Context Navigation

← Previous Change
Next Change →

Changeset d95969a for doc/theses/andrew_beach_MMath

Timestamp:

Jan 25, 2021, 3:45:42 PM (5 years ago)

Author:

Thierry Delisle <tdelisle@…>

Branches:

ADT, arm-eh, ast-experimental, enum, forall-pointer-decay, jacob/cs343-translation, master, new-ast-unique-expr, pthread-emulation, qualifiedEnum, stuck-waitfor-destruct

Children:

Parents:

b6a8b31 (diff), 7158202 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

Message:

Merge branch 'master' of plg.uwaterloo.ca:software/cfa/cfa-cc

Location:

doc/theses/andrew_beach_MMath

Files:

: 3 added
: 7 edited

.gitignore (modified) (1 diff)
Makefile (modified) (3 diffs)
existing.tex (modified) (1 diff)
features.tex (modified) (1 diff)
future.tex (modified) (3 diffs)
implement.tex (modified) (21 diffs)
unwinding.tex (modified) (11 diffs)
uw-ethesis-frontpgs.tex (added)
uw-ethesis.bib (added)
uw-ethesis.tex (added)

Legend:

: Unmodified
: Added
: Removed

doc/theses/andrew_beach_MMath/.gitignore

rb6a8b31	rd95969a
3	3
4	4	# Final Files:
5		~~thesis~~.pdf
	5	*.pdf
6	6
7	7	# The Makefile here is not generated.

doc/theses/andrew_beach_MMath/Makefile

-              rb6a8b31
+              rd95969a
 ### Makefile for Andrew Beach's Masters Thesis
 DOC=thesis.pdf
+DOC=uw-ethesis.pdf
 BUILD=out
 TEXSRC=$(wildcard *.tex)
 …
 STYSRC=$(wildcard *.sty)
 CLSSRC=$(wildcard *.cls)
 TEXLIB= .:${BUILD}:
+TEXLIB= .:../../LaTeXmacros:${BUILD}:
 BIBLIB= .:../../bibliography
 …
         ${LATEX} ${BASE}
         ${BIBTEX} ${BUILD}/${BASE}
+        ${LATEX} ${BASE}
         ${GLOSSARY} ${BUILD}/${BASE}
         ${LATEX} ${BASE}

doc/theses/andrew_beach_MMath/existing.tex

-              rb6a8b31
+              rd95969a
+\chapter{\CFA{} Existing Features}
+\section{Overloading and extern}
+Cforall has overloading, allowing multiple definitions of the same name to
+be defined.
+This also adds name mangling so that the assembly symbols are unique for
+different overloads. For compatability with names in C there is also a
+syntax to diable the name mangling. These unmangled names cannot be overloaded
+but act as the interface between C and \CFA code.
+The syntax for disabling mangling is:
+\begin{lstlisting}
+extern "C" {
+    ...
+}
+\end{lstlisting}
+To re-enable mangling once it is disabled the syntax is:
+\begin{lstlisting}
+extern "Cforall" {
+    ...
+}
+\end{lstlisting}
+Both should occur at the declaration level and effect all the declarations
+in \texttt{...}. Neither care about the state of mangling when they begin
+and will return to that state after the group is finished. So re-enabling
+is only used to nest areas of mangled and unmangled declarations.
+\section{References}
+\CFA adds references to C. These are auto-dereferencing pointers and use the
+same syntax as pointers except they use ampersand (\codeCFA{\&}) instead of
+the asterisk (\codeCFA{*}). They can also be constaint or mutable, if they
+are mutable they may be assigned to by using the address-of operator
+(\codeCFA\&) which converts them into a pointer.
+\chapter{\texorpdfstring{\CFA Existing Features}{Cforall Existing Features}}
+\CFA (C-for-all)~\cite{Cforall} is an open-source project extending ISO C with
+modern safety and productivity features, while still ensuring backwards
+compatibility with C and its programmers.  \CFA is designed to have an
+orthogonal feature-set based closely on the C programming paradigm
+(non-object-oriented) and these features can be added incrementally to an
+existing C code-base allowing programmers to learn \CFA on an as-needed basis.
+Only those \CFA features pertinent to this thesis are discussed.  Many of the
+\CFA syntactic and semantic features used in the thesis should be fairly
+obvious to the reader.
+\section{\texorpdfstring{Overloading and \lstinline|extern|}{Overloading and extern}}
+\CFA has extensive overloading, allowing multiple definitions of the same name
+to be defined.~\cite{Moss18}
+\begin{cfa}
+char i; int i; double i;                        $\C[3.75in]{// variable overload}$
+int f(); double f();                            $\C{// return overload}$
+void g( int ); void g( double );        $\C{// parameter overload}\CRT$
+\end{cfa}
+This feature requires name mangling so the assembly symbols are unique for
+different overloads. For compatibility with names in C, there is also a syntax
+to disable name mangling. These unmangled names cannot be overloaded but act as
+the interface between C and \CFA code.  The syntax for disabling/enabling
+mangling is:
+\begin{cfa}
+// name mangling
+int i; // _X1ii_1
+@extern "C"@ {  // no name mangling
+        int j; // j
+        @extern "Cforall"@ {  // name mangling
+                int k; // _X1ki_1
+        }
+        // no name mangling
+}
+// name mangling
+\end{cfa}
+Both forms of @extern@ affect all the declarations within their nested lexical
+scope and transition back to the previous mangling state when the lexical scope
+ends.
+\section{Reference Type}
+\CFA adds a rebindable reference type to C, but more expressive than the \CC
+reference.  Multi-level references are allowed and act like auto-dereferenced
+pointers using the ampersand (@&@) instead of the pointer asterisk (@*@). \CFA
+references may also be mutable or non-mutable. If mutable, a reference variable
+may be assigned to using the address-of operator (@&@), which converts the
+reference to a pointer.
+\begin{cfa}
+int i, j;
+int @&@ ri = i, @&&@ rri = ri;
+rri = 3;  // auto-dereference assign to i
+@&@ri = @&@j; // rebindable
+ri = 5;   // assign to j
+\end{cfa}
 \section{Constructors and Destructors}
 Both constructors and destructors are operators, which means they are just
+functions with special names. The special names are used to define them and
+may be used to call the functions expicately. The \CFA special names are
+constructed by taking the tokens in the operators and putting \texttt{?} where
+the arguments would go. So multiplication is \texttt{?*?} while dereference
+is \texttt{*?}. This also make it easy to tell the difference between
+pre-fix operations (such as \texttt{++?}) and post-fix operations
+(\texttt{?++}).
+The special name for contructors is \texttt{?\{\}}, which comes from the
+initialization syntax in C. The special name for destructors is
+\texttt{\^{}?\{\}}. % I don't like the \^{} symbol but $^\wedge$ isn't better.
+Any time a type T goes out of scope the destructor matching
+\codeCFA{void ^?\{\}(T \&);} is called. In theory this is also true of
+primitive types such as \codeCFA{int}, but in practice those are no-ops and
+are usually omitted for optimization.
+functions with special operator names rather than type names in \CC. The
+special operator names may be used to call the functions explicitly (not
+allowed in \CC for constructors).
+In general, operator names in \CFA are constructed by bracketing an operator
+token with @?@, which indicates where the arguments. For example, infixed
+multiplication is @?*?@ while prefix dereference is @*?@. This syntax make it
+easy to tell the difference between prefix operations (such as @++?@) and
+post-fix operations (@?++@).
+The special name for a constructor is @?{}@, which comes from the
+initialization syntax in C. The special name for a destructor is @^{}@, where
+the @^@ has no special meaning.
+% I don't like the \^{} symbol but $^\wedge$ isn't better.
+\begin{cfa}
+struct T { ... };
+void ?@{}@(@T &@ this, ...) { ... }  // constructor
+void ?@^{}@(@T &@ this, ...) { ... } // destructor
+{
+        T s = @{@ ... @}@;  // same constructor/initialization braces
+} // destructor call automatically generated
+\end{cfa}
+The first parameter is a reference parameter to the type for the
+constructor/destructor. Destructors may have multiple parameters.  The compiler
+implicitly matches an overloaded constructor @void ^?{}(T &, ...);@ to an
+object declaration with associated initialization, and generates a construction
+call after the object is allocated. When an object goes out of scope, the
+matching overloaded destructor @void ^?{}(T &);@ is called.  Without explicit
+definition, \CFA creates a default and copy constructor, destructor and
+assignment (like \CC). It is possible to define constructors/destructors for
+basic and existing types.
 \section{Polymorphism}
+\CFA uses polymorphism to create functions and types that are defined over
+different types. \CFA polymorphic declarations serve the same role as \CPP
+templates or Java generics.
+Polymorphic declaractions start with a forall clause that goes before the
+standard (monomorphic) declaration. These declarations have the same syntax
+except that you may use the names introduced by the forall clause in them.
+Forall clauses are written \codeCFA{forall( ... )} where \codeCFA{...} becomes
+the list of polymorphic variables (local type names) and assertions, which
+repersent required operations on those types.
+\begin{lstlisting}
+forall(dtype T | { void do_once(T &); })
+void do_twice(T & value) {
+    do_once(value);
+    do_once(value);
+}
+\end{lstlisting}
+A polymorphic function can be used in the same way normal functions are.
+The polymorphics variables are filled in with concrete types and the
+assertions are checked. An assertion checked by seeing if that name of that
+type (with all the variables replaced with the concrete types) is defined at
+the the call site.
+As an example, even if no function named \codeCFA{do_once} is not defined
+near the definition of \codeCFA{do_twice} the following code will work.
+\begin{lstlisting}
+\CFA uses parametric polymorphism to create functions and types that are
+defined over multiple types. \CFA polymorphic declarations serve the same role
+as \CC templates or Java generics. The ``parametric'' means the polymorphism is
+accomplished by passing argument operations to associate \emph{parameters} at
+the call site, and these parameters are used in the function to differentiate
+among the types the function operates on.
+Polymorphic declarations start with a universal @forall@ clause that goes
+before the standard (monomorphic) declaration. These declarations have the same
+syntax except they may use the universal type names introduced by the @forall@
+clause.  For example, the following is a polymorphic identity function that
+works on any type @T@:
+\begin{cfa}
+@forall( T )@ @T@ identity( @T@ val ) { return val; }
+int forty_two = identity( 42 ); // T bound to int, forty_two == 42
+\end{cfa}
+To allow a polymorphic function to be separately compiled, the type @T@ must be
+constrained by the operations used on @T@ in the function body. The @forall@
+clauses is augmented with a list of polymorphic variables (local type names)
+and assertions (constraints), which represent the required operations on those
+types used in a function, \eg:
+\begin{cfa}
+forall( T @| { void do_once(T); }@) // assertion
+void do_twice(T value) {
+        do_once(value);
+        do_once(value);
+}
+void do_once(int i) { ... }  // provide assertion
+int i;
+do_twice(i); // implicitly pass assertion do_once to do_twice
+\end{cfa}
+Any object with a type fulfilling the assertion may be passed as an argument to
+a @do_twice@ call.
+A polymorphic function can be used in the same way as a normal function.  The
+polymorphic variables are filled in with concrete types and the assertions are
+checked. An assertion is checked by verifying each assertion operation (with
+all the variables replaced with the concrete types from the arguments) is
+defined at a call site.
+Note, a function named @do_once@ is not required in the scope of @do_twice@ to
+compile it, unlike \CC template expansion. Furthermore, call-site inferencing
+allows local replacement of the most specific parametric functions needs for a
+call.
+\begin{cfa}
+void do_once(double y) { ... } // global
 int quadruple(int x) {
+    void do_once(int & y) {
+        y = y * 2;
+    }
+    do_twice(x);
+    return x;
+}
+\end{lstlisting}
+This is not the recommended way to implement a quadruple function but it
+does work. The complier will deduce that \codeCFA{do_twice}'s T is an
+integer from the argument. It will then look for a definition matching the
+assertion which is the \codeCFA{do_once} defined within the function. That
+function will be passed in as a function pointer to \codeCFA{do_twice} and
+called within it.
+To avoid typing out long lists of assertions again and again there are also
+traits which collect assertions into convenent packages that can then be used
+in assertion lists instead of all of their components.
+\begin{lstlisting}
+trait done_once(dtype T) {
+    void do_once(T &);
+}
+\end{lstlisting}
+After this the forall list in the previous example could instead be written
+with the trait instead of the assertion itself.
+\begin{lstlisting}
+forall(dtype T | done_once(T))
+\end{lstlisting}
+Traits can have arbitrary number of assertions in them and are usually used to
+create short hands for, and give descriptive names to, commond groupings of
+assertions.
+Polymorphic structures and unions may also be defined by putting a forall
+clause before the declaration. The type variables work the same way except
+are now used in field declaractions instead of parameters and local variables.
+\begin{lstlisting}
+        void do_once(int y) { y = y * 2; } // local
+        do_twice(x); // using local "do_once"
+        return x;
+}
+\end{cfa}
+Specifically, the complier deduces that @do_twice@'s T is an integer from the
+argument @x@. It then looks for the most specific definition matching the
+assertion, which is the nested integral @do_once@ defined within the
+function. The matched assertion function is then passed as a function pointer
+to @do_twice@ and called within it.
+To avoid typing long lists of assertions, constraints can be collect into
+convenient packages called a @trait@, which can then be used in an assertion
+instead of the individual constraints.
+\begin{cfa}
+trait done_once(T) {
+        void do_once(T);
+}
+\end{cfa}
+and the @forall@ list in the previous example is replaced with the trait.
+\begin{cfa}
+forall(dtype T | @done_once(T)@)
+\end{cfa}
+In general, a trait can contain an arbitrary number of assertions, both
+functions and variables, and are usually used to create a shorthand for, and
+give descriptive names to, common groupings of assertions describing a certain
+functionality, like @sumable@, @listable@, \etc.
+Polymorphic structures and unions are defined by qualifying the aggregate type
+with @forall@. The type variables work the same except they are used in field
+declarations instead of parameters, returns, and local variable declarations.
+\begin{cfa}
 forall(dtype T)
 struct node {
+    node(T) * next;
+    T * data;
+}
+\end{lstlisting}
+The \codeCFA{node(T)} is a use of a polymorphic structure. Polymorphic types
+must be provided their polymorphic parameters.
+There are many other features of polymorphism that have not given here but
+these are the ones used by the exception system.
+        node(T) * next;  // generic linked node
+        T * data;
+}
+\end{cfa}
+The generic type @node(T)@ is an example of a polymorphic-type usage.  Like \CC
+templates usage, a polymorphic-type usage must specify a type parameter.
+There are many other polymorphism features in \CFA but these are the ones used
+by the exception system.
 \section{Concurrency}
+\CFA has a number of concurrency features, \codeCFA{thread}s,
+\codeCFA{monitor}s and \codeCFA{mutex} parameters, \codeCFA{coroutine}s and
+\codeCFA{generator}s. The two features that interact with the exception system
+are \codeCFA{thread}s and \codeCFA{coroutine}s; they and their supporting
+constructs will be described here.
+\subsection{Coroutines}
+Coroutines are routines that do not have to finish execution to hand control
+back to their caller, instead they may suspend their execution at any time
+and resume it later.
+Coroutines are not true concurrency but share some similarities and many of
+the same underpinnings and so are included as part of the \CFA threading
+library.
+In \CFA coroutines are created using the \codeCFA{coroutine} keyword which
+works just like \codeCFA{struct} except that the created structure will be
+modified by the compiler to satify the \codeCFA{is_coroutine} trait.
+These structures act as the interface between callers and the coroutine,
+the fields are used to pass information in and out. Here is a simple example
+where the single field is used to pass the next number in a sequence out.
+\begin{lstlisting}
+\CFA has a number of concurrency features: @thread@, @monitor@, @mutex@
+parameters, @coroutine@ and @generator@. The two features that interact with
+the exception system are @thread@ and @coroutine@; they and their supporting
+constructs are described here.
+\subsection{Coroutine}
+A coroutine is a type with associated functions, where the functions are not
+required to finish execution when control is handed back to the caller. Instead
+they may suspend execution at any time and be resumed later at the point of
+last suspension. (Generators are stackless and coroutines are stackful.) These
+types are not concurrent but share some similarities along with common
+underpinnings, so they are combined with the \CFA threading library. Further
+discussion in this section only refers to the coroutine because generators are
+similar.
+In \CFA, a coroutine is created using the @coroutine@ keyword, which is an
+aggregate type like @struct,@ except the structure is implicitly modified by
+the compiler to satisfy the @is_coroutine@ trait; hence, a coroutine is
+restricted by the type system to types that provide this special trait.  The
+coroutine structure acts as the interface between callers and the coroutine,
+and its fields are used to pass information in and out of coroutine interface
+functions.
+Here is a simple example where a single field is used to pass (communicate) the
+next number in a sequence.
+\begin{cfa}
 coroutine CountUp {
+    unsigned int next;
+}
+\end{lstlisting}
+The routine part of the coroutine is a main function for the coroutine. It
+takes a reference to a coroutine object and returns nothing. In this function,
+and any functions called by this function, the suspend statement may be used
+to return execution to the coroutine's caller. When control returns to the
+function it continue from that same suspend statement instead of at the top
+of the function.
+\begin{lstlisting}
+void main(CountUp & this) {
+    unsigned int next = 0;
+    while (true) {
+        this.next = next;
+        suspend;
+        next = next + 1;
+    }
+}
+\end{lstlisting}
+Control is passed to the coroutine with the resume function. This includes the
+first time when the coroutine is starting up. The resume function takes a
+reference to the coroutine structure and returns the same reference. The
+return value is for easy access to communication variables. For example the
+next value from a count-up can be generated and collected in a single
+expression: \codeCFA{resume(count).next}.
+        unsigned int next; // communication variable
+}
+CountUp countup;
+\end{cfa}
+Each coroutine has @main@ function, which takes a reference to a coroutine
+object and returns @void@.
+\begin{cfa}[numbers=left]
+void main(@CountUp & this@) { // argument matches trait is_coroutine
+        unsigned int up = 0;  // retained between calls
+        while (true) {
+                next = up; // make "up" available outside function
+                @suspend;@$\label{suspend}$
+                up += 1;
+        }
+}
+\end{cfa}
+In this function, or functions called by this function (helper functions), the
+@suspend@ statement is used to return execution to the coroutine's caller
+without terminating the coroutine.
+A coroutine is resumed by calling the @resume@ function, \eg @resume(countup)@.
+The first resume calls the @main@ function at the top. Thereafter, resume calls
+continue a coroutine in the last suspended function after the @suspend@
+statement, in this case @main@ line~\ref{suspend}.  The @resume@ function takes
+a reference to the coroutine structure and returns the same reference. The
+return value allows easy access to communication variables defined in the
+coroutine object. For example, the @next@ value for coroutine object @countup@
+is both generated and collected in the single expression:
+@resume(countup).next@.
 \subsection{Monitors and Mutex}
+True concurrency does not garrenty ordering. To get some of that ordering back
+\CFA uses monitors and mutex (mutual exclution) parameters. A monitor is
+another special declaration that contains a lock and is compatable with mutex
+parameters.
+Function parameters can have the \codeCFA{mutex} qualifiers on reference
+arguments, for example \codeCFA{void example(a_monitor & mutex arg);}. When the
+function is called it will acquire the lock on all of the mutex parameters.
+This means that all functions that mutex on a type are part of a critical
+section and only one will ever run at a time.
+Concurrency does not guarantee ordering; without ordering results are
+non-deterministic. To claw back ordering, \CFA uses monitors and @mutex@
+(mutual exclusion) parameters. A monitor is another kind of aggregate, where
+the compiler implicitly inserts a lock and instances are compatible with
+@mutex@ parameters.
+A function that requires deterministic (ordered) execution, acquires mutual
+exclusion on a monitor object by qualifying an object reference parameter with
+@mutex@.
+\begin{cfa}
+void example(MonitorA & @mutex@ argA, MonitorB & @mutex@ argB);
+\end{cfa}
+When the function is called, it implicitly acquires the monitor lock for all of
+the mutex parameters without deadlock.  This semantics means all functions with
+the same mutex type(s) are part of a critical section for objects of that type
+and only one runs at a time.
 \subsection{Threads}
+While coroutines allow new things to be done with a single execution path
+threads actually introduce new paths of execution that continue independently.
+Now for threads to work together their must be some communication between them
+and that means the timing of certain operations does have to be known. There
+or various means of syncronization and mutual exclution provided by \CFA but
+for exceptions only the basic two -- fork and join -- are needed.
+Threads are created like coroutines except the keyword is changed:
+\begin{lstlisting}
+Functions, generators, and coroutines are sequential so there is only a single
+(but potentially sophisticated) execution path in a program. Threads introduce
+multiple execution paths that continue independently.
+For threads to work safely with objects requires mutual exclusion using
+monitors and mutex parameters. For threads to work safely with other threads,
+also requires mutual exclusion in the form of a communication rendezvous, which
+also supports internal synchronization as for mutex objects. For exceptions
+only the basic two basic operations are important: thread fork and join.
+Threads are created like coroutines with an associated @main@ function:
+\begin{cfa}
 thread StringWorker {
     const char * input;
     int result;
+        const char * input;
+        int result;
 };
 void main(StringWorker & this) {
+    const char * localCopy = this.input;
+    // ... do some work, perhaps hashing the string ...
+    this.result = result;
+}
+\end{lstlisting}
+The main function will start executing after the fork operation and continue
+executing until it is finished. If another thread joins with this one it will
+wait until main has completed execution. In other words everything the thread
+does is between fork and join.
+From the outside this is the creation and destruction of the thread object.
+Fork happens after the constructor is run and join happens before the
+destructor runs. Join also happens during the \codeCFA{join} function which
+can be used to join a thread earlier. If it is used the destructor does not
+join as that has already been completed.
+        const char * localCopy = this.input;
+        // ... do some work, perhaps hashing the string ...
+        this.result = result;
+}
+{
+        StringWorker stringworker; // fork thread running in "main"
+} // implicitly join with thread $\(\Rightarrow\)$ wait for completion
+\end{cfa}
+The thread main is where a new thread starts execution after a fork operation
+and then the thread continues executing until it is finished. If another thread
+joins with an executing thread, it waits until the executing main completes
+execution. In other words, everything a thread does is between a fork and join.
+From the outside, this behaviour is accomplished through creation and
+destruction of a thread object.  Implicitly, fork happens after a thread
+object's constructor is run and join happens before the destructor runs. Join
+can also be specified explicitly using the @join@ function to wait for a
+thread's completion independently from its deallocation (\ie destructor
+call). If @join@ is called explicitly, the destructor does not implicitly join.

doc/theses/andrew_beach_MMath/features.tex

-              rb6a8b31
+              rd95969a
+\chapter{Features}
+This chapter covers the design and user interface of the \CFA exception
+handling mechanism.
+\section{Virtual Casts}
+Virtual casts and virtual types are not truly part of the exception system but
+they did not exist in \CFA and are useful in exceptions. So a minimal version
+of they virtual system was designed and implemented.
+Virtual types are organizied in simple hierarchies. Each virtual type may have
+a parent and can have any number of children. A type's descendants are its
+children and its children's descendants. A type may not be its own descendant.
+Each virtual type has an associated virtual table type. A virtual table is a
+structure that has fields for all the virtual members of a type. A virtual
+type has all the virtual members of its parent and can add more. It may also
+update the values of the virtual members.
+Except for virtual casts, this is only used internally in the exception
+system. There is no general purpose interface for the other features. A
+a virtual cast has the following syntax:
+\begin{lstlisting}
+\chapter{Exception Features}
+This chapter covers the design and user interface of the \CFA
+exception-handling mechanism.
+\section{Virtuals}
+Virtual types and casts are not required for a basic exception-system but are
+useful for advanced exception features. However, \CFA is not object-oriented so
+there is no obvious concept of virtuals.  Hence, to create advanced exception
+features for this work, I needed to designed and implemented a virtual-like
+system for \CFA.
+Object-oriented languages often organized exceptions into a simple hierarchy,
+\eg Java.
+\begin{center}
+\setlength{\unitlength}{4000sp}%
+\begin{picture}(1605,612)(2011,-1951)
+\put(2100,-1411){\vector(1, 0){225}}
+\put(3450,-1411){\vector(1, 0){225}}
+\put(3550,-1411){\line(0,-1){225}}
+\put(3550,-1636){\vector(1, 0){150}}
+\put(3550,-1636){\line(0,-1){225}}
+\put(3550,-1861){\vector(1, 0){150}}
+\put(2025,-1490){\makebox(0,0)[rb]{\LstBasicStyle{exception}}}
+\put(2400,-1460){\makebox(0,0)[lb]{\LstBasicStyle{arithmetic}}}
+\put(3750,-1460){\makebox(0,0)[lb]{\LstBasicStyle{underflow}}}
+\put(3750,-1690){\makebox(0,0)[lb]{\LstBasicStyle{overflow}}}
+\put(3750,-1920){\makebox(0,0)[lb]{\LstBasicStyle{zerodivide}}}
+\end{picture}%
+\end{center}
+The hierarchy provides the ability to handle an exception at different degrees
+of specificity (left to right).  Hence, it is possible to catch a more general
+exception-type in higher-level code where the implementation details are
+unknown, which reduces tight coupling to the lower-level implementation.
+Otherwise, low-level code changes require higher-level code changes, \eg,
+changing from raising @underflow@ to @overflow@ at the low level means changing
+the matching catch at the high level versus catching the general @arithmetic@
+exception. In detail, each virtual type may have a parent and can have any
+number of children. A type's descendants are its children and its children's
+descendants. A type may not be its own descendant.
+The exception hierarchy allows a handler (@catch@ clause) to match multiple
+exceptions, \eg a base-type handler catches both base and derived
+exception-types.
+\begin{cfa}
+try {
+        ...
+} catch(arithmetic &) {
+        ... // handle arithmetic, underflow, overflow, zerodivide
+}
+\end{cfa}
+Most exception mechanisms perform a linear search of the handlers and select
+the first matching handler, so the order of handers is now important because
+matching is many to one.
+Each virtual type needs an associated virtual table. A virtual table is a
+structure with fields for all the virtual members of a type. A virtual type has
+all the virtual members of its parent and can add more. It may also update the
+values of the virtual members and often does.
+While much of the virtual infrastructure is created, it is currently only used
+internally for exception handling. The only user-level feature is the virtual
+cast, which is the same as the \CC \lstinline[language=C++]|dynamic_cast|.
+\begin{cfa}
 (virtual TYPE)EXPRESSION
+\end{lstlisting}
+This has the same precidence as a traditional C-cast and can be used in the
+same places. This will convert the result of EXPRESSION to the type TYPE. Both
+the type of EXPRESSION and TYPE must be pointers to virtual types.
+The cast is checked and will either return the original value or null, based
+on the result of the check. The check is does the object pointed at have a
+type that is a descendant of the target type. If it is the result is the
+pointer, otherwise the result is null.
+\section{Exceptions}
+\end{cfa}
+Note, the syntax and semantics matches a C-cast, rather than the unusual \CC
+syntax for special casts. Both the type of @EXPRESSION@ and @TYPE@ must be a
+pointer to a virtual type. The cast dynamically checks if the @EXPRESSION@ type
+is the same or a subtype of @TYPE@, and if true, returns a pointer to the
+@EXPRESSION@ object, otherwise it returns @0p@ (null pointer).
+\section{Exception}
 % Leaving until later, hopefully it can talk about actual syntax instead
 % of my many strange macros. Syntax aside I will also have to talk about the
 % features all exceptions support.
+\section{Termination}
+Termination exception throws are likely the most framilar kind, as they are
+used in several popular programming languages. A termination will throw an
+exception, search the stack for a handler, unwind the stack to where the
+handler is defined, execute the handler and then continue execution after
+the handler. They are used when execution cannot continue here.
+Termination has two pieces of syntax it uses. The first is the throw:
+\begin{lstlisting}
+Exceptions are defined by the trait system; there are a series of traits, and
+if a type satisfies them, then it can be used as an exception.  The following
+is the base trait all exceptions need to match.
+\begin{cfa}
+trait is_exception(exceptT &, virtualT &) {
+        virtualT const & @get_exception_vtable@(exceptT *);
+};
+\end{cfa}
+The function takes any pointer, including the null pointer, and returns a
+reference to the virtual-table object. Defining this function also establishes
+the virtual type and a virtual-table pair to the \CFA type-resolver and
+promises @exceptT@ is a virtual type and a child of the base exception-type.
+{\color{blue} PAB: I do not understand this paragraph.}
+One odd thing about @get_exception_vtable@ is that it should always be a
+constant function, returning the same value regardless of its argument.  A
+pointer or reference to the virtual table instance could be used instead,
+however using a function has some ease of implementation advantages and allows
+for easier disambiguation because the virtual type name (or the address of an
+instance that is in scope) can be used instead of the mangled virtual table
+name.  Also note the use of the word ``promise'' in the trait
+description. Currently, \CFA cannot check to see if either @exceptT@ or
+@virtualT@ match the layout requirements. This is considered part of
+@get_exception_vtable@'s correct implementation.
+\section{Raise}
+\CFA provides two kinds of exception raise: termination (see
+\VRef{s:Termination}) and resumption (see \VRef{s:Resumption}), which are
+specified with the following traits.
+\begin{cfa}
+trait is_termination_exception(
+                exceptT &, virtualT & | is_exception(exceptT, virtualT)) {
+        void @defaultTerminationHandler@(exceptT &);
+};
+\end{cfa}
+The function is required to allow a termination raise, but is only called if a
+termination raise does not find an appropriate handler.
+Allowing a resumption raise is similar.
+\begin{cfa}
+trait is_resumption_exception(
+                exceptT &, virtualT & | is_exception(exceptT, virtualT)) {
+        void @defaultResumptionHandler@(exceptT &);
+};
+\end{cfa}
+The function is required to allow a resumption raise, but is only called if a
+resumption raise does not find an appropriate handler.
+Finally there are three convenience macros for referring to the these traits:
+@IS_EXCEPTION@, @IS_TERMINATION_EXCEPTION@ and @IS_RESUMPTION_EXCEPTION@.  Each
+takes the virtual type's name, and for polymorphic types only, the
+parenthesized list of polymorphic arguments. These macros do the name mangling
+to get the virtual-table name and provide the arguments to both sides
+{\color{blue}(PAB: What's a ``side''?)}
+\subsection{Termination}
+\label{s:Termination}
+Termination raise, called ``throw'', is familiar and used in most programming
+languages with exception handling. The semantics of termination is: search the
+stack for a matching handler, unwind the stack frames to the matching handler,
+execute the handler, and continue execution after the handler. Termination is
+used when execution \emph{cannot} return to the throw. To continue execution,
+the program must \emph{recover} in the handler from the failed (unwound)
+execution at the raise to safely proceed after the handler.
+A termination raise is started with the @throw@ statement:
+\begin{cfa}
 throw EXPRESSION;
+\end{lstlisting}
+The expression must evaluate to a reference to a termination exception. A
+termination exception is any exception with a
+\codeCFA{void defaultTerminationHandler(T &);} (the default handler) defined
+on it. The handler is taken from the call sight with \CFA's trait system and
+passed into the exception system along with the exception itself.
+The exception passed into the system is then copied into managed memory.
+This is to ensure it remains in scope during unwinding. It is the user's
+responsibility to make sure the original exception is freed when it goes out
+of scope. Being allocated on the stack is sufficient for this.
+Then the exception system will search the stack starting from the throw and
+proceding towards the base of the stack, from callee to caller. As it goes
+it will check any termination handlers it finds:
+\begin{lstlisting}
+try {
+    TRY_BLOCK
+} catch (EXCEPTION_TYPE * NAME) {
+    HANDLER
+}
+\end{lstlisting}
+This shows a try statement with a single termination handler. The statements
+in TRY\_BLOCK will be executed when control reaches this statement. While
+those statements are being executed if a termination exception is thrown and
+it is not handled by a try statement further up the stack the EHM will check
+all of the terminations handlers attached to the try block, top to bottom.
+At each handler the EHM will check to see if the thrown exception is a
+descendant of EXCEPTION\_TYPE. If it is the pointer to the exception is
+bound to NAME and the statements in HANDLER are executed. If control reaches
+the end of the handler then it exits the block, the exception is freed and
+control continues after the try statement.
+The default handler is only used if no handler for the exception is found
+after the entire stack is searched. When that happens the default handler
+is called with a reference to the exception as its only argument. If the
+handler returns control continues from after the throw statement.
+\paragraph{Conditional Catches}
+Catch clauses may also be written as:
+\begin{lstlisting}
+catch (EXCEPTION_TYPE * NAME ; CONDITION)
+\end{lstlisting}
+This has the same behaviour as a regular catch clause except that if the
+exception matches the given type the condition is also run. If the result is
+true only then is this considered a matching handler. If the result is false
+then the handler does not match and the search continues with the next clause
+in the try block.
+The condition considers all names in scope at the beginning of the try block
+to be in scope along with the name introduce in the catch clause itself.
+\paragraph{Re-Throwing}
+You can also rethrow the most recent termination exception with
+\codeCFA{throw;}. % This is terrible and you should never do it.
+This can be done in a handler or any function that could be called from a
+handler.
+This will start another termination throw reusing the exception, meaning it
+does not copy the exception or allocated any more memory for it. However the
+default handler is still at the original through and could refer to data that
+was on the unwound section of the stack. So instead a new default handler that
+does a program level abort is used.
+\section{Resumption}
+Resumption exceptions are less popular then termination but in many
+regards are simpler and easier to understand. A resumption throws an exception,
+searches for a handler on the stack, executes that handler on top of the stack
+and then continues execution from the throw. These are used when a problem
+needs to be fixed before execution continues.
+A resumption is thrown with a throw resume statement:
+\begin{lstlisting}
+\end{cfa}
+The expression must return a termination-exception reference, where the
+termination exception has a type with a @void defaultTerminationHandler(T &)@
+(default handler) defined. The handler is found at the call site using \CFA's
+trait system and passed into the exception system along with the exception
+itself.
+At runtime, a representation of the exception type and an instance of the
+exception type is copied into managed memory (heap) to ensure it remains in
+scope during unwinding. It is the user's responsibility to ensure the original
+exception object at the throw is freed when it goes out of scope. Being
+allocated on the stack is sufficient for this.
+Then the exception system searches the stack starting from the throw and
+proceeding towards the base of the stack, from callee to caller. At each stack
+frame, a check is made for termination handlers defined by the @catch@ clauses
+of a @try@ statement.
+\begin{cfa}
+try {
+        GUARDED_BLOCK
+} @catch (EXCEPTION_TYPE$\(_1\)$ * NAME)@ { // termination handler 1
+        HANDLER_BLOCK$\(_1\)$
+} @catch (EXCEPTION_TYPE$\(_2\)$ * NAME)@ { // termination handler 2
+        HANDLER_BLOCK$\(_2\)$
+}
+\end{cfa}
+The statements in the @GUARDED_BLOCK@ are executed. If those statements, or any
+functions invoked from those statements, throws an exception, and the exception
+is not handled by a try statement further up the stack, the termination
+handlers are searched for a matching exception type from top to bottom.
+Exception matching checks the representation of the thrown exception-type is
+the same or a descendant type of the exception types in the handler clauses. If
+there is a match, a pointer to the exception object created at the throw is
+bound to @NAME@ and the statements in the associated @HANDLER_BLOCK@ are
+executed. If control reaches the end of the handler, the exception is freed,
+and control continues after the try statement.
+The default handler visible at the throw statement is used if no matching
+termination handler is found after the entire stack is searched. At that point,
+the default handler is called with a reference to the exception object
+generated at the throw. If the default handler returns, the system default
+action is executed, which often terminates the program. This feature allows
+each exception type to define its own action, such as printing an informative
+error message, when an exception is not handled in the program.
+\subsection{Resumption}
+\label{s:Resumption}
+Resumption raise, called ``resume'', is as old as termination
+raise~\cite{Goodenough75} but is less popular. In many ways, resumption is
+simpler and easier to understand, as it is simply a dynamic call (as in
+Lisp). The semantics of resumption is: search the stack for a matching handler,
+execute the handler, and continue execution after the resume. Notice, the stack
+cannot be unwound because execution returns to the raise point. Resumption is
+used used when execution \emph{can} return to the resume. To continue
+execution, the program must \emph{correct} in the handler for the failed
+execution at the raise so execution can safely continue after the resume.
+A resumption raise is started with the @throwResume@ statement:
+\begin{cfa}
 throwResume EXPRESSION;
+\end{lstlisting}
+The result of EXPRESSION must be a resumption exception type. A resumption
+exception type is any type that satifies the assertion
+\codeCFA{void defaultResumptionHandler(T &);} (the default handler). When the
+statement is executed the expression is evaluated and the result is thrown.
+Handlers are declared using clauses in try statements:
+\begin{lstlisting}
+try {
+    TRY_BLOCK
+} catchResume (EXCEPTION_TYPE * NAME) {
+    HANDLER
+}
+\end{lstlisting}
+This is a simple example with the try block and a single resumption handler.
+Multiple resumption handlers can be put in a try statement and they can be
+mixed with termination handlers.
+When a resumption begins it will start searching the stack starting from
+the throw statement and working its way to the callers. In each try statement
+handlers will be tried top to bottom. Each handler is checked by seeing if
+the thrown exception is a descendant of EXCEPTION\_TYPE. If not the search
+continues. Otherwise NAME is bound to a pointer to the exception and the
+HANDLER statements are executed. After they are finished executing control
+continues from the throw statement.
+If no approprate handler is found then the default handler is called. The
+throw statement acts as a regular function call passing the exception to
+the default handler and after the handler finishes executing control continues
+from the throw statement.
+The exception system also tracks the position of a search on the stack. If
+another resumption exception is thrown while a resumption handler is running
+it will first check handlers pushed to the stack by the handler and any
+functions it called, then it will continue from the try statement that the
+handler is a part of; except for the default handler where it continues from
+the throw the default handler was passed to.
+This makes the search pattern for resumption reflect the one for termination,
+which is what most users expect.
+% This might need a diagram. But it is an important part of the justifaction
+\end{cfa}
+The semantics of the @throwResume@ statement are like the @throw@, but the
+expression has a type with a @void defaultResumptionHandler(T &)@ (default
+handler) defined, where the handler is found at the call site by the type
+system.  At runtime, a representation of the exception type and an instance of
+the exception type is \emph{not} copied because the stack is maintained during
+the handler search.
+Then the exception system searches the stack starting from the resume and
+proceeding towards the base of the stack, from callee to caller. At each stack
+frame, a check is made for resumption handlers defined by the @catchResume@
+clauses of a @try@ statement.
+\begin{cfa}
+try {
+        GUARDED_BLOCK
+} @catchResume (EXCEPTION_TYPE$\(_1\)$ * NAME)@ { // resumption handler 1
+        HANDLER_BLOCK$\(_1\)$
+} @catchResume (EXCEPTION_TYPE$\(_2\)$ * NAME)@ { // resumption handler 2
+        HANDLER_BLOCK$\(_2\)$
+}
+\end{cfa}
+The statements in the @GUARDED_BLOCK@ are executed. If those statements, or any
+functions invoked from those statements, resumes an exception, and the
+exception is not handled by a try statement further up the stack, the
+resumption handlers are searched for a matching exception type from top to
+bottom. (Note, termination and resumption handlers may be intermixed in a @try@
+statement but the kind of raise (throw/resume) only matches with the
+corresponding kind of handler clause.)
+The exception search and matching for resumption is the same as for
+termination, including exception inheritance. The difference is when control
+reaches the end of the handler: the resumption handler returns after the resume
+rather than after the try statement. The resume point assumes the handler has
+corrected the problem so execution can safely continue.
+Like termination, if no resumption handler is found, the default handler
+visible at the resume statement is called, and the system default action is
+executed.
+For resumption, the exception system uses stack marking to partition the
+resumption search. If another resumption exception is raised in a resumption
+handler, the second exception search does not start at the point of the
+original raise. (Remember the stack is not unwound and the current handler is
+at the top of the stack.) The search for the second resumption starts at the
+current point on the stack because new try statements may have been pushed by
+the handler or functions called from the handler. If there is no match back to
+the point of the current handler, the search skips the stack frames already
+searched by the first resume and continues after the try statement. The default
+handler always continues from default handler associated with the point where
+the exception is created.
+% This might need a diagram. But it is an important part of the justification
 % of the design of the traversal order.
+It also avoids the recursive resumption problem. If the entire stack is
+searched loops of resumption can form. Consider a handler that handles an
+exception of type A by resuming an exception of type B and on the same stack,
+later in the search path, is a second handler that handles B by resuming A.
+Assuming no other handlers on the stack handle A or B then in either traversal
+system an A resumed from the top of the stack will be handled by the first
+handler. A B resumed from the top or from the first handler it will be handled
+by the second hander. The only difference is when A is thrown from the second
+handler. The entire stack search will call the first handler again, creating a
+loop. Starting from the position in the stack though will break this loop.
+\paragraph{Conditional Catches}
+Resumption supports conditional catch clauses like termination does. They
+use the same syntax except the keyword is changed:
+\begin{lstlisting}
+catchResume (EXCEPTION_TYPE * NAME ; CONDITION)
+\end{lstlisting}
+It also has the same behaviour, after the exception type has been matched
+with the EXCEPTION\_TYPE the CONDITION is evaluated with NAME in scope. If
+the result is true then the hander is run, otherwise the search continues
+just as if there had been a type mismatch.
+\paragraph{Re-Throwing}
+You may also re-throw resumptions with a \codeCFA{throwResume;} statement.
+This can only be done from inside of a \codeCFA{catchResume} block.
+Outside of any side effects of any code already run in the handler this will
+have the same effect as if the exception had not been caught in the first
+place.
+\begin{verbatim}
+       throwResume2 ----------.
+            |                 |
+ generated from handler       |
+            |                 |
+         handler              |
+            |                 |
+        throwResume1 -----.   :
+            |             |   :
+           try            |   : search skip
+            |             |   :
+        catchResume  <----'   :
+            |                 |
+\end{verbatim}
+This resumption search-pattern reflect the one for termination, which matches
+with programmer expectations. However, it avoids the \emph{recursive
+resumption} problem. If parts of the stack are searched multiple times, loops
+can easily form resulting in infinite recursion.
+Consider the trivial case:
+\begin{cfa}
+try {
+        throwResume$\(_1\)$ (E &){};
+} catch( E * ) {
+        throwResume;
+}
+\end{cfa}
+Based on termination semantics, programmer expectation is for the re-resume to
+continue searching the stack frames after the try statement. However, the
+current try statement is still on the stack below the handler issuing the
+reresume (see \VRef{s:Reraise}). Hence, the try statement catches the re-raise
+again and does another re-raise \emph{ad infinitum}, which is confusing and
+difficult to debug. The \CFA resumption search-pattern skips the try statement
+so the reresume search continues after the try, mathcing programmer
+expectation.
+\section{Conditional Catch}
+Both termination and resumption handler-clauses may perform conditional matching:
+\begin{cfa}
+catch (EXCEPTION_TYPE * NAME ; @CONDITION@)
+\end{cfa}
+First, the same semantics is used to match the exception type. Second, if the
+exception matches, @CONDITION@ is executed. The condition expression may
+reference all names in scope at the beginning of the try block and @NAME@
+introduced in the handler clause.  If the condition is true, then the handler
+matches. Otherwise, the exception search continues at the next appropriate kind
+of handler clause in the try block.
+\begin{cfa}
+try {
+        f1 = open( ... );
+        f2 = open( ... );
+        ...
+} catch( IOFailure * f ; fd( f ) == f1 ) {
+        // only handle IO failure for f1
+}
+\end{cfa}
+Note, catching @IOFailure@, checking for @f1@ in the handler, and reraising the
+exception if not @f1@ is different because the reraise does not examine any of
+remaining handlers in the current try statement.
+\section{Reraise}
+\label{s:Reraise}
+Within the handler block or functions called from the handler block, it is
+possible to reraise the most recently caught exception with @throw@ or
+@throwResume@, respective.
+\begin{cfa}
+catch( ... ) {
+        ... throw; // rethrow
+} catchResume( ... ) {
+        ... throwResume; // reresume
+}
+\end{cfa}
+The only difference between a raise and a reraise is that reraise does not
+create a new exception; instead it continues using the current exception, \ie
+no allocation and copy. However the default handler is still set to the one
+visible at the raise point, and hence, for termination could refer to data that
+is part of an unwound stack frame. To prevent this problem, a new default
+handler is generated that does a program-level abort.
 \section{Finally Clauses}
+A \codeCFA{finally} clause may be placed at the end of a try statement after
+all the handler clauses. In the simply case, with no handlers, it looks like
+this:
+\begin{lstlisting}
+try {
+    TRY_BLOCK
+A @finally@ clause may be placed at the end of a @try@ statement.
+\begin{cfa}
+try {
+        GUARDED_BLOCK
+} ...   // any number or kind of handler clauses
 } finally {
+    FINAL_STATEMENTS
+}
+\end{lstlisting}
+Any number of termination handlers and resumption handlers may proceed the
+finally clause.
+The FINAL\_STATEMENTS, the finally block, are executed whenever the try
+statement is removed from the stack. This includes: the TRY\_BLOCK finishes
+executing, a termination exception finishes executing and the stack unwinds.
+Execution of the finally block should finish by letting control run off
+the end of the block. This is because after the finally block is complete
+control will continue to where ever it would if the finally clause was not
+present.
+Because of this local control flow out of the finally block is forbidden.
+The compiler rejects uses of \codeCFA{break}, \codeCFA{continue},
+\codeCFA{fallthru} and \codeCFA{return} that would cause control to leave
+the finally block. Other ways to leave the finally block - such as a long
+jump or termination - are much harder to check, at best requiring additional
+runtime overhead, and so are merely discouraged.
+        FINALLY_BLOCK
+}
+\end{cfa}
+The @FINALLY_BLOCK@ is executed when the try statement is unwound from the
+stack, \ie when the @GUARDED_BLOCK@ or any handler clause finishes. Hence, the
+finally block is always executed.
+Execution of the finally block should always finish, meaning control runs off
+the end of the block. This requirement ensures always continues as if the
+finally clause is not present, \ie finally is for cleanup not changing control
+flow.  Because of this requirement, local control flow out of the finally block
+is forbidden.  The compiler precludes any @break@, @continue@, @fallthru@ or
+@return@ that causes control to leave the finally block. Other ways to leave
+the finally block, such as a long jump or termination are much harder to check,
+and at best requiring additional run-time overhead, and so are discouraged.
 \section{Cancellation}
+Cancellation can be thought of as a stack-level abort or as an uncatchable
+termination. It unwinds the entirety of the current exception and if possible
+passes an exception to a different stack as a message.
+There is no special statement for starting a cancellation, instead you call
+the standard libary function \codeCFA{cancel\_stack} which takes an exception.
+Unlike in a throw this exception is not used in control flow but is just there
+to pass information about why the cancellation happened.
+The handler is decided entirely by which stack is being cancelled. There are
+three handlers that apply to three different groups of stacks:
+\begin{itemize}
+\item Main Stack:
+The main stack is the one on which the program main is called at the beginning
+of your program. It is also the only stack you have without the libcfathreads.
+Because of this there is no other stack ``above" (or possibly at all) for main
+to notify when a cancellation occurs. So after the stack is unwound we do a
+program level abort.
+\item Thread Stack:
+Thread stacks are those created \codeCFA{thread} or otherwise satify the
+\codeCFA{is\_thread} trait.
+Threads only have two structural points of communication that must happen,
+start and join. As the thread must be running to preform a cancellation it
+will be after start and before join, so join is one cancellation uses.
+After the stack is unwound the thread will halt as if had completed normally
+and wait for another thread to join with it. The other thread, when it joins,
+checks for a cancellation. If so it will throw the resumption exception
+\codeCFA{ThreadCancelled}.
+There is a difference here in how explicate joins (with the \codeCFA{join}
+function) and implicate joins (from a destructor call). Explicate joins will
+take the default handler (\codeCFA{defaultResumptionHandler}) from the context
+and use like a regular through does if the exception is not caught. The
+implicate join does a program abort instead.
+This is for safety. One of the big problems in exceptions is you cannot handle
+two terminations or cancellations on the same stack as either can destroy the
+context required for the other. This can happen with join but as the
+destructors will always be run when the stack is being unwound and one
+termination/cancellation is already active. Also since they are implicite they
+are easier to forget about.
+\item Coroutine Stack:
+Coroutine stacks are those created with \codeCFA{coroutine} or otherwise
+satify the \codeCFA{is\_coroutine} trait.
+A coroutine knows of two other coroutines, its starter and its last resumer.
+The last resumer is ``closer" so that is the one notified.
+After the stack is unwound control goes to the last resumer.
+Resume will resume throw a \codeCFA{CoroutineCancelled} exception, which is
+polymorphic over the coroutine type and has a pointer to the coroutine being
+cancelled and the cancelling exception. The resume function also has an
+assertion that the \codeCFA{defaultResumptionHandler} for the exception. So it
+will use the default handler like a regular throw.
+\end{itemize}
+Cancellation is a stack-level abort, which can be thought of as as an
+uncatchable termination. It unwinds the entirety of the current stack, and if
+possible forwards the cancellation exception to a different stack.
+There is no special statement for starting a cancellation; instead the standard
+library function @cancel_stack@ is called passing an exception.  Unlike a
+raise, this exception is not used in matching only to pass information about
+the cause of the cancellation.
+Handling of a cancellation depends on which stack is being cancelled.
+\begin{description}
+\item[Main Stack:]
+The main stack is the one used by the program main at the start of execution,
+and is the only stack in a sequential program.  Hence, when cancellation is
+forwarded to the main stack, there is no other forwarding stack, so after the
+stack is unwound, there is a program-level abort.
+\item[Thread Stack:]
+A thread stack is created for a @thread@ object or object that satisfies the
+@is_thread@ trait.  A thread only has two points of communication that must
+happen: start and join. As the thread must be running to perform a
+cancellation, it must occur after start and before join, so join is a
+cancellation point.  After the stack is unwound, the thread halts and waits for
+another thread to join with it. The joining thread, checks for a cancellation,
+and if present, resumes exception @ThreadCancelled@.
+There is a subtle difference between the explicit join (@join@ function) and
+implicit join (from a destructor call). The explicit join takes the default
+handler (@defaultResumptionHandler@) from its calling context, which is used if
+the exception is not caught. The implicit join does a program abort instead.
+This semantics is for safety. One difficult problem for any exception system is
+defining semantics when an exception is raised during an exception search:
+which exception has priority, the original or new exception? No matter which
+exception is selected, it is possible for the selected one to disrupt or
+destroy the context required for the other. {\color{blue} PAB: I do not
+understand the following sentences.} This loss of information can happen with
+join but as the thread destructor is always run when the stack is being unwound
+and one termination/cancellation is already active. Also since they are
+implicit they are easier to forget about.
+\item[Coroutine Stack:] A coroutine stack is created for a @coroutine@ object
+or object that satisfies the @is_coroutine@ trait.  A coroutine only knows of
+two other coroutines, its starter and its last resumer.  The last resumer has
+the tightest coupling to the coroutine it activated.  Hence, cancellation of
+the active coroutine is forwarded to the last resumer after the stack is
+unwound, as the last resumer has the most precise knowledge about the current
+execution. When the resumer restarts, it resumes exception
+@CoroutineCancelled@, which is polymorphic over the coroutine type and has a
+pointer to the cancelled coroutine.
+The resume function also has an assertion that the @defaultResumptionHandler@
+for the exception. So it will use the default handler like a regular throw.
+\end{description}

doc/theses/andrew_beach_MMath/future.tex

-              rb6a8b31
+              rd95969a
 parts of the exception system that use the current version.
+For instance a full virtual system would probably allow for several
+improvements to the exception traits. Although they do currently work they
+could be made easier to use by making the virtual table type implitate in the
+trait (which would remove the need for those wrapper marcos) or allowing
+for assertions that give the layout of a virtual table for safety.
+There are several improvements to the virtual system that would improve
+the exception traits. The biggest one is an assertion that checks that one
+virtual type is a child of another virtual type. This would capture many of
+the requirements much more precisely.
+The full virtual system might also include other improvement like associated
+types. This is a proposed feature that would allow traits to refer to types
+not listed in their header. This would allow the exception traits to not
+refer to the virtual table type explicatly which would remove the need for
+the interface macros.
 \section{Additional Throws}
 Several other kinds of throws, beyond the termination throw (\codeCFA{throw}),
 the resumption throw (\codeCFA{throwResume}) and the re-throws, were considered.
+Several other kinds of throws, beyond the termination throw (@throw@),
+the resumption throw (@throwResume@) and the re-throws, were considered.
 None were as useful as the core throws but they would likely be worth
 revising.
 …
 Also new techniques to skip previously searched parts of the stack will have
+to be developed.
+to be developed. The recursive resume problem still remains and ideally the
+same pattern of ignoring sections of the stack.
+\section{Support for More Platforms}
+Termination is not portable because it is implemented with inline assembly.
+Those sections will have to be rewritten to support different architectures
+\section{Signal Exceptions}
+Exception Handling: Issues and a Proposed Notation suggests there are three
+types of exceptions: escape, notify and signal.
+Escape exceptions are our termination exceptions, notify exceptions are
+resumption exceptions and that leaves signal exception unimplemented.
+\section{Quality-of-Life Improvements}
+Finally come various improvements to the usability of \CFA. Most of these
+would just require time. Time that would not lead to interesting research so
+it has been left aside for now. A few examples are included here but there
+are more:
+Signal exceptions allow either behaviour, that is after the exception is
+handled control can either return to the throw or from where the handler is
+defined.
+The design should be rexamined and be updated for \CFA. A very direct
+translation would perhaps have a new throw and catch pair and a statement
+(or statements) could be used to decide if the handler returns to the throw
+or continues where it is, but there are other options.
+For instance resumption could be extended to cover this use by allowing
+local control flow out of it. This would require an unwind as part of the
+transition as there are stack frames that have to be removed.
+This would mean there is no notify like throw but because \CFA does not have
+exception signatures a termination can be thrown from any resumption handler
+already so there are already ways one could try to do this in existing \CFA.
+% Maybe talk about the escape; and escape CONTROL_STMT; statements or how
+% if we could choose if _Unwind_Resume proceeded to the clean-up stage this
+% would be much easier to implement.
+\section{Language Improvements}
+There is also a lot of work that are not follow ups to this work in terms of
+research, some have no interesting research to be done at all, but would
+improve \CFA as a programming language. The full list of these would
+naturally be quite extensive but here are a few examples that involve
+exceptions:
 \begin{itemize}
+\item The implementation of termination is not portable because it includes
+some assembly statements. These sections will have to be re-written to so
+\CFA has full support on more machines.
 \item Allowing exception handler to bind the exception to a reference instead
 of a pointer. This should actually result in no change in behaviour so there
 is no reason not to allow it. It is however a small improvement; giving a bit
 of flexibility to the user in what style they want to use.
 \item Enabling local control flow (by \codeCFA{break}, \codeCFA{return} and
+\item Enabling local control flow (by @break@, @return@ and
 similar statements) out of a termination handler. The current set-up makes
 this very difficult but the catch function that runs the handler after it has
 …
 much easier. (To do the same for try blocks would probably wait for zero-cost
 exceptions, which would allow the try block to be inlined as well.)
-\item Enabling local control flow out of a resumption handler. This would be
-a weighty operation, causing a stack unwind like a termination, so there might
-be a different statement or a statement modifier to make sure the user does
-this purposefully.
-However this would require the more complex system as they cannot be inlined
-into the original function as they can be run at a different place on the
-stack. So instead the unwinding will have to carry with it information on
-which one of these points to continue at and possibly also the return value
-for the function if a \codeCFA{return} statement was used.
 \end{itemize}

doc/theses/andrew_beach_MMath/implement.tex

-              rb6a8b31
+              rd95969a
 All of this is accessed through a field inserted at the beginning of every
 virtual type. Currently it is called \codeC{virtual_table} but it is not
+virtual type. Currently it is called @virtual_table@ but it is not
 ment to be accessed by the user. This field is a pointer to the type's
 virtual table instance. It is assigned once during the object's construction
 …
 using that to calculate the mangled name of the parent's virtual table type.
 There are two special fields that are included like normal fields but have
 special initialization rules: the \codeC{size} field is the type's size and is
 initialized with a sizeof expression, the \codeC{align} field is the type's
+special initialization rules: the @size@ field is the type's size and is
+initialized with a sizeof expression, the @align@ field is the type's
 alignment and uses an alignof expression. The remaining fields are resolved
 to a name matching the field's name and type using the normal visibility
 …
 The declarations include the virtual type definition and forward declarations
 of the virtual table instance, constructor, message function and
 \codeCFA{get_exception_vtable}. The definition includes the storage and
+@get_exception_vtable@. The definition includes the storage and
 initialization of the virtual table instance and the bodies of the three
 functions.
 …
 from the per-instance information. The virtual table type and most of the
 functions are polymorphic so they are all part of the core. The virtual table
 instance and the \codeCFA{get_exception_vtable} function.
 Coroutines and threads need instances of \codeCFA{CoroutineCancelled} and
 \codeCFA{ThreadCancelled} respectively to use all of their functionality.
 When a new data type is declared with \codeCFA{coroutine} or \codeCFA{thread}
+instance and the @get_exception_vtable@ function.
+Coroutines and threads need instances of @CoroutineCancelled@ and
+@ThreadCancelled@ respectively to use all of their functionality.
+When a new data type is declared with @coroutine@ or @thread@
 the forward declaration for the instance is created as well. The definition
 of the virtual table is created at the definition of the main function.
 …
 function.
 The function is \codeC{__cfa__virtual_cast} and it is implemented in the
+The function is @__cfa__virtual_cast@ and it is implemented in the
 standard library. It takes a pointer to the target type's virtual table and
 the object pointer being cast. The function is very simple, getting the
 …
 For the generated code a forward decaration of the virtual works as follows.
 There is a forward declaration of \codeC{__cfa__virtual_cast} in every cfa
+There is a forward declaration of @__cfa__virtual_cast@ in every cfa
 file so it can just be used. The object argument is the expression being cast
 so that is just placed in the argument list.
 …
 often across functions.
 At a very basic level this can be done with \codeC{setjmp} \& \codeC{longjmp}
+At a very basic level this can be done with @setjmp@ \& @longjmp@
 which simply move the top of the stack, discarding everything on the stack
 above a certain point. However this ignores all the clean-up code that should
 …
 both of these problems.
 Libunwind, provided in \texttt{unwind.h} on most platorms, is a C library
+Libunwind, provided in @unwind.h@ on most platorms, is a C library
 that provides \CPP style stack unwinding. Its operation is divided into two
 phases. The search phase -- phase 1 -- is used to scan the stack and decide
 …
 GCC will generate an LSDA and attach its personality function with the
 \texttt{-fexceptions} flag. However this only handles the cleanup attribute.
+@-fexceptions@ flag. However this only handles the cleanup attribute.
 This attribute is used on a variable and specifies a function that should be
 run when the variable goes out of scope. The function is passed a pointer to
 …
 messages for special cases (some of which should never be used by the
 personality function) and error codes but unless otherwise noted the
 personality function should always return \codeC{_URC_CONTINUE_UNWIND}.
 The \codeC{version} argument is the verson of the implementation that is
+personality function should always return @_URC_CONTINUE_UNWIND@.
+The @version@ argument is the verson of the implementation that is
 calling the personality function. At this point it appears to always be 1 and
 it will likely stay that way until a new version of the API is updated.
 The \codeC{action} argument is set of flags that tell the personality
+The @action@ argument is set of flags that tell the personality
 function when it is being called and what it must do on this invocation.
 The flags are as follows:
 \begin{itemize}
 \item\codeC{_UA_SEARCH_PHASE}: This flag is set whenever the personality
+\item@_UA_SEARCH_PHASE@: This flag is set whenever the personality
 function is called during the search phase. The personality function should
 decide if unwinding will stop in this function or not. If it does then the
 personality function should return \codeC{_URC_HANDLER_FOUND}.
 \item\codeC{_UA_CLEANUP_PHASE}: This flag is set whenever the personality
+personality function should return @_URC_HANDLER_FOUND@.
+\item@_UA_CLEANUP_PHASE@: This flag is set whenever the personality
 function is called during the cleanup phase. If no other flags are set this
 means the entire frame will be unwound and all cleanup code should be run.
 \item\codeC{_UA_HANDLER_FRAME}: This flag is set during the cleanup phase
+\item@_UA_HANDLER_FRAME@: This flag is set during the cleanup phase
 on the function frame that found the handler. The personality function must
 prepare to return to normal code execution and return
 \codeC{_URC_INSTALL_CONTEXT}.
 \item\codeC{_UA_FORCE_UNWIND}: This flag is set if the personality function
+@_URC_INSTALL_CONTEXT@.
+\item@_UA_FORCE_UNWIND@: This flag is set if the personality function
 is called through a forced unwind call. Forced unwind only performs the
 cleanup phase and uses a different means to decide when to stop. See its
 …
 \end{itemize}
 The \codeC{exception_class} argument is a copy of the \codeC{exception}'s
 \codeC{exception_class} field.
 The \codeC{exception} argument is a pointer to the user provided storage
+The @exception_class@ argument is a copy of the @exception@'s
+@exception_class@ field.
+The @exception@ argument is a pointer to the user provided storage
 object. It has two public fields, the exception class which is actually just
 a number that identifies the exception handling mechanism that created it and
 …
 exception needs to
 The \codeC{context} argument is a pointer to an opaque type. This is passed
+The @context@ argument is a pointer to an opaque type. This is passed
 to the many helper functions that can be called inside the personality
 function.
 …
 functions traversing the stack new-to-old until a function finds a handler or
 the end of the stack is reached. In the latter case raise exception will
 return with \codeC{_URC_END_OF_STACK}.
+return with @_URC_END_OF_STACK@.
 Once a handler has been found raise exception continues onto the the cleanup
 …
 If an error is encountered raise exception will return either
 \codeC{_URC_FATAL_PHASE1_ERROR} or \codeC{_URC_FATAL_PHASE2_ERROR} depending
+@_URC_FATAL_PHASE1_ERROR@ or @_URC_FATAL_PHASE2_ERROR@ depending
 on when the error occured.
 …
 been unwound.
 Each time it is called the stop function should return \codeC{_URC_NO_REASON}
+Each time it is called the stop function should return @_URC_NO_REASON@
 or transfer control directly to other code outside of libunwind. The
 framework does not provide any assistance here.
 Its arguments are the same as the paired personality function.
 The actions \codeC{_UA_CLEANUP_PHASE} and \codeC{_UA_FORCE_UNWIND} are always
+The actions @_UA_CLEANUP_PHASE@ and @_UA_FORCE_UNWIND@ are always
 set when it is called. By the official standard that is all but both GCC and
 Clang add an extra action on the last call at the end of the stack:
 \codeC{_UA_END_OF_STACK}.
+@_UA_END_OF_STACK@.
 \section{Exception Context}
 …
 Each stack has its own exception context. In a purely sequental program, using
 only core Cforall, there is only one stack and the context is global. However
 if the library \texttt{libcfathread} is linked then there can be multiple
+if the library @libcfathread@ is linked then there can be multiple
 stacks so they will each need their own.
 To handle this code always gets the exception context from the function
 \codeC{this_exception_context}. The main exception handling code is in
 \texttt{libcfa} and that library also defines the function as a weak symbol
 so it acts as a default. Meanwhile in \texttt{libcfathread} the function is
+@this_exception_context@. The main exception handling code is in
+@libcfa@ and that library also defines the function as a weak symbol
+so it acts as a default. Meanwhile in @libcfathread@ the function is
 defined as a strong symbol that replaces it when the libraries are linked
 together.
 The version of the function defined in \texttt{libcfa} is very simple. It
+The version of the function defined in @libcfa@ is very simple. It
 returns a pointer to a global static variable. With only one stack this
 global instance is associated with the only stack.
 The version of the function defined in \texttt{libcfathread} has to handle
+The version of the function defined in @libcfathread@ has to handle
 more as there are multiple stacks. The exception context is included as
 part of the per-stack data stored as part of coroutines. In the cold data
 section, stored at the base of each stack, is the exception context for that
 stack. The \codeC{this_exception_context} uses the concurrency library to get
+stack. The @this_exception_context@ uses the concurrency library to get
 the current coroutine and through it the cold data section and the exception
 context.
 …
 to store the exception. Macros with pointer arthritic and type cast are
 used to move between the components or go from the embedded
 \codeC{_Unwind_Exception} to the entire node.
+@_Unwind_Exception@ to the entire node.
 All of these nodes are strung together in a linked list. One linked list per
 …
 C which is what the \CFA compiler outputs so a work-around is used.
 This work around is a function called \codeC{__cfaehm_try_terminate} in the
+This work around is a function called @__cfaehm_try_terminate@ in the
 standard library. The contents of a try block and the termination handlers
 are converted into functions. These are then passed to the try terminate
 …
 These nested functions and all other functions besides
 \codeC{__cfaehm_try_terminate} in \CFA use the GCC personality function and
 the \texttt{-fexceptions} flag to generate the LSDA. This allows destructors
+@__cfaehm_try_terminate@ in \CFA use the GCC personality function and
+the @-fexceptions@ flag to generate the LSDA. This allows destructors
 to be implemented with the cleanup attribute.
 …
 The handler function does both the matching and catching. It tries each
 the condition of \codeCFA{catchResume} in order, top-to-bottom and until it
+the condition of @catchResume@ in order, top-to-bottom and until it
 finds a handler that matches. If no handler matches then the function returns
 false. Otherwise the matching handler is run, if it completes successfully
 the function returns true. Rethrows, through the \codeCFA{throwResume;}
+the function returns true. Rethrows, through the @throwResume;@
 statement, cause the function to return true.
+% Recursive Resumption Stuff:
+Blocking out part of the stack is accomplished by updating the front of the
+list as the search continues. Before the handler at a node is called the head
+of the list is updated to the next node of the current node. After the search
+is complete, successful or not, the head of the list is reset.
+This means the current handler and every handler that has already been
+checked are not on the list while a handler is run. If a resumption is thrown
+during the handling of another resumption the active handlers and all the
+other handler checked up to this point will not be checked again.
+This structure also supports new handler added while the resumption is being
+handled. These are added to the front of the list, pointing back along the
+stack -- the first one will point over all the checked handlers -- and the
+ordering is maintained.
 \subsection{Libunwind Compatibility}
 …
 Cancellation also uses libunwind to do its stack traversal and unwinding,
 however it uses a different primary function \codeC{_Unwind_ForcedUnwind}.
+however it uses a different primary function @_Unwind_ForcedUnwind@.
 Details of its interface can be found in the unwind section.

doc/theses/andrew_beach_MMath/unwinding.tex

-              rb6a8b31
+              rd95969a
 \chapter{Unwinding in \CFA}
+\chapter{\texorpdfstring{Unwinding in \CFA}{Unwinding in Cforall}}
 Stack unwinding is the process of removing things from the stack. Within
 …
 Even this is fairly simple if nothing needs to happen when the stack unwinds.
 Traditional C can unwind the stack by saving and restoring state (with
 \codeC{setjmp} \& \codeC{longjmp}). However many languages define actions that
+@setjmp@ \& @longjmp@). However many languages define actions that
 have to be taken when something is removed from the stack, such as running
 a variable's destructor or a \codeCFA{try} statement's \codeCFA{finally}
+a variable's destructor or a @try@ statement's @finally@
 clause. Handling this requires walking the stack going through each stack
 frame.
 …
 \CFA uses two primary functions in libunwind to create most of its
 exceptional control-flow: \codeC{_Unwind_RaiseException} and
 \codeC{_Unwind_ForcedUnwind}.
+exceptional control-flow: @_Unwind_RaiseException@ and
+@_Unwind_ForcedUnwind@.
 Their operation is divided into two phases: search and clean-up. The search
 phase -- phase 1 -- is used to scan the stack but not unwinding it. The
 …
 A personality function performs three tasks, although not all have to be
 present. The tasks performed are decided by the actions provided.
 \codeC{_Unwind_Action} is a bitmask of possible actions and an argument of
+@_Unwind_Action@ is a bitmask of possible actions and an argument of
 this type is passed into the personality function.
 \begin{itemize}
 \item\codeC{_UA_SEARCH_PHASE} is passed in search phase and tells the
+\item@_UA_SEARCH_PHASE@ is passed in search phase and tells the
 personality function to check for handlers. If there is a handler in this
 stack frame, as defined by the language, the personality function should
 return \codeC{_URC_HANDLER_FOUND}. Otherwise it should return
 \codeC{_URC_CONTINUE_UNWIND}.
 \item\codeC{_UA_CLEANUP_PHASE} is passed in during the clean-up phase and
+return @_URC_HANDLER_FOUND@. Otherwise it should return
+@_URC_CONTINUE_UNWIND@.
+\item@_UA_CLEANUP_PHASE@ is passed in during the clean-up phase and
 means part or all of the stack frame is removed. The personality function
 should do whatever clean-up the language defines
 (such as running destructors/finalizers) and then generally returns
 \codeC{_URC_CONTINUE_UNWIND}.
 \item\codeC{_UA_HANDLER_FRAME} means the personality function must install
+@_URC_CONTINUE_UNWIND@.
+\item@_UA_HANDLER_FRAME@ means the personality function must install
 a handler. It is also passed in during the clean-up phase and is in addition
 to the clean-up action. libunwind provides several helpers for the personality
 function here. Once it is done, the personality function must return
 \codeC{_URC_INSTALL_CONTEXT}.
+@_URC_INSTALL_CONTEXT@.
 \end{itemize}
 The personality function is given a number of other arguments. Some are for
 compatability and there is the \codeC{struct _Unwind_Context} pointer which
+compatability and there is the @struct _Unwind_Context@ pointer which
 passed to many helpers to get information about the current stack frame.
 …
 raise-exception but with some extras.
 The first it passes in an extra action to the personality function on each
 stack frame, \codeC{_UA_FORCE_UNWIND}, which means a handler cannot be
+stack frame, @_UA_FORCE_UNWIND@, which means a handler cannot be
 installed.
 …
 stack frames have been removed. By the standard API this is marked by setting
 the stack pointer inside the context passed to the stop function. However both
 GCC and Clang add an extra action for this case \codeC{_UA_END_OF_STACK}.
+GCC and Clang add an extra action for this case @_UA_END_OF_STACK@.
 Each time function the stop function is called it can do one or two things.
 When it is not the end of the stack it can return \codeC{_URC_NO_REASON} to
+When it is not the end of the stack it can return @_URC_NO_REASON@ to
 continue unwinding.
 % Is there a reason that NO_REASON is used instead of CONTINUE_UNWIND?
 …
 are provided to do it.
 \section{\CFA Implementation}
+\section{\texorpdfstring{\CFA Implementation}{Cforall Implementation}}
 To use libunwind, \CFA provides several wrappers, its own storage,
 …
 The stop function is very simple. It checks the end of stack flag to see if
 it is finished unwinding. If so, it calls \codeC{exit} to end the process,
+it is finished unwinding. If so, it calls @exit@ to end the process,
 otherwise it returns with no-reason to continue unwinding.
 % Yeah, this is going to have to change.
 …
 location of the instruction pointer and stack layout, which varies with
 compiler and optimization levels. So for frames where there are only
 destructors, GCC's attribute cleanup with the \texttt{-fexception} flag is
+destructors, GCC's attribute cleanup with the @-fexception@ flag is
 sufficient to handle unwinding.
 The only functions that require more than that are those that contain
+\codeCFA{try} statements. A \codeCFA{try} statement has a \codeCFA{try}
 clause, some number of \codeCFA{catch} clauses and \codeCFA{catchResume}
 clauses and may have a \codeCFA{finally} clause. Of these only \codeCFA{try}
 statements with \codeCFA{catch} clauses need to be transformed and only they
 and the \codeCFA{try} clause are involved.
+@try@ statements. A @try@ statement has a @try@
+clause, some number of @catch@ clauses and @catchResume@
+clauses and may have a @finally@ clause. Of these only @try@
+statements with @catch@ clauses need to be transformed and only they
+and the @try@ clause are involved.
 The \codeCFA{try} statement is converted into a series of closures which can
+The @try@ statement is converted into a series of closures which can
 access other parts of the function according to scoping rules but can be
 passed around. The \codeCFA{try} clause is converted into the try functions,
 almost entirely unchanged. The \codeCFA{catch} clauses are converted into two
+passed around. The @try@ clause is converted into the try functions,
+almost entirely unchanged. The @catch@ clauses are converted into two
 functions; the match function and the catch function.
 …
 runs the handler's body.
 These three functions are passed to \codeC{try_terminate}. This is an
+These three functions are passed to @try_terminate@. This is an
 % Maybe I shouldn't quote that, it isn't its actual name.
 internal hand-written function that has its own personality function and
 …
 handler was found in this frame. If it was then the personality function
 installs the handler, which is setting the instruction pointer in
 \codeC{try_terminate} to an otherwise unused section that calls the catch
+@try_terminate@ to an otherwise unused section that calls the catch
 function, passing it the current exception and handler index.
 \codeC{try_terminate} returns as soon as the catch function returns.
+@try_terminate@ returns as soon as the catch function returns.
 At this point control has returned to normal control flow.

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats: