Changeset b195498

Timestamp:

Apr 24, 2025, 6:35:41 PM (5 months ago)

Author:

Peter A. Buhr <pabuhr@…>

Branches:

master

Children:

6b33e89, f85de47

Parents:

f632bd50

Message:

proofreading intro and background chapters, capitalize section titles, update backtick calls to regular calls

Location:

doc/theses/mike_brooks_MMath

Files:

• array.tex (modified) (13 diffs)
• background.tex (modified) (45 diffs)
• benchmarks/list/_classic.c (modified) (1 diff)
• benchmarks/list/fx-cfa-cfa.h (modified) (1 diff)
• conclusion.tex (modified) (1 diff)
• intro.tex (modified) (10 diffs)
• list.tex (modified) (19 diffs)
• programs/bkgd-carray-mdim.c (modified) (1 diff)
• programs/lst-features-intro.run.cfa (modified) (1 diff)
• programs/lst-features-multidir.run.cfa (modified) (2 diffs)

doc/theses/mike_brooks_MMath/array.tex

@@ -90 +90 @@
 
 
-\section{Dependent typing}
+\section{Dependent Typing}
 
 General dependent typing allows the type system to encode arbitrary predicates (\eg behavioural specifications for functions),
@@ -103 +103 @@
 
 
-\section{Features added}
+\section{Features Added}
 
 This section shows more about using the \CFA array and dimension parameters, demonstrating their syntax and semantics by way of motivating examples.
@@ -782 +782 @@
 
 
-Figure~\ref{f:DimexprRuleCompare} gives a case-by-case comparison of the consequences of these rule sets.
+\VRef[Figure]{f:DimexprRuleCompare} gives a case-by-case comparison of the consequences of these rule sets.
 It demonstrates that the \CFA false alarms occur in the same cases as C treats unsafe.
 It also shows that C-incompatibilities only occur in cases that C treats unsafe.
@@ -859 +859 @@
 
 
-\section{Multidimensional array implementation}
+\section{Multidimensional Array Implementation}
 \label{s:ArrayMdImpl}
 
@@ -978 +978 @@
 \end{figure}
 
-Figure~\ref{fig:subscr-all} shows one element (in the shaded band) accessed two different ways: as @x[2][3]@ and as @x[all][3][2]@.
+\VRef[Figure]{fig:subscr-all} shows one element (in the shaded band) accessed two different ways: as @x[2][3]@ and as @x[all][3][2]@.
 In both cases, value 2 selects from the coarser dimension (rows of @x@),
 while the value 3 selects from the finer dimension (columns of @x@).
@@ -1024 +1024 @@
 % The choice to implement this style-1 system upon C's style-2 arrays, rather than its style-3 pointer arithmetic, reduces the attack surface of unsafe code.
 % My casting is unsafe, but I do not do any pointer arithmetic.
-% When a programmer works in the common-case style-2 subset (in the no-@[all]@ top of Figure~\ref{fig:subscr-all}), my casts are identities, and the C compiler is doing its usual displacement calculations.
+% When a programmer works in the common-case style-2 subset (in the no-@[all]@ top of \VRef[Figure]{fig:subscr-all}), my casts are identities, and the C compiler is doing its usual displacement calculations.
 % If I had implemented my system upon style-3 pointer arithmetic, then this common case would be circumventing C's battle-hardened displacement calculations in favour of my own.
 
@@ -1067 +1067 @@
 
 
-\section{Bound checks, added and removed}
+\section{Bound Checks, Added and Removed}
 
 \CFA array subscripting is protected with runtime bound checks.
@@ -1089 +1089 @@
 
 
-\section{Array lifecycle}
+\section{Array Lifecycle}
 
 An array is an aggregate, like a structure;
@@ -1341 +1341 @@
 % note to Mike, I have more fragments on some details available in push24\fragments\uNoCtor.txt
 
-\section{Comparison with other arrays}
+\section{Comparison with Other Arrays}
 
 
@@ -1457 +1457 @@
 
 
-\subsection{Levels of dependently typed arrays}
+\subsection{Levels of Dependently Typed Arrays}
 
 The \CFA array and the field of ``array language'' comparators all leverage dependent types to improve on the expressiveness over C and Java, accommodating examples such as:
@@ -1504 +1504 @@
 Having no instances means there is no type for a variable @i@ that constrains @i@ to be in the range for @N@, unlike Dex, [TODO: verify], but like Futhark.
 
-\subsection{Static safety in C extensions}
-
-
-\section{Future work}
-
-\subsection{Declaration syntax}
-
-\subsection{Range slicing}
-
-\subsection{With a module system}
-
-\subsection{With described enumerations}
+\subsection{Static Safety in C Extensions}
+
+
+\section{Future Work}
+
+\subsection{Declaration Syntax}
+
+\subsection{Range Slicing}
+
+\subsection{With a Module System}
+
+\subsection{With Described Enumerations}
 
 A project in \CFA's current portfolio will improve enumerations.
@@ -1602 +1602 @@
 In the case of adapting this pattern to \CFA, my current work provides an adapter from ``successively subscripted'' to ``subscripted by tuple,'' so it is likely that generalizing my adapter beyond ``subscripted by @ptrdiff_t@'' is sufficient to make a user-provided adapter unnecessary.
 
-\subsection{Retire pointer arithmetic}
+\subsection{Retire Pointer Arithmetic}
 
 
@@ -1614 +1614 @@
 (For later:  That's what I offer with array.hfa, but in the future-work vision for arrays, the fix includes helping programmers stop accidentally using a broken C-ism.)
 
-\subsection{\CFA features interacting with arrays}
+\subsection{\CFA Features Interacting with Arrays}
 
 Prior work on \CFA included making C arrays, as used in C code from the wild,

doc/theses/mike_brooks_MMath/background.tex

@@ -4 +4 @@
 
 
-\section{Ill-typed expressions}
+\section{Ill-Typed Expressions}
 
 C reports many ill-typed expressions as warnings.
@@ -24 +24 @@
 Clearly, @gcc@ understands these ill-typed case, and yet allows the program to compile, which seems inappropriate.
 Compiling with flag @-Werror@, which turns warnings into errors, is often too pervasive, because some warnings are just warnings, \eg an unused variable.
-In the following discussion, ``ill-typed'' means giving a nonzero @gcc@ exit condition with a message that discusses typing.
+In the following discussion, \emph{ill-typed} means giving a nonzero @gcc@ exit condition with a message that discusses typing.
 Note, \CFA's type-system rejects all these ill-typed cases as type mismatch errors.
 
@@ -37 +37 @@
 % *1  TAPL-pg1 definition of a type system
 
-
-\section{Reading declarations}
-
-A significant area of confusion for reading C declarations results from:
-\begin{itemize}
+% reading C declaration: https://c-faq.com/decl/spiral.anderson.html
+
+
+\section{Reading Declarations}
+
+A significant area of confusion is reading C declarations, which results from interesting design choices.
+\begin{itemize}[leftmargin=*]
 \item
-C is unique in having dimension be higher priority than pointer in declarations.\footnote{
-For consistency, subscript has higher priority than dereference, yielding \lstinline{(*arp)[3]} rather than \lstinline{*arp[3]}.}
+In C, it is possible to have a value and a pointer to it.
+\begin{cfa}
+int i = 3, * pi = &i;
+\end{cfa}
+Extending this idea, it should be possible to have an array of values and pointer to it.
+\begin{cfa}
+int a[5] = { 1, 2, 3, 4, 5 },  * pa[5] = &a;
+\end{cfa}
+However, the declaration of @pa@ is incorrect because dimension has higher priority than pointer, so the declaration means an array of 5 pointers to integers.
+The declarations for the two interpretations of @* [5]@ are:
+\begin{cquote}
+\begin{tabular}[t]{@{}ll@{\hspace{15pt}}|@{\hspace{15pt}}ll@{}}
+\begin{cfa}
+int (* pa)[5]
+\end{cfa}
+&
+\raisebox{-0.4\totalheight}{\includegraphics{PtrToArray.pdf}}
+&
+\begin{cfa}
+int * ap[5]
+\end{cfa}
+&
+\raisebox{-0.75\totalheight}{\includegraphics{ArrayOfPtr.pdf}}
+\end{tabular}
+\end{cquote}
+If the priorities of dimension and pointer were reversed, the declarations become more intuitive: @int * pa[5]@ and @int * (ap[5])@.
 \item
-Embedding a declared variable in a declaration, mimics the way the variable is used in executable statements.
+This priority inversion extends into an expression between dereference and subscript, so usage syntax mimics declaration.
+\begin{cquote}
+\setlength{\tabcolsep}{20pt}
+\begin{tabular}{@{}ll@{}}
+\begin{cfa}
+int (* pa)[5]
+      (*pa)[i] += 1;
+\end{cfa}
+&
+\begin{cfa}
+int * ap[5]
+      *ap[i] += 1;
+\end{cfa}
+\end{tabular}
+\end{cquote}
+(\VRef{s:ArraysDecay} shows pointer decay allows the first form to be written @pa[i] += 1@, which is further syntax confusion.)
+Again, if the priorities were reversed, the expressions become more intuitive: @*pa[i] += 1@ and @*(ap[i]) += 1@.
+Note, a similar priority inversion exists between deference @*@ and field selection @.@ (period), so @*ps.f@ means @*(ps.f)@;
+this anomaly is \emph{fixed} with operator @->@, which performs the two operations in the more intuitive order: @sp->f@ $\Rightarrow$ @(*sp).f@.
 \end{itemize}
-\begin{cquote}
-\begin{tabular}{@{}ll@{}}
-\multicolumn{1}{@{}c}{\textbf{Array}} & \multicolumn{1}{c@{}}{\textbf{Function Pointer}} \\
-\begin{cfa}
-int @(*@ar@)[@5@]@; // definition
-  ... @(*@ar@)[@3@]@ += 1; // usage
-\end{cfa}
-&
-\begin{cfa}
-int @(*@f@())[@5@]@ { ... }; // definition
-  ... @(*@f@())[@3@]@ += 1; // usage
-\end{cfa}
-\end{tabular}
-\end{cquote}
-The parenthesis are necessary to achieve a pointer to a @T@, and the type is wrapped around the name in successive layers (like an \Index{onion}) to match usage in an expression.
-While attempting to make the two contexts consistent is a laudable goal, it has not worked out in practice, even though Dennis Richie believed otherwise:
+While attempting to make the declaration and expression contexts consistent is a laudable goal, it has not worked out in practice, even though Dennis Richie believed otherwise:
 \begin{quote}
 In spite of its difficulties, I believe that the C's approach to declarations remains plausible, and am comfortable with it; it is a useful unifying principle.~\cite[p.~12]{Ritchie93}
 \end{quote}
 After all, reading a C array type is easy: just read it from the inside out, and know when to look left and when to look right!
-
-\CFA provides its own type, variable and routine declarations, using a simpler syntax.
+Unfortunately, \CFA cannot correct these operator priority inversions without breaking C compatibility.
+
+The alternative solution is for \CFA to provide its own type, variable and routine declarations, using a more intuitive syntax.
 The new declarations place qualifiers to the left of the base type, while C declarations place qualifiers to the right of the base type.
-The qualifiers have the same syntax and semantics in \CFA as in C.
-Then, a \CFA declaration is read left to right, where a function return type is enclosed in brackets @[@\,@]@.
+The qualifiers have the same syntax and semantics in \CFA as in C, so there is nothing to learn.
+Then, a \CFA declaration is read left to right, where a function return-type is enclosed in brackets @[@\,@]@.
 \begin{cquote}
 \begin{tabular}{@{}l@{\hspace{3em}}ll@{}}
@@ -98 +128 @@
 \end{tabular}
 \end{cquote}
-As declaration size increases, it becomes corresponding difficult to read and understand the C declaration form, whereas reading and understanding a \CFA declaration has linear complexity as the declaration size increases.
+As declaration size increases, it becomes corresponding difficult to read and understand the C form, whereas reading and understanding a \CFA declaration has linear complexity.
 Note, writing declarations left to right is common in other programming languages, where the function return-type is often placed after the parameter declarations, \eg \CC \lstinline[language=C++]{auto f( int ) -> int}.
-Unfortunately, \CFA cannot interchange the priorities of subscript and dereference in expressions without breaking C compatibility.
+(Note, putting the return type at the end deviates from where the return value logically appears in an expression, @x = f(...)@ versus @f(...) = x@.)
+Interestingly, programmers normally speak a declaration from left to right, regardless of how it is written.
+(It is unclear if Hebrew or Arabic speakers, say declarations right to left.)
 
 \VRef[Table]{bkgd:ar:usr:avp} introduces the many layers of the C and \CFA array story, where the \CFA story is discussion in \VRef[Chapter]{c:Array}.
@@ -168 +200 @@
 The conjoining of pointers and arrays could also be applied to structures, where a pointer references a structure field like an array element.
 Finally, while subscripting involves pointer arithmetic (as does a field reference @x.y.z@), the computation is complex for multi-dimensional arrays and requires array descriptors to know stride lengths along dimensions.
-Many C errors result from manually performing pointer arithmetic instead of using language subscripting, letting the compiler perform any arithmetic.
-
-Some C textbooks erroneously suggest manual pointer arithmetic is faster than subscripting.
-A sound and efficient C program does not require explicit pointer arithmetic.
-TODO: provide an example, explain the belief, and give modern refutation
-
-C semantics wants a programmer to \emph{believe} an array variable is a ``pointer to its first element.''
+Many C errors result from manually performing pointer arithmetic instead of using language subscripting so the compiler performs the arithmetic.
+
+Some modern C textbooks and web sites erroneously suggest manual pointer arithmetic is faster than subscripting.
+When compiler technology was young, this statement might have been true.
+However, a sound and efficient C program coupled with a modern C compiler does not require explicit pointer arithmetic.
+For example, the @gcc@ compiler at @-O3@ generates identical code for the following two summation loops.
+\begin{cquote}
+\vspace*{-10pt}
+\begin{cfa}
+int a[1000], sum;
+\end{cfa}
+\setlength{\tabcolsep}{20pt}
+\begin{tabular}{@{}ll@{}}
+\begin{cfa}
+for ( int i = 0; i < 1000; i += 1 ) {
+        sum += a[i];
+}
+\end{cfa}
+&
+\begin{cfa}
+for ( int * ip = a ; ip < &a[1000]; ip += 1 ) {
+        sum += *ip;
+}
+\end{cfa}
+\end{tabular}
+\end{cquote}
+I believe it is possible to refute any code examples purporting to show pointer arithmetic is faster than subscripting.
+This believe stems from the performance work I did on \CFA arrays, where it is possible to generate equivalent \CFA subscripting and performance to C subscripting.
+
+Unfortunately, C semantics want a programmer to \emph{believe} an array variable is a \emph{pointer to its first element}.
 This desire becomes apparent by a detailed inspection of an array declaration.
 \lstinput{34-34}{bkgd-carray-arrty.c}
@@ -224 +279 @@
 
 
-\subsection{Arrays decay and pointers diffract}
+\subsection{Arrays Decay and Pointers Diffract}
+\label{s:ArraysDecay}
 
 The last section established the difference among these four types:
@@ -247 +303 @@
 Thus, subscripting happens on pointers not arrays.
 
-Subscripting proceeds first with pointer decay, if needed.  Next, \cite[\S~6.5.2.1.2]{C11} explains that @ar[i]@ is treated as if it were @(*((a)+(i)))@.
-\cite[\S~6.5.6.8]{C11} explains that the addition, of a pointer with an integer type,  is defined only when the pointer refers to an element that is in an array, with a meaning of ``@i@ elements away from,'' which is valid if @ar@ is big enough and @i@ is small enough.
+Subscripting proceeds first with pointer decay, if needed.
+Next, \cite[\S~6.5.2.1.2]{C11} explains that @ar[i]@ is treated as if it were @(*((a)+(i)))@.
+\cite[\S~6.5.6.8]{C11} explains that the addition, of a pointer with an integer type, is defined only when the pointer refers to an element that is in an array, with a meaning of @i@ elements away from, which is valid if @ar@ is big enough and @i@ is small enough.
 Finally, \cite[\S~6.5.3.2.4]{C11} explains that the @*@ operator's result is the referenced element.
 Taken together, these rules illustrate that @ar[i]@ and @i[a]@ mean the same thing!
@@ -285 +342 @@
 \end{cfa}
 
-The shortened parameter syntax @T x[]@ is a further way to spell ``pointer.''
+The shortened parameter syntax @T x[]@ is a further way to spell \emph{pointer}.
 Note the opposite meaning of this spelling now, compared with its use in local variable declarations.
 This point of confusion is illustrated in:
@@ -321 +378 @@
 \begin{table}
 \caption{Syntactic Reference for Decay during Parameter-Passing.
-Includes interaction with \lstinline{const}ness, where ``immutable'' refers to a restriction on the callee's ability.}
+Includes interaction with \lstinline{const}ness, where \emph{immutable} refers to a restriction on the callee's ability.}
 \label{bkgd:ar:usr:decay-parm}
 \centering
@@ -357 +414 @@
 
 
-\subsection{Variable Length Arrays}
+\subsection{Variable-length Arrays}
 
 As of C99, the C standard supports a \newterm{variable length array} (VLA)~\cite[\S~6.7.5.2.5]{C99}, providing a dynamic-fixed array feature \see{\VRef{s:ArrayIntro}}.
@@ -379 +436 @@
 % TODO: introduce multidimensional array feature and approaches
 
-When working with arrays, \eg linear algebra, array dimensions are referred to as ``rows'' and ``columns'' for a matrix, adding ``planes'' for a cube.
+When working with arrays, \eg linear algebra, array dimensions are referred to as \emph{rows} and \emph{columns} for a matrix, adding \emph{planes} for a cube.
 (There is little terminology for higher dimensional arrays.)
 For example, an acrostic poem\footnote{A type of poetry where the first, last or other letters in a line spell out a particular word or phrase in a vertical column.}
@@ -433 +490 @@
 Many languages allow multidimensional arrays-of-arrays, \eg in Pascal or \CC.
 \begin{cquote}
+\setlength{\tabcolsep}{15pt}
 \begin{tabular}{@{}ll@{}}
 \begin{pascal}
@@ -467 +525 @@
 
 \VRef[Figure]{f:ContiguousNon-contiguous} shows a powerful extension made in C99 for manipulating contiguous \vs non-contiguous arrays.\footnote{C90 also supported non-contiguous arrays.}
-For contiguous-array (including VLA) arguments, C99 conjoins one or more of the parameters as a downstream dimension(s), \eg @cols@, implicitly using this parameter to compute the row stride of @m@.
+For contiguous-array arguments (including VLA), C99 conjoins one or more of the parameters as a downstream dimension(s), \eg @cols@, implicitly using this parameter to compute the row stride of @m@.
 There is now sufficient information to support array copying and subscript checking along the columns to prevent changing the argument or buffer-overflow problems, but neither feature is provided.
 If the declaration of @fc@ is changed to:
@@ -517 +575 @@
 
 
-\subsection{Multi-dimensional arrays decay and pointers diffract}
-
-As for single-dimension arrays, multi-dimensional arrays have similar issues.
+\subsection{Multi-Dimensional Arrays Decay and Pointers Diffract}
+
+As for single-dimension, multi-dimensional arrays have similar issues \see{\VRef{s:Array}}.
+Again, the inspection begins by using @sizeof@ to provide program semantics for the intuition of an expression's type.
 \lstinput{16-18}{bkgd-carray-mdim.c}
-The significant axis of deriving expressions from @ar@ is now ``itself,'' ``first element'' or ``first grand-element (meaning, first element of first element).''
-\PAB{Explain, explain, explain.}
+There are now three axis for deriving expressions from @mx@: \emph{itself}, \emph{first element}, and \emph{first grand-element} (meaning, first element of first element).
 \lstinput{20-26}{bkgd-carray-mdim.c}
-\PAB{Explain, explain, explain.}
+Given that arrays are contiguous and the size of @float@ is 4, then the size of @mx@ with 3 $\times$ 10 floats is 120 bytes, the size of its first element (row) is 40 bytes, and the size of the first element of the first row is 4.
+Again, an array and a point to each of its axes are different.
 \lstinput{28-36}{bkgd-carray-mdim.c}
-\PAB{Explain, explain, explain.}
+As well, there is pointer decay from each of the matrix axes to pointers, which all have the same address.
 \lstinput{38-44}{bkgd-carray-mdim.c}
+Finally, subscripting on a @malloc@ result, where the referent may or may not allow subscripting or have the right number of subscripts.
 
 
@@ -533 +593 @@
 
 Passing an array as an argument to a function is necessary.
-Assume a parameter is an array when the function intends to subscript it.
-This section asserts that a more satisfactory/formal characterization does not exist in C, surveys the ways that C API authors communicate ``@p@ has zero or more dimensions'' and calls out the minority cases where the C type system is using or verifying such claims.
-
-A C parameter declarations look different, from the caller's and callee's perspectives.
+Assume a parameter is an array where the function intends to subscript it.
+This section asserts that a more satisfactory/formal characterization does not exist in C, then surveys the ways that C API authors communicate @p@ has zero or more dimensions, and finally calls out the minority cases where the C type system is using or verifying such claims.
+
+A C parameter declaration looks different from the caller's and callee's perspectives.
 Both perspectives consist of the text read by a programmer and the semantics enforced by the type system.
-The caller's perspective is available from a function declaration, which allow definition-before-use and separate compilation, but can also be read from (the non-body part of) a function definition.
+The caller's perspective is available from a function declaration, which allows definition-before-use and separate compilation, but can also be read from (the non-body part of) a function definition.
 The callee's perspective is what is available inside the function.
 \begin{cfa}
-int foo( int, float, char );                            $\C{// declaration, names optional}$
-int bar( int i, float f, char c ) {             $\C{// definition, names mandatory}$
-        // caller's perspective of foo; callee's perspective of bar
+int foo( int, float, char );                            $\C{// declaration, parameter names optional}$
+int bar( int i, float f, char c ) {             $\C{// definition, parameter names mandatory}$
+        // callee's perspective of foo and bar
 }
-// caller's perspectives of foo's and bar's
-\end{cfa}
-In caller's perspective, the parameter names (by virtue of being optional) are really comments;
-in the callee's perspective, parameter names are semantically significant.
+// caller's perspectives of foo and bar
+\end{cfa}
+From the caller's perspective, the parameter names (by virtue of being optional) are (useful) comments;
+From the callee's perspective, parameter names are semantically significant.
 Array parameters introduce a further, subtle, semantic difference and considerable freedom to comment.
 
 At the semantic level, there is no such thing as an array parameter, except for one case (@T [static 5]@) discussed shortly.
 Rather, there are only pointer parameters.
-This fact probably shares considerable responsibility for the common sense of ``an array is just a pointer,'' which has been refuted in non-parameter contexts.
+This fact probably shares considerable responsibility for the common sense of \emph{an array is just a pointer}, which has been refuted in non-parameter contexts.
 This fact holds in both the caller's and callee's perspectives.
-However, a parameter's type can include ``array of.'', \eg the type ``pointer to array of 5 ints'' (@T (*)[5]@) is a pointer type.
+However, a parameter's type can include ``array of'', \eg the type ``pointer to array of 5 ints'' (@T (*)[5]@) is a pointer type.
 This type is fully meaningful in the sense that its description does not contain any information that the type system ignores, and the type appears the same in the caller's \vs callee's perspectives.
-In fact, the outermost type constructor (syntactically first dimension) is really the one that determines the flavour of parameter.
-
-Yet, C allows array syntax for the outermost type constructor, from which comes the freedom to comment.
-An array parameter declaration can specify the outermost dimension with a dimension value, @[10]@ (which is ignored), an empty dimension list, @[ ]@, or a pointer, @*@, as seen in \VRef[Figure]{f:ArParmEquivDecl}.
-The rationale for rejecting the first ``invalid'' row follows shortly, while the second ``invalid'' row is simple nonsense, included to complete the pattern; its syntax hints at what the final row actually achieves.
+In fact, the outermost type constructor (syntactically first dimension) is really the one that determines the parameter flavour.
 
 \begin{figure}
-\begin{cquote}
 \begin{tabular}{@{}llll@{}}
 \begin{cfa}
 float sum( float a[5] );
-float sum( float a[5][4] );
+float sum( float m[5][4] );
 float sum( float a[5][] );
 float sum( float a[5]* );
@@ -576 +631 @@
 \begin{cfa}
 float sum( float a[] );
-float sum( float a[][4] );
+float sum( float m[][4] );
 float sum( float a[][] );
 float sum( float a[]* );
@@ -584 +639 @@
 \begin{cfa}
 float sum( float *a );
-float sum( float (*a)[4] );
+float sum( float (*m)[4] );
 float sum( float (*a)[] );
 float sum( float (*a)* );
@@ -591 +646 @@
 &
 \begin{cfa}
-// ar of float
-// mat of float
+// array of float
+// matrix of float
 // invalid
 // invalid
-// ar of ptr to float
-\end{cfa}
-\end{tabular}
-\end{cquote}
+// array of ptr to float
+\end{cfa}
+\end{tabular}
 \caption{Multiple ways to declare an array parameter.
 Across a valid row, every declaration is equivalent.
@@ -606 +660 @@
 \end{figure}
 
-In the leftmost style, the typechecker ignores the actual value in most practical cases.
-This value is allowed to be a dynamic expression, and then it has practical cases.
-\begin{cfa}
-void foo( int @n@ ) {
-        float _42( float @a[n]@ ) {    // nested function
-                a[0] = 42;
-        }
-        float b[n];
-        _42( b );
-}
+Yet, C allows array syntax for the outermost type constructor, from which comes the freedom to comment.
+An array parameter declaration can specify the outermost dimension with a dimension value, @[10]@ (which is ignored), an empty dimension list, @[ ]@, or a pointer, @*@, as seen in \VRef[Figure]{f:ArParmEquivDecl}.
+The rationale for rejecting the first invalid row follows shortly, while the second invalid row is simple nonsense, included to complete the pattern; its syntax hints at what the final row actually achieves.
+Note, in the leftmost style, the typechecker ignores the actual value even in a dynamic expression.
+\begin{cfa}
+int N;
+void foo( float @a[N] ) ; // N is ignored
 \end{cfa}
 
@@ -622 +673 @@
 % So are @float[5]*@, @float[]*@ and @float (*)*@.  These latter ones are simply nonsense, though they hint at ``1d array of pointers'', whose equivalent syntax options are, @float *[5]@, @float *[]@, and @float **@.
 
-It is a matter of taste as to whether a programmer should use a form as far left as possible (getting the most out of possible subscripting and dimension sizes), sticking to the right (avoiding false comfort from suggesting the typechecker is checking more than it is), or compromising in the middle (reducing unchecked information, yet clearly stating, ``I will subscript).
+It is a matter of taste as to whether a programmer should use a form as far left as possible (getting the most out of possible subscripting and dimension sizes), sticking to the right (avoiding false comfort from suggesting the typechecker is checking more than it is), or compromising in the middle (reducing unchecked information, yet clearly stating, ``I will subscript'').
 
 Note that this equivalence of pointer and array declarations is special to parameters.
@@ -635 +686 @@
 }
 \end{cfa}
-This equivalence has the consequence that the type system does not help a caller get it right.
+Unfortunately, this equivalence has the consequence that the type system does not help a caller get it right.
 \begin{cfa}
 float sum( float v[] );
@@ -656 +707 @@
 void foo( int [@const  volatile@ 5] );          $\C{// 5 is ignored}$
 \end{cfa}
-
 To make the first dimension size meaningful, C adds this form.
 \begin{cquote}
@@ -667 +717 @@
 \end{cfa}
 Here, the @static@ storage qualifier defines the minimum array size for its argument.
-@gcc@ ignores this dimension qualifier, \ie it gives no warning if the argument array size is less than the parameter minimum.  However, @clang@ implements the check, in accordance with the standard.  TODO: be specific about versions
+Earlier versions of @gcc@ ($<$ 11) and possibly @clang@ ignore this dimension qualifier, while later versions implement the check, in accordance with the standard.
+
 
 Note that there are now two different meanings for modifiers in the same position.  In
@@ -685 +736 @@
 Here, the distance between the first and second elements of each array depends on the inner dimension size.
 
-This significance of an inner dimension's length is a fact of the callee's perspective.
-In the caller's perspective, the type sytem is quite lax.
+The significance of an inner dimension's length is a fact of the callee's perspective.
+In the caller's perspective, the type system is quite lax.
 Here, there is (some, but) little checking that what is being passed, matches.
 % void f( float [][10] );
@@ -709 +760 @@
 \end{cfa}
 The cases without comments are rejections, but simply because the array ranks do not match; in the commented cases, the ranks match and the rules being discussed apply.
-The cases @f(b)@ and @f(&a)@ show where some length checking occurs.
-But this checking misses the cases @f(d)@ and @f(&c)@, allowing the calls with mismatched lengths, actually 100 for 10.
+The cases @f( b )@ and @f( &a )@ show where some length checking occurs.
+But this checking misses the cases @f( d )@ and @f( &c )@, allowing the calls with mismatched lengths, actually 100 for 10.
 The C checking rule avoids false alarms, at the expense of safety, by allowing any combinations that involve dynamic values.
 Ultimately, an inner dimension's size is a callee's \emph{assumption} because the type system uses declaration details in the callee's perspective that it does not enforce in the caller's perspective.
 
-Finally, to handle higher-dimensional VLAs, C repurposed the @*@ \emph{within} the dimension in a declaration to mean that the callee has make an assumption about the size, but no (unchecked, possibly wrong) information about this assumption is included for the caller-programmer's benefit/over-confidence.
+Finally, to handle higher-dimensional VLAs, C repurposed the @*@ \emph{within} the dimension in a declaration to mean that the callee has make an assumption about the size, but no (checked, possibly wrong) information about this assumption is included for the caller-programmer's benefit/\-over-confidence.
 \begin{cquote}
 @[@ \textit{type-qualifier-list$_{opt}$} @* ]@
@@ -731 +782 @@
 
 
-\subsection{Arrays could be values}
+\subsection{Arrays Could be Values}
 
 All arrays have a know runtime size at their point of declaration.
@@ -751 +802 @@
 \begin{cfa}
 Jmp_Buf jb1, jb2;
-jb1 = jb2;
+jb1 = jb2;            // copy
 void foo( Jmp_Buf );
-foo( jb2 );
+foo( jb2 );           // copy
 \end{cfa}
 
 This same argument applies to returning arrays from functions.
-There can be sufficient information to return an array by value but it is not supported.
-Again, array wrapping allows an array to be returned from a function and copied into variable.
+There can be sufficient information to return an array by value but it is unsupported.
+Again, array wrapping allows an array to be returned from a function and copied into a variable.
 
 
@@ -772 +823 @@
 
 
-\subsection{Design issues}
+\subsection{Design Issues}
 \label{toc:lst:issue}
 
 This thesis focuses on a reduced design space for linked lists that target \emph{system programmers}.
 Within this restricted space, all design-issue discussions assume the following invariants;
-alternatives to the assumptions are discussed under Future Work (Section~\ref{toc:lst:futwork}).
+alternatives to the assumptions are discussed under Future Work (\VRef{toc:lst:futwork}).
 \begin{itemize}
         \item A doubly-linked list is being designed.
                 Generally, the discussed issues apply similarly for singly-linked lists.
-                Circular \vs ordered linking is discussed under List identity (Section~\ref{toc:lst:issue:ident}).
+                Circular \vs ordered linking is discussed under List identity (\VRef{toc:lst:issue:ident}).
         \item Link fields are system-managed.
                 The user works with the system-provided API to query and modify list membership.
@@ -790 +841 @@
 
 
-\subsection{Preexisting linked-list libraries}
+\subsection{Preexisting Linked-List Libraries}
 \label{s:PreexistingLinked-ListLibraries}
 
@@ -799 +850 @@
         \item \CC Standard Template Library's (STL)\footnote{The term STL is contentious as some people prefer the term standard library.} @std::list@\cite{lst:stl}
 \end{enumerate}
-%A general comparison of libraries' abilities is given under Related Work (Section~\ref{toc:lst:relwork}).
+%A general comparison of libraries' abilities is given under Related Work (\VRef{toc:lst:relwork}).
 For the discussion, assume the fictional type @req@ (request) is the user's payload in examples.
 As well, the list library is helping the user manage (organize) requests, \eg a request can be work on the level of handling a network arrival-event or scheduling a thread.
 
 
-\subsection{Link attachment: intrusive vs.\ wrapped}
+\subsection{Link Attachment: Intrusive \vs Wrapped}
 \label{toc:lst:issue:attach}
 
@@ -837 +888 @@
                 Three styles of link attachment: (a)~intrusive, (b)~wrapped reference, and (c)~wrapped value.
                 The diagrams show the memory layouts that result after the code runs, eliding the head object \lstinline{reqs};
-                head objects are discussed in Section~\ref{toc:lst:issue:ident}.
+                head objects are discussed in \VRef{toc:lst:issue:ident}.
                 In (a), the field \lstinline{req.x} names a list direction;
-                these are discussed in Section~\ref{toc:lst:issue:simultaneity}.
+                these are discussed in \VRef{toc:lst:issue:simultaneity}.
                 In (b) and (c), the type \lstinline{node} represents a system-internal type,
                 which is \lstinline{std::_List_node} in the GNU implementation.
@@ -889 +940 @@
                 % \protect\subref*{f:Intrusive}~intrusive, \protect\subref*{f:WrappedRef}~wrapped reference, and \protect\subref*{f:WrappedValue}~wrapped value.
                 The diagrams show the memory layouts that result after the code runs, eliding the head object \lstinline{reqs};
-                head objects are discussed in Section~\ref{toc:lst:issue:ident}.
+                head objects are discussed in \VRef{toc:lst:issue:ident}.
                 In \protect\subref*{f:Intrusive}, the field \lstinline{req.d} names a list direction;
-                these are discussed in Section~\ref{toc:lst:issue:simultaneity}.
+                these are discussed in \VRef{toc:lst:issue:simultaneity}.
                 In \protect\subref*{f:WrappedRef} and \protect\subref*{f:WrappedValue}, the type \lstinline{node} represents a
                 library-internal type, which is \lstinline{std::_List_node} in the GNU implementation
@@ -905 +956 @@
 In all three cases, a @req@ object can enter and leave a list many times.
 However, in intrusive a @req@ can only be on one list at a time, unless there are separate link-fields for each simultaneous list.
-In wrapped reference, a @req@ can appear multiple times on the same or different lists simultaneously, but since @req@ is shared via the pointer, care must be taken if updating data also occurs simultaneously, \eg concurrency.
+In wrapped reference, a @req@ can appear multiple times on the same or different lists, but since @req@ is shared via the pointer, care must be taken if updating data also occurs simultaneously, \eg concurrency.
 In wrapped value, the @req@ is copied, which increases storage usage, but allows independent simultaneous changes;
-however, knowing which of the @req@ object is the ``true'' object becomes complex.
+however, knowing which of the @req@ object is the \emph{true} object becomes complex.
 \see*{\VRef{toc:lst:issue:simultaneity} for further discussion.}
 
 The implementation of @LIST_ENTRY@ uses a trick to find the links and the node containing the links.
-The macro @LIST_INSERT_HEAD(&reqs, &r2, d);@ takes the list header, a pointer to the node, and the offset of the link fields in the node.
+The macro @LIST_INSERT_HEAD( &reqs, &r2, d )@ takes the list header, a pointer to the node, and the offset of the link fields in the node.
 One of the fields generated by @LIST_ENTRY@ is a pointer to the node, which is set to the node address, \eg @r2@.
 Hence, the offset to the link fields provides an access to the entire node, \ie the node points at itself.
-For list traversal, @LIST_FOREACH(cur, &reqs_pri, by_pri)@, there is the node cursor, the list, and the offset of the link fields within the node.
+For list traversal, @LIST_FOREACH( cur, &reqs_pri, by_pri )@, there is the node cursor, the list, and the offset of the link fields within the node.
 The traversal actually moves from link fields to link fields within a node and sets the node cursor from the pointer within the link fields back to the node.
 
@@ -926 +977 @@
 Another subtle advantage of intrusive arrangement is that a reference to a user-level item (@req@) is sufficient to navigate or manage the item's membership.
 In LQ, the intrusive @req@ pointer is the right argument type for operations @LIST_NEXT@ or @LIST_REMOVE@;
-there is no distinguishing a @req@ from ``a @req@ in a list.''
+there is no distinguishing a @req@ from a @req@ in a list.
 The same is not true of STL, wrapped reference or value.
 There, the analogous operations, @iterator::operator++()@, @iterator::operator*()@, and @list::erase(iterator)@, work on a parameter of type @list<T>::iterator@;
@@ -946 +997 @@
                 the LQ C macros do not expand to valid C++ when instantiated with template parameters---there is no \lstinline{struct El}.
                 When using a custom-patched version of LQ to work around this issue,
-                the programs of Figure~\ref{f:WrappedRef} and wrapped value work with this shim in place of real STL.
+                the programs of \VRef[Figure]{f:WrappedRef} and wrapped value work with this shim in place of real STL.
                 Their executions lead to the same memory layouts.
         }
@@ -952 +1003 @@
 \end{figure}
 
-It is possible to simulate wrapped using intrusive, illustrated in Figure~\ref{fig:lst-issues-attach-reduction}.
+It is possible to simulate wrapped using intrusive, illustrated in \VRef[Figure]{fig:lst-issues-attach-reduction}.
 This shim layer performs the implicit dynamic allocations that pure intrusion avoids.
 But there is no reduction going the other way.
@@ -961 +1012 @@
 An intrusive-primitive library like LQ lets users choose when to make this tradeoff.
 A wrapped-primitive library like STL forces users to incur the costs of wrapping, whether or not they access its benefits.
-
-
-\subsection{Simultaneity: single vs.\ multi-static vs.\ dynamic}
+\CFA is capable of supporting a wrapped library, if need arose.
+
+
+\subsection{Simultaneity: Single \vs Multi-Static \vs Dynamic}
 \label{toc:lst:issue:simultaneity}
 
@@ -986 +1038 @@
 \newterm{Simultaneity} deals with the question:
 In how many different lists can a node be stored, at the same time?
-Figure~\ref{fig:lst-issues-multi-static} shows an example that can traverse all requests in priority order (field @pri@) or navigate among requests with the same request value (field @rqr@).
+\VRef[Figure]{fig:lst-issues-multi-static} shows an example that can traverse all requests in priority order (field @pri@) or navigate among requests with the same request value (field @rqr@).
 Each of ``by priority'' and ``by common request value'' is a separate list.
 For example, there is a single priority-list linked in order [1, 2, 2, 3, 3, 4], where nodes may have the same priority, and there are three common request-value lists combining requests with the same values: [42, 42], [17, 17, 17], and [99], giving four head nodes one for each list.
@@ -996 +1048 @@
 This feature is used in the \CFA runtime, where a thread node may be on a blocked or running list, but never on both simultaneously.
 
-Now consider the STL in the wrapped-reference arrangement of Figure~\ref{f:WrappedRef}.
+Now consider the STL in the wrapped-reference arrangement of \VRef[Figure]{f:WrappedRef}.
 Here it is possible to construct the same simultaneity by creating multiple STL lists, each pointing at the appropriate nodes.
 Each group of intrusive links become the links for each separate STL list.
@@ -1003 +1055 @@
 Note, it might be possible to wrap the multiple lists in another type to hide this implementation issue.
 
-Now consider the STL in the wrapped-value arrangement of Figure~\ref{f:WrappedValue}.
+Now consider the STL in the wrapped-value arrangement of \VRef[Figure]{f:WrappedValue}.
 Again, it is possible to construct the same simultaneity by creating multiple STL lists, each copying the appropriate nodes, where the intrusive links become the links for each separate STL list.
 The upside is the same as for wrapped-reference arrangement with an unlimited number of list bindings.
@@ -1015 +1067 @@
 % LQ's ergonomics are well-suited to the uncommon case of multiple list directions.
 % Its intrusion declaration and insertion operation both use a mandatory explicit parameter naming the direction.
-% This decision works well in Figure~\ref{fig:lst-issues-multi-static}, where the names @by_pri@ and @by_rqr@ work well,
-% but it clutters Figure~\ref{f:Intrusive}, where a contrived name must be invented and used.
+% This decision works well in \VRef[Figure]{fig:lst-issues-multi-static}, where the names @by_pri@ and @by_rqr@ work well,
+% but it clutters \VRef[Figure]{f:Intrusive}, where a contrived name must be invented and used.
 % The example uses @x@; @reqs@ would be a more readily ignored choice. \PAB{wording?}
 
@@ -1089 +1141 @@
 
 
-\subsection{User integration: preprocessed vs.\ type-system mediated}
-
-\PAB{What do you want to say here?}
+\subsection{User Integration: Preprocessed \vs Type-System Mediated}
+
+While the syntax for LQ is reasonably succinct, it comes at the cost of using C preprocessor macros for generics, which are not part of the language type-system, like \CC templates.
+Hence, small errors in macro arguments can lead to large substitution mistakes, as the arguments maybe textually written in many places and/or concatenated with other arguments/text to create new names and expressions.
+This can lead to a cascade of error messages that are confusing and difficult to debug.
+For example, argument errors like @a.b,c@, comma instead of period, or @by-pri@, minus instead of underscore, can produce many error messages.
+
+Instead, language function calls (even with inlining) handled argument mistakes locally at the call, giving very specific error message.
+\CC @concepts@ were introduced in @templates@ to deal with just this problem.
 
 % example of poor error message due to LQ's preprocessed integration
@@ -1101 +1159 @@
 
 
-\subsection{List identity: headed vs.\ ad-hoc}
+\subsection{List Identity: Headed \vs Ad-Hoc}
 \label{toc:lst:issue:ident}
 
-All examples so far use distinct user-facing types:
-an item found in a list (type @req@ of variable @r1@, see \VRef[Figure]{fig:lst-issues-attach}), and a list (type @reql@ of variable @reqs_pri@, see \VRef[Figure]{fig:lst-issues-ident}).
-The latter type is a head.
-The resulting identity model (empty list) is just the head.
-A bespoke ``pointer to next @req@'' implementation often omits the header;
-hence, a pointer to any node can traverse its link fields: right or left and around, depending on the data structure.
-The resulting identity model is ad-hoc.
-
-Figure~\ref{fig:lst-issues-ident} shows the identity model's impact on
-the existence of certain conceptual constructs, like zero-lengths lists and unlisted elements.
-In headed thinking, there are length-zero lists (heads with no elements), and an element can be listed or not listed.
-In ad-hoc thinking, there are no length-zero lists and every element belongs to a list of length at least one.
-By omitting the head, elements can enter into an adjacency relationship, without requiring allocation for a head for the list, or finding a correct existing head.
+All examples so far use two distinct types for:
+an item found in a list (type @req@ of variable @r1@, see \VRef[Figure]{fig:lst-issues-attach}), and the list (type @reql@ of variable @reqs_pri@, see \VRef[Figure]{fig:lst-issues-ident}).
+This kind of list is ``headed'', where the empty list is just a head.
+An alternate ``ad-hoc'' approach omits the header, where the empty list is no nodes.
+Here, a pointer to any node can traverse its link fields: right or left and around, depending on the data structure.
+Note, a headed list is superset of an ad-hoc list, and can normally perform all of the ad-hoc operations.
+\VRef[Figure]{fig:lst-issues-ident} shows both approaches for different list lengths and unlisted elements.
+For headed, there are length-zero lists (heads with no elements), and an element can be listed or not listed.
+For ad-hoc, there are no length-zero lists and every element belongs to a list of length at least one.
 
 \begin{figure}
@@ -1128 +1182 @@
 \end{figure}
 
-A head defines one or more element roles, among elements that share a transitive adjacency.
-``First'' and ``last'' are element roles.
-One moment's ``first'' need not be the next moment's.
-
-There is a cost to maintaining these roles.
+The purpose of a header is to provide specialized but implicit node access, such as the first/last nodes in the list, where accessing these nodes is deemed a commonly occurring operation and should be $O(1)$ for performance of certain operations.
+For example, without a last pointer in a singly-linked list, adding to the end of the list is an $O(N)$ operation to traverse the list to find the last node.
+Without the header, this specialized information must be managed explicitly, where the programmer builds their own external, equivalent header information.
+However, external management of particular nodes might not be beneficial because the list does not provide operations that can take advantage of them, such as using an external pointer to update an internal link.
+Clearly, there is a cost maintaining this specialized information, which needs to be amortized across the list operations that use it, \eg rarely adding to the end of a list.
 A runtime component of this cost is evident in LQ's offering the choice of type generators @LIST@ \vs @TAILQ@.
-Its @LIST@ maintains a ``first,'' but not a ``last;'' its @TAILQ@ maintains both roles.
+Its @LIST@ maintains a \emph{first}, but not a \emph{last};
+its @TAILQ@ maintains both roles.
 (Both types are doubly linked and an analogous choice is available for singly linked.)
 
-TODO: finish making this point
-
-See WIP in lst-issues-adhoc-*.ignore.*.
-
-The code-complexity component of the cost ...
-
-Ability to offer heads is good.  Point: Does maintaining a head mean that the user has to provide more state when manipulating the list?  Requiring the user to do so is bad, because the user may have lots of "list" typed variables in scope, and detecting that the user passed the wrong one requires testing all the listing edge cases.
-
-
-\subsection{End treatment: cased vs.\ uniform }
-
-A linear (non-circular), nonempty linked-list has a first element and a last element, whether or not the list is headed.
-A first element has no predecessor and a last element has no successor.
+
+\subsection{End Treatment: Cased \vs Uniform }
+
+All lists must have a logical \emph{beginning/ending}, otherwise list traversal is infinite.
+\emph{End treatment} refers to how the list represents the lack of a predecessor/successor to demarcate end point(s).
+For example, in a doubly-linked list containing a single node, the next/prev links have no successor/predecessor nodes.
+Note, a list does not need to use links to denote its size;
+it can use a node counter in the header, where $N$ node traversals indicates complete navigation of the list.
+However, managing the number of nodes is an additional cost, as the links must always be managed.
+
+The following discussion refers to the LQ representations, detailed in \VRef[Figure]{fig:lst-issues-end}, using a null pointer to mark end points.
+LQ uses this representation for its successor/last.
+For example, consider the operation of inserting after a given element.
+A doubly-linked list must update the given node's successor, to make its predecessor-pointer refer to the new node.
+This step must happen when the given node has a successor (when its successor pointer is non-null),
+and must be skipped when it does not (when its successor pointer cannot be navigated).
+So this operation contains a branch, to decide which case is happening.
+All branches have pathological cases where branch prediction's success rate is low and the execution pipeline stalls often.
+Hence, this issue is relevant to achieving high performance.
 
 \begin{figure}
@@ -1164 +1225 @@
 \end{figure}
 
-End treatment refers to how the list represents the lack of a predecessor/successor.
-The following elaboration refers to the LQ representations, detailed in Figure~\ref{fig:lst-issues-end}.
-The most obvious representation, a null pointer, mandates a cased end treatment.
-LQ uses this representation for its successor/last.
-Consider the operation of inserting after a given element.
-A doubly-linked list must update the given node's successor, to make its predecessor-pointer refer to the new node.
-This step must happen when the given node has a successor (when its successor pointer is non-null),
-and must be skipped when it does not (when its successor pointer cannot be navigated).
-So this operation contains a branch, to decide which case is happening.
-All branches have pathological cases where branch prediction's success rate is low and the execution pipeline is stalling often.
-Hence, this issue is implementation-level, relevant to achieving high performance.
-
-This branch is sometimes avoidable; the result is a uniform end treatment.
-Here is one example of such an implementation that works for a headed list.
-LQ uses this representation for its predecessor/first.  (All LQ offerings are headed at the front.)
+Interestingly, this branch is sometimes avoidable, giving a uniform end-treatment in the code.
+For example, LQ is headed at the front.
 For predecessor/first navigation, the relevant operation is inserting before a given element.
 LQ's predecessor representation is not a pointer to a node, but a pointer to a pseudo-successor pointer.
 When there is a predecessor node, that node contains a real-successor pointer; it is the target of the reference node's predecessor pointer.
 When there is no predecessor node, the reference node (now known to be first node) acts as the pseudo-successor of the list head.
-The list head contains a pointer to the first node.
+Now, the list head contains a pointer to the first node.
 When inserting before the first node, the list head's first-pointer is the one that must change.
-So, the first node's ``predecessor'' pointer (to a pseudo-successor pointer) is set as the list head's first-pointer.
+So, the first node's \emph{predecessor} pointer (to a pseudo-successor pointer) is set as the list head's first-pointer.
 Now, inserting before a given element does the same logic in both cases:
-follow the guaranteed-non-null predecessor pointer, and update what you find there to refer to the new node.
+follow the guaranteed-non-null predecessor pointer, and update that location to refer to the new node.
 Applying this trick makes it possible to have list management routines that are completely free of conditional control-flow.
 Considering a path length of only a few instructions (less than the processor's pipeline length),

doc/theses/mike_brooks_MMath/benchmarks/list/_classic.c

@@ -232 +232 @@
         for ( t = 0; t < Times; t += 1 ) {
                 Repeat( insert_last( lst, s[i] ) );
-                Repeat( remove( lst`first ) );
+                Repeat( remove( first( lst ) ) );
         }
         end = clock();

doc/theses/mike_brooks_MMath/benchmarks/list/fx-cfa-cfa.h

@@ -11 +11 @@
 #define BFX_INSERT_BEFORE(S, lst, item, refIter) (insert_before(*refIter, item), (S*)&(item))
 #define BFX_INSERT_AFTER(S, lst, item, refIter)  (insert_after (*refIter, item), (S*)&(item))
-#define BFX_REMOVE_FIRST(S, lst)                 remove(lst`first)
-#define BFX_REMOVE_LAST(S, lst)                  remove(lst`last)
+#define BFX_REMOVE_FIRST(S, lst)                 remove( first( lst ) )
+#define BFX_REMOVE_LAST(S, lst)                  remove( last( lst ) )
 #define BFX_REMOVE_HERE(S, lst, refIter)         remove(*refIter)
 #define BFX_INIT(S, lst)
 
-#define BFX_GET_AFTER(S, lst, iter)              (&(*iter)`next)
-#define BFX_GET_BEFORE(S, lst, iter)             (&(*iter)`prev)
+#define BFX_GET_AFTER(S, lst, iter)              (&next( *iter))
+#define BFX_GET_BEFORE(S, lst, iter)             (&prev( *iter ))
 #define BFX_IS_VALID_POS(S, lst, iter)           ((iter)!=NULL)
 #define BFX_DEREF_POS(S, lst, iter)              (iter)

doc/theses/mike_brooks_MMath/conclusion.tex

@@ -7 +7 @@
 \section{Strings}
 
-\section{Future work}
+\section{Future Work}

doc/theses/mike_brooks_MMath/intro.tex

@@ -27 +27 @@
 
 
-\section{Linked list}
+\section{Linked List}
 
 A linked-list provides a homogeneous container often with $O(log N)$ or $O(N)$ access to elements using successor and predecessor operations that normally involve pointer chasing.
@@ -42 +42 @@
 hash search table consisting of a key (string) with associated data (@<search.h>@)
 \end{itemize}
-Because these libraries are simple, awkward to use, and unsafe, C programmers commonly build linked-list behaviours into their bespoke data structures.
+Because these libraries are simple, awkward to use, and unsafe, C programmers commonly build bespoke linked data-structures.
 
 
@@ -54 +54 @@
 In some cases, string management is separate from heap management, \ie strings roll their own heap.
 
-The C string type requires user storage-management of a language-provided character array.
+The C string type is just a character array and requires user storage-management to handle varying size.
 The character array uses the convention of marking its (variable) array length by placing the 0-valued control character at the end (null-terminated).
 The C standard library includes a number of high-level operations for working with this representation.
+Most of these operations are awkward and error prone.
 
 
@@ -84 +85 @@
 While multiple new languages purport to be systems languages replacing C, the reality is that rewriting massive C code-bases is impractical and a non-starter if the new runtime uses garage collection.
 Furthermore, new languages must still interact with the underlying C operating system through fragile, type-unsafe, interlanguage-communication.
-Switching to \CC is equally impractical as its complex and interdependent type-system (\eg objects, overloading, inheritance, templates) means idiomatic \CC code is difficult to use from C, and C programmers must expend significant effort learning \CC.
+Switching to \CC is equally impractical as its complex and interdependent type-system (\eg objects, overloading, inheritance, templates) means idiomatic \CC code is difficult to use from C, and C programmers must expend significant effort learning new \CC.
 Hence, rewriting and retraining costs for these languages can be prohibitive for companies with a large C software-base (Google, Apple, Microsoft, Amazon, AMD, Nvidia).
 
@@ -93 +94 @@
 However, most programming languages are only partially explained by their standard's manual(s).
 When it comes to explaining how C works, the definitive source is the @gcc@ compiler, which is mimicked by other C compilers, such as Clang~\cite{clang}.
-Often other C compilers must mimic @gcc@ because a large part of the C library (runtime) system (@glibc@ on Linux) contains @gcc@ features.
+Often other C compilers \emph{must} mimic @gcc@ because a large part of the C library (runtime) system (@glibc@ on Linux) contains @gcc@ features.
 Some key aspects of C need to be explained and understood by quoting from the language reference manual.
 However, to illustrate actual program semantics, this thesis constructs multiple small programs whose behaviour exercises a particular point and then confirms the behaviour by running the program using multiple @gcc@ compilers.
@@ -100 +101 @@
         \item if the compiler accepts or rejects certain syntax,
         \item prints output to buttress a behavioural claim,
-        \item or executes without triggering any embedded assertions testing pre/post-assertions or invariants.
+        \item or fails to trigger embedded assertions testing pre/post-assertions or invariants.
 \end{itemize}
 These programs are tested across @gcc@ versions 8--14 and clang versions 10--14 running on ARM, AMD, and Intel architectures.
@@ -120 +121 @@
 Introduce a small number of subtle changes to the typing rules for the C array, while still achieving significant backwards compatibility
 \item
-Create a new polymorphic mechanism into the \CFA @forall@ clause for specifying array dimension values, similar to a fixed-typed parameter in a \CC \lstinline[language=C++]{template}.
+Create a new polymorphic mechanism in the \CFA @forall@ clause to specify array dimension values, similar to a fixed-typed parameter in a \CC \lstinline[language=C++]{template}.
 \item
 Construct a new standard-library array-type, available through @#include <array.hfa>@.
@@ -130 +131 @@
 
 
-\subsection{Linked list}
+\subsection{Linked List}
 
 The linked list is a new runtime library, available through @#include <dlist.hfa>@.
@@ -141 +142 @@
 \subsection{String}
 
-The string is a new runtime library, available through @#include <string.hfa>@.
+The new string type and its runtime library are available through @#include <string.hfa>@.
 The library offers a type where basic usage is comparable to the \CC @string@ type, including analogous coexistence with raw-character pointers.
 Its implementation, however, follows different principles, enabling programs to work with strings by value, without incurring excessive copying.
 Mutability is retained.
 Substrings are supported, including the ability for overlapping ranges to share edits transparently.
-Ultimately, the implementation is a set of strings rolled into their own specialized heap.
+The implementation allows a set of strings to use an optimized, shared, custom heap or to use the regular heap for thread safety.
 
-The string library includes writing and reading strings via the preexisting \CFA I/O stream library.
-Enabling transparent reading (of unknown length into a managed allocation) included revision of the stream library's existing handling of character arrays.
-All reasonable stream manipulators are supported, \eg width, justification (left/right), printing characters as their numeric values, and complex input scanning to isolate strings.
+The string library includes reading and writing strings via the preexisting \CFA I/O stream library.
+Enabling transparent reading of unknown length strings using managed allocation required revision of the stream library's existing handling of character arrays.
+All reasonable stream manipulators are supported, \eg width, justification (left/right), printing characters as their numeric values, and complex input scanning to isolate strings in the input stream.
 
 
@@ -159 +160 @@
 Hence, the infamous \CC bug of iterator invalidation, where structural changes cause legitimate operations to fail, \eg iterator over a list and deleting each element.
 
-Further design provides a home for Liskov-style iterators in \CFA.
+Further design provides a home for Liskov-style iterators (stackless-coroutine) in \CFA.
 This design extends a preexisting proposal to adapt the \CFA (fixed) for-each loop to be more user-pluggable, and builds upon preexisting \CFA coroutines.
 Overall, it simplifies the work a programmer must do to leverage the suspended-state abstraction during iteration.

doc/theses/mike_brooks_MMath/list.tex

@@ -15 +15 @@
 
 The doubly-linked list attaches links intrusively, supports multiple link directions, integrates with user code via the type system, treats its ends uniformly, and identifies a list using an explicit head.
-This design covers system and data management issues stated in Section~\ref{toc:lst:issue}.
-
-Figure~\ref{fig:lst-features-intro} continues the running @req@ example from Figure~\ref{fig:lst-issues-attach} using the \CFA list.
-The \CFA link attachment is intrusive so the resulting memory layout is per user node, as for the LQ version of Figure~\ref{f:Intrusive}.
+This design covers system and data management issues stated in \VRef{toc:lst:issue}.
+
+\VRef[Figure]{fig:lst-features-intro} continues the running @req@ example from \VRef[Figure]{fig:lst-issues-attach} using the \CFA list.
+The \CFA link attachment is intrusive so the resulting memory layout is per user node, as for the LQ version of \VRef[Figure]{f:Intrusive}.
 The \CFA framework provides generic type @dlink( T, T )@ for the two link fields (front and back).
 A user inserts the links into the @req@ structure via \CFA inline-inheritance from the Plan-9 C dialect~\cite[\S~3.3]{Thompson90new}.
@@ -34 +34 @@
     \caption[Multiple link directions in \CFA list library]{
         Demonstration of the running \lstinline{req} example, done using the \CFA list library.
-        This example is equivalent to the three approaches in Figure~\ref{fig:lst-issues-attach}.
+        This example is equivalent to the three approaches in \VRef[Figure]{fig:lst-issues-attach}.
     }
     \label{fig:lst-features-intro}
 \end{figure}
 
-Figure~\ref{fig:lst-features-multidir} shows how the \CFA library supports multi-inline links, so a node can be on one or more lists simultaneously.
+\VRef[Figure]{fig:lst-features-multidir} shows how the \CFA library supports multi-inline links, so a node can be on one or more lists simultaneously.
 The declaration of @req@ has two inline-inheriting @dlink@ occurrences.
 The first of these gives a type named @req.by_pri@, @req@ inherits from it, and it inherits from @dlink@.
@@ -48 +48 @@
 The type of the variable @reqs_pri_global@ is @dlist(req, req.by_pri)@, meaning operations called on @reqs_pri_global@ are implicitly disambiguated.
 In the example, the calls @insert_first(reqs_pri_global, ...)@ imply, ``here, we are working by priority.''
-As in Figure~\ref{fig:lst-issues-multi-static}, three lists are constructed, a priority list containing all nodes, a list with only nodes containing the value 42, and a list with only nodes containing the value 17.
+As in \VRef[Figure]{fig:lst-issues-multi-static}, three lists are constructed, a priority list containing all nodes, a list with only nodes containing the value 42, and a list with only nodes containing the value 17.
 
 \begin{figure}
@@ -63 +63 @@
 \caption{
         Demonstration of multiple static link directions done in the \CFA list library.
-        The right example is from Figure~\ref{fig:lst-issues-multi-static}.
+        The right example is from \VRef[Figure]{fig:lst-issues-multi-static}.
                 The left \CFA example does the same job.
     }
@@ -70 +70 @@
 
 The \CFA library also supports the common case, of single directionality, more naturally than LQ.  
-Figure~\ref{fig:lst-features-intro} shows a single-direction list done with no contrived name for the link direction,
-where Figure~\ref{f:Intrusive} adds the unnecessary field name, @d@.
-In \CFA, a user doing a single direction (Figure~\ref{fig:lst-features-intro}) sets up a simple inheritance with @dlink@, and declares a list head to have the simpler type @dlist( T )@.
-In contrast, (Figure~\ref{fig:lst-features-multidir}) sets up a diamond inheritance with @dlink@, and declares a list head to have the more-informed type @dlist( T, DIR )@.
+\VRef[Figure]{fig:lst-features-intro} shows a single-direction list done with no contrived name for the link direction,
+where \VRef[Figure]{f:Intrusive} adds the unnecessary field name, @d@.
+In \CFA, a user doing a single direction (\VRef[Figure]{fig:lst-features-intro}) sets up a simple inheritance with @dlink@, and declares a list head to have the simpler type @dlist( T )@.
+In contrast, (\VRef[Figure]{fig:lst-features-multidir}) sets up a diamond inheritance with @dlink@, and declares a list head to have the more-informed type @dlist( T, DIR )@.
 
 The directionality issue also has an advanced corner-case that needs treatment.
@@ -118 +118 @@
 By using a larger scope, a user can put code within that acts as if there is only one list direction.
 This boost is needed only when operating on a list with several directions, using operations that do not take the list head.
-Otherwise, the sole applicable list direction ``just works.''
+Otherwise, the sole applicable list direction \emph{just works}.
 
 Unlike \CC templates container-types, the \CFA library works completely within the type system;
@@ -138 +138 @@
 @isEmpty@ returns true if the list has no nodes and false otherwise.
 \item
-@first@ returns a pointer to the first node of the list without removing it or @0p@ if the list is empty.
-\item
-@last@ returns a pointer to the last node of the list without removing it or @0p@ if the list is empty.
-\item
-@next@ returns a pointer to the next (successor, towards last) node after the specified node or @0p@ if the specified node is the last node in the list.
-\item
-@pred@ returns a pointer to the previous (predecessor, towards first) node before the specified node or @0p@ if the specified node is the first node in the list.
+@first@ returns a reference to the first node of the list without removing it or @0p@ if the list is empty.
+\item
+@last@ returns a reference to the last node of the list without removing it or @0p@ if the list is empty.
 \item
 @insert_before@ adds a node before the specified node and returns the added node for cascading.
@@ -150 +146 @@
 @insert_after@ adds a node after the specified node and returns the added node for cascading.
 \item
-@remove@ removes the specified node from the list (any location) and returns a pointer to the node.
-\item
-@insert_first@ adds a node to the start of the list so it becomes the first node and returns a pointer to the node for cascading.
-\item
-@insert_last@ adds a node to the end of the list so it becomes the last node and returns returns a pointer to the node for cascading.
-\item
-@insert@ is a synonym for @insert_last@.
-\item
-@remove_first@ removes the first node and returns a pointer to it or @0p@ if the list is empty.
-\item
-@remove_last@ removes the last node and returns a pointer to it or @0p@ if the list is emptyy.
+@remove@ removes the specified node from the list (any location) and returns a reference to the node.
+\item
+@iter@ create an iterator for the list.
+\item
+@recede@ returns true if the iterator cursor is advanced to the previous (predecessor, towards first) node before the prior cursor node and false otherwise.
+\item
+@advance@ returns true if the iterator cursor is advanced to the next (successor, towards last) node after the prior cursor node and false otherwise.
+\item
+@isFirst@ returns true if the node is the first node in the list and false otherwise.
+\item
+@isLast@ returns true if the node is the last node in the list and false otherwise.
+\item
+@pred@ returns a reference to the previous (predecessor, towards first) node before the specified node or @0p@ if the specified node is the first node in the list.
+\item
+@next@ returns a reference to the next (successor, towards last) node after the specified node or @0p@ if the specified node is the last node in the list.
+\item
+@insert_first@ adds a node to the start of the list so it becomes the first node and returns a reference to the node for cascading.
+\item
+@insert_last@ adds a node to the end of the list so it becomes the last node and returns returns a reference to the node for cascading.
+\item
+@remove_first@ removes the first node and returns a reference to it or @0p@ if the list is empty.
+\item
+@remove_last@ removes the last node and returns a reference to it or @0p@ if the list is empty.
 \item
 @transfer@ transfers all nodes from the @from@ list to the end of the @to@ list; the @from@ list is empty after the transfer.
@@ -170 +178 @@
 \begin{figure}
 \begin{cfa}
-E & ?`isEmpty( dlist( E ) & list );
-E & ?`isListed( E & node );
-E & ?`first( dlist( E ) & list );
-E & ?`last( dlist( E ) & list );
-E & ?`next( E & node );
-E & ?`prev( E & node );
+E & isListed( E & node );
+E & isEmpty( dlist( E ) & list );
+E & first( dlist( E ) & list );
+E & last( dlist( E ) & list );
 E & insert_before( E & before, E & node );
 E & insert_after( E & after, E & node );
 E & remove( E & node );
-E & ?`elems( dlist( E ) & list );
-E & ?`head( dlist( E ) & list );
-bool ?`moveNext( E && refx );
-bool ?`next( E && refx );                                                       // alternate name
-bool ?`movePrev( E && refx );
-bool ?`prev( E && refx );                                                       // alternate name
-bool ?`hasNext( E & node );
-bool ?`hasPrev( E & node );
+E & iter( dlist( E ) & list );
+bool advance( E && refx );
+bool recede( E && refx );
+bool isFirst( E & node );
+bool isLast( E & node );
+E & prev( E & node );
+E & next( E & node );
 E & insert_first( dlist( E ) & list, E & node );
 E & insert_last( dlist( E ) & list, E & node );
-E & insert( dlist( E ) & list, E & node );              // alternate name
 E & remove_first( dlist( E ) & list );
 E & remove_last( dlist( E ) & list );
 void transfer( dlist( E ) & to, dlist( E ) & from ) {
 void split( dlist( E ) & to, dlist( E ) & from, E & node ) {
-E & try_pop_front( dlist( E ) & list );
-E & try_pop_back( dlist( E ) & list );
 \end{cfa}
 \caption{\CFA List API}
@@ -205 +207 @@
 
 It is possible to iterate through a list manually or using a set of standard macros.
-\VRef[Figure]{f:IteratorExample} shows the iterator template, managing a list of nodes, used throughout the following iterator examples.
+\VRef[Figure]{f:IteratorTemple} shows the iterator template, managing a list of nodes, used throughout the following iterator examples.
 Each example assumes its loop body prints the value in the current node.
 
@@ -222 +224 @@
         insert( list, n1 );   insert( list, n2 );   insert( list, n3 );   insert( list, n4 );
         sout | nlOff;
-        for ( node & it = list`first; ⁢ &it = &it`next ) @sout | it.v | ",";   sout | nl;@
-        // other iterator examples
+        for ( ... ) @sout | it.v | ",";   sout | nl;@ // iterator examples in text
         remove( n1 );   remove( n2 );   remove( n3 );   remove( n4 );
 }
 \end{cfa}
-\caption{Iterator Example}
-\label{f:IteratorExample}
+\caption{Iterator Temple}
+\label{f:IteratorTemple}
 \end{figure}
 
@@ -243 +244 @@
 \begin{tabular}{@{}l|l@{}}
 \begin{cfa}
-for ( node & it = list`@first@; &it /* != 0p */ ; &it = &it`@next@ ) ...
-for ( node & it = list`@last@; ⁢ &it = &it`@prev@ ) ...
+for ( node & it = @first@( list ); &it /* != 0p */ ; &it = &@next@( it ) ...
+for ( node & it = @last@( list ); ⁢ &it = &@prev@( it ) ) ...
 \end{cfa}
 &
@@ -258 +259 @@
 \begin{tabular}{@{}l|l@{}}
 \begin{cfa}
-for ( node & it = @n2@; ⁢ &it = &it`@next@ ) ...
-for ( node & it = @n3@; ⁢ &it = &it`@prev@ ) ...
+for ( node & it = @n2@; ⁢ &it = &@next@( it ) ) ...
+for ( node & it = @n3@; ⁢ &it = &@prev@( it ) ) ...
 \end{cfa}
 &
@@ -268 +269 @@
 \end{tabular}
 \end{cquote}
-Iterating forward and reverse from a starting node to an ending node through the remaining list.
-\begin{cquote}
-\setlength{\tabcolsep}{15pt}
-\begin{tabular}{@{}l|l@{}}
-\begin{cfa}
-for ( node & it = @n2@; &it @!= &n4@; &it = &it`@next@ ) ...
-for ( node & it = @n4@; &it @!= &n2@; &it = &it`@prev@ ) ...
+Iterating forward and reverse from a starting node to an ending node through the contained list.
+\begin{cquote}
+\setlength{\tabcolsep}{15pt}
+\begin{tabular}{@{}l|l@{}}
+\begin{cfa}
+for ( node & it = @n2@; &it @!= &n4@; &it = &@next@( it ) ) ...
+for ( node & it = @n4@; &it @!= &n2@; &it = &@prev@( it ) ) ...
 \end{cfa}
 &
@@ -284 +285 @@
 \end{cquote}
 Iterating forward and reverse through the entire list using the shorthand start at the list head and pick a direction.
-In this case, @next@ and @prev@ return a boolean, like \CC @while ( cin >> i )@.
-\begin{cquote}
-\setlength{\tabcolsep}{15pt}
-\begin{tabular}{@{}l|l@{}}
-\begin{cfa}
-for ( node & it = list`@head@; it`@next@; ) ...
-for ( node & it = list`@head@; it`@prev@; ) ...
+In this case, @advance@ and @recede@ return a boolean, like \CC @while ( cin >> i )@.
+\begin{cquote}
+\setlength{\tabcolsep}{15pt}
+\begin{tabular}{@{}l|l@{}}
+\begin{cfa}
+for ( node & it = @iter@( list ); @advance@( it ); ) ...
+for ( node & it = @iter@( list ); @recede@( it ); ) ...
 \end{cfa}
 &
@@ -330 +331 @@
 \end{tabular}
 \end{cquote}
-The ability to provide a language-level @foreach@ is a future \CFA project.
+Macros are not ideal, so future work is to provide a language-level @foreach@ statement, like \CC.
 Finally, a predicate can be added to any of the manual iteration loops.
 \begin{cquote}
@@ -336 +337 @@
 \begin{tabular}{@{}l|l@{}}
 \begin{cfa}
-for ( node & it = list`first; &it @&& !(it.v == 3)@; &it = &it`next ) ...
-for ( node & it = list`last; &it @&& !(it.v == 1)@; &it = &it`prev ) ...
-for ( node & it = list`head; it`next @&& !(it.v == 3)@; ) ...
-for ( node & it = list`head; it`prev @&& !(it.v == 1)@; ) ...
+for ( node & it = first( list ); &it @&& !(it.v == 3)@; &it = &next( it ) ) ...
+for ( node & it = last( list ); &it @&& !(it.v == 1)@; &it = &prev( it ) ) ...
+for ( node & it = iter( list ); advance( it ) @&& !(it.v == 3)@; ) ...
+for ( node & it = iter( list ); recede( it ) @&& !(it.v == 1)@; ) ...
 \end{cfa}
 &
@@ -439 +440 @@
 
 
-
 \section{Implementation}
-
-\subsection{Links}
 
 \VRef[Figure]{fig:lst-impl-links} continues the running @req@ example, now showing the \CFA list library's internal representation.
 The @dlink@ structure contains exactly two pointers: @next@ and @prev@, which are opaque to a user.
-Even though the user-facing list model is ordered (linear), the CFA library implements all listing as circular.
+Even though the user-facing list model is linear, the CFA library implements all listing as circular.
 This choice helps achieve uniform end treatment and TODO finish summarizing benefit.
 A link pointer targets a neighbouring @dlink@ structure, rather than a neighbouring @req@.
@@ -460 +458 @@
 \end{figure}
 
-Link pointers are internally tagged according to whether the link is user-visible.
-Links among user-requested neighbours are left natural, with the tag bit not set.
-System-added links, which produce the circular implementation, have the tag bit set.
+System-added link pointers (dashed lines) are internally tagged to indicate linear endpoints that are the circular pointers.
+Links among neighbour nodes are not tagged.
 Iteration reports ``has more elements'' when crossing natural links, and ``no more elements'' upon reaching a tagged link.
 
 In a headed list, the list head (@dlist(req)@) acts as an extra element in the implementation-level circularly-linked list.
-The content of a @dlist@ is a (private) @dlink@, with the @next@ pointer purposed for the first element, and the @prev@ pointer purposed for the last element.
-Since the head wraps a @dlink@, since a @req@ does too, and since a link-pointer targets a @dlink@, the resulting cycle is among @dlink@ structures, situated inside of other things.
-The tags on the links say what the wrapper is: untagged (user link) means the targeted @dlink@ is within a @req@, while tagged (system link) means the targeted @dlink@ is within a list head.
-
-In a headless list, the circular backing list is only among @dlink@s within @req@s.  The tags are set on the links that a user cannot navigate.
-
-No distinction is made between an unlisted item under a headed model and a singleton list under a headless model.  Both are represented as an item referring to itself, with both tags set.
-
+The content of a @dlist@ is a (private) @dlink@, with the @next@ pointer to the first element, and the @prev@ pointer to the last element.
+Since the head wraps a @dlink@, as does a @req@ does too, and since a link-pointer targets a @dlink@, the resulting cycle is among @dlink@ structures, situated inside of header/node.
+An untagged pointer points within a @req@, while a tagged pointer points within a list head.
+In a headless list, the circular backing list is only among @dlink@s within @req@s.
+The tags are set on the links that a user cannot navigate.
+
+No distinction is made between an unlisted item under a headed model and a singleton list under a headless model.
+Both are represented as an item referring to itself, with both tags set.
 
 

doc/theses/mike_brooks_MMath/programs/bkgd-carray-mdim.c

@@ -14 +14 @@
 
 int main() {
-        float ar[3][10];
-        static_assert( sizeof(float) == 4 );    $\C{// floats (atomic elements) are 4 bytes}$
-        static_assert( sizeof(void*) == 8 );    $\C{// pointers are 8 bytes}$
+        float mx[3][10];
+        static_assert( sizeof(float) == 4 );    $\C[3.25in]{// floats (atomic elements) are 4 bytes}$
+        static_assert( sizeof(void *) == 8 );   $\C{// pointers are 8 bytes}$
 
-        static_assert( sizeof(ar) == 120 );             $\C{// the array, float[3][10]}$
-        static_assert( sizeof(ar[0]) == 40 );   $\C{// its first element, float[10]}$
-        static_assert( sizeof(ar[0][0]) == 4 ); $\C{// its first grand element, float}$
+        static_assert( sizeof(mx) == 120 );             $\C{// the array, float[3][10]}$
+        static_assert( sizeof(mx[0]) == 40 );   $\C{// its first element, float[10]}$
+        static_assert( sizeof(mx[0][0]) == 4 ); $\C{// its first grand element, float}$
 
-        static_assert( sizeof(&(ar)) == 8 );    $\C{// pointer to the array, float(*)[3][10]}$
-        static_assert( sizeof(&(ar[0])) == 8 ); $\C{// pointer to its first element, float(*)[10]}$
-        static_assert( sizeof(&(ar[0][0])) == 8 );      $\C{// pointer to its first grand-element, float*}$
+        static_assert( sizeof(&(mx)) == 8 );    $\C{// pointer to the array, float(*)[3][10]}$
+        static_assert( sizeof(&(mx[0])) == 8 ); $\C{// pointer to its first element, float(*)[10]}$
+        static_assert( sizeof(&(mx[0][0])) == 8 );      $\C{// pointer to its first grand-element, float*}\CRT$
 
-        float (*pa)[3][10] = &(ar);
-        float (*pa0)[10] = &(ar[0]);
-        float *pa00 = &(ar[0][0]);
+        float (*pm)[3][10] = &(mx);
+        float (*pm0)[10] = &(mx[0]);
+        float *pm00 = &(mx[0][0]);
 
-        static_assert( (void*)&ar == (void*)&(ar[0] ) );
-        static_assert( (void*)&ar == (void*)&(ar[0][0]) );
+        static_assert( (void *)&mx == (void *)&(mx[0] ) );
+        static_assert( (void *)&mx == (void *)&(mx[0][0]) );
 
-        assert( (void *) pa == (void *) pa0 );
-        assert( (void *) pa == (void *) pa00 );
+        assert( (void *) pm == (void *) pm0 );
+        assert( (void *) pm == (void *) pm00 );
 
 //      float (*b[3])[10];
-        float *b[3];
+        float * b[3];
         for (int i = 0; i < 3; i ++) {
                 b[i] = malloc(sizeof(float[10]));
         }
-        ar[2][3];
+        mx[2][3];
         b[2][3];
 /*

doc/theses/mike_brooks_MMath/programs/lst-features-intro.run.cfa

@@ -50 +50 @@
 
 
-while( req & cur = reqs`elems; cur`moveNext )
+        while( req & cur = iter( reqs ); advance( cur ) )
         printf("{%d %d} ", cur.pri, cur.rqr);
 printf("\n");

doc/theses/mike_brooks_MMath/programs/lst-features-multidir.run.cfa

@@ -79 +79 @@
 
 with(DLINK_VIA(req, req.by_pri)) {
-        while( req & cur = reqs_pri_global`elems; cur`moveNext )
+        while( req & cur = iter( reqs_pri_global ); advance( cur ) )
                 printf("{%d %d} ", cur.pri, cur.rqr);
         printf("| ");
@@ -85 +85 @@
 
 with(DLINK_VIA(req, req.by_rqr)) {
-        while( req & cur = reqs_rqr_42`elems; cur`moveNext )
+        while( req & cur = iter( reqs_rqr_42 ); advance( cur ) )
                 printf("{%d %d} ", cur.pri, cur.rqr);
         printf("| ");
-        while( req & cur = reqs_rqr_17`elems; cur`moveNext )
+        while( req & cur = iter( reqs_rqr_17 ); advance( cur ) )
                 printf("{%d %d} ", cur.pri, cur.rqr);
         printf("| ");
-        while( req & cur = reqs_rqr_99`elems; cur`moveNext )
+        while( req & cur = iter( reqs_rqr_99 ); advance( cur ) )
                 printf("{%d %d} ", cur.pri, cur.rqr);
         printf("\n");