Originally from: https://c3.handmade.network/blog/p/8241-some_c3_advent_of_code
Skejeton has started doing the Advent of Code 2021 challenges in C3.
Have a look at the repo here.
Skejeton has started doing the Advent of Code 2021 challenges in C3.
Have a look at the repo here.
Originally from: https://c3.handmade.network/blog/p/8211-c3_feature_list
I wrapped up the bitstruct code last week, and together with that removed the virtual type. Happily this make the language nearly feature complete for 1.0.
This also means I finally have the means to write a fairly solid "what's different from C" list. It's not written in stone, and some things may change, but since the dev from now on is going to be about fleshing out existing features rather than adding new features, any major new features are unlikely.
So without further ado, here's the list of changes from C:
foo[1..3] = 3). (removes ->)And yes, with some exceptions you can play with these features today.
I wrapped up the bitstruct code last week, and together with that removed the virtual type. Happily this make the language nearly feature complete for 1.0.
This also means I finally have the means to write a fairly solid "what's different from C" list. It's not written in stone, and some things may change, but since the dev from now on is going to be about fleshing out existing features rather than adding new features, any major new features are unlikely.
So without further ado, here's the list of changes from C:
foo[1..3] = 3). (removes ->)And yes, with some exceptions you can play with these features today.
Originally from: https://c3.handmade.network/blog/p/8208-your_users_will_do_what_you_make_easy
Recently was thinking about Java and reflection and how it actually ended up causing the proliferation of "enterprise-y frameworks" written in the language.
Java early on had built-in serialization. It was very generic but could serialize basically anything in the object graph. The output was also very verbose.
This functionality sort of set the bar for what was to come. So when there came more libraries that wanted to serialize and deserialize with Java, then everyone said "oh, yeah this is cool, it's better than what's built in!".
And then someone said "hey, now that we have this easy serialization and deserialization - guess what, we can do it from config files, that way we get more flexibility!" – And people were at this point already accepting that they were serializing and deserializing from some generic format that wasn't really tailored for their code. So what could go wrong with a generic configuration that wasn't tailored for their code?
Next you got the proliferation of configs everywhere, where you have to mess around with config files in Java because no one builds APIs to actually programmatically configure things.
– And this just comes from the easy accessibility of reflection and serialization in early Java.
Contrast this to C, where you don't have all those tools and have to build your config readers by hand. – So you'll again start shopping for libraries, but since there is no vertically integrated stack that does everything from reading your config to assembling your objects, odds are that you'll at least limit yourself to what you need. Heck, you might even build it yourself.
A similar thing occurred with ObjC in the iPhone gold rush. A lot of Java/C++ programmers arrived to the platform, and in Java/C++, OO is usually objects all the way down. – Because hey there's no problem doing that and in fact that's how things are built with OO in those languages: just split things into increasingly finer grained classes and objects.
ObjC was intended to be used in a different way though. ObjC OO is C with an OO layer for interop. You're supposed to write 95+% C with ObjC as the high level "script-like" glue, you don't have to be afraid of C structs or enums.
Also, writing ObjC classes takes more time than doing the same with Java/C++, and again that wasn't a problem because you weren't supposed to use ObjC classes in the same way.
So then all the C++/Java folks showed up and boy did they moan about how hard ObjC was to use... well because they tried to use 5% C and 95% OO. The result was both slow to write and slow to execute. Basically they were trying to write Java in Objective–C.
Now what did Apple do?
It seems that as soon as you create an alternative that is easier than doing it in some other way, people will flock around that alternative, even if it is isn't very good practice in the long run (like the built in Java serialization). And in fact trying to "fix" that to make the wrong choice less problematic is just legitimizing the wrong choice - like Apple did when they made it easier to write Java-style Objective-C.
As a language designer, one often runs into "that's easy to add" sort of features. But it seems to me that one has to be careful to not make things easy people aren't suppose to use.
If I add objects and classes to C3, but say "I only include this for doing things that really works well with OO, like GUI toolkits", then should I really blame people coming form an OO background that they start building everything with objects? If I make it just as easy as building with the preferred procedural style?
I don't really like opinionated languages, but I also realize that one does have some responsibility to make things easy that should be used, and hard if they shouldn't be used (often).
As an example, let's say there are two ways to solve a problem in a language: A and B. If A is the best way (maintainability, fit with the other language mechanisms etc), then it should always be easier to do, even if it that means deliberately making B harder than it needs to be. "Making B easier because it has very low cost for me to implement" is not a neutral act of design, but an implicit endorsement.
The user will look at the programming language and think that what is the easiest thing to do is the best thing to do, and violating that is really letting the users down.
Recently was thinking about Java and reflection and how it actually ended up causing the proliferation of "enterprise-y frameworks" written in the language.
Java early on had built-in serialization. It was very generic but could serialize basically anything in the object graph. The output was also very verbose.
This functionality sort of set the bar for what was to come. So when there came more libraries that wanted to serialize and deserialize with Java, then everyone said "oh, yeah this is cool, it's better than what's built in!".
And then someone said "hey, now that we have this easy serialization and deserialization - guess what, we can do it from config files, that way we get more flexibility!" – And people were at this point already accepting that they were serializing and deserializing from some generic format that wasn't really tailored for their code. So what could go wrong with a generic configuration that wasn't tailored for their code?
Next you got the proliferation of configs everywhere, where you have to mess around with config files in Java because no one builds APIs to actually programmatically configure things.
– And this just comes from the easy accessibility of reflection and serialization in early Java.
Contrast this to C, where you don't have all those tools and have to build your config readers by hand. – So you'll again start shopping for libraries, but since there is no vertically integrated stack that does everything from reading your config to assembling your objects, odds are that you'll at least limit yourself to what you need. Heck, you might even build it yourself.
A similar thing occurred with ObjC in the iPhone gold rush. A lot of Java/C++ programmers arrived to the platform, and in Java/C++, OO is usually objects all the way down. – Because hey there's no problem doing that and in fact that's how things are built with OO in those languages: just split things into increasingly finer grained classes and objects.
ObjC was intended to be used in a different way though. ObjC OO is C with an OO layer for interop. You're supposed to write 95+% C with ObjC as the high level "script-like" glue, you don't have to be afraid of C structs or enums.
Also, writing ObjC classes takes more time than doing the same with Java/C++, and again that wasn't a problem because you weren't supposed to use ObjC classes in the same way.
So then all the C++/Java folks showed up and boy did they moan about how hard ObjC was to use... well because they tried to use 5% C and 95% OO. The result was both slow to write and slow to execute. Basically they were trying to write Java in Objective–C.
Now what did Apple do?
It seems that as soon as you create an alternative that is easier than doing it in some other way, people will flock around that alternative, even if it is isn't very good practice in the long run (like the built in Java serialization). And in fact trying to "fix" that to make the wrong choice less problematic is just legitimizing the wrong choice - like Apple did when they made it easier to write Java-style Objective-C.
As a language designer, one often runs into "that's easy to add" sort of features. But it seems to me that one has to be careful to not make things easy people aren't suppose to use.
If I add objects and classes to C3, but say "I only include this for doing things that really works well with OO, like GUI toolkits", then should I really blame people coming form an OO background that they start building everything with objects? If I make it just as easy as building with the preferred procedural style?
I don't really like opinionated languages, but I also realize that one does have some responsibility to make things easy that should be used, and hard if they shouldn't be used (often).
As an example, let's say there are two ways to solve a problem in a language: A and B. If A is the best way (maintainability, fit with the other language mechanisms etc), then it should always be easier to do, even if it that means deliberately making B harder than it needs to be. "Making B easier because it has very low cost for me to implement" is not a neutral act of design, but an implicit endorsement.
The user will look at the programming language and think that what is the easiest thing to do is the best thing to do, and violating that is really letting the users down.
Originally from: https://c3.handmade.network/blog/p/8168-removing_features%252C_gaining_freedom
I recently removed untyped literals, and that complexity is now leaving me free to actually add code where there's a tangible benefit to it.
It might not be immediately obvious that having untyped literals adds complexity to a language. For C3, with its C-like implicit conversions and untyped macros, it adds more complexity than in languages like Go, where explicit conversions are enforced.
The sheer amount of complexity I had added to just do this surprised even me though. For example, every expression needed to pass down a "target type" just in case the analysis encountered an untyped literal to give a type to. In some cases this was far from trivial, and analysis had to be done in a certain order to prevent unnecessary error situations, where the incorrect order would only be obvious when the expressions where combined in some special way.
As I removed the code I also discovered I could change how the "failables" (error unions) were handled, which further reduced complexity. This in turn allowed me to do simplifications in tracking constant and "pure" expressions.
Lots of code that I had left half unfinished – with special, problematic, cases to solve another day – would after refactoring easily cover all cases and be smaller.
The code now seems so much easier to grasp, and it seems crazy I didn't removed this feature - that at the most saved a little typing here and there - earlier. But the problem was that it was a gentle creep. I did the untyped literals early, so when I added more complex features I didn't have a comparison with how it would look with untyped literals removed.
When I look at the code now, I see something that more easily can accommodate added features and behaviours. The semantic analysis had before by necessity been much more coupled due to type flow going both bottom up and top down.
There's a lesson here – which is that a seemingly simple and "nice to have" feature might by accident end up making a code base more than twice as complex to read and reason about. And that complexity cost takes away the resources the compiler (and the language) has for other features – features that may actually have a cost that is equal to its benefits.
In removing this small feature with little practical benefit, I am now free to actually add a little complexity where it really helps the users.
I recently removed untyped literals, and that complexity is now leaving me free to actually add code where there's a tangible benefit to it.
It might not be immediately obvious that having untyped literals adds complexity to a language. For C3, with its C-like implicit conversions and untyped macros, it adds more complexity than in languages like Go, where explicit conversions are enforced.
The sheer amount of complexity I had added to just do this surprised even me though. For example, every expression needed to pass down a "target type" just in case the analysis encountered an untyped literal to give a type to. In some cases this was far from trivial, and analysis had to be done in a certain order to prevent unnecessary error situations, where the incorrect order would only be obvious when the expressions where combined in some special way.
As I removed the code I also discovered I could change how the "failables" (error unions) were handled, which further reduced complexity. This in turn allowed me to do simplifications in tracking constant and "pure" expressions.
Lots of code that I had left half unfinished – with special, problematic, cases to solve another day – would after refactoring easily cover all cases and be smaller.
The code now seems so much easier to grasp, and it seems crazy I didn't removed this feature - that at the most saved a little typing here and there - earlier. But the problem was that it was a gentle creep. I did the untyped literals early, so when I added more complex features I didn't have a comparison with how it would look with untyped literals removed.
When I look at the code now, I see something that more easily can accommodate added features and behaviours. The semantic analysis had before by necessity been much more coupled due to type flow going both bottom up and top down.
There's a lesson here – which is that a seemingly simple and "nice to have" feature might by accident end up making a code base more than twice as complex to read and reason about. And that complexity cost takes away the resources the compiler (and the language) has for other features – features that may actually have a cost that is equal to its benefits.
In removing this small feature with little practical benefit, I am now free to actually add a little complexity where it really helps the users.
Originally from: https://c3.handmade.network/blog/p/8138-fixing_bugs_in_our_proposal
When we last left off we had our "attempt 3" which seemed like a promising candidate to research. We expected some problems and here are two:
x_u64 = a_i32 + b_u32. As we will see, making the wrong choice here will create overflow bugs.Our "test" here is this expression:
int32_t a = ...;
uint32_t b = ...;
uint64_t c = a + b;
// Peer -> top down:
uint64_t c = (uint64_t)a + (uint64_t)(int32_t)(b)
For some surprising results, set b = 0x80000000U and a = 1 → c = 0xffffffff80000001ULL. Top down → peer gives us our expected c = 0x80000001ULL.
It's very important that the resolution works in this order:
a and b are valid widening safe expressions (see previous article for definition).a and b in isolation, before actually evaluating the binary expression.uint64_t (note that this differs from peer resolution which would preserve the signedness)This gives us uint64_t c = (uint64_t)a + (uint64_t)b which presumably is what we want.
Another thing we need to note though, is that only integer widening + signedness changes happen this way. For example something like ptrdiff_t x = ptr1 - ptr2 shouldn't start making casts on the pointers!
Constants folded are either constants or literals (assume int 32 bit, long 64 bit):
const int FOO = 1;
const int BAR = 2;
int y = ...;
int i = ...;
int j = ...;
long a1 = y + (i + j); // Error, needs explicit cast.
long a2 = y + (FOO + BAR); // Error?
long a3 = y + (1 + 2); // Error?
Just arguing for consistency would seem to require that semantics are the same for variables and constants, and by extension also literals. This might be a little disappointing, but consider if one would expect a to be -1, which would be the case if we would fold constants first:
With late folding the result becomes:
long a = INT_MAX * 2 + 1; // Error, needs explicit cast.
long a2 = INT_MAX * 2; // => 0xfffffffe
long a3 = INT_MAX + 1; // => 0x80000000
Which is probably as good as it gets.
Another case is when the left hand side unsigned. In this case we do not actually perform the top down widening, but instead have a general cast on the result:
So far so good, there is no showstopper here, but this serves as a reminder and example of how easy it is to forget implications.
When we last left off we had our "attempt 3" which seemed like a promising candidate to research. We expected some problems and here are two:
x_u64 = a_i32 + b_u32. As we will see, making the wrong choice here will create overflow bugs.Our "test" here is this expression:
int32_t a = ...;
uint32_t b = ...;
uint64_t c = a + b;
// Peer -> top down:
uint64_t c = (uint64_t)a + (uint64_t)(int32_t)(b)
For some surprising results, set b = 0x80000000U and a = 1 → c = 0xffffffff80000001ULL. Top down → peer gives us our expected c = 0x80000001ULL.
It's very important that the resolution works in this order:
a and b are valid widening safe expressions (see previous article for definition).a and b in isolation, before actually evaluating the binary expression.uint64_t (note that this differs from peer resolution which would preserve the signedness)This gives us uint64_t c = (uint64_t)a + (uint64_t)b which presumably is what we want.
Another thing we need to note though, is that only integer widening + signedness changes happen this way. For example something like ptrdiff_t x = ptr1 - ptr2 shouldn't start making casts on the pointers!
Constants folded are either constants or literals (assume int 32 bit, long 64 bit):
const int FOO = 1;
const int BAR = 2;
int y = ...;
int i = ...;
int j = ...;
long a1 = y + (i + j); // Error, needs explicit cast.
long a2 = y + (FOO + BAR); // Error?
long a3 = y + (1 + 2); // Error?
Just arguing for consistency would seem to require that semantics are the same for variables and constants, and by extension also literals. This might be a little disappointing, but consider if one would expect a to be -1, which would be the case if we would fold constants first:
With late folding the result becomes:
long a = INT_MAX * 2 + 1; // Error, needs explicit cast.
long a2 = INT_MAX * 2; // => 0xfffffffe
long a3 = INT_MAX + 1; // => 0x80000000
Which is probably as good as it gets.
Another case is when the left hand side unsigned. In this case we do not actually perform the top down widening, but instead have a general cast on the result:
So far so good, there is no showstopper here, but this serves as a reminder and example of how easy it is to forget implications.
Originally from: https://c3.handmade.network/blog/p/8134-attempting_new_c3_type_conversion_semantics
As a reminder, in the last article I listed the following strategies:
To begin with, we'll try the "Early fold, late cast" for widening. This is essentially a modification on the peer resolution widening.
Here we first fold all constants, then "peer promote" the types recursively downwards. How this differs from C is illustrated below:
int32_t y = foo();
int64_t x = bar();
double w = x + (y * 2);
// C semantics:
// double w = (double)(x + (int64_t)(y * 2));
// Early fold, late cast:
// double w = (double)(x + ((int64_t)y * (int64_t)2));
So far this looks pretty nice, but unfortunately the "early fold" part has less positive consequences:
int32_t y = foo();
int64_t x = bar();
int32_t max = INT32_MAX;
double w = x + (y + (INT32_MAX + 1));
double w2 = x + (y + (max + 1));
// Early fold, late cast:
// double w = (double)(x + ((int64_t)y + (int64_t)-2147483648));
// double w2 = (double)(x + ((int64_t)y
// + ((int64_t)max + (int64_t)1)));
The good thing about this wart is that it is at least locally observable - as long as it's clear from the source code what will be constant folded.
All in all, while slightly improving the semantics, we can't claim to have solved all the problems with peer resolution while the semantics got more complicated.
This strategy is more theoretical than anything. With this strategy we attempt to first evaluate the maximum type, then re-evaluate everything by casting to this maximum type. It's possible to do this in multiple ways: deep copying the expression, two types of evaluation passes etc.
Our problematic example from attempt 1 works:
int32_t y = foo();
int64_t x = bar();
int32_t max = INT32_MAX;
double w = x + (y + (INT32_MAX + 1));
// => first pass type analysis: int64_t + (int32_t + (int + int))
// => max type in sub expression is int64_t
// => double w = (double)(x + ((int64_t)y
// + ((int64_t)INT_MAX + (int64_t)1)));
However, we somewhat surprisingly get code that are hard to reason about locally even in this case:
// elsewhere int64_t x = ... or int32_t x = ...
int32_t y = foo();
double w = x + (y << 16);
// If x is int64_t:
// double w = (double)(x + ((int64_t)y << 16));
// If x is int32_t
// double w = (double)(x + (y << 16));
Here it's clear that we get different behaviour: in the case of int32_t the bits are shifted out, whereas for int64_t they are retained. There are better (but more complicated) examples to illustrate this, but it is proving that even with "ideal" semantics, we lose locality.
Let's go back to the example we had with Java in the last article:
In this case the first is ok, but the second isn't. The special case takes care of the most common use, but for anything non-trivial an explicit cast is needed.
What if we would say that this is okay:
But this isn't:
int64_t x = foo();
int32_t y = bar();
double w = x + (y + y);
// ^^^^^^^
// Error, can't implicitly promote complex expression
// of type int32_t to int64_t.
Basically we give up widening except for where we don't need to recurse deep into the sub-expressions. Let's try it out:
We look at our first example.
This is an error, but we can do two different things in order to make it work, depending on what behaviour we want:
Yes, this some extra work, but also note that suddenly we have much better control over what the actual types are compared to the "perfect" promotion. Also note that changing the type of x cannot silently change semantics here.
The second example:
int32_t y = foo();
int64_t x = bar();
int32_t max = INT32_MAX;
double w = x + (y + (INT32_MAX + 1)); // Error
Again we get an error, and again there are multiple ways to remove this ambiguity. To promote the internal expression to use int64_t, we just have to nudge it a little bit:
And of course if we want C behaviour, we simply put the cast outside:
Note here how effective the type of the literal is in nudging the semantics in the correct direction!
For narrowing we have multiple options, the simplest is following the Java model, although it could be considered to be unnecessarily conservative.
The current C3 model uses a "original type / active type" model. This makes it hard do any checks, like accepting char c1 = c + 127 but rejecting char c1 = c + 256 on account of 256 overflowing char.
If this type checking system is altered, it should be possible to instead pass a "required max type" downwards. The difference is in practice only if literals that exceed the left-hand side are rejected.
For most other purposes they work, and seem fairly safe as they are a restricted variant of C semantics. There is already an implementation of this in C3 compiler.
The current model in C3 allow free implicit conversions between signed and unsigned types of the same size. However, the result is the signed type rather than the unsigned.
However, naively promoting all types to signed doesn't work well:
ushort c = 2;
uint d = 0x80000000;
uint e = d / 2; // => c0000000 ????
// If it was e = (uint)((int)d / (int)2);
Consequently C3 tries to promote to the signedness of the underlying type:
Given the lack of languages with this sort of promotion, there might very well be serious issues with it, but in such cases we could limit unsigned conversion to the cases where it's fairly safe. For now though, let's keep this behaviour until we have more solid examples of it creating serious issues.
short a = foo + (b / c), in this case the type is short.Wheew! That was a lot and fairly complex. We can sum it up a bit simpler:
+-/%* binary expressions. In the second case the widening is done on the sub expressions rather than the binary expression as a whole.We tried three different semantics for implicit conversions using typed literals. A limited hybrid solution (our attempt 3) doesn't immediately break and consequently warrants some further investigation, but we're extremely far from saying that "this is good". Quite the opposite, we should treat as likely broken in multiple ways, where our task is to find out where.
We've already attempted various solutions, just to find corner cases with fairly awful semantics, even leaving aside implementation issues.
So it should be fairly clear that there are no perfect solutions, but only trade-offs to various degrees. (That said, some solutions are clearly worse than others)
It's also very clear that a healthy skepticism is needed towards one's designs and ideas. What looks excellent and clear today may tomorrow turn out to have fatal flaws. Backtracking and fixing flaws should be part of the design process and I believe it's important to keep an open mind, because as you research you might find that feature X which you thought was really good / really bad, is in fact the opposite.
When doing language design it's probably good to be mentally prepared to be wrong a lot.
(Also see the follow up, where we patch some of the problems!)
As a reminder, in the last article I listed the following strategies:
To begin with, we'll try the "Early fold, late cast" for widening. This is essentially a modification on the peer resolution widening.
Here we first fold all constants, then "peer promote" the types recursively downwards. How this differs from C is illustrated below:
int32_t y = foo();
int64_t x = bar();
double w = x + (y * 2);
// C semantics:
// double w = (double)(x + (int64_t)(y * 2));
// Early fold, late cast:
// double w = (double)(x + ((int64_t)y * (int64_t)2));
So far this looks pretty nice, but unfortunately the "early fold" part has less positive consequences:
int32_t y = foo();
int64_t x = bar();
int32_t max = INT32_MAX;
double w = x + (y + (INT32_MAX + 1));
double w2 = x + (y + (max + 1));
// Early fold, late cast:
// double w = (double)(x + ((int64_t)y + (int64_t)-2147483648));
// double w2 = (double)(x + ((int64_t)y
// + ((int64_t)max + (int64_t)1)));
The good thing about this wart is that it is at least locally observable - as long as it's clear from the source code what will be constant folded.
All in all, while slightly improving the semantics, we can't claim to have solved all the problems with peer resolution while the semantics got more complicated.
This strategy is more theoretical than anything. With this strategy we attempt to first evaluate the maximum type, then re-evaluate everything by casting to this maximum type. It's possible to do this in multiple ways: deep copying the expression, two types of evaluation passes etc.
Our problematic example from attempt 1 works:
int32_t y = foo();
int64_t x = bar();
int32_t max = INT32_MAX;
double w = x + (y + (INT32_MAX + 1));
// => first pass type analysis: int64_t + (int32_t + (int + int))
// => max type in sub expression is int64_t
// => double w = (double)(x + ((int64_t)y
// + ((int64_t)INT_MAX + (int64_t)1)));
However, we somewhat surprisingly get code that are hard to reason about locally even in this case:
// elsewhere int64_t x = ... or int32_t x = ...
int32_t y = foo();
double w = x + (y << 16);
// If x is int64_t:
// double w = (double)(x + ((int64_t)y << 16));
// If x is int32_t
// double w = (double)(x + (y << 16));
Here it's clear that we get different behaviour: in the case of int32_t the bits are shifted out, whereas for int64_t they are retained. There are better (but more complicated) examples to illustrate this, but it is proving that even with "ideal" semantics, we lose locality.
Let's go back to the example we had with Java in the last article:
In this case the first is ok, but the second isn't. The special case takes care of the most common use, but for anything non-trivial an explicit cast is needed.
What if we would say that this is okay:
But this isn't:
int64_t x = foo();
int32_t y = bar();
double w = x + (y + y);
// ^^^^^^^
// Error, can't implicitly promote complex expression
// of type int32_t to int64_t.
Basically we give up widening except for where we don't need to recurse deep into the sub-expressions. Let's try it out:
We look at our first example.
This is an error, but we can do two different things in order to make it work, depending on what behaviour we want:
Yes, this some extra work, but also note that suddenly we have much better control over what the actual types are compared to the "perfect" promotion. Also note that changing the type of x cannot silently change semantics here.
The second example:
int32_t y = foo();
int64_t x = bar();
int32_t max = INT32_MAX;
double w = x + (y + (INT32_MAX + 1)); // Error
Again we get an error, and again there are multiple ways to remove this ambiguity. To promote the internal expression to use int64_t, we just have to nudge it a little bit:
And of course if we want C behaviour, we simply put the cast outside:
Note here how effective the type of the literal is in nudging the semantics in the correct direction!
For narrowing we have multiple options, the simplest is following the Java model, although it could be considered to be unnecessarily conservative.
The current C3 model uses a "original type / active type" model. This makes it hard do any checks, like accepting char c1 = c + 127 but rejecting char c1 = c + 256 on account of 256 overflowing char.
If this type checking system is altered, it should be possible to instead pass a "required max type" downwards. The difference is in practice only if literals that exceed the left-hand side are rejected.
For most other purposes they work, and seem fairly safe as they are a restricted variant of C semantics. There is already an implementation of this in C3 compiler.
The current model in C3 allow free implicit conversions between signed and unsigned types of the same size. However, the result is the signed type rather than the unsigned.
However, naively promoting all types to signed doesn't work well:
ushort c = 2;
uint d = 0x80000000;
uint e = d / 2; // => c0000000 ????
// If it was e = (uint)((int)d / (int)2);
Consequently C3 tries to promote to the signedness of the underlying type:
Given the lack of languages with this sort of promotion, there might very well be serious issues with it, but in such cases we could limit unsigned conversion to the cases where it's fairly safe. For now though, let's keep this behaviour until we have more solid examples of it creating serious issues.
short a = foo + (b / c), in this case the type is short.Wheew! That was a lot and fairly complex. We can sum it up a bit simpler:
+-/%* binary expressions. In the second case the widening is done on the sub expressions rather than the binary expression as a whole.We tried three different semantics for implicit conversions using typed literals. A limited hybrid solution (our attempt 3) doesn't immediately break and consequently warrants some further investigation, but we're extremely far from saying that "this is good". Quite the opposite, we should treat as likely broken in multiple ways, where our task is to find out where.
We've already attempted various solutions, just to find corner cases with fairly awful semantics, even leaving aside implementation issues.
So it should be fairly clear that there are no perfect solutions, but only trade-offs to various degrees. (That said, some solutions are clearly worse than others)
It's also very clear that a healthy skepticism is needed towards one's designs and ideas. What looks excellent and clear today may tomorrow turn out to have fatal flaws. Backtracking and fixing flaws should be part of the design process and I believe it's important to keep an open mind, because as you research you might find that feature X which you thought was really good / really bad, is in fact the opposite.
When doing language design it's probably good to be mentally prepared to be wrong a lot.
(Also see the follow up, where we patch some of the problems!)
Originally from: https://c3.handmade.network/blog/p/8107-how_to_break_a__b__c
When one is deviating from language semantics, one sometimes accidentally break established, well-understood semantics. One of the worst design mistakes I did when working on C3 was to accidentally break associativity for addition.
Here is some code:
// File baz.c
int calculate()
{
Foo foo = { 200, 200, 200 };
assert(fooIt(foo) == foo.b + foo.c + foo.a);
return fooIt(foo);
}
I've written this with pure C syntax, but we're going to imagine deviating from C semantics.
In particular we're going to say:
a + b) are of the same bit width n, the operation will be performed with wrapping semantics. So if we have two variables that are unsigned char and we add them, then the maximum value is 255. Similar with unsigned short will yield a maximum of 65535.In our example above fooIt(foo) will return 600 regardless whether we are using C or this new language with different semantics.
But let's say someone found this code to be memory inefficient. b and c should never be used with values over 255 (for one reason or the other). They alter the file foo.h in the following way, which passes compilation:
You go to work and make changes and discover that suddenly your assert is trapping. You look at calculate and find no changes to that code. Similarly bar.c with fooIt. You find out that fooIt(foo) now returns 344, which makes no sense to you.
Finally the only candidate left is the change to Foo, but the data in Foo is the same and your assert is doing the same calculation as fooIt... or is it?
It turns out that with the non C semantics above, the computer will calculate unsigned int x = a + b + c in the following way:
a + b mod 2^8 => 144144 + c mod 2^16 => 344In your assert on the other hand, we swapped the order:
b + c mod 2^16 => 400400 + a mod 2^16 => 600The new semantic silently broke associativity and the compiler didn't warn us a single bit. This is a spooky action at a distance which you definitely don't want. Neither the writer of Foo, nor of fooIt, nor you could know that this would be a problem, it only breaks when the parts come together.
But "Wait!", you say, "There are many languages allowing this 'smaller than int size adds' addition by default, surely they can't all be broken?" – and you'd be right.
So what is the difference between our semantics and non-broken languages like Rust? If your guess is "implicit widening", then you're right.
And doesn't this seem strange? I mean it's not related to why the associativity breaks, but it's still the culprit. Because what happens if we don't have the widening?
Well fooIt would stop compiling for one:
unsigned int fooIt(Foo *foo)
{
unsigned int x = a + b + c;
// ^^^^^^^^^
// Error: cannot add expression of type unsigned char
// to expression of type unsigned short
return a;
}
And of course it would be known that changing Foo would be a possibly breaking change.
Designing new language semantics isn't trivial. Few consequences are easily recognizable at the beginning. One needs to be ready to drop semantics if they later turn out to have issues one didn't count on, even if they "work in most cases".
When one is deviating from language semantics, one sometimes accidentally break established, well-understood semantics. One of the worst design mistakes I did when working on C3 was to accidentally break associativity for addition.
Here is some code:
// File baz.c
int calculate()
{
Foo foo = { 200, 200, 200 };
assert(fooIt(foo) == foo.b + foo.c + foo.a);
return fooIt(foo);
}
I've written this with pure C syntax, but we're going to imagine deviating from C semantics.
In particular we're going to say:
a + b) are of the same bit width n, the operation will be performed with wrapping semantics. So if we have two variables that are unsigned char and we add them, then the maximum value is 255. Similar with unsigned short will yield a maximum of 65535.In our example above fooIt(foo) will return 600 regardless whether we are using C or this new language with different semantics.
But let's say someone found this code to be memory inefficient. b and c should never be used with values over 255 (for one reason or the other). They alter the file foo.h in the following way, which passes compilation:
You go to work and make changes and discover that suddenly your assert is trapping. You look at calculate and find no changes to that code. Similarly bar.c with fooIt. You find out that fooIt(foo) now returns 344, which makes no sense to you.
Finally the only candidate left is the change to Foo, but the data in Foo is the same and your assert is doing the same calculation as fooIt... or is it?
It turns out that with the non C semantics above, the computer will calculate unsigned int x = a + b + c in the following way:
a + b mod 2^8 => 144144 + c mod 2^16 => 344In your assert on the other hand, we swapped the order:
b + c mod 2^16 => 400400 + a mod 2^16 => 600The new semantic silently broke associativity and the compiler didn't warn us a single bit. This is a spooky action at a distance which you definitely don't want. Neither the writer of Foo, nor of fooIt, nor you could know that this would be a problem, it only breaks when the parts come together.
But "Wait!", you say, "There are many languages allowing this 'smaller than int size adds' addition by default, surely they can't all be broken?" – and you'd be right.
So what is the difference between our semantics and non-broken languages like Rust? If your guess is "implicit widening", then you're right.
And doesn't this seem strange? I mean it's not related to why the associativity breaks, but it's still the culprit. Because what happens if we don't have the widening?
Well fooIt would stop compiling for one:
unsigned int fooIt(Foo *foo)
{
unsigned int x = a + b + c;
// ^^^^^^^^^
// Error: cannot add expression of type unsigned char
// to expression of type unsigned short
return a;
}
And of course it would be known that changing Foo would be a possibly breaking change.
Designing new language semantics isn't trivial. Few consequences are easily recognizable at the beginning. One needs to be ready to drop semantics if they later turn out to have issues one didn't count on, even if they "work in most cases".
Originally from: https://c3.handmade.network/blog/p/8108-promotion_strategies_with_typed_literals
This is continuing the previous article on literals.
C3 is pervasively written to assume untyped literals, so what would the effect be if it changed to typed literals again?
Let's remind us of the rules for C3 with untyped literals:
To exemplify:
short b = ...
char c = ...
// 1. Widening
$typeof(b + c) => int
// $typeof((int)(b) + (int)(c))
// 2. Left hand side widening
long z = b + c;
// => long z = (long)(b) + (long)(c);
// 3. Implicit narrowing.
short w = b + c;
// => short w = (short)((int)(b) + (int)(c))
Let's start with simple assignments, where the lack of implicit narrowing tends to be a problem.
func void foo(short s) { ... }
func void ufoo(ushort us) { ... }
...
short s = 1234; // Allowed??
foo(1234); // Allowed??
ushort us = 65535; // Allowed??
ufoo(65535); // Allowed??
This is certainly something we would like to allow, so some additional rule is needed on top of just the literal types.
We next turn to binary expressions:
This example is subtly different, because looking at the types there is no direct conversion. Keep in mind rule (3) which permits narrowing. It requires us to keep track of both the original and current type. The types are something like this short = (int was short) + (int was int). If we try to unify the binary expression, should the resulting type be "int was short" or "int was int"?
If we had s = s + 65535 we would strictly want "int was int" – which causes a type error, and then preferably "int was short" in the case with 1234. Is this possible?
In short: yes, although it does add special check for merging constants on every binary node. That said it has some very far-reaching consequences.
In Zig, which only has implicit widening, this occurs in binary expressions. So if you had int + short the right-hand side would be promoted to int. For a single binary expression this makes sense, but what if you have this:
If we use the "peer resolution" approach, this would be resolved in this manner: int a = (int)((short)(c + d) + s). But if we reorder the terms, like int a = s + c + d, we get int a = (int)((s + (short)c) + (short)d) (assume additions are done using the resulting bit width of the sub expressions).
This means that in the original ordering we have mod-2^8 addition (or even undefined!) behaviour if the sum of c and d can't fit in a char, but with the first ordering there is no problem. Or in other words: we just lost associativity for addition!
That said, C has the same problem, but only when adding int with expressions which has types larger than int.
This example exhibits the same issue in C:
int32_t i = bar();
int32_t j = bar2();
int64_t k = foo();
int64_t a = i + j + k;
// Evaluated as
// int64_t a = (int64_t)(i + j) + k;
Previous to the 64-bit generation, the int was generally register sized in C, so doing larger-than-register-sized additions were rare and consequently less of a problem.
This prompted me to investigate a different approach for C3, using left side widening. On 64-bits, this would still be default 32-bit widening, but if the assigned typ was 64-bit, all operands would be widened to 64-bits instead, so as if it was written int64_t a = (int64_t)i + (int64_t)j + k. This is achieved by "pushing down" the left-hand type during semantic analysis (see rule 2).
The reason it must be pushed down during the pass, rather than doing it after evaluation, is that the type affects untyped literal evaluation and constant folding. Here is an example:
If we don't push down the type, then we need to use the closest thing, which either b - which has type int32_t - or just the default arithmetic promotion type, which is "int" in C.
// Use `int` to constant fold ~0 and
// cast all to int64_t afterwards.
int64_t a = (int64_t)b + ((int64_t)b + (int64_t)(~(int)0));
// Use `int64_t` on 0 before constant folding:
int64_t a = (int64_t)b + ((int64_t)b + (~(int64_t)0));
We still have problems though, like in this case:
If we the analysis in this order:
1.00~0aa + ~01.0 + (a + ~0)d = 1.0 + (a + ~0)Then here we see that even though we know a to be int64_t we can't use that fact to type 0, because it is analysed after 0. And worse: the a might actually be an arbitrarily complex expression – something that you can't tell until you analysed it!
For that reason, even with untyped values, 0 is forced to default to int, with this result: double d = 1.0 + (double)((int64_t)~(int)0 + a)
Another example is shown below.
int64_t x = 0x7FFF_FFFF * 4;
int64_t y = x - 0x7FFF_FFFF * 2;
// y = 4294967294
double d = x - 0x7FFF_FFFF * 2;
// d = 8589934590.0
Here due to no widening hint from a "double", the two expressions behave in a completely different manner.
Ideally we would like semantics that eliminate unnecessary casts, and requires casts where cast semantics are intended. Since the compiler can't read our mind, we will need to at least sacrifice a little of one of those goals. In C, elimination of unnecessary casts are prioritized, although these days with the common set of warnings it is somewhat less true.
In addition to this, we would also like to make sure arithmetics happens with the bit width the user intended, and that code should be can be interpreted locally without having to know the details of variables defined far away – this is particularly important if the compiler does not detect mismatches.
Even more important is a simple programmer mental model for semantics: easy to understand semantics that are less convenient trumps convenient but complex semantics.
In order to get started, let's list a bunch of possible strategies for widening and narrowing semantics.
We should also note that there is no need to limit ourselves to a single strategy. For example, in Java char c = 1 + 1; is valid, but this isn't:
Here the simple literal assignment is considered a special case where implicit conversion is allowed. In other words, we're seeing a combination of strategies.
C in general works well, except for the unsafe narrowings – until we reach "larger than int" sizes. In this case we get peer resolution widening, which produces bad results for sub expressions:
In general working with a combination of int and larger-than-int types work poorly with C.
This is using the current C3 idea of using the left side type to increase the type implicitly widened to. Our C example works:
As previously mentioned, this breaks down when there is no left side type, which then defaults to C peer resolution widening.
In the next article I will walk through various new ideas for promotion semantics with analysis.
This is continuing the previous article on literals.
C3 is pervasively written to assume untyped literals, so what would the effect be if it changed to typed literals again?
Let's remind us of the rules for C3 with untyped literals:
To exemplify:
short b = ...
char c = ...
// 1. Widening
$typeof(b + c) => int
// $typeof((int)(b) + (int)(c))
// 2. Left hand side widening
long z = b + c;
// => long z = (long)(b) + (long)(c);
// 3. Implicit narrowing.
short w = b + c;
// => short w = (short)((int)(b) + (int)(c))
Let's start with simple assignments, where the lack of implicit narrowing tends to be a problem.
func void foo(short s) { ... }
func void ufoo(ushort us) { ... }
...
short s = 1234; // Allowed??
foo(1234); // Allowed??
ushort us = 65535; // Allowed??
ufoo(65535); // Allowed??
This is certainly something we would like to allow, so some additional rule is needed on top of just the literal types.
We next turn to binary expressions:
This example is subtly different, because looking at the types there is no direct conversion. Keep in mind rule (3) which permits narrowing. It requires us to keep track of both the original and current type. The types are something like this short = (int was short) + (int was int). If we try to unify the binary expression, should the resulting type be "int was short" or "int was int"?
If we had s = s + 65535 we would strictly want "int was int" – which causes a type error, and then preferably "int was short" in the case with 1234. Is this possible?
In short: yes, although it does add special check for merging constants on every binary node. That said it has some very far-reaching consequences.
In Zig, which only has implicit widening, this occurs in binary expressions. So if you had int + short the right-hand side would be promoted to int. For a single binary expression this makes sense, but what if you have this:
If we use the "peer resolution" approach, this would be resolved in this manner: int a = (int)((short)(c + d) + s). But if we reorder the terms, like int a = s + c + d, we get int a = (int)((s + (short)c) + (short)d) (assume additions are done using the resulting bit width of the sub expressions).
This means that in the original ordering we have mod-2^8 addition (or even undefined!) behaviour if the sum of c and d can't fit in a char, but with the first ordering there is no problem. Or in other words: we just lost associativity for addition!
That said, C has the same problem, but only when adding int with expressions which has types larger than int.
This example exhibits the same issue in C:
int32_t i = bar();
int32_t j = bar2();
int64_t k = foo();
int64_t a = i + j + k;
// Evaluated as
// int64_t a = (int64_t)(i + j) + k;
Previous to the 64-bit generation, the int was generally register sized in C, so doing larger-than-register-sized additions were rare and consequently less of a problem.
This prompted me to investigate a different approach for C3, using left side widening. On 64-bits, this would still be default 32-bit widening, but if the assigned typ was 64-bit, all operands would be widened to 64-bits instead, so as if it was written int64_t a = (int64_t)i + (int64_t)j + k. This is achieved by "pushing down" the left-hand type during semantic analysis (see rule 2).
The reason it must be pushed down during the pass, rather than doing it after evaluation, is that the type affects untyped literal evaluation and constant folding. Here is an example:
If we don't push down the type, then we need to use the closest thing, which either b - which has type int32_t - or just the default arithmetic promotion type, which is "int" in C.
// Use `int` to constant fold ~0 and
// cast all to int64_t afterwards.
int64_t a = (int64_t)b + ((int64_t)b + (int64_t)(~(int)0));
// Use `int64_t` on 0 before constant folding:
int64_t a = (int64_t)b + ((int64_t)b + (~(int64_t)0));
We still have problems though, like in this case:
If we the analysis in this order:
1.00~0aa + ~01.0 + (a + ~0)d = 1.0 + (a + ~0)Then here we see that even though we know a to be int64_t we can't use that fact to type 0, because it is analysed after 0. And worse: the a might actually be an arbitrarily complex expression – something that you can't tell until you analysed it!
For that reason, even with untyped values, 0 is forced to default to int, with this result: double d = 1.0 + (double)((int64_t)~(int)0 + a)
Another example is shown below.
int64_t x = 0x7FFF_FFFF * 4;
int64_t y = x - 0x7FFF_FFFF * 2;
// y = 4294967294
double d = x - 0x7FFF_FFFF * 2;
// d = 8589934590.0
Here due to no widening hint from a "double", the two expressions behave in a completely different manner.
Ideally we would like semantics that eliminate unnecessary casts, and requires casts where cast semantics are intended. Since the compiler can't read our mind, we will need to at least sacrifice a little of one of those goals. In C, elimination of unnecessary casts are prioritized, although these days with the common set of warnings it is somewhat less true.
In addition to this, we would also like to make sure arithmetics happens with the bit width the user intended, and that code should be can be interpreted locally without having to know the details of variables defined far away – this is particularly important if the compiler does not detect mismatches.
Even more important is a simple programmer mental model for semantics: easy to understand semantics that are less convenient trumps convenient but complex semantics.
In order to get started, let's list a bunch of possible strategies for widening and narrowing semantics.
We should also note that there is no need to limit ourselves to a single strategy. For example, in Java char c = 1 + 1; is valid, but this isn't:
Here the simple literal assignment is considered a special case where implicit conversion is allowed. In other words, we're seeing a combination of strategies.
C in general works well, except for the unsafe narrowings – until we reach "larger than int" sizes. In this case we get peer resolution widening, which produces bad results for sub expressions:
In general working with a combination of int and larger-than-int types work poorly with C.
This is using the current C3 idea of using the left side type to increase the type implicitly widened to. Our C example works:
As previously mentioned, this breaks down when there is no left side type, which then defaults to C peer resolution widening.
In the next article I will walk through various new ideas for promotion semantics with analysis.
Originally from: https://c3.handmade.network/blog/p/8100-the_problem_with_untyped_literals
From Go to Swift, the idea of untyped literals – in particular numbers – have been popularized. This means that a number like 123 or 283718237218731239821738 doesn't have a type until it needs to fit into a variable or an expression, and at that time it's converted into the type needed.
Usually (but not always), this also allows the expression to hold numbers that exceed the type limit as long as it can be folded into the valid range. So 100000000000000 * 123 / 100000000000000 would be a valid 32-bit integer, even though some sub expressions would not fit, since the constant folded result is 123.
This is not merely to avoid adding type suffixes (as an example, in C or C++ we would need to explicitly add L or LL to represent 5000000000 since it would not fit in the default type, which (today) usually is a 32 bit int) – but it's also to avoid casts.
Go, Swift and Rust all have versions of untyped literals, and they're (not coincidentally) also always requiring casts between differently sized integer types. What this means is that in normal cases, something like short_var1 = short_var2 + 30 would otherwise require a cast to change 30 in our case to a short type rather than the default int. If C required casts for literals everywhere, this is what it would look like(!):
So to summarize: untyped literals help to reduce the need for casts, while also freeing the user from thinking too much about the exact type of the literals.
While this works well for the most part, there is an issue when no type can be inferred from the surroundings. A simple example is this:
This looks a bit contrived, but there are actual cases where something like this arises. In the example there is no type to guide what runtime type 1 and 2 should have, and yet it needs to be an actual runtime type as this expression must be resolved at runtime.
So what do we do? There are three possibilities:
Each of those have advantages and disadvantages that pop up in different situations. It's worth pointing out that both Go and Swift picks variants of (2).
An important reason why Go has untyped literals is because it's lacking implicit type conversions. But having untyped literals looks like a good improvement on status quo, which is likely why it was picked up by Zig. I likewise found this an interesting solution for C3 and implemented it.
Unfortunately it turns out there are additional problems when having implicit type conversions. Here is an example:
In the above example there are a lot of options. Let's start with how this was initially (naively) implemented in C3:
Regardless whether we have wrapping arithmetics or traps, this - which Zig terms "peer resolution" - is probably not what we want.
Let's remind us that in C we get:
This illustrates the limitations in trying to infer type by looking at the other operand in a binary expression, the actual behaviour is likely not what you want.
Because Go or Rust would require explicit casts for such an expression, the obfuscation that occurs with implicit widening just don't apply. Trying to add a to the term to the right would be an error, and assigning the result of that to d would be an error as well.
This worrying behaviour with implicit conversions made me switch C3 to a very C-ish solution: the compiler would promote all operands to either int or the type of the left side assigned variable / parameter if that was wider.
int d = a + 2 * (c + 3); // As if =>
// int d = (int)a + ((int)2) * ((int)c + (int)3));
long f = a + 2 * (c + 3); // As if =>
// long f = (long)a + ((long)2) * ((long)c + (long)3));
This simplified the semantics for the user and it's not overly hard to understand which seemed to make it a somewhat acceptable tradeoff.
Unfortunately there are more places where untyped literals creates worries: Let's say you're writing a macro. The macro should take a value and store it into a temporary variable:
When we use this with a variable, everything's fine, but it breaks when we (quite reasonably) try to use it with a literal.
This is probably not what we wanted. Using numbers as arguments to macros is a common usecase and must work.
Our three "solutions" to this yield different semantics:
With (1) - making it an error, we basically need to have a cast every time. Writing @foo((int)(3)) is not particularly impressive and makes the language feel rather uncooked.
With (2) - using a default type, everything works as long as the untyped literal is small enough to fit the default type. But if it exceeds it then explicit casts are needed. Depending on the macro this may be common or rare. This is better than (1), but still not perfect.
(3) - picking a type depending on size seems to allow the greatest flexibility, here we could pick an int as default and long if it doesn't fit the int. This is actually also its weakness: should something that fit in an ulong use a signed 128 bit int, or should the value switch to unsigned? If the latter, should the progression be int → uint → long → ulong? If so then behaviour may change as the value goes from unsigned to signed and this quite hidden from the reader. And what if unsigned is what we expect but suddenly we get a signed by mistake? And if it just picks signed values, then for every time we need unsigned we need to make a cast?
For languages without implicit conversion, picking (2) will often go a long way: the default type will, if unexpected, cause compile time errors, which makes it fairly easy to spot.
Running into these kinds of problems at least make me stop and reconsider my decisions: are untyped literals really a good idea?
I think that judging from the above, the drawbacks are significantly bigger for languages with implicit casts like Zig or C3. Once macros/generic functions are added to the mix this further complicates matters.
If we look at Go, then without generics it has neither of these problems. Therefore it seems to be a fairly clear win, especially since Go can leverage the typeless literals to remove casts.
In C3 on the other hand, the only gain is really to allow bigint compile time folding and avoiding literal suffixes. Other than that it is mostly complicating the language.
That seems to indicate that C3 might benefit from more traditional, typed, literals.
So in the next blog article I plan to look at what issues would arise from actually adding typed literals (there might be surprises!), and if they'd really solve any meaningful problems for C3.
From Go to Swift, the idea of untyped literals – in particular numbers – have been popularized. This means that a number like 123 or 283718237218731239821738 doesn't have a type until it needs to fit into a variable or an expression, and at that time it's converted into the type needed.
Usually (but not always), this also allows the expression to hold numbers that exceed the type limit as long as it can be folded into the valid range. So 100000000000000 * 123 / 100000000000000 would be a valid 32-bit integer, even though some sub expressions would not fit, since the constant folded result is 123.
This is not merely to avoid adding type suffixes (as an example, in C or C++ we would need to explicitly add L or LL to represent 5000000000 since it would not fit in the default type, which (today) usually is a 32 bit int) – but it's also to avoid casts.
Go, Swift and Rust all have versions of untyped literals, and they're (not coincidentally) also always requiring casts between differently sized integer types. What this means is that in normal cases, something like short_var1 = short_var2 + 30 would otherwise require a cast to change 30 in our case to a short type rather than the default int. If C required casts for literals everywhere, this is what it would look like(!):
So to summarize: untyped literals help to reduce the need for casts, while also freeing the user from thinking too much about the exact type of the literals.
While this works well for the most part, there is an issue when no type can be inferred from the surroundings. A simple example is this:
This looks a bit contrived, but there are actual cases where something like this arises. In the example there is no type to guide what runtime type 1 and 2 should have, and yet it needs to be an actual runtime type as this expression must be resolved at runtime.
So what do we do? There are three possibilities:
Each of those have advantages and disadvantages that pop up in different situations. It's worth pointing out that both Go and Swift picks variants of (2).
An important reason why Go has untyped literals is because it's lacking implicit type conversions. But having untyped literals looks like a good improvement on status quo, which is likely why it was picked up by Zig. I likewise found this an interesting solution for C3 and implemented it.
Unfortunately it turns out there are additional problems when having implicit type conversions. Here is an example:
In the above example there are a lot of options. Let's start with how this was initially (naively) implemented in C3:
Regardless whether we have wrapping arithmetics or traps, this - which Zig terms "peer resolution" - is probably not what we want.
Let's remind us that in C we get:
This illustrates the limitations in trying to infer type by looking at the other operand in a binary expression, the actual behaviour is likely not what you want.
Because Go or Rust would require explicit casts for such an expression, the obfuscation that occurs with implicit widening just don't apply. Trying to add a to the term to the right would be an error, and assigning the result of that to d would be an error as well.
This worrying behaviour with implicit conversions made me switch C3 to a very C-ish solution: the compiler would promote all operands to either int or the type of the left side assigned variable / parameter if that was wider.
int d = a + 2 * (c + 3); // As if =>
// int d = (int)a + ((int)2) * ((int)c + (int)3));
long f = a + 2 * (c + 3); // As if =>
// long f = (long)a + ((long)2) * ((long)c + (long)3));
This simplified the semantics for the user and it's not overly hard to understand which seemed to make it a somewhat acceptable tradeoff.
Unfortunately there are more places where untyped literals creates worries: Let's say you're writing a macro. The macro should take a value and store it into a temporary variable:
When we use this with a variable, everything's fine, but it breaks when we (quite reasonably) try to use it with a literal.
This is probably not what we wanted. Using numbers as arguments to macros is a common usecase and must work.
Our three "solutions" to this yield different semantics:
With (1) - making it an error, we basically need to have a cast every time. Writing @foo((int)(3)) is not particularly impressive and makes the language feel rather uncooked.
With (2) - using a default type, everything works as long as the untyped literal is small enough to fit the default type. But if it exceeds it then explicit casts are needed. Depending on the macro this may be common or rare. This is better than (1), but still not perfect.
(3) - picking a type depending on size seems to allow the greatest flexibility, here we could pick an int as default and long if it doesn't fit the int. This is actually also its weakness: should something that fit in an ulong use a signed 128 bit int, or should the value switch to unsigned? If the latter, should the progression be int → uint → long → ulong? If so then behaviour may change as the value goes from unsigned to signed and this quite hidden from the reader. And what if unsigned is what we expect but suddenly we get a signed by mistake? And if it just picks signed values, then for every time we need unsigned we need to make a cast?
For languages without implicit conversion, picking (2) will often go a long way: the default type will, if unexpected, cause compile time errors, which makes it fairly easy to spot.
Running into these kinds of problems at least make me stop and reconsider my decisions: are untyped literals really a good idea?
I think that judging from the above, the drawbacks are significantly bigger for languages with implicit casts like Zig or C3. Once macros/generic functions are added to the mix this further complicates matters.
If we look at Go, then without generics it has neither of these problems. Therefore it seems to be a fairly clear win, especially since Go can leverage the typeless literals to remove casts.
In C3 on the other hand, the only gain is really to allow bigint compile time folding and avoiding literal suffixes. Other than that it is mostly complicating the language.
That seems to indicate that C3 might benefit from more traditional, typed, literals.
So in the next blog article I plan to look at what issues would arise from actually adding typed literals (there might be surprises!), and if they'd really solve any meaningful problems for C3.
Originally from: https://c3.handmade.network/blog/p/7908-c3__block_comments_and_mega_comments.
For C3 I wanted to address the problem of commenting out code using block comments.
In a good overview, Dennie Van Tassel outlined four different types of comments:
We can ignore the full line comments, they're completely covered by end-of-line comments, and C3 already has those and /* ... */ block comments.
However, the mega comments poses a problem. In C3 the analogue to #if 0 ... #endif is $if 0 ... $endif, but it would require the code inside to parse.
Since a typical case for using mega comments would actually be to copy a slab of C code inside of comments and then convert it piecemeal $if 0 doesn't work.
What about making /* ... */ nesting?
In an article from 2017 titled Block Comments are a Bad Idea Troels Henriksen argues that adding nesting to block comments does not really solve the problem and shows the following example from Haskell which uses {- ... -} for nested comments:
In the above example the {- inside of the string inadvertently opens a new nested comment. He rejects the idea that the lexer (or even worse, *the parser*) should track strings inside of comments. Instead Henriksen argues for either using #if 0 or // on every line. While the latter is exactly what Zig picked, it relies too much on the text editor for my taste.
Looking at D, it introduces a new nested comment /+ ... +/. It acts just like /* ... */ except it is nested. Initially this was what I picked for C3.
However it has drawbacks:
There's another point as well: #if 0 ... #endif can never have the s = "/*" issue by virtue of always starting and ending on its own line.
Doing some research I tried to determine if there was some "obvious" syntax that could convey the #if 0 ... #endif behaviour. I had a lot of examples (that I hated), like /--- ... ---/ /--> ... /<--- and even ideas of a heredoc style comment like /$FOO ... /$$FOO.
Ultimately I decided to pick /# ... #/ for these block comments, which acted like nested comments but were required to be on a new line which bypasses this problem:
But it turns out that this has issues of its own. What if you by accident write something like:
or
You need a good heuristic to figure out a nice error message for these. For example you could either always decide that /#foo is /# + foo or maybe it's only like that if the /# starts a line, otherwise it's interpreted as / + #foo (which can be valid C3).
But after playing around with this for a while, I had to say that the value from this seemed much less than I had hoped. Yes, it's distinct, but it has most of the problems with /+ ... +/ in terms of lack of familiarity. And if I'm honest with myself, I'm personally still mostly using /* ... */ over #if 0 ... #endif where I can.
So we've come full circle: nesting /* */ to distinct nesting block comments, to #if 0 ... #endif and now back to perhaps nesting /* ... */?
For now at least, C3 will add nesting to /* ... */ and remove /+ ... +/. This is an imperfect solution, but possibly also a reasonable trade off to keep the language familiar with features that pull their weight.
For C3 I wanted to address the problem of commenting out code using block comments.
In a good overview, Dennie Van Tassel outlined four different types of comments:
We can ignore the full line comments, they're completely covered by end-of-line comments, and C3 already has those and /* ... */ block comments.
However, the mega comments poses a problem. In C3 the analogue to #if 0 ... #endif is $if 0 ... $endif, but it would require the code inside to parse.
Since a typical case for using mega comments would actually be to copy a slab of C code inside of comments and then convert it piecemeal $if 0 doesn't work.
What about making /* ... */ nesting?
In an article from 2017 titled Block Comments are a Bad Idea Troels Henriksen argues that adding nesting to block comments does not really solve the problem and shows the following example from Haskell which uses {- ... -} for nested comments:
In the above example the {- inside of the string inadvertently opens a new nested comment. He rejects the idea that the lexer (or even worse, *the parser*) should track strings inside of comments. Instead Henriksen argues for either using #if 0 or // on every line. While the latter is exactly what Zig picked, it relies too much on the text editor for my taste.
Looking at D, it introduces a new nested comment /+ ... +/. It acts just like /* ... */ except it is nested. Initially this was what I picked for C3.
However it has drawbacks:
There's another point as well: #if 0 ... #endif can never have the s = "/*" issue by virtue of always starting and ending on its own line.
Doing some research I tried to determine if there was some "obvious" syntax that could convey the #if 0 ... #endif behaviour. I had a lot of examples (that I hated), like /--- ... ---/ /--> ... /<--- and even ideas of a heredoc style comment like /$FOO ... /$$FOO.
Ultimately I decided to pick /# ... #/ for these block comments, which acted like nested comments but were required to be on a new line which bypasses this problem:
But it turns out that this has issues of its own. What if you by accident write something like:
or
You need a good heuristic to figure out a nice error message for these. For example you could either always decide that /#foo is /# + foo or maybe it's only like that if the /# starts a line, otherwise it's interpreted as / + #foo (which can be valid C3).
But after playing around with this for a while, I had to say that the value from this seemed much less than I had hoped. Yes, it's distinct, but it has most of the problems with /+ ... +/ in terms of lack of familiarity. And if I'm honest with myself, I'm personally still mostly using /* ... */ over #if 0 ... #endif where I can.
So we've come full circle: nesting /* */ to distinct nesting block comments, to #if 0 ... #endif and now back to perhaps nesting /* ... */?
For now at least, C3 will add nesting to /* ... */ and remove /+ ... +/. This is an imperfect solution, but possibly also a reasonable trade off to keep the language familiar with features that pull their weight.