to switch to the @goto@, \CFA extends @continue@ and @break@ with a target label to support static multilevel exit~\cite{Buhr85}, as in Java.
 For both @continue@ and @break@, the target label must be directly associated with a @for@, @while@ or @do@ statement;
 for @break@, the target label can also be associated with a @switch@, @if@ or compound (@{}@) statement.
-Figure~\ref{f:MultiLevelExit} shows @continue@ and @break@ indicating the specific control structure, and the corresponding C program using only @goto@ and labels.
-The innermost loop has 7 exit points, which cause continuation or termination of one or more of the 7 nested control-structures.
+Figure~\ref{f:MultiLevelExit} shows @continue@ and @break@ indicating the specific control structure and the corresponding C program using only @goto@ and labels.
+The innermost loop has seven exit points, which cause a continuation or termination of one or more of the seven nested control structures.
 
 \begin{figure}
+\fontsize{9bp}{11bp}\selectfont
 \lstDeleteShortInline@%
 \begin{tabular}{@{\hspace{\parindentlnth}}l|@{\hspace{\parindentlnth}}l@{\hspace{\parindentlnth}}l@{}}
@@ -1336 +1370 @@
 \end{tabular}
 \lstMakeShortInline@%
-\caption{Multi-level Exit}
+\caption{Multilevel exit}
 \label{f:MultiLevelExit}
+\vspace*{-5pt}
 \end{figure}
 
-With respect to safety, both labelled @continue@ and @break@ are a @goto@ restricted in the following ways:
-\begin{itemize}
+With respect to safety, both labeled @continue@ and @break@ are @goto@ restricted in the following ways.
+\begin{list}{$\bullet$}{\topsep=4pt\itemsep=0pt\parsep=0pt}
 \item
 They cannot create a loop, which means only the looping constructs cause looping.
@@ -1347 +1382 @@
 \item
 They cannot branch into a control structure.
-This restriction prevents missing declarations and/or initializations at the start of a control structure resulting in undefined behaviour.
-\end{itemize}
-The advantage of the labelled @continue@/@break@ is allowing static multi-level exits without having to use the @goto@ statement, and tying control flow to the target control structure rather than an arbitrary point in a program.
-Furthermore, the location of the label at the \emph{beginning} of the target control structure informs the reader (eye candy) that complex control-flow is occurring in the body of the control structure.
+This restriction prevents missing declarations and/or initializations at the start of a control structure resulting in an undefined behavior.
+\end{list}
+The advantage of the labeled @continue@/@break@ is allowing static multilevel exits without having to use the @goto@ statement and tying control flow to the target control structure rather than an arbitrary point in a program.
+Furthermore, the location of the label at the \emph{beginning} of the target control structure informs the reader (eye candy) that complex control flow is
+occurring in the body of the control structure.
 With @goto@, the label is at the end of the control structure, which fails to convey this important clue early enough to the reader.
-Finally, using an explicit target for the transfer instead of an implicit target allows new constructs to be added or removed without affecting existing constructs.
+Finally, using an explicit target for the transfer instead of an implicit target allows new constructs to be added or removed without affecting the existing constructs.
 Otherwise, the implicit targets of the current @continue@ and @break@, \ie the closest enclosing loop or @switch@, change as certain constructs are added or removed.
 
 
-\subsection{Exception Handling}
-
-The following framework for \CFA exception-handling is in place, excluding some runtime type-information and virtual functions.
+\vspace*{-5pt}
+\subsection{Exception handling}
+
+The following framework for \CFA exception handling is in place, excluding some runtime type information and virtual functions.
 \CFA provides two forms of exception handling: \newterm{fix-up} and \newterm{recovery} (see Figure~\ref{f:CFAExceptionHandling})~\cite{Buhr92b,Buhr00a}.
-Both mechanisms provide dynamic call to a handler using dynamic name-lookup, where fix-up has dynamic return and recovery has static return from the handler.
+Both mechanisms provide dynamic call to a handler using dynamic name lookup, where fix-up has dynamic return and recovery has static return from the handler.
 \CFA restricts exception types to those defined by aggregate type @exception@.
 The form of the raise dictates the set of handlers examined during propagation: \newterm{resumption propagation} (@resume@) only examines resumption handlers (@catchResume@); \newterm{terminating propagation} (@throw@) only examines termination handlers (@catch@).
-If @resume@ or @throw@ have no exception type, it is a reresume/rethrow, meaning the currently exception continues propagation.
+If @resume@ or @throw@ has no exception type, it is a reresume/rethrow, which means that the current exception continues propagation.
 If there is no current exception, the reresume/rethrow results in a runtime error.
 
 \begin{figure}
+\fontsize{9bp}{11bp}\selectfont
+\lstDeleteShortInline@%
 \begin{cquote}
-\lstDeleteShortInline@%
 \begin{tabular}{@{}l|@{\hspace{\parindentlnth}}l@{}}
 \multicolumn{1}{@{}c|@{\hspace{\parindentlnth}}}{\textbf{Resumption}}   & \multicolumn{1}{c@{}}{\textbf{Termination}}   \\
@@ -1399 +1437 @@
 \end{cfa}
 \end{tabular}
-\lstMakeShortInline@%
 \end{cquote}
-\caption{\CFA Exception Handling}
+\lstMakeShortInline@%
+\caption{\CFA exception handling}
 \label{f:CFAExceptionHandling}
+\vspace*{-5pt}
 \end{figure}
 
-The set of exception types in a list of catch clause may include both a resumption and termination handler:
+The set of exception types in a list of catch clauses may include both a resumption and a termination handler.
 \begin{cfa}
 try {
@@ -1419 +1458 @@
 The termination handler is available because the resumption propagation did not unwind the stack.
 
-An additional feature is conditional matching in a catch clause:
+An additional feature is conditional matching in a catch clause.
 \begin{cfa}
 try {
@@ -1428 +1467 @@
    catch ( IOError err ) { ... }                        $\C{// handler error from other files}$
 \end{cfa}
-where the throw inserts the failing file-handle into the I/O exception.
-Conditional catch cannot be trivially mimicked by other mechanisms because once an exception is caught, handler clauses in that @try@ statement are no longer eligible..
-
-The resumption raise can specify an alternate stack on which to raise an exception, called a \newterm{nonlocal raise}:
+Here, the throw inserts the failing file handle into the I/O exception.
+Conditional catch cannot be trivially mimicked by other mechanisms because once an exception is caught, handler clauses in that @try@ statement are no longer eligible.
+
+The resumption raise can specify an alternate stack on which to raise an exception, called a \newterm{nonlocal raise}.
 \begin{cfa}
 resume( $\emph{exception-type}$, $\emph{alternate-stack}$ )
@@ -1439 +1478 @@
 Nonlocal raise is restricted to resumption to provide the exception handler the greatest flexibility because processing the exception does not unwind its stack, allowing it to continue after the handler returns.
 
-To facilitate nonlocal raise, \CFA provides dynamic enabling and disabling of nonlocal exception-propagation.
-The constructs for controlling propagation of nonlocal exceptions are the @enable@ and the @disable@ blocks:
+To facilitate nonlocal raise, \CFA provides dynamic enabling and disabling of nonlocal exception propagation.
+The constructs for controlling propagation of nonlocal exceptions are the @enable@ and @disable@ blocks.
 \begin{cquote}
 \lstDeleteShortInline@%
@@ -1446 +1485 @@
 \begin{cfa}
 enable $\emph{exception-type-list}$ {
-        // allow non-local raise
+        // allow nonlocal raise
 }
 \end{cfa}
@@ -1452 +1491 @@
 \begin{cfa}
 disable $\emph{exception-type-list}$ {
-        // disallow non-local raise
+        // disallow nonlocal raise
 }
 \end{cfa}
@@ -1460 +1499 @@
 The arguments for @enable@/@disable@ specify the exception types allowed to be propagated or postponed, respectively.
 Specifying no exception type is shorthand for specifying all exception types.
-Both @enable@ and @disable@ blocks can be nested, turning propagation on/off on entry, and on exit, the specified exception types are restored to their prior state.
-Coroutines and tasks start with non-local exceptions disabled, allowing handlers to be put in place, before non-local exceptions are explicitly enabled.
+Both @enable@ and @disable@ blocks can be nested;
+turning propagation on/off on entry and on exit, the specified exception types are restored to their prior state.
+Coroutines and tasks start with nonlocal exceptions disabled, allowing handlers to be put in place, before nonlocal exceptions are explicitly enabled.
 \begin{cfa}
 void main( mytask & t ) {                                       $\C{// thread starts here}$
-        // non-local exceptions disabled
-        try {                                                                   $\C{// establish handles for non-local exceptions}$
-                enable {                                                        $\C{// allow non-local exception delivery}$
+        // nonlocal exceptions disabled
+        try {                                                                   $\C{// establish handles for nonlocal exceptions}$
+                enable {                                                        $\C{// allow nonlocal exception delivery}$
                         // task body
                 }
@@ -1474 +1514 @@
 \end{cfa}
 
-Finally, \CFA provides a Java like  @finally@ clause after the catch clauses:
+Finally, \CFA provides a Java-like  @finally@ clause after the catch clauses.
 \begin{cfa}
 try {
@@ -1483 +1523 @@
 }
 \end{cfa}
-The finally clause is always executed, i.e., if the try block ends normally or if an exception is raised.
+The finally clause is always executed, \ie, if the try block ends normally or if an exception is raised.
 If an exception is raised and caught, the handler is run before the finally clause.
 Like a destructor (see Section~\ref{s:ConstructorsDestructors}), a finally clause can raise an exception but not if there is an exception being propagated.
-Mimicking the @finally@ clause with mechanisms like RAII is non-trivial when there are multiple types and local accesses.
-
-
-\subsection{\texorpdfstring{\protect\lstinline{with} Statement}{with Statement}}
+Mimicking the @finally@ clause with mechanisms like Resource Aquisition Is Initialization (RAII) is nontrivial when there are multiple types and local accesses.
+
+
+\subsection{\texorpdfstring{\protect\lstinline{with} statement}{with statement}}
 \label{s:WithStatement}
 
-Heterogeneous data is often aggregated into a structure/union.
-To reduce syntactic noise, \CFA provides a @with@ statement (see Pascal~\cite[\S~4.F]{Pascal}) to elide aggregate member-qualification by opening a scope containing the member identifiers.
+Heterogeneous data are often aggregated into a structure/union.
+To reduce syntactic noise, \CFA provides a @with@ statement (see section~4.F in the Pascal User Manual and Report~\cite{Pascal}) to elide aggregate member qualification by opening a scope containing the member identifiers.
 \begin{cquote}
 \vspace*{-\baselineskip}%???
@@ -1521 +1561 @@
 Object-oriented programming languages only provide implicit qualification for the receiver.
 
-In detail, the @with@ statement has the form:
+In detail, the @with@ statement has the form
 \begin{cfa}
 $\emph{with-statement}$:
@@ -1527 +1567 @@
 \end{cfa}
 and may appear as the body of a function or nested within a function body.
-Each expression in the expression-list provides a type and object.
+Each expression in the expression list provides a type and object.
 The type must be an aggregate type.
 (Enumerations are already opened.)
-The object is the implicit qualifier for the open structure-members.
+The object is the implicit qualifier for the open structure members.
 
 All expressions in the expression list are open in parallel within the compound statement, which is different from Pascal, which nests the openings from left to right.
-The difference between parallel and nesting occurs for members with the same name and type:
+The difference between parallel and nesting occurs for members with the same name and type.
 \begin{cfa}
 struct S { int `i`; int j; double m; } s, w;    $\C{// member i has same type in structure types S and T}$
@@ -1547 +1587 @@
 }
 \end{cfa}
-For parallel semantics, both @s.i@ and @t.i@ are visible, so @i@ is ambiguous without qualification;
-for nested semantics, @t.i@ hides @s.i@, so @i@ implies @t.i@.
+For parallel semantics, both @s.i@ and @t.i@ are visible and, therefore, @i@ is ambiguous without qualification;
+for nested semantics, @t.i@ hides @s.i@ and, therefore, @i@ implies @t.i@.
 \CFA's ability to overload variables means members with the same name but different types are automatically disambiguated, eliminating most qualification when opening multiple aggregates.
 Qualification or a cast is used to disambiguate.
 
-There is an interesting problem between parameters and the function-body @with@, \eg:
+There is an interesting problem between parameters and the function body @with@.
 \begin{cfa}
 void ?{}( S & s, int i ) with ( s ) {           $\C{// constructor}$
@@ -1558 +1598 @@
 }
 \end{cfa}
-Here, the assignment @s.i = i@ means @s.i = s.i@, which is meaningless, and there is no mechanism to qualify the parameter @i@, making the assignment impossible using the function-body @with@.
-To solve this problem, parameters are treated like an initialized aggregate:
+Here, the assignment @s.i = i@ means @s.i = s.i@, which is meaningless, and there is no mechanism to qualify the parameter @i@, making the assignment impossible using the function body @with@.
+To solve this problem, parameters are treated like an initialized aggregate
 \begin{cfa}
 struct Params {
@@ -1566 +1606 @@
 } params;
 \end{cfa}
-and implicitly opened \emph{after} a function-body open, to give them higher priority:
+\newpage
+and implicitly opened \emph{after} a function body open, to give them higher priority
 \begin{cfa}
 void ?{}( S & s, int `i` ) with ( s ) `{` `with( $\emph{\color{red}params}$ )` {
@@ -1572 +1613 @@
 } `}`
 \end{cfa}
-Finally, a cast may be used to disambiguate among overload variables in a @with@ expression:
+Finally, a cast may be used to disambiguate among overload variables in a @with@ expression
 \begin{cfa}
 with ( w ) { ... }                                                      $\C{// ambiguous, same name and no context}$
 with ( (S)w ) { ... }                                           $\C{// unambiguous, cast}$
 \end{cfa}
-and @with@ expressions may be complex expressions with type reference (see Section~\ref{s:References}) to aggregate:
+and @with@ expressions may be complex expressions with type reference (see Section~\ref{s:References}) to aggregate
 \begin{cfa}
 struct S { int i, j; } sv;
@@ -1601 +1642 @@
 \CFA attempts to correct and add to C declarations, while ensuring \CFA subjectively ``feels like'' C.
 An important part of this subjective feel is maintaining C's syntax and procedural paradigm, as opposed to functional and object-oriented approaches in other systems languages such as \CC and Rust.
-Maintaining the C approach means that C coding-patterns remain not only useable but idiomatic in \CFA, reducing the mental burden of retraining C programmers and switching between C and \CFA development.
+Maintaining the C approach means that C coding patterns remain not only useable but idiomatic in \CFA, reducing the mental burden of retraining C programmers and switching between C and \CFA development.
 Nevertheless, some features from other approaches are undeniably convenient;
 \CFA attempts to adapt these features to the C paradigm.
 
 
-\subsection{Alternative Declaration Syntax}
+\subsection{Alternative declaration syntax}
 
 C declaration syntax is notoriously confusing and error prone.
-For example, many C programmers are confused by a declaration as simple as:
+For example, many C programmers are confused by a declaration as simple as the following.
 \begin{cquote}
 \lstDeleteShortInline@%
@@ -1621 +1662 @@
 \lstMakeShortInline@%
 \end{cquote}
-Is this an array of 5 pointers to integers or a pointer to an array of 5 integers?
+Is this an array of five pointers to integers or a pointer to an array of five integers?
 If there is any doubt, it implies productivity and safety issues even for basic programs.
 Another example of confusion results from the fact that a function name and its parameters are embedded within the return type, mimicking the way the return value is used at the function's call site.
-For example, a function returning a pointer to an array of integers is defined and used in the following way:
+For example, a function returning a pointer to an array of integers is defined and used in the following way.
 \begin{cfa}
 int `(*`f`())[`5`]` {...};                                      $\C{// definition}$
@@ -1632 +1673 @@
 While attempting to make the two contexts consistent is a laudable goal, it has not worked out in practice.
 
-\CFA provides its own type, variable and function declarations, using a different syntax~\cite[pp.~856--859]{Buhr94a}.
-The new declarations place qualifiers to the left of the base type, while C declarations place qualifiers to the right.
+\newpage
+\CFA provides its own type, variable, and function declarations, using a different syntax~\cite[pp.~856--859]{Buhr94a}.
+The new declarations place qualifiers to the left of the base type, whereas C declarations place qualifiers to the right.
 The qualifiers have the same meaning but are ordered left to right to specify a variable's type.
 \begin{cquote}
@@ -1659 +1701 @@
 \lstMakeShortInline@%
 \end{cquote}
-The only exception is bit-field specification, which always appear to the right of the base type.
+The only exception is bit-field specification, which always appears to the right of the base type.
 % Specifically, the character @*@ is used to indicate a pointer, square brackets @[@\,@]@ are used to represent an array or function return value, and parentheses @()@ are used to indicate a function parameter.
 However, unlike C, \CFA type declaration tokens are distributed across all variables in the declaration list.
-For instance, variables @x@ and @y@ of type pointer to integer are defined in \CFA as follows:
+For instance, variables @x@ and @y@ of type pointer to integer are defined in \CFA as
 \begin{cquote}
 \lstDeleteShortInline@%
@@ -1725 +1767 @@
 \end{comment}
 
-All specifiers (@extern@, @static@, \etc) and qualifiers (@const@, @volatile@, \etc) are used in the normal way with the new declarations and also appear left to right, \eg:
+All specifiers (@extern@, @static@, \etc) and qualifiers (@const@, @volatile@, \etc) are used in the normal way with the new declarations and also appear left to right.
 \begin{cquote}
 \lstDeleteShortInline@%
 \begin{tabular}{@{}l@{\hspace{2\parindentlnth}}l@{\hspace{2\parindentlnth}}l@{}}
 \multicolumn{1}{@{}c@{\hspace{2\parindentlnth}}}{\textbf{\CFA}} & \multicolumn{1}{c@{\hspace{2\parindentlnth}}}{\textbf{C}}     \\
-\begin{cfa}
+\begin{cfa}[basicstyle=\linespread{0.9}\fontsize{9bp}{12bp}\selectfont\sf]
 extern const * const int x;
 static const * [5] const int y;
 \end{cfa}
 &
-\begin{cfa}
+\begin{cfa}[basicstyle=\linespread{0.9}\fontsize{9bp}{12bp}\selectfont\sf]
 int extern const * const x;
 static const int (* const y)[5]
 \end{cfa}
 &
-\begin{cfa}
+\begin{cfa}[basicstyle=\linespread{0.9}\fontsize{9bp}{12bp}\selectfont\sf]
 // external const pointer to const int
 // internal const pointer to array of 5 const int
@@ -1748 +1790 @@
 \end{cquote}
 Specifiers must appear at the start of a \CFA function declaration\footnote{\label{StorageClassSpecifier}
-The placement of a storage-class specifier other than at the beginning of the declaration specifiers in a declaration is an obsolescent feature.~\cite[\S~6.11.5(1)]{C11}}.
+The placement of a storage-class specifier other than at the beginning of the declaration specifiers in a declaration is an obsolescent feature (see section~6.11.5(1) in ISO/IEC 9899~\cite{C11}).}.
 
 The new declaration syntax can be used in other contexts where types are required, \eg casts and the pseudo-function @sizeof@:
@@ -1769 +1811 @@
 
 The syntax of the new function-prototype declaration follows directly from the new function-definition syntax;
-as well, parameter names are optional, \eg:
+also, parameter names are optional.
 \begin{cfa}
 [ int x ] f ( /* void */ );             $\C[2.5in]{// returning int with no parameters}$
@@ -1777 +1819 @@
 [ * int, int ] j ( int );               $\C{// returning pointer to int and int with int parameter}$
 \end{cfa}
-This syntax allows a prototype declaration to be created by cutting and pasting source text from the function-definition header (or vice versa).
-Like C, it is possible to declare multiple function-prototypes in a single declaration, where the return type is distributed across \emph{all} function names in the declaration list, \eg:
+This syntax allows a prototype declaration to be created by cutting and pasting the source text from the function-definition header (or vice versa).
+Like C, it is possible to declare multiple function prototypes in a single declaration, where the return type is distributed across \emph{all} function names in the declaration list.
 \begin{cquote}
 \lstDeleteShortInline@%
@@ -1793 +1835 @@
 \lstMakeShortInline@%
 \end{cquote}
-where \CFA allows the last function in the list to define its body.
-
-The syntax for pointers to \CFA functions specifies the pointer name on the right, \eg:
+Here, \CFA allows the last function in the list to define its body.
+
+The syntax for pointers to \CFA functions specifies the pointer name on the right.
 \begin{cfa}
 * [ int x ] () fp;                              $\C{// pointer to function returning int with no parameters}$
@@ -1802 +1844 @@
 * [ * int, int ] ( int ) jp;    $\C{// pointer to function returning pointer to int and int with int parameter}\CRT$
 \end{cfa}
-Note, the name of the function pointer is specified last, as for other variable declarations.
-
-Finally, new \CFA declarations may appear together with C declarations in the same program block, but cannot be mixed within a specific declaration.
-Therefore, a programmer has the option of either continuing to use traditional C declarations or take advantage of the new style.
-Clearly, both styles need to be supported for some time due to existing C-style header-files, particularly for UNIX-like systems.
+\newpage
+\noindent
+Note that the name of the function pointer is specified last, as for other variable declarations.
+
+Finally, new \CFA declarations may appear together with C declarations in the same program block but cannot be mixed within a specific declaration.
+Therefore, a programmer has the option of either continuing to use traditional C declarations or taking advantage of the new style.
+Clearly, both styles need to be supported for some time due to existing C-style header files, particularly for UNIX-like systems.
 
 
@@ -1814 +1858 @@
 All variables in C have an \newterm{address}, a \newterm{value}, and a \newterm{type};
 at the position in the program's memory denoted by the address, there exists a sequence of bits (the value), with the length and semantic meaning of this bit sequence defined by the type.
-The C type-system does not always track the relationship between a value and its address;
-a value that does not have a corresponding address is called a \newterm{rvalue} (for ``right-hand value''), while a value that does have an address is called a \newterm{lvalue} (for ``left-hand value'').
-For example, in @int x; x = 42;@ the variable expression @x@ on the left-hand-side of the assignment is a lvalue, while the constant expression @42@ on the right-hand-side of the assignment is a rvalue.
-Despite the nomenclature of ``left-hand'' and ``right-hand'', an expression's classification as lvalue or rvalue is entirely dependent on whether it has an address or not; in imperative programming, the address of a value is used for both reading and writing (mutating) a value, and as such, lvalues can be converted to rvalues and read from, but rvalues cannot be mutated because they lack a location to store the updated value.
+The C type system does not always track the relationship between a value and its address;
+a value that does not have a corresponding address is called an \newterm{rvalue} (for ``right-hand value''), whereas a value that does have an address is called an \newterm{lvalue} (for ``left-hand value'').
+For example, in @int x; x = 42;@ the variable expression @x@ on the left-hand side of the assignment is an lvalue, whereas the constant expression @42@ on the right-hand side of the assignment is an rvalue.
+Despite the nomenclature of ``left-hand'' and ``right-hand'', an expression's classification as an lvalue or an rvalue is entirely dependent on whether it has an address or not; in imperative programming, the address of a value is used for both reading and writing (mutating) a value, and as such, lvalues can be converted into rvalues and read from, but rvalues cannot be mutated because they lack a location to store the updated value.
 
 Within a lexical scope, lvalue expressions have an \newterm{address interpretation} for writing a value or a \newterm{value interpretation} to read a value.
-For example, in @x = y@, @x@ has an address interpretation, while @y@ has a value interpretation.
+For example, in @x = y@, @x@ has an address interpretation, whereas @y@ has a value interpretation.
 While this duality of interpretation is useful, C lacks a direct mechanism to pass lvalues between contexts, instead relying on \newterm{pointer types} to serve a similar purpose.
 In C, for any type @T@ there is a pointer type @T *@, the value of which is the address of a value of type @T@.
-A pointer rvalue can be explicitly \newterm{dereferenced} to the pointed-to lvalue with the dereference operator @*?@, while the rvalue representing the address of a lvalue can be obtained with the address-of operator @&?@.
-
+A pointer rvalue can be explicitly \newterm{dereferenced} to the pointed-to lvalue with the dereference operator @*?@, whereas the rvalue representing the address of an lvalue can be obtained with the address-of operator @&?@.
 \begin{cfa}
 int x = 1, y = 2, * p1, * p2, ** p3;
@@ -1832 +1875 @@
 *p2 = ((*p1 + *p2) * (**p3 - *p1)) / (**p3 - 15);
 \end{cfa}
-
 Unfortunately, the dereference and address-of operators introduce a great deal of syntactic noise when dealing with pointed-to values rather than pointers, as well as the potential for subtle bugs because of pointer arithmetic.
 For both brevity and clarity, it is desirable for the compiler to figure out how to elide the dereference operators in a complex expression such as the assignment to @*p2@ above.
-However, since C defines a number of forms of \newterm{pointer arithmetic}, two similar expressions involving pointers to arithmetic types (\eg @*p1 + x@ and @p1 + x@) may each have well-defined but distinct semantics, introducing the possibility that a programmer may write one when they mean the other, and precluding any simple algorithm for elision of dereference operators.
+However, since C defines a number of forms of \newterm{pointer arithmetic}, two similar expressions involving pointers to arithmetic types (\eg @*p1 + x@ and @p1 + x@) may each have well-defined but distinct semantics, introducing the possibility that a programmer may write one when they mean the other and precluding any simple algorithm for elision of dereference operators.
 To solve these problems, \CFA introduces reference types @T &@;
-a @T &@ has exactly the same value as a @T *@, but where the @T *@ takes the address interpretation by default, a @T &@ takes the value interpretation by default, as below:
-
+a @T &@ has exactly the same value as a @T *@, but where the @T *@ takes the address interpretation by default, a @T &@ takes the value interpretation by default, as below.
 \begin{cfa}
 int x = 1, y = 2, & r1, & r2, && r3;
@@ -1846 +1887 @@
 r2 = ((r1 + r2) * (r3 - r1)) / (r3 - 15);       $\C{// implicit dereferencing}$
 \end{cfa}
-
 Except for auto-dereferencing by the compiler, this reference example is exactly the same as the previous pointer example.
-Hence, a reference behaves like a variable name -- an lvalue expression which is interpreted as a value -- but also has the type system track the address of that value.
-One way to conceptualize a reference is via a rewrite rule, where the compiler inserts a dereference operator before the reference variable for each reference qualifier in the reference variable declaration, so the previous example implicitly acts like:
-
+Hence, a reference behaves like a variable name---an lvalue expression that is interpreted as a value---but also has the type system track the address of that value.
+One way to conceptualize a reference is via a rewrite rule, where the compiler inserts a dereference operator before the reference variable for each reference qualifier in the reference variable declaration;
+thus, the previous example implicitly acts like the following.
 \begin{cfa}
 `*`r2 = ((`*`r1 + `*`r2) * (`**`r3 - `*`r1)) / (`**`r3 - 15);
 \end{cfa}
-
 References in \CFA are similar to those in \CC, with important improvements, which can be seen in the example above.
 Firstly, \CFA does not forbid references to references.
-This provides a much more orthogonal design for library implementors, obviating the need for workarounds such as @std::reference_wrapper@.
+This provides a much more orthogonal design for library \mbox{implementors}, obviating the need for workarounds such as @std::reference_wrapper@.
 Secondly, \CFA references are rebindable, whereas \CC references have a fixed address.
-Rebinding allows \CFA references to be default-initialized (\eg to a null pointer\footnote{
-While effort has been made into non-null reference checking in \CC and Java, the exercise seems moot for any non-managed languages (C/\CC), given that it only handles one of many different error situations, \eg using a pointer after its storage is deleted.}) and point to different addresses throughout their lifetime, like pointers.
+Rebinding allows \CFA references to be default initialized (\eg to a null pointer\footnote{
+While effort has been made into non-null reference checking in \CC and Java, the exercise seems moot for any nonmanaged languages (C/\CC), given that it only handles one of many different error situations, \eg using a pointer after its storage is deleted.}) and point to different addresses throughout their lifetime, like pointers.
 Rebinding is accomplished by extending the existing syntax and semantics of the address-of operator in C.
 
-In C, the address of a lvalue is always a rvalue, as in general that address is not stored anywhere in memory, and does not itself have an address.
-In \CFA, the address of a @T &@ is a lvalue @T *@, as the address of the underlying @T@ is stored in the reference, and can thus be mutated there.
+In C, the address of an lvalue is always an rvalue, as, in general, that address is not stored anywhere in memory and does not itself have an address.
+In \CFA, the address of a @T &@ is an lvalue @T *@, as the address of the underlying @T@ is stored in the reference and can thus be mutated there.
 The result of this rule is that any reference can be rebound using the existing pointer assignment semantics by assigning a compatible pointer into the address of the reference, \eg @&r1 = &x;@ above.
 This rebinding occurs to an arbitrary depth of reference nesting;
 loosely speaking, nested address-of operators produce a nested lvalue pointer up to the depth of the reference. 
 These explicit address-of operators can be thought of as ``cancelling out'' the implicit dereference operators, \eg @(&`*`)r1 = &x@ or @(&(&`*`)`*`)r3 = &(&`*`)r1@ or even @(&`*`)r2 = (&`*`)`*`r3@ for @&r2 = &r3@.
-More precisely:
+The precise rules are
 \begin{itemize}
 \item
-if @R@ is an rvalue of type {@T &@$_1 \cdots$@ &@$_r$} where $r \ge 1$ references (@&@ symbols) then @&R@ has type {@T `*`&@$_{\color{red}2} \cdots$@ &@$_{\color{red}r}$}, \\ \ie @T@ pointer with $r-1$ references (@&@ symbols).
-        
+If @R@ is an rvalue of type @T &@$_1\cdots$ @&@$_r$, where $r \ge 1$ references (@&@ symbols), than @&R@ has type @T `*`&@$_{\color{red}2}\cdots$ @&@$_{\color{red}r}$, \ie @T@ pointer with $r-1$ references (@&@ symbols).
 \item
-if @L@ is an lvalue of type {@T &@$_1 \cdots$@ &@$_l$} where $l \ge 0$ references (@&@ symbols) then @&L@ has type {@T `*`&@$_{\color{red}1} \cdots$@ &@$_{\color{red}l}$}, \\ \ie @T@ pointer with $l$ references (@&@ symbols).
+If @L@ is an lvalue of type @T &@$_1\cdots$ @&@$_l$, where $l \ge 0$ references (@&@ symbols), than @&L@ has type @T `*`&@$_{\color{red}1}\cdots$ @&@$_{\color{red}l}$, \ie @T@ pointer with $l$ references (@&@ symbols).
 \end{itemize}
-Since pointers and references share the same internal representation, code using either is equally performant; in fact the \CFA compiler converts references to pointers internally, and the choice between them is made solely on convenience, \eg many pointer or value accesses.
+Since pointers and references share the same internal representation, code using either is equally performant;
+in fact, the \CFA compiler converts references into pointers internally, and the choice between them is made solely on convenience, \eg many pointer or value accesses.
 
 By analogy to pointers, \CFA references also allow cv-qualifiers such as @const@:
@@ -1892 +1931 @@
 There are three initialization contexts in \CFA: declaration initialization, argument/parameter binding, and return/temporary binding.
 In each of these contexts, the address-of operator on the target lvalue is elided.
-The syntactic motivation is clearest when considering overloaded operator-assignment, \eg @int ?+=?(int &, int)@; given @int x, y@, the expected call syntax is @x += y@, not @&x += y@.
-
-More generally, this initialization of references from lvalues rather than pointers is an instance of a ``lvalue-to-reference'' conversion rather than an elision of the address-of operator;
+The syntactic motivation is clearest when considering overloaded operator assignment, \eg @int ?+=?(int &, int)@; given @int x, y@, the expected call syntax is @x += y@, not @&x += y@.
+
+More generally, this initialization of references from lvalues rather than pointers is an instance of an ``lvalue-to-reference'' conversion rather than an elision of the address-of operator;
 this conversion is used in any context in \CFA where an implicit conversion is allowed.
-Similarly, use of a the value pointed to by a reference in an rvalue context can be thought of as a ``reference-to-rvalue'' conversion, and \CFA also includes a qualifier-adding ``reference-to-reference'' conversion, analogous to the @T *@ to @const T *@ conversion in standard C.
-The final reference conversion included in \CFA is ``rvalue-to-reference'' conversion, implemented by means of an implicit temporary.
+Similarly, use of the value pointed to by a reference in an rvalue context can be thought of as a ``reference-to-rvalue'' conversion, and \CFA also includes a qualifier-adding ``reference-to-reference'' conversion, analogous to the @T *@ to @const T *@ conversion in standard C.
+The final reference conversion included in \CFA is an ``rvalue-to-reference'' conversion, implemented by means of an implicit temporary.
 When an rvalue is used to initialize a reference, it is instead used to initialize a hidden temporary value with the same lexical scope as the reference, and the reference is initialized to the address of this temporary.
 \begin{cfa}
@@ -1905 +1944 @@
 f( 3, x + y, (S){ 1.0, 7.0 }, (int [3]){ 1, 2, 3 } ); $\C{// pass rvalue to lvalue \(\Rightarrow\) implicit temporary}$
 \end{cfa}
-This allows complex values to be succinctly and efficiently passed to functions, without the syntactic overhead of explicit definition of a temporary variable or the runtime cost of pass-by-value.
-\CC allows a similar binding, but only for @const@ references; the more general semantics of \CFA are an attempt to avoid the \newterm{const poisoning} problem~\cite{Taylor10}, in which addition of a @const@ qualifier to one reference requires a cascading chain of added qualifiers.
-
-
-\subsection{Type Nesting}
-
-Nested types provide a mechanism to organize associated types and refactor a subset of members into a named aggregate (\eg sub-aggregates @name@, @address@, @department@, within aggregate @employe@).
-Java nested types are dynamic (apply to objects), \CC are static (apply to the \lstinline[language=C++]@class@), and C hoists (refactors) nested types into the enclosing scope, meaning there is no need for type qualification.
-Since \CFA in not object-oriented, adopting dynamic scoping does not make sense;
-instead \CFA adopts \CC static nesting, using the member-selection operator ``@.@'' for type qualification, as does Java, rather than the \CC type-selection operator ``@::@'' (see Figure~\ref{f:TypeNestingQualification}).
+This allows complex values to be succinctly and efficiently passed to functions, without the syntactic overhead of the explicit definition of a temporary variable or the runtime cost of pass-by-value.
+\CC allows a similar binding, but only for @const@ references; the more general semantics of \CFA are an attempt to avoid the \newterm{const poisoning} problem~\cite{Taylor10}, in which the addition of a @const@ qualifier to one reference requires a cascading chain of added qualifiers.
+
+
+\subsection{Type nesting}
+
+Nested types provide a mechanism to organize associated types and refactor a subset of members into a named aggregate (\eg subaggregates @name@, @address@, @department@, within aggregate @employe@).
+Java nested types are dynamic (apply to objects), \CC are static (apply to the \lstinline[language=C++]@class@), and C hoists (refactors) nested types into the enclosing scope, which means there is no need for type qualification.
+Since \CFA in not object oriented, adopting dynamic scoping does not make sense;
+instead, \CFA adopts \CC static nesting, using the member-selection operator ``@.@'' for type qualification, as does Java, rather than the \CC type-selection operator ``@::@'' (see Figure~\ref{f:TypeNestingQualification}).
+In the C left example, types @C@, @U@ and @T@ are implicitly hoisted outside of type @S@ into the containing block scope.
+In the \CFA right example, the types are not hoisted and accessible.
+
 \begin{figure}
 \centering
+\fontsize{9bp}{11bp}\selectfont\sf
 \lstDeleteShortInline@%
 \begin{tabular}{@{}l@{\hspace{3em}}l|l@{}}
@@ -1978 +2021 @@
 \end{tabular}
 \lstMakeShortInline@%
-\caption{Type Nesting / Qualification}
+\caption{Type nesting / qualification}
 \label{f:TypeNestingQualification}
+\vspace*{-8pt}
 \end{figure}
-In the C left example, types @C@, @U@ and @T@ are implicitly hoisted outside of type @S@ into the containing block scope.
-In the \CFA right example, the types are not hoisted and accessible.
-
-
-\subsection{Constructors and Destructors}
+
+
+\vspace*{-8pt}
+\subsection{Constructors and destructors}
 \label{s:ConstructorsDestructors}
 
-One of the strengths (and weaknesses) of C is memory-management control, allowing resource release to be precisely specified versus unknown release with garbage-collected memory-management.
+One of the strengths (and weaknesses) of C is memory-management control, allowing resource release to be precisely specified versus unknown release with garbage-collected memory management.
 However, this manual approach is verbose, and it is useful to manage resources other than memory (\eg file handles) using the same mechanism as memory.
-\CC addresses these issues using Resource Aquisition Is Initialization (RAII), implemented by means of \newterm{constructor} and \newterm{destructor} functions;
+\CC addresses these issues using RAII, implemented by means of \newterm{constructor} and \newterm{destructor} functions;
 \CFA adopts constructors and destructors (and @finally@) to facilitate RAII.
-While constructors and destructors are a common feature of object-oriented programming-languages, they are an independent capability allowing \CFA to adopt them while retaining a procedural paradigm.
-Specifically, \CFA constructors and destructors are denoted by name and first parameter-type versus name and nesting in an aggregate type.
+While constructors and destructors are a common feature of object-oriented programming languages, they are an independent capability allowing \CFA to adopt them while retaining a procedural paradigm.
+Specifically, \CFA constructors and destructors are denoted by name and first parameter type versus name and nesting in an aggregate type.
 Constructor calls seamlessly integrate with existing C initialization syntax, providing a simple and familiar syntax to C programmers and allowing constructor calls to be inserted into legacy C code with minimal code changes.
 
@@ -2002 +2045 @@
 The constructor and destructor have return type @void@, and the first parameter is a reference to the object type to be constructed or destructed.
 While the first parameter is informally called the @this@ parameter, as in object-oriented languages, any variable name may be used.
-Both constructors and destructors allow additional parameters after the @this@ parameter for specifying values for initialization/de-initialization\footnote{
-Destruction parameters are useful for specifying storage-management actions, such as de-initialize but not deallocate.}.
-\begin{cfa}
+Both constructors and destructors allow additional parameters after the @this@ parameter for specifying values for initialization/deinitialization\footnote{
+Destruction parameters are useful for specifying storage-management actions, such as deinitialize but not deallocate.}.
+\begin{cfa}[basicstyle=\linespread{0.9}\fontsize{9bp}{11bp}\selectfont\sf]
 struct VLA { int size, * data; };                       $\C{// variable length array of integers}$
 void ?{}( VLA & vla ) with ( vla ) { size = 10;  data = alloc( size ); }  $\C{// default constructor}$
@@ -2013 +2056 @@
 \end{cfa}
 @VLA@ is a \newterm{managed type}\footnote{
-A managed type affects the runtime environment versus a self-contained type.}: a type requiring a non-trivial constructor or destructor, or with a member of a managed type. 
+A managed type affects the runtime environment versus a self-contained type.}: a type requiring a nontrivial constructor or destructor, or with a member of a managed type. 
 A managed type is implicitly constructed at allocation and destructed at deallocation to ensure proper interaction with runtime resources, in this case, the @data@ array in the heap. 
-For details of the code-generation placement of implicit constructor and destructor calls among complex executable statements see~\cite[\S~2.2]{Schluntz17}.
-
-\CFA also provides syntax for \newterm{initialization} and \newterm{copy}:
+For details of the code-generation placement of implicit constructor and destructor calls among complex executable statements, see section~2.2 in the work of Schlintz~\cite{Schluntz17}.
+
+\CFA also provides syntax for \newterm{initialization} and \newterm{copy}.
 \begin{cfa}
 void ?{}( VLA & vla, int size, char fill = '\0' ) {  $\C{// initialization}$
@@ -2026 +2069 @@
 }
 \end{cfa}
-(Note, the example is purposely simplified using shallow-copy semantics.)
-An initialization constructor-call has the same syntax as a C initializer, except the initialization values are passed as arguments to a matching constructor (number and type of paremeters).
+(Note that the example is purposely simplified using shallow-copy semantics.)
+An initialization constructor call has the same syntax as a C initializer, except that the initialization values are passed as arguments to a matching constructor (number and type of parameters).
 \begin{cfa}
 VLA va = `{` 20, 0 `}`,  * arr = alloc()`{` 5, 0 `}`; 
 \end{cfa}
-Note, the use of a \newterm{constructor expression} to initialize the storage from the dynamic storage-allocation.
+Note the use of a \newterm{constructor expression} to initialize the storage from the dynamic storage allocation.
 Like \CC, the copy constructor has two parameters, the second of which is a value parameter with the same type as the first parameter;
 appropriate care is taken to not recursively call the copy constructor when initializing the second parameter.
@@ -2037 +2080 @@
 \CFA constructors may be explicitly called, like Java, and destructors may be explicitly called, like \CC.
 Explicit calls to constructors double as a \CC-style \emph{placement syntax}, useful for construction of members in user-defined constructors and reuse of existing storage allocations.
-Like the other operators in \CFA, there is a concise syntax for constructor/destructor function calls:
+Like the other operators in \CFA, there is a concise syntax for constructor/destructor function calls.
 \begin{cfa}
 {
@@ -2053 +2096 @@
 To provide a uniform type interface for @otype@ polymorphism, the \CFA compiler automatically generates a default constructor, copy constructor, assignment operator, and destructor for all types. 
 These default functions can be overridden by user-generated versions. 
-For compatibility with the standard behaviour of C, the default constructor and destructor for all basic, pointer, and reference types do nothing, while the copy constructor and assignment operator are bitwise copies;
-if default zero-initialization is desired, the default constructors can be overridden. 
+For compatibility with the standard behavior of C, the default constructor and destructor for all basic, pointer, and reference types do nothing, whereas the copy constructor and assignment operator are bitwise copies;
+if default zero initialization is desired, the default constructors can be overridden. 
 For user-generated types, the four functions are also automatically generated. 
 @enum@ types are handled the same as their underlying integral type, and unions are also bitwise copied and no-op initialized and destructed. 
 For compatibility with C, a copy constructor from the first union member type is also defined.
-For @struct@ types, each of the four functions are implicitly defined to call their corresponding functions on each member of the struct. 
-To better simulate the behaviour of C initializers, a set of \newterm{member constructors} is also generated for structures. 
-A constructor is generated for each non-empty prefix of a structure's member-list to copy-construct the members passed as parameters and default-construct the remaining members.
+For @struct@ types, each of the four functions is implicitly defined to call their corresponding functions on each member of the struct. 
+To better simulate the behavior of C initializers, a set of \newterm{member constructors} is also generated for structures. 
+A constructor is generated for each nonempty prefix of a structure's member list to copy-construct the members passed as parameters and default-construct the remaining members.
 To allow users to limit the set of constructors available for a type, when a user declares any constructor or destructor, the corresponding generated function and all member constructors for that type are hidden from expression resolution;
-similarly, the generated default constructor is hidden upon declaration of any constructor. 
+similarly, the generated default constructor is hidden upon the declaration of any constructor. 
 These semantics closely mirror the rule for implicit declaration of constructors in \CC\cite[p.~186]{ANSI98:C++}.
 
-In some circumstance programmers may not wish to have implicit constructor and destructor generation and calls.
-In these cases, \CFA provides the initialization syntax \lstinline|S x `@=` {}|, and the object becomes unmanaged, so implicit constructor and destructor calls are not generated. 
+In some circumstance, programmers may not wish to have implicit constructor and destructor generation and calls.
+In these cases, \CFA provides the initialization syntax \lstinline|S x `@=` {}|, and the object becomes unmanaged;
+hence, implicit \mbox{constructor} and destructor calls are not generated. 
 Any C initializer can be the right-hand side of an \lstinline|@=| initializer, \eg \lstinline|VLA a @= { 0, 0x0 }|, with the usual C initialization semantics.
 The same syntax can be used in a compound literal, \eg \lstinline|a = (VLA)`@`{ 0, 0x0 }|, to create a C-style literal.
-The point of \lstinline|@=| is to provide a migration path from legacy C code to \CFA, by providing a mechanism to incrementally convert to implicit initialization.
+The point of \lstinline|@=| is to provide a migration path from legacy C code to \CFA, by providing a mechanism to incrementally convert into implicit initialization.
 
 
@@ -2077 +2121 @@
 \section{Literals}
 
-C already includes limited polymorphism for literals -- @0@ can be either an integer or a pointer literal, depending on context, while the syntactic forms of literals of the various integer and float types are very similar, differing from each other only in suffix.
-In keeping with the general \CFA approach of adding features while respecting the ``C-style'' of doing things, C's polymorphic constants and typed literal syntax are extended to interoperate with user-defined types, while maintaining a backwards-compatible semantics.
+C already includes limited polymorphism for literals---@0@ can be either an integer or a pointer literal, depending on context, whereas the syntactic forms of literals of the various integer and float types are very similar, differing from each other only in suffix.
+In keeping with the general \CFA approach of adding features while respecting the ``C style'' of doing things, C's polymorphic constants and typed literal syntax are extended to interoperate with user-defined types, while maintaining a backward-compatible semantics.
 
 A simple example is allowing the underscore, as in Ada, to separate prefixes, digits, and suffixes in all \CFA constants, \eg @0x`_`1.ffff`_`ffff`_`p`_`128`_`l@, where the underscore is also the standard separator in C identifiers.
-\CC uses a single quote as a separator but it is restricted among digits, precluding its use in the literal prefix or suffix, \eg @0x1.ffff@@`'@@ffffp128l@, and causes problems with most IDEs, which must be extended to deal with this alternate use of the single quote.
+\CC uses a single quote as a separator, but it is restricted among digits, precluding its use in the literal prefix or suffix, \eg @0x1.ffff@@`'@@ffffp128l@, and causes problems with most integrated development environments (IDEs), which must be extended to deal with this alternate use of the single quote.
 
 
@@ -2124 +2168 @@
 
 In C, @0@ has the special property that it is the only ``false'' value;
-by the standard, any value that compares equal to @0@ is false, while any value that compares unequal to @0@ is true. 
-As such, an expression @x@ in any boolean context (such as the condition of an @if@ or @while@ statement, or the arguments to @&&@, @||@, or @?:@\,) can be rewritten as @x != 0@ without changing its semantics.
+by the standard, any value that compares equal to @0@ is false, whereas any value that compares unequal to @0@ is true. 
+As such, an expression @x@ in any Boolean context (such as the condition of an @if@ or @while@ statement, or the arguments to @&&@, @||@, or @?:@\,) can be rewritten as @x != 0@ without changing its semantics.
 Operator overloading in \CFA provides a natural means to implement this truth-value comparison for arbitrary types, but the C type system is not precise enough to distinguish an equality comparison with @0@ from an equality comparison with an arbitrary integer or pointer. 
 To provide this precision, \CFA introduces a new type @zero_t@ as the type of literal @0@ (somewhat analagous to @nullptr_t@ and @nullptr@ in \CCeleven);
@@ -2131 +2175 @@
 With this addition, \CFA rewrites @if (x)@ and similar expressions to @if ( (x) != 0 )@ or the appropriate analogue, and any type @T@ is ``truthy'' by defining an operator overload @int ?!=?( T, zero_t )@.
 \CC makes types truthy by adding a conversion to @bool@;
-prior to the addition of explicit cast operators in \CCeleven, this approach had the pitfall of making truthy types transitively convertable to any numeric type;
+prior to the addition of explicit cast operators in \CCeleven, this approach had the pitfall of making truthy types transitively convertible into any numeric type;
 \CFA avoids this issue.
 
@@ -2142 +2186 @@
 
 
-\subsection{User Literals}
+\subsection{User literals}
 
 For readability, it is useful to associate units to scale literals, \eg weight (stone, pound, kilogram) or time (seconds, minutes, hours).
-The left of Figure~\ref{f:UserLiteral} shows the \CFA alternative call-syntax (postfix: literal argument before function name), using the backquote, to convert basic literals into user literals.
+The left of Figure~\ref{f:UserLiteral} shows the \CFA alternative call syntax (postfix: literal argument before function name), using the backquote, to convert basic literals into user literals.
 The backquote is a small character, making the unit (function name) predominate.
-For examples, the multi-precision integer-type in Section~\ref{s:MultiPrecisionIntegers} has user literals:
+For examples, the multiprecision integer type in Section~\ref{s:MultiPrecisionIntegers} has the following user literals.
 {\lstset{language=CFA,moredelim=**[is][\color{red}]{|}{|},deletedelim=**[is][]{`}{`}}
 \begin{cfa}
@@ -2153 +2197 @@
 y = "12345678901234567890123456789"|`mp| + "12345678901234567890123456789"|`mp|;
 \end{cfa}
-Because \CFA uses a standard function, all types and literals are applicable, as well as overloading and conversions, where @?`@ denotes a postfix-function name and @`@ denotes a postfix-function call.
+Because \CFA uses a standard function, all types and literals are applicable, as well as overloading and conversions, where @?`@ denotes a postfix-function name and @`@  denotes a postfix-function call.
 }%
 \begin{cquote}
@@ -2195 +2239 @@
 \end{cquote}
 
-The right of Figure~\ref{f:UserLiteral} shows the equivalent \CC version using the underscore for the call-syntax.
+The right of Figure~\ref{f:UserLiteral} shows the equivalent \CC version using the underscore for the call syntax.
 However, \CC restricts the types, \eg @unsigned long long int@ and @long double@ to represent integral and floating literals.
 After which, user literals must match (no conversions);
@@ -2202 +2246 @@
 \begin{figure}
 \centering
+\fontsize{9bp}{11bp}\selectfont
 \lstset{language=CFA,moredelim=**[is][\color{red}]{|}{|},deletedelim=**[is][]{`}{`}}
 \lstDeleteShortInline@%
@@ -2257 +2302 @@
 \end{tabular}
 \lstMakeShortInline@%
-\caption{User Literal}
+\caption{User literal}
 \label{f:UserLiteral}
 \end{figure}
@@ -2265 +2310 @@
 \label{sec:libraries}
 
-As stated in Section~\ref{sec:poly-fns}, \CFA inherits a large corpus of library code, where other programming languages must rewrite or provide fragile inter-language communication with C.
+As stated in Section~\ref{sec:poly-fns}, \CFA inherits a large corpus of library code, where other programming languages must rewrite or provide fragile interlanguage communication with C.
 \CFA has replacement libraries condensing hundreds of existing C names into tens of \CFA overloaded names, all without rewriting the actual computations.
-In many cases, the interface is an inline wrapper providing overloading during compilation but zero cost at runtime.
+In many cases, the interface is an inline wrapper providing overloading during compilation but of zero cost at runtime.
 The following sections give a glimpse of the interface reduction to many C libraries.
 In many cases, @signed@/@unsigned@ @char@, @short@, and @_Complex@ functions are available (but not shown) to ensure expression computations remain in a single type, as conversions can distort results.
@@ -2275 +2320 @@
 
 C library @limits.h@ provides lower and upper bound constants for the basic types.
-\CFA name overloading is used to condense these typed constants, \eg:
+\CFA name overloading is used to condense these typed constants.
 \begin{cquote}
 \lstDeleteShortInline@%
@@ -2294 +2339 @@
 \lstMakeShortInline@%
 \end{cquote}
-The result is a significant reduction in names to access typed constants, \eg:
+The result is a significant reduction in names to access typed constants.
 \begin{cquote}
 \lstDeleteShortInline@%
@@ -2320 +2365 @@
 
 C library @math.h@ provides many mathematical functions.
-\CFA function overloading is used to condense these mathematical functions, \eg:
+\CFA function overloading is used to condense these mathematical functions.
 \begin{cquote}
 \lstDeleteShortInline@%
@@ -2339 +2384 @@
 \lstMakeShortInline@%
 \end{cquote}
-The result is a significant reduction in names to access math functions, \eg:
+The result is a significant reduction in names to access math functions.
 \begin{cquote}
 \lstDeleteShortInline@%
@@ -2358 +2403 @@
 \lstMakeShortInline@%
 \end{cquote}
-While \Celeven has type-generic math~\cite[\S~7.25]{C11} in @tgmath.h@ to provide a similar mechanism, these macros are limited, matching a function name with a single set of floating type(s).
+While \Celeven has type-generic math (see section~7.25 of the ISO/IEC 9899\cite{C11}) in @tgmath.h@ to provide a similar mechanism, these macros are limited, matching a function name with a single set of floating type(s).
 For example, it is impossible to overload @atan@ for both one and two arguments;
-instead the names @atan@ and @atan2@ are required (see Section~\ref{s:NameOverloading}).
-The key observation is that only a restricted set of type-generic macros are provided for a limited set of function names, which do not generalize across the type system, as in \CFA.
+instead, the names @atan@ and @atan2@ are required (see Section~\ref{s:NameOverloading}).
+The key observation is that only a restricted set of type-generic macros is provided for a limited set of function names, which do not generalize across the type system, as in \CFA.
 
 
@@ -2367 +2412 @@
 
 C library @stdlib.h@ provides many general functions.
-\CFA function overloading is used to condense these utility functions, \eg:
+\CFA function overloading is used to condense these utility functions.
 \begin{cquote}
 \lstDeleteShortInline@%
@@ -2386 +2431 @@
 \lstMakeShortInline@%
 \end{cquote}
-The result is a significant reduction in names to access utility functions, \eg:
+The result is a significant reduction in names to access the utility functions.
 \begin{cquote}
 \lstDeleteShortInline@%
@@ -2405 +2450 @@
 \lstMakeShortInline@%
 \end{cquote}
-In additon, there are polymorphic functions, like @min@ and @max@, that work on any type with operators @?<?@ or @?>?@.
+In addition, there are polymorphic functions, like @min@ and @max@, that work on any type with operator @?<?@ or @?>?@.
 
 The following shows one example where \CFA \emph{extends} an existing standard C interface to reduce complexity and provide safety.
-C/\Celeven provide a number of complex and overlapping storage-management operation to support the following capabilities:
-\begin{description}%[topsep=3pt,itemsep=2pt,parsep=0pt]
+C/\Celeven provide a number of complex and overlapping storage-management operations to support the following capabilities.
+\begin{list}{}{\itemsep=0pt\parsep=0pt\labelwidth=0pt\leftmargin\parindent\itemindent-\leftmargin\let\makelabel\descriptionlabel}
 \item[fill]
 an allocation with a specified character.
 \item[resize]
 an existing allocation to decrease or increase its size.
-In either case, new storage may or may not be allocated and, if there is a new allocation, as much data from the existing allocation is copied.
+In either case, new storage may or may not be allocated, and if there is a new allocation, as much data from the existing allocation are copied.
 For an increase in storage size, new storage after the copied data may be filled.
+\newpage
 \item[align]
 an allocation on a specified memory boundary, \eg, an address multiple of 64 or 128 for cache-line purposes.
@@ -2421 +2467 @@
 allocation with a specified number of elements.
 An array may be filled, resized, or aligned.
-\end{description}
-Table~\ref{t:StorageManagementOperations} shows the capabilities provided by C/\Celeven allocation-functions and how all the capabilities can be combined into two \CFA functions.
-\CFA storage-management functions extend the C equivalents by overloading, providing shallow type-safety, and removing the need to specify the base allocation-size.
-Figure~\ref{f:StorageAllocation} contrasts \CFA and C storage-allocation performing the same operations with the same type safety.
+\end{list}
+Table~\ref{t:StorageManagementOperations} shows the capabilities provided by C/\Celeven allocation functions and how all the capabilities can be combined into two \CFA functions.
+\CFA storage-management functions extend the C equivalents by overloading, providing shallow type safety, and removing the need to specify the base allocation size.
+Figure~\ref{f:StorageAllocation} contrasts \CFA and C storage allocation performing the same operations with the same type safety.
 
 \begin{table}
-\caption{Storage-Management Operations}
+\caption{Storage-management operations}
 \label{t:StorageManagementOperations}
 \centering
 \lstDeleteShortInline@%
 \lstMakeShortInline~%
-\begin{tabular}{@{}r|r|l|l|l|l@{}}
-\multicolumn{1}{c}{}&           & \multicolumn{1}{c|}{fill}     & resize        & align & array \\
-\hline
+\begin{tabular}{@{}rrllll@{}}
+\multicolumn{1}{c}{}&           & \multicolumn{1}{c}{fill}      & resize        & align & array \\
 C               & ~malloc~                      & no                    & no            & no            & no    \\
                 & ~calloc~                      & yes (0 only)  & no            & no            & yes   \\
@@ -2440 +2485 @@
                 & ~memalign~            & no                    & no            & yes           & no    \\
                 & ~posix_memalign~      & no                    & no            & yes           & no    \\
-\hline
 C11             & ~aligned_alloc~       & no                    & no            & yes           & no    \\
-\hline
 \CFA    & ~alloc~                       & yes/copy              & no/yes        & no            & yes   \\
                 & ~align_alloc~         & yes                   & no            & yes           & yes   \\
@@ -2452 +2495 @@
 \begin{figure}
 \centering
+\fontsize{9bp}{11bp}\selectfont
 \begin{cfa}[aboveskip=0pt,xleftmargin=0pt]
 size_t  dim = 10;                                                       $\C{// array dimension}$
@@ -2489 +2533 @@
 \end{tabular}
 \lstMakeShortInline@%
-\caption{\CFA versus C Storage-Allocation}
+\caption{\CFA versus C storage allocation}
 \label{f:StorageAllocation}
 \end{figure}
 
 Variadic @new@ (see Section~\ref{sec:variadic-tuples}) cannot support the same overloading because extra parameters are for initialization.
-Hence, there are @new@ and @anew@ functions for single and array variables, and the fill value is the arguments to the constructor, \eg:
+Hence, there are @new@ and @anew@ functions for single and array variables, and the fill value is the arguments to the constructor.
 \begin{cfa}
 struct S { int i, j; };
@@ -2501 +2545 @@
 S * as = anew( dim, 2, 3 );                                     $\C{// each array element initialized to 2, 3}$
 \end{cfa}
-Note, \CC can only initialize array elements via the default constructor.
-
-Finally, the \CFA memory-allocator has \newterm{sticky properties} for dynamic storage: fill and alignment are remembered with an object's storage in the heap.
+Note that \CC can only initialize array elements via the default constructor.
+
+Finally, the \CFA memory allocator has \newterm{sticky properties} for dynamic storage: fill and alignment are remembered with an object's storage in the heap.
 When a @realloc@ is performed, the sticky properties are respected, so that new storage is correctly aligned and initialized with the fill character.
 
@@ -2510 +2554 @@
 \label{s:IOLibrary}
 
-The goal of \CFA I/O is to simplify the common cases, while fully supporting polymorphism and user defined types in a consistent way.
+The goal of \CFA I/O is to simplify the common cases, while fully supporting polymorphism and user-defined types in a consistent way.
 The approach combines ideas from \CC and Python.
 The \CFA header file for the I/O library is @fstream@.
@@ -2539 +2583 @@
 \lstMakeShortInline@%
 \end{cquote}
-The \CFA form has half the characters of the \CC form, and is similar to Python I/O with respect to implicit separators.
+The \CFA form has half the characters of the \CC form and is similar to Python I/O with respect to implicit separators.
 Similar simplification occurs for tuple I/O, which prints all tuple values separated by ``\lstinline[showspaces=true]@, @''.
 \begin{cfa}
@@ -2572 +2616 @@
 \lstMakeShortInline@%
 \end{cquote}
-There is a weak similarity between the \CFA logical-or operator and the Shell pipe-operator for moving data, where data flows in the correct direction for input but the opposite direction for output.
+There is a weak similarity between the \CFA logical-or operator and the Shell pipe operator for moving data, where data flow in the correct direction for input but in the opposite direction for output.
 \begin{comment}
 The implicit separator character (space/blank) is a separator not a terminator.
@@ -2593 +2637 @@
 \end{itemize}
 \end{comment}
-There are functions to set and get the separator string, and manipulators to toggle separation on and off in the middle of output.
-
-
-\subsection{Multi-precision Integers}
+There are functions to set and get the separator string and manipulators to toggle separation on and off in the middle of output.
+
+
+\subsection{Multiprecision integers}
 \label{s:MultiPrecisionIntegers}
 
-\CFA has an interface to the GMP multi-precision signed-integers~\cite{GMP}, similar to the \CC interface provided by GMP.
-The \CFA interface wraps GMP functions into operator functions to make programming with multi-precision integers identical to using fixed-sized integers.
-The \CFA type name for multi-precision signed-integers is @Int@ and the header file is @gmp@.
-Figure~\ref{f:GMPInterface} shows a multi-precision factorial-program contrasting the GMP interface in \CFA and C.
-
-\begin{figure}
+\CFA has an interface to the GNU multiple precision (GMP) signed integers~\cite{GMP}, similar to the \CC interface provided by GMP.
+The \CFA interface wraps GMP functions into operator functions to make programming with multiprecision integers identical to using fixed-sized integers.
+The \CFA type name for multiprecision signed integers is @Int@ and the header file is @gmp@.
+Figure~\ref{f:GMPInterface} shows a multiprecision factorial program contrasting the GMP interface in \CFA and C.
+
+\begin{figure}[b]
 \centering
+\fontsize{9bp}{11bp}\selectfont
 \lstDeleteShortInline@%
 \begin{tabular}{@{}l@{\hspace{3\parindentlnth}}l@{}}
@@ -2636 +2681 @@
 \end{tabular}
 \lstMakeShortInline@%
-\caption{GMP Interface \CFA versus C}
+\caption{GMP interface \CFA versus C}
 \label{f:GMPInterface}
 \end{figure}
 
 
+\vspace{-4pt}
 \section{Polymorphism Evaluation}
 \label{sec:eval}
@@ -2649 +2695 @@
 % Though \CFA provides significant added functionality over C, these features have a low runtime penalty.
 % In fact, it is shown that \CFA's generic programming can enable faster runtime execution than idiomatic @void *@-based C code.
-The experiment is a set of generic-stack micro-benchmarks~\cite{CFAStackEvaluation} in C, \CFA, and \CC (see implementations in Appendix~\ref{sec:BenchmarkStackImplementations}).
+The experiment is a set of generic-stack microbenchmarks~\cite{CFAStackEvaluation} in C, \CFA, and \CC (see implementations in Appendix~\ref{sec:BenchmarkStackImplementations}).
 Since all these languages share a subset essentially comprising standard C, maximal-performance benchmarks should show little runtime variance, differing only in length and clarity of source code.
 A more illustrative comparison measures the costs of idiomatic usage of each language's features.
-Figure~\ref{fig:BenchmarkTest} shows the \CFA benchmark tests for a generic stack based on a singly linked-list.
+Figure~\ref{fig:BenchmarkTest} shows the \CFA benchmark tests for a generic stack based on a singly linked list.
 The benchmark test is similar for the other languages.
 The experiment uses element types @int@ and @pair(short, char)@, and pushes $N=40M$ elements on a generic stack, copies the stack, clears one of the stacks, and finds the maximum value in the other stack.
 
 \begin{figure}
+\fontsize{9bp}{11bp}\selectfont
 \begin{cfa}[xleftmargin=3\parindentlnth,aboveskip=0pt,belowskip=0pt]
 int main() {
@@ -2676 +2723 @@
 }
 \end{cfa}
-\caption{\protect\CFA Benchmark Test}
+\caption{\protect\CFA benchmark test}
 \label{fig:BenchmarkTest}
+\vspace*{-10pt}
 \end{figure}
 
-The structure of each benchmark implemented is: C with @void *@-based polymorphism, \CFA with parametric polymorphism, \CC with templates, and \CC using only class inheritance for polymorphism, called \CCV.
+The structure of each benchmark implemented is C with @void *@-based polymorphism, \CFA with parametric polymorphism, \CC with templates, and \CC using only class inheritance for polymorphism, called \CCV.
 The \CCV variant illustrates an alternative object-oriented idiom where all objects inherit from a base @object@ class, mimicking a Java-like interface;
-hence runtime checks are necessary to safely down-cast objects.
-The most notable difference among the implementations is in memory layout of generic types: \CFA and \CC inline the stack and pair elements into corresponding list and pair nodes, while C and \CCV lack such a capability and instead must store generic objects via pointers to separately-allocated objects.
-Note, the C benchmark uses unchecked casts as C has no runtime mechanism to perform such checks, while \CFA and \CC provide type-safety statically.
+hence, runtime checks are necessary to safely downcast objects.
+The most notable difference among the implementations is in memory layout of generic types: \CFA and \CC inline the stack and pair elements into corresponding list and pair nodes, whereas C and \CCV lack such capability and, instead, must store generic objects via pointers to separately allocated objects.
+Note that the C benchmark uses unchecked casts as C has no runtime mechanism to perform such checks, whereas \CFA and \CC provide type safety statically.
 
 Figure~\ref{fig:eval} and Table~\ref{tab:eval} show the results of running the benchmark in Figure~\ref{fig:BenchmarkTest} and its C, \CC, and \CCV equivalents.
-The graph plots the median of 5 consecutive runs of each program, with an initial warm-up run omitted.
+The graph plots the median of five consecutive runs of each program, with an initial warm-up run omitted.
 All code is compiled at \texttt{-O2} by gcc or g++ 6.4.0, with all \CC code compiled as \CCfourteen.
 The benchmarks are run on an Ubuntu 16.04 workstation with 16 GB of RAM and a 6-core AMD FX-6300 CPU with 3.5 GHz maximum clock frequency.
@@ -2693 +2741 @@
 \begin{figure}
 \centering
-\input{timing}
-\caption{Benchmark Timing Results (smaller is better)}
+\resizebox{0.7\textwidth}{!}{\input{timing}}
+\caption{Benchmark timing results (smaller is better)}
 \label{fig:eval}
+\vspace*{-10pt}
 \end{figure}
 
 \begin{table}
+\vspace*{-10pt}
 \caption{Properties of benchmark code}
 \label{tab:eval}
 \centering
+\vspace*{-4pt}
 \newcommand{\CT}[1]{\multicolumn{1}{c}{#1}}
-\begin{tabular}{rrrrr}
-                                                                        & \CT{C}        & \CT{\CFA}     & \CT{\CC}      & \CT{\CCV}             \\ \hline
-maximum memory usage (MB)                       & 10,001        & 2,502         & 2,503         & 11,253                \\
+\begin{tabular}{lrrrr}
+                                                                        & \CT{C}        & \CT{\CFA}     & \CT{\CC}      & \CT{\CCV}             \\
+maximum memory usage (MB)                       & 10\,001       & 2\,502        & 2\,503        & 11\,253               \\
 source code size (lines)                        & 201           & 191           & 125           & 294                   \\
 redundant type annotations (lines)      & 27            & 0                     & 2                     & 16                    \\
 binary size (KB)                                        & 14            & 257           & 14            & 37                    \\
 \end{tabular}
+\vspace*{-16pt}
 \end{table}
 
-The C and \CCV variants are generally the slowest with the largest memory footprint, because of their less-efficient memory layout and the pointer-indirection necessary to implement generic types;
+\enlargethispage{-10pt}
+The C and \CCV variants are generally the slowest with the largest memory footprint, due to their less-efficient memory layout and the pointer indirection necessary to implement generic types;
 this inefficiency is exacerbated by the second level of generic types in the pair benchmarks.
-By contrast, the \CFA and \CC variants run in roughly equivalent time for both the integer and pair because of equivalent storage layout, with the inlined libraries (\ie no separate compilation) and greater maturity of the \CC compiler contributing to its lead.
-\CCV is slower than C largely due to the cost of runtime type-checking of down-casts (implemented with @dynamic_cast@);
+By contrast, the \CFA and \CC variants run in roughly equivalent time for both the integer and pair because of the equivalent storage layout, with the inlined libraries (\ie no separate compilation) and greater maturity of the \CC compiler contributing to its lead.
+\CCV is slower than C largely due to the cost of runtime type checking of downcasts (implemented with @dynamic_cast@).
 The outlier for \CFA, pop @pair@, results from the complexity of the generated-C polymorphic code.
 The gcc compiler is unable to optimize some dead code and condense nested calls;
@@ -2721 +2774 @@
 Finally, the binary size for \CFA is larger because of static linking with the \CFA libraries.
 
-\CFA is also competitive in terms of source code size, measured as a proxy for programmer effort. The line counts in Table~\ref{tab:eval} include implementations of @pair@ and @stack@ types for all four languages for purposes of direct comparison, though it should be noted that \CFA and \CC have pre-written data structures in their standard libraries that programmers would generally use instead. Use of these standard library types has minimal impact on the performance benchmarks, but shrinks the \CFA and \CC benchmarks to 39 and 42 lines, respectively.
+\CFA is also competitive in terms of source code size, measured as a proxy for programmer effort. The line counts in Table~\ref{tab:eval} include implementations of @pair@ and @stack@ types for all four languages for purposes of direct comparison, although it should be noted that \CFA and \CC have prewritten data structures in their standard libraries that programmers would generally use instead. Use of these standard library types has minimal impact on the performance benchmarks, but shrinks the \CFA and \CC benchmarks to 39 and 42 lines, respectively.
 The difference between the \CFA and \CC line counts is primarily declaration duplication to implement separate compilation; a header-only \CFA library would be similar in length to the \CC version.
-On the other hand, C does not have a generic collections-library in its standard distribution, resulting in frequent reimplementation of such collection types by C programmers.
-\CCV does not use the \CC standard template library by construction, and in fact includes the definition of @object@ and wrapper classes for @char@, @short@, and @int@ in its line count, which inflates this count somewhat, as an actual object-oriented language would include these in the standard library;
+On the other hand, C does not have a generic collections library in its standard distribution, resulting in frequent reimplementation of such collection types by C programmers.
+\CCV does not use the \CC standard template library by construction and, in fact, includes the definition of @object@ and wrapper classes for @char@, @short@, and @int@ in its line count, which inflates this count somewhat, as an actual object-oriented language would include these in the standard library;
 with their omission, the \CCV line count is similar to C.
 We justify the given line count by noting that many object-oriented languages do not allow implementing new interfaces on library types without subclassing or wrapper types, which may be similarly verbose.
 
-Line-count is a fairly rough measure of code complexity;
-another important factor is how much type information the programmer must specify manually, especially where that information is not compiler-checked.
-Such unchecked type information produces a heavier documentation burden and increased potential for runtime bugs, and is much less common in \CFA than C, with its manually specified function pointer arguments and format codes, or \CCV, with its extensive use of un-type-checked downcasts, \eg @object@ to @integer@ when popping a stack.
+Line count is a fairly rough measure of code complexity;
+another important factor is how much type information the programmer must specify manually, especially where that information is not compiler checked.
+Such unchecked type information produces a heavier documentation burden and increased potential for runtime bugs and is much less common in \CFA than C, with its manually specified function pointer arguments and format codes, or \CCV, with its extensive use of un-type-checked downcasts, \eg @object@ to @integer@ when popping a stack.
 To quantify this manual typing, the ``redundant type annotations'' line in Table~\ref{tab:eval} counts the number of lines on which the type of a known variable is respecified, either as a format specifier, explicit downcast, type-specific function, or by name in a @sizeof@, struct literal, or @new@ expression.
-The \CC benchmark uses two redundant type annotations to create a new stack nodes, while the C and \CCV benchmarks have several such annotations spread throughout their code.
+The \CC benchmark uses two redundant type annotations to create a new stack nodes, whereas the C and \CCV benchmarks have several such annotations spread throughout their code.
 The \CFA benchmark is able to eliminate all redundant type annotations through use of the polymorphic @alloc@ function discussed in Section~\ref{sec:libraries}.
 
-We conjecture these results scale across most generic data-types as the underlying polymorphism implement is constant.
-
-
+We conjecture that these results scale across most generic data types as the underlying polymorphism implement is constant.
+
+
+\vspace*{-8pt}
 \section{Related Work}
 \label{s:RelatedWork}
@@ -2753 +2807 @@
 \CC provides three disjoint polymorphic extensions to C: overloading, inheritance, and templates.
 The overloading is restricted because resolution does not use the return type, inheritance requires learning object-oriented programming and coping with a restricted nominal-inheritance hierarchy, templates cannot be separately compiled resulting in compilation/code bloat and poor error messages, and determining how these mechanisms interact and which to use is confusing.
-In contrast, \CFA has a single facility for polymorphic code supporting type-safe separate-compilation of polymorphic functions and generic (opaque) types, which uniformly leverage the C procedural paradigm.
+In contrast, \CFA has a single facility for polymorphic code supporting type-safe separate compilation of polymorphic functions and generic (opaque) types, which uniformly leverage the C procedural paradigm.
 The key mechanism to support separate compilation is \CFA's \emph{explicit} use of assumed type properties.
-Until \CC concepts~\cite{C++Concepts} are standardized (anticipated for \CCtwenty), \CC provides no way to specify the requirements of a generic function beyond compilation errors during template expansion;
+Until \CC concepts~\cite{C++Concepts} are standardized (anticipated for \CCtwenty), \CC provides no way of specifying the requirements of a generic function beyond compilation errors during template expansion;
 furthermore, \CC concepts are restricted to template polymorphism.
 
 Cyclone~\cite{Grossman06} also provides capabilities for polymorphic functions and existential types, similar to \CFA's @forall@ functions and generic types.
-Cyclone existential types can include function pointers in a construct similar to a virtual function-table, but these pointers must be explicitly initialized at some point in the code, a tedious and potentially error-prone process.
+Cyclone existential types can include function pointers in a construct similar to a virtual function table, but these pointers must be explicitly initialized at some point in the code, which is a tedious and potentially error-prone process.
 Furthermore, Cyclone's polymorphic functions and types are restricted to abstraction over types with the same layout and calling convention as @void *@, \ie only pointer types and @int@.
 In \CFA terms, all Cyclone polymorphism must be dtype-static.
 While the Cyclone design provides the efficiency benefits discussed in Section~\ref{sec:generic-apps} for dtype-static polymorphism, it is more restrictive than \CFA's general model.
-Smith and Volpano~\cite{Smith98} present Polymorphic C, an ML dialect with polymorphic functions, C-like syntax, and pointer types; it lacks many of C's features, however, most notably structure types, and so is not a practical C replacement.
+Smith and Volpano~\cite{Smith98} present Polymorphic C, an ML dialect with polymorphic functions, C-like syntax, and pointer types;
+it lacks many of C's features, most notably structure types, and hence, is not a practical C replacement.
 
 Objective-C~\cite{obj-c-book} is an industrially successful extension to C.
-However, Objective-C is a radical departure from C, using an object-oriented model with message-passing.
+However, Objective-C is a radical departure from C, using an object-oriented model with message passing.
 Objective-C did not support type-checked generics until recently \cite{xcode7}, historically using less-efficient runtime checking of object types.
-The GObject~\cite{GObject} framework also adds object-oriented programming with runtime type-checking and reference-counting garbage-collection to C;
-these features are more intrusive additions than those provided by \CFA, in addition to the runtime overhead of reference-counting.
-Vala~\cite{Vala} compiles to GObject-based C, adding the burden of learning a separate language syntax to the aforementioned demerits of GObject as a modernization path for existing C code-bases.
-Java~\cite{Java8} included generic types in Java~5, which are type-checked at compilation and type-erased at runtime, similar to \CFA's.
-However, in Java, each object carries its own table of method pointers, while \CFA passes the method pointers separately to maintain a C-compatible layout.
+The GObject~\cite{GObject} framework also adds object-oriented programming with runtime type-checking and reference-counting garbage collection to C;
+these features are more intrusive additions than those provided by \CFA, in addition to the runtime overhead of reference counting.
+Vala~\cite{Vala} compiles to GObject-based C, adding the burden of learning a separate language syntax to the aforementioned demerits of GObject as a modernization path for existing C code bases.
+Java~\cite{Java8} included generic types in Java~5, which are type checked at compilation and type erased at runtime, similar to \CFA's.
+However, in Java, each object carries its own table of method pointers, whereas \CFA passes the method pointers separately to maintain a C-compatible layout.
 Java is also a garbage-collected, object-oriented language, with the associated resource usage and C-interoperability burdens.
 
-D~\cite{D}, Go, and Rust~\cite{Rust} are modern, compiled languages with abstraction features similar to \CFA traits, \emph{interfaces} in D and Go and \emph{traits} in Rust.
+D~\cite{D}, Go, and Rust~\cite{Rust} are modern compiled languages with abstraction features similar to \CFA traits, \emph{interfaces} in D and Go, and \emph{traits} in Rust.
 However, each language represents a significant departure from C in terms of language model, and none has the same level of compatibility with C as \CFA.
 D and Go are garbage-collected languages, imposing the associated runtime overhead.
 The necessity of accounting for data transfer between managed runtimes and the unmanaged C runtime complicates foreign-function interfaces to C.
 Furthermore, while generic types and functions are available in Go, they are limited to a small fixed set provided by the compiler, with no language facility to define more.
-D restricts garbage collection to its own heap by default, while Rust is not garbage-collected, and thus has a lighter-weight runtime more interoperable with C.
+D restricts garbage collection to its own heap by default, whereas Rust is not garbage collected and, thus, has a lighter-weight runtime more interoperable with C.
 Rust also possesses much more powerful abstraction capabilities for writing generic code than Go.
-On the other hand, Rust's borrow-checker provides strong safety guarantees but is complex and difficult to learn and imposes a distinctly idiomatic programming style.
+On the other hand, Rust's borrow checker provides strong safety guarantees but is complex and difficult to learn and imposes a distinctly idiomatic programming style.
 \CFA, with its more modest safety features, allows direct ports of C code while maintaining the idiomatic style of the original source.
 
 
-\subsection{Tuples/Variadics}
-
+\vspace*{-18pt}
+\subsection{Tuples/variadics}
+
+\vspace*{-5pt}
 Many programming languages have some form of tuple construct and/or variadic functions, \eg SETL, C, KW-C, \CC, D, Go, Java, ML, and Scala.
 SETL~\cite{SETL} is a high-level mathematical programming language, with tuples being one of the primary data types.
 Tuples in SETL allow subscripting, dynamic expansion, and multiple assignment.
-C provides variadic functions through @va_list@ objects, but the programmer is responsible for managing the number of arguments and their types, so the mechanism is type unsafe.
+C provides variadic functions through @va_list@ objects, but the programmer is responsible for managing the number of arguments and their types;
+thus, the mechanism is type unsafe.
 KW-C~\cite{Buhr94a}, a predecessor of \CFA, introduced tuples to C as an extension of the C syntax, taking much of its inspiration from SETL.
 The main contributions of that work were adding MRVF, tuple mass and multiple assignment, and record-member access.
-\CCeleven introduced @std::tuple@ as a library variadic template structure.
+\CCeleven introduced @std::tuple@ as a library variadic-template structure.
 Tuples are a generalization of @std::pair@, in that they allow for arbitrary length, fixed-size aggregation of heterogeneous values.
 Operations include @std::get<N>@ to extract values, @std::tie@ to create a tuple of references used for assignment, and lexicographic comparisons.
-\CCseventeen proposes \emph{structured bindings}~\cite{Sutter15} to eliminate pre-declaring variables and use of @std::tie@ for binding the results.
-This extension requires the use of @auto@ to infer the types of the new variables, so complicated expressions with a non-obvious type must be documented with some other mechanism.
+\CCseventeen proposes \emph{structured bindings}~\cite{Sutter15} to eliminate predeclaring variables and the use of @std::tie@ for binding the results.
+This extension requires the use of @auto@ to infer the types of the new variables; hence, complicated expressions with a nonobvious type must be documented with some other mechanism.
 Furthermore, structured bindings are not a full replacement for @std::tie@, as it always declares new variables.
 Like \CC, D provides tuples through a library variadic-template structure.
 Go does not have tuples but supports MRVF.
-Java's variadic functions appear similar to C's but are type-safe using homogeneous arrays, which are less useful than \CFA's heterogeneously-typed variadic functions.
+Java's variadic functions appear similar to C's but are type safe using homogeneous arrays, which are less useful than \CFA's heterogeneously typed variadic functions.
 Tuples are a fundamental abstraction in most functional programming languages, such as Standard ML~\cite{sml}, Haskell, and Scala~\cite{Scala}, which decompose tuples using pattern matching.
 
 
+\vspace*{-18pt}
 \subsection{C Extensions}
 
-\CC is the best known C-based language, and is similar to \CFA in that both are extensions to C with source and runtime backwards compatibility.
-Specific difference between \CFA and \CC have been identified in prior sections, with a final observation that \CFA has equal or fewer tokens to express the same notion in many cases.
+\vspace*{-5pt}
+\CC is the best known C-based language and is similar to \CFA in that both are extensions to C with source and runtime backward compatibility.
+Specific differences between \CFA and \CC have been identified in prior sections, with a final observation that \CFA has equal or fewer tokens to express the same notion in many cases.
 The key difference in design philosophies is that \CFA is easier for C programmers to understand by maintaining a procedural paradigm and avoiding complex interactions among extensions.
 \CC, on the other hand, has multiple overlapping features (such as the three forms of polymorphism), many of which have complex interactions with its object-oriented design. 
-As a result, \CC has a steep learning curve for even experienced C programmers, especially when attempting to maintain performance equivalent to C legacy-code.
-
-There are several other C extension-languages with less usage and even more dramatic changes than \CC. 
-Objective-C and Cyclone are two other extensions to C with different design goals than \CFA, as discussed above. 
+As a result, \CC has a steep learning curve for even experienced C programmers, especially when attempting to maintain performance equivalent to C legacy code.
+
+There are several other C extension languages with less usage and even more dramatic changes than \CC. 
+\mbox{Objective-C} and Cyclone are two other extensions to C with different design goals than \CFA, as discussed above. 
 Other languages extend C with more focused features. 
 $\mu$\CC~\cite{uC++book}, CUDA~\cite{Nickolls08}, ispc~\cite{Pharr12}, and Sierra~\cite{Leissa14} add concurrent or data-parallel primitives to C or \CC;
-data-parallel features have not yet been added to \CFA, but are easily incorporated within its design, while concurrency primitives similar to those in $\mu$\CC have already been added~\cite{Delisle18}.
-Finally, CCured~\cite{Necula02} and Ironclad \CC~\cite{DeLozier13} attempt to provide a more memory-safe C by annotating pointer types with garbage collection information; type-checked polymorphism in \CFA covers several of C's memory-safety issues, but more aggressive approaches such as annotating all pointer types with their nullability or requiring runtime garbage collection are contradictory to \CFA's backwards compatibility goals.
+data-parallel features have not yet been added to \CFA, but are easily incorporated within its design, whereas concurrency primitives similar to those in $\mu$\CC have already been added~\cite{Delisle18}.
+Finally, CCured~\cite{Necula02} and Ironclad \CC~\cite{DeLozier13} attempt to provide a more memory-safe C by annotating pointer types with garbage collection information; type-checked polymorphism in \CFA covers several of C's memory-safety issues, but more aggressive approaches such as annotating all pointer types with their nullability or requiring runtime garbage collection are contradictory to \CFA's backward compatibility goals.
 
 
 \section{Conclusion and Future Work}
 
-The goal of \CFA is to provide an evolutionary pathway for large C development-environments to be more productive and safer, while respecting the talent and skill of C programmers.
-While other programming languages purport to be a better C, they are in fact new and interesting languages in their own right, but not C extensions.
-The purpose of this paper is to introduce \CFA, and showcase language features that illustrate the \CFA type-system and approaches taken to achieve the goal of evolutionary C extension.
-The contributions are a powerful type-system using parametric polymorphism and overloading, generic types, tuples, advanced control structures, and extended declarations, which all have complex interactions.
+The goal of \CFA is to provide an evolutionary pathway for large C development environments to be more productive and safer, while respecting the talent and skill of C programmers.
+While other programming languages purport to be a better C, they are, in fact, new and interesting languages in their own right, but not C extensions.
+The purpose of this paper is to introduce \CFA, and showcase language features that illustrate the \CFA type system and approaches taken to achieve the goal of evolutionary C extension.
+The contributions are a powerful type system using parametric polymorphism and overloading, generic types, tuples, advanced control structures, and extended declarations, which all have complex interactions.
 The work is a challenging design, engineering, and implementation exercise.
 On the surface, the project may appear as a rehash of similar mechanisms in \CC.
 However, every \CFA feature is different than its \CC counterpart, often with extended functionality, better integration with C and its programmers, and always supporting separate compilation.
-All of these new features are being used by the \CFA development-team to build the \CFA runtime-system.
+All of these new features are being used by the \CFA development team to build the \CFA runtime system.
 Finally, we demonstrate that \CFA performance for some idiomatic cases is better than C and close to \CC, showing the design is practically applicable.
 
-While all examples in the paper compile and run, a public beta-release of \CFA will take 6--8 months to reduce compilation time, provide better debugging, and add a few more libraries.
-There is also new work on a number of \CFA features, including arrays with size, runtime type-information, virtual functions, user-defined conversions, and modules.
-While \CFA polymorphic functions use dynamic virtual-dispatch with low runtime overhead (see Section~\ref{sec:eval}), it is not as low as \CC template-inlining.
-Hence it may be beneficial to provide a mechanism for performance-sensitive code.
-Two promising approaches are an @inline@ annotation at polymorphic function call sites to create a template-specialization of the function (provided the code is visible) or placing an @inline@ annotation on polymorphic function-definitions to instantiate a specialized version for some set of types (\CC template specialization).
-These approaches are not mutually exclusive and allow performance optimizations to be applied only when necessary, without suffering global code-bloat.
-In general, we believe separate compilation, producing smaller code, works well with loaded hardware-caches, which may offset the benefit of larger inlined-code.
+While all examples in the paper compile and run, there are ongoing efforts to reduce compilation time, provide better debugging, and add more libraries;
+when this work is complete in early 2019, a public beta release will be available at \url{https://github.com/cforall/cforall}.
+There is also new work on a number of \CFA features, including arrays with size, runtime type information, virtual functions, user-defined conversions, and modules.
+While \CFA polymorphic functions use dynamic virtual dispatch with low runtime overhead (see Section~\ref{sec:eval}), it is not as low as \CC template inlining.
+Hence, it may be beneficial to provide a mechanism for performance-sensitive code.
+Two promising approaches are an @inline@ annotation at polymorphic function call sites to create a template specialization of the function (provided the code is visible) or placing an @inline@ annotation on polymorphic function definitions to instantiate a specialized version for some set of types (\CC template specialization).
+ These approaches are not mutually exclusive and allow performance optimizations to be applied only when necessary, without suffering global code bloat.
+In general, we believe separate compilation, producing smaller code, works well with loaded hardware caches, which may offset the benefit of larger inlined code.
 
 
 \section{Acknowledgments}
 
-The authors would like to recognize the design assistance of Glen Ditchfield, Richard Bilson, Thierry Delisle, Andrew Beach and Brice Dobry on the features described in this paper, and thank Magnus Madsen for feedback on the writing.
-Funding for this project has been provided by Huawei Ltd.\ (\url{http://www.huawei.com}), and Aaron Moss and Peter Buhr are partially funded by the Natural Sciences and Engineering Research Council of Canada.
+The authors would like to recognize the design assistance of Glen Ditchfield, Richard Bilson, Thierry Delisle, Andrew Beach, and Brice Dobry on the features described in this paper and thank Magnus Madsen for feedback on the writing.
+Funding for this project was provided by Huawei Ltd (\url{http://www.huawei.com}), and Aaron Moss and Peter Buhr were partially funded by the Natural Sciences and Engineering Research Council of Canada.
 
 {%
 \fontsize{9bp}{12bp}\selectfont%
+\vspace*{-3pt}
 \bibliography{pl}
 }%
@@ -2928 +2990 @@
 
 
+\enlargethispage{1000pt}
 \subsection{\CFA}
 \label{s:CforallStack}
@@ -2994 +3057 @@
 
 
+\newpage
 \subsection{\CC}