[PPT] - Systems Programming & Beyond using C++ and D Three Unlikely PowerPoint Presentation

SLIDE 1

c

2012– Andrei Alexandrescu.

1 / 42

Systems Programming & Beyond using C++ and D Three Unlikely Successful Features of D

Andrei Alexandrescu

andrei@erdani.com

Prepared for LASER Summer School 2012

SLIDE 2

1. The scope Statement:

Casual Correct Code

c

2012– Andrei Alexandrescu.

2 / 42

SLIDE 3

c

2012– Andrei Alexandrescu.

3 / 42

action

SLIDE 4

c

2012– Andrei Alexandrescu.

3 / 42

action cleanup

SLIDE 5

c

2012– Andrei Alexandrescu.

3 / 42

action cleanup next

SLIDE 6

c

2012– Andrei Alexandrescu.

3 / 42

action cleanup next rollback

SLIDE 7

C

c

2012– Andrei Alexandrescu.

4 / 42

if (action) { if (!next) { rollback } cleanup }

SLIDE 8

C++

c

2012– Andrei Alexandrescu.

5 / 42

class RAII { RAII() { action } ~RAII() { cleanup } }; ... RAII raii; try { next } catch (...) { rollback throw; }

SLIDE 9

Java, C#

c

2012– Andrei Alexandrescu.

6 / 42

action try { next } catch (Exception e) { rollback throw e; } finally { cleanup }

SLIDE 10

Go

c

2012– Andrei Alexandrescu.

7 / 42

result, error := action if error != nil { defer cleanup if !next rollback }

SLIDE 11

Composition

SLIDE 12

C

c

2012– Andrei Alexandrescu.

9 / 42

if (action1) { if (action2) { if (!next2) { rollback2 rollback1 } cleanup2 } else { rollback1 } cleanup1 }

SLIDE 13

C++

c

2012– Andrei Alexandrescu.

10 / 42

class RAII1 { RAII1() { action1 } ~RAII1() { cleanup1 } }; class RAII2 { RAII2() { action2 } ~RAII2() { cleanup2 } }; ...

SLIDE 14

C++

c

2012– Andrei Alexandrescu.

11 / 42

RAII1 raii1; try { RAII2 raii2; try { next2 } catch (...) { rollback2 throw; } } catch (...) { rollback1 throw; }

SLIDE 15

Java, C#

c

2012– Andrei Alexandrescu.

12 / 42

action1 try { action2 try { next2 } catch (Exception e) { rollback2 throw e; } finally { cleanup2 } } catch (Exception e) { rollback1 throw e; } finally { cleanup1 }

SLIDE 16

Go

c

2012– Andrei Alexandrescu.

13 / 42

result1, error := action1 if error != nil { defer cleanup1 result2, error := action2 if error != nil { defer cleanup2 if !next2 rollback2 } else { rollback2 } }

SLIDE 17

c

2012– Andrei Alexandrescu.

14 / 42

Dislocation + Nesting = Fail

SLIDE 18

c

2012– Andrei Alexandrescu.

15 / 42

“Programs must be written for people to read, and only incidentally for machines to execute.” – Abelson/Sussman, SICP

SLIDE 19

c

2012– Andrei Alexandrescu.

16 / 42

“Error handling is about maintaining program invariants, and only incidentally about dealing with the error itself.” – I. Meade Etop

SLIDE 20

Enter D

c

2012– Andrei Alexandrescu.

17 / 42

action scope(failure) rollback scope(exit) cleanup

SLIDE 21

But wait, there’s more (of the same)

c

2012– Andrei Alexandrescu.

18 / 42

action1 scope(failure) rollback1 scope(exit) cleanup1 action2 scope(failure) rollback2 scope(exit) cleanup2

SLIDE 22

Three’s a charm

c

2012– Andrei Alexandrescu.

19 / 42

action1 scope(failure) rollback1 scope(exit) cleanup1 action2 scope(failure) rollback2 scope(exit) cleanup2 action3 scope(failure) rollback3 scope(exit) cleanup3 ... moar please ...

SLIDE 23

Transactional File Copy

c

2012– Andrei Alexandrescu.

20 / 42

import std.exception, std.file, std.stdio; void main(string[] args) { enforce(args.length == 3, "Usage: ..."); scope(success) rename(args[2] ~ ".tmp", args[2]); auto src = File(args[1]), tgt = File(args[2] ~ ".tmp", "w"); scope(failure) remove(args[2] ~ ".tmp"); foreach (chunk; src.byChunk(1024 * 64)) { tgt.rawWrite(chunk); } }

SLIDE 24

c

2012– Andrei Alexandrescu.

21 / 42

2-5x improvement on relevant metrics

SLIDE 25

c

2012– Andrei Alexandrescu.

22 / 42

. . . on code you write

SLIDE 26

c

2012– Andrei Alexandrescu.

23 / 42

Straight line + Implicit flow = Win

SLIDE 27

2. Built-in Arrays

c

2012– Andrei Alexandrescu.

24 / 42

SLIDE 28

c

2012– Andrei Alexandrescu.

25 / 42

Systems-Level Language

SLIDE 29

c

2012– Andrei Alexandrescu.

26 / 42

Pointers?

SLIDE 30

c

2012– Andrei Alexandrescu.

27 / 42

Unsafe iteration Unsafe arithmetic Efficient

SLIDE 31

D array = pointer + length

c

2012– Andrei Alexandrescu.

28 / 42

a

1 5 2 3 6

· · · · · ·

b

SLIDE 32

c

2012– Andrei Alexandrescu.

29 / 42

Safe iteration Safe indexing Efficient Enabling

SLIDE 33

Cheap, type-preserving slicing

c

2012– Andrei Alexandrescu.

30 / 42

b = b[1 .. $ - 1]; a

1 5 2 3 6

· · · · · ·

b

SLIDE 34

Convenient

c

2012– Andrei Alexandrescu.

31 / 42

bool palindrome(T)(T[] a) { for (; a.length > 1; a = a[1 .. $ - 1]) { if (a[0] != a[$ - 1]) return false; } return true; }

SLIDE 35

Value Range Propagation

c

2012– Andrei Alexandrescu.

32 / 42

SLIDE 36

Integral types

c

2012– Andrei Alexandrescu.

33 / 42

The usual menagerie: 8, 16, 32, 64 signed and

unsigned integrals

32, 64 and sometimes 80-bit floating point types
The C operator paraphernalia
Defined the same way in all implementations
C code: either compiles and runs with same

results, or doesn’t compile

SLIDE 37

Conversions

c

2012– Andrei Alexandrescu.

34 / 42

Many type widths beget conversion problems

short a; byte b; uint c; auto d = a * b + c; // what’s the type of d?

auto increases the cost of complicated rules
Each language tried to work it out its own set of rules

SLIDE 38

C Rules

c

2012– Andrei Alexandrescu.

35 / 42

Default result of operators is int
Unless a long is involved
Unless an unsigned is within a mile radius
Unless the unsigned is shorter than the result type

computed as above

Bottom line: everything is (u)int or (u)long
Trust the programmer ⇒ long to char is implicit!

SLIDE 39

High Level/Scripting Languages

c

2012– Andrei Alexandrescu.

36 / 42

Generally use unbounded-length integrals
Devise representation based on actual magnitude
That path can’t be taken by a systems language
However, D has a heavily optimized library type

BigInt

SLIDE 40

Java, C#

c

2012– Andrei Alexandrescu.

37 / 42

Start from C’s rules
Play it Safe ⇒ No narrowing conversions allowed

// This is not D code byte a, b, c; a = (byte) (a | b & c); b = (byte) (b | 1);

Net result: casts galore

SLIDE 41

Value Range Propagation (VRP)

c

2012– Andrei Alexandrescu.

38 / 42

During an expression, maintain the min/max values of

intermediate results

For compile-time constants: min_c = max_c = c
For variables: the representable limits

byte a, b, c; a = a | b & c; // range -128..127 b = b | 1; // range 0..1

No casts needed
Yet typeof(b | 1) is int!

SLIDE 42

VRP Never Truncates

c

2012– Andrei Alexandrescu.

39 / 42

D allows implicit narrowing if and only if the range fits

within the target type

byte a, b, c; a = a | b + c; // error b = c * 2; // error

SLIDE 43

VRP Is Imperfect

c

2012– Andrei Alexandrescu.

40 / 42

No “memory” beyond one statement

byte a, b, c; a = 1; b = c | a; // error

However, it practically works surprisingly well
Can be improved to work across statements
Can be improved to account for control flow
Extra compilation costs (time, memory) must be

justifiable

SLIDE 44

Summary

c

2012– Andrei Alexandrescu.

41 / 42

SLIDE 45

Summary

c

2012– Andrei Alexandrescu.

42 / 42

1. The scope statement

SLIDE 46

Summary

c

2012– Andrei Alexandrescu.

42 / 42

1. The scope statement
2. Built-in arrays

SLIDE 47

Summary

c

2012– Andrei Alexandrescu.

42 / 42

1. The scope statement
2. Built-in arrays
3. Value range propagation