Changes in / [e869e434:b14dd030]

Location:

doc

Files:

• LaTeXmacros/common.tex (modified) (3 diffs)
• generic_types/generic_types.tex (modified) (20 diffs)
• rob_thesis/cfa-format.tex (modified) (1 diff)
• rob_thesis/conclusions.tex (modified) (1 diff)
• rob_thesis/ctordtor.tex (modified) (28 diffs)
• rob_thesis/intro.tex (modified) (21 diffs)
• rob_thesis/tuples.tex (modified) (22 diffs)
• rob_thesis/variadic.tex (modified) (11 diffs)
• user/user.tex (modified) (3 diffs)

doc/LaTeXmacros/common.tex

@@ -1 @@
-
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -*- Mode: Latex -*- %%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%
@@ -12 +11 @@
 %% Created On       : Sat Apr  9 10:06:17 2016
 %% Last Modified By : Peter A. Buhr
-%% Last Modified On : Wed Apr 12 11:32:26 2017
-%% Update Count     : 257
+%% Last Modified On : Wed Apr  5 23:19:42 2017
+%% Update Count     : 255
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
@@ -45 +44 @@
 \newcommand{\CCtwenty}{\rm C\kern-.1em\hbox{+\kern-.25em+}20} % C++20 symbolic name
 \newcommand{\Celeven}{C11\xspace}               % C11 symbolic name
-\newcommand{\Csharp}{C\raisebox{-0.65ex}{\large$^\sharp$}\xspace}       % C# symbolic name
+\newcommand{\Csharp}{C\raisebox{0.4ex}{\#}\xspace}      % C# symbolic name
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

doc/generic_types/generic_types.tex

@@ -19 +19 @@
 \newcommand{\C}[2][\@empty]{\ifx#1\@empty\else\global\setlength{\columnposn}{#1}\global\columnposn=\columnposn\fi\hfill\makebox[\textwidth-\columnposn][l]{\lst@commentstyle{#2}}}
 \newcommand{\CRT}{\global\columnposn=\gcolumnposn}
-
-\newcommand{\TODO}[1]{\textbf{TODO}: {\itshape #1}} % TODO included
-%\newcommand{\TODO}[1]{} % TODO elided
-% Latin abbreviation
-\newcommand{\abbrevFont}{\textit}       % set empty for no italics
-\newcommand*{\eg}{%
-        \@ifnextchar{,}{\abbrevFont{e}.\abbrevFont{g}.}%
-                {\@ifnextchar{:}{\abbrevFont{e}.\abbrevFont{g}.}%
-                        {\abbrevFont{e}.\abbrevFont{g}.,\xspace}}%
-}%
-\newcommand*{\ie}{%
-        \@ifnextchar{,}{\abbrevFont{i}.\abbrevFont{e}.}%
-                {\@ifnextchar{:}{\abbrevFont{i}.\abbrevFont{e}.}%
-                        {\abbrevFont{i}.\abbrevFont{e}.,\xspace}}%
-}%
-\newcommand*{\etc}{%
-        \@ifnextchar{.}{\abbrevFont{etc}}%
-        {\abbrevFont{etc}.\xspace}%
-}%
-\newcommand{\etal}{%
-        \@ifnextchar{.}{\abbrevFont{et~al}}%
-                {\abbrevFont{et al}.\xspace}%
-}%
-% \newcommand{\eg}{\textit{e}.\textit{g}.,\xspace}
-% \newcommand{\ie}{\textit{i}.\textit{e}.,\xspace}
-% \newcommand{\etc}{\textit{etc}.,\xspace}
 \makeatother
 
@@ -56 +30 @@
 \newcommand{\CS}{C\raisebox{-0.7ex}{\Large$^\sharp$}\xspace}
 \newcommand{\Textbf}[1]{{\color{red}\textbf{#1}}}
+
+\newcommand{\TODO}[1]{\textbf{TODO}: {\itshape #1}} % TODO included
+%\newcommand{\TODO}[1]{} % TODO elided
+\newcommand{\eg}{\textit{e}.\textit{g}.,\xspace}
+\newcommand{\ie}{\textit{i}.\textit{e}.,\xspace}
+\newcommand{\etc}{\textit{etc}.,\xspace}
 
 % CFA programming language, based on ANSI C (with some gcc additions)
@@ -157 +137 @@
                 & 2017  & 2012  & 2007  & 2002  & 1997  & 1992  & 1987          \\
 \hline
-Java    & 1             & 1             & 1             & 1             & 12    & -             & -                     \\
+Java    & 1             & 1             & 1             & 3             & 13    & -             & -                     \\
 \hline
-\Textbf{C}      & \Textbf{2}& \Textbf{2}& \Textbf{2}& \Textbf{2}& \Textbf{1}& \Textbf{1}& \Textbf{1}    \\
+\Textbf{C}      & \Textbf{2}& \Textbf{2}& \Textbf{2}& \Textbf{1}& \Textbf{1}& \Textbf{1}& \Textbf{1}    \\
 \hline
 \CC             & 3             & 3             & 3             & 3             & 2             & 2             & 4                     \\
@@ -175 +155 @@
 (4) Extensions introduced by \CFA must be translated in the most efficient way possible.
 These goals ensure existing C code-bases can be converted to \CFA incrementally with minimal effort, and C programmers can productively generate \CFA code without training beyond the features being used.
-Unfortunately, \CC is actively diverging from C, so incremental additions require significant effort and training, coupled with multiple legacy design-choices that cannot be updated.
+We claim \CC is diverging from C, and hence, incremental additions of language features require significant effort and training, while suffering from historically poor design choices.
 
 \CFA is currently implemented as a source-to-source translator from \CFA to the GCC-dialect of C~\citep{GCCExtensions}, allowing it to leverage the portability and code optimizations provided by GCC, meeting goals (1)-(3). Ultimately, a compiler is necessary for advanced features and optimal performance.
@@ -199 +179 @@
 int val = twice( twice( 3.7 ) );
 \end{lstlisting}
-which works for any type @T@ with a matching addition operator. The polymorphism is achieved by creating a wrapper function for calling @+@ with @T@ bound to @double@, then passing this function to the first call of @twice@. There is now the option of using the same @twice@ and converting the result to @int@ on assignment, or creating another @twice@ with type parameter @T@ bound to @int@ because \CFA uses the return type, as in~\cite{Ada}, in its type analysis.
-The first approach has a late conversion from @double@ to @int@ on the final assignment, while the second has an eager conversion to @int@. \CFA minimizes the number of conversions and their potential to lose information, so it selects the first approach, which corresponds with C-programmer intuition.
+which works for any type @T@ with a matching addition operator. The polymorphism is achieved by creating a wrapper function for calling @+@ with @T@ bound to @double@, then passing this function to the first call of @twice@. There is now the option of using the same @twice@ and converting the result to @int@ on assignment, or creating another @twice@ with type parameter @T@ bound to @int@ because \CFA uses the return type (as in~\cite{Ada}) in its type analysis. The first approach has a late conversion from @int@ to @double@ on the final assignment, while the second has an eager conversion to @int@. \CFA minimizes the number of conversions and their potential to lose information, so it selects the first approach, which corresponds with C-programmer intuition.
 
 Crucial to the design of a new programming language are the libraries to access thousands of external software features.
@@ -207 +186 @@
 \begin{lstlisting}
 void * bsearch( const void * key, const void * base, size_t nmemb, size_t size,
-                                int (* compar)( const void *, const void * ));
+                                int (* compar)(const void *, const void *));
 int comp( const void * t1, const void * t2 ) { return *(double *)t1 < *(double *)t2 ? -1 :
                                 *(double *)t2 < *(double *)t1 ? 1 : 0; }
@@ -225 +204 @@
 int posn = bsearch( 5.0, vals, 10 );
 \end{lstlisting}
-The nested function @comp@ provides the hidden interface from typed \CFA to untyped (@void *@) C, plus the cast of the result.
-Providing a hidden @comp@ function in \CC is awkward as lambdas do not use C calling-conventions and template declarations cannot appear at block scope.
+The nested routine @comp@ (impossible in \CC as lambdas do not use C calling conventions) provides the hidden interface from typed \CFA to untyped (@void *@) C, plus the cast of the result.
 As well, an alternate kind of return is made available: position versus pointer to found element.
 \CC's type-system cannot disambiguate between the two versions of @bsearch@ because it does not use the return type in overload resolution, nor can \CC separately compile a templated @bsearch@.
@@ -270 +248 @@
 Hence, the single name @MAX@ replaces all the C type-specific names: @SHRT_MAX@, @INT_MAX@, @DBL_MAX@.
 As well, restricted constant overloading is allowed for the values @0@ and @1@, which have special status in C, \eg the value @0@ is both an integer and a pointer literal, so its meaning depends on context.
-In addition, several operations are defined in terms values @0@ and @1@, \eg:
+In addition, several operations are defined in terms values @0@ and @1@.
+For example,
 \begin{lstlisting}
 int x;
@@ -296 +275 @@
         return total; }
 \end{lstlisting}
-
-In fact, the set of trait operators is incomplete, as there is no assignment requirement for type @T@, but @otype@ is syntactic sugar for the following implicit trait:
+A trait name plays no part in type equivalence; it is solely a macro for a list of assertions.
+Traits may overlap assertions without conflict, and therefore, do not form a hierarchy.
+
+In fact, the set of operators is incomplete, \eg no assignment, but @otype@ is syntactic sugar for the following implicit trait:
 \begin{lstlisting}
 trait otype( dtype T | sized(T) ) {  // sized is a pseudo-trait for types with known size and alignment
@@ -327 +308 @@
 % \end{lstlisting}
 
-In summation, the \CFA type-system uses \emph{nominal typing} for concrete types, matching with the C type-system, and \emph{structural typing} for polymorphic types.
-Hence, trait names play no part in type equivalence;
-the names are simply macros for a list of polymorphic assertions, which are expanded at usage sites.
-Nevertheless, trait names form a logical subtype-hierarchy with @dtype@ at the top, where traits often contain overlapping assertions, \eg operator @+@.
-Traits are used like interfaces in Java or abstract base-classes in \CC, but without the nominal inheritance-relationships.
-Instead, each polymorphic function (or generic type) defines the structural type needed for its execution (polymorphic type-key), and this key is fulfilled at each call site from the lexical environment, which is similar to Go~\citep{Go} interfaces.
-Hence, new lexical scopes and nested functions are used extensively to create local subtypes, as in the @qsort@ example, without having to manage a nominal-inheritance hierarchy.
-(Nominal inheritance can be approximated with traits using marker variables or functions, as is done in Go.)
-
-% Nominal inheritance can be simulated with traits using marker variables or functions:
-% \begin{lstlisting}
-% trait nominal(otype T) {
-%     T is_nominal;
-% };
-% int is_nominal;                                                               $\C{// int now satisfies the nominal trait}$
-% \end{lstlisting}
-% 
-% Traits, however, are significantly more powerful than nominal-inheritance interfaces; most notably, traits may be used to declare a relationship \emph{among} multiple types, a property that may be difficult or impossible to represent in nominal-inheritance type systems:
-% \begin{lstlisting}
-% trait pointer_like(otype Ptr, otype El) {
-%     lvalue El *?(Ptr);                                                $\C{// Ptr can be dereferenced into a modifiable value of type El}$
-% }
-% struct list {
-%     int value;
-%     list *next;                                                               $\C{// may omit "struct" on type names as in \CC}$
-% };
-% typedef list *list_iterator;
-% 
-% lvalue int *?( list_iterator it ) { return it->value; }
-% \end{lstlisting}
-% In the example above, @(list_iterator, int)@ satisfies @pointer_like@ by the user-defined dereference function, and @(list_iterator, list)@ also satisfies @pointer_like@ by the built-in dereference operator for pointers. Given a declaration @list_iterator it@, @*it@ can be either an @int@ or a @list@, with the meaning disambiguated by context (\eg @int x = *it;@ interprets @*it@ as an @int@, while @(*it).value = 42;@ interprets @*it@ as a @list@).
-% While a nominal-inheritance system with associated types could model one of those two relationships by making @El@ an associated type of @Ptr@ in the @pointer_like@ implementation, few such systems could model both relationships simultaneously.
-
+Traits may be used for many of the same purposes as interfaces in Java or abstract base classes in \CC. Unlike Java interfaces or \CC base classes, \CFA types do not explicitly state any inheritance relationship to traits they satisfy, which is a form of structural inheritance, similar to the implementation of an interface in Go~\citep{Go}, as opposed to the nominal inheritance model of Java and \CC.
+
+Nominal inheritance can be simulated with traits using marker variables or functions:
+\begin{lstlisting}
+trait nominal(otype T) {
+    T is_nominal;
+};
+int is_nominal;                                                         $\C{// int now satisfies the nominal trait}$
+\end{lstlisting}
+
+Traits, however, are significantly more powerful than nominal-inheritance interfaces; most notably, traits may be used to declare a relationship \emph{among} multiple types, a property that may be difficult or impossible to represent in nominal-inheritance type systems:
+\begin{lstlisting}
+trait pointer_like(otype Ptr, otype El) {
+    lvalue El *?(Ptr);                                          $\C{// Ptr can be dereferenced into a modifiable value of type El}$
+}
+struct list {
+    int value;
+    list *next;                                                         $\C{// may omit "struct" on type names as in \CC}$
+};
+typedef list *list_iterator;
+
+lvalue int *?( list_iterator it ) { return it->value; }
+\end{lstlisting}
+
+In the example above, @(list_iterator, int)@ satisfies @pointer_like@ by the user-defined dereference function, and @(list_iterator, list)@ also satisfies @pointer_like@ by the built-in dereference operator for pointers. Given a declaration @list_iterator it@, @*it@ can be either an @int@ or a @list@, with the meaning disambiguated by context (\eg @int x = *it;@ interprets @*it@ as an @int@, while @(*it).value = 42;@ interprets @*it@ as a @list@).
+While a nominal-inheritance system with associated types could model one of those two relationships by making @El@ an associated type of @Ptr@ in the @pointer_like@ implementation, few such systems could model both relationships simultaneously.
 
 \section{Generic Types}
 
-One of the known shortcomings of standard C is that it does not provide reusable type-safe abstractions for generic data structures and algorithms. Broadly speaking, there are three approaches to create data structures in C. One approach is to write bespoke data structures for each context in which they are needed. While this approach is flexible and supports integration with the C type-checker and tooling, it is also tedious and error-prone, especially for more complex data structures.
-A second approach is to use @void *@--based polymorphism, \eg the C standard-library functions @bsearch@ and @qsort@, and does allow the use of common code for common functionality. However, basing all polymorphism on @void *@ eliminates the type-checker's ability to ensure that argument types are properly matched, often requiring a number of extra function parameters, pointer indirection, and dynamic allocation that would not otherwise be needed.
-A third approach to generic code is to use preprocessor macros, which does allow the generated code to be both generic and type-checked, but errors may be difficult to interpret. Furthermore, writing and using preprocessor macros can be unnatural and inflexible.
-
-Other languages use \emph{generic types}, \eg \CC and Java, to produce type-safe abstract data-types. \CFA also implements generic types that integrate efficiently and naturally with the existing polymorphic functions, while retaining backwards compatibility with C and providing separate compilation. However, for known concrete parameters, the generic type can be inlined, like \CC templates.
+One of the known shortcomings of standard C is that it does not provide reusable type-safe abstractions for generic data structures and algorithms. Broadly speaking, there are three approaches to create data structures in C. One approach is to write bespoke data structures for each context in which they are needed. While this approach is flexible and supports integration with the C type-checker and tooling, it is also tedious and error-prone, especially for more complex data structures. A second approach is to use @void*@-based polymorphism. This approach is taken by the C standard library functions @qsort@ and @bsearch@, and does allow the use of common code for common functionality. However, basing all polymorphism on @void*@ eliminates the type-checker's ability to ensure that argument types are properly matched, often requires a number of extra function parameters, and also adds pointer indirection and dynamic allocation to algorithms and data structures that would not otherwise require them. A third approach to generic code is to use pre-processor macros to generate it -- this approach does allow the generated code to be both generic and type-checked, though any errors produced may be difficult to interpret. Furthermore, writing and invoking C code as preprocessor macros is unnatural and somewhat inflexible.
+
+Other C-like languages such as \CC and Java use \emph{generic types} to produce type-safe abstract data types. \CFA implements generic types with some care taken that the generic types design for \CFA integrates efficiently and naturally with the existing polymorphic functions in \CFA while retaining backwards compatibility with C; maintaining separate compilation is a particularly important constraint on the design. However, where the concrete parameters of the generic type are known, there is no extra overhead for the use of a generic type, as for \CC templates.
 
 A generic type can be declared by placing a @forall@ specifier on a @struct@ or @union@ declaration, and instantiated using a parenthesized list of types after the type name:
 \begin{lstlisting}
-forall( otype R, otype S ) struct pair {
-        R first;
-        S second;
+forall(otype R, otype S) struct pair {
+    R first;
+    S second;
 };
-forall( otype T ) T value( pair( const char *, T ) p ) { return p.second; }
-forall( dtype F, otype T ) T value_p( pair( F *, T * ) p ) { return *p.second; }
-
-pair( const char *, int ) p = { "magic", 42 };
+
+forall(otype T)
+T value( pair(const char*, T) p ) { return p.second; }
+
+forall(dtype F, otype T)
+T value_p( pair(F*, T*) p ) { return *p.second; }
+
+pair(const char*, int) p = { "magic", 42 };
 int magic = value( p );
-pair( void *, int * ) q = { 0, &p.second };
+
+pair(void*, int*) q = { 0, &p.second };
 magic = value_p( q );
 double d = 1.0;
-pair( double *, double * ) r = { &d, &d };
+pair(double*, double*) r = { &d, &d };
 d = value_p( r );
 \end{lstlisting}
 
-\CFA classifies generic types as either \emph{concrete} or \emph{dynamic}. Concrete have a fixed memory layout regardless of type parameters, while dynamic vary in memory layout depending on their type parameters. A type may have polymorphic parameters but still be concrete, called \emph{dtype-static}. Polymorphic pointers are an example of dtype-static types, \eg @forall(dtype T) T *@ is a polymorphic type, but for any @T@, @T *@  is a fixed-sized pointer, and therefore, can be represented by a @void *@ in code generation.
-
-\CFA generic types also allow checked argument-constraints. For example, the following declaration of a sorted set-type ensures the set key supports equality and relational comparison:
-\begin{lstlisting}
-forall( otype Key | { _Bool ?==?(Key, Key); _Bool ?<?(Key, Key); } ) struct sorted_set;
-\end{lstlisting}
-
-
-\subsection{Concrete Generic-Types}
-
-The \CFA translator template-expands concrete generic-types into new structure types, affording maximal inlining. To enable inter-operation among equivalent instantiations of a generic type, the translator saves the set of instantiations currently in scope and reuses the generated structure declarations where appropriate. For example, a function declaration that accepts or returns a concrete generic-type produces a declaration for the instantiated struct in the same scope, which all callers may reuse. For example, the concrete instantiation for @pair( const char *, int )@ is:
+\CFA classifies generic types as either \emph{concrete} or \emph{dynamic}. Concrete generic types have a fixed memory layout regardless of type parameters, while dynamic generic types vary in their in-memory layout depending on their type parameters. A type may have polymorphic parameters but still be concrete; in \CFA such types are called \emph{dtype-static}. Polymorphic pointers are an example of dtype-static types -- @forall(dtype T) T*@ is a polymorphic type, but for any @T@ chosen, @T*@ has exactly the same in-memory representation as a @void*@, and can therefore be represented by a @void*@ in code generation.
+
+\CFA generic types may also specify constraints on their argument type to be checked by the compiler. For example, consider the following declaration of a sorted set-type, which ensures that the set key supports equality and relational comparison:
+\begin{lstlisting}
+forall(otype Key | { _Bool ?==?(Key, Key); _Bool ?<?(Key, Key); })
+  struct sorted_set;
+\end{lstlisting}
+
+\subsection{Concrete Generic Types}
+
+The \CFA translator instantiates concrete generic types by template-expanding them to fresh struct types; concrete generic types can therefore be used with zero runtime overhead. To enable inter-operation among equivalent instantiations of a generic type, the translator saves the set of instantiations currently in scope and reuses the generated struct declarations where appropriate. For example, a function declaration that accepts or returns a concrete generic type produces a declaration for the instantiated struct in the same scope, which all callers that can see that declaration may reuse. As an example of the expansion, the concrete instantiation for @pair(const char*, int)@ looks like this:
 \begin{lstlisting}
 struct _pair_conc1 {
-        const char * first;
+        const char* first;
         int second;
 };
 \end{lstlisting}
 
-A concrete generic-type with dtype-static parameters is also expanded to a structure type, but this type is used for all matching instantiations. In the above example, the @pair( F *, T * )@ parameter to @value_p@ is such a type; its expansion is below and it is used as the type of the variables @q@ and @r@ as well, with casts for member access where appropriate:
+A concrete generic type with dtype-static parameters is also expanded to a struct type, but this struct type is used for all matching instantiations. In the example above, the @pair(F*, T*)@ parameter to @value_p@ is such a type; its expansion looks something like this, and is used as the type of the variables @q@ and @r@ as well, with casts for member access where appropriate:
 \begin{lstlisting}
 struct _pair_conc0 {
-        void * first;
-        void * second;
+        void* first;
+        void* second;
 };
 \end{lstlisting}
 
 
-\subsection{Dynamic Generic-Types}
-
-Though \CFA implements concrete generic-types efficiently, it also has a fully general system for dynamic generic types.
-As mentioned in Section~\ref{sec:poly-fns}, @otype@ function parameters (in fact all @sized@ polymorphic parameters) come with implicit size and alignment parameters provided by the caller.
-Dynamic generic-types also have an \emph{offset array} containing structure member-offsets.
-A dynamic generic-union needs no such offset array, as all members are at offset 0 but size and alignment are still necessary.
-Access to members of a dynamic structure is provided at runtime via base-displacement addressing with the structure pointer and the member offset (similar to the @offsetof@ macro), moving a compile-time offset calculation to runtime.
-
-The offset arrays are statically generated where possible.
-If a dynamic generic-type is declared to be passed or returned by value from a polymorphic function, the translator can safely assume the generic type is complete (\ie has a known layout) at any call-site, and the offset array is passed from the caller;
-if the generic type is concrete at the call site, the elements of this offset array can even be statically generated using the C @offsetof@ macro.
-As an example, @p.second@ in the @value@ function above is implemented as @*(p + _offsetof_pair[1])@, where @p@ is a @void *@, and @_offsetof_pair@ is the offset array passed into @value@ for @pair( const char *, T )@.
-The offset array @_offsetof_pair@ is generated at the call site as @size_t _offsetof_pair[] = { offsetof(_pair_conc1, first), offsetof(_pair_conc1, second) }@.
-
-In some cases the offset arrays cannot be statically generated. For instance, modularity is generally provided in C by including an opaque forward-declaration of a structure and associated accessor and mutator functions in a header file, with the actual implementations in a separately-compiled @.c@ file.
-\CFA supports this pattern for generic types, but the caller does not know the actual layout or size of the dynamic generic-type, and only holds it by a pointer.
-The \CFA translator automatically generates \emph{layout functions} for cases where the size, alignment, and offset array of a generic struct cannot be passed into a function from that function's caller.
-These layout functions take as arguments pointers to size and alignment variables and a caller-allocated array of member offsets, as well as the size and alignment of all @sized@ parameters to the generic structure (un@sized@ parameters are forbidden from being used in a context that affects layout).
-Results of these layout functions are cached so that they are only computed once per type per function. %, as in the example below for @pair@.
+\subsection{Dynamic Generic Types}
+
+Though \CFA implements concrete generic types efficiently, it also has a fully general system for computing with dynamic generic types. As mentioned in Section~\ref{sec:poly-fns}, @otype@ function parameters (in fact all @sized@ polymorphic parameters) come with implicit size and alignment parameters provided by the caller. Dynamic generic structs also have implicit size and alignment parameters, and also an \emph{offset array} which contains the offsets of each member of the struct\footnote{Dynamic generic unions need no such offset array, as all members are at offset 0; the size and alignment parameters are still provided for dynamic unions, however.}. Access to members\footnote{The \lstinline@offsetof@ macro is implemented similarly.} of a dynamic generic struct is provided by adding the corresponding member of the offset array to the struct pointer at runtime, essentially moving a compile-time offset calculation to runtime where necessary.
+
+These offset arrays are statically generated where possible. If a dynamic generic type is declared to be passed or returned by value from a polymorphic function, the translator can safely assume that the generic type is complete (that is, has a known layout) at any call-site, and the offset array is passed from the caller; if the generic type is concrete at the call site the elements of this offset array can even be statically generated using the C @offsetof@ macro. As an example, @p.second@ in the @value@ function above is implemented as @*(p + _offsetof_pair[1])@, where @p@ is a @void*@, and @_offsetof_pair@ is the offset array passed in to @value@ for @pair(const char*, T)@. The offset array @_offsetof_pair@ is generated at the call site as @size_t _offsetof_pair[] = { offsetof(_pair_conc1, first), offsetof(_pair_conc1, second) };@.
+
+In some cases the offset arrays cannot be statically generated. For instance, modularity is generally provided in C by including an opaque forward-declaration of a struct and associated accessor and mutator routines in a header file, with the actual implementations in a separately-compiled \texttt{.c} file. \CFA supports this pattern for generic types, and in this instance the caller does not know the actual layout or size of the dynamic generic type, and only holds it by pointer. The \CFA translator automatically generates \emph{layout functions} for cases where the size, alignment, and offset array of a generic struct cannot be passed in to a function from that function's caller. These layout functions take as arguments pointers to size and alignment variables and a caller-allocated array of member offsets, as well as the size and alignment of all @sized@ parameters to the generic struct (un-@sized@ parameters are forbidden from the language from being used in a context that affects layout). Results of these layout functions are cached so that they are only computed once per type per function.%, as in the example below for @pair@.
 % \begin{lstlisting}
 % static inline void _layoutof_pair(size_t* _szeof_pair, size_t* _alignof_pair, size_t* _offsetof_pair,
@@ -438 +403 @@
 %     *_szeof_pair = 0; // default values
 %     *_alignof_pair = 1;
-%
+
 %       // add offset, size, and alignment of first field
 %     _offsetof_pair[0] = *_szeof_pair;
 %     *_szeof_pair += _szeof_R;
 %     if ( *_alignof_pair < _alignof_R ) *_alignof_pair = _alignof_R;
-%
+
 %       // padding, offset, size, and alignment of second field
 %     if ( *_szeof_pair & (_alignof_S - 1) )
@@ -450 +415 @@
 %     *_szeof_pair += _szeof_S;
 %     if ( *_alignof_pair < _alignof_S ) *_alignof_pair = _alignof_S;
-%
+
 %       // pad to struct alignment
 %     if ( *_szeof_pair & (*_alignof_pair - 1) )
@@ -456 +421 @@
 % }
 % \end{lstlisting}
-Layout functions also allow generic types to be used in a function definition without reflecting them in the function signature.
-For instance, a function that strips duplicate values from an unsorted @vector(T)@ would likely have a pointer to the vector as its only explicit parameter, but use some sort of @set(T)@ internally to test for duplicate values.
-This function could acquire the layout for @set(T)@ by calling its layout function with the layout of @T@ implicitly passed into the function.
-
-Whether a type is concrete, dtype-static, or dynamic is decided solely on the type parameters and @forall@ clause on a declaration.
-This design allows opaque forward declarations of generic types, \eg @forall(otype T) struct Box@ -- like in C, all uses of @Box(T)@ can be separately compiled, and callers from other translation units know the proper calling conventions to use.
-If the definition of a structure type is included in deciding whether a generic type is dynamic or concrete, some further types may be recognized as dtype-static (\eg @forall(otype T) struct unique_ptr { T* p }@ does not depend on @T@ for its layout, but the existence of an @otype@ parameter means that it \emph{could}.), but preserving separate compilation (and the associated C compatibility) in the existing design is judged to be an appropriate trade-off.
-
+
+Layout functions also allow generic types to be used in a function definition without reflecting them in the function signature. For instance, a function that strips duplicate values from an unsorted @vector(T)@ would likely have a pointer to the vector as its only explicit parameter, but use some sort of @set(T)@ internally to test for duplicate values. This function could acquire the layout for @set(T)@ by calling its layout function with the layout of @T@ implicitly passed into the function.
+
+Whether a type is concrete, dtype-static, or dynamic is decided based solely on the type parameters and @forall@ clause on the struct declaration. This design allows opaque forward declarations of generic types like @forall(otype T) struct Box;@ -- like in C, all uses of @Box(T)@ can be in a separately compiled translation unit, and callers from other translation units know the proper calling conventions to use. If the definition of a struct type was included in the decision of whether a generic type is dynamic or concrete, some further types may be recognized as dtype-static (\eg @forall(otype T) struct unique_ptr { T* p };@ does not depend on @T@ for its layout, but the existence of an @otype@ parameter means that it \emph{could}.), but preserving separate compilation (and the associated C compatibility) in the existing design is judged to be an appropriate trade-off.
 
 \subsection{Applications}
 \label{sec:generic-apps}
 
-The reuse of dtype-static structure instantiations enables useful programming patterns at zero runtime cost. The most important such pattern is using @forall(dtype T) T *@ as a type-checked replacement for @void *@, \eg creating a lexicographic comparison for pairs of pointers used by @bsearch@ or @qsort@:
-\begin{lstlisting}
-forall(dtype T) int lexcmp( pair( T *, T * ) * a, pair( T *, T * ) * b, int (* cmp)( T *, T * ) ) {
-        return cmp( a->first, b->first ) ? : cmp( a->second, b->second );
-}
-\end{lstlisting}
-%       int c = cmp( a->first, b->first );
-%       if ( c == 0 ) c = cmp( a->second, b->second );
-%       return c;
-Since @pair(T *, T * )@ is a concrete type, there are no implicit parameters passed to @lexcmp@, so the generated code is identical to a function written in standard C using @void *@, yet the \CFA version is type-checked to ensure the fields of both pairs and the arguments to the comparison function match in type.
-
-Another useful pattern enabled by reused dtype-static type instantiations is zero-cost \emph{tag-structures}.
-Sometimes information is only used for type-checking and can be omitted at runtime, \eg:
+The reuse of dtype-static struct instantiations enables some useful programming patterns at zero runtime cost. The most important such pattern is using @forall(dtype T) T*@ as a type-checked replacement for @void*@, as in this example, which takes a @qsort@ or @bsearch@-compatible comparison routine and creates a similar lexicographic comparison for pairs of pointers:
+\begin{lstlisting}
+forall(dtype T)
+int lexcmp( pair(T*, T*)* a, pair(T*, T*)* b, int (*cmp)(T*, T*) ) {
+        int c = cmp(a->first, b->first);
+        if ( c == 0 ) c = cmp(a->second, b->second);
+        return c;
+}
+\end{lstlisting}
+Since @pair(T*, T*)@ is a concrete type, there are no added implicit parameters to @lexcmp@, so the code generated by \CFA is effectively identical to a version of this function written in standard C using @void*@, yet the \CFA version is type-checked to ensure that the fields of both pairs and the arguments to the comparison function match in type.
+
+Another useful pattern enabled by reused dtype-static type instantiations is zero-cost ``tag'' structs. Sometimes a particular bit of information is only useful for type-checking, and can be omitted at runtime. Tag structs can be used to provide this information to the compiler without further runtime overhead, as in the following example:
 \begin{lstlisting}
 forall(dtype Unit) struct scalar { unsigned long value; };
+
 struct metres {};
 struct litres {};
 
-forall(dtype U) scalar(U) ?+?( scalar(U) a, scalar(U) b ) {
+forall(dtype U)
+scalar(U) ?+?(scalar(U) a, scalar(U) b) {
         return (scalar(U)){ a.value + b.value };
 }
+
 scalar(metres) half_marathon = { 21093 };
 scalar(litres) swimming_pool = { 2500000 };
+
 scalar(metres) marathon = half_marathon + half_marathon;
 scalar(litres) two_pools = swimming_pool + swimming_pool;
-marathon + swimming_pool;                       $\C{// compilation ERROR}$
-\end{lstlisting}
-@scalar@ is a dtype-static type, so all uses have a single structure definition, containing @unsigned long@, and can share the same implementations of common functions like @?+?@.
-These implementations may even be separately compiled, unlike \CC template functions.
-However, the \CFA type-checker ensures matching types are used by all calls to @?+?@, preventing nonsensical computations like adding a length to a volume.
+marathon + swimming_pool; // ERROR -- caught by compiler
+\end{lstlisting}
+@scalar@ is a dtype-static type, so all uses of it use a single struct definition, containing only a single @unsigned long@, and can share the same implementations of common routines like @?+?@ -- these implementations may even be separately compiled, unlike \CC template functions. However, the \CFA type-checker ensures that matching types are used by all calls to @?+?@, preventing nonsensical computations like adding the length of a marathon to the volume of an olympic pool.
 
 \section{Tuples}
@@ -504 +466 @@
 The @pair(R, S)@ generic type used as an example in the previous section can be considered a special case of a more general \emph{tuple} data structure. The authors have implemented tuples in \CFA, with a design particularly motivated by two use cases: \emph{multiple-return-value functions} and \emph{variadic functions}.
 
-In standard C, functions can return at most one value. This restriction results in code that emulates functions with multiple return values by \emph{aggregation} or by \emph{aliasing}. In the former situation, the function designer creates a record type that combines all of the return values into a single type. Unfortunately, the designer must come up with a name for the return type and for each of its fields. Unnecessary naming is a common programming language issue, introducing verbosity and a complication of the user's mental model. As such, this technique is effective when used sparingly, but can quickly get out of hand if many functions need to return different combinations of types. In the latter approach, the designer simulates multiple return values by passing the additional return values as pointer parameters. The pointer parameters are assigned inside of the function body to emulate a return. Using this approach, the caller is directly responsible for allocating storage for the additional temporary return values. This responsibility complicates the call site with a sequence of variable declarations leading up to the call. Also, while a disciplined use of @const@ can give clues about whether a pointer parameter is going to be used as an out parameter, it is not immediately obvious from only the function signature whether the callee expects such a parameter to be initialized before the call. Furthermore, while many C functions that accept pointers are designed so that it is safe to pass @NULL@ as a parameter, there are many C functions that are not null-safe. On a related note, C does not provide a standard mechanism to state that a parameter is going to be used as an additional return value, which makes the job of ensuring that a value is returned more difficult for the compiler.
+In standard C, functions can return at most one value. This restriction results in code that emulates functions with multiple return values by \emph{aggregation} or by \emph{aliasing}. In the former situation, the function designer creates a record type that combines all of the return values into a single type. Unfortunately, the designer must come up with a name for the return type and for each of its fields. Unnecessary naming is a common programming language issue, introducing verbosity and a complication of the user's mental model. As such, this technique is effective when used sparingly, but can quickly get out of hand if many functions need to return different combinations of types. In the latter approach, the designer simulates multiple return values by passing the additional return values as pointer parameters. The pointer parameters are assigned inside of the routine body to emulate a return. Using this approach, the caller is directly responsible for allocating storage for the additional temporary return values. This responsibility complicates the call site with a sequence of variable declarations leading up to the call. Also, while a disciplined use of @const@ can give clues about whether a pointer parameter is going to be used as an out parameter, it is not immediately obvious from only the routine signature whether the callee expects such a parameter to be initialized before the call. Furthermore, while many C routines that accept pointers are designed so that it is safe to pass @NULL@ as a parameter, there are many C routines that are not null-safe. On a related note, C does not provide a standard mechanism to state that a parameter is going to be used as an additional return value, which makes the job of ensuring that a value is returned more difficult for the compiler.
 
 C does provide a mechanism for variadic functions through manipulation of @va_list@ objects, but it is notoriously type-unsafe. A variadic function is one that contains at least one parameter, followed by @...@ as the last token in the parameter list. In particular, some form of \emph{argument descriptor} is needed to inform the function of the number of arguments and their types, commonly a format string or counter parameter. It is important to note that both of these mechanisms are inherently redundant, because they require the user to specify information that the compiler knows explicitly. This required repetition is error prone, because it is easy for the user to add or remove arguments without updating the argument descriptor. In addition, C requires the programmer to hard code all of the possible expected types. As a result, it is cumbersome to write a variadic function that is open to extension. For example, consider a simple function that sums $N$ @int@s:
@@ -513 +475 @@
   int ret = 0;
   while(N) {
-        ret += va_arg(args, int);  // must specify type
-        N--;
+    ret += va_arg(args, int);  // must specify type
+    N--;
   }
   va_end(args);
@@ -527 +489 @@
 In practice, compilers can provide warnings to help mitigate some of the problems. For example, GCC provides the @format@ attribute to specify that a function uses a format string, which allows the compiler to perform some checks related to the standard format specifiers. Unfortunately, this attribute does not permit extensions to the format string syntax, so a programmer cannot extend it to warn for mismatches with custom types.
 
-
 \subsection{Tuple Expressions}
 
@@ -534 +495 @@
 \CFA allows declaration of \emph{tuple variables}, variables of tuple type. For example:
 \begin{lstlisting}
-[int, char] most_frequent(const char * );
+[int, char] most_frequent(const char*);
 
 const char* str = "hello, world!";
@@ -778 +739 @@
 Unlike C, it is not necessary to hard code the expected type. This code is naturally open to extension, in that any user-defined type with a @?+?@ operator is automatically able to be used with the @sum@ function. That is to say, the programmer who writes @sum@ does not need full program knowledge of every possible data type, unlike what is necessary to write an equivalent function using the standard C mechanisms. Summing arbitrary heterogeneous lists is possible with similar code by adding the appropriate type variables and addition operators.
 
-It is also possible to write a type-safe variadic print function which can replace @printf@:
+It is also possible to write a type-safe variadic print routine which can replace @printf@:
 \begin{lstlisting}
 struct S { int x, y; };
@@ -793 +754 @@
 print("s = ", (S){ 1, 2 }, "\n");
 \end{lstlisting}
-This example function showcases a variadic-template-like decomposition of the provided argument list. The individual @print@ functions allow printing a single element of a type. The polymorphic @print@ allows printing any list of types, as long as each individual type has a @print@ function. The individual print functions can be used to build up more complicated @print@ functions, such as for @S@, which is something that cannot be done with @printf@ in C.
+This example routine showcases a variadic-template-like decomposition of the provided argument list. The individual @print@ routines allow printing a single element of a type. The polymorphic @print@ allows printing any list of types, as long as each individual type has a @print@ function. The individual print functions can be used to build up more complicated @print@ routines, such as for @S@, which is something that cannot be done with @printf@ in C.
 
 It is also possible to use @ttype@ polymorphism to provide arbitrary argument forwarding functions. For example, it is possible to write @new@ as a library function:
@@ -832 +793 @@
   forall(dtype T0, dtype T1, dtype T2 | sized(T0) | sized(T1) | sized(T2))
   struct _tuple3 {  // generated before the first 3-tuple
-        T0 field_0;
-        T1 field_1;
-        T2 field_2;
+    T0 field_0;
+    T1 field_1;
+    T2 field_2;
   };
   _tuple3_(int, double, int) y;

doc/rob_thesis/cfa-format.tex

@@ -131 +131 @@
   style=defaultStyle
 }
-\lstMakeShortInline[basewidth=0.5em,breaklines=true,basicstyle=\normalsize\ttfamily\color{basicCol}]@  % single-character for \lstinline
+\lstMakeShortInline[basewidth=0.5em,breaklines=true]@  % single-character for \lstinline
 
 \lstnewenvironment{cfacode}[1][]{

doc/rob_thesis/conclusions.tex

@@ -45 +45 @@
 
 A caveat of this approach is that the @cleanup@ attribute only permits a name that refers to a function that consumes a single argument of type @T *@ for a variable of type @T@.
-This means that any destructor that consumes multiple arguments (\eg, because it is polymorphic) or any destructor that is a function pointer (\eg, because it is an assertion parameter) must be called through a local thunk.
+This means that any destructor that consumes multiple arguments (e.g., because it is polymorphic) or any destructor that is a function pointer (e.g., because it is an assertion parameter) must be called through a local thunk.
 For example,
 \begin{cfacode}

doc/rob_thesis/ctordtor.tex

@@ -7 +7 @@
 
 Since \CFA is a true systems language, it does not provide a garbage collector.
-As well, \CFA is not an object-oriented programming language, \ie, structures cannot have routine members.
+As well, \CFA is not an object-oriented programming language, i.e., structures cannot have routine members.
 Nevertheless, one important goal is to reduce programming complexity and increase safety.
 To that end, \CFA provides support for implicit pre/post-execution of routines for objects, via constructors and destructors.
@@ -30 +30 @@
 Next, @x@ is assigned the value of @y@.
 In the last line, @z@ is implicitly initialized to 0 since it is marked @static@.
-The key difference between assignment and initialization being that assignment occurs on a live object (\ie, an object that contains data).
+The key difference between assignment and initialization being that assignment occurs on a live object (i.e., an object that contains data).
 It is important to note that this means @x@ could have been used uninitialized prior to being assigned, while @y@ could not be used uninitialized.
 Use of uninitialized variables yields undefined behaviour, which is a common source of errors in C programs.
@@ -79 +79 @@
 
 In \CFA, a constructor is a function with the name @?{}@.
-Like other operators in \CFA, the name represents the syntax used to call the constructor, \eg, @struct S = { ... };@.
+Like other operators in \CFA, the name represents the syntax used to call the constructor, e.g., @struct S = { ... };@.
 Every constructor must have a return type of @void@ and at least one parameter, the first of which is colloquially referred to as the \emph{this} parameter, as in many object-oriented programming-languages (however, a programmer can give it an arbitrary name).
 The @this@ parameter must have a pointer type, whose base type is the type of object that the function constructs.
@@ -114 +114 @@
 In other words, a default constructor is a constructor that takes a single argument: the @this@ parameter.
 
-In \CFA, a destructor is a function much like a constructor, except that its name is \lstinline!^?{}! and it takes only one argument.
-A destructor for the @Array@ type can be defined as:
+In \CFA, a destructor is a function much like a constructor, except that its name is \lstinline!^?{}! and it take only one argument.
+A destructor for the @Array@ type can be defined as such.
 \begin{cfacode}
 void ^?{}(Array * arr) {
@@ -167 +167 @@
 }
 \end{cfacode}
-
 In \CFA, constructors are called implicitly in initialization contexts.
 \begin{cfacode}
 Array x, y = { 20, 0xdeadbeef }, z = y;
 \end{cfacode}
-Constructor calls look just like C initializers, which allows them to be inserted into legacy C code with minimal code changes, and also provides a very simple syntax that veteran C programmers are familiar with.
-One downside of reusing C initialization syntax is that it is not possible to determine whether an object is constructed just by looking at its declaration, since that requires knowledge of whether the type is managed at that point in the program.
+
+In \CFA, constructor calls look just like C initializers, which allows them to be inserted into legacy C code with minimal code changes, and also provides a very simple syntax that veteran C programmers are familiar with.
+One downside of reusing C initialization syntax is that it isn't possible to determine whether an object is constructed just by looking at its declaration, since that requires knowledge of whether the type is managed at that point.
 
 This example generates the following code
@@ -246 +246 @@
 \end{cfacode}
 Finally, constructors and destructors support \emph{operator syntax}.
-Like other operators in \CFA, the function name mirrors the use-case, in that the question marks are placeholders for the first $N$ arguments.
+Like other operators in \CFA, the function name mirrors the use-case, in that the first $N$ arguments fill in the place of the question mark.
 This syntactic form is similar to the new initialization syntax in \CCeleven, except that it is used in expression contexts, rather than declaration contexts.
 \begin{cfacode}
@@ -272 +272 @@
 Like other operators, the function name @?{}@ matches its operator syntax.
 For example, @(&x){}@ calls the default constructor on the variable @x@, and produces @&x@ as a result.
-A key example for this capability is the use of constructor expressions to initialize the result of a call to @malloc@.
+A key example for this capability is the use of constructor expressions to initialize the result of a call to standard C routine @malloc@.
 \begin{cfacode}
 struct X { ... };
 void ?{}(X *, double);
-X * x = malloc(){ 1.5 };
+X * x = malloc(sizeof(X)){ 1.5 };
 \end{cfacode}
 In this example, @malloc@ dynamically allocates storage and initializes it using a constructor, all before assigning it into the variable @x@.
 If this extension is not present, constructing dynamically allocated objects is much more cumbersome, requiring separate initialization of the pointer and initialization of the pointed-to memory.
 \begin{cfacode}
-X * x = malloc();
+X * x = malloc(sizeof(X));
 x{ 1.5 };
 \end{cfacode}
@@ -291 +291 @@
 struct X *_tmp_ctor;
 struct X *x = ?{}(  // construct result of malloc
-  _tmp_ctor=malloc_T(sizeof(struct X), _Alignof(struct X)), // store result of malloc
+  _tmp_ctor=malloc(sizeof(struct X)), // store result of malloc
   1.5
 ), _tmp_ctor; // produce constructed result of malloc
@@ -297 +297 @@
 It should be noted that this technique is not exclusive to @malloc@, and allows a user to write a custom allocator that can be idiomatically used in much the same way as a constructed @malloc@ call.
 
-It should be noted that while it is possible to use operator syntax with destructors, destructors invalidate their argument, thus operator syntax with destructors is a statement and does not produce a value.
+It is also possible to use operator syntax with destructors.
+Unlike constructors, operator syntax with destructors is a statement and thus does not produce a value, since the destructed object is invalidated by the use of a destructor.
+For example, \lstinline!^(&x){}! calls the destructor on the variable @x@.
 
 \subsection{Function Generation}
@@ -374 +376 @@
 The field constructors are constructors that consume a prefix of the structure's member-list.
 That is, $N$ constructors are built of the form @void ?{}(S *, T$_{\text{M}_0}$)@, @void ?{}(S *, T$_{\text{M}_0}$, T$_{\text{M}_1}$)@, ..., @void ?{}(S *, T$_{\text{M}_0}$, T$_{\text{M}_1}$, ..., T$_{\text{M}_{N-1}}$)@, where members are copy constructed if they have a corresponding positional argument and are default constructed otherwise.
-The addition of field constructors allows structures in \CFA to be used naturally in the same ways as used in C (\ie, to initialize any prefix of the structure), \eg, @A a0 = { b }, a1 = { b, c }@.
+The addition of field constructors allows structures in \CFA to be used naturally in the same ways as used in C (i.e., to initialize any prefix of the structure), e.g., @A a0 = { b }, a1 = { b, c }@.
 Extending the previous example, the following constructors are implicitly generated for @A@.
 \begin{cfacode}
@@ -427 +429 @@
 
 \subsection{Using Constructors and Destructors}
-Implicitly generated constructor and destructor calls ignore the outermost type qualifiers, \eg @const@ and @volatile@, on a type by way of a cast on the first argument to the function.
+Implicitly generated constructor and destructor calls ignore the outermost type qualifiers, e.g. @const@ and @volatile@, on a type by way of a cast on the first argument to the function.
 For example,
 \begin{cfacode}
@@ -446 +448 @@
 Here, @&s@ and @&s2@ are cast to unqualified pointer types.
 This mechanism allows the same constructors and destructors to be used for qualified objects as for unqualified objects.
-This rule applies only to implicitly generated constructor calls.
+This applies only to implicitly generated constructor calls.
 Hence, explicitly re-initializing qualified objects with a constructor requires an explicit cast.
 
@@ -487 +489 @@
 Instead, @a2->x@ is initialized to @0@ as if it were a C object, because of the explicit initializer.
 
-In addition to freedom, \ateq provides a simple path for migrating legacy C code to \CFA, in that objects can be moved from C-style initialization to \CFA gradually and individually.
+In addition to freedom, \ateq provides a simple path to migrating legacy C code to \CFA, in that objects can be moved from C-style initialization to \CFA gradually and individually.
 It is worth noting that the use of unmanaged objects can be tricky to get right, since there is no guarantee that the proper invariants are established on an unmanaged object.
 It is recommended that most objects be managed by sensible constructors and destructors, except where absolutely necessary.
@@ -501 +503 @@
   {
     void ?{}(S * s, int i) { s->x = i*2; } // locally hide autogen constructors
-    S s4;  // error, no default constructor
-    S s5 = { 3 };  // okay, local constructor
-    S s6 = { 4, 5 };  // error, no field constructor
+    S s4;  // error
+    S s5 = { 3 };  // okay
+    S s6 = { 4, 5 };  // error
     S s7 = s5; // okay
   }
@@ -511 +513 @@
 In this example, the inner scope declares a constructor from @int@ to @S@, which hides the default constructor and field constructors until the end of the scope.
 
-When defining a constructor or destructor for a structure @S@, any members that are not explicitly constructed or destructed are implicitly constructed or destructed automatically.
+When defining a constructor or destructor for a struct @S@, any members that are not explicitly constructed or destructed are implicitly constructed or destructed automatically.
 If an explicit call is present, then that call is taken in preference to any implicitly generated call.
 A consequence of this rule is that it is possible, unlike \CC, to precisely control the order of construction and destruction of sub-objects on a per-constructor basis, whereas in \CC sub-object initialization and destruction is always performed based on the declaration order.
@@ -595 +597 @@
 In practice, however, there could be many objects that can be constructed from a given @int@ (or, indeed, any arbitrary parameter list), and thus a complete solution to this problem would require fully exploring all possibilities.
 
-More precisely, constructor calls cannot have a nesting depth greater than the number of array dimensions in the type of the initialized object, plus one.
+More precisely, constructor calls cannot have a nesting depth greater than the number of array components in the type of the initialized object, plus one.
 For example,
 \begin{cfacode}
@@ -607 +609 @@
   { {14 }, { 15 } }   // a2[1]
 };
-A a3[4] = { // 1 dimension => max depth 2
-  { { 11 }, { 12 } },  // error, three levels deep
+A a3[4] = {
+  { { 11 }, { 12 } },  // error
   { 80 }, { 90 }, { 100 }
 }
@@ -620 +622 @@
 \label{sub:implicit_dtor}
 Destructors are automatically called at the end of the block in which the object is declared.
-In addition to this, destructors are automatically called when statements manipulate control flow to leave a block in which the object is declared, \eg, with return, break, continue, and goto statements.
+In addition to this, destructors are automatically called when statements manipulate control flow to leave a block in which the object is declared, e.g., with return, break, continue, and goto statements.
 The example below demonstrates a simple routine with multiple return statements.
 \begin{cfacode}
@@ -745 +747 @@
 Exempt from these rules are intrinsic and built-in functions.
 It should be noted that unmanaged objects are subject to copy constructor calls when passed as arguments to a function or when returned from a function, since they are not the \emph{target} of the copy constructor call.
-That is, since the parameter is not marked as an unmanaged object using \ateq, it is be copy constructed if it is returned by value or passed as an argument to another function, so to guarantee consistent behaviour, unmanaged objects must be copy constructed when passed as arguments.
-These semantics are important to bear in mind when using unmanaged objects, and could produce unexpected results when mixed with objects that are explicitly constructed.
+That is, since the parameter is not marked as an unmanaged object using \ateq, it will be copy constructed if it is returned by value or passed as an argument to another function, so to guarantee consistent behaviour, unmanaged objects must be copy constructed when passed as arguments.
+This is an important detail to bear in mind when using unmanaged objects, and could produce unexpected results when mixed with objects that are explicitly constructed.
 \begin{cfacode}
 struct A;
@@ -761 +763 @@
 identity(z);  // copy construct z into x
 \end{cfacode}
-Note that unmanaged argument @z@ is logically copy constructed into managed parameter @x@; however, the translator must copy construct into a temporary variable to be passed as an argument, which is also destructed after the call.
-A compiler could by-pass the argument temporaries since it is in control of the calling conventions and knows exactly where the called-function's parameters live.
+Note that @z@ is copy constructed into a temporary variable to be passed as an argument, which is also destructed after the call.
 
 This generates the following
@@ -858 +859 @@
 This transformation provides @f@ with the address of the return variable so that it can be constructed into directly.
 It is worth pointing out that this kind of signature rewriting already occurs in polymorphic functions that return by value, as discussed in \cite{Bilson03}.
-A key difference in this case is that every function would need to be rewritten like this, since types can switch between managed and unmanaged at different scope levels, \eg
+A key difference in this case is that every function would need to be rewritten like this, since types can switch between managed and unmanaged at different scope levels, e.g.
 \begin{cfacode}
 struct A { int v; };
@@ -873 +874 @@
 Furthermore, it is not possible to overload C functions, so using @extern "C"@ to declare functions is of limited use.
 
-It would be possible to regain some control by adding an attribute to structures that specifies whether they can be managed or not (perhaps \emph{manageable} or \emph{unmanageable}), and to emit an error in the case that a constructor or destructor is declared for an unmanageable type.
-Ideally, structures should be manageable by default, since otherwise the default case becomes more verbose.
+It would be possible to regain some control by adding an attribute to structs that specifies whether they can be managed or not (perhaps \emph{manageable} or \emph{unmanageable}), and to emit an error in the case that a constructor or destructor is declared for an unmanageable type.
+Ideally, structs should be manageable by default, since otherwise the default case becomes more verbose.
 This means that in general, function signatures would have to be rewritten, and in a select few cases the signatures would not be rewritten.
 \begin{cfacode}
@@ -885 +886 @@
 C h();  // rewritten void h(C *);
 \end{cfacode}
-An alternative is to make the attribute \emph{identifiable}, which states that objects of this type use the @this@ parameter as an identity.
+An alternative is to instead make the attribute \emph{identifiable}, which states that objects of this type use the @this@ parameter as an identity.
 This strikes more closely to the visible problem, in that only types marked as identifiable would need to have the return value moved into the parameter list, and every other type could remain the same.
 Furthermore, no restrictions would need to be placed on whether objects can be constructed.
@@ -1014 +1015 @@
 
 \subsection{Global Initialization}
-In standard C, global variables can only be initialized to compile-time constant expressions, which places strict limitations on the programmer's ability to control the default values of objects.
+In standard C, global variables can only be initialized to compile-time constant expressions.
+This places strict limitations on the programmer's ability to control the default values of objects.
 In \CFA, constructors and destructors are guaranteed to be run on global objects, allowing arbitrary code to be run before and after the execution of the main routine.
 By default, objects within a translation unit are constructed in declaration order, and destructed in the reverse order.
 The default order of construction of objects amongst translation units is unspecified.
-It is, however, guaranteed that any global objects in the standard library are initialized prior to the initialization of any object in a user program.
+It is, however, guaranteed that any global objects in the standard library are initialized prior to the initialization of any object in the user program.
 
 This feature is implemented in the \CFA translator by grouping every global constructor call into a function with the GCC attribute \emph{constructor}, which performs most of the heavy lifting \cite[6.31.1]{GCCExtensions}.
@@ -1051 +1053 @@
 %   https://gcc.gnu.org/onlinedocs/gcc/C_002b_002b-Attributes.html#C_002b_002b-Attributes
 % suggestion: implement this in CFA by picking objects with a specified priority and pulling them into their own init functions (could even group them by priority level -> map<int, list<ObjectDecl*>>) and pull init_priority forward into constructor and destructor attributes with the same priority level
-GCC provides an attribute @init_priority@ in \CC, which allows specifying the relative priority for initialization of global objects on a per-object basis.
+GCC provides an attribute @init_priority@, which allows specifying the relative priority for initialization of global objects on a per-object basis in \CC.
 A similar attribute can be implemented in \CFA by pulling marked objects into global constructor/destructor-attribute functions with the specified priority.
 For example,
@@ -1074 +1076 @@
 In standard C, it is possible to mark variables that are local to a function with the @static@ storage class.
 Unlike normal local variables, a @static@ local variable is defined to live for the entire duration of the program, so that each call to the function has access to the same variable with the same address and value as it had in the previous call to the function.
-Much like global variables, @static@ variables can only be initialized to a \emph{compile-time constant value} so that a compiler is able to create storage for the variable and initialize it at compile-time.
+Much like global variables, in C @static@ variables can only be initialized to a \emph{compile-time constant value} so that a compiler is able to create storage for the variable and initialize it at compile-time.
 
 Yet again, this rule is too restrictive for a language with constructors and destructors.
-Since the initializer expression is not necessarily a compile-time constant and can depend on the current execution state of the function, \CFA modifies the definition of a @static@ local variable so that objects are guaranteed to be live from the time control flow reaches their declaration, until the end of the program.
-Since standard C does not allow access to a @static@ local variable before the first time control flow reaches the declaration, this change does not preclude any valid C code.
+Instead, \CFA modifies the definition of a @static@ local variable so that objects are guaranteed to be live from the time control flow reaches their declaration, until the end of the program, since the initializer expression is not necessarily a compile-time constant, but can depend on the current execution state of the function.
+Since standard C does not allow access to a @static@ local variable before the first time control flow reaches the declaration, this restriction does not preclude any valid C code.
 Local objects with @static@ storage class are only implicitly constructed and destructed once for the duration of the program.
 The object is constructed when its declaration is reached for the first time.
@@ -1088 +1090 @@
 Since the parameter to @atexit@ is a parameter-less function, some additional tweaking is required.
 First, the @static@ variable must be hoisted up to global scope and uniquely renamed to prevent name clashes with other global objects.
-If necessary, a local structure may need to be hoisted, as well.
-Second, a function is built that calls the destructor for the newly hoisted variable.
+Second, a function is built which calls the destructor for the newly hoisted variable.
 Finally, the newly generated function is registered with @atexit@, instead of registering the destructor directly.
 Since @atexit@ calls functions in the reverse order in which they are registered, @static@ local variables are guaranteed to be destructed in the reverse order that they are constructed, which may differ between multiple executions of the same program.
@@ -1155 +1156 @@
 void f(T);
 \end{cfacode}
-This allows easily specifying constraints that are common to all complete object-types very simply.
-
-Now that \CFA has constructors and destructors, more of a complete object's behaviour can be specified than was previously possible.
+This allows easily specifying constraints that are common to all complete object types very simply.
+
+Now that \CFA has constructors and destructors, more of a complete object's behaviour can be specified by than was previously possible.
 As such, @otype@ has been augmented to include assertions for a default constructor, copy constructor, and destructor.
 That is, the previous example is now equivalent to
 \begin{cfacode}
-forall(dtype T | sized(T) |
-  { T ?=?(T *, T); void ?{}(T *); void ?{}(T *, T); void ^?{}(T *); })
+forall(dtype T | sized(T) | { T ?=?(T *, T); void ?{}(T *); void ?{}(T *, T); void ^?{}(T *); })
 void f(T);
 \end{cfacode}
-These additions allow @f@'s body to create and destroy objects of type @T@, and pass objects of type @T@ as arguments to other functions, following the normal \CFA rules.
-A point of note here is that objects can be missing default constructors (and eventually other functions through deleted functions), so it is important for \CFA programmers to think carefully about the operations needed by their function, as to not over-constrain the acceptable parameter types and prevent potential reuse.
+This allows @f@'s body to create and destroy objects of type @T@, and pass objects of type @T@ as arguments to other functions, following the normal \CFA rules.
+A point of note here is that objects can be missing default constructors (and eventually other functions through deleted functions), so it is important for \CFA programmers to think carefully about the operations needed by their function, as to not over-constrain the acceptable parameter types.

doc/rob_thesis/intro.tex

@@ -16 +16 @@
 Therefore, these design principles must be kept in mind throughout the design and development of new language features.
 In order to appeal to existing C programmers, great care must be taken to ensure that new features naturally feel like C.
-These goals ensure existing C code-bases can be converted to \CFA incrementally with minimal effort, and C programmers can productively generate \CFA code without training beyond the features being used.
-Unfortunately, \CC is actively diverging from C, so incremental additions require significant effort and training, coupled with multiple legacy design-choices that cannot be updated.
-
 The remainder of this section describes some of the important new features that currently exist in \CFA, to give the reader the necessary context in which the new features presented in this thesis must dovetail.
 
@@ -56 +53 @@
 \end{cfacode}
 Compound literals create an unnamed object, and result in an lvalue, so it is legal to assign a value into a compound literal or to take its address \cite[p.~86]{C11}.
-Syntactically, compound literals look like a cast operator followed by a brace-enclosed initializer, but semantically are different from a C cast, which only applies basic conversions and coercions and is never an lvalue.
+Syntactically, compound literals look like a cast operator followed by a brace-enclosed initializer, but semantically are different from a C cast, which only applies basic conversions and is never an lvalue.
 
 \subsection{Overloading}
@@ -62 +59 @@
 Overloading is the ability to specify multiple entities with the same name.
 The most common form of overloading is function overloading, wherein multiple functions can be defined with the same name, but with different signatures.
-C provides a small amount of built-in overloading, \eg + is overloaded for the basic types.
-Like in \CC, \CFA allows user-defined overloading based both on the number of parameters and on the types of parameters.
+Like in \CC, \CFA allows overloading based both on the number of parameters and on the types of parameters.
   \begin{cfacode}
   void f(void);  // (1)
@@ -96 +92 @@
 There are times when a function should logically return multiple values.
 Since a function in standard C can only return a single value, a programmer must either take in additional return values by address, or the function's designer must create a wrapper structure to package multiple return-values.
-For example, the first approach:
 \begin{cfacode}
 int f(int * ret) {        // returns a value through parameter ret
@@ -106 +101 @@
 int res1 = g(&res2);      // explicitly pass storage
 \end{cfacode}
-is awkward because it requires the caller to explicitly allocate memory for $n$ result variables, even if they are only temporary values used as a subexpression, or even not used at all.
-The second approach:
+The former solution is awkward because it requires the caller to explicitly allocate memory for $n$ result variables, even if they are only temporary values used as a subexpression, or even not used at all.
+The latter approach:
 \begin{cfacode}
 struct A {
@@ -118 +113 @@
 ... res3.x ... res3.y ... // use result values
 \end{cfacode}
-is awkward because the caller has to either learn the field names of the structure or learn the names of helper routines to access the individual return values.
-Both approaches are syntactically unnatural.
+requires the caller to either learn the field names of the structure or learn the names of helper routines to access the individual return values.
+Both solutions are syntactically unnatural.
 
 In \CFA, it is possible to directly declare a function returning multiple values.
@@ -170 +165 @@
   \begin{cfacode}
   struct A { int i; };
-  int ?+?(A x, A y);    // '?'s represent operands
+  int ?+?(A x, A y);
   bool ?<?(A x, A y);
   \end{cfacode}
 Notably, the only difference is syntax.
 Most of the operators supported by \CC for operator overloading are also supported in \CFA.
-Of notable exception are the logical operators (\eg @||@), the sequence operator (\ie @,@), and the member-access operators (\eg @.@ and \lstinline{->}).
+Of notable exception are the logical operators (e.g. @||@), the sequence operator (i.e. @,@), and the member-access operators (e.g. @.@ and \lstinline{->}).
 
 Finally, \CFA also permits overloading variable identifiers.
@@ -248 +243 @@
   template<typename T>
   T sum(T *arr, int n) {
-    T t;  // default construct => 0
+    T t;
     for (; n > 0; n--) t += arr[n-1];
     return t;
@@ -266 +261 @@
   \end{cfacode}
 The first thing to note here is that immediately following the declaration of @otype T@ is a list of \emph{type assertions} that specify restrictions on acceptable choices of @T@.
-In particular, the assertions above specify that there must be an assignment from \zero to @T@ and an addition assignment operator from @T@ to @T@.
+In particular, the assertions above specify that there must be a an assignment from \zero to @T@ and an addition assignment operator from @T@ to @T@.
 The existence of an assignment operator from @T@ to @T@ and the ability to create an object of type @T@ are assumed implicitly by declaring @T@ with the @otype@ type-class.
 In addition to @otype@, there are currently two other type-classes.
@@ -286 +281 @@
 A major difference between the approaches of \CC and \CFA to polymorphism is that the set of assumed properties for a type is \emph{explicit} in \CFA.
 One of the major limiting factors of \CC's approach is that templates cannot be separately compiled.
-In contrast, the explicit nature of assertions allows \CFA's polymorphic functions to be separately compiled, as the function prototype states all necessary requirements separate from the implementation.
-For example, the prototype for the previous sum function is
-  \begin{cfacode}
-  forall(otype T | **R**{ T ?=?(T *, zero_t); T ?+=?(T *, T); }**R**)
-  T sum(T *arr, int n);
-  \end{cfacode}
-With this prototype, a caller in another translation unit knows all of the constraints on @T@, and thus knows all of the operations that need to be made available to @sum@.
+In contrast, the explicit nature of assertions allows \CFA's polymorphic functions to be separately compiled.
 
 In \CFA, a set of assertions can be factored into a \emph{trait}.
@@ -307 +296 @@
 This capability allows specifying the same set of assertions in multiple locations, without the repetition and likelihood of mistakes that come with manually writing them out for each function declaration.
 
-An interesting application of return-type resolution and polymorphism is a type-safe version of @malloc@.
+An interesting application of return-type resolution and polymorphism is with type-safe @malloc@.
 \begin{cfacode}
 forall(dtype T | sized(T))
@@ -327 +316 @@
 
 In object-oriented programming languages, type invariants are typically established in a constructor and maintained throughout the object's lifetime.
-These assertions are typically achieved through a combination of access-control modifiers and a restricted interface.
+These assertions are typically achieved through a combination of access control modifiers and a restricted interface.
 Typically, data which requires the maintenance of an invariant is hidden from external sources using the \emph{private} modifier, which restricts reads and writes to a select set of trusted routines, including member functions.
 It is these trusted routines that perform all modifications to internal data in a way that is consistent with the invariant, by ensuring that the invariant holds true at the end of the routine call.
@@ -399 +388 @@
 In other languages, a hybrid situation exists where resources escape the allocation block, but ownership is precisely controlled by the language.
 This pattern requires a strict interface and protocol for a data structure, consisting of a pre-initialization and a post-termination call, and all intervening access is done via interface routines.
-This kind of encapsulation is popular in object-oriented programming languages, and like the stack, it takes care of a significant portion of resource-management cases.
+This kind of encapsulation is popular in object-oriented programming languages, and like the stack, it takes care of a significant portion of resource management cases.
 
 For example, \CC directly supports this pattern through class types and an idiom known as RAII \footnote{Resource Acquisition is Initialization} by means of constructors and destructors.
@@ -410 +399 @@
 In the context of \CFA, a non-trivial constructor is either a user defined constructor or an auto-generated constructor that calls a non-trivial constructor.
 
-For the remaining resource ownership cases, a programmer must follow a brittle, explicit protocol for freeing resources or an implicit protocol enforced by the programming language.
+For the remaining resource ownership cases, programmer must follow a brittle, explicit protocol for freeing resources or an implicit protocol implemented via the programming language.
 
 In garbage collected languages, such as Java, resources are largely managed by the garbage collector.
-Still, garbage collectors typically focus only on memory management.
+Still, garbage collectors are typically focus only on memory management.
 There are many kinds of resources that the garbage collector does not understand, such as sockets, open files, and database connections.
 In particular, Java supports \emph{finalizers}, which are similar to destructors.
-Unfortunately, finalizers are only guaranteed to be called before an object is reclaimed by the garbage collector \cite[p.~373]{Java8}, which may not happen if memory use is not contentious.
+Sadly, finalizers are only guaranteed to be called before an object is reclaimed by the garbage collector \cite[p.~373]{Java8}, which may not happen if memory use is not contentious.
 Due to operating-system resource-limits, this is unacceptable for many long running programs.
 Instead, the paradigm in Java requires programmers to manually keep track of all resources \emph{except} memory, leading many novices and experts alike to forget to close files, etc.
@@ -461 +450 @@
 \end{javacode}
 Variables declared as part of a try-with-resources statement must conform to the @AutoClosable@ interface, and the compiler implicitly calls @close@ on each of the variables at the end of the block.
-Depending on when the exception is raised, both @out@ and @log@ are null, @log@ is null, or both are non-null, therefore, the cleanup for these variables at the end is automatically guarded and conditionally executed to prevent null-pointer exceptions.
+Depending on when the exception is raised, both @out@ and @log@ are null, @log@ is null, or both are non-null, therefore, the cleanup for these variables at the end is appropriately guarded and conditionally executed to prevent null-pointer exceptions.
 
 While Rust \cite{Rust} does not enforce the use of a garbage collector, it does provide a manual memory management environment, with a strict ownership model that automatically frees allocated memory and prevents common memory management errors.
@@ -497 +486 @@
 There is no runtime cost imposed on these restrictions, since they are enforced at compile-time.
 
-Rust provides RAII through the @Drop@ trait, allowing arbitrary code to execute when the object goes out of scope, providing automatic clean up of auxiliary resources, much like a \CC program.
+Rust provides RAII through the @Drop@ trait, allowing arbitrary code to execute when the object goes out of scope, allowing Rust programs to automatically clean up auxiliary resources much like a \CC program.
 \begin{rustcode}
 struct S {
@@ -504 +493 @@
 
 impl Drop for S {  // RAII for S
-  fn drop(&mut self) {  // destructor
+  fn drop(&mut self) {
     println!("dropped {}", self.name);
   }
@@ -569 +558 @@
 tuple<int, int, int> triple(10, 20, 30);
 auto & [t1, t2, t3] = triple;
-t2 = 0; // changes middle element of triple
+t2 = 0; // changes triple
 
 struct S { int x; double y; };
@@ -575 +564 @@
 auto [x, y] = s; // unpack s
 \end{cppcode}
-Structured bindings allow unpacking any structure with all public non-static data members into fresh local variables.
+Structured bindings allow unpacking any struct with all public non-static data members into fresh local variables.
 The use of @&@ allows declaring new variables as references, which is something that cannot be done with @std::tie@, since \CC references do not support rebinding.
 This extension requires the use of @auto@ to infer the types of the new variables, so complicated expressions with a non-obvious type must be documented with some other mechanism.
 Furthermore, structured bindings are not a full replacement for @std::tie@, as it always declares new variables.
 
-Like \CC, D provides tuples through a library variadic-template structure.
+Like \CC, D provides tuples through a library variadic template struct.
 In D, it is possible to name the fields of a tuple type, which creates a distinct type.
 % http://dlang.org/phobos/std_typecons.html
@@ -611 +600 @@
 \end{smlcode}
 Here, the function @binco@ appears to take 2 arguments, but it actually takes a single argument which is implicitly decomposed via pattern matching.
-Tuples are a foundational tool in SML, allowing the creation of arbitrarily-complex structured data-types.
+Tuples are a foundational tool in SML, allowing the creation of arbitrarily complex structured data types.
 
 Scala, like \CC, provides tuple types through the standard library \cite{Scala}.
@@ -664 +653 @@
 Since the variadic arguments are untyped, it is up to the function to interpret any data that is passed in.
 Additionally, the interface to manipulate @va_list@ objects is essentially limited to advancing to the next argument, without any built-in facility to determine when the last argument is read.
-This limitation requires the use of an \emph{argument descriptor} to pass information to the function about the structure of the argument list, including the number of arguments and their types.
+This requires the use of an \emph{argument descriptor} to pass information to the function about the structure of the argument list, including the number of arguments and their types.
 The format string in @printf@ is one such example of an argument descriptor.
 \begin{cfacode}

doc/rob_thesis/tuples.tex

@@ -70 +70 @@
 Furthermore, while many C routines that accept pointers are designed so that it is safe to pass @NULL@ as a parameter, there are many C routines that are not null-safe.
 On a related note, C does not provide a standard mechanism to state that a parameter is going to be used as an additional return value, which makes the job of ensuring that a value is returned more difficult for the compiler.
-Interestingly, there is a subtle bug in the previous example, in that @ret_ch@ is never assigned for a string that does not contain any letters, which can lead to undefined behaviour.
-In this particular case, it turns out that the frequency return value also doubles as an error code, where a frequency of 0 means the character return value should be ignored.
-Still, not every routine with multiple return values should be required to return an error code, and error codes are easily ignored, so this is not a satisfying solution.
+There is a subtle bug in the previous example, in that @ret_ch@ is never assigned for a string that does not contain any letters, which can lead to undefined behaviour.
 As with the previous approach, this technique can simulate multiple return values, but in practice it is verbose and error prone.
 
@@ -86 +84 @@
   char freqs [26] = { 0 };
   int ret_freq = 0;
-  char ret_ch = 'a';  // arbitrary default value for consistent results
+  char ret_ch = 'a';
   for (int i = 0; str[i] != '\0'; ++i) {
     if (isalpha(str[i])) {        // only count letters
@@ -100 +98 @@
 }
 \end{cfacode}
-This approach provides the benefits of compile-time checking for appropriate return statements as in aggregation, but without the required verbosity of declaring a new named type, which precludes the bug seen with out-parameters.
+This approach provides the benefits of compile-time checking for appropriate return statements as in aggregation, but without the required verbosity of declaring a new named type, which precludes the bug seen with out parameters.
 
 The addition of multiple-return-value functions necessitates a syntax for accepting multiple values at the call-site.
@@ -210 +208 @@
 For the call to @g@, the values @y@ and @10@ are structured into a single argument of type @[int, int]@ to match the type of the parameter of @g@.
 Finally, in the call to @h@, @y@ is flattened to yield an argument list of length 3, of which the first component of @x@ is passed as the first parameter of @h@, and the second component of @x@ and @y@ are structured into the second argument of type @[int, int]@.
-The flexible structure of tuples permits a simple and expressive function-call syntax to work seamlessly with both single- and multiple-return-value functions, and with any number of arguments of arbitrarily complex structure.
+The flexible structure of tuples permits a simple and expressive function call syntax to work seamlessly with both single- and multiple-return-value functions, and with any number of arguments of arbitrarily complex structure.
 
 In \KWC \cite{Buhr94a,Till89}, a precursor to \CFA, there were 4 tuple coercions: opening, closing, flattening, and structuring.
 Opening coerces a tuple value into a tuple of values, while closing converts a tuple of values into a single tuple value.
-Flattening coerces a nested tuple into a flat tuple, \ie it takes a tuple with tuple components and expands it into a tuple with only non-tuple components.
-Structuring moves in the opposite direction, \ie it takes a flat tuple value and provides structure by introducing nested tuple components.
+Flattening coerces a nested tuple into a flat tuple, i.e. it takes a tuple with tuple components and expands it into a tuple with only non-tuple components.
+Structuring moves in the opposite direction, i.e. it takes a flat tuple value and provides structure by introducing nested tuple components.
 
 In \CFA, the design has been simplified to require only the two conversions previously described, which trigger only in function call and return situations.
@@ -260 +258 @@
 A mass assignment assigns the value $R$ to each $L_i$.
 For a mass assignment to be valid, @?=?(&$L_i$, $R$)@ must be a well-typed expression.
-These semantics differ from C cascading assignment (\eg @a=b=c@) in that conversions are applied to $R$ in each individual assignment, which prevents data loss from the chain of conversions that can happen during a cascading assignment.
+These semantics differ from C cascading assignment (e.g. @a=b=c@) in that conversions are applied to $R$ in each individual assignment, which prevents data loss from the chain of conversions that can happen during a cascading assignment.
 For example, @[y, x] = 3.14@ performs the assignments @y = 3.14@ and @x = 3.14@, which results in the value @3.14@ in @y@ and the value @3@ in @x@.
 On the other hand, the C cascading assignment @y = x = 3.14@ performs the assignments @x = 3.14@ and @y = x@, which results in the value @3@ in @x@, and as a result the value @3@ in @y@ as well.
@@ -276 +274 @@
 These semantics allow cascading tuple assignment to work out naturally in any context where a tuple is permitted.
 These semantics are a change from the original tuple design in \KWC \cite{Till89}, wherein tuple assignment was a statement that allows cascading assignments as a special case.
-Restricting tuple assignment to statements was an attempt to to fix what was seen as a problem with side-effects, wherein assignment can be used in many different locations, such as in function-call argument position.
+Restricting tuple assignment to statements was an attempt to to fix what was seen as a problem with assignment, wherein it can be used in many different locations, such as in function-call argument position.
 While permitting assignment as an expression does introduce the potential for subtle complexities, it is impossible to remove assignment expressions from \CFA without affecting backwards compatibility.
 Furthermore, there are situations where permitting assignment as an expression improves readability by keeping code succinct and reducing repetition, and complicating the definition of tuple assignment puts a greater cognitive burden on the user.
@@ -291 +289 @@
 \end{cfacode}
 The tuple expression begins with a mass assignment of @1.5@ into @[b, d]@, which assigns @1.5@ into @b@, which is truncated to @1@, and @1.5@ into @d@, producing the tuple @[1, 1.5]@ as a result.
-That tuple is used as the right side of the multiple assignment (\ie, @[c, a] = [1, 1.5]@) that assigns @1@ into @c@ and @1.5@ into @a@, which is truncated to @1@, producing the result @[1, 1]@.
+That tuple is used as the right side of the multiple assignment (i.e., @[c, a] = [1, 1.5]@) that assigns @1@ into @c@ and @1.5@ into @a@, which is truncated to @1@, producing the result @[1, 1]@.
 Finally, the tuple @[1, 1]@ is used as an expression in the call to @f@.
 
@@ -309 +307 @@
 In this example, @x@ is initialized by the multiple constructor calls @?{}(&x.0, 3)@ and @?{}(&x.1, 6.28)@, while @y@ is initialized by two default constructor calls @?{}(&y.0)@ and @?{}(&y.1)@.
 @z@ is initialized by mass copy constructor calls @?{}(&z.0, x.0)@ and @?{}(&z.1, x.0)@.
-Finally, @x@, @y@, and @z@ are destructed, \ie the calls @^?{}(&x.0)@, @^?{}(&x.1)@, @^?{}(&y.0)@, @^?{}(&y.1)@, @^?{}(&z.0)@, and @^?{}(&z.1)@.
+Finally, @x@, @y@, and @z@ are destructed, i.e. the calls @^?{}(&x.0)@, @^?{}(&x.1)@, @^?{}(&y.0)@, @^?{}(&y.1)@, @^?{}(&z.0)@, and @^?{}(&z.1)@.
 
 It is possible to define constructors and assignment functions for tuple types that provide new semantics, if the existing semantics do not fit the needs of an application.
@@ -342 +340 @@
 Then the type of @a.[x, y, z]@ is @[T_x, T_y, T_z]@.
 
-Since tuple index expressions are a form of member-access expression, it is possible to use tuple-index expressions in conjunction with member tuple expressions to manually restructure a tuple (\eg, rearrange components, drop components, duplicate components, etc.).
+Since tuple index expressions are a form of member-access expression, it is possible to use tuple-index expressions in conjunction with member tuple expressions to manually restructure a tuple (e.g., rearrange components, drop components, duplicate components, etc.).
 \begin{cfacode}
 [int, int, long, double] x;
@@ -394 +392 @@
 
 As for @z.y@, one interpretation is to extend the meaning of member tuple expressions.
-That is, currently the tuple must occur as the member, \ie to the right of the dot.
+That is, currently the tuple must occur as the member, i.e. to the right of the dot.
 Allowing tuples to the left of the dot could distribute the member across the elements of the tuple, in much the same way that member tuple expressions distribute the aggregate across the member tuple.
 In this example, @z.y@ expands to @[z.0.y, z.1.y]@, allowing what is effectively a very limited compile-time field-sections map operation, where the argument must be a tuple containing only aggregates having a member named @y@.
@@ -452 +450 @@
 
 struct A { int x; };
-(struct A)f();  // invalid, int cannot be converted to A
+(struct A)f();  // invalid
 \end{cfacode}
 In C, line 4 is a valid cast, which calls @f@ and discards its result.
@@ -468 +466 @@
   [int, [int, int], int] g();
 
-  ([int, double])f();           // (1) valid
-  ([int, int, int])g();         // (2) valid
-  ([void, [int, int]])g();      // (3) valid
-  ([int, int, int, int])g();    // (4) invalid
-  ([int, [int, int, int]])g();  // (5) invalid
+  ([int, double])f();           // (1)
+  ([int, int, int])g();         // (2)
+  ([void, [int, int]])g();      // (3)
+  ([int, int, int, int])g();    // (4)
+  ([int, [int, int, int]])g();  // (5)
 \end{cfacode}
 
@@ -479 +477 @@
 If @g@ is free of side effects, this is equivalent to @[(int)(g().0), (int)(g().1.0), (int)(g().2)]@.
 Since @void@ is effectively a 0-element tuple, (3) discards the first and third return values, which is effectively equivalent to @[(int)(g().1.0), (int)(g().1.1)]@).
+
 % will this always hold true? probably, as constructors should give all of the conversion power we need. if casts become function calls, what would they look like? would need a way to specify the target type, which seems awkward. Also, C++ basically only has this because classes are closed to extension, while we don't have that problem (can have floating constructors for any type).
 Note that a cast is not a function call in \CFA, so flattening and structuring conversions do not occur for cast expressions.
@@ -535 +534 @@
 \end{cfacode}
 
-Until this point, it has been assumed that assertion arguments must match the parameter type exactly, modulo polymorphic specialization (\ie, no implicit conversions are applied to assertion arguments).
+Until this point, it has been assumed that assertion arguments must match the parameter type exactly, modulo polymorphic specialization (i.e., no implicit conversions are applied to assertion arguments).
 This decision presents a conflict with the flexibility of tuples.
 \subsection{Assertion Inference}
@@ -567 +566 @@
 }
 \end{cfacode}
-is transformed into
+Is transformed into
 \begin{cfacode}
 forall(dtype T0, dtype T1 | sized(T0) | sized(T1))
-struct _tuple2_ {  // generated before the first 2-tuple
+struct _tuple2 {  // generated before the first 2-tuple
   T0 field_0;
   T1 field_1;
@@ -577 +576 @@
   _tuple2_(double, double) x;
   forall(dtype T0, dtype T1, dtype T2 | sized(T0) | sized(T1) | sized(T2))
-  struct _tuple3_ {  // generated before the first 3-tuple
+  struct _tuple3 {  // generated before the first 3-tuple
     T0 field_0;
     T1 field_1;
@@ -590 +589 @@
 [5, 'x', 1.24];
 \end{cfacode}
-becomes
+Becomes
 \begin{cfacode}
 (_tuple3_(int, char, double)){ 5, 'x', 1.24 };
@@ -604 +603 @@
 f(x, 'z');
 \end{cfacode}
-is transformed into
+Is transformed into
 \begin{cfacode}
 void f(int, _tuple2_(double, char));
@@ -651 +650 @@
 It is possible that lazy evaluation could be exposed to the user through a lazy keyword with little additional effort.
 
-Tuple-member expressions are recursively expanded into a list of member-access expressions.
+Tuple member expressions are recursively expanded into a list of member access expressions.
 \begin{cfacode}
 [int, [double, int, double], int]] x;
 x.[0, 1.[0, 2]];
 \end{cfacode}
-becomes
+which becomes
 \begin{cfacode}
 [x.0, [x.1.0, x.1.2]];
@@ -671 +670 @@
 [x, y, z] = 1.5;            // mass assignment
 \end{cfacode}
-generates the following
+Generates the following
 \begin{cfacode}
 // [x, y, z] = 1.5;
@@ -712 +711 @@
 });
 \end{cfacode}
-A variable is generated to store the value produced by a statement expression, since its fields may need to be constructed with a non-trivial constructor and it may need to be referred to multiple time, \eg, in a unique expression.
+A variable is generated to store the value produced by a statement expression, since its fields may need to be constructed with a non-trivial constructor and it may need to be referred to multiple time, e.g., in a unique expression.
 $N$ LHS variables are generated and constructed using the address of the tuple components, and a single RHS variable is generated to store the value of the RHS without any loss of precision.
 A nested statement expression is generated that performs the individual assignments and constructs the return value using the results of the individual assignments.
@@ -721 +720 @@
 [x, y, z] = [f(), 3];       // multiple assignment
 \end{cfacode}
-generates the following
+Generates
 \begin{cfacode}
 // [x, y, z] = [f(), 3];

doc/rob_thesis/variadic.tex

@@ -12 +12 @@
 In addition, C requires the programmer to hard code all of the possible expected types.
 As a result, it is cumbersome to write a function that is open to extension.
-For example, a simple function to sum $N$ @int@s,
+For example, a simple function which sums $N$ @int@s,
 \begin{cfacode}
 int sum(int N, ...) {
@@ -27 +27 @@
 sum(3, 10, 20, 30);  // need to keep counter in sync
 \end{cfacode}
-The @va_list@ type is a special C data type that abstracts variadic-argument manipulation.
+The @va_list@ type is a special C data type that abstracts variadic argument manipulation.
 The @va_start@ macro initializes a @va_list@, given the last named parameter.
 Each use of the @va_arg@ macro allows access to the next variadic argument, given a type.
@@ -34 +34 @@
 In the case where the provided type is not compatible with the argument's actual type after default argument promotions, or if too many arguments are accessed, the behaviour is undefined \cite[p.~81]{C11}.
 Furthermore, there is no way to perform the necessary error checks in the @sum@ function at run-time, since type information is not carried into the function body.
-Since they rely on programmer convention rather than compile-time checks, variadic functions are unsafe.
+Since they rely on programmer convention rather than compile-time checks, variadic functions are generally unsafe.
 
 In practice, compilers can provide warnings to help mitigate some of the problems.
-For example, GCC provides the @format@ attribute to specify that a function uses a format string, which allows the compiler to perform some checks related to the standard format-specifiers.
-Unfortunately, this approach does not permit extensions to the format-string syntax, so a programmer cannot extend the attribute to warn for mismatches with custom types.
+For example, GCC provides the @format@ attribute to specify that a function uses a format string, which allows the compiler to perform some checks related to the standard format specifiers.
+Unfortunately, this approach does not permit extensions to the format string syntax, so a programmer cannot extend the attribute to warn for mismatches with custom types.
 
 As a result, C's variadic functions are a deficient language feature.
@@ -79 +79 @@
 Similarly, in order to pass 0 variadic arguments, an explicit empty tuple must be passed into the argument list, otherwise the exact matching rule would not have an argument to bind against.
 
-It should be otherwise noted that the addition of an exact matching rule only affects the outcome for polymorphic type-binding when tuples are involved.
+It should be otherwise noted that the addition of an exact matching rule only affects the outcome for polymorphic type binding when tuples are involved.
 For non-tuple arguments, exact matching and flattening and structuring are equivalent.
-For tuple arguments to a function without polymorphic formal-parameters, flattening and structuring work whenever an exact match would have worked, since the tuple is flattened and implicitly restructured to its original structure.
+For tuple arguments to a function without polymorphic formal parameters, flattening and structuring work whenever an exact match would have worked, since the tuple is flattened and implicitly restructured to its original structure.
 Thus there is nothing to be gained from permitting the exact matching rule to take effect when a function does not contain polymorphism and none of the arguments are tuples.
 
@@ -161 +161 @@
   return x+y;
 }
-forall(otype T1, otype T2, otype T3, otype R, ttype Params
+forall(otype T1, otype T2, otype T3, ttype Params, otype R
   | summable(T1, T2, T3)
   | { R sum(T3, Params); })
@@ -184 +184 @@
 \CFA does not need an ellipsis in either case, since the type class @ttype@ is only used for variadics.
 An alternative design is to use an ellipsis combined with an existing type class.
-This approach was not taken because the largest benefit of the ellipsis token in \CC is the ability to expand a parameter pack within an expression, \eg, in fold expressions, which requires compile-time knowledge of the structure of the parameter pack, which is not available in \CFA.
+This approach was not taken because the largest benefit of the ellipsis token in \CC is the ability to expand a parameter pack within an expression, e.g., in fold expressions, which requires compile-time knowledge of the structure of the parameter pack, which is not available in \CFA.
 \begin{cppcode}
 template<typename... Args>
@@ -224 +224 @@
 Array * x = new(1, 2, 3);
 \end{cfacode}
+The @new@ function provides the combination of type-safe @malloc@ with a constructor call, so that it becomes impossible to forget to construct dynamically allocated objects.
+This approach provides the type-safety of @new@ in \CC, without the need to specify the allocated type, thanks to return-type inference.
+
 In the call to @new@, @Array@ is selected to match @T@, and @Params@ is expanded to match @[int, int, int, int]@. To satisfy the assertions, a constructor with an interface compatible with @void ?{}(Array *, int, int, int)@ must exist in the current scope.
-
-The @new@ function provides the combination of type-safe @malloc@ with a constructor call, so that it becomes impossible to forget to construct dynamically-allocated objects.
-This approach provides the type-safety of @new@ in \CC, without the need to specify the allocated type, thanks to return-type inference.
 
 \section{Implementation}
@@ -240 +240 @@
 }
 \end{cfacode}
-generates the following
+Generates the following
 \begin{cfacode}
 void *malloc(long unsigned int _sizeof_T, long unsigned int _alignof_T);
@@ -267 +267 @@
 \end{cfacode}
 The constructor for @T@ is called indirectly through the adapter function on the result of @malloc@ and the parameter pack.
-The variable that is allocated and constructed is then returned from @new@.
+The variable that was allocated and constructed is then returned from @new@.
 
 A call to @new@
@@ -337 +337 @@
 }
 \end{cfacode}
-generates the following
+Generates
 \begin{cfacode}
 void print_variadic(
@@ -382 +382 @@
 print("x = ", 123, ".\n");
 \end{cfacode}
-generates the following
+Generates the following
 \begin{cfacode}
 void print_string(const char *x){

doc/user/user.tex

@@ -11 +11 @@
 %% Created On       : Wed Apr  6 14:53:29 2016
 %% Last Modified By : Peter A. Buhr
-%% Last Modified On : Wed Apr 12 12:18:58 2017
-%% Update Count     : 1415
+%% Last Modified On : Wed Apr  5 23:19:40 2017
+%% Update Count     : 1412
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
@@ -64 +64 @@
 % Names used in the document.
 \newcommand{\Version}{\input{../../version}}
+\newcommand{\CS}{C\raisebox{-0.9ex}{\large$^\sharp$}\xspace}
+
 \newcommand{\Textbf}[2][red]{{\color{#1}{\textbf{#2}}}}
 \newcommand{\Emph}[2][red]{{\color{#1}\textbf{\emph{#2}}}}
@@ -193 +195 @@
 For system programming, where direct access to hardware and dealing with real-time issues is a requirement, C is usually the language of choice.
 As well, there are millions of lines of C legacy code, forming the base for many software development projects (especially on UNIX systems).
-The TIOBE index (\url{http://www.tiobe.com/tiobe_index}) for March 2016 shows programming-language popularity, with \Index*{Java} 20.5\%, C 14.5\%, \Index*[C++]{\CC} 6.7\%, \Csharp 4.3\%, \Index*{Python} 4.3\%, and all other programming languages below 3\%.
+The TIOBE index (\url{http://www.tiobe.com/tiobe_index}) for March 2016 shows programming-language popularity, with \Index*{Java} 20.5\%, C 14.5\%, \Index*[C++]{\CC} 6.7\%, \CS 4.3\%, \Index*{Python} 4.3\%, and all other programming languages below 3\%.
 As well, for 30 years, C has been the number 1 and 2 most popular programming language:
 \begin{center}