Chapter 1. IntroductionThis manual describes the Cedar language. It is organized into three major parts:Chapter 2: A description of a much simpler kernel language, in terms of which the currentCedar language is explained. This description includes a precise definition (¶ 2.2), and a lessformal explanation of the ideas of the kernel and the restrictions imposed by current Cedar(¶¶ 2.3-2.9). ¶ 2.1 contains an overview or glossary, in which the major technical terms usedin the kernel are briefly defined.Chapter 3: The syntax and semantics of the current Cedar language. The semantics is givenprecisely by a desugaring into the kernel. It is also given more informally by English text.This chapter also contains a number of examples to illustrate the syntax.Chapter 4: The primitive types and procedures of Cedar. For each one, its type is given aswell as an English definition of its meaning. This chapter is organized according to the classhierarchy of the primitive types (¶ 4.1).In addition, there is a one-page grammar, and a two-page language summary which includes thegrammar, the desugaring, and the examples from Chapter 3,  The document you are reading is a draft. Most of Chapter 2 is missing, and a numberof other sections are incomplete.Error reports and comments on the presentation are most welcome.����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î!äï_•pô�jî·ï\jqô�€ðMî­ïZô�Žð$rqô�î­ïXŽô�†ðZî­ïW
ô�‰ô�ŠðFî­ïU†ô�”ô�•ðNî­ïTô�€î­ïQªô�ˆð1ô�‰ð!î­ïP&ô�r	qô�žð:î­ïN¢ô�€ðEî­ïLJô�ð&ô�ð-î­ïJÆô�ƒðTô�„�rî­ïIBqô�€î·ïFô�®ðGô�¯î·ïD“ô�€ð3î·ïA!sô�”ô�•ð?î·ï?Vô�€î·ï;äð@�������&��������TVk(�Ž������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR LANGUAGE REFERENCE MANUAL: INTRODUCTIONDRAFT OF JULY 20, 19822Table of ContentsChapter 1. IntroductionChapter 2. The kernel language2.1Overview2.1.1Doing computations2.1.2The type system2.1.3Writing programs2.1.4Conveniences2.1.5Miscellaneous2.2Kernel definition2.2.1The core2.2.1.1Application2.2.1.2Lambda and environments2.2.1.3Groups2.2.1.4Bindings2.2.1.5Declarations2.2.1.6Types and type-checking2.2.2Conveniences2.2.2.1Expression syntax2.2.2.2Declaration and binding constructors2.2.3Imperatives2.2.4Exceptions2.2.5Kernel primitives2.3Doing computations2.3.1Application2.3.2Values2.3.3Variables2.3.4Groups2.3.5Bindings2.3.6Arguments2.3.7Declarations2.4The type system2.4.1Types2.4.2Type predicates and type-checking2.4.3Marks2.4.4Clusters and dot notation2.4.5Classes2.5Programs2.5.1Structure of programs2.5.2Names2.5.3Expressions2.5.4Scope2.5.5Constructors2.5.6Recursionÿ��������������������������������������������������������������������������������������������������������������������������������������������î·ïf2tô�Gõ��ð?îGïq�î#Ûï_•pô�jî·ïZŸî·ïU©î·ïR¡uîyîyïPúrîTô�XîyïO/îTîyïMdîTîyïK™îTîyïIÎîTî·ïGvuîyîyïEÏrîTîTïDKvî£
îTïBêî£ô�€îTïA‰î£îTï@(î£îTï>Çî£îTï=fî£îyï;¿rîTîTï:;vî£îTï8Úî£ð$îyï73rîT
îyï5hîT	îyï3îTô�X
î·ï1Euîyîyï/žrîT
îyï-ÓîTîyï,îTîyï*=îTîyï(rîTîyï&§îTîyï$ÜîTî·ï"„uîyîyï ÝrîTîyïîTð!îyïGîTîyï|îTîyï±îTî·ïYuîyîyï²rîTîyïçîTîyïîT
îyïQîTîyï†îTîyï»îT�������v��������TVk(������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR LANGUAGE REFERENCE MANUAL: INTRODUCTIONDRAFT OF JULY 20, 198232.6Conveniences2.6.1Coercion2.6.2Finalization2.6.3Safety2.6.4Concurrency2.7Miscellaneous2.8Relations among groups, types, declarations and bindings2.9Incompatibilities with current CedarChapter 3. Syntax and semantics3.1Notation3.1.1Notation for the grammar3.1.2Notation for desugaring3.2The lexical structure of programs3.3Modules3.3.1Modules and instances3.3.2Applying modules3.3.2.1Initializing an implementation instance3.3.3Parameters to modules: DIRECTORY and IMPORTS3.3.4Interface module bodies3.3.4.1Opaque types3.3.4.2Interface variables3.3.5Implementation module bodies3.3.6PUBLIC, PRIVATE and SHARES3.4Blocks, OPEN and ENABLE3.4.1Scope of names and initialization3.4.2OPEN3.4.3ENABLE and EXITS3.4.3.1ENABLEFinalizationSignals3.4.3.2EXITS3.4.4Safety3.5Declaration and binding3.5.1PROC bindings3.6Statements3.7Expressions3.8IF and SELECT3.9Typesÿ����������������������������������������������������������������������������������������������������î·ïf2tô�Gõ��ð?îGïq�î·ï_Ûuîyîyï^4rîTîyï\iîTîyïZžîTîyïXÓîT
î·ïV{uîyî·ïT#îyô�Xð/î·ïQËîyð$î·ïLÕpô�jî·ïIÍuîyîyïH&rîTô�XîyïF[îTî·ïDuîyð!î·ïA«îyîyï@rîTîyï>9îTîTï<µvî£ô�€îyï;rîT	ô�Xtrtîyï9CrîTîTï7¿vî£ô�€îTï6^î£îyï4·rîT
ô�X
îyï2ìîTtrtrtî·ï0”uîywuwîyï.írîTð!îyï-"îTtîyï+WrîTtrtîTï)Óvî£xî£ï(rvî£ï'îTï%°î£xîyï$	rîTî·ï!±uîyîyï 
rîTtrî·ï²uîy	î·ïZîy
î·ïîywuwî·ïªuîyÿ�������ž��������TVk(������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR LANGUAGE REFERENCE MANUAL: INTRODUCTIONDRAFT OF JULY 20, 19824Chapter 4. Primitive types and type constructors 4.1The class hierarchy4.2Type-related primitives4.2.1Primitive types and constructors4.2.2Type constructors4.2.2.1Options4.2.3Primitive procs4.3General and assignable types4.3.1General types4.3.2Assignable types4.3.3Variable types4.3.4Opaque types4.4Map types4.4.1Transfer typesPROC typesPORT typesPROGRAM typesPROCESS typesSIGNAL and ERROR types4.4.2Row and descriptor types4.4.2.1ARRAY types4.4.2.2SEQUENCE types4.4.2.3Descriptor types·4.4.3BASE POINTER types4.5Address types 4.5.1Reference types 4.5.1.1REF typesLIST typesThe type ATOM4.5.1.2¸Pointer types4.5.2Zone types4.5.3POINTER TO FRAME types4.5.4RELATIVE types4.6Record and union types4.6.1Record types 4.6.2Variant record types4.6.3Union types4.7Ordered types4.7.1Discrete types4.7.1.1Enumeration typesThe type BOOL or BOOLEANThe type CHAR or CHARACTR4.7.2Numeric types4.7.2.1Whole numbersCardinal types4.7.2.2The type REAL4.7.3Subrange typesÿ��î·ïf2tô�Gõ��ð?îGïq�î·ï_•pô�jð*î·ï\uîyô�Xî·ïZ5îyîyïXŽrîTîyïVÃîTîTïU?vî£îyïS˜rîTî·ïQ@uîyîyïO™rîTîyïMÎîTîyïLîT
îyïJ8îTî·ïGàuîyîyïF9rîT
îTïDµxvô�€îTïCTxvîTïAóxvîTï@’xvîTï?1xvxvîyï=ŠrîTô�XîTï<vî£xvô�€îTï:¥î£xvîTï9Dî£îyï7rîTtô�Grô�Xî·ï5Euîy
îyï3žrîTîTï2vî£xvô�€î£ï0¹xvî£ï/XxîTï-÷vî£
îyï,PrîTô�Xîyï*…îTtô�Grô�Xîyï(ºîTtrî·ï&buîyîyï$»rîTîyï"ðîTîyï!%îT
î·ïÍuîyîyï&rîT
îTï¢vî£
ô�€î£ïAxvxî£ïàvxvxîyï9rîTô�XîTïµvî£ô�€î£ïT
îTïóî£xîyïLrîTô�X����������������TVk(H��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR LANGUAGE REFERENCE MANUAL: INTRODUCTIONDRAFT OF JULY 20, 198254.8TYPE types4.9Miscellaneous types4.10Kernel-only types 4.11Defaults4.12Implies4.13Coercions4.14Dot notationTablesTable 41: The class hierarchyTable 42: Primitive and predeclared typesTable 43: Primitive type constructor procsTable 44: Type options and their constructorsTable 45: Primitive procsTable 46: Usual cases for defaultsTable 47: Complete cases for defaultsTable 48: Implies relations for primitive typesTable 49: Coercions for primitive typesTable 410: Cases for dot notation in current Cedarÿ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2tô�Gõ��ð?îGïq�î·ï_Ûuîywuô�Xî·ï]ƒîyî·ï[+îyî·ïXÓîyî·ïV{îyî·ïT#îyî·ïQËîyî·ïLÕpî·ïH&rq�rî·ïFð*î·ïDØð+î·ïC1ð.î·ïAŠî·ï?ãð#î·ï><ð&î·ï<•ð0î·ï:îð(î·ï9Gð3�������J��������TVk(�n����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR KERNEL, TEMPORARYDRAFT OF JULY 19, 19826Chapter 2. The kernel languageThis document describes the Cedar language in terms of a much simpler kernel language. Cedardiffers from the kernel in two ways:·It has a more elaborate syntax. The meaning of each construct in Cedar is explained bygiving an equivalent kernel program. Often the kernel program is longer or less readable; the Cedar construct can be thought of as an idiom whichconveniently expresses a common operation. Sometimes the Cedar construct has no real advantage, and thedifference is the result of backward compatibility with the ten-year history of Mesa and Cedar.·It has a large number of built-in types and procedures. In the kernel language all of thesecould in principle be programmed by the user, though in fact most are provided by specialcode in the Cedar compiler. In general, you can view these built-in facilities much like alibrary, selecting the ones most useful for your work and ignoring the others.Unfortunately, the kernel language is not a subset of the current Cedar langauge. Many importantobjects (notably types, declarations and bindings) which are ordinary values in the kernel languagethat can be freely passed as arguments or bound to variables, are subject to various restrictions inCedar: they can only be written in literal form, cannot be arguments or results of procedures, orwhatever. The long-term goal for evolution of the Cedar language is to make it a superset of thekernel defined here. In the meantime, however, you should view the kernel as a concise andhopefully clear way of describing the meaning of Cedar programs. To help in keeping the kerneland current Cedar separate, keywords and primitives of the kernel which are not available incurrent Cedar are written in SANS-SERIF SMALL CAPITALS, rather than the ROMAN SMALL CAPITALSused for keywords of current Cedar. Operator symbols of the kernel which are not in current Cedarare not on the keyboard.The kernel is a distillation of the essential properties of the Cedar language, not an entirely separateinvention. Most Cedar constructs have simple translations into the kernel. Those which do not (e.g.,many of the features of OPEN) are considered to be mistakes, and should be avoided in newprograms.¶ 2.2 defines the syntax and semantics of the Cedar kernel language, the former with a grammar,and the latter by explaining how to take a program and deduce the function it computes and thestate changes it causes. The remainder of the chapter explains the concepts behind the kernel. Italso gives the restrictions imposed by the current Cedar language on the full generality describedhere; for more on this subject, see Chapter 3. The meaning of the various built-in primitives isgiven in Chapter 4. ¶ 2.9 describes the incompatibilities between the kernel language and currentCedar, i.e., the constructs in Cedar which would have a different meaning in a kernel program. Forthe most part, these are bits of syntax which do not have consistent meanings in current Cedar;future evolution of the language will replace them with their kernel equivalents.Usually, terms are defined and explained before they are used, but some circularity seems to beunavoidable. ¶ 2.1 gives a brief summary of each major idea which may be helpful as a reminder.Both this and the explanations in ¶¶ 2.3-2.7 are given under five major headings, as follows:Doing computations: Application Value Variable Group Binding Argument The type system: Type Type-checking Mark Cluster DeclarationPrograms: Name Expression Scope Constructors RecursionConveniences: Coercion Exception Finalization Safety ProcessMiscellaneous: Allocation Static PragmaThe kernel definition in ¶ 2.2 follows the ordering of the kernel grammar.������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2tô�Gõ��ð)îGïq�î%ï_•pô�jî·ï\jqô�®ô�¯ð%rqî·ïZæô�€îâïXŽ�î­ô�°ð!ô�±ð3î­ïW
ô�€î­ïTùtô�Šðgî­ïS»ô�­ð<ô�®î­ïR}	ô�€ðUîâïP%q�î­ô�—ðPô�˜î­ïN¡ô�Œð@ô�î­ïMô�¦ô�§ðSî­ïK™ô�€ðFî·ïHn
ô�™ô�šð;î·ïFêô�—ðHô�˜î·ïEfô�ð9ô�žð'î·ïCâô�¦ô�§ðVî·ïB^ô�¤ðWî·ï@Úô�ÔðPô�Õî·ï?Vô�¥ðBô�¦î·ï=Òô�ÔðLô�Õî·ï<Nô�—ô�˜yz�yz�yz�yqtq�tq�tî·ï:Êqô�…ðHô�†î·ï9Fô�€î·ï6ô�„ðSô�…î·ï4—	ô�Œrqô�î·ï3ô�Òtqô�Óî·ï1î·ï.d�ô�¥ð,ô�¦ð2î·ï,àô�Ÿ
ô� ðMî·ï+\ô�¬ô�­ðEî·ï)Øô�§ðDô�¨î·ï(Tô�·ð[î·ï&Ðô�«ð"ô�¬ð:î·ï%Lô�‰ð/ô�Šð-î·ï#Èô�¯ð$ô�°ð8î·ï"Dô�€ðKî·ïô�°ðWî·ï•ô�œðIô�	î·ïô�€ðYî­ï¹rqð4î­ïarqð-î­ï	rqð.î­ï±rqð0î­ïYrqî·ïðJ�������¬��������TVk(j������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR KERNEL, TEMPORARYDRAFT OF JULY 19, 198272.1 OverviewThis section gives a brief summary of the essential concepts on which the Cedar language is based.The explanations are concise and incomplete. For more precise definitions, see ¶ 2.2.2.1.1 Doing computationsApplication: The basic mechanism for computing in Cedar is applying a procedure (proc for short) toarguments. When the proc is finished, it returns some results, which can be discarded or passed asarguments to other procs. The application may also change the values of some variables. In theprogram an application is denoted by (the denotation of) the proc followed by square bracketsenclosing (the denotation of) the arguments: f [x, y]. There are special ways of writing many kindsof application: x+1, person.salary, IF x<3 THEN red ELSE green, x: INT_7.Value: An entity which takes part in the computation (i.e., acts as a proc, argument or result) iscalled a value. Values are immutable: they are not changed by the computation. Examples: 3, TRUE,"Hello", l x IN x+3; actually these are all expressions which denote values in an obvious way.Variable: Certain values, called variables, can contain other values. The value contained by avariable (usually called the value of the variable) can change when a new value is assigned to thevariable. In addition to its results, a proc may have side-effects by changing the values of variables.Every type has a NEW proc which creates a variable of the type. A variable is usually represented bya single block of storage; the bits in this block hold the representation of its value.Group: A group is an ordered set of values, often denoted like this: [3, x+1, "Hello"]. A group isitself a value.Binding: A binding is an ordered set of [name, value] pairs, often denoted by a constructor like this:[x: INT~3, y: BOOL~TRUE], or simply [x~3, y~TRUE]. Sometimes it is called an environment. If b is abinding, b.n denotes the value of the name n in b.Argument:Incomplete2.1.2 The type systemType: A type defines a set of values by specifying certain properties of each value in the set (e.g.,integer between 0 and 10); these properties are so simple that the compiler can make sure that procarguments have the desired properties.  A value may have many types; i.e., it may be in many ofthese sets. A type also collects together some procs for computing with the value (e.g., add andmultiply).A type is itself a value which is a pair:Its predicate, a function from values to the distinguished type BOOL. A value has type T ifT's predicate returns TRUE when applied to the value.Its cluster, a binding in which each value is usually a proc taking one argument of the type.The expression e.f denotes the result of looking up f in the cluster of e's syntactic type De,and applying the resulting proc to e.A proc's type depends on the types of its domain and range; a proc with domain (argument type) Dand range (result type) R has the type D_R. Every expression e has a syntactic type denoted De,e.g., the result type or range declared for its outermost proc; in general this may depend on thearguments. The value of the expression always has this type (satisfies this predicate); of course itmay have other types as well.������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2tô�Gõ��ð)îGïq�î·ï_Ûuô�Xî·ï\°qô�ð!ô�ð=î·ï[,ô�€ðRî·ïW-rô�Xî·ïTu
q�ô�€	ô�ð%rqrqrq
î·ïR~rq�ô�—ô�˜
rqð%î·ïPúô�·ð)ô�¸ð,î·ïOvô�Áô�ÂðDî·ïMòô�˜ð${�q{�q{�qð$ô�™
î·ïLnô�€
{�q{qtq�{�qtq�{q�tq�{q{�qtqî·ïICuq�ô�¬ô�­ð>î·ïG¿ô�‰rqrq
ô�Šð*tq�î·ïF;ô�€�|�qtqðOî·ïCuq�ô�árqô�â�rqð'î·ïAŒô� ô�¡rqð.rqî·ï@ô�’ð-rqô�“ð%î·ï>„ô�€tqð6ô�î·ï=��ô�€ðVî·ï9Õuq�ô�˜rqð+ô�™{�qî·ï8Qô�€î·ï5&uq�ô�†rqô�‡r�qr
q
î·ï3¢�{�q�ô�¾�tq{�qtq�tqô�¿{�q{�q�tqtv
t�q{�qî·ï2ô�€�{q{�q{�q�î·ï.óuq�î·ï+s	î·ï'‚rô�Xî·ï$Wuq�ô�™ô�šðHî·ï"Óô�…ô�†ðCî·ï!Oô�›ð*ô�œð,î·ïËô�µð)ô�¶ð2î·ïG	î·ï�ô�€ð(î­ïÄô�˜�rqô�™tq	rq{�qî­ï@{�qô�€tqî­ïèô�…�rqð1ô�†ð!î­ïdô�’{�q�{�qð"{�q{�qô�“}�{�q�î­ïàô�€{�q�î·ïˆ�ô�ð/ô�‚ð/{�î·ïqô�Ÿ{�qô� 
{�}�{�q{�qr
q}�{�q�î·ï€ô�¬rqô�­ð6î·ï
ü	ô�©ð#ô�ªð7î·ï	xô�€ÿ�������š��������TVk(Ô����������������������������������������������������������������������������������������CEDAR KERNEL, TEMPORARYDRAFT OF JULY 19, 19828Mark: Every value carries a set of marks (e.g., INT or ARRAY; think of them as little flags stuck ontop of the value). The predicate HASMARK tests for a mark on a value; it is normally used to writetype predicates. The set of all possible marks is partially ordered. The set of marks carried by a value must have a largest member m, and it must include every mark smaller than m.Hence all the marks on a value can be represented by the single mark m; we can say that m is the mark on the value.Type-checking: The purpose of type-checking is to ensure that the arguments of a proc satisfy thepredicate of the domain type; this is a special kind of pre-condition for executing the proc. Theproc body can then rely on the fact that the formal parameters satisfy their type predicates. It mustestablish that the results satisfy the predicate of the range type; this is a special kind of post-condition which holds after executing the proc. Finally, the caller can rely on the fact that theresults satisfy their type predicate. In summary:Callerestablish pre-condition: arguments have the domain type;rely on post-condition: results have the range type.Bodyrely on pre-condition: formals have the domain type;establish post-condition: returns have the range type.Declaration: A declaration is an ordered set of [name, type] pairs, often denoted like this: [x: INT, y:BOOL]. A declaration can be instantiated (e.g., on block entry) to produce a binding in which eachname is bound to a variable of the proper type; instantiating the previous example yields [x: VAR INT~(VAR INT).NEW, y: VAR BOOL~(VAR BOOL).NEW]. If d is a declaration, a binding b has type d if it has the same set of names, and for each name n thevalue b.n has the type d.n. A binding b matches d if the values of b can be coerced to yield a bindingb( which has type d.2.1.3 ProgramsName: A name appearing in the program denotes the value bound to the name in the scope that thename appears in (unless the name is before a colon (declaration) or tilde (binding), or after a dot).An atom is a value that can be used to refer to a name; a literal atom is written like this: $alpha.Expression: In the program a value is denoted by an expression, which is:a literal value (3 or "Hello"), ora name (x or salary), or an application of a proc to other values(Sin[90] or GetProperties[directory, ReadFileName[input]]), ora l-expression, which yields a proc value (l [x: INT] IN (IF x<0 THEN x ELSE x) ), ora constructor for a declaration or binding ([x: INT~3, y: REAL~3.14].If a value is known for each name in the expression, then the expression can be evaluated toproduce a value. Thus an expression is a rule for computing a value.Scope: A scope is a region of the program in which the value bound to a name does not change(although the value might be a variable, whose contents can change). For each scope there is abinding which determines these values. A new scope is introduced (in the kernel) by IN or by a [...]constructor for a declaration or binding; e.g., LET x~3 IN x+5;LET fact~l [n: INT] IN IF n=0 THEN 1 ELSE n*fact[n1].Constructors;IncompleteRecursion:Incomplete����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2tô�Gõ��ð)îGïq�î·ï_Ûuq�ô�ô�Žrqtqtqð(î·ï^Wô�•yqô�–ð.î·ï\Óô�€ðAî·ïZÂtô�Ÿð<~�tð-ô� �~�t�î·ïY„ô�€ð@~�t~�tvtî·ïVYuq�ô�œðOô�î·ïTÕô�®ð+ô�¯ð-î·ïSQô�‹ð:ô�Œð'î·ïQÍô�Æð.ô�Çð,î·ïPIô�¾ô�¿ð8î·ïNÅô�€ð*î)ïMAî
ô�Xð/î
ïK½ð4î)ïJ9î
ð4î
ïHµð6î·ïEŠu
q�ô�r
qô�‚ð(r�q{�qtq{�q�î·ïDtqô�˜ô�™rqð:î·ïB‚ô�€ðVî
ï@þ�{�q�ô�X�ytô�Gqytqtq�ô�X�{�qytô�Gqytqtqô�X�î·ï?zô�‚�{�q{�qô�ƒ	{�qð4{�qî·ï=öô��{qô�‚{q{�q�rq�{�q{�qrqî·ï<r{�}�qô�€{�q�î·ï8srô�Xî·ï5Huq�ô�„rqð,rqô�…rqî·ï3Äô�‘ô�’ðEî·ï2@ô�€�rqðW{q�î·ï/u	qð*r	q
î
ï-‘�ô�X�rqî
ï,
rq{�q{qî
ï*‰r
q{q{q�{q{q�{qî
ï)|�r
q|�q{�qtqtqtq�{�qtq{�q�tq�{�qî
ï'r
q{�qtq{�qtqî·ï%ýô�Èð2ô�Érqî·ï$yô�€ð=î·ï!Nuq�ô�Ÿô� ðIî·ïÊô�·ð.ô�¸ð'î·ïFô�ŒðMyqô�
î·ïÂ
ô�€ð%î
ï>yqô�X�{�qyq�{�qî
ïºyq�{q�|�q{�qtqyq�tq�{�qtqtq�{�q�{q�{�qî·ïuq�î·ïs	î·ïòuq�î·ï€s	ÿ�������r��������TVk(ï����������������������������������CEDAR KERNEL, TEMPORARYDRAFT OF JULY 19, 198292.1.4 ConveniencesCoercion: Each type cluster contains To and From procedures for converting between values of thetype and values of other types (e.g., Float: PROC[INT]_[REAL]). One of these procedures is appliedautomatically if necessary to convert or coerce an argument value to the domain type of a proc; thisapplication is a coercion. Each coercion has an associated atom called its tag (e.g., $widen forINT_REAL or $output for INT_ROPE); several coercions may be composed into a single one if theyhave the same tag.Exception: There is a set of exception values. An expression e denotes a value which is either oftype De or is an exception. Whenever an exception value turns up in evaluating an expression, itimmediately becomes the value of the whole expression, unless (in the kernel) the expression hasthe form e BUT {...}. The {...} tests for exception values and can supply an ordinary value, oranother exception, as the value of the BUT expression. An exception value may contain an ordinaryvalue, so that arbitrary information can be passed along with an exception.Finalization: When a variable is no longer accessible, the storage it occupies is freed (automaticallyin the safe language). Before this is done, a finalization proc in the cluster of the variable's type iscalled to do any other appropriate resource deallocation. The local variables of a proc or otherscope may also be finalized (using UNWIND).Safe: The safety invariant says that all references are legal, i.e., each REF T value is NIL or refers toa variable of type T. A proc is safe if it maintains the safety invariant whenever it is applied toarguments of the proper types. If a proc body (l-expression) is checked, the compiler guarantees that it is safe, and the proc value is safe;trusted, the programmer asserts that it is safe (but the compiler makes no checks), and theproc value is safe;unchecked, the compiler makes no checks and the proc value is unsafe. It is best to write checked code whenever possible. However, checked code cannot call unsafe procs(since the compiler then cannot guarantee safety). Process: Concurrency is obtained by creating a number of processes. Each process executes a singlesequential computation, one step at  time. They all share the same address space. Shared data(touched by more than one process) can be protected by a monitor; only one process can executewithin any proc of the monitor at a time. Thus monitor procs can read and write shared data safely.A process can wait on a condition variable within a monitor; other processes can then enter themonitor. The waiting process runs again when the condition is notified, or after a timeout.2.1.5 MiscellaneousAllocationIncompleteStaticIncompletePragmaIncompleteThe remainder of Chapter 2  is not released in this draft.ÿ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2tô�Gõ��ð)îGïq�î·ï_Ûrô�Xî·ï\°uq�ô�–{qrq
ô�—r	qî·ï[,ô�˜
ô�™{qtq�tq�}�q�tqð&î·ïY¨ô�…rqð5î·ïX$
ô�Ørqð2rq{qî·ïV t}�tqô�Œ{qt}�tqð9ô�î·ïUô�€
î·ïQñuq�ô�©rq{�q	ô�ªî·ïPmô�¡�}�{�qô�¢ðVî·ïNé
ô�¦ô�§ð<î·ïMeô�Ã{�q�yqô�Äð@î·ïKáô�ô�yqð7î·ïJ]ô�€ðEî·ïG2uq�ô�’ð-ô�“ð,î·ïE®ô�–ð,rqð+ô�—î·ïD*ô�¿ðZî·ïB¦ô�€tqî·ï?{uq�ô�Œrqð0tq�{�q	tqô�	î·ï=÷�ô�¯{�qrqð<ô�°î·ï<sô�€ð&|�qî­ï:rqðFî­ï7Ãrq�ô�—ô�˜ð<î­ï6?ô�€î­ï3çrqð=î·ï1ô�‰ð1ô�Šð/î·ï0ô�€ð-î·ï,àuq�ô�Œð$ô�rqî·ï+\	ô�Æô�Çð9î·ï)Øô�Ÿð.ô� rqî·ï(Tô�ƒðCô�„î·ï&Ð�ô�µrqrqô�¶ð,î·ï%Lô�€ð6rqrq�î·ï!Mrô�X
î·ï"u	î·ï°s	î·ï…uî·ïs	î·ïèuî·ï
vs	î·ï
ô�€ð7ÿ���������������TVk(t����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR SYNTAX AND SEMANTICS, PART 1DRAFT OF JULY 20, 198210Chapter 3. Syntax and semanticsThis chapter gives the concrete syntax for the current Cedar language, together with an informalexplanation of the meaning of each construct, and a precise desugaring of each construct into thekernel language defined in Chapter 2. The desugaring, together with the definitions of the kernelprimitives used in it, are the authority for the meaning; the informal explanation is just for yourreading pleasure. The primitive procs and types of Cedar are specified in Chapter 4. In addition to the grammar rules and desugaring, there are examples for each construct. These areintended to illustrate the constructs and do not form a meaningful program. ??? has longer exampleswhich do something interesting and also illustrate the use of the standard Cedar packages.The chapter begins with a description of the notation (¶ 3.1) The remaining sections dealsystematically with the rules of the grammar, explaining peculiarities of the syntax and giving thesemantics:¶ 3.2, rules 56-61: The lexical structure of programs. ¶ 3.3, rules 1-3: Modules.¶ 3.4, rules 4-10: Blocks, OPEN, ENABLE, EXITS.¶ 3.5, rules 11-3: Declarations and bindings.¶ 3.6, rules 14-18: Statements.¶ 3.7, rules 19-27: Expressions.¶ 3.8, rules 28-35: IF and SELECT.¶ 3.9, rules 26-55: Types.The order of the grammar rules is: module, expression, type, and top-down within these. 3.1 NotationWith the exception of the abbreviated non-terminals listed below, every non-terminal appearing in arule is defined in a rule immediately below, or its defining rule is cross-referenced with a smallsuperscripted number12. If a non-terminal (other than e, t or n) is used in more than one rule, thenall the rules that use it are listed in a comment after its definition. The following non-terminals are so basic to the language and so frequently used, that they arerepresented in the grammar by abbreviations:b=binding13d=declaration11db=declaration or binding10e=expression19n=name56 (identifier)s=statement14t=type36��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2tô�Gõ��ð4îG?qî°ï_•pô�jî·ï\jqô�­ð8ô�®ð$î·ïZæ
ô�¡ð&ô�¢ð0î·ïYbô�¥ô�¦ð?î·ïWÞ	ô�¨ð3ô�©ð&î·ïVZô�€ðNî·ïS/ô�—ð[ô�˜î·ïQ«ô�€ô�ðIî·ïP'ô�€ðUî·ïLüôôð@î·ïKx
ô�¤ô�¥ðLî·ïIô	î­ïGœ�ô�€ð6î­ïEDî­ïBìtqtqtq�î­ï@”ð-î­ï><î­ï;äî­ï9Œtqtq�î­ï74î·ï4	ð#î­ï1±î­ï/Yî­ï-î·ï*©î·ï%Öuô�Xî·ï#~qô�ô�‚ð[î·ï!úô�³ð!ô�´ð=î·ï vô�‰ï ¼ï vqð"ô�Šð,î·ïòô�€ðEî·ïÇô�Àô�ÁðCî·ïC
ô�€ð!î
ï¿u�qïî
ï;u�qïî
ï·uqô�X
ïýî
ï3u�q
ïyî
ï¯u�qïõï¯qî
ï+u�q	ïqî
ï§u�qïíÿ���������������TVk(��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR SYNTAX AND SEMANTICS, PART 1DRAFT OF JULY 20, 1982113.1.1 Notation for the grammarThe grammar is written in a variant of BNF:Bold parentheses are for grouping: ( interface | implementation).Item | item means choose one.?item  means zero or one occurrences of item.item; ... means zero or more occurrences of item separated by ";". The separator may also be  ",",ELSE, IN, or OR, or it may be absent. If the separator is ";", a trailing ";" is optional. item; !..  is just like item; ... but there is at least one occurrence.A terminal is a punctuation character other than bold ()?| or any character underlined, or a word inSMALL CAPS. Note that [] and {} are terminals, and do not denote optional occurrence and repetition as they do in manyother variants of BNF.The rules are numbered sequentially, and each use of a non-terminal not defined just below is cross-referenced with a small superscript number.¸ marks an unsafe feature, · an obsolete one; ¹ a feature needed only for machine-dependent work; µan efficiency hack.3.1.2 Notation for desugaringThe right-hand column is desugaring into the Cedar kernel language. This is a purely syntactictransformation; i.e., it is done on the text of the program, not on the values. The rewriting is doneone rule at a time; a single step of rewriting involves elements from exactly one rule. Thedesugaring is specified by slightly informal but straightforward rewriting rules, in which:An occurrence of a non-terminal (written in bold) denotes the text produced by that non-terminal in the grammar rule.Alternation reflects a corresponding alternation in the grammar rule, ? reflects acorresponding optional item in the grammar rule, and bold parentheses are for grouping asin a grammar rule. As in grammar rules, literal parentheses are underlined.Everything else is taken literally.An underlined non-terminal in the right column means that the desugaring specified for that non-terminal must be done in order to obtain a legal program. Otherwise the transformations can bedone in any order, yielding a legal program at each step.Every occurrence of expression and type in the desugaring should be enclosed in parentheses, sothat the desugared program parses as the rewriting rule indicates. These parentheses are omitted forclarity.For type options like PACKED, the desugaring of the construct in which they appear is a call on abuilt-in a type constructor which takes a corresponding BOOLEAN argument defaulting to FALSE; ifthe attribute is present, the argument is supplied with the value TRUE.Examples: the following rule for subranges:subrange ::= ( typeName | )  (( [ e1 .. e2 ] | [ e1 .. e2  ) ) |(INT | typeName).MKSUBRANGE[e1, ( e2 | PRED[e2] ) ] ) |( ( e1 .. e2 ] | ( e1 .. e2  ) ) )(INT | typeName).MKSUBRANGE[SUCC[e1], ( e2 | PRED[e2] ) ] )generates these desugaringsIndex [ 10 .. 20 ]Index.MKSUBRANGE[10, 20]Index [ 10 .. 20 )Index.MKSUBRANGE[10, PRED[20] ]( 1 .. 100 )INT.MKSUBRANGE[SUCC[1], PRED[100] ]Names introduced in the desugaring are written with one or more trailing dash ("(") characters.Such names cannot be written in a Cedar program, and hence they are safe from name conflicts.������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2tô�Gõ��ð4îG?qî·ï_Ûrô�Xî·ï\°qô�€ð(î
ï[,ô�Xu�q
u�qu�q�î
ïY¨u�qî
ïX$u�qð,î
ïV uqðYî
ëïUtqyt�qtqðLî
ïS˜uquqð&î
ïRð6uq	î8©ïQÜþw�î? ïR
î
ëïPtô�Gq�ô�X�tô�Gð&vtð=î
ëïORî
ïMÎqô�Xðaî
ëïLJð+î
ïJÆðcî
ëïIBî·ïECrî·ïBqô�Àô�Áð@rî·ï@”qô�‘ô�’rqrqî·ï?ô�èðJô�é
î·ï=Œ	ô�€ðQî­ï;4ô�›ð7ô�œî­ï9°ô�€î­ï7X
ô.ô/ð1uq
î­ï5Ôô�
ô�Žð>î­ï4Pô�€ðIî­ï1øð#î·ï/ ô�™ðFô�šî·ï.ô�®�rqô�¯ðNî·ï,˜ô�€ð5î·ï)mô�­u	quqð5ô�®î·ï'éô�ˆô�‰ð@î·ï&eî·ï#:ô�štq�ô�›ðDî·ï!¶ô�˜ð0tqô�™�tqî·ï 2ô�€ð?tq�î·ïð+î·ïÜuô�Xq�u�qu�q�tô�G�u�î
ïXu�qô�XïË�ïXqïË�ïXqïË�ïXqïË�ïXq�îï þ�y�î‰ïX�u�q�u�î*u�tq�u�q�uq�y	q�u�ïË�ïXqu�q�u�ïË�ïXq�u�q�tq�u�ïË�ïXqu�qu�q�u�î
ïj�q��î
ëï2þ�y�îdïjïÝ�ïjqïÝ�ïjq�îï2þ�y�î–ïjïÝ�ïjqïÝ�ïjq�î<ï2þ�y�îµïj�u�q�u�î*u�tq�u�q�uq�y	q�tq�u�ïÝ�ïjqu�q�u�ïÝ�ïjq�u�q�tq�u�ïÝ�ïjqu�qu�î·ïqô�€î·ïçô�Xî*y	qî·ïcî*y	qtqî·ï
ßî*tq�y	q�tqtqî·ï
´ô�¸ðCô�¹}�q
î·ï	0ô�¤ðY�������X��������TVk(��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR SYNTAX AND SEMANTICS, PART 1DRAFT OF JULY 20, 198212The desugaring is constructed so that the ordinary scope rules prevent multiple uses of these namesfrom being confused.3.2 The lexical structure of programs56 name ::= letter (letter | digit)...-- But not one of the reserved words in Table ???.57 literal ::=  num ?( D | d  | B | b ) ?num |-- WHOLENUMBER, decimal if radix omitted or D, octal if B |digit (digit |A|B|C|D|E|F) ... ( H | h ) ?num |-- WHOLENUMBER in hex.. |?num . num  ?exponent | -- REAL as a scaled decimal fraction; note no trailing dot. |num exponent |-- With an exponent, the decimal point may be omitted. |' extendedChar | · digit !.. C |-- CHAR literal; the C form specifies the code in octal |" extendedChar ... " ?·L |[ ('extendedChar), ...] -- Rope.ROPE, TEXT, or STRING |$ n-- ATOM literal58 exponent ::= (E | e) ?(+ | ) num-- Optionally signed decimal exponent59 num ::= digit !..60 extendedChar ::= space | \ extension |printingCharExceptQuoteOrBackslash 61 extension ::= digit1 digit2 digit3 |-- The character with code digit1 digit2 digit3 B |(n | N | r | R) | (t | T) | (b | B) | -- CR, '\015 | TAB, '\011 | BACKSPACE, '\010 | (f | F) | (l | L) | \ | ' | "-- FORMFEED, '\014 | LINEFEED, '\012 | \ | ' | "m, x1, x59y, longNameWithSeveralWords: INT;n: INT~1+12D+2B9+2000000000B        +1H+0FFH;r1: REAL~0.1+.1+1.0E1          +1E1;a1: ARRAY [0..3] OF CHAR~['x, '\n, '\', '\141];r2: ROPE~"Hello.\n...\nGoodbye\F";a2: ATOM~$NameInAnAtomLiteral;The main body of the grammar (rules 1-55) treats a program as a sequence of tokens. Rules 56-61give the syntax of most tokens. A token is:A literal57. More information about literals of type T can be found in Chapter 4, as part ofthe treatment of type T.A name56.A reserved word, which is a string of uppercase letters that appears in the list of reservedwords in Table ???. A reserved word may not be used as a name, except in an ATOM literal.One of the following two-character symbols (used in the grammar rules indicated):~=not equal19 30<=less than or equal22~<not less thanequal19 30>=greater than or equal22~>not greater than19 30=>chooses8 17 30 31 33 35>RETURNS43..subrange constructor25 48~~bind by name6 34A punctuation symbol: any printing character not a letter or digit, and not part of one ofthe two-character sequences above. The punctuation symbols are: !@#$~*-+=|(){}[]_^;:'",.<>/. The following ASCII characters are not punctuation symbols (and areillegal in a program except in an extendedChar60): %&\?. Note that Cedar uses a variant ofASCII which includes the characters _ (instead of the underbar   ) and ^ (instead of thecircumflex ¬  ).����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2tô�Gõ��ð4îG?qî·ï_Ûô�‰ð/ô�Šð1î·ï^Wô�€î·ïY„uô�Xð"î·ïVYô�>�u�tuô�Xqu�qu�quî*qð2î·ïTÕô�>�uô�Xquq��î+ïTþ�îJïTÕ�u�q��îRïTþ�Ç�îïTÕu�q��îyïTþ�ç�î`ïTÕ�u�q��îhïTþ�Ç�î/ïTÕ�u�q�u�qu�î*qy
qð,u�î
ïSQqu�qu�q�îóïSþ�îûïSQu�q�îSïSþ�ç�î:ïSQu�q�î’ïSþ�þ�îïSQu�q�îèïSþ�îïSQu�q�î_ïSþ�ç�îFïSQu�q�îžïSþ�ç�î…ïSQu�q�uq�u�q��î‹ïSþ �î«ïSQ�u�q��î ³ïSþ�Ç�î!zïSQ�u�q�u�qu�î*qy
q	u�î
ïQÍ�q
u�qu�q�î*tqð5u�î
ïPIqu�î*qð7u�î
ïNÅqu�q�îfïNþ�þ�îdïNÅ�u�î*qtqð1u�î
ïMAququ�q��î6ïM	þ�ç�îïMA�u�î*ququq	tqtqtq�u�î
ïK½qî*tqî·ïJ9ô�>�uô�Xq�u�q�î´ïJþ�ç�î›ïJ9�u�q��î£ïJþ�¥�îHïJ9u�q�uqu�qu�qî*ð%î·ïHµô�>�uô�Xq	î·ïG1ô�>�uô�Xqu�qu�î
ïE­qð#î·ïD)ô�>�uô�XqïCœ�ïD)qïCœ�ïD)qïCœ�ïD)q�u�î*quïCœ�ïD)q�uïCœ�ïD)q�uïCœ�ïD)qu�î
ïB;u�q�î
“ïBþ�Ç�îZïB;�u�q��îbïBþ#�î…ïB;�u�q��îïBþ�„�îïB;�u�q��îïBþ	�î"ïB;u�q�u�q�u�q�î ïBþ�o�îïB;�u�q��î—ïBþ�ç�î~ïB;u�q�u�q�u�q�î|ïBþ�Ç�îCïB;�u�q��îKïBþ�ç�î2ïB;u�q�u�q�î*tqu�tô�Gq�ô�Xu�q�tqu�q�î
ï@·u�q�î
“ï@þ�y�îï@·�u�q��îï@þ�ç�îûï@·u�q�u�q�u�q�îùï@þ�c�î\ï@·�u�q��îdï@þ�ç�îKï@·u�q�u�qu�qu�qî*tqu�q�tqu�qu�qu�qî·ï=Œð'tq�î·ï<tqîyï:„î·ï9�tq
î
ï7|î·ï5øtqtô�Gqô�Xî·ï4ttq	uqî·ï2ðtqî·ï/Åô�–ðHô�—�rqî·ï.Aô�€ð'î­ï+é�ô�Žï,/ï+éqð*{�qô�î­ï*eô�€{�q�î­ï(
ï(Sï(
q�î­ï%µ�ô�ðCô�žî­ï$1ô�€ðGtqî­ï!ÙðQî›ï Uî*ô�Xï ›ô�>î›ïÑqî*ô�X
ïî›ïMqî*ï“ô�>î›ïÉqî*ô�X
ïî›ïEqî*ï‹ô�>î›ïÁqî*ïî›ï=qî*tïƒî›ï¹qî*ô�Xïÿô�>î›ï5qî*ô�Xï{�ô�>î­ïÝq�ô�ð1ô�žð(î­ïYô·ô¸ð%î­ïÕô�™tqô�šð0î­ï
Qô�‰ô�Šð$ï
—ï
Qqð*î­ïÍtqô�¬ô�­î8Óï•þZ�î:-ïÍî­ï
I	ô�€�îwï
¡�îlï
Iÿ�������
T��������TVk(“��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR SYNTAX AND SEMANTICS, PART 1DRAFT OF JULY 20, 198213A comment is not a token and may appear between any pair of tokens; it is a token delimiter, andhence cannot appear in the middle of a token.The program is parsed into tokens by starting at the beginning and successively taking from thefront the longest sequence of characters which forms a token according to the rules above, after firstdiscarding any amount of initial whitespace or comment. Whitespace is a space, tab, and carriage return.A comment is a sequence of characters beginning with --, not containing -- or a carriagereturn, and ending either with -- or with a carriage return.Whitespace and comments thus do not affect the meaning of the program except:When they delimit a token.Within a CHAR literal or a ROPE literal, where they are taken literally. Thus  '  is equal to'\040, and "Iam --not--" is equal to "I\Nam --not--" and different from "I\Nam ".Both reserved words (Table ???) and names with predefined meanings (Table 45) are made upentirely of upper case letters. These names may not be rebound by the program.Note: Semi-colons are used to separate declarations, bindings and statements in a body, and toseparate choices in a statement. Commas are used to separate declarations in fields (i.e., in a procdomain or range, a recordTC or a unionTC), bindings in an application, choices in an expression orin a unionTC. In general these sequences may be empty, and an extra separator at the end isharmless except when the sequence is bracketed with [].The braces which delimit a block4, interface body2, choices in an enable7, or MACHINE CODE body13may be replaced by BEGIN and END brackets. BEGIN replaced "{" and END replaces "}". If onebrace is replaced, its matching partner must also be replaced. The braces delimiting an enumTC45may not be replaced by BEGIN ... END.3.3 Modules 1 module ::= DIRECTORY (nd (: TYPE  (nt | ) | ) l [ (nd( : ( (TYPE nt | TYPE nd) | TYPE nd), ... ] IN        ?(USING [ nu, ... ] ) ),  ... ;     LET (nd(~RESTRICT[nd(, [$nu, ... ] ] ), ...  ( interface | implementation )IN ( interface | implementation ) 2 interface ::= nm :  ?CEDAR DEFINITIONSLET (nit((~nit), ... IN l [((niv | nit):nit((), ...]=>?(IMPORTS ( (niv : | ) nit ), ...)   [nm: TYPE nm] IN?(SHARES ns !..) -- access to PRIVATE names from ns allowed in the module~ ?access12 { ?open6 db10; ... } .open [ db, ... ]  3 implementation ::= nm, !.. : ?CEDAR    LET (nit((~nit), ... IN l [( ( niv | nit ):nit((), ...] =>?¹RESIDENT ( PROGRAM drType43  |       [(ne: ne , ... , nm: TYPE nm , CONTROL: PROGRAM] ] IN                             MONITOR drType43  LET LOCK~MONITORLOCK.NEW ,                          ( | LOCKS e ( | USING nu: t)) )    lock(~lall IN (l IN LOCK | (l IN e | l [nu : t] IN e)) IN?(IMPORTS ( (niv: | ) nit), ...) ?(EXPORTS ne, ...)LET b(~NEWPROGINSTANCE[block].UNCONS IN?·(SHARES ns, !..)      [ (ne~BINDDFROM[ne, b(] ), ... , nm~b( ]~ ?·access12 block . where the body of the block is desugared to a decl thus:     [ db, ... , nm: PROGRAM drType={s; ...} ]DIRECTORY Rope: TYPE USING [ROPE, Compare], -- There should always be a USING clause CIFS: TYPE USING [OpenFile,Error,Open,read],-- unless most of the interface is usedIO: TYPE IOStream,ÿ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2tô�Gõ��ð4îG?qî·ï_Û�ô�Œð&ô�ð9î·ï^Wô�€ð(î·ï[,ô�°ð!ô�±ð;î·ïY¨ô�ð#ô�‚ð>î·ïX$	ô�€r	qrq�î­ïUÌð0î­ïSt�ô�®�rqð3ô�¯î­ïQðô�€ð5î·ïO˜ðMî­ïM@î­ïJèô�–tq
tqð2ô�—î­ïIdô�€î­ïGàðDî·ïDµô�¶ðEô�·î·ïC1ô�€ðFî·ï@ô�¾ðGô�¿î·ï>‚ô�žðDô�Ÿî·ï<þô�…ð@ô�†î·ï;zô�Âô�ÃðCî·ï9öô�€ð/î·ï6Ëô�‡ï7�ï6Ëqï7�ï6Ëqï7�ï6Ëqtq�tqï7î·ï5Gqô�²tqtq
tqtqô�³î·ï3Ãô�Ÿô� ð?ï4	î·ï2?qô�€tqtq�î·ï-luô�Xî·ï*Aô�>uô�Xq�tq�u�q�ï)´~�ï*Aq�u�qtqu�q�ï)´~�ï*Aq�u�q�u�q�u�q�u�î*q�|�qu�q�ï)´~�ï*A}�qu�q�u�tq�u�ï)´~�ï*Aq�u�q�tq�u�ï)´~�ï*Au�q�u�q�tq�u�ï)´~�ï*Au�quqytô�G�qô�X�î
ï(Sutqï'Æ~�ï(Sququ�q�u�quqî*yq�u�q�ï'Æ~�ï(S}�q�yq�u�ï'Æ~�ï(S}�qu�ï'Æ~�ï(Sququ�quqî
ï&eu�q
u�qu�î*yq�u�q�uq�u�q�u
q�u�î·ï$áô�>uô�Xqï$T~�ï$áqu�tq�t
î*yq�u�q�ï$T~ï$á}q�u�ï$T~ï$áu�quq�yq�|�quï$T~ï$áq�u�q�u�ï$T~ï$áu�q�u�ï$T~ï$á}u�quqî
ï"óutq�u�q�u�q�ï"f~ô�>�ï"óq�ô�X�u�q�u�qï"f~ï"óq�u�quî2Mqu�ï"f~�ï"óqtq�u�ï"f~�ï"óq�yô�Gî
ï!utqô�Xï x~�ï!qu�q�î*tqu�ï x~�ï!qî
ïu�qï]ïqu�qï]�ïqï]ïquqî*uququqtô�G�î·ï“ô�>u
ô�Xqï~�ï“qu�tqtô�G�î*yqô�X�uï~ï“}q�u�ï~ï“u�quq�yq�|�qu�q�u�q�u�ï~ï“q�u�q�u�ï~ï“q�u�q�u�ï~ï“}u�quqî
ï¥u�q�tq�u�q�tqïëï¥qu�î*quï~�ï¥qu�ï~�ï¥ququ�ï~�ï¥qtq�u�ï~�ï¥qtqtqyî
ï·tô�Gð$qô�Xïýï·qî*yô�G�tq�t
q�tqô�Xî
ï3u�tô�G�u�qô�X�tqu�q�u�q�tqï¦~�ï3quq�u�î*q}�q�|�ï¦~ï3q�tq�u�|�q�yq�tq�u�q�u�|�q�yq�u�q�u�q�|�qu�ï¦~�ï3qu�qyq�uq�yî
ïEutq�uq�ï¸~ïEq�uqï¸~ïEu�quq�utqï¸~�ïEquî*yq}�q�yq�uî:^ï
þ.�î=ŒïEqyq�yî
ïWu�q�u�tqïÊ~�ïWqu�q�î*uïÊ~�ïWq�yq�u�ïÊ~�ïWq}�qu�ququ�ïÊ~�ïWq}�qî
ïiu�qï¯ïiqî*ð8î*ïåuququ�ïX~�ïåqtq�uqu�quqî·ï�tô�G�î
ï|qô�X�tô�Gqô�Xtqî*tqî
ï
øtô�Gqô�Xî*ð'î
ï	ttq	�������¦��������TVk(Ì��������������������������������������������������������������������������������������������������������CEDAR SYNTAX AND SEMANTICS, PART 1DRAFT OF JULY 20, 198214Buffer: TYPE;-- or it is exported.BufferImpl: MONITOR [f: CIFS.OpenFile] -- Implementations can have arguments.LOCKS Buffer.GetLock[h]^ -- LOCKS only in MONITOR, to specifyUSING h: Buffer.Handle-- a non-standard lock.IMPORTS Files: Files: CIFS, IO, Rope-- Note the absence of semicolons.EXPORTS Buffer-- EXPORTS in PROGRAM or MONITOR.~ { -- module body -- } . -- Note the final dot.Modules serve a number of functions (which might perhaps better be disentangled, but are not):A file of text (BufferImpl.mesa, or its translation into object code, BufferImpl.bcd).The unit handled by the editor, named in DF files and models, and accepted by thecompiler, the binder, and the loader.A set of related structures (types, procedures, variables) which are freely accessible to eachother, hiding irrelevant information from other modules.A procedure which can accept interface types and bindings as arguments, and returnsinterface values as results.The first two uses are not relevant to the language definition, and are not discussed further here;see ???. The others are the subject of this section. There are two kinds of modules: interface modules (written with DEFINITIONS) and implementations(written with PROGRAM or MONITOR). They have the same header (except that interfaces have noRESIDENT option or EXPORTS list); it defines the parameters and results of the module viewed as aproc (¶ 3.3.1) and specifies the name nm of the module. The bodies (following the ~) are different. The remainder of this section deals in turn with:Modules as procedures, and the interface or instance values obtained by applying them (¶3.3.1).How modules are applied (¶ 3.3.2).Module parameters: the DIRECTORY and IMPORTS lists; USING clauses (¶ 3.3.3).Interface module bodies and interfaces (¶ 3.3.4).Implementation module bodies; the EXPORTS list (¶ 3.3.5).SHARES and access12 (¶ 3.3.6).The meanings of the other parts of a module header are discussed elsewhere:CEDAR in ¶ 3.4.4.MONITOR is ¶ CONC.???.RESIDENT in ¶ ???.3.3.1 Modules and instancesA module is a proc which takes two kinds of arguments:Interfaces, declared in the DIRECTORY list. These arguments are supplied by the model (oron the command line for the compiler),Interface instances, declared in the IMPORTS list. These arguments are also supplied by themodel (or in a config file passed to the binder, or implicitly by the loader).¶ 3.3.3 discusses the types of these arguments and how they are declared. In addition, anÿ����������������������������������î·ïf2tô�Gõ��ð4îG?qî
ï_Ûtî*qô�Xî·ï\°tqî*ð&î
ï[,tqî*tô�Gqô�XtqîyïY¨tqî*î
ïX$tqî*ð"î
ïV tqî*tqtqtq�î·ïUî*î·ïQñô�€ðWî­ïO™{qð'{
qî­ïMAô�Ñô�ÒðAî­ïK½ô�€î­ïIe�ô�—ðCô�˜î­ïGáô�€ð2î­ïE‰�ô�Øð8ô�Ùî­ïDô�€î·ï@Úô�¢ðRô�£
î·ï?Vô�€ð2î·ï<+ô�ô�‚ð7t
qî·ï:§ô�¢tqô�£�tqð<î·ï9#tqô�“
tqô�”ð1î·ï7Ÿô�€ð"{�ï7~�ï7Ÿqð<î·ï4tð1î­ï2ô�¥rqrqô�¦ð$î­ï0˜î­ï.@ô�€î­ï+ètqtqtqî­ï)ð1î­ï'8ð"tqî­ï$àtq
ï%&ï$àq
î·ï!µðKî­ï]tqî­ïtqî­ï­tq	î·ï®rô�Xî·ïƒq�ô�€ð5î­ï+
ô�tqð0tî­ï§ô�€ð#q�î­ï
Oô�™�rqtqð/î­ïËô�€�tvtð8q�î·ï	s�ô�ýð#ô�þð5�������	à��������TVk(K��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR SYNTAX AND SEMANTICS, PART 1DRAFT OF JULY 20, 198215implementation may take PROGRAM arguments declared in the drType following PROGRAM orMONITOR. These are ordinary values; they are discussed in ¶ 3.3.2.1.When a module is applied to its arguments, the resulting value isFor an interface module, an interface, also called an interface type.For an implementation module, a binding whose values are instances: one interface instancefor each interface it exports, plus one for the program instance, also called a global frame.This application cannot be written in the program, only in the model; it is described in ¶ 3.3.2.An interface or interface type is a type, as the latter name suggests. This type is a declaration(obtained from the declarations which constitute the module body), with an extended cluster whichincludes all the bindings in the module body that don't use declared names (¶ 3.3.4). A value whosetype is an interface is an interface instance; such values are the results of instantiatingimplementation modules.A program instance or a global frame is a frame, as the latter name suggests, i.e., a binding obtainedfrom the bindings and declarations of the module body, just like any proc frame ( ¶ 3.3.5).Normally the part of the program outside the module does not deal with the instance directly, butonly with the exported interface values.In most cases, there is:Exactly one application of each module, and hence exactly one interface or one instance. Only one module which exports an interface.Only one interface exported by a module. Only one argument of the proper type for each module parameter (¶ 3.3.3), so that it isredundant to write the arguments explicitly. When these conditions hold, there is a close correspondence among the following four objects: an interface module;the interface which it returns (since the arguments need not be written explicitly); the implementation module which exports the interface;its instance (again, since the arguments need not be written explicitly).The distinctions made earlier in this section then seem needless; it is sufficient to simply considerthe interface and implementation modules, and identify them with the files which hold their text. Inmore complicated situations, however, it is necessary to know what is really going on.Need an example3.3.2 Applying modulesA module is not applied to all its arguments at once. Instead, the arguments are supplied in twostages:A module is applied to its interface (DIRECTORY) arguments by compiling it; the result is aBCD (represented by a .bcd file). The bcd is still a proc, with instance parameters. Like anyproc, a module can be applied to different arguments (i.e., different versions of theinterface arguments) to yield different BCDs.A BCD is applied to its instance (IMPORT) arguments by loading (or binding) it; the result isa program instance, together with any interface instances exported by the module. Again,the BCD can be applied to different arguments (i.e., different interface instances) to yielddifferent instances. Indeed, because an instance may include variables, even two applicationsto the same arguments yield different instances.ÿ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2tô�Gõ��ð4îG?qî·ï_Û
ô�Ù	tqô�Útqî·ï^Wtq�ô�€ð<î·ï[,ðAî­ïXÔrqr
q�î­ïV|ô�ð;î­ïTøô�€ð-rqrq�î·ïR ðaî·ïOuô�É�rqr
qð2ô�Êî·ïMñô�Žô�ð<î·ïLmô�†ðMô�‡
î·ïJéô$rq�ô%ð-î·ïIe
ô�€î·ïF:�ô�„�rqô�…rqðBî·ïD¶ô�áð2ô�âð%î·ïC2ô�”ð4ô�•ð%î·ïA®ô�€ð$î·ï>ƒî­ï<+ðYî­ï9Óð+î­ï7{ð)î­ï5#ô�±ô�²ð?î­ï3Ÿô�€ð$î·ï1Gð^î­ï/Ãî­ï.?ðUî­ï,»ð6î­ï+7ðIî·ï)³ô�žô�ŸðPî·ï(/ô�ð&ô�‚ð;î·ï&«ô�€ðRî·ï#9sî·ï:rô�Xî·ïq�ô�¦ô�§ðFî·ï‹î­ï3�ô�‹ô�Œtqð,î­ï¯tqô�˜{q
ô�™�{qð4î­ï+ô�íô�îðCî­ï§ô�€tqî­ïO�ô�…�tqtqð#ô�†î­ïË�ô�©ðPô�ªî­ïGô�­�tqðOô�®î­ïÃô�€ð>ô�î­ï?ô�€ð.ÿ�������h��������TVk(H��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR SYNTAX AND SEMANTICS, PART 1DRAFT OF JULY 20, 198216These two stages are separated for several reasons:All the type-checking of a module can be (and is) done in the first stage, by the compiler.The only type errors possible in the second stage are supplying an unsuitable argument.Compiling is much slower than loading, and a module needs to be recompiled only whenits interface arguments change, not when the interface values change. The latter are changesin the implementations of the interfaces, and are much more common.Other reasons. History.3.3.2.1 Initializing a program instanceA program instance PI may be uninitialized, because no code in the module is executed when theinstance is made. It is the job of the PROGRAM proc PP to initialize PI, perhaps using the PROGRAMarguments if there are any. Until PP has been called, PI is not in a good state. It would be better tosupply the PROGRAM arguments along with the imported instances, and call PP as part of makingPI, so that PI is never accessible in its uninitialized state. But it isn't done that way; hence theprogrammer must ensure that PP is called (using the START construct, ¶ 4.4.1) before any use ismade of PI. Note that PP also contains the initialization code for any variables or non-static valuesin the instance; e.g., if x: INT_3, the value of x will not be 3 until after PP has been called.There is some error detection associated with this kludge. If a proc in the instance is called beforethe instance has been initialized by START, a start trap occurs. At this point, if PP takes noarguments it is called automatically, and the original call then proceeds normally; if PP does takearguments, there is a Runtime.StartFault ERROR.Caution: If the module is a monitor, PP runs without the monitor lock; if another process calls intothe module while PP is running, it will not wait, but will run concurrently with PP. This is unlikelyto be right. It is unwise to rely on a start trap to initialize a monitor module; call PP explicitly.Caution: If a variable in the instance is referenced before the instance has been initialized, no erroris detected, and the uninitialized value will be obtained. PP can still be called to initialize theinstance, and may still be called automatically by a start trap.3.3.3 Parameters to modules: DIRECTORY and IMPORTSThe interface parameters of a module are declared in the DIRECTORY list. An interface I has typeTYPE n, where n is any one of the names given before DEFINITIONS in the header of the interfacemodule that produced I it. The use of these names provides a clumsy check that the properinterface is supplied as an argument. An interface is a type which can only be used:Before a dot (¶ 4.14), to obtain a value from the type's cluster, which simply consists of thebindings in the interface module body (¶ 3.3.4).In an IMPORTS list as the type of an instance parameter to a module. The USING clause in the DIRECTORY, if present, restricts the cluster of the interface to contain onlyitems with the names nu, ... Thus in the example, only ROPE and Compare are in the cluster of Ropein the BufferImpl module. This means that Rope.ROPE and Rope.Compare are legal, but Rope.n for anyother n will be an error. Note that USING affects only the cluster of the parameter; it does not affectthe clusters of any types or the bodies of any INLINE procs obtained from the interface. Thus withinRope, Compare might be bound byCompare: PROC[r1, r2: ROPE]_[BOOL]~INLINE {IF Length[r1~=Length[r2] THEN ...  }A call of Rope.Compare in BufferImpl is perfectly all right, even though Rope.Length would be anerror.����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2tô�Gõ��ð4îG?qî·ï_Ûô�€ð.î­ï]ƒô�“ô�”ðFî­ï[ÿô�€ðTî­ïY§ô�ð0ô�žî­ïX#ô�…ðMô�†î­ïVŸô�€ðAî­ïTGuî­ïTþ
»�îhïTGq�î·ïPHrô�Xî·ïMq�ô�˜{qô�™ð+î·ïK™ô�‚ô�ƒtq{q{qtî·ïJqô�‚ô�ƒ�{q{qð.î·ïH‘ô�žtqð7{q
ô�Ÿî·ïG
{q�ô�¶{qð)ô�·ð-î·ïE‰	ô�³ô�´�{qtqð&î·ïDô�‘{q{qð&ô�’ð'î·ïBô�€{�qtq{�q{qî·ï?Vô�–ðRô�—
î·ï=Òô�Úð"tqr	qô�Û{qî·ï<Nô�¢ðMô�£�{q	î·ï:Ê	ô�€{q�tq�î·ï7Ÿrq�ô�‡{qô�ˆð,î·ï6{qô�‰ð;{qî·ï4—ô�€ðU{qî·ï1lrq�ô�‹ðIô�Œî·ï/èô�Å	ô�Æð/{qð&î·ï.dô�€ð7î·ï*erô�Xvrvî·ï':qô�žð5ô�Ÿ�tq{�qî·ï%¶tqô�œ�{�q{�qð&t
qô�
î·ï$2ô�Õ{�qð8ô�Ö
î·ï"®ô�€î·ïƒð.î­ï+ô�ŒðXî­ï§ô�€ð(î­ïOtqð8î·ï÷ô�Ž�tqtqð*ô�î·ïsô�Ž{�ïæ~�ïsqô��tq{q{î·ï…qô�{	q{q�tq{qô�Ž{qî·ïô�€�{�qô�
tqð>î·ï}ô�ƒð,tqð(ô�„î·ïù{q�ô�€�{qîyï
u{ô�O�tq�{�qô�X�{�qtq�}�q�tqtô�GîÙïñqô�X�{q�{�q{q�{�qtô�Gî·ï
mq�ô�¾{q{	qô�¿{
qî·ïéÿ�������$��������TVk(ì����������������������������������������CEDAR SYNTAX AND SEMANTICS, PART 1DRAFT OF JULY 20, 198217In the example, CIFS, IO, and Rope are interfaces. They are the types of three IMPORTS parametersnamed Files, IO, and Rope (if the IMPORTS clause gives no name for the parameter, the name of theinterface is recycled). An actual argument for an IMPORT parameter must be an interface instance,i.e., a value whose type is an interface type. Such a value is obtained from one or more moduleswhich export the interface (¶ 3.3.5). An instance is a binding; in this binding the value of a namedeclared in the interface is provided by the exporter; the value of a name bound in the interface(such as Compare) is just the value that the interface binds to the name (in this case, the INLINEproc). This rule has two effects:The client can ignore the distinction between names bound and declared in the interface,since both appear in the instance binding and are referenced uniformly with dot notation.This means that the client is not affected, for example, when a proc is moved from anINLINE in the interface to an ordinary definition in an implementation.The client can often ignore the distinction between the interface and the instance, since allthe values in the interface are also in the instance, with the same names. This is themotivation for the shorthand which allows the name of an IMPORT parameter to default tothe name of the interface; the interface is no longer accessible, but Rope.Compare has thesame meaning whether Rope is the interface or the instance.Restriction: An interface module may not import more than one instance of a given interface I. If an implementationmodule P imports more than one instance of I, the principal instance of I is the one with no name in the IMPORTS list(which is therefore named I by default). If P imports only one instance of type I, then that instance is the principalinstance.Restriction: Often an interface module has no IMPORTS, because it only needs access to the static values (type, inlines andconstants) bound in its interface parameters, and does not need values for any names declared there (ordinary procs andinterface variables). If an interface module does have IMPORTS, however, and there is more than one instance of anyimported interface around, then there is a restriction on the argument values. Suppose that Int1 imports Int2, and that aprogram module P imports Int1. Then Int1 may only import one instance of Int2, and if P also imports Int2, the principalinstance of Int2 in P must be the same as the value of Int2 imported by the Int1 imported by P. For example, withDIRECTORY Int2; Int1: DEFINITIONS IMPORTS Int2V: Int2 ...DIRECTORY Int1, Int2; P: PROGRAM IMPORTS Int1V: Int1, Int2V: Int2 ...we must have in P that Int1V.Int2V=Int2.3.3.4 Interface module bodiesThe body of an interface module I is a collection of bindings (e.g., y: INT~7) and declarations (e.g.,x: INT). There are restrictions on what may follow the ~ in one of the bindings11:If it is an expression, it must be static (¶ ???).If it is a block (providing the body of a proc), it must be INLINE.It may not be CODE.The values of the bindings can be accessed directly by dot notation (e.g., I.y, which is equal to 7here). The declarations cannot be accessed directly (I.x is an error). The result of applying an interface module is an interface (¶ 3.3.2), which is a type. This type issimply the declaration obtained by collecting the declarations in the body, with a cluster which isextended to include all the bindings of the body. The bindings may not refer to names introducedin the declaration, except that:Any declared name may be usedin the body of an INLINE, or after a "_" in a defaultTC40 in the fields44 of a transferTC41 which is the type of adecl in the interface's db.A declared type may be used anywhere.The declarations in an interface module are not quite like ordinary declarations. They are of threekinds, depending on whether the type of a declaration is:ÿ����������������������������������������������������������������������������������������������������������������������������������î·ïf2tô�Gõ��ð4îG?qî·ï_Ûô�
{q{q{qð&ô�‘tq
î·ï^Wô�Š�{q{q{qtqð,ô�‹î·ï\Óô�ð)tqô�žî·ï[Oô�¢ðGô�£î·ïYËô�ž�rqð3ô�Ÿð$î·ïXGô�¢ðHô�£î·ïVÃô�­{qðGô�®tî·ïU?qô�€î­ïRçô�¤
ô�¥ðJî­ïQcô�ð,ô�žð(î­ïOßô�ºô�»ð;î­ïN[tqô�€ðAî­ïLô�“ð(ô�”ð2î­ïJô�Óð$ô�Ôð/î­ïHû	ô�•ð/tqî­ïGwô�­ðC{q�{qô�®î­ïEóô�€{qð"î·ïCv
t�ô� ðP~�tô�¡î·ïAÐô�’�~�tð#~�tvt~�tô�“xtî·ï@’ô�£~�t~�tð#~�tô�¤	î·ï?Tî·ï<ov
t�ô�ƒô�„xtðFî·ï;1	ô�ŠðSô�‹î·ï9óô�ªð.xtð%ô�«î·ï8µô�Œô�ð4~t	~tî·ï7wô�€~�t~t~tð!ô��~t	~�t
~tî·ï69ô�€~t~�tð"~t~t
~�tîyï4ûxtô�G�~t~tx
t�xt�~t�~�t~tîyï3½xt�~t~t~�txt�xt�~t�~�t~t~t�~�t~tî·ï2ô�€
~�t~t�~t�~t�~�î·ï.€rô�Xî·ï+Uqô�‰{�qð${�qtqô�Šî·ï)Ñ{�q�ô�€�tqðIï*ï)Ñq�î­ï'yð2î­ï%!ð<tq�î­ï"É
tq�î·ï qô�£ðH{�q�{�qô�¤î·ïíô�€ð/{qî·ïÂô�«ô�¬ð@î·ï>ô�¢ðTô�£î·ïºô�•
ô�–ð0rqî·ï6ô�€î­ïÞî£ïÍtqî£ï¼ô�Œ
ô�	ïï¼q
ïï¼qïï¼qî£ï8ô�€î­ïàð%î·ï	µô�˜ð$ô�™ð<î·ï1ô�€ð3ÿ�������€��������TVk(����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR SYNTAX AND SEMANTICS, PART 1DRAFT OF JULY 20, 198218A transfer type; this is just like a declaration of a transfer parameter to an ordinary proc,except that it is readonly. TYPE or TYPE[e]; this is an opaque type or exported type, discussed in ¶ 3.3.4.1 below. Theexpression e must be static. These types are not allowed in an ordinary declaration.VAR T, or READONLY T for any other type T; this is an interface variable; discussed in ¶3.3.4.2 below. ·T can be written for VAR T, which is not allowed in an ordinary declaration.An interface instance II has the interface type I if for each item n: T in the interface, there is anitem n~v in the instance, and v has type T. This is the same rule which determines that a bindinghas the type of a declaration; e.g., that a proc argument has the domain type. In this respect there isnothing special about an interface.Note that a name can be declared PRIVATE in an interface, even though it must be declared PUBLICin the exporter. This can be useful if the name is used in a type constructor or inline proc in theinterface, but its value should not be accessible to the client.3.3.4.1 Opaque typesAn opaque type declaration in an interface is the only way to declare a type parameter (except forthe interface parameters declared in the DIRECTORY). Not surprisingly, any type has type TYPE; thusany type can be supplied as the argument for an opaque type declared T: TYPE. T is called fullyopaque. A type V has type TYPE[n] if:SIZE[T]=n.V has standard NEW, INIT, ASSIGN, EQUAL and ISTYPE procs. All the assignable primitivetypes do except the RC types (¶ 4.5.1), bound variant types (¶ 4.6.2), and types produced bya defaultTC40.Representation: The standard NEW proc allocates n words. The standard ÿINIT does nothing. The standard ASSIGNcopies n words. The standard EQUAL compares n words bitwise. The standard ISTYPE compares the mark of thevalue with a single mark associated with the type.Only such a type V can be supplied as the argument for an opaque type declared U: TYPE[n]. U iscalled n-opaque.The cluster of a fully opaque type T is empty: it provides no operations. A T value cannot bepassed as a parameter, and there are no VAR T variables. Thus you cannot use T as the type in adeclaration. The only thing to do with T is use it as the range of a reference type such as REF T.The cluster of an n-opaque type U has VAR, NEW, INIT, ASSIGN, EQUAL and ISTYPE procs (the last notyet implemented). Thus these operations can be done on a U value. As a consequence, a U valuecan be passed as a parameter and declared.Restriction: All instances of any interface produced by applying an interface module which declares an opaque type Tmust supply the same type value for T if they supply any value at all; this value is called the standard implementation ofT. Because of this restriction, clients can safely interassign values of type T, no matter how obtained. In addition, it issafe for any exporter of T to convert a value of type T to a value of the argument type, and conversely. The restrictionarises from the fact that the current implementation cannot properly distinguish among the different instances, so that thedifferent values for T can get mixed up. If there is only one value, a mixup cannot compromise type safety. Two type values are the same in this sense only if they come from the same type constructor (presumably in someshared interface module, usually one which is private to the two implementors of T).It is not necessary to import an interface to refer to an opaque type declared in that interface(because of the above restriction).Within an implementation P which exports an opaque type T declared in interface I, D.T and P.T(simply T within P) imply each other. However, they have different clusters, and are not equivalent.You can convert from one to the other using NARROW (¶ 4.3.1).������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2tô�Gõ��ð4îG?qî­ï_Û�ô�Ÿð/ô� ð-î­ï^Wô�€î­ï[ÿtqô�¢tq�{�q
r
qrqô�£î­ïZ{	ô�€�{�qðHî­ïX#tqô�«�{�qtq�{�q{�qrq
ô�¬î­ïVŸô�€{�qtq�{�qð2î·ïStô�Ÿ{q{�q{�q{�qô� î·ïQðô�˜�{�q�{�q{�qô�™	{�qð7î·ïPlô�€ð>ô�ð&î·ïNèô�€î·ïK½ô�ˆtqô�‰ð2tî·ïJ9qô�œðaî·ïHµ	ô�€ð6î·ïD¶rô�Xî·ïA‹qô�’ô�“ðEî·ï@ô�ô�‚tqð'tqî·ï>ƒô�§ð3ô�¨{�qtq{�q
rî·ï<ÿq�ô�€{�q	tq�{�qî­ï:§tq�{�q{�q�î­ï8O{�qô�»
tqyqyq�ô�¼�yqtqð$î­ï6Ëô�‡ð9ô�ˆî­ï5G�ô�€	ï5ï5Gq�î­ï36v
t�ô�
xtô�Ž�~�t�������Ø��������TVk(î5$ï36pqô�Žõ��pî­ï1øqr�qpq	r�qsqô�î­ï0ºô�€ð-î·ï.btô�”u�tô�•ð&u�tqt�u�tu�tî·ï,Þô�€�vt�î·ï)³ô�ºô�»�u�tð(u�tî·ï(/ô�Ÿô� wt�u�tu�tî·ï&«ô�€u�tð4qt�u�t�î·ï#€ô�
ô�‚�u�tu�twtqtwtwtwtqtî·ï!üô�Ÿô� ð#u�tu�tî·ï xô�€ð'î·ï“x
q�ô�Ÿðfô� �r�î·ïUqô�„xqr�qô�…ð,xqî·ïr�q�ô�šðLr�qð&ô�›î·ïÙô�‹r�qr�qð5ô�Œî·ï›ô�ô�‚ðpî·ï]ô�€r�qðVî·ïxô�ªô�«ð\î·ï:ô�€ðKr�qî·ïtô�Áð>ô�Âî·ï‹qô�€t�î·ï`ô�u�tu�tu�tutô�ž�uî·ï	Ütô�†�u�tu�tð>ô�‡î·ïXô�€ð)qt
���Ø��F����TVk(��”Ø������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR SYNTAX AND SEMANTICS, PART 1DRAFT OF JULY 20, 198219Performance: This conversion costs nothing at runtime.3.3.4.2 Interface variablesAn interface variable gives clients of an interface direct access to the variable in a program modulewhich is exported to provide its value This is the only kind of variable parameter in current Cedar.. ·If you use the obsolete shorthand of T for VAR T in an interface variable declaration, you cannotdeclare a transfer type variable as an interface variable, since that already means passing the transfervalue.Caution: the variable which is exported to provide the value for an interface variable is notinitialized until its module is initialized (¶ 3.3.2.1). However, there is nothing to stop it from beingaccessed.Performance: An interface variable can be read and (if not READONLY) set directly, which issignificantly faster that Get and Set procs. Of course, the implementor gives up some control. It isnot quite as fast as access to an ordinary variable, since there is an extra level of indirection whichcosts one or two extra instructions each time. There is also one pointer per interface variable permodule which refers to it.·You can get direct access to all the variables of a module by using a POINTER TO FRAME type (¶4.5.3), but this is not recommended.3.3.5 Implementation module bodiesThe body of an implementation module Imp is simply a block. This block plays two roles. On theone hand, it is an ordinary block, the body of an almost ordinary proc PP called the PROGRAMproc, which has parameters and results like any other. PP is special in one way: it has a PROGRAMtype rather than a PROC type. When PP is applied (using the special construct START; see ¶ 4.4.1),its declarations and bindings are evaluated, its statements are executed, and its results are returnedas with any proc. The only difference is that the values bound to the names introduced in the block(i.e., PP's frame) are retained after the proc returns; in fact, forever (unless Runtime.Unnew is used tofree the frame). Procs local to the block can access these values in the usual way, and values ofexported names can also be accessed through interfaces, as explained below.As with any proc (¶ 3.5.1), PP's frame includes the parameters and results from Imp's drType as wellas the names introduced in the block's db. It also includes an additional nameImp: PROGRAM T~PPwhere Imp is the name of the module, T is its drType, and PP is the proc described above.The body of Imp has a second role: to supply values for the names declared in the interfacesexported by Imp. For each interface Ex which Imp exports, an interface value ExI of type Ex isconstructed. Each name n in ExI acquires a value as follows:If n: T is in Ex and n~x in the body of Imp, then n~x in ExI. This is a slightly peculiarkind of binding, and like ordinary binding, x must be coerceable to T  (¶ 4.13). Also, n musthave PUBLIC access (¶ 3.3.6) in the body.If n is declared in Ex and not bound in the body of Imp, then n~UNBOUND in ExI.UNBOUND is a special value with the following properties:For a proc P, it causes a Runtime.UnboundProcedure signal on any aplication of P.For a variable v, it causes a Runtime.PointerFault error on any reference to v.For a type T, it causes an error on any application of T.ISTYPE (including NARROWand WITH ... SELECT). Other uses of T are perfectly all right.������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð4îG?tî·ï_Ûv
t�ô�€ð*î·ï[Üvô�Xî·ïX±tô�ð\ô�î·ïW-ô�€ðaî·ïTô�ð#u�twt�u�tð&ô�ž
î·ïR~ô�ô�‚ð_î·ïPúî·ïMÏvt�ô�ßð4ô�àð!î·ïLK
ô�™ðOô�š
î·ïJÇî·ïGœv
t�ô�Üð/qtô�Ýî·ïFô�Ÿututð(ô� î·ïD”ô�’ð^ô�“î·ïCô�¥
ô�¦ðSî·ïAŒô�€î·ï>aô�žð.ô�Ÿqt�qt�qtî·ï<Ýô�€î·ï8Þvô�Xî·ï5³tô�˜ô�™utð6î·ï4/ô�±ð>ô�²utqî·ï2«tô�’ð2utô�“qî·ï1'tô�šqtutô�›qtî·ï/£ô�˜ðZô�™î·ï.ô�ƒð+ô�„ð6î·ï,›ô�†�utð=ô�‡ut
î·ï+ô�®ðDô�¯î·ï)“ô�€ðCî·ï&hô�ƒutð2utî·ï$äô�€ðLîyï#`ut�ô�X�qt�u�t�uî·ï!Ütô�€�utu�tutî·ï±ô�Æutð,ô�Çð!î·ï-ô�³ut	ô�´
ututututî·ï©ô�€
u�tutî­ïQô�¢�u�tu�tutu�t�u�tô�£utu�t�u�tutî­ïÍô�€ð(u�tutô�
u�tî­ïIô�€�qtî­ïñô�Ú�u�tutut�ô�Ûu�t�wtut�î­ïmwtô�€ð2î£ï\
u�t
utu�t�î£ïKu�t
utu�t�î£ï:ô�ô�Ž�u�tð+u�t�qtqî£ï
¶tô�€�qtqtu�t�������
B��������TVk(Ç������������������������������������������������������������������������������������������������������������������CEDAR SYNTAX AND SEMANTICS, PART 1DRAFT OF JULY 20, 198220If n~x in Ex, then n~x in ExI. Thus any names bound in the interface are bound the sameway in any interface value.Caution: A name can be exported to several interfaces without any warning, if it has a suitable type.This is unlikely to be what is wanted.The result of instantiating Imp is a binding B with:One item for each exported interface Ex, namely Ex: Ex~ExI, where ExI is the interfacevalue constructed above. Here Ex is the name nd given to the interface in the DIRECTORY.One item for Imp itself, namely Imp: POINTER TO Imp~programInstance, whereprogramInstance is the program instance, i.e., the frame of the module's body.  This binding is accessible in a model, where it can be used to get access to the interface and frameinstances.  What is the current story on executable NEW? prog from DIR: gets file name & loads.Or, copy from imported prog or PTF.Where do we put impl in DIR?3.3.6 PUBLIC, PRIVATE  and SHARESCedar has a rather complicated mechanism for controlling access to names. Most uses of it are nowconsidered to be obsolete, with the following exceptions:Names to be exported must be declared PUBLIC.Names included in an interface for use in inline procs etc., but not intended for use byclients, should be declared PRIVATE.Acess to a name is declared by writing PUBLIC or PRIVATE right after the colon in a declaration of aname:x: PUBLIC TIn the Cedar syntax these colons occur in the declarations11 and bindings13 in bodies9, fields44, 47,and interface modules2, and in the tag50 of a unionTC. You can set a default access for all thenames in a module2, 3 or record46 by writing PUBLIC or PRIVATE just before the { or RECORD; this isoverridden by accesses inside. By default, an interface is PUBLIC and an implementation is PRIVATE. A PRIVATE name defined in module M can only be referenced:from within M;from a module which SHARES M; avoid this feature unless you export M.This does not mean that the name is invisible if, e.g., M is OPENed, but that it is an error to use it.Thus inx: INT; {OPEN M; fŸ[x]}if x is bound in M (and not suppressed by a USING clause), the call of f is equivalent to fŸ[M.x]regardless of whether x is PUBLIC or PRIVATE. It is illegal if x is PRIVATE, but it never refers to thex declared by the x: INT. Furthermore, if a record has any PRIVATE components, a constructor or extractor for the record islegal only in a module where use of the PRIVATE names is legal.ÿ����������������������������������������������������������������������������������î·ïf2qô�Gõ��ð4îG?tî­ï_Ûô�ˆ�u�t�u�tutu�t�u�tutð'ô�‰î­ï^Wô�€î·ï[,vtðFô�î·ïY¨ô�€ð"î·ïV}ut
u�tî­ïT%ô�©ð!ô�ª�ututut�ututî­ïR¡ô�€utu�ïRr�ïR¡tqt�î­ïPIôl	utut�ôm�qt�qt�ut�utî­ïNÅutô�€ðAî·ïLmô�ðZô�Žî·ïJé	ô�€î·ïGwyô�–ð$vy�ô�—
vyî·ïE¬ô�€î·ïB:î·ï>;vô�X�xvxvxî·ï;tô�Šô�‹ðCî·ï9Œ	ô�€ð/î­ï74ð&qt�î­ï4Üô�°ð!ô�±ð2î­ï3Xô�€qt�î·ï0-ô�„ð"qtqtð'ô�…î·ï.©îyï-%u�t�ô�X�qô�G�u�î·ï+¡tô�¤ð$ô�¥ï+çzï+¡tï+çzï+¡t	ï+çz�ï+¡tï+çzï+¡t�î·ï*ô�¶ï*cz�ï*tï*czï*tô�·ð!î·ï(™ô�€ï(ßzï(™t	ï(ßzï(™tqtqtô�qtî·ï'	ô�€ð1qtqtî·ï#êqtu�tî­ï!’u�t�î­ï:qt�u�tð'u�t�î·ïâô�vtð+u�tô�Ž�qtð&î·ï^ô�€îyïÚu�t�ô�X�qtqt�u�tu�tu�tî·ïVô�¯�u�tu�tqtu�tô�°�u�tut�î·ïÒ	ô�u�tqtqtu�tqtô�î·ïNu�tô�€u�tqtî·ï#ô�›ô�œqtð9î·ïŸô�€ð#qt�������	°��������TVk(¼����������������������������������������������������������������������������������������������������������������������������������������CEDAR SYNTAX AND SEMANTICS, PART 1DRAFT OF JULY 20, 1982213.4 Blocks, OPEN and ENABLE 4 block ::= attributes { ?open ?enable bodyopen LET n((, ... : EXCEPTION~NEWLABEL[] , ...?(EXITS (n, !..=>s); ...) }  IN ( body enable ) BUT { (n((, ... => s ); ... } In 3, 13, 15.-- n(( is not visible in s. 5 attributes ::= ( CHECKED | UNCHECKED | TRUSTED ) ... 6 open ::= OPEN ( n ~~ e | · e ), ... ;( LET n~lopen IN e.DEREF |   --The final IN is a separator.In 2, 4, 17. ·The ~~ may be written as :.  LET BINDN[D(e.DEREF).NAMES,      OPENPROCS[D(e.DEREF).NAMES, l IN e.DEREF] ] ) IN ...  7 enable ::= ENABLE (eChoice | {eChoice; ...});BUT ( { eChoice } | { eChoice; ... } )In 4, 17. 8 eChoice ::=(e | ANY), !.. => s(e | ANY), ... => { s; REJECT }In 7, 26. 9 body  ::= ?( db; ... ;) s; ...LET NEWFRAME[ [db, ...] ].UNCONS IN { s; ...} In 4, 17.10 db ::= d | bIn 2, 9.CHECKED { -- Unnamed OPEN OK for exportedOPEN Buffer, Rope; -- interface or one with a USING clause.ENABLE  Buffer.Overflow=>GOTO HandleOvfl;-- A single choice needn't be in {}.stream: IO.Stream~IO.CreateFileStream["B"];-- Use a binding if a name's value is fixed.x: INT_7; -- Better to initialize declared names.{OPEN b~~GetBuffer[stream];-- A statement may be a nested block.  ENABLE  {-- Multiple enable choices must be in {}.CIFS.Error[--error, file--]=>{-- ERRORs can have parameters.stream.Put[IO.rope[error]]; ERROR Buffer.Error["Help"] };-- Choices are separated by semicolons.ANY=>{ x_12; GOTO AfterQuit } };-- ANY must be last. ENABLE ends with ;.y: INT_9; ... };-- Other bindings, decls and statements.x_stream.GetInt; ...-- Other statements in the outer block.EXITS-- Multiple EXIT choices are not in {}.AfterQuit=>{...};-- AfterQuit, HandleOvfl declared here, HandleOvfl=>{...} };-- legal only in a GOTO in the block.The main function of a block is to establish a new scope (¶ 2.3.4) and to allow for the allocation ofvariables declared in the block, as in Algol or Pascal. A Cedar block has four other features:attributes5: CHECKED, UNCHECKED and TRUSTED are treated in ¶ 3.4.4 on safety.open6: a combination of sugar for LET and call by name; see ¶ 3.4.2.enable7: catches signal and error exceptions in the body; see ¶ 3.4.3.1.EXITS: catches GOTO exceptions in the body or enable; see ¶ 3.4.3.2.Note that the braces around a block may be replaced by BEGIN and END (¶ 3.2).3.4.1 Scope of names and initializationThe names introduced in the block body's db (i.e., appearing before a : or ~) are known in thebody with the values supplied by the db, except in inner scopes where they are reintroduced; theyare not known elsewhere in the block. The frame of the block is a binding with a value for eachsuch name.Actually, the frame is a value of an opaque type which has a coercion (called UNCONS) to this binding. As the desugaringfor body indicates, the frame is constructed (by NEWFRAME), and then a LET makes the names in the binding known inthe statements of the body.ÿ������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð4îG?tî·ï_Û{ô�X|{|î·ï\°zô�>{tô�X�{t
{�t{�t
î*{î*ï\xþË�î,Óï\°t�wt�{�}t{twt�wt{î
ï[,qt�{�t{�t{tî*wt��î,+ïZôþ�y�î,¤ï[,�{î,üïZôþÀ�î/¼ï[,t�{î0ïZôþÈ�î3Üï[,t��î44ïZôþ�y�î4­ï[,�wt{}t{t{�t�{�t{tî
ïY¨qô�G
î*tô�X}t{�t�î·ïX$zô�>{	ô�Xt�{�t�qt�{�t�qt�{�t�î
ïV qô�G�{�q�{î·ïUzô�>{ô�Xqt�{�t{�t{�t{tî*{�t�wt�{�t�~�ïTrïUt�wqô�G�{�t�wtô�X�{�twtî
ïS.qô�Gð'î*w�tô�X�wt�wt�}�t�î2ïRöþ�y�î2“ïS.{�t�wt�î7?ïRöþ�y�î7¸ïS.�wtqô�G�î*ïQª�tô�X�qô�G�tô�X�wt�}�{t�w{�t�wt~�t�wt�{�t�wq�ô�G{�tô�X�wqô�G�{q�î·ïP&zô�>{ô�Xt�qt�{�t{�t
{t�{�t�î*wt�{�t{î.yïOîþ»�î34ïP&t{�t{î6LïOîþ»�î;ïP&t{t{�î
ïNèqô�Gî·ïMdzô�>{ô�Xt{�t�q{�t	î*{t�{�t�q{�t{t{�tqtî
ïL&qô�Gî·ïJ¢zô�>{ô�Xt�{t{t{�t{î*wt�wt{t{twt�wt{�t{tî
ïIdqô�Gî·ïGàzô�>�{ô�Xt{�tî
ïF¢qô�Gî·ïCwtô�Xî*
qtî
ïAóqtî*qtî
ï@oqtqtî*ð$î
ï>ëð+î*ð,î
ï=gqtî*ð'îyï;ã�qtî*ð%îyï:_qtî*ð)îÙï8Ûî*qtî:ï7Wî:ï5Óqtî*ð'îÙï4Oqt	qtî*qtqtîyï2Ëqt{tî*ð(î
ï1G{î*tð'î
ï/Ãqî*tqtvtîyï.?{tî*utu	tîyï,»{tî*qt
î·ï)ô�Œô�ðFî·ï(ô�€ðUî­ï%´	ï%úz�ï%´tqtqtqtð"î­ï#\ï#¢z�ï#\twtî­ï!ï!Jz�ï!tðAî­ï¬qt	qtð1î·ïð7qtqtî·ï‚vô�Xð"î·ïWtô�©ðDô�ªî·ïÓô�“ðAô�”î·ïOô�¡ð'vtô�¢î·ïËô�€î·ïæqô�‚ðEpq�ô�ƒð#î·ï¨ô�–ð.pq
pqð%ô�—î·ï
jô�€ÿ�������~��������TVk(Ü������������������������������������������������������������������������CEDAR SYNTAX AND SEMANTICS, PART 1DRAFT OF JULY 20, 198222Anomaly: A name introduced by a binding, n: T~e, has the value of e throughout the body if e isstatic. If e is not static, it is evaluated after all preceding db's, but before any following ones. Thismeans that n is trash in all the db's before its binding. Symmetrically, if e refers to a nameintroduced in a following decl or non-static binding, it will get a trash value. Compiling with the ???switch will cause a warning in this case. Note that only attempts to obtain the value of n yield trash;n may appear anywhere in a l-expression, and all will be well as long as the l-expression is notapplied before n's binding is evaluated.A name introduced by a declaration, n: T, is bound to a new VAR T. The variable bound to n isallocated, and its INIT proc executed (to set a REF or transfer value to NIL) before anything in theblock is executed (this is done by the NEWFRAME proc in the desugaring). Anomaly: However, any initialization specified by a defaultTC40 in T is done at the same time thata non-static binding would be evaluated. As with a binding, n is trash before this time.Furthermore, any (unwise) assignment to n before this time will be overriden by the defaultTC.The expression in a binding or defaultTC should be functional, or at least it should have onlybenign side-effects. There is no enforcement of this recommendation, unfortunately. In currentCedar such an expression is evaluated exactly once, at the time described above. This may changein the future, however.The variables created by a declaration are deallocated when execution of the block is complete,unless the block's frame is retained. Currently only an implementation's block3 has its frameretained. There are two ways to hang on to a variable v after execution of the block is complete:Obtain a pointer to v with @; this pointer value can survive the block.Obtain a proc value for a local procedure which refers to v; this proc value can survive theblock.In the checked language both these dangling references are impossible: the @ operator, beingunsafe, is forbidding, and ASSIGN for proc values gives an error unless the proc is local to aprogram instance (which has a retained frame). An unchecked program can get into trouble,however.Performance: There is no overhead associated with block entry or exit, even if the block has anopen, enable or EXITS. The only cost is for initializing its names. It is good style to use blocks freelyto limit the scope of names.3.4.2 OPENThere are two forms of open. The first, n~~e, binds the name n to lopen IN e.DEREF. This is just likel IN e.DEREF, except that there is a coercion from n to n[]. In other words, every time n appears, itsvalue is obtained by evaluating e.DEREF. The effect is exactly like call by name in Algol; the ~~ isto remind you that this is not ordinary value binding. The value of e.DEREF is e if the cluster of Dedoes not have a DEREFERENCE proc, or e^.DEREF if it does.  In other words, a reference value isdereferenced, repeatedly if necessary, to obtain a non-reference value. In an open, e.DEREF must bea record, interface or instance.The scope of an open is all the rest of the block, including any enable and any EXITS. A singleopen may have several bindings. These are applied sequentially, so that the names bound by earlierones are known to the later ones as well as to the rest of the block.The second, nameless, form of open gives an expression without binding it to a name: { OPEN e;...}; e must evaluate to a binding b:A record value has a corresponding binding (returned by UNCONS in the desugaring) whichhas the names of the record fields are bound to the field values (or variables, for a VARrecord). ÿ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð4îG?tî·ï_Ûvt�ô�–ð!u�tu�t�u�tô�—	u�tu�tî·ï^Wô�˜u�tð%ô�™ð8î·ï\Óô�Ôu�tô�Õð4u�tî·ï[O	ô�ô�‚ðFî·ïYËô�€ðIô�	u�tî·ïXGu�tô�£ô�¤~�tð1~�tî·ïVÃô�€u�tî·ïS˜�ô�¥ð"ô�¦�u�tu�twt�u�tu�tî·ïR	ô�žwtqtqtî·ïPô�€ð"wtî·ïMevt�ô�‘ð&ô�’ïM«zïMetu�tî·ïKá�ôð;u�tôî·ïJ]ô�€u�tð5î·ïG2ô�¿ðVô�Àî·ïE®ô�Ñô�ÒðAî·ïD*ô�šô�›ð;î·ïB¦ô�€î·ï?{ô�ºðOô�»î·ï=÷ô�äô�å	vtð*ï>=z�ï=÷t
î·ï<sô�€ð-u�tð*î­ï:u�tð2î­ï7Ãô�Œð3ô��u�tð!î­ï6?î·ï3çô�Õð!vtð&î·ï2cô�Òwtô�Óð9î·ï0ßô�âð'ô�ãð+î·ï/[î·ï,0v
t�ô�²ð4ô�³î·ï*¬ô�ƒ
qtð4ô�„î·ï)(ô�€î·ï%)vô�X�xî·ï!þtô�ƒð#u�tu�tu�t~�ï!qrï!þt�wt�u�t�wtî·ï ~�tô�‹�wt�u�t�wtð'u�tu�tô�Œu�tî·ïŒô�u�t�wt�ô�ð<î·ïô�‰ðBu�t�wtô�Šu�t}�u�î·ï„tô�«
�w
t	u�twtð2î·ï�ô�ô�ð+u�t�wtî·ï|�ô�€î·ïQô�­ô�®ðDqt	î·ïÍô�ˆð;ô�‰ð#î·ïIô�€ðAî·ïô�¡ðFô�¢
qt�u�t�î·ï
šô�€u�t�î­ïB�ô�ð7wtô�Žî­ï	¾ô�­ðSwî­ï:tô�€�ÿ�������–��������TVk(ë������������������������������������������CEDAR SYNTAX AND SEMANTICS, PART 1DRAFT OF JULY 20, 198223An interface or instance value is a binding (¶ 3.4.2). The nameless open converts b into another binding bp in which each value is a lopen proc, andintroduces bp's names in the block with a LET. Thus in the programR: RECORD [a: INT_3, b: REAL_3.4]; r: R; { OPEN r; ...}the names a and b are known in the body of the block, and have exactly the same meaning as r.aand r.b.Style: Good style demands that a nameless open be used with discretion, with the smallestpracticable scope, and only if the value being opened is very familiar, or heavily used, or both.Nameless open can cause great confusion, since it is not obvious from the text of the programwhere to find the bindings for the names it makes known. 3.4.3 ENABLE and EXITSThe ENABLE and EXITS constructs are two forms of sugar for exception handling (¶ 2.2.4). ENABLEcatches signals and errors raised in the body (but not the open, enable, or exits; EXITS catchesGOTOs in the body or enable (but not the open or exits). Both are in the scope of the open, if any.Neither is in the scope of any names introduced in the body.3.4.3.1 ENABLEAn enable has a chance to catch any signal or error raised in the block (and not caught at a deeperlevel). A nearly identical construct can appear in an application26; the following explanation coversboth cases. Each enable choice (eChoice8) has a list of expressions with exception values, ·or ANY, before the=>. If ANY appears, it must be in the last eChoice. If the exception is equal to one of these values,or if ANY appears, the statement after the => is executed. Control leaves this statement in one ofthe following ways:A REJECT statement causes the exception to be the value of the block; it will then bepropagated within the enclosing block, or if the block is a proc body it will be propagatedto the application.A GOTO statement sends control to the matching choice in the EXITS. There are threespecial cases:A RETURN is not allowed in an eChoice.A CONTINUE statement ends execution of the current statement (in this case theblock); execution continues with the next statement following. If the block is a procbody, the effect is the same as RETURN. You cannot write CONTINUE in a body'sdb.·A RETRY statement begins execution of the current statement (in this case theblock) over again at the beginning. You cannot write RETRY in a body's db.The semantics of CONTINUE and RETRY follow from the desugaring of statement14.A RESUME statement (signals only) is discussed below.·If the statement finishes normally, a REJECT statement is then executed.If a single expression with value v appears before the =>, then within the eChoice statement thenames in v.DOMAIN are declared and initialized to the arguments of the exception. With multipleexpressions, or ANY, the arguments are inaccessible. ·The use of ANY is not recommended.����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð4îG?tî­ï_Ûô�€ð5î·ï]ƒô�¶u�tutô�·~�ï\örï]ƒt	î·ï[•	ô�€�utwtîyïZu�t�ô�X�qô�G�t�u�t�ô�X�qtu�tqtu�tu�tîyïXqt�u�tî·ïW	ô�˜u�tu�tô�™ð=uî·ïU…tô�€�ut�î·ïRZvt�ô�íô�îð9î·ïPÖ
ô�¶ð-ô�·ð)î·ïORô�½ð0ô�¾ð%î·ïMÎô�€ð4î·ïIÏvô�X�xvxî·ïF¤tô�œ�qtqtð&ô�qî·ïE tô�¿ô�Àð2qtî·ïCœqt�ô�‹ðPô�Œ
î·ïBô�€ð5î·ï>vô�X�xî·ï:îtô�ˆô�‰ðJî·ï9jô�–ð:ï9°zï9jtô�—î·ï7æô�€î·ï4»ô�¡ï5z�ï4»tð2ô�¢qtî·ï37ô�ˆqtðFô�‰î·ï1³ô�›qtð!ô�œð8î·ï0/ô�€î­ï-×�ô�Å�qtð2ô�Æî­ï,S	ô�”ðFô�•
î­ï*Ïô�€î­ï(w�ô�Í�qtð6ô�Î�qtî­ï&óô�€î£ï$âqtî£ï"Ñ�ô�·�qtô�¸ð$î£ï!Mô�ƒðIô�„î£ïÉô�¥ô�¦qtqtî£ïEî£ï4ô�È�qt	ô�Éð<î£ï°ô�€ð/qtî£ïåqsqsqð(ï+sïåq�î­ïtqtð-î­ï5ð'qtî·ï
ô�¤u�tô�¥ð!î·ï†ô�°u�t�wtô�±ð1î·ïô�€qtð.qtÿ�������J��������TVk(¥��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR SYNTAX AND SEMANTICS, PART 1DRAFT OF JULY 20, 198224FinalizationYou are supposed to think of an ERROR as an unusual value ev which can be returned from anyapplication; this value immediately stops the evaluation of the containing application, whichlikewise returns ev as its value. This propagation is stopped only by an enable choice which catchesthe ERROR. As each application is stopped, it is finalized. Aside from invisible housekeeping,finalization confusingly consists of executing the statement in an eChoice which catches the ERRORUNWIND. The programmer can write any cleanup actions he likes in this statement. If thefinalization raises another ERROR which it does not catch, it will itself be stopped, with veryconfusing consequences. It isn't very useful to know exactly what happens then: avoid this situation. Caution: In fact, things are a bit more complicated. When a signal or error is propagated, theeChoice statement is called as a proc from the SIGNAL or ERROR which raises the exception. Whencontrol leaves the statement by a GOTO (or CONTINUE,  RETRY or LOOP), the finalization is done.This means that the eChoice statement is executed before any finalization. This is useful for signals,which often resume. In some cases, however, notably if finalization would release monitor locks, thiscan cause trouble. Avoid the problem by exiting from the enable immediately with a GOTO.Caution: An eChoice can raise a second exception ex2 and fail to catch it. This will probably resultin confusion, and should be avoided. If it happens, ex2 is propagated just like the first exceptionex1; all the eChoices which saw  ex1 will see ex2. This is because the eChoice statement for ex1 wascalled as a proc. Unless ex2 is a signal which is resumed, the eChoice which caught ex1 will befinalized and abandoned.Caution: ANY unfortunately catches UNWIND, and hence its statement will be taken as thefinalization. It is better not to use ANY. Also, it is possible to raise UNWIND explicitly; don't.SignalsIncomplete3.4.3.2 EXITSAn EXITS construct (confusingly called REPEAT in a loop) declares one or more exceptions which arelocal to its block, and also catches them. The syntax is just like an enable. However, names calledlabels appear before the => rather than expressions, and the EXITS introduces these names in ascope which includes the block body and any enable, but not an open and not the statements in theEXITS itself. A label may only be used in a GOTO statement.Anomaly: Actually labels have their own name space, disjoint from the other names known in theblock. Hence it is possible to declare a label n and still to refer to another n in the block. Avoid thisfeature.Like the raising of any exception, a GOTO n stops execution of the current statement. The statementassociated with n is executed. If it finishes normally, execution continues after the block in which nwas declared. If it raises an exception, that exception becomes the value of the block.3.4.4 SafetyA SAFE proc has the property that if the safety invariants hold before it is called, they also holdafterwards. Roughly, these invariants ensure that the value of every expression has the syntactic typeof the expression, and that addresses refer only to storage of the proper type (¶ 4.5.1). An unsafeproc may lack this property. Hence a safe proc type implies the corresponding unsafe one.We want to have confidence that the safety invariants hold. To this end, we want to have:ÿ����������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð4îG?tî·ï_Ûvî·ï\°tô�¤qtô�¥�utî·ï[,ô�øð/ô�ùð"î·ïY¨ô�ŽutðQî·ïX$ô�ß�qtô�àvtð$î·ïV ô�”ð&ô�•ð+qî·ïUt�ô�úð%ô�ûð+î·ïS˜ô�Ùqtð(ô�Úî·ïRô�€ð]î·ïNévt�ô�Äð:ô�Åî·ïMeô�ð(qtô��qtð!î·ïKáô�¢qtqtqtô�£qtî·ïJ]ô�‹ô�Œð(vtð.î·ïHÙô�€ðTô�î·ïGUô�€ðPqt�î·ïD*vt�ô�Œô�
utð1î·ïB¦ô�¦ð2utô�§î·ïA"utô�„ô�…ut
utð-utî·ï?žô�°ut�ô�±ð8utî·ï>ô�€î·ï:ïvt�ô�ÿ�qtqtð.î·ï9kô�€qtqtî·ï5lvî·ï1úy	î·ï-ûvô�X�xî·ï*Ðtô��qtqtð5î·ï)Lô�šô�›ðGî·ï'Èvtô�µð7qtô�¶î·ï&Dô�ô�‚ðVî·ï$Àqtô�€ð'qt
î·ï!•vt�ô�›ð$ô�œð2î·ï ô�ð)u�tô�‚u�tî·ïî·ïbô�†ô�‡�qt�u�tð8î·ïÞ	ô�ô�Ž�u�tðTu�î·ïZtô�€ðTî·ï[vô�Xî·ï0t�ô�¨�qtð"ô�©ð;î·ï¬
ô�€ð!ô�ð:î·ï(ô�¤ð1ô�¥ð0î·ï¤ô�€ðUî·ï	yðYÿ�������
’��������TVk(’����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR SYNTAX AND SEMANTICS, PART 1DRAFT OF JULY 20, 198225as few unsafe procs as possible;a mechanical guarantee that a proc is safe, if possible.Clearly, a proc whose body calls only safe procs will be safe. Applying this observation, Cedar provides three attributes which can be applied to a block:CHECKED: the compiler allows only safe procs to be applied; hence the block isautomatically safe, and any proc with the block as its body is safe.UNCHECKED: there are no restrictions on the block, and it is unsafe.TRUSTED: there are no restrictions on the block, but the programmer guarantees that itpreserves the safety invariants; the compiler assumes that the block is safe. This is arestricted form of LOOPHOLE.These attributes are defaulted as follows. A block is checked if its enclosing block is checked; otherwise it is unchecked.If CEDAR appears in the module header, the outermost block is checked, and a transfer typeconstructor anywhere in the module defaults the SAFE option to TRUE. Hence the resultingtype will be safe, and its initialization must be safe or there is a type error.Otherwise, the outermost block is unchecked, and a transfer type constructor anywhere inthe module defaults the SAFE option to FALSE. Hence the resulting type will be unsafe, andthere is no safety restriction on its initialization.Of course you can override these defaults by writing CHECKED, UNCHECKED or TRUSTED on anyblock, and SAFE or UNSAFE on any transferTC. The defaults are provided to make it convenient to:write new programs in the safe language;continue to use old, unsafe programs without massive editing. An unsafe proc value cannot be bound to a name declared with a safe type. This applies to enablechoices and signals as well as to procs. In both cases, the body must be checked or trusted if thetype is safe. ERRORs (including UNWIND) are treated differently, however, because of the view thatan ERROR is a value returned from an application, unlike a signal which calls the eChoiceexpression. Hence the eChoice for an ERROR is treated just like any statement in its enclosing block,and is not considered to be bound to a proc when the ERROR is raised.The following primitive procs are unsafe:@, DESCRIPTOR and BASE.^ or FREE applied to a pointer, and all pointer arithmetic.withSelect34.APPLY for process and port types (JOIN and port calls).LOOPHOLE which produces a RC value (¶ 4.5.1).APPLY of a sequence or sequence-containing record.The fields of an OVERLAID union.ASSIGN of:An unspecified type to anything other than the same unspecified type (¶ 4.9).A union or variant record.A proc, if the value being assigned is local to another proc, rather than to animplementation. Such a proc value also cannot be passed as an argument to FORK. ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð4îG?tî­ï_Ûô�€î­ï]ƒð8î·ï[+ð>î·ïX�ð\î­ïU¨qt�ôð9ôî­ïT$ô�€ð7î­ïQÌqtð;î­ïOtqt�ô�¿	ô�ÀðDî­ïMðô�Ýô�Þð3î­ïLl	ô�€qt�î·ïIAð+î­ïFéðPî­ïD‘ô��qtðRî­ïC
ô�’ð$ô�“�qt
qtî­ïA‰ô�€ðLî­ï?1	ô�¢ð6ô�£î­ï=­ô�ˆqt
qt
ô�‰ð#î­ï<)ô�€ð0î·ï9Ñô�©ð3qtqtqtô�ªî·ï8Mô�€qtqtðGî­ï5õð(î­ï3ð>î·ï0rô�ð5ô�ð)î·ï.îô� ðLô�¡î·ï-jô�•	qtqt�ô�–ð;î·ï+æô�î�qtð@vtî·ï*b
ô�qtô�‚ð+î·ï(Þô�€ð2qt
î·ï%³ð)î­ï#[q	tqt�î­ï!qtð2î­ï«	ïñzï«t�î­ïSwtqtî­ïûqtð%î­ï£wtð-î­ïKqtî­ïówtî£ïâðMî£ïÑî£ïÀ�ô�ÊðKô�Ëî£ï<ô�€ð;qt�������
Æ��������TVk(8���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� CEDAR DESUGARING TEXT, PART 2JULY 18, 1982263.5 Declaration and binding11 declaration::= n, ... : ?access varTC39( n: varTC ), ...In 10, 44. READONLY only for interface variable.12 access ::= PUBLIC | PRIVATEIn 2, 3, 11, 13, 46, 47, 50.13 binding ::= n1 ?( , n2, ...) : ?access (( -- The desugaring for n2 is at the end.t ~ e |n1: t~e  |TYPE ~ t2 | n1 : TYPE ~ t2  -- Same as e except for conflicting syntax. |t ~ CODE |n1 : t ~ NEWEXCEPTIONCODE[]  --tgSIGNAL or ERROR | t ~ (ENTRY | INTERNAL | INLINE)... block4 | n1 : t~l [d(: t.DOMAIN] IN LET rb(~NEWFRAME[t.RANGE] IN     (LET rb( IN {t.DOMAIN~d(; block; RETURN} BUT {RETURN(=>rb(}) |¹¸t ~ MACHINE CODE { (e, ...); ... }n1 : t~MACHINECODE[(BYTESTOINSTRUCTION[e, ...]), ...])) ?( , (n2: t~n1), ... ) -- e is evaluated only once.Block or MACHINE CODE only for proc types. In 10. ·The ~ may be written as =. ·ENTRY and INTERNAL may be written before t.HistValue: TYPE;-- An exported type in an interface.Histogram: TYPE~REF HistValue;-- A type binding.baseHist: READONLY Histogram;-- An exported variable in an interface.AddHists: PROC[x, y: Histogram] -- An exported proc in an interface.RETURNS [Histogram];LabelValue: PRIVATE TYPE~RECORD[-- PRIVATE only for private stuff in an int.   first,last:INT,s:ROPE,x:REAL,f,g:INT,r:REF INT];Label: TYPE~REF LabelValue;Duration: PROC[l:Label] RETURNS[INT]~-- An inline proc binding in an interface.INLINE { RETURN [l.lastl.first] };-- Decls in an implementation of this interface.H: TYPE~Histogram11; Size: INT~10;-- A TYPE and an INT binding.HistValue: PUBLIC TYPE~ARRAY [0..Size]OF INT;-- PUBLIC only for exported names.baseHist: PUBLIC H_NEW[HistValue_ALL[17]];-- An exported variable with initialization.x, y: HistValue_[ 20, 18, 16, 14, 12, 10, 8, 6, 4, 2, 0];Setup: PROC[bh: Handle4, a: INT, b: LIST OF H]~ENTRY {...};-- An entry proc.FatalError: ERROR[reason: ROPE]~CODE;-- Binds an error.i,j,k: INT_0; p,q: BOOL; lb: Label; main: Handle;Declarations are explained in ¶ 2.3.7. Their peculiarities in the different contexts where they canappear are explained elsewhere:interfaces in ¶ 3.3.4;blocks in ¶ 3.4.1;fields in:domains and ranges in ¶ 4.4;records in ¶ 4.6.1;unions in ¶ 4.6.3.Bindings are explained in ¶ 2.2.5. There are several special forms of binding given in rule 13,however, which are defined here. See also ¶ 3.7 on argument bindings.A TYPE binding is the only way in which a type value can be bound to a name, since typescannot be passed as parameters. Unlike other bindings, this one expects a type36 rather thanan expression19 after the ~.ÿ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?tî·ï_Û{ô�Xî·ï\°zô�>�{�q	{tô�X{t{�tï\özî*ï\°{�t�{�t{t�{�t{î
ï[rqô�Gð.î·ïYîzô�>�{ô�Xt�qt�{�t�qî
ïX°ô�Gî·ïW,zô�>�{�q{ô�XtïVŸz�ïW,t�{tïVŸz�ïW,t{t{�t{�î*{�tïVŸz�ïW,tî
ïU>{�î*{�ïT±z�ïU>t{�t�{�t{�î
ïSPqtïRÃz�ïSPt�{�t�î*{�ïRÃz�ïSPtqt{�î1
ïSþ�y�î1†ïRÃz�ïSPt{�t{�î
ïQbtqt�{�î*{�ïPÕz�ïQbt{�twt}�qtqt�{�î
ïOtt{�qt�{�t�qt�{�t�q{qô�G�tïOºz�ïOttô�X�{�t�î*{�ïNçz�ïOtt{�t�~�t}�t{�t�wtwt�wt}�t�wt�{�t�wtwqô�G�tô�X�qô�G�î*ïM†t�î*–ïMNþ�y�î+ïM†wtô�X}�t�wt{�t�wt}�t{tqtwqô�G�t�w}�t}�t��îPIïMNþ�y�îPÂïM†ô�X�{�î
ïLtqô�Gtô�X{�t{t{tî*{�ïKuz�ïLt{�t�w
t�{�wt�{�t{t�{�t{t�î
ïJ{�î*{�t�{t{ïI‡z�ïJt{�t�{�ïI‡z�ïJ{�t{t�{�tî
ïH&qô�Gtô�X�qô�Gî
ïFèð#î
ïEªð,î·ïBt	ô�X�qt�î*ð$î·ï@û
qt�qt
î*î·ï?w	qt
î*ð(î·ï=ó	qtî*ð$î
ï<oqtî·ï:ëqô�Gt�qt�î*ô�X�qtð"î·ï9g
qtqtqtqtqô�Gtî·ï7ãô�X�qt�qtî·ï6_	qt	qt�qtî*ð*î
ï4Ûqtqtî·ï2ƒð0î·ï0ÿqt	ï1Ezï0ÿtqtî*qtqtî·ï/{
qt�qt�qt	qt�qt�î*qtî·ï-÷	qtqt
qtî*ð,î·ï,sð8q�î·ï*ïtqt
ï+5z�ï*ïtqtqô�Gtô�Xî
ï)k�qô�G�t�{tî*ô�Xî·ï'çqtqtqt�î*î·ï&cqtqtî·ï#8ô�´ð.ô�µð)î·ï!´ô�€î­ï\î­ïî­ï¬	î£ï›î£ïŠî£ïyî·ïNô�Êô�Ëð7î·ïÊô�€ð=î­ï
r�ô�‡�qtô�ˆð7î­ïîô�„ðHï4zïîtî­ï
jô�€
ï
°zï
jtÿ�������
��������TVk(¶���������������������������������������������������������������������������������������������������������������������������������������������������� CEDAR DESUGARING TEXT, PART 2JULY 18, 198227A name with a signal or error type can be bound to CODE; this use of CODE is not allowedanywhere else. The effect is to construct a unique exception value, not equal to any other.An enable choice which catches this value will only catch an exception raised with thisvalue; it cannot catch some other expression with the same name.  Unfortunately, CODEdoes not yield a unique value at each execution. The value is only unique to the textualoccurrence of CODE and the module instance; if CODE appears inside a proc, the same valueis produced each time the proc is applied. Thus care may be needed if the proc is recursive.¸¹A MACHINE CODE construct can be bound to a name with a proc type. This constructallows machine instructions to be assembled into a proc value. The instructions areseparated by semi-colons. Each instruction is assembled from a list of expressions separatedby commas. An expression in the list is evaluated to yield a [0..256) value which forms onebyte of the instruction; successive expressions form successive bytes.A l-expression derived from a block can be bound to a name with a proc type. Thecomplicated semantics of this construction are explained in the following subsection.3.5.1 PROC bindingsA binding of the form n: T~{...} is the only way to construct a proc value and bind it to a name,since you cannot write a l-expression in current Cedar.There are other ways to construct proc values: The expression in a defaultTC40 is turned into a parameterless proc which is bound to Default in the type'scluster.The expression following ~~ in an open or WITH ... SELECT is turned into a parameterless proc with adeproceduring coercion (¶ 3.4.2).The statement in an enable choice for a SIGNAL is turned into a proc with domain and range given by theexception type (¶ 3.4.3.1).The expression following LOCKS in a MONITOR heading is turned into a parameterless proc according to apeculiar rule (¶ CONC.???).The l-expression is constructed from the block in the following way. Its domain and range are thedomain and range of the proc type T. Its body declares a variable for each item of the domain andrange; these variables have the names of the domain and range items, and their scope is the entireblock, not just the block body. The domain variables are initialized to the parameters, and the rangevariables in the usual way according to their types. Then the block, with a RETURN tacked on theend, is evaluated. A RETURN out of the block is caught, and the current values of the rangevariables are the result of the l-expression. The only other way out of the block is to raise anERROR.A RETURN in the block is sugar for GOTO RETURN, which is caught as described. RETURN e assigns eto the range variables and then does a GOTO RETURN.It is an error to introduce the same name twice in the domain, range or block. Performance: A proc call and return is about 30% faster if the proc is denoted by a name which wasbound to a proc body in the same module as the call. A proc which is local to another proc, ratherthan bound in the body of an implementation, is about 20% slower to call. It also introduces someoverhead when its parent proc is called, and its access to non-static names introduced in its parentproc is slower than access to other names.The attributes ENTRY and INTERNAL can be used only in a MONITOR; they are discussed in ¶CONC.???.The attribute INLINE has no effect on the meaning of the program, but it causes the proc body tobe expanded inline whenever it is applied. This saves the cost of a proc call and return and the costof argument passing, and it may allow constant arguments to participate in static evaluation withinthe proc. There are certain restrictions on the use of an INLINE proc:����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?tî­ï_Û�ô�‰ð%ô�Šqt
qtî­ï^Wô�–ô�—ð?î­ï\Óô�¾ðKô�¿	î­ï[Oô�³ô�´ð6qî­ïYËtô�ªðEô�«î­ïXG	ô�€qtô�qtð&î­ïVÃô�€ðZî­ïTkô�·�qt�qtô�¸ð+î­ïRçô�ùô�úðEî­ïQcô�ðIô�Ž	î­ïOßô�ðOô�Ž	î­ïN[ô�€ðBî­ïL�ô�Ë�~�tô�Ìð3î­ïJ
ô�€ðJî·ïF€vô�X�xvî·ïCUt�ô�•u�tu�tðAô�–î·ïAÑô�€~�tî·ï>ìqð/î­ï<Ûô�£ï=!sï<Ûqð$ô�¤rq
î­ï;î­ï9Œô�Äô�Åsqsqð+î­ï8Nô�€î­ï6=ô�¡ð%sqð5ô�¢î­ï4ÿô�€î­ï2îô�¸sqsqð;î­ï1°ô�€î·ï.…tô��~�t
ô�ðQî·ï-ô�‹u�tð>î·ï+}ô�’ðNô�“
î·ï)ùô�ðUô�‚	î·ï(uô�›ô�œð(qt
î·ï&ñô�Ðqtô�Ñî·ï%mô�¹~�tð0ô�ºî·ï#éqt�î·ï ¾�ô��qtô�‚�qt�wtqt�u�tu�î·ï:tô�€ð%qt�wt�î·ïðOî·ïäv
tð/ô�ð(î·ï`ô�‰ô�ŠðNî·ïÜô�‘ô�’ðWî·ïXô�–ð\î·ïÔô�€ð&î·ï©ô�Êqtqtqtô�Ëî·ï%î·ï
úô�˜
qtð1ô�™î·ï	vô�„ðAô�…ð"î·ïòô�–ðHô�—î·ïnô�€ð7qt�������Æ��������TVk(±�������������������������������������������������������������������������������������������������������������������������������������������������������������� CEDAR DESUGARING TEXT, PART 2JULY 18, 198228It may not be recursive.It may not be used as a proc value except in an application. Thus you cannot, for example,assign it to a proc variable.It may not be the argument of FORK.It may not be exported.It may not be accessed from the cluster of a POINTER TO FRAME type.Performance: Excessive use of inline procs will result in much larger compiled code and muchlarger data structures in the compiler. The following cases are efficient:An inline proc in an implementation which is called exactly once.An inline proc which has a simple body, no locals, no named results, and no side effects.3.6 Statements14 statement ::= sS{SIMPLELOOP {sS; CONTINUE; EXITS  RETRY((=>NULL};In 4, 9, 17, 19.    EXITS CONTINUE((=>NULL } 15 sS ::= e1_e2 | e | block4 | control | loop | NULL[e1_e2].TOVOID | e --must yield VOID-- | --all yield VOID--16 control ::= GOTO n | GO TO n | EXORVAL[exception[code~ n((, args~ NIL]] |EXIT | CONTINUE | ·LOOP | ·RETRY |GOTO (EXIT | CONTINUE | LOOP | RETRY ) |REJECT | (RETURN | RESUME) e | THISEXCEPTION[] |{VALUEOF[rb(]_e;(RETURN|RESUME)}|(RETURN | RESUME) | EXORVAL[exception[code~(RETURN|RESUME),args~NIL]] |¹e _ STATEDUMPSTATE[e]17 loop ::= (iterator | ) { ( iterator ; | done(~FALSE, Next(: PROC~{}; )(WHILE e | UNTIL e | )    Test(~l IN (NOT e | e  | FALSE);DO  ?·open6 ?·enable7 body9     { open SIMPLELOOP {               IF Test([] OR done( THEN GOTO FINISHED;               { enable body EXITS LOOP=>NULL }; Next([] }?·(REPEAT (n, !..=>s); !..) ENDLOOP    EXITS EXITgNULL; (n, !..=>s);!..; FINISHEDgNULL}}18 iterator ::= THROUGH  e | FOR x(: e IN e |FOR (n : t | ·n) ( n: t; | )   ( ( | DECREASING) IN e | done(: BOOL; Range(: TYPE~e; Next(: PROC~{ IF n ( >LAST | <FIRST )[Range(]   THEN done(_TRUE ELSE n_(PRED | SUCC)[n] }; n_(FIRST | LAST)[Range(]; done(_n NOT IN Range( |     _ e1 , e2)done(: BOOL~FALSE; Next(: PROC~{n_e2}; n_e1 ) ;e is a subrange. For n: t, n is readonly except in the assignment in the iterator's desugaring.x_AddHists[baseHist, baseHist]^;-- A stat can be an assignment,Setup[bh~main, a~3, b~CONS[...] ];-- or a proc without results,{ENABLE FatalError=>RETURN[0]; []_f[3];  ...};-- or a block,IF i>3 THEN RETURN[25] ELSE GOTO NotPresent;-- or an IF or a control statement,FOR t:INT DECREASING IN [0..5) UNTIL f[t]>3 DO -- or a loop. Try to declare t  in the FOR asu: INT_0; ... ; u_t+4; ...-- shown. Avoid OPEN, ENABLE after DO   REPEAT Out=>{...}; FINISHED=>{...} ENDLOOP;-- (use a block). FINISHED must be last.THROUGH [0..5) DO ... ENDLOOP;Cedar makes a distinction between expression and statements. This distinction is most easilyunderstood in terms of a special type called VOID. This is the range type of a PROC [...]_[], and it isalso the type of a block, control, loop or NULL statement. An expression whose value is a VOID can����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?tî­ï_Ûô�€î­ï]ƒô�ˆô�‰ðPî­ï[ÿô�€î­ïY§qt�î­ïWOî­ïT÷ð-qt�qt�qtî·ïQÌv
t�ô�Äð#ô�Åð-î·ïPHô�€ðDî­ïMððAî­ïK˜ðYî·ïFÅ{ô�X
î·ïCšzô�>�{�q{ô�Xtî*�w	t{tqtqô�G�tô�X�w}tqtî
ïBqô�G
î*tô�Xqt�w}tqtî·ï@’zô�>�{ô�Xtï@z�ï@’tï@z�ï@’t�{�t{�tï@Øz�ï@’t�{�t{�t{�t�qî*t�{�ï@z�ï@’t�{�ï@z�ï@’twt�{�t�{�t
qt{�tqtî·ï>¤zô�>�{ô�Xt�qt{�t�qô�Gtô�X{�t�î*wt{�}tqt{�î
ï= qt�{�t�qt�{�tqt�{�tqt�{�î*qô�G�{�wtô�X�{�t�wt�{�t�wt�{�t�wt�{�t�{�î
ï;œqt�{�t�{�qt�{�t�q{�t{�t�î*wt{�t�wt}�t{�t�{�q{�q{�t�{�î
ï:�qt�{�t�q{�t�{�t�î*wt{�w{�w{�tqt{�î
ï8”tqî*wt�{�t�î·ï5izô�>�{ô�Xt�{�t{�t�{�t�î*{�t�{î+ãï51þm�î0Pï5it{�t}�t�qt}�tqt{�î
ï3å�qt{�t�qt{�t�{�t�î*}�t�~�t�wt�{�qt�{�t�{�t�{�t{�t�q{�t�î
ï2aqt{�tï2§z�ï2at�{�tï2§z�ï2atï2§z�ï2atî*{î,ï2)þË�î.ãï2at�w	tî*ï0Ý
qt}�tqt}�t�qt�qt�qtî*ï/Y{t�{t�qt�wtqt}�tî
ï-Õ{�t�{�qt�{�t{�t{�t�qî*tqt�w}�qt{t{tq}�qtî·ï*ªzô�>�{ô�Xt�qt{�t�î*qtî*ï*rþq�î-yï*ª}�t{�t�qt�{�î-Ñï*rþ�î1ïï*ªt�{�î
ï)&qt�{�t{�t{�t�î*{�t�{�t{�t{�t�{�î
ï'¢t{�t�{�t�{�t�q	{�t�qt{�t�î*}�tqt}�tqt�{�tî*ï&}�tqtqô�G�{�tô�X�{�t��qt�{�t��qt�{�t}�tî*ï$šqt}�t�qt�qô�G�{�t�{�qtô�X�{�t�q{�t�{�tî*ï#{�t�{�qt�{�t�q{�t}�t}�t�{�t�qô�Gtô�X}�t�{�î
ï!’tï!z�ï!’tï!z�ï!’{�î*t}�tqt�qt}�tqt{�t�{�ï!z�ï!’t{�t�{�ï!z�ï!’t�{�tî
ïëq�ô�Gð^î·ïÀtô�Xî*î·ï<qt�{tî*î·ï¸�qtqt{tî*
î·ï4qtqt�qtqt�qtî*qtî·ï	qtqt�q	t�qtqtqt�î*q�tqô�G�u�tô�Xqtî
ï…qt{t	{î*tqtqtqt�î·ïqô�Gtô�Xqt�{tq	t�{tqt�î*qt
î·ïÖqtqt�{t�qt�î·ï«ô�íðHô�îî·ï
'	ô�…ð#wtô�†
qt}�tî·ï£ô�ð'qtð(ô�wtÿ���������������TVk(Œ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� CEDAR DESUGARING TEXT, PART 2JULY 18, 198229be used as a statement, and cannot be used as an ordinary value in a binding (since it wouldn'thave the right type). If you want to call a proc which returns values as a statement, you must assignthe results to an empty group:[]_fŸ[...]Assignment is a special case; an assignment can be used as a statement even though its value is thevalue of the right operand. This is explained in the desugaring15 using a special proc TOVOID in thecluster of every assignable type; it takes a value of the type and returns a VOID.Anomaly: In a select29 which is a statement (i.e., returns VOID), the choices are separated bysemicolons; in an ordinary select expression they are separated by commas.Anomaly: ·If you write an expression whose value is a proc taking no arguments as a statement, theproc gets applied. ThusP;is the same asP[];This is the only situation in which an ordinary proc gets applied by coercion (but see ¶ 3.4.2 foropen procs).A statement14 is actually a more complicated construct than you might think, as the desugaringshows. This is because of the CONTINUE and RETRY statements, which respectively terminate andrepeat the current statement. The desugaring shows exactly what this means in various obscurecases. CONTINUE and RETRY are legal only in an enable choice (¶ 3.4.2), and they may not appear ina declaration at all. ·RETRY should be avoided everywhere, since it introduces a loop into theprogram is a distinctly non-obvious way.Control16 consists mainly of the various flavors of GOTO (including EXIT, CONTINUE, LOOP, RETRY,RETURN and RESUME) which raise a local exception bound in an EXITS; this is explained in ¶ 3.4.3.2.REJECT is explained in ¶ 3.4.3.1. Anomaly: Note that you cannot use a GOTO to escape from a proc body, even though the body iswithin the scope of the label. Only normal completion, or a RETURN or ERROR exception (or aSIGNAL which is not resumed) can terminate a proc body.A loop17 is repeated indefinitely until stopped by an exception, or by the iterator18 or the WHILE orUNTIL test. It has a body, bracketted by DO and ENDLOOP, which is almost like a block, but withsome confusing differences: You catch GOTO exceptions with REPEAT, which is exactly like EXITS in a block immediatelyaround the loop,except for the different delimiting reserved word. Note that the scope ofthe labels does not include the iterator or the test, even though these are evaluatedrepeatedly during execution of the loop. This feature is best avoided, but unfortunately isnecessary if you want to catch the FINISHED exception explained below.·You can write an open or enable. This is also best avoided, since the scope is confusing. Itis better to write a block explicitly inside the DO if you need these facilities.There are three special exceptions associated with loops:EXIT is equivalent to GOTO EXIT, where EXIT is a label automatically declared in the REPEATof every loop. Its enable choice does nothing. Thus EXIT simply terminates the smallest loopthat encloses it.FINISHED is raised when the iterator or the WHILE/UNTIL test terminates the loop. It can bedeclared in the REPEAT like any label, but it must come last. If it is not declared, a nullenable choice is supplied for it. Anomaly: You cannot write GOTO FINISHED.·LOOP causes the next repetition of the loop to start immediately.������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?tî·ï_Ûô�«ð7ô�¬ð&î·ï^Wô�„ð:ô�…ð'î·ï\Óô�€îyï[Outî·ïX$	ô�‹ð"vtð4î·ïV ô�Žð:ïVæzïV tô�wtî·ïUô�€ðFwt�î·ïQñvt�ô�ßïR7zïQñtô�àwtî·ïPm
ô�€ð?î·ïMBvt�ô�‡
ô�ˆðLî·ïK¾ô�€îyïJ:u�t�î·ïH¶
îyïG2u�tî·ïE®ô�¨ð5ô�©ð)î·ïD*ô�€î·ï@ÿ�ô�½	ïAEzï@ÿtð8ô�¾î·ï?{ô�ªô�«qtqtð-î·ï=÷ô�Åô�Æð<î·ï<sô�‚�qtqtð2ô�ƒî·ï:ï�ô�Íqtô�Îð0î·ï9kô�€ð!î·ï6@ï6†zï6@tô�–ô�—ð"qtqtqtqtqt�î·ï4¼qtô�€qtð,qtô�î·ï38qtô�€î·ï0
vt�ô�˜qtô�™ð%î·ï.‰ô�¸ð6qtqtî·ï-qtô�€ð1î·ï)Ú�ô�Šï* zï)ÚtðKï* zï)Útô�‹�qtî·ï(Vqtô�Ÿ�vtqtqtô� î·ï&Òô�€î­ï$z	qtqtqtô�î­ï"öô�§ð"ô�¨ð1î­ï!rô�éðRî­ïî	ô�¢ðNô�£î­ïjô�€qtî­ïô�ˆô�‰ðDî­ïŽô�€ð/qtî·ïcð9î­ïqtô�‰qt�wtwtô�Šqî­ï‡tô�€ð1ô��qtð$î­ïô�€î­ï«qtô�†ô�‡qt�qtð$î­ï'ô�©qtð@ô�ªî­ï£ô�€vtqt�qt�î­ï
K�qtð=ÿ�������
$��������TVk(Ä������������������������������������������������������������������������������������������������������������������������ CEDAR DESUGARING TEXT, PART 2JULY 18, 198230An iterator18 declares a control variable v which is initialized by the iterator and updated after eachexecution of the loop; the scope of v is the entire loop, and it is read-only in the loop. After theloop is terminated by the iterator, the value of v is undefined. ·If you omit the declaration andsimply name an already declared variable, it will be used as the control variable, and will not beread-only. There are three flavors of iterator:THROUGH, which has no explicit control variable; THROUGH [0..k) is convenient when youjust want to loop k times.FOR v: T IN [first, last] ...; v is initialized to first, and set to SUCC[v] after each repetition. Theiterator stops the loop after a repetition which leaves v>last. DECREASING reverses the orderin which the elements of the subrange are used. The subrange need not be static. Note thatthe subrange is evaluated only once, before execution of the loop begins.FOR v: T_first, next ...; v is initialized to first, and set to next after each repetition. Thisiterator never stops the loop. Note that the expression next is reevaluated each time aroundthe loop. The usual application is something like FOR v: List_header, v.next UNTIL v=NIL.Note that the WHILE test is made with v equal to its value during the next repetition, and that bothtests are made before the first repetition, so that zero repetitions are possible.3.7 Expressions19 expression ::= n | literal57 | (e) | application26 |e . n |LOOKUP Z [De, $n] [e] |builtIn [ e1 ?( , e2, !..) ] | funnyAppl e |e1 . builtIn ?( [e2, ...] ) | e . funnyAppl(  |prefixOp e | e1 infixOp e2  | e1 NOT relOp e2  |e . prefixOp | e1 . infixOp[e2] | NOT (e1 . relOp[e2] ) |e1 AND e2  | e1 OR e2  | IF e1 THEN e2 ELSE FALSE | IF e1 THEN TRUE ELSE e2 |e ^ | ·STOP | ERROR |e . DEREFERENCE | STOP[] | ERROR NAMELESSERROR |[ argBinding27 ] | s |--Binding must coerce to a record, array, or ·local string-- |subrange | if | select | safeSelect |µwithSelect Precedence is noted in bold in the operator rules.  All operators associate to the left except _, which associates to the right. ^, . and application have higher precedence than any Op.  AND has precedence (2) and OR has precedence (1). Subrange only after IN. s only in IF28 and in SELECT29 choices.20 prefixOp ::= @ (8) |  (7) | (~ | NOT) (3)VARTOPOINTER | UMINUS | NOT21 infixOp ::= * | / | MOD (6) | + |  (5) | relOp (4) | _ (0)TIMES | DIVIDE | REM | PLUS | MINUS | relop | ASSIGN22 relOp ::= = | # | < | <= | > | >= | IN  -- In 19, 21, 30.EQUAL | NOT = | LESS | NOT > | GREATER | NOT < | IN23 builtIn ::= -- These are enumerated in Table 45.24 funnyAppl ::= FORK | JOIN | SIGNAL | ERROR | NEW | ·START | ·RESTART | WAIT | NOTIFY | BROADCAST | RETURN WITH ERROR |¹¸TRANSFER WITH | ¹¸RETURN WITH25 subrange ::= (typeName37 | )  (LET t(~(typeName | INT) IN (( [ e1 .. e2 ] | [ e1 .. e2  ) ) |  t(.MKSUBRANGE[e1, (e2 | PRED[e2] )] BUT       {BoundsFault=>t(.MKEMPTYSUBRANGE[e1]} |( ( e1 .. e2 ] | ( e1 .. e2  ) )  )  t(.MKSUBRANGE[SUCC[e1], (e2 | PRED[e2] )] BUT In 19, 39, 55      {BoundsFault=> t(.MKEMPTYSUBRANGE[SUCC[e1]] } )26 application ::= e [argBinding LET map(~e, args(~[ argBinding ] IN  (                            ?( ! eChoice8; ...)]    (map(. APPLY  Z args( ) ?( BUT { eChoice; ... } ) )27 argBinding ::= (n ~ (e | | µTRASH )), ... |(n ~ (e | OMITTED | TRASH) ), ... |(e | µTRASH | ), ...(e | OMITTED | TRASH ), ...ÿ��������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?tî·ï_Ûô�ï`!zï_Ûtô�vt�u�tð<î·ï^Wô� ô�¡
u�tð?î·ï\Óô�µð)ô�¶u�tð/î·ï[Oô�¥ðYô�¦î·ïYË	ô�€�î·ïV ð$î­ïTHqt�ô�šð)qtu�tô�›î­ïRÄô�€
u�tî­ïPlqtô�…�u�tu�t�qtututu�tô�†�utqt�u�tî­ïNèô�	ô�‚ð&u�}�utq	tî­ïMdô�‡ð?ô�ˆî­ïKàô�€ðFî­ïIˆqtô�¹�u�t�ô�º�u�t�ututu�tututî­ïHô�Žð0utî­ïF€ô�€ð/î›ïDüqtô�X�u�tut�utu�t�ut�qt�u�t�qt�î·ïAÑô�‰	qtu�tvtô�Šî·ï@Mô�€ðMî·ï;z{ô�Xî·ï8Ozô�>�{�q{ô�Xt{�tï8•zï8Ot�{�t��î$ï8þ�y�îï8O��îBï8þ�y�î»ï8O�{�tï8•zï8Ot�{�î
ï6Ët{�î*wt�}�t}�{�t{�t{�t{�î
ï5Gt
ï4ºz�ï5Gt�{tï4ºz�ï5Gt{�t{�t{�î*{�ï4ºz�ï5Gt{t�{t{�ï4ºz�ï5Gt{t{�t�{�t�{�t{}�t{�î
ï3Yt
{�tï2Ìz�ï3Yt	ï2Ìz�ô�>�ï3Ytô�X�{�tï2Ìz�ï3Yt�qtï2Ìz�ô�>�ï3Ytô�X�{�î*{�t{î+´ï3!þ5�î0éï3Yt�{�t�{�ï2Ìz�ï3Yt{î4ï3!þz�î8’ï3Yt�{�ï2Ìz�ï3Yt{�t�qt��î>Vï3!þ�y�î>Ïï3Y{�ï2Ìz�ï3Yt{î@öï3!þ\�îDRï3Yt�{�ï2Ìz�ï3Yt�îFï3!þ�y�îG	ï3Y�{�î
ï1kt�ï0Þz�ï1kt�qtï0Þz�ô�>�ï1ktô�X�{�tï0Þz�ï1kt�qtï0Þz�ô�>�ï1ktô�X�{�t�î*qt�{�ï0Þz�ï1kt�qt�{�ï0Þz�ï1kt�qt�qt�{�t�qô�G�{�ï0Þz�ï1ktô�X�qt�qt�qô�G�{�ï0Þz�ï1ktô�X�{�î
ï/}t{�tqt�{�t�qt�{�î*{�tqô�G�w
tô�X�{�t�wt{�t�qô�G�wtô�X�{�î
ï-ùtï.?zï-ùt{�t{�î*tð={�î
ï,ut{�t{�t{�t{�tî
ï+7q	ô�Gðiî
ï)ùð\|�qî
ï(»|�qð'ï)zï(»q
ï)zï(»qî·ï%zô�>�{ô�Xtq�|�q�t�{�tq�|�q�t�{�t�{�t{�t�q{�t�q�|�q�î*wt�{�t�wt�{�t�wî·ï$zô�>�{ô�Xt�î
ï"ˆ{�t{�t�qt�q�|�q�t�{�t{�tq�|�q�t�{�tq�|�q�t�{�tq�|�q�î*wt�{�t�wt�{�t�wt�{�t�wt�{�t�wt�{�t�{î?ï"Pþ÷�îBï"ˆt�{�t�wî·ï!zô�>�{ô�Xt�î
ï€{�t{�t{�t{�t{�t{�t�qtqô�Gî*wtô�X�{�t�qtî.ÛïHþ7�î3ï€�{�t�wt�{�t�qtî7õïHþ†�î;{ï€�{�t�wt�{�t�qtîBãïHþ†�îFiï€�{�t�wî·ïüzô�>�{ô�Xtð&î·ïxzô�>�{ô�Xt�qt�{�t�qt�{�t�qt�{�t�qt�{�t�qt�{�tqt�{�tqt�{�t�qt�{�t�qt�{�t�î
ïôqt�{�t�qô�G
tô�X�{�t�qô�Gtô�X�{�tqô�Gî·ïÉzô�>�{ô�Xt�{�tïzïÉt�{�t�{�t�qô�G�{�î*wtô�X}�t�{t�{�t�q{�qô�G�wq�{�î
ïE�tô�Xï¸z�ïEtï¸z�ïEt{�tï¸z�ïEtï¸z�ïEt�îï
þ�y�î‰ïE�{�t�{�î*t}�t�w	t�{�ï¸z�ïEt{ï¸z�ïEt�{�t�qt�{�ï¸z�ïEt{�twt�î*ïW}�t�wt�{�ïÊz�ïWt{�î
ïi�t��î
ëï1þ�y�îdïiïÜz�ïitïÜz�ïit{�t��îï1þ�y�î–ïiïÜz�ïitïÜz�ïit�î<ï1þ�y�îµïi�{�t{�î*t}�t�w	t�qt�{�ïÜz�ïit{ïÜz�ïit�{�t�qt�{�ïÜz�ïit{�twt�î
ï{qô�G
î*tô�X}�t�wt�qt�{�ïîz�ï{t{�î·ï
Pzô�>�{
ô�Xtî*wt}�t�{�t}�t{	î67ï
þs�î<ªï
Ptwt�î?ˆï
þ�y�î@ï
P�î
ïÌ{t	ïz�ïÌt{t�î*�î+hï”þ�y�î+áïÌ}�t�qô�G�wtô�X}�t}�t��î7çï”þ�y�î8`ïÌ�{t�wt{î=Äï”þ»�îBïÌt{t{�t��îF‹ï”þ�y�î·ï
Hzô�>�{	ô�Xt�{�t{�t{�t�{�t�qt�{t{t�{�î*{t{t�{�t�wt�{�t�w{�qô�G�{�t�ô�X�{t�{�î
ïÄ�t{�t�qt�{�t�{�t{î*{t�{�t�wt�{�t�wqô�G�{�t�ô�X�{�������
j��������TVk(e���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� CEDAR DESUGARING TEXT, PART 2JULY 18, 198231In 19, 26. ·The ~ may be written as :. · TRASH may be written as NULL.lv: LabelValue13_[ i, 3, "Hello", 31.4Eœ1, (i+1),-- A constructor with some sample g[x]+lb.f+PRED[j] ];-- expressions.p1: PROCESS RETURNS [INT]_FORK f[i, j];-- FunnyAppls take one unbracketted arg;ERROR NoSpace; WAIT bufferFilled;-- many return no result, so must be stats.RT: RTBasic.Type_CODE[LabelValue13];h[3, NOT(i>j), i*j, i_3, i NOT >j, p OR q, lb.r^];-- An application with sample expressions.lv19_[first~0, last~10, x~3.14, g~2, f~5];-- Short for lv_LabelValue13[...].[first~i, last~j]_lv19;-- Assignment to a VAR binding (extractor).b: BOOL_i IN [1..10]; FOR x: INT IN (0..11) DO ...;-- Subrange only in types or with IN.b_( c IN Color45(red..green] OR x IN INT[0..10) );-- The INT is redundant.fh_Files.Open[name~lb.s, mode~Files.read-- Keywords are best for multiple args.! AccessDenied=>{...}; FatalError=>{...}];-- Semicolons separate choices.(GetProcs[j].ReadProc)[k];-- The proc can be computed.file.Read[buffer~b, count~k];-- WFile.Read[file, b, k] (object notation).f[i~3, j~ , k~TRASH]; f[i~3, k~TRASH];-- j and k may be trash (see defaultTC40).f[3, , TRASH];-- Likewise, if i, j, and k are in that order.Most of the forms of expression are straightforward sugar for application: prefix, infix and postfixoperators, explicit application of a primitive function, or the funnyAppl24 in which the firstargument follows the proc name without any brackets. All of these constructs desugar into dotnotation (¶ 2.4.4, ¶ 4.14); this means that the procs come from the cluster of the first argument. Theexceptions to this rule are ALL, CONS for variant records and lists, LIST,  and the single-argumentforms of LOOPHOLE and NARROW; all of these get the proc from the target type of the expression (¶4.2.4). All the primitive procs are described in Chapter 4.Note that AND and OR are not simply sugar for application. Rather, they are sugar for an ifexpression, since the second operand is evaluated only if the first one is TRUE or FALSE respectively.Rules 19-21 give the precedence for operators: @ is highest (binds most tightly) and _ is lowest.All are left-associative except _, which is right-associative. The ^, . and [] (application) constructshave still higher precedence. These rules are sufficiently complex that it is wise to parenthesizeexpressions which depend on subtle differences in precedence.The first operand of assign can be an argBinding27 whose value is a variable group or binding, i.e.,one whose elements are variables; this is sometimes called an extractor. The second argument willtypecheck if it coerces to a group or binding with corresponding elements which can be assigned tothe variables. Usually the second argument is either an application which returns more than oneresult or a record constructor.Anomaly: In the second case, the fact that the order of evaluation in an expression is not defined isover-exploited: some of the variables may be changed before all the elements of the constructor areevaluated.A funnyAppl which takes more than one argument has the extra arguments written inside bracketsin the usual way; e.g.,  START PŸ[3, "Help"]. Anomaly: Enable choices are legal only for the following: FORK JOIN RESTART START STOP WAIT.You can write empty brackets if neccessary to get a place for the eChoices.A subrange25 denotes a subrange type. Standard mathematical notation for open and closedintervals is used to indicate whether the endpoints are included in the subrange. A subrange canalso be used after IN in an expression or iterator; in these contexts it need not be static.ÿ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?tî
ï`"qð'î
ï^äî·ï[¹tô�X
ï[ÿzï[¹tð!î*ð"î
ïZ5	qtî*î·ïX±qt�qtqtqtî*ð(î·ïW-qt	qt
î*ð+î·ïU©qt
ïUïzïU©tî·ïT%qtqtqt
î*ð*î·ïR¡ïRçzïR¡tð&î*ut�u	ïRçzïR¡t�{tî·ïQïQczïQt�î*qtî·ïMòqtqt	qtqt�qtqtî*ð"qt�î·ïLnqtïL´zïLntqtqt�qt	î*qt
î·ïICð(î*ð'î
ïG¿{tî*î·ïF;î*î·ïD·î*}�ut�ut�utu�tu�tî·ïC3
qtqtî*u�tu�tïCyzïC3tî·ïA¯qt�î*u�tu�tu�tî·ï>„ô�œô�ðEî·ï=�	ô�ñð?ï=Fzï=�tô�òî·ï;|ô�ÄðQô�Åî·ï9øô�‰ð#ô�Šð;î·ï8t	ô�£qtqtô�¤qtî·ï6ðô�†qtô�‡�qtð%v
tî·ï5lô�€ð4î·ï2Aô�Ñqtqtô�Òvtð?î·ï0½
ô�€ð@qtqt
î·ï-’ô�£ô�¤ð>î·ï,ô�¨ðHô�©î·ï*Šô�Àð)ô�Áð5î·ï)
ô�€ð2î·ï%Ûô�ô�ï&!zï%Ûtð2î·ï$Wô�œð;vtô�î·ï"Óô�‰ô�ŠðFî·ï!Oô�¯ð'ô�°ð5î·ïËô�€î·ï vt�ô�ˆð:ô�‰ð#î·ïô�ˆð,ô�‰ð(î·ï˜	î·ïm�ô�’ð5ô�“ð(î·ïéô�€qt�u�t
î·ï¾vt�ô�¡ô�¢qt�qt�qt�qt�qt�qt�î·ï:ô�€ðHî·ï
�ô�õï
Uzï
tðEô�öî·ï‹ô�ªð7ô�«î·ï
ô�€qtðG�������F��������TVk(ù�������������� CEDAR DESUGARING TEXT, PART 2JULY 18, 198232You can write enable choices8 after a ! inside the brackets of an application26. See ¶ 3.3.2 for thesemantics of this. Note that only an exception returned by the application is caught by thesechoices, not one resulting from evaluating the proc or arguments.An argBinding27 denotes a binding for the arguments of an application. You can omit a [name,value] pair n~e in the binding if the corresponding type has a default, or you can write the namewithout the value expression (e.g., n~ ) with the same meaning. You can also write TRASH (·orNULL) for the value; this supplies a trash value for the argument (¶ 4.11).3.8 IF and SELECT28 if ::= IF e1 THEN e2 (ELSE e3 | )IF e1 THEN e2 ELSE (e3 | NULL)29 select ::= SELECT e FROM LET selector(~e IN     choice; ... endChoice      choice ELSE ... endChoice   The separator written ";" is  "," in an expression.ELSE is a separator for repetitions of the choice.30 choice ::= (( |relOp22|NOT relOp22) e1), !..=>e2IF ( (selector( (= | relOp | NOT relOp) e1) OR ... ) THEN e231 endChoice ::= ENDCASE ( | => e)ELSE (NULL | e)In 29, 32, 34.32 safeSelect ::= WITH e SELECT FROMLET v(~e IN     safeChoice; ... endChoice30     safeChoice ELSE ... endChoice33 safeChoice ::= n : t => eIF ISTYPENOTNIL[v(, t] THEN LET n : t_NARROW[v(, t] IN e34 ·withSelect ::= WITH (n1 ~~ e1 | · e1 )OPEN v(~~e1 IN LET n(~($n1 | NIL), type(~De1,SELECT ( | ¸e2) FROM    selector(~(e1.TAG | e2) IN withChoice ELSE ... endChoice     withChoice; ... endChoice30-- e2 must be defaulted except for a COMPUTED variant·The ~~ may be written as :.35 ·withChoice ::= n2 => e |IF selector(=n2 THEN OPEN n2, n2, !.. => e     (BINDN[n(,LOOPHOLE[v(,type([n2]] ] |  BINDN[n(, v(] ) IN ei_(IF j<3 THEN 6 ELSE 8);-- An IF with results must have an ELSE.IF k NOT IN Range THEN RETURN[7];SELECT f[j] FROM-- SELECT expressions are also possible.<7=>{...};-- Wt:INT~fŸ[j]; IF t<7 THEN {...} ELSE ... IN [7..8]=>{...};-- 7, 8=> or =7, =8=>{...} is the same. NOT<=8=>{...};-- ENDCASE=>{...} is the same here.ENDCASE=>ERROR;-- Redundant here: choices are exhaustive.WITH r SELECT FROM-- Assume r: REF ANY in this example.rInt: REF INT=>RETURN[Gcd[rInt^, 17]];-- rInt is declared in this choice only.rReal: REF REAL=>RETURN[Floor[Sin[rReal^]]];ENDCASE=>RETURN[IF r=NIL THEN 0 ELSE 1]-- Only the REF ANY r is known here.nr: REF Node49~...; WITH dn~~nr SELECT FROM-- See rule 49 for the variant record Node.binary=>{nr_dn.b};-- dn is a Node[binary] in this choice only.unary=>{nr_dn.a};-- dn is a Node[unary] in this choice only.ENDCASE=>{nr_NIL};-- dn is just a Node here.The kernel construct if28 evaluates the expression e1 to a BOOL value test, and then evaluates e2 iftest=TRUE, or e3 if test=FALSE. In the expressionIF test1 THEN IF test2 THEN ifTrue2 ELSE ifFalse2the grammar is ambiguous about which IF the ELSE belongs to. It belongs to the second one.A select29 is a sugared form of if which is convenient when one of several cases is chosen based ona single value. The selector expression e is evaluated once, and then each of the choices is tested inturn. Within each choice, each expression e1 preceding the => is compared in turn with theÿ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?tî·ï_Ûô�¢ï`!z�ï_Ûtô�£ð0ï`!zï_Ûtî·ï^Wô�ÓðDô�Ôî·ï\Óô�€ð9î·ïY¨ô�·
ïYîzïY¨tðMî·ïX$ô�›u�t�u�tð)ô�œð)î·ïV ô�¸u�tð.qtô�¹î·ïUqt�ô�€ðFî·ïPI{ô�X�|{|î·ïMzô�>�{ô�Xt�qtïL‘z�ïMt�qtïL‘z�ïMt�{�qtïL‘z�ïMt�{�t�{�î*qt�{�ïL‘z�ïMt�qt�{�ïL‘z�ïMt�qt�{ïL‘z�ïMt�{�t�q{�î·ïK0zô�>�{ô�Xt�qtqt�î*wt}�t�{�t�wî
ïI¬t{t	î*{î,ïItþÈ�î/àïI¬t�qt�{t�{î4ºïItþ&�î:àïI¬tî
ïHnqô�Gð0î*ð2î·ïFêzô�>�{ô�Xt�{t�{�tïG0zïFê{�qtïG0zïFê{�tïF]z�ïFê{�tqt�ïF]z�î*ïFêqt�{�qô�G�{�t}�tô�X�{�t{�t�{t�{�t�qt�{t�{�ïF]z�ïFê{�t�qt�{t�{�t�qt�{�ïF]z�î·ïDüô�>�{ô�Xt�qt�{�t�{�t{�î*qt�{�qt�{�t�{î
ïC¾qô�Gî·ï@“zô�>�{	ô�Xt�qtqô�Gî*wtô�X}�t�{�t�wî
ï?t{t	ï?Uzî*ï?t{	î+Àï>×þh�î2(ï?t�qt�{t�{î7ï>×þ&�î·ï=‹zô�>�{	ô�Xt
î*qt�wt}�t{�t�qô�Gtô�X�wt�{�t{�t�qt�}�t{�tqt�{�î·ï<zô�>�t�{	ô�Xt�qt�{�t�ï;zz�ï<tï;zz�ï<t�{�tï;zz�ï<t�{�î*wt}�t{�ï;zz�ï<t�wqô�G�wtô�X}�t�{�t�{�ï;zz�ï<t�{�t�q{�t}�t�}�{�ï;zz�ï<q�î
ï:t�{�t�{�tï9Œz�ï:{�t�qt�î*qô�Gt}�t�{ï9Œz�ï:t�wtô�X�{�t�{�ï9Œz�ï:{�t�wt�{	î9hï9áþ”�î?üï:t�qt�{t�{îDÖï9áþ&�î
ï8+t{t	ï8qzî*ï8+tï7žz�ï8+tqtî
ï6„qô�Gî·ï5�zô�>�t�{	ô�Xtï4sz�ï5�t{�î*qt}�t�{�ï4sz�ï5�qô�Gtô�X�qô�G�î
ï3t�ï2…z�ï3t�ô�Xï2…z�ï3t
î*qô�G{�wt}�t�qt�}�t}�t�{�ï2…z�ï3tô�X{�qô�Gwt}�t�ô�X}�t�qô�G�{�tô�X�wt�{�î·ï/çtqtqtqtî*qtqt�î·ï.cqtqô�Gtô�Xqt�qtî·ï,ßqtqî*tqtî
ï+[	î*}�u�t�qt�u�tu�tqt�u�tqt{tqt�{t�î
ï)×qtî*{tî
ï(Sqt
î*qt{tî
ï&Ïqtqt�î*ð*î·ï#¤qtqô�Gî*tô�Xu�tqô�Gtô�Xî
ï" qô�Gtqt
ô�Xî*utð!î
ï œqô�Gtqtî
ïqtqt�qtô�Xqt�qtqtî*qô�Gtô�X�u�tî·ïÀqtïzïÀtqtqô�Gî*tô�Xð$uî
ï<tî*utut�utî
ï¸î*utut�utî
ï4qtqtî*ut
utî·ï	ô�£ïOzï	t
ô�¤u�ï|z�ï	tqtutu�ï|z�ï	tî·ïut�qt�ô�€u�ïŽz�ïtut�qtîyï-qtô�X�uï z�ï-t�qt�qt�uï z�ï-t�qt�uï z�ï-t�qô�G�uï z�î·ï?tô�€ð"qtqtð*î·ï�ô�ŒïZzïtðVô�î·ï
�ô�Œð'u�tð(ô�î·ï	ô�Øð%u�ïz�ï	tð.ÿ�������x��������TVk(*�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� CEDAR DESUGARING TEXT, PART 2JULY 18, 198233selector; if any comparison succeeds, the expression e2 following the => is evaluated to yield thevalue of the select. If no comparison succeeds, the next choice is tried. If no choice succeeds, theexpression e following the ENDCASE is evaluated to yield the value of the select; e defaults to NULL,and hence must be present when the select is not a statement to prevent a type error.The comparison is selector relop e1 if e1 is preceded by a relop; otherwise it is selector=e1.Style: It is good practice to arrange the tests so that they are disjoint and exhaust the possiblevalues of the selector. ENDCASE should be used to mean "in all other cases"; often the appropriatee2 raises an error. Don't use ENDCASE when you mean another specific selector value which youdon't bother to mention.Performance: If the e2 are static and select disjoint subsets of the selector values, and the averagesize of these subsets is not too large, a select compiles into an indexed jump, which executes in atime independent of the number of choices. This also happens if a contiguous subset of the choiceshas this property.A safeSelect32 is a special form for discriminating cases of unions or ANY. The selector must be avalue for which ISTYPE can be evaluated dynamically (¶ 4.3.1): REF ANY, PROC ANY_T, PROCT_ANY, V or REF V, where V is a variant record. Each choice specifies one possible type that theselector might have, and declares a name which is bound to the selector value if it has that type.Thus, the example tests for r having the types REF INT and REF REAL. If it has REF INT, the firstchoice's e is evaluated; within e, rInt is bound to the selector, and has type REF INT. Likewise forREF REAL and the second choice. As with an ordinary select, the ENDCASE expression is evaluated(with no new names known) if none of the other choices succeeds. Note that safeSelect doesordinary binding by value, not the binding by name done in open and withSelect.·¸A withSelect34 is an unsafe and rather tricky construction for discriminating cases of unions. Itsuse should be avoided unless a safeSelect can't do the job; this is the case for a COMPUTED tag, orif the call by name feature of withSelect is required.It incorporates an open (¶ 3.4.2) of the e1 being discriminated. This means that e1 isdereferenced to yield a variant record value. It also means that this value is not copied, andhence it can change its type during execution of a choice, either by assignment to thevariant part of a variant record (itself an unsafe operation), or by a change in the value ofe1. If the union has a COMPUTED tag, the selector value to be used for the discrimination mustbe given as e2 in the withSelect. It is entirely up to the programmer to supply a meaningfulvalue. If the tag is not COMPUTED, e2 must be omitted and the selector value is e1.TAG. The n2 preceding => in a choice are literals of the (enumerated) type (¶ 4.7.1.1) which isthe tag type of the union (¶ 4.6.3). They are compared with the selector, and if one matches,the e following => is evaluated as with an ordinary select. If exactly one is given, then thee following => is in the scope of OPEN n1~~LOOPHOLE[e1.DEREF, V[n2]];or simplyOPEN LOOPHOLE[e1.DEREF, V[n2]]if no n1~~ followed the WITH. If several n2 are given, then there is no discrimination, andthe e following => is in the scope ofOPEN n1~~e1.DEREF     or     OPEN e1.DEREF������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?tî·ï_Ûô�¥ô�¦ð)u�ï_Nz�ï_Ûtð+î·ï]íô� ô�¡ð\î·ï\i	ô�‡�u�tqtð0u�tô�ˆqt�î·ïZåô�€ðRî·ïWºut�ut�u�ïW-z�ïWºtu�ïW-z�ïWºtutut�u�ïW-z�ïWºt�î·ïTvt�ô�½ð6ô�¾ð&î·ïSô�’qtô�“ðCî·ïQu�ïPz�ïQtô�¯qtð4ô�°î·ïO/ô�€î·ïLv
t�ô�¤u�ïKwz�ïLt
ô�¥ðDî·ïJô�žðQô�Ÿ
î·ïH’ô�Šð8ô�‹ð&î·ïGô�€î·ïCã�ô�Ÿ
ïD)zïCãtð%ô� qtî·ïB_ô�É
qtð)qtô�Ê�qtqt�q}�u�tqî·ï@Ûu�}�qt�ô�•�u�tô�–qt�u�tu�tðFî·ï?Wô�¡ô�¢ð?î·ï=Óô�žu�tqt�qtqt�qtô�Ÿqt�qt
î·ï<Ou�tu�tutð(qt�qt�ô� î·ï:Ëqtô�›�qtð8qt
ô�œî·ï9Gô�Óð)ô�Ôð,î·ï7Ãô�€ðGî·ï4˜ô�¬
ï4Þzï4˜tðEô�­î·ï3ô�ô�‘ðIqtî·ï1ô�€ð4î­ï/8ô�Þð'u�ï.«z�ï/8tô�ßu�ï.«z�ï/8tî­ï-Jô�‡ô�ˆð)vtî­ï+Æô�Æô�ÇðJî­ï*Bô�”	ô�•ðLî­ï(Tu�ï'Çz�ï(Tt�ô�€�î­ï%üô�Šqtð?î­ï$xô�‡	u�ï#ëz�ï$xtô�ˆð;î­ï"Šô�€qtu�ï!ýz�ï"Štð+u�ï!ýz�ï"Št�wtî­ï 2ô�¢�u�ï¥z�ï 2tô�£ðTî­ïDô�€ô�ðVî­ïÀô�Ž�u�tð%ô�ð3î­ï<u�tô�€ð!î›ï¸qtô�X�u�ï+z�ï¸tqt�u�ï+z�ï¸t�wtu�t�u�ï+z�ï¸tî­ïÊô�€î›ïFqtô�X�qt�u�ï¹z�ïFt�wtu�t�u�ï¹z�ïFtî­ïXô�•u�ïËz�ïXtqtu�ïËz�ïXtð0î­ïjô�€�u�tî›ïæqtô�X�u�ïYz�ïætu�ïYz�ïæt�wtqt�u�ïYz�ïæt�wÿ�������
l��������TVk(L������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ CEDAR DESUGARING TEXT, PART 2JULY 18, 1982343.9 TypesThis section gives the syntax for type constructors, together with a number of examples. Completeinformation about the use of the constructors and the primitive procs available for each type can befound in Chapter 4.36 type ::= typeName | builtInType | typeCons37 typeName ::= n1 ?(. n2) | ·n3 ... typeNamen1 ?(. n2) | typeName ([n3]) ...  --n3 names a variant.In 25, 36.38 builtInType ::= -- See table TYP2.?LONG (INTEGER | CARDINAL) | INT | NAT | REAL | ¹WORD | TYPE | ATOM | MONITORLOCK | CONDITION | µ ?¸UNCOUNTED ZONE | ·¸ ?LONG UNSPECIFIEDTYPE only in a body's binding or an interface's decl. BOOL and CHAR are predefined enumerated types.39 typeCons ::= subrange25 | typeName37( [e] )...varTC39 | defaultTC40 | transferTC41 | enumTC45 | recordTC46 | unionTC49 | arrayTC51 | seqTC51a |·descriptorTC52 | refTC53 | listTC54 | ¸pointerTC55 | relativeTC55aP: PROC[ b: Buffer1.Handle, -- A type from an interface.i: INT_SIZE[TEXT[20]] ];-- A bound sequence; only in SIZE, NEW.TypeIndex: TYPE~[0..256);-- A subrange type.BinaryNode: TYPE~Node49[binary];-- A bound variant type.39.1varTC ::= ( | READONLY | VAR ) ( t | ANY)( VAR | READONLY  | VAR ) ( t | ANY)In 11, 47, 52, 53, 54, 55. ANY only in refTC. VAR only in interface decl.40 defaultTC ::=CHANGEDEFAULT[type~t, (t _ |       proc~NIL,trashOK~FALSE] |t _ e |       proc~INLINE l IN e,trashOK~FALSE] |µt _ e | TRASH |       proc~INLINE l IN e,trashOK~TRUE] |µt _ TRASH       proc~NIL,trashOK~TRUE] )defaultTC legal only as the type in a decl in a body9 or field44 (n: t _ e), or in NEW. Note the terminal |.·TRASH may be written as NULL.-- Except as noted, a constructor or application must mention each name and give it a value. Q: RECORD[-- Otherwise there's a compile-time error.i: INT,-- Q[] or Q[i~ ] leaves i trash (not for proc).j: INT_,-- No defaulting or trash for j.k: INT_3,-- Q[] or Q[k~ ] leaves k=3.l: INT_3 | TRASH,-- As k, but Q[l~TRASH,...] leaves l trash.m: INT_TRASH ];-- Q[] or Q[m~ ] leaves m trash.41 transferTC ::=?SAFE transferFlavor drType MKXFERTYPE[drType, flavor~transferFlavor]42 transferFlavor ::= (PROCEDURE|PROC|PORT|PROCESS | SIGNAL | ERROR | PROGRAM)43 drType ::= ?fields1 ?(RETURNS fields2)   domain~fields1, range~fields2No domain for PROCESS. In 3, 41.44 fields ::= [ d, ...] | [ t, ...] | ANYANY only in drType. In 43, 46, 49.Enumerate: PROC[l: RL, ������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?tî·ï_Û{ô�Xî·ï\°tô�™ô�šðKî·ï[,
ô�…ð"ô�†ð7î·ïY¨ô�€
î·ïV}zô�>�{�qtô�X�{t	{�t{�tî·ïTùzô�>�{ô�XtïTlz�ïTùt�{tïTlz�ïTù{�t�{�tïTlz�ïTùt�{tî*�ïTlz�ïTùt�{tïTlz�ïTù{�t�{�t�{t�{�t�{�ïTlz�ïTùt�{�t�{tïTlz�ïTùtî
ïSRqô�Gî·ïP'zô�>�{
ô�Xt�î*î
ïN£{�qt�{�qt�{�t�q{�t�{�t�qt�{�t�qt�{�t�qt�{�t�qt�{�t�qt�{�t�î
ïMqt�{�t�q
t�{�t�qt�{�t{�q	ô�Gtô�X�{�t{�qô�Gî
ïKáðdî·ïH¶zô�>�{ô�XtïHüzïH¶t�{�tïHüzïH¶{�t{î
ïG2tïGxzïG2t�{�t	ïGxzïG2t�{�t
ïGxzïG2t�{�t�î
ïE®ïEôzïE®t�{�tïEôzïE®t�{�tïEôzïE®t�{�tïEôzïE®t�{�tïEôzïE®t�{�î
ïD*tïDpzïD*t�{�tïDpzïD*t�{�tïDpzïD*t�{�t
ïDpzïD*t�{�t
ïDpzî·ï@ÿqô�Gt�ô�X�î
ï?{ï?Áz�ï?{tî*î
ï=÷qt�qt�qtî*qtqt�î·ï:Ì
qt	î*î·ï9Hqtï9Žzï9Htî*î·ï6z{t�{t�{�t�{�t�qô�G�{�tô�X�qt�{�t�{�t{�t�q{�î*{�t�qt�{�t�qô�G{�tô�X�qt�{�t�{�t�{�t�{�t�q{�î
ï4ßqô�GðGî·ï1´zô�>�{ô�Xî*wt{�t{�î
ï00t{�î2Mtqtqt{�î
ï.¬t{�î2Mtqt�~�t�wt�{�tqt{�î
ï-(tqt�{�î2Mtqt�~�t�wt�{�tqt{�î
ï+¤tqî2Mtqtqt{�î
ï*fqô�Gð+ï*¬z�ï*fq�î
ï)ï)Kzï)q�{�q{�qð!î
ï'Çî·ï$œtô�Xð[î·ï#qô�Gt�î*ô�Xð(î
ï!”qt�î*u�tu�t�u�t
u�tî
ï qtî*u�t�î
ïŒqtî*u�tu�t�u�t
u�tî
ïqt{�t�qt�î*u�tu�t�u�t�qt�{tu�tî
ï„qt�qtî*u�tu�t�u�t
u�tî·ïYzô�>�{	ô�Xqtî*w	t�{î1åï!þ"�î6ïYt{
t�î·ïÕzô�>�{
ô�Xq{�q{�q{�î
ïQqt�{�qô�Gtô�X�{�t�qt�{�t�q{�î·ïÍzô�>�{ô�Xt�{�tï@z�ïÍt�{qtï@z�ïÍ{�tî*{ï@z�ïÍt{ï@z�î
ï&qô�Gî·ï¢zô�>�{ô�Xt{t{�t{t{�t�qî
ïdô�Gî·ï9t	ô�X�qt�îyï
µ�������	`��������TVk(%������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ CEDAR DESUGARING TEXT, PART 2JULY 18, 198235p: PROC[x: REF ANY] RETURNS [stop: BOOL]] RETURNS [stopped: BOOL];p2:PROCESS RETURNS[i:INT]_FORK stream.Get;failed: ERROR [reason: ROPE]~CODE;45 enumTC ::= { n,  !.. } |MKENUMERATION[ [$n, ...] ] |MACHINE DEPENDENT {( (n | ) ?((e)) ), !.. }MKMDENUMERATION[ [ [($n | NIL), e], ... ] ]Op: TYPE~{plus, minus, times, divide };Color: TYPE~MACHINE DEPENDENT{-- A Color value takes 4 bits; greenW1.red(0), green, blue(4), (15)}; c: Color;46 recordTC ::=?access12 ?MONITORED  RECORD fields44 |MKRECORD[ fields] |¹ ?access12 MACHINE DEPENDENT      RECORD ( mdFields | ·fields44 )MKMDRECORD[( mdFields | fields )] Any unionTC in fields must come last.47 mdFields ::= [( (n pos), ... : ?·access12 varTC39), ...] MDFIELDS[ ( [ ([$n, (pos | NIL)] ), ... ] , t ), ... ]In 46, 49.48 pos ::= ( e1 ?(: e2 .. e3) )MKPOSITION[firstWord~e1, firstBit~e2, lastBit~e3]In 47, 50.Cell: TYPE~RECORD[next: REF Cell, val: ATOM];Status: TYPE~MACHINE DEPENDENT RECORD [-- Don't omit the field positions.channel (0: 8..10): [0..nChannels),-- nChannels < 8.device (0: 0..3): DeviceNumber,-- DeviceNumber held in < 4 bits.stopCode (0: 11..15): Color, fill (0: 4..7): BOOL,-- No gaps allowed, but any ordering OK.command (1: 0..31): ChannelCommand ];-- Bit numbers >16 OK; fields can cross-- word boundaries only if word-aligned.49 unionTC ::=  SELECT tag FROM MKUNION[selector~tag, variants~[ [ labels~[ $n, ...], ( n, ... => ( fields44 | mdFields47 | ·NULL) ), ...                       value~fields ], ...] ]   ?, ENDCASE   Legal only as last decl in a recordTC or unionTC.50 tag ::= (n ?¹pos48 : ?·access12 | [ [ ( $n, pos | $COMPUTED( | $OVERLAID( ) ] , µ¸COMPUTED | µ¸OVERLAID ) (t | *)    ( t | TYPEFROMLABELS ) ]In 49, 51a.Node: TYPE~MACHINE DEPENDENT RECORD [-- rands is a variant part or union.type (0: 0..15): TypeIndex, -- This is the common part.rator (1: 0..13): Op45,rands (1: 14..79): SELECT n (1: 14..15): * FROM-- Both union and tag have pos.binary=>[a (1:16..47), b (1:48..79): REF Node],-- At least one variant must fill 1: 14..79.unary=>[a (1: 16..47): REF Node],-- Can use same name in several variants.nonary=>[] ENDCASE ];-- Type of n is {binary, unary, nonary}.51 arrayTC ::= ?µPACKED ARRAY ?t1 OF t2MKARRAY[domain~t1, range~t2]51.1seqTC ::= ?µPACKED SEQUENCE tag50 OF tMKSEQUENCE[domain~tag,  range~t]  Legal only as last decl in a recordTC or unionTC.52 ·¸descriptorTC ::= ?LONG DESCRIPTOR FOR varTC39MKARRAYDESCR[arrayType~varTC] |The varTC must be an array type.Vec: TYPE=ARRAY [0..maxVecLen) OF REF TEXT;v: Vec~ALL[NIL];������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?tîyï_Ûô�X�qtqô�Gt�ô�X�qtqtî
ï^Wqt
qtî·ï\Óqt�qtqtqtî·ï[Oqt	qtqt�î·ïX$zô�>�{tô�X�{t{�î*wt{�t{t{�î
ïV qt�qt{�t�{�t{�t�{�t�{t�î IïVhþ�y�î ÂïV ��î!gïVhþ�y�î!àïV {�t�{�tî*wt{�t�{�t�{�t�q{�t{�t{tî·ïSuqtî·ïQñqt�qô�G	t�î*ô�Xuô�O�tô�Xu}�tî
ïPmð(î·ïMBzô�>�{ô�Xî
ïK¾{�tïLzïK¾t�{�qtqtïLzïK¾t�{�î*wt�{�î15ïK†þ�î4MïK¾t{�î
ïJ:t{�tïJ€zïJ:t�qô�G	tô�X�î
ïH¶qt�{�t	{�tïHüzïH¶t�{�î*w	t�{�t�{î3iïH~þJ�î8³ïH¶t�{�t�{î9»ïH~þ�î<ÓïH¶t�{�t�{�î
ïGxqô�Gð"î·ïEôzô�>�{ô�Xt�î
ïDp�{�t�{�t{�t{t{�tïD¶zïDptïD¶zïDp{�t{tî*wt{�t{�t{�t{t�{�t�q{�t{�t{t{�t�{�t{tî
ïC2qô�Gî·ïA®zô�>�{ô�Xt��îÔïAvþ�y�îMïA®ïA!z�ïA®t�{tïA!z�ïA®tïA!z�ïA®{�t��îuïAvþ�y�î*ïA®w	t
{�ïA!z�ïA®t
{�ïA!z�ïA®t	{�ïA!z�ïA®t�î
ï@qô�Gî·ï<Ütô�X�qt�qtqtqtî·ï;Xqt�qô�Gtô�Xî*ð"î
ï9Ôð#î*ut�}�tî
ï8Pî*ut}�tî
ï6Ìð-qt�î*ð(î
ï5Hð%î*}�tî*ï3Äð(î·ï0™zô�>�{ô�Xtqtqt�î*wt	{t{�t{tî
ï/{�t{t{�tï/[zï/t�{�tï/[zï/t�{�tq{�t�{�t{t�î*{t{tî
ï-‘{�tq{�î
ï,
tqô�Gð,î·ï*‰zô�>�{ô�Xt�{�t{�tï*Ïzï*‰t{�tï*Ïzï*‰t�{�t�î*{�t{�t{t�{�tw}�t�{�tw}�t�{�tî
ï)qt�{�tqt�{�t�{�t{�t{�î*t{�t�{�t�{�t�w
t�{�tî
ï'Çqô�Gî·ï$œtô�X�qt�qô�Gtô�Xî*utî
ï#î*î
ëï!”ï!Úzï!”t�î
ï qtqî*tîyïŒq�ô�G�t�ô�Xqt�qtî*ð,îyïqtî*ð)îyï„
qtî*
u�tutututî·ïYzô�>�{ô�Xt�{�t�qt�qt�{�t�ïÌz�ïYt�qtïÌz�î*ïYwt{�ïÌz�ïYt{�ïÌz�ïYt�î·ïkz{t�{�t�qt�qtï±zïkt�qtî*w	t{t{�t{�t�î
ïçqô�Gð,î·ïczô�>�t{ô�Xt�î
ïß{�qt�q	ô�Gtô�Xï%zî*ïßwt
{t{�î
ï[tqô�Gî·ï
0tô�X�qt�qtqt�qô�Gt�î·ï
ô�Xqt�qtÿ�������
��������TVk(t���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� CEDAR DESUGARING TEXT, PART 2JULY 18, 198236Chars: TYPE~RECORD [text: PACKED SEQUENCE-- A record with just a sequence in it. len: [0..LAST[INTEGER]] OF CHAR]; ch: Chars;-- ch.text[i] or ch[i] refers to an element.dV: DESCRIPTOR FOR ARRAY OF REF TEXT~53 refTC ::= REF (varTC39 | · )MKREF[range~(varTC | ANY )]54 listTC ::= LIST OF varTC39MKLIST[value~varTC]ROText: TYPE~REF READONLY TEXT;-- NARROW[rl.first, ROText]^ is aRL: TYPE~LIST OF REF READONLY ANY; rl:RL;-- READONLY TEXT (or error).55 ¸pointerTC ::= ?LONG ?·ORDERED ?BASE MKPOINTER[range~varTC] |   POINTER ?subrange25 ?(TO varTC39) |POINTER TO FRAME [ n ]xxx |Subrange only in a relativeTC; no typeName on it.55.1¸relativeTC ::= t2 RELATIVE t1MKRELATIVE[range~t1, baseType~t2]t1 must be a pointer or descriptor TC, t2 a typeName for a base pointer.UnsafeHandle: TYPE~LONG POINTER TO Vec51;ÿ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?tî·ï_Ûô�X�qt�qtqô�Gî*tô�Xð%î
ï^W	qt�qtqô�Gtô�X
î*ut�ut�u�tut�u�tî·ï\Óq	ô�Gt�î·ïY¨zô�>�{ô�Xt�qt�{�tïYîzïY¨t�{�t{�î*wt{t�{�t�qt�{�t�î·ïX$zô�>�{ô�Xt�qô�GtïXjzî*ïX$wt{t�î·ïTùô�X�qt�qô�Gî*tô�X�qt�ut�uq�ô�G�utô�Xî·ïSuqt�qô�Gtô�X�qô�Gt�ô�Xî*qô�Gtô�X�{�t	î·ïPJzô�>�t�{ô�Xt�{�qô�G�{�t�qtô�X�{�qt�î*wt{t{�î
ïNÆtqô�G�{�tïOzïNÆq�{qtô�XïOzïNÆ{�t�{�î
ïMBqô�Gtô�Xî*{t�{�î
ïLqô�Gð)î·ïJ€zt�{	ô�XtïIóz�ïJ€t�qtïIóz�î*ïJ€w	t{�ïIóz�ïJ€t
{�ïIóz�ïJ€q�î
ïHÙ�ïHLz�ïHÙqô�Gð&ïHLz�ïHÙqî·ïE®tô�X�qt�qô�GtïEôzïE®t��������T��������TVk(F������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR TYPES, PART 1DRAFT OF JULY 20, 198237Chapter 4. Primitive types and type constructors This chapter gives detailed information about the primitive types and type-returning procs (typeconstructors). It should be read after ¶ 2.3, which defines a Cedar type and explains the basic ideasunderlying the type system. The implies relations on primitive types are summarized in ¶ 4.12, andthe coercions in ¶ 4.13.¶ 4.1 gives the partial ordering called the class hierarchy that is used to classify the primitive types. ¶4.2 lists all the primitives of Cedar. ¶¶ 4.3-4.10 give the declarations and semantics for all theprimitive classes and types. These descriptions are ordered according to the class hierarchy in Table41. Each one specifies:The constructor for types in the class.Any literals or basic constructors for values of types in the classThe declarations in the class that are not in any bigger class.Anomalies and facts about performance.4.1 The class hierarchyA useful way of organizing a set of types is in terms of the properties of their clusters. Since acluster is a binding, its type is a declaration; we call such a declaration a class. For example, theclass NUMERIC is[T: TYPE; PLUS: PROC[T, T]_[T]; MINUS: PROC[T, T]_[T];. . . -- Declarations for other arithmetic procs. LESS: PROC[T, T]_[BOOL];. . . -- Declarations for many other procs. ]By convention, the name T in a cluster denotes the type to which the cluster belongs.A type T is in a class C if T.CLUSTER has the type C; we also say that T is a C type, e.g., INT is inclass NUMERIC, or is a numeric type. To make this explicit, we give the type CLASS a cluster proccalled TYPE, such that every type T in class C has type C.TYPE. For example, INT has typeNUMERIC.TYPE. Thus, T is a C typeWT in C WT has type C.TYPEW(C.TYPE).PREDICATE[T]=TRUEA value satisfies the predicate for C.TYPE if it is a type, and its cluster satisfies the declaration whichdefines C. E.g., INT satisfies the predicate for NUMERIC.TYPE because it is a type, and its clustercontains procs for PLUS, MINUS, LESS etc. with the right types. Precisely, (C.TYPE).PREDICATE is l [T: ANY] IN TYPE.PREDICATE[T] & C.PREDICATE[T.CLUSTER]A class C is a subclass of another class D if CgD. Recall the implies relation for declarations meansthat Each name n in C is also in D.n's type in D implies n's type in C.Precisely, (AnBC.names) nBD.names & (D.ToBinding.ngC.ToBinding.n)For example, the class ORDERED includesLESS: PROC[T, T]_BOOLEvery subclass of ORDERED must also declare a LESS proc which takes two T's to a BOOL. If we hada richer assertion language, there would also be axioms defining LESS to be an ordering relation.Similarly, every ORDERED type (e.g., INT) must have such a LESS proc in its cluster.The subclass relation defines a class hierarchy, i.e., it gives a partial ordering on classes. Table 41gives the class hierarchy for the primitive classes of Cedar. It is presented as a tree: a node N withsons N1, N2, ..., Nk is written������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð%îG?tÿ��������,��������TVk(�îMï_•pô�jõ��ð*î·ï\jqô�¾ðVô�¿rî·ïZæqô�’ðKô�“î·ïYb	ô�”ô�•ð;î·ïWÞô�€î·ïT³�ô�…
ô�†rqð0î·ïS/ô�Ñð_î·ïQ«ô�‹ô�ŒðPî·ïP'ô�€î­ïMÏð'î­ïKwðCî­ïIð?î­ïFÇð&î·ïAôuô�Xî·ï>Éq�ô�²ðaî·ï=Eô�¥ðGrq
ô�¦î·ï;Áô�€�yqî
ï:=�{�q�ô�X�tq�î
ï8¹�yqtq�{�q{�q�}�q�{�qî
ï75�yqtq�{�q{�q�}�q�{�qî
ï5±ð1î
ï4-�yqtq�{�q{�q�}�q�tqî
ï2©ð-î·ï1%ô�€{�qð<î·ï-ú�ô�‘{�qrq{�q{�q�yq
{�q{�q�rq{�qô�’tqî·ï,vô�¡�yq�ô�¢ð?yqî·ï*òô�â�tqô�ã{�q	{�q	{tqtqî·ï)nyq�tq�ô�€î
ï'ê{�qô�X{�q}�{�q{�q�}�{�q	{t}�q�{�q�tqyq�{�qtî·ï&fq�ô�ð#{�q�tqð/ô�‚î·ï$âô�º�{�qtqyq�yqô�»î·ï#^ô�€
yqyqyqð({�q�tqyqî
ï!Ú|�qô�X{�qyqyq�tq�yq�{�q}�q�{yq�{yq�î·ï¯�ô�€{�qrqô�{�q{�}�{�qð4î·ï+ô�€�î
ï§ô�X{�q{�q{�q�î
ï#{�q
{�q{�q
{�q�î·ïŸ	ô�€�î
ï�}�{�}�{�q�{q�ô�X�{�}�{�q�{q�}�q{�q�{q�{�}�{�q�{q�{�q�î·ï—ô�€yqî
ïyq�ô�X�tq�{�q{�q�}�tî·ïqô�ˆyqyq{�qtq
î·ï�ô�©ð@yqô�ªî·ï‡	ô�€yqtqyqî·ï\ô�–ð>ô�—ð'î·ï
Øô�‘ðSô�’{�qî·ï	Tô�€�{�ïÇ�ï	Tq{�ïÇ�ï	Tq{�ïÇ~�ï	Tq
ÿ����,��‚����TVk(��”Ø)������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR TYPES, PART 1DRAFT OF JULY 20, 198238NN1 | N2, |... | Nkand if any of the Ni are not leaves, they are defined on following indented lines:NiNi1 | Ni2, |...In fact, however, the class hierarchy is not a tree but a partially ordered set; hence some classesappear more than once in the table, with appropriate cross-references. Classes produced by Cedartype constructors are named by the constructors; other, more general classes are given suggestivenames, sometimes lower-case versions of the constructor names. Each primitive type also appears inthe table, under its class in the tree.ÿ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2tô�Gõ��ð%îG?qî
ï_Û{�î{�ï_N�ï_Ûqô�X{�ï_N�ï_Ûq{�ï_N~�î·ï]íqô�€{�ï]`~�ï]íqð>îyï[ÿ{�ï[r~�îï[ÿ{�ï[r~��ï[ÿqô�X{�ï[r~��ï[ÿqî·ïXÔô�¬ô�­ðNî·ïWPô�¢ðHô�£î·ïUÌô�®ð@ô�¯î·ïTHô�‹ð!ô�Œð;î·ïRÄô�€ð$�������R��������TVk(�y������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR TYPES, PART 1DRAFT OF JULY 20, 198239    Class          Subclasses or typesallgeneral* | TYPE¸ ¶ 4.8 | fully opaque ¶ 4.3.4 | SEQUENCEÿ_rowgeneral ¶ 4.3.1assignable* | variable  ¶ 4.3.3 | PORT_transfer | MONITORLOCK ¶ 4.9 | CONDITION ¶ 4.9 | ARRAY_row, RECORD or union with a non-assignable componentassignable ¶ 4.3.2-- everything not mentioned separately under all or general, i.e.:--n-opaque ¶ 4.3.4 | transfer_map | descriptor_map | address | RELATIVE | ordered | unspecified | ARRAY_row, RECORD or union without a non-assignable component.has NIL ¶ 4.3.3variable_general | address | transfer_mapmap ¶ 4.4transfer* | row* | descriptor*/address | BASE POINTER/pointer | TYPE¸_alltransfer ¶ 4.4.1PROC | PORT | PROGRAM | PROCESS | SIGNAL | ERRORrow ¶ 4.4.2ARRAY ¶ 4.2.1 | SEQUENCE/union--second class-- ¶ 4.2.2J(TEXT¸ | StringBody¸ )descriptor ¶ 4.4.3LONG DESCRIPTOR | DESCRIPTOR/addressaddress ¶ 4.5reference* | descriptor_map | ZONE ¶ 4.5.2 | POINTER TO FRAME  ¶ 4.5.3reference ¶ 4.5.1REFJ(LIST | ATOM¸) ¶ 4.5.1.1 | pointer* pointer/ordered ¶ 4.5.1.2LONG POINTERJLONG STRING¸ | POINTERJSTRING¸ | BASE POINTER_mapRELATIVE ¶ 4.5.4RELATIVE POINTER | RELATIVE DESCRIPTORrecord --painted-- ¶ 4.6RECORD ¶ 4.6.1 | variant ¶ 4.6.2union --second class-- ¶ 4.6.2ordered ¶ 4.7discrete* | numeric* | pointer_address | subrange ¶ 4.7.3discrete ¶ 4.7.1whole number_numeric | enumeration --painted-- ¶ 4.7.1.1J(BOOLWBOOLEAN¸ | CHARWCHARACTER¸)numeric ¶ 4.7.2whole number*/discrete | REAL¸ ¶ 4.7.2.2whole number long number=(INTW·LONG INTEGER¸ | LONG CARDINAL¸) | short number*¶ 4.7.2.1short numberINTEGER¸JNAT¸ | CARDINAL¸JNAT¸CONDITION¸ | MONITORLOCK¸ | unspecified ¶ 4.9J(UNSPECIFIED¸  | LONG UNSPECIFIED¸ )--kernel only-- exception | DECL | BINDING ¶ 4.10Notation:n*n is further specified in one of the indented lines below.n¸n is a type, rather than a class.n_mn has its main definition under (and implies) class m.n/mn also appears under (implies) class m.n=e | ...n includes (is implied by) the e classes, which together exhaust n.nJe | ...n includes (is implied by) the e classes, which are special cases.Table 41: The class hierarchy4.2 Type-related primitivesThe tables in this section summarize the primitive and predeclared types, type constructors andprocs of Cedar. ÿ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2tô�Gõ��ð%îG?qî·ï`3þ*�ï_Ûþ*�îáï`3þ	¥�ï_Ûþ	¥�î †ï`3þ�÷�ï_Ûþ�÷�î!}ï`3þ*�ï_Ûþ*�î(§ï`3þä�ï_Ûþä�î/‹ï`3þ�ï_Ûþ�î6’ï`3þž�ï_Ûþž�î=0ï`3þ�ï_Ûþ�îD7ï`3þä�ï_Ûþä�î·ï^Wrô�X	îrî·ï]iþ*�Fîáï]iþ	¥�Fî †ï]iþ�÷�Fî!}ï]iþ*�Fî(§ï]iþä�Fî/‹ï]iþ�Fî6’ï]iþž�Fî=0ï]iþ�FîD7ï]iþä�Fî·ïZ{qî
tq�tô�Gqô�Xtô�Gqô�Xtÿ��������Ž��������TVk(�¹î8wïZ{p�qî
ïX÷rqô�Gõ��îr
ô�Xqô�Grô�Xqp�qrîïWsq
ô�Grô�Xqô�Grô�XîïUïqp�qrqrð)îyïTk	qô�Gîrô�XðBîïRçs�rqô�Grô�X
p�qrp�qrqrîïQcîïOßqp�qrqrð-î·ïM‡qô�Gîrp�qrô�Xp�qî·ïJ\rqô�Gîrô�Xqrqô�Grô�Xqr�p�qî
ïHØrqô�Gîqrô�Xqrqrqrqrqî
ïGTrqô�Gîqrô�Xqô�Gt�r�qr�ô�Xs	rî
ïEÐ	qô�Gîqrô�X�q	rq	î
ëïDLî·ïBÈrqô�Gîr	ô�Xp�qrqô�Grô�Xqô�Grô�X�qô�Gî
ïADrqîqt�r�qrô�Xqrqô�G	rô�X
qô�G�îyï?Àrî)ï><qîqt�q
r�ô�Xqt�qrqô�Gp�qî·ï<¸îqrô�Xqr�q	î·ï;4rq
ô�Gîq
rô�X	qô�Gî·ï9°rô�X�qô�Gî·ï8,rqîrô�Xp�qrq�ô�Gî
ï6¨rqîrô�Xp�qrîï5$q
ô�G	t�r�qt�qr�ô�Xqt�qrî
ï3 qô�Gîrô�Xqrqr�qô�G	îyï2rô�Xqô�G�îrô�Xqt�r�qô�Gr�ô�Xqô�Grô�Xî)ï0Þq�ô�GîÙï/Zrô�Xîqr�t�qrqr�t�qr�î·ï-Öqrq
rqô�Gt�r�q
r�ô�Xqô�Gr�ô�Xî·ï,Rqô�Grô�Xqrqô�Gî·ï+dþ*�Fîáï+dþ	¥�Fî †ï+dþ�÷�Fî!}ï+dþ*�Fî(§ï+dþä�Fî/‹ï+dþ�Fî6’ï+dþž�Fî=0ï+dþ�FîD7ï+dþä�Fî·ï)Jrî
ï'Æîu�rô�Xð9î
ï&Bîu�rî
ï$¾�p�q�îu�rð3u�r�î
ï#:�qîu�rð$u�r�î
ï!¶îu�ru�rð!u�r�î
ï 2�t�rîu�ru�rð"î·ïþ*�ï®þ*�îáïþ	¥�ï®þ	¥�î †ïþ�÷�ï®þ�÷�î!}ïþ*�ï®þ*�î(§ïþä�ï®þä�î/‹ïþ�ï®þ�î6’ïþž�ï®þž�î=0ïþ�ï®þ�îD7ïþä�ï®þä�î!	ï¯vî·ïÜuî·ï±rô�¿ð%ô�Àð7î·ï-ô�€
ÿ����Ž��X����TVk(��”Ø­��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR TYPES, PART 1DRAFT OF JULY 20, 1982404.2.1 Primitive types and constructorsTable 42 lists the primitive or predeclared types of Cedar, giving the name for each in the currentlanguage, and either a definition or, for the primitive types, a comment suggesting the meaning ofthe type. Later sections describe additional procs in the clusters of these types, and give theirrepresentations.NameMeaningINT, LONG INTEGER ¶ 4.7.2.1=[231..231)REAL  ¶ 4.7.2.2-- 32-bit IEEE floating pointBOOL, BOOLEAN ¶ 4.7.1.1={FALSE, TRUE}CHAR, CHARACTER ¶ 4.7.1.1={'\000, ..., '\377}TYPE  ¶ 4.8ATOM  ¶ 4.5.1.1-- for unique strings, global property listsCONDITION  ¶ 4.9.1-- for process synchronization-- The following are appropriate when performance tuning is needed.µINTEGER ¶ 4.7.2.1=[215..215); SIZE[INTEGER]=1µNAT  ¶ 4.7.2.1=INTEGER[0..215); SIZE[NAT]=1µTEXT ¶ 4.4.2.2=MACHINE DEPENDENT RECORD [      length (0):[0..LAST[INTEGER]] _ 0,      text (1):PACKED SEQUENCE maxLength (1):     [0..LAST[INTEGER]] OF CHAR ]µZONE  ¶ 4.5.2-- controls safe storage allocation-- The following are not recommended for general use.µMONITORLOCK  ¶ 4.9.1-- use MONITOR or MONITORED RECORD¸UNCOUNTED ZONE   ¶ 4.5.2-- controls unsafe storage allocationLONG CARDINAL  ¶ 4.7.2.1=[0..232), mixes poorly with INT.CARDINAL ¶ 4.7.2.1=[0..216); SIZE[CARDINAL]=1-- The following are obsolescent.·¸MDSZone-- controls unsafe storage allocation in the MDS.·¸?LONG STRING ¶ 4.4.2.2=?LONG POINTER TO  StringBody·StringBody ¶ 4.4.2.2MACHINE DEPENDENT RECORD [        --see text for anomalies--     length (0):         CARDINAL _ 0,     maxLength (1):  --READONLY-- CARDINAL,     text (2):         PACKED ARRAY [0..0) OF CHAR ]·¸UNSPECIFIED ¶ 4.9.2-- unsafe, matches any one-word type·¸LONG UNSPECIFIED ¶ 4.9.2-- unsafe, matches LONG INTEGER, LONG CARDINAL,    LONG POINTER, or REF.Table 42: Primitive and predeclared types4.2.2 Type constructorsTable 43 gives the declarations of all the primitive Cedar type constructors. Since type-returningprocs cannot be written in the current language, these are in fact all the Cedar type constructors.The concrete syntax for invoking these constructors is given in the grammar (rules 40-55), and in ¶4.2.2.1 on options.All the arguments of a type constructor must be static (¶ ???). The only exception is MKSUBRANGE,which can have non-static arguments when it appears in an expression or iterator as the secondoperand of IN.ÿ��������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð%îG?rî·ï_Ûvô�Xð!î·ï\°rô�‰ð-ô�Šð2î·ï[,ô�˜ð5ô�™ð$î·ïY¨ô�Íô�ÎðXî·ïX$î·ïSÍþ*�ïSuþ*�îáïSÍþ	¥�ïSuþ	¥�î †ïSÍþ�÷�ïSuþ�÷�î!}ïSÍþ*�ïSuþ*�î(§ïSÍþä�ïSuþä�î/‹ïSÍþ�ïSuþ�î6’ïSÍþž�ïSuþž�î
ïQñvî cvî·ïQþ*�FîáïQþ	¥�Fî †ïQþ�÷�Fî!}ïQþ*�Fî(§ïQþä�Fî/‹ïQþ�Fî6’ïQþž�Fî
ïNéqr�ô�X�qô�Gî crïOvwïNérïOvwïNér�î
ïMeqrô�X�qô�G	î crô�Xqrî
ïKáqrqô�G	î crqr�ô�X�qr�î
ïJ]qrqô�G	î crô�Xî
ïHÙqr�qô�Gî
ïGUrô�X�qô�G	î crô�Xð*î
ïEÑqr�qô�Gî crô�Xî
ïCyvð@î
ïAõr�qô�G	î crïB‚wïAõrïB‚wïAõrô�X�qr�qrî
ï@q�qr�qô�G	î cr�qrï@þwï@qrô�X�qr�qrî
ï>í�qô�G	î cr�qrô�Xî cï=isrî(¨qr�qrî cï;åsrî(¨qô�Grô�X�srî(¨ï:aqr�qrqô�Grô�Xî
ï8Ý�qr�qô�Gî crô�Xð!î
ï6…vð1r�î
ï5�q
r�qô�Gî crô�Xqrqô�Gî
ï3}rô�Xqô�Gî crô�Xð#î
ï1ùqô�Grô�X�qô�G	î crï2†wï1ùrô�Xqr�î
ï0uqô�G	î crï1wï0urô�X�qr�qrî
ï.vî
ï,™rsî crð1î
ï+�q�r�qr�qô�G	î crqrô�X�qô�Gs	î
ï)‘r�s	q	î crô�Xî cï(
vrî cï&‰srî(¨qrî cï%srqrqr�î cï#srî(¨qô�Grô�Xqô�Grô�Xî
ï!ýq
ô�Gî crô�Xð"î
ï yqô�Gî crô�Xqô�Gr�î cïõô�Xqô�Gr�ô�Xqr�î·ïDþ*�ïqþ*�îáïDþ	¥�ïqþ	¥�î †ïDþ�÷�ïqþ�÷�î!}ïDþ*�ïqþ*�î(§ïDþä�ïqþä�î/‹ïDþ�ïqþ�î6’ïDþž�ïqþž�î›ïrvð*î·ïsî·ïHrô�£
ô�¤ðPî·ïÄð6ô�¥ð-î·ï@ô�”ðOô�•î·ï
¼ô�€î·ï
‘ô�šðRô�›�x	r�î·ï	
ô�·ðYî·ï‰ô�€qr�ÿ�������	|��������TVk(Ð������������������������������������������������������������������������������������������������CEDAR TYPES, PART 1DRAFT OF JULY 20, 198241          Name               DomainClass of result  Rule   ¶MKSUBRANGE[FIRST: T, LAST: T]subrange  25¶ 4.7.3-- T is the DISCRETE base type, which has a MKSUBRANGE type constructor in its cluster. CHANGEDEFAULT[type: TYPE, proc: (PROC[]_type), allowTrash: BOOL]general40¶ 4.3.1MKXFERTYPE[flavor:{PROC,PORT,PROCESS,SIGNAL,ERROR,PROGRAM}, transfer41¶ 4..4.1  domain, range: DECL_NIL, safe: BOOL_ISCEDAR]MKPROC[domain, range: DECL_NIL, safe: BOOL_ISCEDAR]PROC41¶ 4..4.1~MKXFERTYPE[domain, range, PROC, safe]MKENUMERATION[LIST OF ATOM]enumeration  45¶ 4.7.1.1MKMDENUMERATION[LIST OF RECORD[ATOM, NAT]]enumeration45¶ 4.7.1.1MKRECORD[fields: DECL, RECORD 46¶ 4.6.1or MKMDRECORD  access: {PUBLIC, PRIVATE}_CURRENTACCESS,   monitored: BOOL_FALSE]MKPOSITION[firstWord: NAT, firstBit: NAT_0, lastBit: nat_15]48¶ 4.6.1MKUNION[selector: TAG, variants: ?????union49¶ 4.6.3MKSEQUENCE[domain: TAG, range: TYPE, packed: BOOL_FALSE]SEQUENCE51¶ 4.4.2.2MKARRAY[domain: DISCRETE.TYPE_CARDINAL, range: TYPE, ARRAY51¶ 4.4.2.1  packed: BOOL_FALSE]·MKARRAYDESCR[arrayType: ARRAY.TYPE, DESCRIPTOR52¶ 4.4.3  long: BOOL_FALSE, readOnly: BOOL_FALSE]MKREF[range: TYPE, REF53¶ 4.5.1.1  base: BASE_WORLD, readOnly, uncounted: BOOL_FALSE] MKLIST[componentType: TYPE, readOnly: BOOL_FALSE]LIST54¶ 4.5.1.1MKPOINTER[range: TYPE_UNSPECIFIED, pointer55¶ 4.5.1.2  long, readOnly, ordered, base: BOOL_FALSE]~MKREF[range~range, readOnly~readOnly, uncounted~TRUE, base~(IF long THEN WORLD ELSE MDS)]. µMKRELATIVE[range: TYPE, baseType: BASE.TYPE] RELATIVE55¶ 4.5.4Table 43: Primitive type constructors4.2.2.1 OptionsThe built-in type constructors take an assortment of optional BOOLEAN arguments, as indicated intheir declarations. In the current syntax these are specified by writing options in the typeconstructor. When an option appears in a type constructor, the argument of the same name has thevalue TRUE; if it is missing, the argument has the value FALSE. The effect of these arguments on thetype produced by the constructor is given as part of the description of its result class. Table ??? liststhe options and the constructors for which each is appropriate.����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð%îG?rî·ï`3þ*�ï_Ûþ*�îáï`3þ	¥�ï_Ûþ	¥�î †ï`3þ�÷�ï_Ûþ�÷�î!}ï`3þ*�ï_Ûþ*�î(§ï`3þä�ï_Ûþä�î/‹ï`3þ�ï_Ûþ�î6’ï`3þž�ï_Ûþž�î=0ï`3þ�ï_Ûþ�îD7ï`3þä�ï_Ûþä�î·ï]ƒvô�X
îvî<rvrî·ï\•þ*�Fîáï\•þ	¥�Fî †ï\•þ�÷�Fî!}ï\•þ*�Fî(§ï\•þä�Fî/‹ï\•þ�Fî6’ï\•þž�Fî=0ï\•þ�FîD7ï\•þä�Fî·ïZ{x	îr�qrs�rqrs�r�î<	îE˜îG©î
ïX÷s�rxrx	rð"î·ïWsxîr�srqrsrqrt�srs	rqr�î<îE˜îG©î·ïUïx	îr�srxy�xy�xy�xy�xy�xrô�€�î<rîE˜îG©îïTksrsrxr�qrsrqr�xr�î·ïRçxîr�sr�ô�X�srxr�qrsrqr�xr�î<qîE˜rîG©î
ïQc�x	r�srsrxrsr�î·ïOßxîr�qô�Grô�X�qr�î<îE˜îG©î·ïN[xîr�qô�Grô�X�qr�qrqrî<
îE˜îG©î·ïL×xîr�srxrî<qr�îE˜îG©î
ïKSx	îrsrxq�ô�G�xrxr�ô�X�îïIÏsrqr�qr�î·ïHKx	îr�srqrsrqrsrsrî<�îE˜îG©î·ïFÇxîr�srxrsrî<îE˜îG©î·ïECx	îr�srxrsrqrsq�ô�Gr�qr�î<qîE˜rîG©�ô�Xî·ïC¿xîr�srxr�qr�qrsrqrî<qîE˜rîG©îïB;sq�ô�Gr�qr�î·ï@·�xîr�sr�ô�X�xr�qrî<q	îE˜rîG©îï?3sô�Or�ô�X�qr�qrsrqr�qr�î·ï=¯xîr�srqrî<qîE˜rîG©îï<+srxr�xrsrsrqr�qrî·ï:§xîr�srqrsrqr�qr�î<qîE˜rîG©î·ï9#xîr�srqr�q
rî<îE˜îG©îï7Ÿsrsrsrsrqr�qr�î
ï6�xr�sr�srsr�srsr�qrsrqô�G�srô�X�qr�xr�qr�xrî·ï4—�x	îr�srqrsrxr�qrî<xîE˜rîG©î·ï3æþ*�ï3þ*�îáï3æþ	¥�ï3þ	¥�î †ï3æþ�÷�ï3þ�÷�î!}ï3æþ*�ï3þ*�î(§ï3æþä�ï3þä�î/‹ï3æþ�ï3þ�î6’ï3æþž�ï3þž�î=0ï3æþ�ï3þ�îD7ï3æþä�ï3þä�îãï/vð&î·ï+î·ï'êrô�£ð;qr
ô�¤î·ï&fôð$ôvrî·ï$âô�‹ðTî·ï#^ô�€�qrô�qrð&î·ï!Úô�†ô�‡ðYî·ï Vô�€ð<�������~��������TVk(W��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR TYPES, PART 1DRAFT OF JULY 20, 198242OptionConstructorsµBASEMKPOINTERLONGMKPOINTER, MKARRAYDESCR, INTEGER, CARDINALMONITOREDMKRECORD·ORDEREDMKPOINTERµPACKEDMKARRAY, MKSEQUENCE, MKARRAYDESCRIPTORPUBLIC, PRIVATEMKDECL, MKRECORDREADONLYMKVAR, MKREF, MKLIST, MKPOINTER, MKARRAYDESCR, MKDECL (interface vars only)SAFEMKXFERTYPEUNSAFEMKXFERTYPETable 44: Type options and their constructors4.2.3 Primitive procsThe primitive procs and other values of Cedar are listed in Table 45. All of the procs in the Cedarlanguage except the type constructors (see Table 43) appear here.The Name column gives the name of the value in the cluster. The Classes column gives the classesin which the [name, value] pair appears; the primitive classes of Cedar are summarized in Table41. The Type column gives the type with which it is declared in those classes. The type may referto other names of the class; see the detailed class descriptions in ¶ 4.3-4.10 for more information.The Notes column gives information about how a proc is applied or a non-proc value is denoted incurrent Cedar. In the kernel a proc named P from the cluster of type T is applied to a value x oftype T by the expression x.P (if there is only one argument) or x.P[y, ...] if there are several. Incurrent Cedar, however, very few primitives can be applied or denoted by dot notation. Instead,there are three ways of applying a primitive proc:It may be an operator with a symbol listed in the Notes column. If it takes two arguments,the operator is infix. Thus for a proc named P with operator symbol 4, you write x4yinstead of x.P[y]. If it takes one argument the operator is usually prefix; you write 4xinstead of x.P. The ^ operator is postfix; you write x^ instead of x.DEREFERENCE.It may be a built-in proc named P, in which case you usually write P[x] or P[x, y, ...] insteadof x.P or x.P[y, ...]. Other ways of applying a built-in are indicated in the Notes column.It may be a funny application proc named P, in which case you write P x or P x[y, ...]instead of x.P or x.P[y, ...].The three kinds of primitive proc are listed in that order, and alphabetically within each kind.Primitive values which are not procs (ABORTED, FALSE, FIRST, LAST, NIL, SIZE, TRUE) are listed withthe built-in procs, and the syntax for them is given explicitly.A few primitive procs cannot be desugared so simply into dot notation. These cases are indicated inthe Notes column, and are described here:ABORTED, FALSE, NIL and TRUE are globally known names.Some PROC [T]_[U] are coercions: CONS, FROMGROUND, LONG, TOGROUND, VALUEOF. Thismeans that they may be invoked automatically when typechecking demands a U and anexpression has syntactic type T; see ¶ 4.13 for details. Some involve target typing: ALL, CONS, LIST, LOOPHOLE, NARROW; they are marked TT.For these the proc does not come from the cluster of the type of the first argument.Instead, it comes from the cluster of the so-called target type. An application of one of������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð%îG?rî·ï`3þ*�ï_Ûþ*�îáï`3þ	¥�ï_Ûþ	¥�î †ï`3þ�÷�ï_Ûþ�÷�î!}ï`3þ*�ï_Ûþ*�î(§ï`3þä�ï_Ûþä�î/‹ï`3þ�ï_Ûþ�î6’ï`3þž�ï_Ûþž�î
ï^Wvî~vî·ï]iþ*�Fîáï]iþ	¥�Fî †ï]iþ�÷�Fî!}ï]iþ*�Fî(§ï]iþä�Fî/‹ï]iþ�Fî6’ï]iþž�Fî
ï[Or�qî~xî
ïYËqî~xr�ô�X�xrqrqî
ïXGî~xî
ïVÃr�qî~xî
ïU?r�qî~xrx	rxî
ïS»qrqî~xq�ô�G�xî
ïR7qî~xr�ô�X�xrxrxrxrî~ïP³xrî
ïO/qî~x	î
ïM«qî~x	î·ïLúþ*�ïL'þ*�îáïLúþ	¥�ïL'þ	¥�î †ïLúþ�÷�ïL'þ�÷�î!}ïLúþ*�ïL'þ*�î(§ïLúþä�ïL'þä�î/‹ïLúþ�ïL'þ�î6’ïLúþž�ïL'þž�î}ïH(vð.î·ïD)î·ï@þrô�ƒðCô�„�vrî·ï?zô�€ð:î·ï<Oô�‘�vrð3ô�’vrî·ï:Ëô�­	ô�®ðSî·ï9Gô�Žvrð9ô�î·ï7Ãô�€ðbî·ï4˜ô�Š�vrðIô�‹
î·ï3ô�—	ô�˜s�rs�rs�rî·ï1ô�°�s�rsr	ô�±sr�srî·ï0ô�°ð(ô�±ð0î·ï.ˆô�€ð-î­ï,0ô�‘
vrvrô�’
î­ï*¬ô�¯ð*s�rt�rs�t�s�î­ï)(rô�Ásr�s�rð(ô�Ât�s�î­ï'¤rô�€srð's�rs�r�x
r�î­ï%Lô�‚	vrs�r�ô�ƒð!s�r�s�rs�r�sr
î­ï#Èô�€�srsr�srð:vrî­ï!pô�¸	vrs�rô�¹�srsr�s�rî­ïìô�€srsr�srî·ï”ô�Âô�ÃðQî·ïô�„qrqr�ô�…�qrqrqrqrqrî·ïŒô�€ð=î·ïa�ô�…
ô�†ðTî·ïÝô�€�vrî­ï…qrqrqrqrî­ï-ô�œ�qrs�r�t�r�s�rxrx	rqr�ô��xyxrî­ï©ô�·ðAô�¸s�rî­ï%	ô�€s�rî­ïÍô�²qrqrqrqrqrô�³î­ï
Iô�Ïð1ô�Ðî­ïÅô�»ð,v
rô�¼ÿ�������¢��������TVk(›����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR TYPES, PART 1DRAFT OF JULY 20, 198243these procs must appear as an argument in another application (e.g., fŸ[y, NARROW[x]] orz_NARROW[x]), and not before a dot. In this context the target type is known from the declaration of the outer proc being applied (f or z.ASSIGN in  the example; if its type isPROC [U, T]_[V], the target type for the NARROW application is T). Target typing is alsoused for enumeration literals (¶ 4.7.1.1).One is ambiguous: MINUS for CHAR and pointer. The choice of proc depends on the type ofthe second arguement.����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð%îG?rî­ï_Ûô�¶ô�·ð+s�rs�rqr�s�rî­ï^Ws�r�qr�s�rð!ô�¸ð*ô�€�î­ï\Ó
ô�°ô�±s�rsxrî­ï[Oqrô�§s�rs�r�t�r�s�rqrô�¨s�rî­ïYËô�€ð&î­ïWsô�„xrqrð(ô�…î­ïUïô�€ÿ�������$��������TVk(�m������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR TYPES, PART 1DRAFT OF JULY 20, 198244NameNotesClassesTypeOperators (infix except as noted)VARTO-@(prefix)generalUNSAFE PROC[T]_[MKPOINTER[range~T.RANGE, long~LONG]POINTEREQUAL=generalPROC[x: T, y: T]_[BOOL]ASSIGN_ assignablePROC[x: VAR T, y: T]_[T]PLUS+numericPROC[T, T]_[T]+·CHAR, ·pointerPROC[T, INTEGER]_[T]MINUSnumericPROC[T, T]_[T]·CHAR, ·pointerPROC[T, T]_[INTEGER]ambiguousPROC[T, INTEGER]_[T]UMINUS(prefix)numericPROC[T]_[T]TIMES*numericPROC[T, T]_[T]DIVIDE/numericPROC[T, T]_[T]LESS<orderedPROC[T, T]_[BOOL]GREATER>orderedPROC[T, T]_[BOOL]~same as NOTDEREF-^(postfix)referencePROC[r: T]_[RANGE]ERENCEININorderedPROC[T, SUBRANGE]_[BOOL]REMMODwhole numberPROC[T, T]_[T]NOTNOT(prefix)  BOOLPROC[BOOL]_[BOOL]Built-in procs (applied with P[x] instead of x.P, except as noted)ABORTEDABORTEDSIGNALSIGNALABSnumericALLTTARRAYPROC[x: RANGE]_[T]BASErowPROC[a: VAR T]_[LONG POINTER TO UNSPECIFIED]descriptorPROC[a: T]_[LONG POINTER TO UNSPECIFIED]CODETYPEPROC [T: TYPE]_[RTT.Type]CONST[...]; coercionARRAYPROC[g: RANGE X ...]_[T]T[...]; coercionRECORDPROC[b: FIELDS]_[T]a[...]; TT for aunionPROC[b: FIELDS]_[T[a]]z.CONS[...]; TTLISTPROC[z: ZONE_SafeStorage.GetSystemZone, x: VALUE, y: T]_[T]DESCRIPTORrow, variant recordPROC[r: VAR T]_     [LONG DESCRIPTOR FOR ARRAY T.DOMAIN of T.RANGE]xxxdescriptorPROC[base: LONG POINTER TO UNSPECIFIED, length: CARDINAL, t: TYPE]_[LONG DESCRIPTOR FOR ARRAY CARDINAL OF t]FALSEFALSEBOOLTFIRSTFIRST[T]discreteTfirstl.firstLISTPROC[l: T]_[VAR VALUE]FREEz.FREE[..]ZONEUNSAFE PROC[z: T, p: NEWTYPE[NEWTYPE[u]]]_[]FROMGROUND T[...]; coercionsubrangePROC[x: GROUNDTYPE]_[T]ISTYPEgeneralPROC[x: T, U: TYPE]_[BOOL]LASTLAST[T]discreteTLENGTHARRAY, descriptorPROC[a: T]_[CARDINAL]LISTz.LIST[...]; TTLISTPROC[z: ZONE g: VALUE X ...]_[T]LONGcoercionshort numberPROC[p:T]_[LONG T]coercionPOINTERPROC[p:T]_[LONG POINTER TO T.RANGE]coercionDESCRIPTORPROC[p:T]_[LONG DESCRIPTOR FOR ARRAY OF T.RANGE]LOOPHOLETT for UgeneralUNSAFE PROC[tx T, U: TYPE]_[U]MAXorderedPROC[T, ...]_[T]MINorderedPROC[T, ...]_[T]NARROWTT for UgeneralPROC[x: T, U: TYPE]_[U]NEWz.NEW[..]ZONEPROC[z: T, U: TYPE]_[r: NEWTYPE[U]]NILNIL[T] or NILvariable, address, T or NILTYPEtransferÿ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð%îG?rî·ï`3þ*�ï_Ûþ*�îáï`3þ	¥�ï_Ûþ	¥�î †ï`3þ�÷�ï_Ûþ�÷�î!}ï`3þ*�ï_Ûþ*�î(§ï`3þä�ï_Ûþä�î/‹ï`3þ�ï_Ûþ�î6’ï`3þž�ï_Ûþž�î=0ï`3þ�ï_Ûþ�î
ï^WvîÏvîRvî*î·ï]iþ*�Fîáï]iþ	¥�Fî †ï]iþ�÷�Fî!}ï]iþ*�Fî(§ï]iþä�Fî/‹ï]iþ�Fî6’ï]iþž�Fî=0ï]iþ�Fî
ï[Ovô�Xî
ïYËxy�îÏrîRî*qô�Gr�s�r�t�r�xr�sr�s�r�xr�ô�X�sr�xr�î
ëïXGxî
ïVÃîÏr�îRî*qr�s�rs�rs�rs�r�t�r�qr�î
ïU?xîÏrîR	î*qr�s�rxy�s�rs�rs�r�t�r�s�r�î
ïS»xîÏr�îRî*qr�s�rs�r�t�r�s�r�îÏïR7r�îR�qr	î*qr�s�rqr�t�r�s�r�î
ïP³xîÏr�îRî*qr�s�rs�r�t�r�s�r�îÏïO/r�îR�qr	î*qr�s�rs�r�t�r�qr�îÏïM«î*qr�s�rqr�t�r�s�r�î
ïL'xîÏrîRî*qr�s�rs�r�î
ïJ£xîÏr�îRî*qr�s�rs�r�t�r�s�r�î
ïIxîÏr�îRî*qr�s�rs�r�t�r�s�r�î
ïG›xîÏr�îRî*qr�s�rs�r�t�r�qr�î
ïFxîÏr�îRî*qr�s�rs�r�t�r�qr�îÏïD“q�îRrqî
ïCxr�îÏ	îRî*qr�s�q�ô�G�s�r�t�r�xr�î
ëïA‹xî
ï@îÏqîRrî*qr�s�r�ô�X�xr�t�r�qr�î
ï>ƒxîÏqîRrî*qr�s�rs�r�t�r�s�r�î
ï<ÿxîÏqr	îRqî*qr�qr�t�r�qr�î
ï9÷vs�r�s�r�v
r�s�r�s�r�vî
ï8sqîÏqîRqî*qî
ï6ïîRrî
ï5kqîÏrîRqî*qr�s�rxr�t�r�s�r�î
ï3çqîRrî*qr�s�rxr�s�r�t�r�qô�Gr�îRï2c	î*qr�s�r�ô�X�s�r�t�r�qô�Gr�î
ï0ßqîRqî*qrô�Xs�rqr�t�r�sr�î
ï/[qîÏs�rîRqî*qr�s�rxr�t�rt�r�s�r�îÏï-×s�rîRqî*qr�s�rxr�t�r�s�r�îÏï,Ss�r
s�îRrî*qr�s�rxr�t�r�s�r�s�rîÏï*Ïs�r�qrîRqî*qr�s�rqr�srs�rxrs�rs�r�t�r�s�r�î
ï)Kq	îRrî*qr�s�rxzô�O�s�r�t�î*ï'Çrô�Xqô�Gs�r�xrô�X�qr�s�r�xr�îÏï&CîR	î*qr�srqô�Gr�ô�X�srqr�î*ï$¿�s�rqr�t�r�qô�Gð"s�r�î
ï#;qîÏqîRqî*s�î
ï!·qîÏqr�s�r�îRî*s�î
ï 3îÏsîRqî*qr�s�r�ô�X�s�r�t�r�xr�xr�î
ï¯qîÏs�r�qrîRqî*qô�Gr�s�r�ô�X�s�rs�rxr�xr�s�rt�rî
ï+x	r�s�rîRî*qr�s�rx	r�t�r�s�r�î
ï§qîRrî*qr�s�rs�rs�rqr�t�r�qr�î
ï#qîÏqr�s�r�îRî*s�î
ïŸqîRqrî*qr�s�rs�r�t�r�qr�î
ïqîÏs�r�qrîRqî*r�s�rqô�G�s�r�ô�X�xr�t�rt�r�s�r�î
ï—qîÏrîRî*qr�s�r�s�r�t�r�qô�G�s�r�îÏïîRqî*qr�s�r�s�r�t�r�qs�y�xr�îÏïîRq	î*qr�s�r�s�r�t�r�qs�y�xr�î
ïqîÏrô�Xs�îRrî*qô�Gr�srô�X�s�rs�rqr�t�r�s�r�î
ï‡qîRrî*qr�s�rt�r�s�r�î
ïqîRrî*qr�s�rt�r�s�r�î
ïqîÏrs�îRrî*qr�s�rs�rs�rqr�t�r�s�r�î
ï
ûqîÏs�r�qrîRqî*qr�s�rs�rs�rqr�t�r�s�rxr�s�rî
ï	wqîÏqr�s�rqîRrî*s�rxîRïórÿ�������ˆ��������TVk(¼����������������������������������������������������������������������������������������������������������������������������������������CEDAR TYPES, PART 1DRAFT OF JULY 20, 198245PREDdiscretePROC[x: T]_[T]restl.restLISTPROC[T]_[T]SIZESIZE[T]generalCARDINALSUCCdiscretePROC[x: T]_[T]TOGROUNDcoercionsubrangePROC[x: T]_[GROUNDTYPE]Funny  applicationsBROADCASTno argsCONDITIONPROC[T]_[]ERRORSIGNAL, ERRORlike APPLYFORKFORK P[args]PROCPROC[PROC[DOMAIN]_[RANGE]]_      [PROC[DOMAIN]_[PROCESS []_[RANGE]]]JOINno argsPROCESSPROC[T]_[RANGE]NEWno argsPROGRAMPROC[p: T]_[T]NOTIFYno argsCONDITIONPROC[T]_[]RESTARTno argsPROGRAMPROC[T]_[]RETURN WITHPrincOps.StateVectorRETURN WITH ERRORERROR???SIGNALSIGNAL, ERRORlike APPLYSTARTPROGRAMlike APPLYSTOPno argsPROGRAMPROC[]_[]TRANSFER WITHPrincOps.StateVectorWAITno argsCONDITIONPROC[T]_[]Not in current CedarAPPLYmapPROC[map: T, arg: DOMAIN]_[RANGE]BINDINGDEREFDOMAINmapTYPEHIDEEXCEPTIONLOCALSTRINGSTRINGPROC[ [CARDINAL] ]_[STRING]NAMESbinding, declNEWgeneralPROC[z: ZONE_SafeStorage.GetSystemZone]_[r: REF T]NEWEXCEPTIONCODEexceptionOPENPROCSRANGEmapTYPETOVOIDassignablePROC [T]_[VOID]UNCONScoercionrecordPROC[T]_[FIELDS]Table 45: Primitive procs4.3 General and assignable typesThe classes described in this section include nearly all (general) or most (assignable) of the Cedartypes. In other words, nearly all types have equality, and most have assignment.4.3.1 General typesThe general class isT: TYPE-- The type itself.SIZE: CARDINAL-- The number of words to represent a T    value; denoted SIZE[T].ISTYPE: PROC[x: T, U: TYPE]_[BOOL]-- Roughly, TRUE if x has type U.NARROW: PROC[x: T, U: TYPE]_[U]-- Converts x into a U if possible, or raises    the error Runtime.NarrowFault.����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð%îG?rî
ï_ÛqîRrî*qr�s�r�ô�X�s�r�t�r�s�r�î
ï^WsîÏsîRqî*qr�s�r�t�r�s�r�î
ï\ÓqîÏqr�s�r�îRî*qî
ï[OîRrî*qr�s�rs�r�t�r�s�r�î
ïYËxîÏrîRî*qr�s�rs�r�t�r�x	r�î
ïVÃvî
ïU?qîÏrîRqî*qr�s�r�t�rî
ïS»qîRqr�qô�Gî*rô�X�xî
ïR7qîÏqr�s�r�sr�îRqî*qr�qr�xr�t�r�xrt�î*ïP³rqr�xr�t�r�qrt�r�xrî
ïO/qîÏrîRqî*qr�s�r�t�r�xr�î
ïM«qîÏrîRqî*qr�s�z�ô�O�s�r�t�r�s�r�î
ïL'qîÏrô�XîRqî*qr�s�r�t�rî
ïJ£qîÏrîRqî*qr�s�r�t�rî
ïIqô�GîRsî
ïG›qîRqî*rî
ïFqîRqr�ô�X�qî*rxî
ïD“qîRqî*rxî
ïCqîÏrîRqî*qrt�rî
ïA‹qô�GîRsî
ï@qîÏrô�XîRqî*qr�s�r�t�rî
ï<ÿvî
ï;{xîRrî*qr�srs�rsrxr�t�r�xr�î
ï9÷xî
ï8sî
ï6ïîRrî*qî
ï5kxî
ï3ç
îRqî*rqrt�r�qr�î
ï2cxîRrî
ï0ßxîRrî*qr�s�rqr�sr�t�r�s�rqr�s�r�î
ï/[xîRrî
ï-×xî
ï,SîRrî*qî
ï*ÏxîRr	î*qrs�r�t�r�xr�î
ï)KxîÏrîRî*qr�s�r�t�r�xr�î·ï(šþ*�ï'Çþ*�îáï(šþ	¥�ï'Çþ	¥�î †ï(šþ�÷�ï'Çþ�÷�î!}ï(šþ*�ï'Çþ*�î(§ï(šþä�ï'Çþä�î/‹ï(šþ�ï'Çþ�î6’ï(šþž�ï'Çþž�î=0ï(šþ�ï'Çþ�î">ï#Èvî·ïõuî·ïÊrô� ô�¡ðGî·ïFô�€ðJî·ïGvô�X
î·ïrô�€î
ï˜s�r�ô�X�qî*rî
ïqrqî*rð&s�î*ïrqr�s�rî
ï
qrqr�s�rs�rs�rqr�t�r�qr�î*qrs�r	s�r�î
ïˆqrqr�s�rs�rs�rqr�t�r�s�r�î*s�rs�rî*ï

sr��������0��������TVk(³����������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR TYPES, PART 1DRAFT OF JULY 20, 198246¸LOOPHOLE: UNSAFE PROC[x: T, U: TYPE]_[U]-- Returns the bits representing x as a U.INIT: PROC[STORAGEBLOCK[SIZE]]_[VAR T]-- Can't be called directly.NEW: PROC[z: ZONE_SafeStorage.GetSystemZone-- Denoted NEW[T] or z.NEW[T].                  T: TYPE]_[r: REF T]PREDICATE: PROC[x: T]_[PROCANY_BOOL]-- The predicate of the type.CLUSTER: PROC[x: T]_[BINDING]-- The cluster of the type.All types are in this class except TYPE and fully opaque types.Anomaly: For NARROW and LOOPHOLE the second argument may be defaulted to the target type.In current Cedar the value of ISTYPE[x, T] is determined as follows:1)It is TRUE statically if:Dx and T have the same predicate, orone of Dx and T is an opaque type, and the other is the corresponding concretetype (only in an implementation that exports the opaque type).2)It is tested dynamically if (with V any variant record type without a COMPUTED tag, and athe name of a particular variant):Dx is REF ANY and T is REF U for any U except ANY, orDx and V have the same predicate, and T is equal to V[a], orDx and REF V have the same predicate, and T is equal to REF V[a], orDx is equal to (LONG) POINTER TO V and T is equal to (LONG) POINTER TO V[a].Note that the result is TRUE if x=NIL.3)It causes a static error in all other cases, even if it is statically false. In current Cedar, NARROW[x, T] isIF ISTYPE[x, T] AND (x~=NIL OR ISTYPE[x, REF ANY]) THEN x ELSE ERROR e where e isRTTypesBasic.NarrowRefFault[x, CODE[T.RANGE]] if ISTYPE[x, REF ANY];RTTypesBasic.NarrowFault[] otherwise.Note that NARROW[x, T] gives a static error if ISTYPE[x, T] does (case (3) above), and that it fails ifx=NIL unless Dx is REF ANY.Two types may be unequal and yet have the same predicate if they have different clusters.Currently, the cluster can only be changed by CHANGEDEFAULT.The INIT proc converts a block of storage into a legal variable of type T. It is currently a no-opexcept forRC types (¶ 4.5); these are set to NIL. Bound variants; the tag field is set appropriately.INIT cannot be supplied by the user and can only be called indirectly from NEW.The NEW proc calls on the zone z to obtain a block of storage of size T.SIZE (¶ 4.5.2), and appliesT.INIT to convert the block into a VAR T; call it x. Then if T.DEFAULT exists, NEW calls it and assignsthe result to x.   CHANGEDEFAULT can take any type and produce a new one which is identical except for theDEFAULT which determines how default values are supplied when a binding is coerced to adeclaration; see ¶ 4.11 for details.DEFAULT: PROC[]_[T]��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð%îG?rî
ï_Û�qr�ô�X�qô�Gr�s�r�ô�X�s�rs�rqr�t�r�s�r�î*ð!s�rs�r�î
ï^Wxrqr�xr�xrt�r�xr�s�r�î*î
ï\Óxrqr�s�rqr�sî*r
qr�s�rs�r�qr�s�rî
ëï[Os�rqr�t�r�s�rqr�s�r�î
ïYËxrqr�s�rs�r�t�r�qt�qr�î*î
ïXGxrqr�s�rs�r�t�r�xr�î*î·ïUïô�€qrî·ïRÄvrqrqrð9î·ïO™qr�s�rs�rî#ïMAî­qrî£ïK0t�s�rs�rî£ïIô�¨t�s�rs�rð6ô�©î£ïG›ô�€ð:î#ïECî­ô�—s�rð#qr	s�î­ïC¿rô�€î£ïA®t�s�rqr�qrs�rqsrs�rqrî£ï?t�s�rs�rs�rs�r�s�rî£ï=Œt�s�rqr�s�rs�rs�rqr�s�r�s�rî£ï;{t�s�r
qrqr�qr�s�rs�r
qrqr�qr�s�r�s�rî­ï9#qrs�r�qr�î#ï6Ëî­ðMî·ï3 qr�s�rs�rî
ï2qô�Gr�sô�Or�ô�X�qrs�rqr�qr�qr�sô�O�qô�Grô�X�qô�G�s�rô�X�qô�Grô�X�s�r�î·ï0˜ô�€�s�rî
ï/sr�s�r�ô�X�qr�s�r�xrqr�s�rqô�Grî
ï-srô�X
î·ï,ô�qr�s�rs�rqr�srô�‘ð!î·ï*ˆs�r�qrô�€t�s�rqr�qr�î·ï']ô�çðVî·ï%Ù	ô�€ð$xr�î·ï"®ô�¯�xr
ô�°ð2s�rî·ï!*ô�€î­ïÒð#qrî­ïzð3î·ï"xrðGqr�î·ï÷ô�š�qrô�›s�rð&s�r�qrî·ïss�r�xrô�†ô�‡xy�s�r	s�r	s�r�xrqrî·ïïô�€
s�rî·ïÄxrô�ÜðFô�Ýî·ï@xrô�îðPî·ï
¼ô�€î
ï8xr�ô�X�qrt�r�s�r�ÿ�������
��������TVk(D����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR TYPES, PART 1DRAFT OF JULY 20, 198247Every general type has an EQUAL proc except a variant record or union type. A variant record typehas EQUAL only if its variant part is a union in which all the cases are the same size. Note that abound variant does have EQUAL, unless it is itself a variant record. EQUAL is denoted by the infixoperator =.EQUAL: PROC[x: T, y: T]_[BOOL]-- TRUE iff the bits representing x and y     are identical.Anomaly: If v is a variant record and bvis one of its bound variants, the expression v=bv applies theEQUAL proc of the bound variant.Representation: Addresses in the representation of a value are compared, not dereferenced, in doingthe comparison. Thus types like STRING and ZONE which are represented by addresses arecompared by comparing the addresses.4.3.2 Assignable typesMost types (see Table 41 for exceptions) have a proc (denoted by the right-associative infixoperator _):ASSIGN: PROC[x: VAR T, y: T]_[T]-- Returns y after storing it in x.As explained in ¶ 3.7, groups and bindings with variable elements are assignable. Since you cannotwrite these types in declarations, you have to write the constructors explicitly on the left of the _;they are called extractors. Representation: Since it involves a VAR, such a proc cannot be written in current Cedar. Theprimitive ASSIGN procs simply copy the bits of y's representation into the variable x, unless some ofthem represent REFs. In this case the assignment involves reference-counting if x is in countedstorage; see ¶ ??? for details.4.3.3 Variable typesFor every non-variable type T there are corresponding variable types:VAR TREADONLY TSHORT VAR TSHORT READONLY T You cannot denote these types in current Cedar, but they are fundamental to an understanding ofhow it works nonetheless. The basic facts about variables in Cedar are given in ¶ 2.2.3.The var class has  names:RANGE: TYPE;-- (VAR T).RANGE=TLONG: BOOLEAN;-- FALSE for short varsREADONLY: BOOLEAN;-- TRUE for readonly varsVARTOPOINTER: UNSAFE PROC[T]_-- Apply by prefix @          [MKPOINTER[range~T.RANGE, long~LONG]];VALUEOF: PROC[T]_[T.RANGE];-- A coercion.Furthermore, T inherits the cluster of T.RANGE. The procs are not modified, since the VALUEOFcoercion provides them with T.RANGE arguments where needed.The VAR constructor should be in the cluster.ÿ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð%îG?rî·ï_Ûô�xrð=ô�î·ï^Wô�Ÿ�xrðXô� î·ï\Óô�£xr
ô�¤xrî·ï[Oô�€î
ïYËxr�ô�X�qr�s�rs�rs�rs�r�t�r�qr�î*qrs�rs�r�î*ïXGî·ïUvr�ô�…s�rsrô�†s�r�srî·ïS˜xrô�€î·ïPmv
r�ô�ˆðKô�‰î·ïNéô�ûô�üqrqrð'î·ïMeô�€î·ïIfvô�Xî·ïF;rô�ØðAô�Ùî·ïD·ô�€î
ïC3xr�ô�X�qr�s�rxy�s�rs�rs�r�t�r�s�r�î*
s�rs�r�î·ï@ô�•ð?ô�–ð!î·ï>„ô�•ô�–ðDî·ï=�ô�€v	rî·ï9Õv
r�ô�Õxrô�Öî·ï8Qô�Š�xrs�rô�‹
s�rî·ï6Íô�Å
qrð>s�r
î·ï5Iô�€î·ï1Jvô�Xî·ï.rô�€s�rð(î­ï+Çxy�s�î­ï)oxy�s�î­ï'xy�xr�s�î­ï$¿xy�xr�s�r�î·ï"gô�—ðYô�˜î·ï ãô�€ðUî·ï¸î
ï4xr�ô�X�qr�î*xr�s�rxr�s�î
ï°xrqr�î*qrî
ï,xrqr�î*qrî
ï¨xrqô�Gr�s�r�t�î*rô�Xî
ëï$
xr�sr�s�r�xrsr�xrî
ï xrqr�s�r�t�r�s�r�xrî*
î·ïô�¿�s�rô�À�s�r�xrð(xî·ï˜rô�€s�r�xrî·ï&{v{ð&�������	��������TVk(µ������������������������������������������������������������������������������������������������������������������������������������������������������CEDAR TYPES, PART 1DRAFT OF JULY 20, 1982484.3.4 Opaque typesIncomplete. Currently treated in ¶ 3.3.4.14.4 Map typesThe map class isDOMAIN: TYPE;-- Domain type for the mapping.RANGE: TYPE;-- Range type for the mapping.APPLY: PROC[map: T, arg: DOMAIN]_[RANGE]-- map[arg] is sugar for map.APPLYZarg.Usually DOMAIN and RANGE are declarations, so that bindings can be used for the arguments andresults. Application is denoted by brackets: map[arg]; for transfer types the syntactic form APPLY (see¶ ???) can also be used.There are several subclasses of map in Cedar, each with its own APPLY proc. These are summarizedhere, and treated in detail in the sections on the various subclasses.Primitives (since you can't get hold of the value of the primitive, these can be applied onlywith the various special syntactic forms summarized in Table 45).Transfer types: procs, and their close friends signals, errors, ports and programs; applying atransfer type executes the body of some l-expression (¶ 4.4.1). ¶ 2.2.1 and ¶ 2.6 tell all aboutapplying procs.Row and descriptor types: applying an array, sequence (or sequence-containing record), orarray descriptor to an index value yields a VAR of the component type (¶ 4.4.2).BASE POINTER types: applying a base pointer to a value which is relative to that base yieldsa (non-relative) pointer; this is unsafe (¶ 4.4.3).Reference types: if the base type T has APPLY, then the reference type inherits it composedwith DEREFERENCE, so that a[arg] is the same as a^[arg] (¶ 4.5.1).TYPE: Many subclasses of TYPE have APPLY procs with assorted meanings (¶ 4.8).4.4.1 Transfer typesThe subclasses of transfer are PROC, PORT, PROGRAM, PROCESS, SIGNAL,  and ERROR. These typesare constructed by transfer type constructors which begin with those words, or in the kernel by theMKTRANSFERTYPE constructor. What they have in common is that application executes the body ofsome l-expression, but the transfer class adds no names to the map class.One transfer type T implies another U if The subclass is the same (or if T is a SIGNAL and U is an ERROR). T.RANGE implies U.RANGE.U.DOMAIN implies T.DOMAIN.See ¶ 2.3.2 and ¶ 4.12. One declaration D implies another E if:They have the same names, or each has only one name, and The corresponding types imply each other. I.e.If n: T is in D and n: U is in E, then TgU.If D=[m: T] and E=[n: U], then TgU.D implies a cross type T if D.STRIPNAMES implies T; in this case T also implies D. ��������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð%îG?rî·ï_Ûvô�Xî·ï\i{
ô�€î·ïW–uô�X	î·ïTkrô�€î
ïRçxr�ô�X�qr�î*î
ïQcxrqr�î*î
ïOßxrqr�sr�y�s�rsrxr�t�r�xr�î*sr�srsr�xt�sî·ïM‡rô�¨�xrxrô�©ð3î·ïLô�ô�‚
sr�srð)qrî·ïJ�ô�€î·ïGTô�Šð6ô�‹xrî·ïEÐô�€ðAî­ïCx	ô�‹
ô�ŒðHî­ïAôô�€ð>î­ï?œô�ŠðVî­ï>ô�ƒ|�rð"ô�„î­ï<”ô�€î­ï:<ô�šð)ô�›ð-î­ï8¸ô�€ð'xrð!î­ï6`qrô�Š�qrðIô�‹î­ï4Ü�ô�€ð2î­ï2„ô�‹ô�Œ�s�rxrð.î­ï1�ô�€�x
r	s�r�srs�rsrî­ï.¨qrqrxrð&î·ï*©vô�Xî·ï'~rô�œô�qrqrqrqrqrqrî·ï%úô�ð\ô�î·ï$vx
rô�šðLô�›î·ï"òô�€�|�rðCî·ïÇs�rs�rî­ïos�rqrs�rqrî­ï�s�r�xrs�r�xr�î­ï¿s�r�xrs�r�xr�î·ïgð(s�rs�rî­ïð9î­ï·ð.î£ï¦s�rs�rs�rs�rs�rs�rs�t�s�r�î£ï
•s�rs�rs�rs�rs�rs�rs�t�s�r�î·ï=s�rs�rs�r�x	rs�rs�r
s�rÿ�������	š��������TVk(¡����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 2DRAFT OF JULY 20, 198249Representations for transfer types are given in the PrincOps interface.PROC typesThe PROC class has no additional names. In the kernel, a new proc value is made by evaluating a l-expression. In current Cedar, it is made by a binding of the formP: T~{. . .}in a block, where T is a proc type; see ¶ 3.5.1 for details.PORT typesIncomplete.PROGRAM typesThe syntax for applying a program P is START P[args]The START may be omitted, so that it looks like an ordinary application. This expression's type isDP.RANGE. The program class also has procsSTOP: PROC[]_[]-- Apply by STOP. Legal only if RANGE=[].RESTART: PROC[T]_[]-- Apply by RESTART P. Legal only if RANGE=[].NEW: PROC[p: T]_[T]-- Apply by NEW P; makes a copy of p's    implementation. Their use is not recommended; for details, consult a wizard. For more on implementations, see ¶???.PROCESS typesA process always has DOMAIN=[]. The syntax for applying a process P is JOIN PThe JOIN may be omitted, so that it looks like an ordinary application. This expression's type isDP.RANGE.The only way to make a new process is withFORK: PROC[PROC[DOMAIN]_[RANGE]]_[PROC[DOMAIN]_[PROCESS []_[RANGE]]]The syntax for using this is FORK P[args].The FORK P returns a proc when when applied to args creates a new process, starts it running, andreturns it. You cannot write FORK P alone to get hold of the process-creating proc.Anomaly: Note the peculiar parsing (FORK P)[args]. Of course, you can't get your hands on the proc(FORK P).There are no other names in the process class, but Process.Abort[P] raises the ERROR ABORTED in P. ¶CONC describes Cedar's facilities for concurrent programming. SIGNAL and ERROR typesThe syntax for applying a error (signal) E is ERROR (SIGNAL) E[args], or ERROR (SIGNAL) E if thereare no arguments. For a signal, this expression's type is DE.RANGE; for an error, its type is ANY(since control can never return). ·If there are arguments, the ERROR or SIGNAL is optional; avoidthis feature.ÿ��������������������������������������î·ïf2qô�Gõ��ð,îG?rî·ï_Ûô�€ð%sr
î·ï[Ü}vô�Xî·ïX±rô��qrðX|�r�î·ïW-
ô�€ð6îyïU©s�r�ô�X�s�rî·ïT%ô�€s�rð)î·ïP&}vô�Xî·ïL´{
î·ïHµ}vî·ïEŠrô�€s�rîyïDqrô�X�s�r�sr�î·ïB‚ô� �qrðQô�¡î·ï@þt�s�r�xr�ô�€ð!î
ï?zxr�ô�X�qrt�rî*qrxrî
ï=öxrqr�s�r�t�rî*qr�s�rxrî
ï<rxrqr�s�z�ô�O�s�r�t�r�s�r�î*ô�X	qr�s�z�ô�Os�rî*ï:îzr
z�rô�X�î·ï9jô�¨ð/ô�©ð+î·ï7æî·ï3ç}vô�Xî·ï0¼r�ô�€xrð's�rîyï/8qrô�X�s�î·ï-´rô�°�qrô�±ðYî·ï,0t�s�r�xr�î·ï)ô�€ð'î
ï'xr�ô�X�qr�qr�qr�t�r�xrt�r�qr�qr�t�r�qrt�r�xrî·ï%ýô�€î
ï$yqrô�X�s�r�srî·ï"õô��qr�s�rð%srð!ô�î·ï!qô�€qr�s�rð0î·ïFvr�ô�…ô�†	qr�s�rsrð2î·ïÂ�qrô�€�s�rî·ï—ô�‚ô�ƒð*sr�s�rqr�qrs�rî·ïô�€ð:î·ï}vô�X}vî·ïérô�Œð%ô��s�rqrqrs�r�srqrqrs�rî·ïeô�¯ð3ô�°t�s�r�xrxî·ï
árô�¦ô�§qrqrî·ï]ô�€�������Ü��������TVk(»������������������������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 2DRAFT OF JULY 20, 198250In the kernel, a new signal or error value is made by applying NEWEXCEPTIONVALUE. In currentCedar, it is made by a binding of the formE: T~CODEin a block, where T is a signal or error type; see ¶ 3.5.2 for more about this. ¶ 2.5.2 and ¶ 3.4.2explain errors in detail. A signal is exactly like a proc, except that the closure that is executed isobtained from the statement of an enable choice; see ¶ 3.4.2 for details.You can write an expression consisting simply of ERROR; this is short for ERROR NAMELESSERROR.Here NAMELESSERROR is an error you cannot denote in the program. Hence it cannot be caught(except by ANY).4.4.2 Row and descriptor typesA row value provides an indexed set of values of an arbitrary type, called the components of therow; application maps an index into the corresponding value. Usually the values are variables, sothat assignment to a component is possible. Descriptors are unsafe pointers to arrays which includea subrange of the domain of index type in the descriptor value; thus the same descriptor type canpoint to arrays of different size. Because all the row types use the same representation for the set ofvalues, it is possible to make a descriptor from any row value.The domain or index type of a row must be a discrete type with no more than 216 distinct values;note that this rules out large subranges of INT. There is one element in the range set for each valueof the domain type.The PACKED argument of the row type constructors governs the representation of a row whoserange type is represented in <8 bits. See the discussion of representation below. It also disallowsthe use of @ on an element of the row.The row class has the proc:DESCRIPTOR: PROC[r: VAR T]_[-- Returns a descriptor for r. LONG DESCRIPTOR FOR ARRAY DOMAIN of RANGE]Since DESCRIPTOR returns an address, it must take a VAR; i.e., it can't be given a row value such asa constructor, but demands a row which has been declared or allocated.Anomaly: DESCRIPTOR returns a LONG DESCRIPTOR unless r is a short VAR, i.e., a declared variableor the result of dereferencing a short pointer.Representation: A VAR row value is represented by a contiguous block of words. If PACKED=FALSE,each element VAR occupies SIZE[T.RANGE] words, and the successive elements occupy consecutiveblocks of storage, beginning with the one indexed by FIRST[T.DOMAIN]. If PACKED=TRUE and aT.RANGE value is represented in n<8 bits, each element occupies 2CEILING[LOG2[n]] bits, i.e. 1, 2, 4 or 8bits depending on its size; PACKED has no effect on the representation for ranges with biggervalues. Note that the entire representation of a packed array may be smaller than a word, and neednot be word-aligned in another packed array or in a record. This is the entire representation of anarray value; a sequence value also has a tag field, which is represented like a component of thecontaining record.It is not possible to obtain a REF to a row element; this is because the implementation of bothreference counting and REF ANY discrimination requires more information about each VAR that isavailable for an array element. If the row is PACKED, it is not possible to obtain a pointer to anelement either (using @.Performance: Passing a row as an argument entails copying the representation. Unless the row isquite small, this is expensive. It is usually better to pass a REF. Very large rows (say, more than 100words) should not be declared, since this results in large frames which consume the 64k words offrame space. Instead, they should be allocated with NEW.����î·ïf2qô�Gõ��ð,îG?rî·ï_Ûô�ª
ô�«ð/qrî·ï^Wô�€ð$îyï\Ós�r�ô�X�s�r�qî·ï[Orô�®s�rð<ô�¯î·ïYËô�§ð+ô�¨ð4î·ïXGô�€ðAî·ïUô�•ð.qr�ô�–qr�xr�î·ïS˜ô�®�xrô�¯ðBî·ïRô�€qrî·ïNvô�Xî·ïJêr�ô�§ðNv	ô�¨�rî·ïIfô�¦ô�§ðCî·ïGâô�ðJô�‘î·ïF^�ô�—ð\ô�˜î·ïDÚô�†ðbî·ïCVô�€ð8î·ï@+ô�”
vrð:ï@¸qï@+rî·ï>§ô�‰ð(qrð6î·ï=#ô�€î·ï9øô�À�qrô�ÁðGî·ï8tô�¤t�r
ô�¥ð:î·ï6ðô�€ð#î·ï3Åî
ï2Aq	r�ô�X�qr�s�rxzô�O�s�r�t�r�î*ô�Xs�r�î
ëï0½qô�Gxrô�X�qr�xr�î·ï-’ô�‹�q	rð$xrô�Œî·ï,�ô�€ðEî·ï(ãvr�ô�”�q	r
qr�q	rs�rxrî·ï'_ô�€ð-î·ï$4v
r�ô�†xrð)ô�‡qr�qr�î·ï"°ô�¶ô�·�xr	qr�s�r�xrð7î·ï!,ô�¼ô�½qr�s�r�xrqr�qrî·ï…s�r�xrô�„s�t�rï ~q�~ïî�ï q�}�qï…rô�…î·ïô�Ìqrð$ô�Íî·ï}ô�ˆ	ô�‰ðQî·ïùô�”ô�•ðPî·ïuô�¯ð'ô�°ð4î·ïñ	ô�€î·ïÆô�²ô�³qrð=î·ïBô�¥
qr�qrð)ô�¦xrî·ï¾ô�©ð!ô�ªqrð.î·ï:ô�€î·ï
v
r�ô�®ô�¯ðBî·ï‹ô�‡ô�ˆð3qrð%î·ï
ô�ŸðAô� î·ïƒô�€ð/qr�ÿ�������
þ��������TVk(ä��������������������������������������������������������  CEDAR TYPES, PART 2DRAFT OF JULY 20, 1982514.4.2.1 ARRAY typesAn array is a row with an element for each value in the domain; its APPLY proc is a total function.The advantages of this are that no space is needed to store the length of an array, and any boundschecking on a subscript is done against constant values (as part of narrowing the subscript to thedomain type, which is usually a subrange). The disadvantages are that a given proc, written to dealwith a given array type, cannot be used on other arrays of different lengths, since there is no way incurrent Cedar to parameterize the proc with a type. In this case it is better to use a sequence (¶ ???).The array class has the procs:CONS: PROC[g: RANGE X ...]_[T]-- A coercion from the group.ALL: PROC[x: RANGE]_[T]-- Returns an array with each element =xLENGTH: PROC[a: T]_[CARDINAL]-- Returns the cardinality of DOMAIN.BASE: PROC[a: VAR T]_[LONG POINTER TO UNSPECIFIED] -- Returns the address of a's first element.CONS takes a group of values, one for each element of the array, into an a array value. Theargument of CONS may have omitted values, which are filled in if possible by the defaultingcoercion for g. If the index type is enumerated, CONS takes a binding, with one element named n oftype T.RANGE for each index value n. In current Cedar you can't write T.CONS. Instead you write Titself; i.e., T[...] for T.CONS[...]. Because CONS is a coercion from group to array, you can omit the Twhenever the group appears as an argument or in a binding; see ¶ ???. Examples:I: TYPE~INT_0; B: TYPE~BOOLEAN_TRUEA: TYPE~ARRAY [0..5) OF I;a1: A~[0, 1, 2, 3, 4];-- OK to omit A here.a2: A~[  , 1, 2, 3, 4];-- Same as a1, by defaulting.i: INT~A[4, 3, 2, 1, 0][1];-- i=3. The A is required here.E: TYPE~ARRAY {red, blue, green} OF B;e1: E~[TRUE, FALSE, TRUE];e2: E~[blue~FALSE];-- Same as e1.Anomaly: ALL replicates its argument in all the elements of an array. In current Cedar you can'twrite T.ALL. Instead you just write ALL; it must be in an argument or binding. Unlike most built-ins, ALL is not sugar for dot notation. If the range type permits it, you can write ALL[NULL] to trashall the elements.a3: A~ALL[3];-- Same as [3, 3, 3, 3, 3]BASE returns the address of its VAR array argument. It is mostly useful for writing storage allocators.The resulting LONG POINTER TO UNSPECIFIED can also be passed to DESCRIPTOR to yield adescriptor for a different type of array. If the VAR is short, the result can be narrowed to a POINTER.Anomaly: An array may be declared with a domain type which is an empty subrange. The effect isto suppress the bounds checking in APPLY. If a pointer p to such an array is constructed (with aLOOPHOLE), then p^[i] (you can also write p[i], because p inherits APPLY) will never give anBoundsFault. This kludge is sometimes useful for obtaining arrays whose size is not static. However,beware that operations on the array other than subscripting (e.g., equality tests, assignment andparameter passing) will believe the type declaration and do the wrong thing. It is generally better touse a sequence or a descriptor.4.4.2.2 SEQUENCE typesA sequence is like an array, but each sequence value includes a tag value which specifies thenumber of elements in that sequence, i.e. the values of the domain type for which APPLY is defined.If the domain type is T and the tag value is v, then APPLY is defined for [FIRST[T]..v). Usually T isNAT, so that v is the number of elements in the sequence, and the elements are indexed by 0, 1, ...,v1.��������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?rî·ï_Ûvô�X�}vî·ï\°rô�ðAô�Ž�xrî·ï[,ô�ð2ô�ð-î·ïY¨ô�¥ðEô�¦î·ïX$ô�ð(ô�ð5î·ïV ô�ð#ô�‚ð?î·ïUô�€ðaî·ïQñî
ïPmxr�ô�X�qr�s�rxr�t�rt�r�s�r�î*q�î
ïNérqr�s�rxr�t�r�s�r�î*ð's�î
ïMeqrqr�s�rs�r�t�r�qr�î*xr�î
ïKáqrqr�s�rxr�s�r�t�r�qô�Gr�ô�Xs�rî·ïH¶xrô�Ïð<ô�Ðî·ïG2ô�×xrð<ô�Øî·ïE®ô�„s�rð#xrð(ô�…�s�rî·ïD*ô��s�r�xrô�Ž�s�rð#s�r�xrs�î·ïB¦rô�‹s�r	s�r�xrxrô�Œð5s�î·ïA"rô�€ðGîyï?žs�r�ô�X�qr�qrs�rqr�qr�qîyï>s�rqr�qrqr�s�r�îyï<–s�rs�rî*
s�rîyï;s�rs�rî*
s�rîyï9Žs�rqr�s�rî*s�rs�rîyï8
s�rqr�qrsô�Or�ô�X�qô�G�s�r�îyï6†s�rô�X�s�rqrqrqrîyï5s�rs�rsr�qrî*
s�rî·ï1×vr�ô�ª�qrð9ô�«î·ï0Sô�™�s�r�qrqrô�šð6î·ï.Ïô�…�qrô�†ð7qr�qr	î·ï-Kô�€
îyï+Çs�rô�X�s�r�qrî*î·ï(œqrô�‡xrð8ô�ˆî·ï'ô�é
qr�qr�qr�q
rô�êq	r
î·ï%”	ô�€ð'xrð+qr�î·ï"ivr�ô�Žô�ð6î·ï åô�©ô�ªxrs�rð(î·ïaqrô�és�rs�rô�ês�r�s�r
s�r	xrî·ïÝs
r�ô�“ô�”ð8î·ïYô�Àô�ÁðDî·ïÕô�…ô�†ðTî·ïQô�€î·ïRvô�X�}vî·ï'r�ô�Êô�Ëð$vrî·ï£ô�ƒô�„ð=xrî·ïô�•s�rs�r�ô�–xrqr�s�rs�r
s�rî·ï
›qr�ô�Šs�rðHô�‹
î·ïs�rÿ�������
Ä��������TVk(U������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 2DRAFT OF JULY 20, 198252In current Cedar there are many restrictions on the use of sequences. A sequence type is defined bya sequenceTC51; it is not a first-class type, and can only appear as the type of the last field of avariant record or union (¶ 4.6.2). Furthermore, the only items in the cluster of a sequence type arethe row APPLY and DESCRIPTOR procs; these are inherited by the containing variant record, which isthe type a program normally deals with.A record type T containing a sequence field is a variant record. T is a first-class type which can bebound to a name, but unlike a union-containing record it cannot be used where type36 appears inthe grammar, except in a refTC53 or pointerTC55. The only operations in the cluster of T are theones of the variant record class (¶ 4.6.2), and some inherited from the row class of the containedsequence:DOMAIN: TYPE-- =TAGTYPE.RANGE: TYPE-- The RANGE of the sequence.APPLY: PROC[map: T, arg: DOMAIN]_[RANGE]-- Indexes the sequence.~{RETURN[t.UNIONPART[i]]}.DESCRIPTOR: PROC[r: VAR T]_[LONG DESCRIPTOR FOR ARRAY DOMAIN OF RANGE]~{RETURN[DESCRIPTOR[t.s]]}.-- Yields a descriptor for the sequence.The tag of a sequence is readonly.Hence the only uses of T are:As the range type of a reference type, e.g., REF T.In the form T[n] to yield a specialization of T.The specialization T[n] has TAG=SUCCn[FIRST[T.TAGTYPE]], and n elements in the sequence; n neednot be static. This application causes a Runtime.BoundsFault if n NOT IN T.TAGTYPE. T[n] is also not afirst-class type; you cannot write it where type36 appears in the grammar, and it has only thefollowing cluster (¶ 4.3.1):NEW -- Denoted NEW[T[n]] or z.NEW[T[n]] .SIZE-- Denoted SIZE[T[n]].Note that since you cannot use T or T[n] in a declaration, there are no declared variables, recordfields, or arguments to non-primitive procs of these types; you must use REF T (or a pointer to T).Furthermore, these types have no ASSIGN or EQUAL procs; you must do these operations on thecomponents. Finally, there are no constructors for sequence types; you must explicitly trash thesequence field in a record constructor. A sequence does get initialized when allocated, however; incurrent Cedar this just means that basic RC variables are set to NIL. Thus the normal way to use a sequence is to embed it in a record (which need not have any othercomponents), and to allocate one of the desired size using NEW (as in the examples below). Therecord value can then be applied to index the sequence. Usually it is convenient to haveDOMAIN=NAT. If, however, some maximum length N is important to you, consider DOMAIN=[0..N];then the value of the tag field is a sequence of length n<N is just n, and the valid indices are IN[0..n).Examples:StackRep: TYPE~RECORD[top: INT_1,item: SEQUENCE size: NAT OF T];Number: TYPE~RECORD[sign: {plus, minus},magnitude: SELECT kind: * FROMshort=>[val: [0..1000)],long=>[val: LONG CARDINAL],extended=>[val: SEQUENCE length: NAT OF CARDINAL]ENDCASE];rs1: REF StackRep_NEW[StackRep[100]];-- rs1.top=1, rs1[i] is trash.rs2: REF StackRep_NEW[StackRep[100]]_[top~3, item_NULL];-- rs2.top=3, rs2[i] is trash.����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?rî·ï_Ûô�‚ð5ô�ƒð,î·ï^W�ô�§
ï^äwï^Wrð(vrô�¨ð#î·ï\Óô�”ô�•ðBî·ï[Oô�ƒxrq	rð=ô�„î·ïYËô�€ð$î·ïV �ô�s�rô�‘srð#î·ïUô�›ô�œðJïU©wïUr
î·ïS˜ô�¤ô�¥ïT%wïS˜rïT%wïS˜rð(s�rî·ïRô�§ð0ô�¨ð.î·ïPî
ïOxr�ô�X�qî*rxr�î
ïMˆxrqî*rxrî
ïLxrqr�srs�rsrxr�t�r�xr�î*î
ëïJ€qr�sxr�s�rî
ïHüq	rqr�s�rxr�s�r�t�r�qô�Grô�X�xqô�Gxr�î
ëïGx|qr�q	r�srî*ô�Xð&î·ïEôô�€î·ïBÉs�rî­ï@qð-qr�s�r�î­ï>s�r�s�rsî·ï;Árô�˜s�r�s�r�ô�™xr�qï<N�ï;Ár�qr�sxrs�rs�rî·ï:=ô�Šð&srs�r�qr�qrô�‹�sxrs�r�s�rî·ï8¹
ô�Ìð%ï9Fwï8¹rô�Íð$î·ï75ô�€î
ï5±qrô�X�î*
qr�s�r�s�rs�r�qr�s�r�s�rî
ï4-qî*r
qr�s�r�s�rî·ï1Õô�¥s�rs�r�s�rô�¦î·ï0Qô�‘ô�’ð$qr�s�rs�rî·ï.Íô�µô�¶xrxrð+î·ï-I
ô�¼ð7ô�½î·ï+Åô�•ô�–ðRî·ï*Aô�€ð:qrî·ï'ô�Žô�ðEî·ï%’ô�­ð/qrî·ï$ô�ýô�þð5î·ï"Šxr�qr�ô�–ô�—s�rxrs�rî·ï!ô�›ð4s�t�s�rô�œs�rqî·ï‚rs�rî·ïWî
ïÓsr�ô�X�qr�qr�îyïOsrqrîyïËsrqr�srqr�qô�G�s�rî
ïGsr�ô�X�qr�qr�îyïÃsrsô�Orîyï?sr�ô�X�qr�srqîÙï»srsrîÙï7srsrqô�GrîÙï³srsr�ô�X�qô�G�sr�ô�X�qô�Gr�îÙï
/qrî
ï«srô�X�qr�sr�qr�srî2Msr�srsrs�r
î
ï
'srqr�sr�qr�srsrsr�qrî2Msr�srsrs�r
ÿ�������T��������TVk(‰����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 2DRAFT OF JULY 20, 198253rn1: REF Number[extended]_NEW[Number[extended][2*k]];-- ns2[2]=ns2^[2]=ns2.item[2]=ns2^.item[2], but all start out trashed.A sequence may have a COMPUTED tag, with the same meaning as for unions: no tag field exists, nobounds checking is possible so that application is unsafe, and the cluster has no DESCRIPTOR proc.You can still compute the address of the sequence with @ and use the unsafe three-argument formof DESCRIPTOR (¶ 4.4.2.3). A sequence may not have an OVERLAID tag, and * cannot be used for thetag type. Example:-- Here is the recommended method for imposing an indexable structure of raw storage.WordSeq: TYPE~RECORD[SEQUENCE COMPUTED CARDINAL OF Word];A sequence may appear in a MACHINE DEPENDENT record. It must come last, both in the recordconstructor and in the layout. The total length of a record with a zero-length sequence part must bea multiple of the word length. The size of the sequence field (if specified) must descripe a zero-length sequence; i.e., it must account for just the space occupied by the tag field (if any).There is a predefined sequence TEXT; see Table 42 for its declaration. There are literals of typeREF TEXT, denoted as in rule 57 by the characters of the literal enclosed in doublequotes. Such aliteral is shorthand for a constructor (which you couldn't actually write in current Cedar, since itlacks constructors for sequences). TEXT can be used where efficiency is critical; for general purposesuse ROPE (¶ ???).·There are also unsafe predefined types LONG STRING and STRING; see Table 42 for theirdeclaration. They are described here for completeness, but should not be used. These types arepointers to a StringBody type also given in Table 42. In spite of the declaration, StringBody behaveslike a sequence with tag maxlength and sequence text. Thus z.NEW[StringBody[n]] returns a STRING orLONG STRING with maxlength=n; if s is a STRING or LONG STRING, s[i] indexes its text, etc. You canalso use s.text, as with sequences, but this is not recommended: because of the definition, s.text[i] isnever bounds-checked (use s[i]), and DESCRIPTOR[s.text] describes an array of length 0 (useDESCRIPTOR[s^]. ·There is a special kludge for allocating a string in the local frame of a proc: LOCALSTRING: PROC[ [CARDINAL] ]_[STRING]-- A coercion.Because this is a coercion, you can writes: STRING~[20]to obtain a local string of length 20. Of course, the storage will be freed when the proc frame isfreed, and a dangling reference may remain.·There are literals of type STRING, denoted just like REF TEXT literals as in rule 57. Since they arestring literals, they are allocated in the MDS, where they consume precious space. By suffixing L tothe literal, you can get it allocated in the proc frame, where the space is recovered when the frameis freed, at the risk of a dangling reference.4.4.2.3 Descriptor typesA descriptor is a pointer to a row value which includes a subrange of the row's domain as part ofthe descriptor value. A proc which takes descriptors rather than rows or REFs to rows can deal withrows of different sizes. Because a descriptor is like a pointer, there are short, long and relativedescriptors which are exactly analogous to short, long and relative pointers; see ¶ 4.5.1 and ¶ 4.5.4for details.Like a row, a descriptor can be applied to yield a VAR of the range type. If it is READONLY, the VARwill be READONLY too.Like array, descriptor has the procs:LENGTH: PROC[a: T]_[CARDINAL]-- Returns the cardinality of the subrange in a.ÿ��������������������������������������î·ïf2qô�Gõ��ð,îG?rî
ï_Ûsrô�X�qr�sr�srqr�sr�srs�rî
ï^Wsrsrsrsrsrsrî·ï[,�ô�qrð-ô�‚î·ïY¨ô�—ðLq	rî·ïX$ô�‰ð!ô�Šð;î·ïV ô��q	rô�‚ð&qrð"î·ïUô�€î
ïS˜ô�XðSî
ïRsô�O�qr�qr�qô�Grô�X�srî·ïNé�ô�¦ô�§qr�qrð.î·ïMe
ô�„ðLô�…î·ïKá�ô�¨ô�©ðXî·ïJ]ô�€ðWî·ïG2ô�¥qrô�¦ð:î·ïE®qrô� �qrô�¡ðBî·ïD*ô�ªðEô�«î·ïB¦ô�‡qrô�ˆð-î·ïA"ô�€�qrî·ï=÷ô�êô�ëqr�qrqrî·ï<sô�½ð5ô�¾î·ï:ïô�Šs	rô�‹ð,s	rî·ï9ksrô�Œ	srs�r�qr�s	r�s�rqrî·ï7çqrô�…�qrsr�s�rs�rqrqr�qrs�r�s�r
sr�ô�†î·ï6cô�‘srð@ô�’sr�s�rî·ï4ßôô�s�r�s�rq	r�srð%î·ï3[q	r�s�rô�€�î·ï00ðQî
ï.¬x
r�ô�X�qrqrt�r�qr�î*
î·ï-(ô�€ð"î
ï+¤s�r�ô�X�qrî·ï* ô�¥ô�¦ð@î·ï(œô�€ð%î·ï%qô�—qrqr�qrô�˜î·ï#íô�ˆð[ô�‰î·ï"iô�Žô�ðPî·ï åô�€ð,î·ïævô�Xî·ï»r�ô�—ð]ô�˜î·ï7ô�‰ô�Šð'qrî·ï³ô�¿ð)ô�Àð6î·ï/
ô� ðTô�¡î·ï«ô�€î·ï€ô�‚ð/xrô�ƒqrxî·ïürô�€qrî·ïÑð%î
ï
Mqr�ô�X�qr�s�rs�r�t�r�qr�î*ð.s�r��������
Ü��������TVk(ú������������  CEDAR TYPES, PART 2DRAFT OF JULY 20, 198254BASE: PROC[a: T]_[POINTER TO UNSPECIFIED] -- Returns the address of a's first element.There is also an unsafe proc for making a descriptor with RANGE=CARDINAL from a LONGPOINTER:DESCRIPTOR: PROC[base: LONG POINTER TO UNSPECIFIED, length: CARDINAL, type: TYPE]                          _[d: LONG DESCRIPTOR FOR ARRAY CARDINAL OF type]LENGTH[d]=length and BASE[d]=base. There is a similar proc with both LONGs dropped.Anomaly: The type argument of DESCRIPTOR may be omitted, in which case it is the range type ofthe target type (which must be a descriptor type). Similarly if the target type is packed.·4.4.3 BASE POINTER typesA base pointer bp is like an ordinary pointer, except that it has an APPLY operation which maps arelative pointer rp (see ¶ 4.5.1) into an ordinary pointer p:APPLY: UNSAFE PROC[bp: T, rp: DOMAIN]_[p: rp.RANGE]DOMAIN: (T RELATIVE POINTER).TYPE;Note that the type of p is determined by the type of rp, and has nothing to do with the type of bp.There can be many relative pointer types for a single base pointer type. The scheme is much lesssafe than ordinary pointers, since a particular relative pointer in general makes sense only relative toa particular base value, but the type system allows it to be used with any base value of the properbase type. In other respects, a base pointer is like an ordinary pointer; indeed, it is a subclass of pointer. Thus,it has a range type of its own, and can be dereferenced to yield a value of that type. Thus it canpoint to a record or other variable at the start of the region. Confusingly, the base pointer's rangehas nothing to do with the range of its APPLY.A base pointer type implies the corresponding non-base type, and vice versa.Representation: The APPLY proc is    l [bp: T, rp: DOMAIN] IN         LOOPHOLE[LOOPHOLE[bp, LONG CARDINAL]+LOOPHOLE[rp, LONG CARDINAL],      LONG POINTER TO rp.RANGE]if T.LONG=TRUE or DOMAIN.LONG=TRUE, or the same thing without the LONGs if neither is long.4.5 Address types An address value is the address of a variable, i.e., of a block of storage. These values are used inmany different ways. They have only one thing in common:NIL: T-- A distinguished value pointing to no storage.In current Cedar you cannot write T.NIL; instead, you write NIL[T]. There is a universal value NILwhich can be coerced into any particular NIL.Storage is a precious resource which must be reclaimed when it is no longer needed, i.e., when thevariable it represents will no longer be touched by the program. A conservative definition is that thevariable is no longer reachable. If new address values are generated only by a NEW proc whichnever generates the address of a reachable variable, then a variable is reachable if an address value for it is stored in some other reachable variable, or it is the process array or, in current Cedar, the global frame of a module.REF and transfer values are intended to be such addresses; collectively they are called countedvalues:·Within the safe language, a new counted value can be made only by such a NEW proc, orby evaluating a l-expression. ÿ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?rî
ï_Ûqr�ô�X�qr�s�rs�r�t�r�qô�Gr�ô�Xs�rî·ï\°ô�çð5xr�qrô�èqî·ï[,r�î
ïY¨q	r�ô�X�qr�srqô�Gr�ô�X�srqrsrqr�î
ëïX$t�r�s�rqô�Gð"sr�î·ïV qr�s�rsrô�€qr�s�rsrð$qr	î·ïSuvr�ô�–srô�—�q	rð6î·ïQñô�€ðWî·ïMòvô�X�}v�}vî·ïJÇr�ô�š
srô�›xrî·ïICô�€srð(s�r�î
ïG¿xr�ô�X�qô�Gr�sr�yô�X�s�rsrxr�t�r�s�rsr�xr�î
ïF;xrs�r�qô�Gyqî·ïD·rô�s�rsrô�Žsr�î·ïC3ô�ŸðCô� î·ïA¯ô�‚ðdî·ï@+�ô�•vrð"ô�–
vrî·ï>§ô�€î·ï;|ô�‚ô�ƒðUî·ï9øô�žðTô�Ÿî·ï8tô�™ð.ô�šð2î·ï6ðô�€ð%xr�î·ï3ÅðLî·ï0šv
rxrî·ï/|�rsr�y�s�rsrxrqr�î·ï-’qr�qr�srqr�qrqr�srqr�qrîüï,qr�qr�qr�sr�xr�î·ï*Šs�r�xr�qrxr�xr�qrqrî·ï%·uô�Xî·ï"Œrô�Ÿô� ðZî·ï!ô�€ð4î
ï„qr�ô�X�s�î*rð0î·ï�ô� s�r�xr
ô�¡qr�s�rqî·ï|rô�€ð$qr�î·ïQô�ð/ô�ð,î·ïÍô�€ð/ô�ð/î·ïIô�·ð'ô�¸qr
î·ïÅô�€ðPî­ïmðGî­ï	vrð4î·ï
½qrô�Êð7ô�Ëvî·ï9rîâï	á�î­ô�˜ð!ô�™ð"qrî­ï]ô�€
|�rÿ�������2��������TVk(ø����������������  CEDAR TYPES, PART 2DRAFT OF JULY 20, 198255NEW returns the address of a block of at least SIZE[T] words, none of which is partof an already reachable variable. Evaluating a l-expression L returns a closure (¶ 2.2.1), which includes the addressof the frame in which L was evaluated. This frame provides the properenvironment for binding free variables in L. A frame in turn is made only by aNEW proc for that frame type.·A counted value always addresses counted storage, which is made only by such a NEW proc.It is called counted because of the implementation of the test for reachability; see ¶ ???. ·The storage representing a counted variable is reclaimed (by the garbage collector) onlywhen it is no longer reachable. These three invariants ensure that within the safe language a REF T always addresses a VAR T whichdoes not intersect any other variable. The second invariant is guaranteed entirely by the allocator(given the other two invariants). IncompleteFurthermore, a VAR REF T v must never be equal to a VAR U for any U=REF T. Otherwise a Ucould be assigned to the VAR, incorrectly making a new REF T value which can be retrieved byv.VALUEOF. The third invariant requires an implementation which can compute reachability. Cedar has two: One does reference counting, and hence must know about every assignment to a REF.The other scans all the reachable variables, starting with the process array and frames.Both need to be able to find all the REFs in a variable. Thus to maintain the safety invariants, it is necessary to ensure that no other value is mixed up witha value containing a REF. Such a value is called REF-containing, or RC for short. The followingclasses have RC values:REF (which includes LIST and ATOM)record, union or array with a RC component.transfer (not counteddeficiency).To define the safety invariants for non-reference addresses, it is necessary to define all the valueswhich can contain such addresses. Such values are called pointer-containing, or PC for short. Thefollowing classes have PC values:pointer (which includes POINTER TO FRAME and string);descriptor;record, union or array with a PC component.Inconplete. Notes:AC types (6T5/12):pointers to RC: dangerous but allowed.type encoding: none, prefix, quantum is in zone.4.5.1 Reference types This class has the following names:RANGE: VAR.TYPEDEREFERENCE: PROC[r: T]_[T.RANGE]-- Denoted by r^APPLY: PROC[r: T, arg: T.RANGE.DOMAIN]_-- Inherited from the range type.                    [T.RANGE.RANGE]f: PROC[r: T, arg: T.RANGE.f.DOMAIN]_-- Inherited from the range type.                    [T.RANGE.f.RANGE]��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?rî£ï_Ûqrô�ð,qr�s�rô�î£ï^Wô�€î£ï\F	ô�Ÿ|�rs�rô� ð#î£ïZÂô)s�rð.î£ïY>
ô�°ô�±s�rð#î£ïWºqrô�€îâïUb�î­�ô�…
ô�†vrð'qrî­ïSÞô�€ðZîâïQ†�î­ô�½ô�¾ð>î­ïPô�€î·ïMªô�†ð9qr�s�rô�‡xr�s�rî·ïL&ô�§ð:ô�¨ð%î·ïJ¢ô�€î·ïG0{	î·ïDrô�­xy�qr�s�r�s�rxy�s�rô�®�s�t�qr�s�r
s�î·ïBrô�´xrqr�s�rô�µî·ï@ýs�r�xr�ô�€�î·ï=Òð^î­ï;zðMqr�î­ï9"ðXî·ï6Êð%qrî·ï3Ÿô�ô�‚ðVî·ï2�ô�³qrqr�v	rô�´î·ï0—ô�€îyï/qrô�Xqrqr�îyï-ð+îyï,ð"î·ï)³ô�¤ð/ô�¥ð4î·ï(/ô�§ð(ô�¨vrî·ï&«ô�€îyï%'ô�Xqô�Grô�Xîyï#£
îyï"ð+î·ï­{
ô�€î·ïUrô�Xî·ïÑð&î·ïMð0î·ïNvî·ï#rô�€î
ïŸxr�ô�X�xr�qî
ïx
q�ô�Gr�s�qs�r�t�r�s�r�xr�î*ô�Xs�r�î
ï
—xrqr�s�q�ô�G�s�r�ô�X�srs�r�xr�xr�t�î*rð!î
ëïs�r�xr�xr�î
ï
s�rqr�s�q�ô�G�s�r�ô�X�srs�r�xr�s�r�xr�t�î*rð!î
ëï	s�r�xr�s�r�xr�ÿ�������
,��������TVk(¾������������������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 2DRAFT OF JULY 20, 198256The range of a reference type T may be any VAR type VAR U. If T is READONLY, then T.RANGE isREADONLY also; this means that assignment to the dereferenced address is impossible.Dereferencing a T yields a VAR U (which can then be coerced to a U value if appropriate).Dereferencing NIL causes the error Runtime.PointerFault.If the range has an APPLY, WAIT, NOTIFY or BROADCAST proc, or any record field procs in its cluster,these are inherited by the reference type (except that APPLY is not inherited by a BASE POINTER,which has its own APPLY; see ¶ 4.4.3). The value of an inherited f isl [r: T, arg: T.RANGE.f.DOMAIN] IN r^.fŸ[arg]In other words, the address is dereferenced, and then the range's f is applied. The effect is that areference to an array or proc can be applied without explicit dereferencing, a reference to acondition can be used to do a WAIT or whatever, and a reference to a record can be used to select afield.  This does not work for procs which get into a cluster by being in an interface instance.4.5.1.1 REF typesA REF value can be created only by a NEW proc. Every general type except union has one of these(¶ 4.3.1). There are no additional names in the REF class. The type VAR ANY may be the range of a REF; it cannot appear anywhere else except as the domainor range of a proc type. This REF type is denoted REF ANY. It is implied by every REF type. ISTYPEcan be used to test the particular REF type of a REF ANY value, and NARROW can be used toconvert a REF ANY value into a REF T value (¶ 4.3.1). These two operations are combined in aconvenient way by the WITH ... SELECT construction (¶ ???). REF ANY does not have a DEREFERENCEproc, and of course there are no procs for it to inherit from the range.LIST typesThe LIST class has names:VALUE: TYPE;first: PROC[l: T]_[VAR VALUE];-- Denoted l.first, not first[l]rest: PROC[l: T]_[T];-- Denoted l.rest, not rest[l]CONS: PROC[z: ZONE_SafeStorage.GetSystemZone,-- Denoted z.CONS[x, y] or CONS[x, y].          x: VALUE, y: T]_[T]LIST: PROC[z: ZONE_SafeStorage.GetSystemZone,-- Denoted z.LIST g or LIST g.          g: VALUE X ...]_[T]The RANGE type R of a list type T is opaque, but it may be thought of as an unpainted record [first:VALUE, rest: T]; thus a list value is a REF to an R. The first and rest procs return the fields of an R. CONS is NEW[R_[x, y]]; the optional zone tells where to do the NEW. LIST does a series of CONSes,yielding a list such that LIST[x0, ..., xn].resti.first=xiThe g argument of LIST may have omitted values, which are filled in if possible by the defaultingcoercion for g. Examples:L: TYPE~LIST OF INT_0;l: L~LIST[0, 1, 2, 3, 4];m: L~LIST[  , 1, 2, 3, 4];-- Same as l, by defaulting.The type ATOMAn ATOM is a REF to an opaque type which is exported from AtomsPrivate as AtomRec: TYPE~RECORD[printName: Rope.ROPE,propertyList: REF ANY_NIL,ÿ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?rî·ï_Ûô�™s�rxrxr�s�rs�rô�š�qrs�r�xrî·ï^WqrôLð=ôMî·ï\Óô�Ýs�r	xr�s�rð!s�rî·ï[Oô�€�qrsr�î·ïX$ô�ƒ
ô�„xrxrxrqrð0î·ïV ô�©ð$ô�ª
xrqr�qr�î·ïUô�€xrð*s�rîyïS˜|�rô�Xs�q�ô�G�s�r�ô�X�srs�r�xr�s�r�xrxr�s�rs�rsr�î·ïRô�Ÿð@s�rô� ð!î·ïPô�Üô�ÝðHî·ïOô�‚ô�ƒ�qrðAî·ïMˆô�€ðZî·ïI‰vô�X�}vî·ïF^r�ô��qrô�Žqrð7î·ïDÚô�€ð.qrî·ïA¯ô�„ô�…�xy�xrqrð5î·ï@+ô�ˆqrqr�qrô�‰qrqî·ï>§rô�¾ô�¿�qr
qr�qrqrî·ï=#ô�¸qr�qrô�¹qr�s�rð8î·ï;Ÿ	ô�‰qrô�Šqrqr�qrx
î·ï:rô�€ðCî·ï6}vô�Xî·ï2ñrô�€�qrî
ï1mxr�ô�X�qr�î
ï/ésrqr�s�rs�r�t�r�xy�xrî*
s�r�srsr�s�r�î
ï.esrqr�s�rs�r�t�r�s�rî*
s�r�srsr�s�r�î
ï,áqrqr�s�rqr�sr�î*
s�r�qr�sô�Or�ô�Xqr�sô�Orî
ëï+]ô�X	s�rxrs�rs�r�t�r�s�r�î
ï)Ùqrqr�s�rqr�sr�î*
s�r�qr�s�rqr�s�r�î
ëï(U	s�rxr�t�rt�r�s�r�î·ï%*ô�„�xrs�rs�rô�…ð+sr�î·ï#¦xr�ô�€�srs�rqrs�rsrsrs�rî·ï {qrô�—qr�s�rsrð,qrqrô�˜
qrî·ï÷ô�€î
ïsqr�s�ïæw�ïsr�ô�Xs�ïæ�ïsrsï��ïsr�sr�s�ïæ�î·ï…rô��s�rxrð*ô�žð!î·ïô�€s�r
îyï}s�r�ô�X�qr�qr�qr�qrîyïùs�rs�r�qrîyïus�rs�r�qrî*
s�rî·ïvv}î·ïKrô�€�qrqrð*srî
ïÇsr�ô�X�qr�qr�îyïCsrsr�qîyï	¿srqô�Gr�qr��������N��������TVk(“��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 2DRAFT OF JULY 20, 198257link: ATOM_NIL]There are no additional names in ATOM's cluster; the useful operations on ATOMs are provided bythe ListsAndAtoms interface. However, the language does provide ATOM literals for atoms which haveCedar names as their printnames, with the syntax $ n. Examples:$red$VeryLongAtomMadeUpOfSeveralWordsNote that you cannot put any spaces in an ATOM literal.4.5.1.2 ¸Pointer typesThere are two flavors of pointer: short and long. Short pointers occupy one word, and point onlywithin the 64k word main data space where frames are allocated. Long pointers occupy two wordsand point anywhere.Pointer dereferencing is unsafe; hence all the inherited procs are also unsafe. Dereferencing apointer may cause an address fault if it points to storage which is not mapped by the operatingsystem; this is about the least disastrous thing that can happen if an unsuitable value gets into apointer.Long pointer types have the following dubious names:·PLUS: PROC[T, LONG INTEGER]_[T]-- Denoted by infix +.·MINUS: PROC[T, LONG INTEGER]_[T]-- Denoted by infix .·DIFF: PROC[T, T]_[LONG INTEGER]-- Also denoted by infix .Anomaly: The infix "" cannot be desugared into dot notation, since there are two procs denotedby an infix "" whose first argument is a pointer. The choice between MINUS and DIFF is based onthe type of the second argument.Short pointer types have the same procs without the LONG. They also have the following coercion,called lengthening:LONG: PROC[p:T]_[LONG POINTER TO RANGE]-- Apply by LONG[p]Note that VAR types have a VARTOPOINTER proc (denoted by prefix @) ; this turns a long VAR Tinto a LONG POINTER TO T or a short VAR T into a POINTER TO T (¶ 4.5.4).4.5.2 Zone typesThe zone class has the names:NEWTYPE: PROC[U: TYPE]_[A: REFERENCE.TYPE];NEW: PROC[z: T, U: TYPE]_[r: NEWTYPE[U]];FREE: PROC[z: T, p: VAR NEWTYPE[u]]_[];-- For a ZONE.FREE: UNSAFE PROC[z: T, -- For an uncounted zone.                                    p: NEWTYPE[ NEWTYPE[u]]]_[];Currently there are exactly three zone types:ZONE, with NEWTYPE=l [U: TYPE] IN MKREF[range~U];UNCOUNTED ZONE, with NEWTYPE=l [U: TYPE] IN MKPOINTER[range~U, long~TRUE];MDSZone, with NEWTYPE=l [U: TYPE] IN MKPOINTER[range~U, long~FALSE].In other words, a ZONE deals in REFs, an UNCOUNTED ZONE in LONG POINTERs, and an MDSZonein POINTERs. The latter two are called uncounted zone types.NEW is explained in ¶ 4.3.1. FREE takes a variable (or pointer to a variable, for an uncounted zone) vcontaining a reference r to a variable fv. The reference r must be supplied by the NEW proc of thesame zone; this is checked for a ZONE. FREE sets v (or v^) to NIL. In addition:ÿ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?rîyï_Ûsr�ô�X�qr�qr�î·ï^Wô�˜qrð!ô�™qrî·ï\Óô�ƒ�srð/qrô�„î·ï[Oô�€ð:îyïYËîyïXGð!î·ïVÃð*qrî·ïRÄvô�Xî·ïO™rô�žðVô�Ÿî·ïNô�–ô�—ðPî·ïL‘ô�€î·ïIfô�Óô�Ôð?î·ïGâô�³
vrô�´ð-î·ïF^ô�©ðUô�ªî·ïDÚî·ïA¯ô�€ð0î
ï@+y�xr�ô�X�qr�s�rqô�Gr�t�r�s�r�î*ô�Xî
ï>§y�xrqr�s�rqô�Gr�t�r�s�r�î*ô�Xî
ï=#y�xrqr�s�rs�r�t�r�qô�Gr�î*ô�Xî·ï9øvr�ô�ð'ô�žð0î·ï8tô�“ô�”ðAxrxrî·ï6ðô�€î·ï3Åô�”ð/qrô�•ð"î·ï2Aô�€�v
r�î
ï0½qr�ô�X�qr�s�r�s�r�t�r�qô�Gxr�î*ô�X	qr�s�r�î·ï-’ô�¥xr
xrð*ô�¦xr�s�î·ï,rô�€qr�qr�qr�s�rxr�s�rqr�qr�s�r
î·ï(vô�X
î·ï$ärô�€î
ï#`xr�ô�X�qr�s�rqr�t�r�s�rxr�qrî
ï!Üqrqr�s�rs�rs�rqr�t�r�s�rxr�s�rî
ï Xqr�qô�Gr�s�r�ô�X�s�rs�rxr�xr�s�rt�rî*qr�î
ïÔqr�qô�Gr�s�r�ô�X�s�rî*î
ëïPzô�Oð$s�r�ô�X�xrxr�s�rt�rî·ï%ô�€ð$î­ïÍqrxr�|�rs�rqrxy�xr�sr�s�rî­ïuqr�qrxr�|�rs�rqrxy�xr�sr�s�rsr�qrî­ïsrxr�|�rs�rqrxy�xr�sr�s�rsr�qrî·ïÅô�–ô�—	qr	qrqr�qrqr�qr	sî·ïArô�€�qrð2î·ïqrô�	qrðDs�î·ï
’r	ô�”s�rsrs�rô�•qrî·ï	ô�€qrqrs�rsrqr
�������
v��������TVk(M����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 2DRAFT OF JULY 20, 198258For a ZONE, FREE sets all the REF variables of fv to NIL; this helps to break circularstructures, but only the collector actually reclaims storage. Hence FREE for a ZONE is safe.For an uncounted zone, FREE reclaims the storage for fv by calling the Dealloc proc of thezone (see below); hence FREE is unsafe for an uncounted zone; the safety invariantdemands that FREE not be called with a pointer unless the variable will not be used any more. It is best if no other pointers to fv exist. New zones can be obtained, and other aspects of storage allocation monitored and controlled, usingthe procs in SafeStorage (for ZONEs) or UnsafeStorage (for uncounted zones). It is also possible,though not recommended, to make up your own UNCOUNTED ZONE using a type like this:UncountedZoneRep: TYPE~LONG POINTER TO MACHINE DEPENDENT RECORD [procs (0: 0..31): LONG POINTER TO MACHINE DEPENDENT RECORD [Alloc (0): PROC[zone: UncountedZoneRep, size: CARDINAL]_[LONG POINTER],Dealloc (1): PROC[zone: UncountedZoneRep, object: LONG POINTER]-- possibly followed by other fields-- ],data (2: 0..31): LONG POINTER-- Optional; see below-- possibly followed by other fields-- ];The same structure serves for a MDSZone, with all the LONGs dropped and the field positionsadjusted accordingly. You must use a LOOPHOLE to turn one of these Rep values into an uncountedzone value.If z is an uncounted zone, the code generated for z.NEW[T] isz^.procs^.Alloc[z, SIZE[T]]and the code generated for z.FREE[p] is{temp: LONG POINTER~p^; p^_NIL; z^.procs^.Dealloc[z, temp] }Usually p is @q, for some variable q which holds the pointer being freed. Within this framework, you may design a representation of zone objects appropriate for yourstorage manager.  In general, you should greate an instance of a UncountedZoneRep for each zoneinstance. The procs record can be shared by all zones with the same implementation; the datapointer normally references the state information for a particular zone.4.5.3 POINTER TO FRAME typesIncomplete. Notes:POINTER TO FRAME: Construct with implementation (and NEW?)can put impl p in DIRECTORY as well as interfimporting pi: p gives pi the same type as PTF[p]there is a coercion from pi to the PROGRAM type for the implPTR TO FRAME by NEW on PROG or PTR TO FRAME, or by import.4.5.4 RELATIVE typesSometimes it is convenient to have addresses which are relative to the base of some region. Suchpointers can be shorter than ordinary pointers. Also, the entire collection of variables in the regioncan be moved in storage simply by changing the base; in fact, it can be written out and later readin to a possibly different place, and any relative pointers stored in it will still be valid. Cedarprovides some (unsafe) support for this facility, in the form of RELATIVE types. A RELATIVE typehas a range type which is an ordinary pointer or descriptor. The RELATIVE type has noDEREFERENCE or APPLY proc. The only useful thing to do with a RELATIVE value is to apply asuitable BASE POINTER to it (¶ 4.4.4). To indicate the desired size of a RELATIVE POINTER value, the type constructor can specify asubrange of CARDINAL. There are coercions between RELATIVE  POINTER types which differ only intheir subranges; these are just like the coercions between subranges of CARDINAL (¶ 4.7.3).ÿ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?rî­ï_Ûô�Ïqrqrô�Ðqr
srqrî­ï^W
ô�€ð9qrqrî­ï[ÿô�™qrsrsrô�šî­ïZ{ô�îqrð6î­ïX÷ô�¨qrô�©ðFô�€�î­ïWsð)srî·ïTHô�‰ô�ŠðDî·ïRÄô�Íô�Îs
rqrsrð,î·ïQ@ô�€ð&qr�qrî
ïO¼sr�ô�X�qr�qô�Gð$rô�XîyïN8srqô�Gð$rô�XîÙïL´srqr�srsrsrqr�t�r�qô�GrîÙïK0srô�Xqr�srsrsrqô�Gr�îÙïI¬ô�Xð'îyïH(srqô�Gî*rô�XîyïF¤ð)î·ïE ô�Èsrqrô�Éî·ïCœô�‹qrsrô�Œî·ïBô�€î·ï>ís�rð.s�r�qr�s�rî
ï=is�rsrsr�s�r�ô�X�qr�s�rî·ï;åô�€s�r�qr�s�rî
ï:a�sr�ô�X�qô�Gr�s�rô�X�s�rqrs�rsrsr�sô�Or�ô�Xî·ï8Ýô�€�s�rs�rs�rð&î·ï5²ô�Øô�ÙðAî·ï4.ô�ªð4ô�«sr
î·ï2ªô�ÏsrðEsî·ï1&rô�€ðAî·ï-'vô�X�}v�}v�}vî·ï)µ{
ô�€î·ï&Šqr�qr�qrð%qrîyï%ô�X	s�rqrîyï#‚	srs�rsrqr�s�r�îyï!þsrqrîyï zqô�Grô�Xqrqrqô�Gr�ô�X
î·ï{v}vî·ïPrô�¥ð.vrô�¦ð!î·ïÌô�“ð8ô�”ð&î·ïHð7ô�•ð+î·ïÄô�Åð0ô�Æð1î·ï@ô�¦ð,ô�§qr	qrî·ï¼ô
ôð(qrî·ï8x
rô�»qrô�¼
qrî·ï´ô�€�qr�qrî·ï‰ô�Òô�Óqr�qrð*î·ï
ô�‹qrqrqrô�Œî·ïô�€ðCqr
�������
��������TVk(&����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 2DRAFT OF JULY 20, 198259This class has names:BASE: TYPE;-- The type of the base pointer.SUBRANGE: SUBRANGE.TYPE-- The subrange type; only for pointers.RANGE: TYPE;-- If b: BASE and rp: T then b[rp] has type RANGE.4.6 Record and union typesRecord types are Cedar's facility for grouping values of different types (since group and bindingtypes cannot be denoted). Unions are closely related to records because they must be embeddedwithin records in current Cedar.4.6.1 Record types The MKRECORD type constructor takes one argument called fields: a declaration or cross type. If fieldsis a cross type, it is rebound to a decl with secret names. If fields=[n1: T1, n2: T2, ..., nk: Tk],MKRECORD produces a type with the clusterni: PROC[T]_Ti-- One for each name in the decl.FIELDS: DECLCONS: PROC[b: FIELDS]_[T]-- Apply by T[b]; a coercion from the binding.UNCONS: PROC[T]_[fields]-- No denotation; a coercion to the binding.Cross type fields are not very useful, since there is no way to name the field procs. The values of theni procs are not accessible; they can only be applied with dot notation. Thus if r is a record value,r.ni denotes its ith field.A record type T with a single component or type U inherits all of U's cluster. There is also acoercion from T to U. The effect is that a T value behaves just like a U value, but not vice versa.A sequence-containing record also inherits some procs from the sequence type (¶ 4.4.2.2).If v is a VAR U returned by a field proc, you can only apply @ to it if SIZE[U]>1, or U'srepresentation occupied an entire word, or by accident v happens to occupy a whole word in therecord representation.Record types in interfaces are painted: each type produced by RECORD[...] (i.e., by MKRECORD orMKMDRECORD) in an interface has a unique mark. Thus two occurrences of a record type constructorin an interface always produce two different types. In this respect, recordTCs are likeenumerationTCs, and differ from all other type constructors. In a program module, however, recordtypes are not painted; this is so that old values will still be useful after module replacement. Sincethe painting of record and enumeration types is the only way to generate unique marks, it is theonly way that an implementation can guarantee that its types cannot be forged. In practice, however, the protection afforded by opaque types (¶ 4.3.4) is usually adequate.Representation: A record variable is represented by a contiguous block of words, in which the bitsrepresenting each field are contiguous and do not cross a word boundary unless they fill a block ofwords, but are otherwise arranged at the discretion of the compiler. It is not possible to obtain aREF to a row element; this is because the implementation of both reference counting and ref anydiscrimination requires more information about each VAR than is available for a record field. Unlessa field fills one or more words, it is not possible to obtain a pointer to the field either (using @);this is because addresses point to words.A MACHINE DEPENDENT RECORD type constructor can specify the exact arrangement of the fields ina record, using the syntax of rules 46-48. Examples are given with the rules. Fields must bearranged according to the following rules.A pos48 (w) means that the field occupies word w, or bits 16w through 16w+15, of therecord variable; (w: f..l) means that it occupies bits 16w+f through 16w+l (0<f<l isrequired; there is no upper bound on l). All of w, f and l must be static.ÿ��������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?rî·ï_Ûô�€î
ï^Wxr�ô�X�qr�î*î
ï\Óxrxr�qî*rð(î
ï[Oxrqr�î*s�rxrsrs�rs�r�sr
xr�î·ïV|uî·ïSQrô�®ð2ô�¯ð)î·ïQÍð$ô�°ð9î·ïPIô�€î·ïLJvô�X
î·ïIrô�‚�xrð$ô�ƒsrð"sî·ïG›rô�Æð<ô�Ç�srs�ïGw�ïG›rs�ïGw�ïG›rs�ïGw�ïG›rs�ïGw�ïG›rs�ïG�ïG›rs�ïG�ïG›rî·ïE­xrô�€ð!î
ïD)s�ïCœ�ïD)r�ô�X�qr�s�r�t�s�ïCœ�î*ïD)rð!î
ïB;xrxî
ï@·rqr�s�rxr�t�r�s�r�î*s�r�s�rî
ï?3xrqr�s�r�t�r�sr�î*ð,î·ï=¯ô�€srô�ðNî·ï<+s�ï;ž�ï<+rô�”ðFô�•s�rî·ï:=sï9°�ï:=rô�€s�rî·ï7�ô�Às�rô�Á�s�rs�rî·ï5Žô�€s�rs�rs�rs�rî·ï2cðYî·ï/8ô�à�s�rxr�s�rô�áð9qr�s�rs�rî·ï-´
ô�¦ð)s�rð"ô�§î·ï,0ô�€î·ï)ô�ªð&ô�«qrxrî·ï'x	r�ô�€ô�ðRî·ï%ýô<ð!vrð"ô=î·ï$yô�†ð-ô�‡ð%î·ï"õô�”ô�•ðEî·ï!qô�¥ð9ô�¦ð$î·ïíô�èvrô�éð%ô�€�î·ïiðOî·ï>v
r�ô�™ðNô�šî·ïºô�‹ð!ô�Œð6î·ï6ô�¥ð0ô�¦ð-î·ï²qrô�¨ô�©ðRsî·ï.r
ô�‡ð&xrô�ˆî·ïª�ô�—ô�˜ðYî·ï&ô�€ð%î·ïû�ô�‚�qr�qr�qrð'ô�ƒî·ï
w�ô�ØðAô�Ùî·ïóô�€ð"î­ï	›�ô�½ï
(wï	›rs�rð%s�rs�r
s�r
î­ïô�Ýs�rs�rs�rs�r�s�r
s�r�s�rt�s�t�s�rô�Þî­ï“ô�€s�r	s�rs�rs�rÿ�������
¸��������TVk(2����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 2DRAFT OF JULY 20, 198260The pos must be large enough to hold a variable of the field type U: if SIZE[U]>1, it mustcompletely fill at least SIZE[U] words; if SIZE[U]=1 and U is a discrete, row, or record typerepresented in less than 16 bits, it need only be as large as the representation, but may notcross a word boundary.  Union fields are treated specially (¶ 4.6.2).Fields may not overlap, and together they must completely fill an integral number ofwords. The order of fields is not important.If any field has a pos, each must have one. A machine dependent record may have no pos.This form is not recommended. If it is used, the fields are arranged consecutively, and theconstructor must be such that that the rules about word alignment and boundary crossingare not violated by this arrangement.Note that a pos is really an explicit specification of the field proc, written in a rather restrictivespecial language.4.6.2 Variant record typesThere are two classes, unions (¶ 4.6.3) and sequences (¶ 4.4.2.2), whose types are not first-class typevalues, but can only appear as the type of the last field of a record or union. A record whose lastfield is one of these types is a variant record, and its last field is a variant field. The other propertyshared by a union and a sequence type is that each is a generalization of a number of special cases;there is a single value called the tag which identifies the special case. For a union, the special cases are unrelated, and the tag is a value from an enumeration. For a sequence, the special cases are rows of different length, and the tag is a value fromthe row's domain. The tag50 is treated as a field of the containing variant record. This field is readonly. For a union itcan be changed only by assigning to the entire variant part or the entire variant record; if either oldor new variant is RC this is unsafe. There is no way to change the tag field of a sequence. A tag ofCOMPUTED or OVERLAID means that there is no tag field; instead, the tag value must be supplied byan expression in a withSelect34 when it is needed for specialization. Tags of * and OVERLAID areonly for unions, and are explained in ¶ 4.6.3.The cluster of a variant record has the following items:The usual procs for the record fields (including the variant field itself, and the tag), and any procsinherited by the record type.TAGTYPE: TYPE-- The type of the tag.TAG: TAGTYPE;-- Another proc for the tag field.VARIANTTYPE: TYPE-- The (union or sequence) type of the variant field.VARIANTPART: PROC[T]_[VARIANTTYPE]-- Another proc for the variant field.SPECIALIZE: PROC[n: CARDINAL]_[BT: TYPE]-- A bound variant of T; denoted T[n].Specialization yields a record type called a bound variant in which the type of the variant field isone of the special cases of the union or sequence. The bound variant lacks SPECIALIZE, its tag fieldis readonly, and its VARIANTTYPE is the special case. Note that if the special case is itself a union orsequence, the bound variant is still a variant record; otherwise it is an ordinary record.Anomaly: A variant record type has EQUAL only if it does not have a SEQUENCE field, and for anytwo tag values a and b, SIZE[T[a]]=SIZE[T[b]]. Even if not all sizes are equal, however, EQUAL isallowed if one of the operands is a bound variant.The special properties of the subclasses of variant records are given in the sections on unions (4.6.3)and sequences (4.4.2.2).������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?rî­ï_Ûô�—ð?s�rqr�s�rô�˜î­ï^W	ô�qr�s�rqr�s�rô�‘s�rð#î­ï\Ó
ô�ŽðNô�î­ï[Oô�€ð@î­ïX÷ô�ÕðNî­ïWsô�€ð&î­ïUô�‹ðUî­ïS—ô�•ð,ô�–ð+î­ïR
ô� ð'ô�¡ð%î­ïPô�€ð"î·ïMdô�°ô�±ð]î·ïKàô�€	î·ïGávô�Xî·ïD¶rô�“ðQô�”î·ïC2ô�˜ð2ô�™ð*î·ïA®ô�v
rô��vrî·ï@*ô�†ðCô�‡î·ï>¦ô�€vrð$î­ï<NðZî­ï9öô�›ô�œðVî­ï8rô�€î·ï6ô�‰ï6§wï6rðFô�Šî·ï4–ô�ƒðNô�„î·ï3ô�‡ð"ô�ˆð@î·ï1Žqrô�€qrð9ô�î·ï0
ô�©ï0—wï0
rð0ô�ªqrî·ï.†ô�€ð*î·ï+[ð8î
ï)×ô�Xðcî
ëï(Sî
ï&Ïxrqî*rî
ï%Kxrxr�î*ð"î
ï#Çx
rqî*rð5î
ï"Cx
rqr�s�r�t�r�x
r�î*ð&î
ï ¿x	rqr�s�rqr�t�r�srqr�î*s�r	s�r�s�rî·ïg
ô�£vrð'ô�¤î·ïãô�‘ðHx	rô�’	î·ï_ô�‹x
rô�ŒðEî·ïÛô�€ðQî·ï°vr�ô�”	ô�•xrqrî·ï,ô�¹s�rs�rqr�s�r�s�rqr�s�r�s�rô�ºð+xrî·ï¨ô�€ð+î·ï}ô�…ð(ô�†ð<î·ïùô�€�������
x��������TVk(¬������������������������������������������������������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 2DRAFT OF JULY 20, 1982614.6.3 Union typesTogether with REF ANY, union types provide Cedar's facilities for associating a type T with a classwhich contains subtypes T1, ..., Tn, and dynamically narrowing a value of type T into a value of theproper type Ti. REF ANY is more convenient:Any REF T is a subtype of REF ANY; no pre-planning of the subtypes is required.REF T implies REF ANY; hence procs taking REF ANY accept any REF T without further ado.Union types, on the other hand, have performance advantages:A union type is just a value, not constrained to be a REF. These values or their VARs can beembedded in records or arrays without paying for extra storage allocation or an extra levelof indirection.The subtype of a union type can be discriminated several times faster than a REF ANY.Union types can therefore be recommended when performance tuning is required.A union type is defined by a unionTC49; it is not a first-class type in Cedar, and can only appear asthe type of the last field of a variant record (¶ 4.6.2) or another union. The only items in the clusterof a union type are the field procs for its fields; these are inherited by the containing record, whichis the type a program normally deals with. The cases of the union are given by the arms of the SELECT. The type of the tag must be anenumeration, and each case is named by one or more literals of the enumeration. Thus Node in theexample has cases binary, unary and nonary, and the type of the tag could have been written {binary,unary, nonary}. The * which actually appears for the tag type is short for an enumTC45 which listsall the names preceding the => symbols of the SELECT in turn. If the tag type is given explicitly,any enumeration values which don't appear preceding a => symbol have empty fields.A record type T containing a union field is a variant record. T is a first-class type which can beused like any other Cedar type. The only operations in the cluster of T are the ones of the variantrecord class. The fields of the union cases are not in the cluster of the variant. However, the fieldsof the selected case in a bound variant are in the cluster (e.g., Node[binary] has procs for a and b, inthe example of rule 49). The names declared in a field must not be the same as any name declaredin the containing record. However, the same name may be declared in more than one case of theunion. NULL following => is an obsolete synonym for [].Anomaly: A constructor for a union value has the form a[...], where a is one of the enumerationliterals of the tag type, and [...] is an ordinary binding for the fields of case a. The literal a may notbe omitted. Thusn: Node_[rator~plus, rands~binary[a~NIL, b~NIL]]Anomaly: If n is the name of the variant field, and r: T, r.n is legal only as the first operand of _.In all other cases, only a constructor can denote a union.The primitive ISTYPE can be used to distinguish the case of a variant record value x, and NARROWcan be used to obtain a value bx of the bound variant type from x; see ¶ 4.3.1. The safeSelect32construct is a useful and efficient combination of ISTYPE and NARROW which deals systematicallywith any number of cases. The withSelect34 construct is an unsafe version of safeSelect which canbe used with any union type, and is the only alternative when the tag is COMPUTED or OVERLAID.See ¶ 3.8 for discussion of these forms.If the tag is OVERLAID, any field name that appears in exactly one case of the union has a proc inthe cluster of the variant record. When such a proc is applied to a value x, there is no checking thatx is the proper case of the union. Obviously this is not typesafe, and if the field is RC it is unsafe. ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?rî·ï_Ûvô�Xî·ï\°rô�˜qr�qrô�™ð#s�rî·ï[,ô�‹s�ïZŸw�ï[,rs�ïZŸ�ï[,rð#ô�Œs�rî·ïY>ô�€s�ïX±�ïY>rqr�qrî­ïVæqr�s�rqr�qrð.î­ïTŽqr�s�rqr�qrqr�qrqr�s�rî·ïR6ð<î­ïOÞ�ô�„ð5qrxr�ô�…î­ïNZô�”ð$ô�•ð/î­ïLÖô�€î­ïJ~ðMqr�qr�î·ïH&ðMî·ïDû�ô�„ð#ïEˆwïDûr�ô�…ð0vr	î·ïCwô�†ðYô�‡î·ïAóð3ô�ˆð4î·ï@oô�€ð)î·ï=Dô�¾ð1qr�ô�¿î·ï;Àô�ô�Žð/srî·ï:<ô�
srsrsrð1ô�sî·ï8¸ô�œrô�ðAï9Ewï8¸rî·ï74ð.qrð.î·ï5°ô�€ðOî·ï2…�ô�ªs�rð/s�rô�«ð#î·ï1ô�“ðBs�rô�”î·ï/}ô�’ô�“ðGî·ï-ùô�Œð@sr�srs�rs�rî·ï,uô�Šð8ô�‹ð%î·ï*ñô�ðWô�žî·ï)mô�€�qrð,î·ï&Bvr�ô�ªô�«s�rs�rî·ï$¾ô�‰ðJs�rô�Š�s�rî·ï#:ô�€
î
ï!¶s�r�ô�X�srsr�srsr�sr�s�r�qrs�r�qrî·ï‹vr�ô�“s�rð's�rs�rsrô�”î·ïô�€ð8î·ïÜô�“
qrð?s�rô�”�qî·ïXrô�¬srô�­s�rïåwî·ïÔrô�©ð*qrô�ª�qrî·ïPô�Ÿô� ïÝwïPrð7î·ïÌô�–ô�—ðBqrqr�î·ïHô�€ð%î·ïô�’ô�“qrðLî·ï
™ô�ô�‚ð?s�rî·ïs�rô�€ðg�������v��������TVk(ð��������������������������������  CEDAR TYPES, PART 2DRAFT OF JULY 20, 198262A union has machine-dependent fields if and only if its containing record is machine-dependent.The union field must be last both in the fields and in the representation. Its pos includes the tag. Itneed not be word-aligned, though its tag and each field in each case must obey the alignment rulesfor record fields (¶ 4.6.1). If the union field is <16 bits in size, all cases must be the same size.Otherwise, all cases must be a multiple of 16 bits in size, and at least one case must exactly fill thespace for the union field.4.7 Ordered typesOrdered types can be compared, and they have subranges. The subclasses are discrete, numeric,pointer, and subrange. The class has namesLESS: PROC[T, T]_[BOOL];-- Apply by infix <. See rules 19, 22.GREATER: PROC[T, T]_[BOOL];-- Apply by infix >. See rules 19, 22.IN: PROC[T, SUBRANGE]_[BOOL];-- Apply by infix IN. See rules 19, 22.MAX: PROC[T_FIRST[T], ...]_[T];-- Apply by MAX[x, y, ...].MIN: PROC[T_LAST[T], ...]_[T];-- Apply by MIN[x, y, ...].All these procs do just what you expect. MAX and MIN accept more arguments than you can write.Pointers have these procs only if ORDERED=TRUE.The cluster also has names:SUBRANGE: CLASS;-- The class of subrange types of T.MKSUBRANGE: PROC[first, last: T]_[SUBRANGE];-- See rule 25 for denotations.MKEMPTYSUBRANGE: PROC[first: T]_[SUBRANGE]-- See rule 25 for denotations.These are discussed in ¶ 4.7.3 4.7.1 Discrete typesThe discrete types are those which have a useful bijection into an interval of the natural numbers:whole numbers and enumerations. These are the types that can be used as domains for row types (¶4.4.2). The class has names:FIRST: T-- Denoted FIRST[T]LAST: T-- Denoted LAST[T]PRED: PROC[x: T]_[T]-- Predecessor, apply by PRED[x].    May cause a bounds fault.SUCC: PROC[x: T]_[T]-- Successor, apply by SUCC[x].    May cause a bounds fault.Whole numbers are discussed in ¶ 4.7.2 as a subclass of numeric.4.7.1.1 Enumeration typesAn enumeration type is isomorphic to a [0..k] subrange of the integers, without any of thearithmetic operators. The values are named by literals which have the same syntax as names. Theenumeration type {n0, , ..., nk} has in its clustern0: T;-- Denoted T[n0]. . .nk: T-- Denoted T[nk]Procs to convert between T and INT are lacking.Enumeration types in interfaces are painted; each type produced by {...} (i.e., by MKENUMERATIONor MKMDENUMERATION) in an interface has a unique mark. Thus two occurrences of anenumerationTC always produce two different types unless both are in implementations and aretextually identical. In this respect, enumerationTCs are like recordTCs and differ from all other typeconstructors.ÿ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?rî·ï_Û�ô�¬ô�­ðXî·ï^Wô�†ð,ô�‡ð8î·ï\Óô�ŠðXô�‹î·ï[Oô�´ô�µðFî·ïYË	ô�ð>ô�Žî·ïXGô�€î·ïStuô�X
î·ïPIrô�ºðVî·ïNÅô�€ð"î
ïMAxr�ô�X�qr�s�rs�r�t�r�qrî*ð&î
ïK½xrqr�s�rs�r�t�r�qrî*ð&î
ïJ9xrqr�s�rxr�t�r�qrî*qrî
ïHµqrqr�s�r�qr�s�rt�r�s�rî*qr�s�rs�rî
ïG1qrqr�s�r�qr�s�rt�r�s�rî*qr�s�rs�rî·ïE­ô�’ô�“qrqrð*î·ïD)ô�€qr�qr�î·ï@þî
ï?zxr�ô�X�xr�î*ð"sî
ï=öx	rqr�srsrs�r�t�r�xrî*î
ï<rxrqr�srs�r�t�r�xr�î*î·ï:îô�€î·ï6ïvô�Xî·ï3Ärô�•ð&ô�–ð:î·ï2@ô�†ô�‡ð;î·ï0¼ô�€î
ï/8qr�ô�X�s�î*r
qr�s�r�î
ï-´qrs�î*r
qr�s�r�î
ï,0qrqr�s�rs�r�t�r�s�r�î*qr�s�rî*ï*¬î
ï)(qrqr�s�rs�r�t�r�s�r�î*qr�s�rî*ï'¤î·ï$yô�€ð;î·ï zvô�Xî·ïOrô�ìô�ís�rð.î·ïË	ô�¡ð,ô�¢ð)î·ïG
ô�€s�ïºw�ïGrs�ïº�ïGrî
ïYs�ïÌw�ïYr�ô�X�s�r�î*
s�r�s�ïÌw�ïYr�î
ïŽs�ô�Oî
ï
�ï}�ï
r�ô�X�s�î*r
s�r�s�ï}�ï
r�î·ïô�€s�rqrî·ïñ
ô�žð4ô�Ÿxî·ïmrô)�xrð9ô*î·ïéô�Ìvrô�Íî·ïeô�ð/ô�‚ð.î·ï	á�������
ˆ��������TVk(����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 3DRAFT OF JULY 20, 198263Anomaly: You can write ni for T[ni] in an argument or binding. In these contexts, even if ni isknown in the current scope, it denotes T[ni] and not the value it is bound to in the scope. ThusColor: TYPE~{red, blue, green};red: Color_Color[blue];c: Color_redleaves c=Color[red], not =Color[blue]. In fact, red=red is false! It is best not to redeclare enumerationnames.Representation: Conversion between T and a short number can be done with a LOOPHOLE. Therepresentation of ni is the same as that of the INT i (but understand the representation of subrangesbefore using LOOPHOLE there).The type BOOL or BOOLEANThis is an enumeration type {FALSE, TRUE}; BOOLEAN is a synonym for BOOL. It also has procs:NOT: PROC[BOOL]_[BOOL]-- Denoted by prefix NOT or ~.IFPROC[U: TYPE, test: BOOL, -- Denoted by IF test THEN "ifTrue"           ifTrue, ifFalse: PROC[]_[U]]_[U]     ELSE "ifFalse"The meaning of "ifTrue" and "ifFalse" is that in the constructIF test THEN ifTrue ELSE ifFalsethe ifTrue and ifFalse expressions are converted into parameterless procs and passed to IFPROC, whichapplies the one selected by test. The other one is never applied, so that expression is neverevaluated.Note that AND and OR look like infix operators on Booleans, but have special evaluation rules fortheir arguments, because they are desugared into IF expressions (¶ 3.7). The literals TRUE and FALSEcan always be written without qualification.The type CHAR or CHARACTRThis is an enumeration type {'\000, ..., '\377}; CHARACTER is a synonym for CHAR. CHAR literalsare written:As 'c for any character c except \, denoting the ith CHAR value, where i is the ASCIIcharacter code for c.As '\ddd, where each d is an octal digit, denoting the dddBth CHAR value. You cannot writeCHAR['\ddd].As '\c for various values of c, denoting the CHAR values for various non-printing orotherwise confusing characters (see rule 57).·As dddC, denoting the same value as '\ddd (obsolete).CHAR also has the following dubious procs:·PLUS: PROC[T, INTEGER]_[T]-- Denoted by infix +.·MINUS: PROC[T, INTEGER]_[T]-- Denoted by infix .·DIFF: PROC[T, T]_[INTEGER]-- Also denoted by infix .Anomaly: The infix "" cannot be desugared into dot notation, since there are two procs denotedby an infix "" whose first argument is a CHAR. The choice between MINUS and DIFF is based onthe type of the second argument.��������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?rî·ï_Ûvr�ô�»s�ï_N�ï_Ûrs�r�s�ï_N�ï_Ûrð%ô�¼s�ï_N�ï_Ûrî·ï]íô�€ð"s�r�s�ï]`�ï]írð5î
ï[ÿsr�ô�X�qrsô�Orî
ïZ{sr�ô�X�sr�sr�srî
ïX÷s�rsr�sî·ïWsrô�€�s�r�sr�srsr�srô�	sr�srð2î·ïUïî·ïRÄv
r�ô�»s�rô�¼qrî·ïQ@
ô�‹s�ïP³�ïQ@rqr�s�rô�Œî·ïORô�€qrî·ïKSvô�X}v}î·ïH(rô�€qrqrqrqrî
ïF¤qr�ô�X�qr�qr�t�r�qr�î*qrî
ïE xr�s�rqrsrqrî*
qr�sr�qrsr�î
ëïCœ
srsrqrt�r�s�rt�r�s�rî*qrsr�î·ïBô�€srsrîyï@”qrô�X�sr�qr�sr�qr�sî·ï?rô�€�srsrô�ð(xrî·ï=Œô�âsrð=î·ï<	î·ï8Ýô�šqrqrô�›ð0î·ï7Yô�†
ô�‡ð!qrð#qrqî·ï5Õrô�€ð)î·ï1Övô�X}v}î·ï.«rô�¡ð-qrqr�ô�¢�qrî·ï-'ô�€î­ï*Ïô�Îs�rô�Ï�s�rs�rqr
s�rqî­ï)Krô�€	s�r�î­ï&óô�Œsrô�s�rð!srqrî­ï%oqrsrî­ï#ô�ás�rs�rqrô�âî­ï!“ô�€ð$î­ï;srsrî·ïqrð&î
ïŒ�xr�ô�X�qr�s�rqr�t�r�s�r�î*î
ï�xrqr�s�rqr�t�r�s�r�î*î
ï„�xrqr�s�rs�r�t�r�qr�î*î·ïYvr�ô�ð'ô�žð0î·ïÕô�¡ð(qrxrxrô�¢î·ïQô�€ÿ�������	d��������TVk(������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 3DRAFT OF JULY 20, 1982644.7.2 Numeric typesNumeric types have arithmetic operations. There are no numeric type constructors, only theprimitive types INT=LONG INTEGER, LONG CARDINAL, INTEGER, CARDINAL  and REAL. All exceptREAL are subclasses of whole numbers, corresponding to different finite subsets of the integers, andare discrete as well (4.7.1). The cluster contains:PLUS: PROC[T, T]_[T]-- Denoted by infix "+".MINUS: PROC[T, T]_[T]-- Denoted by infix "".TIMES: PROC[T, T]_[T]-- Denoted by infix "*".DIVIDE: PROC[T, T]_[T]-- Denoted by infix "/". Truncates     toward 0: (i/j)=(i)/j=i/(j)ABS: PROC[T]_[T]-- Denoted ABS[x].UMINUS: PROC[T]_[T]-- Denoted by prefix "".4.7.2.1 Whole numbersThis class has:REM: PROC[T, T]_[T]-- Denoted by infix MOD.  i=j*(i/j)+i MOD jConsiderable confusion surrounds Cedar's treatment of whole numbers. This section gives a simplebut somewhat idealized description of how it works. Then it tells you the hard facts; future versionsof Cedar will adhere more closely to the ideal, and this part will shrink. Finally, it describes variousobsolete facilities whose use is not recommended.In general, a whole number type (except the CARDINAL types) is a subrange of INT, which is[231..231). This means that all the arithmetic procs work on INTs. If an argument of such a proc is asubrange value, it is coerced to INT (this cannot lose information or cause a fault), and the result iscoerced to a subrange type if necessary (with a possible BoundsFault). An arithmetic proc gives aBoundsFault if its result is not an INT (overflow).Anomaly: In fact, there are two deficiencies in the implementation:1)There is no overflow checking on the numeric procs.2)A subrange with <216 values is called short (currently all subranges have this property, asdo INTEGER and NAT), If all arguments are short, the result of an arithmetic proc istruncated to 16 bits (unless it is evaluated statically). This means that the result is always IN[215..215), and may differ from the correct result by some multiple of 216. You can forceproper INT arithmetic by writing at least one argument as LONG[x] rather than x. Thus thatthe programx, y: [0..10000)_1000;z: INT_x*y;w: INT_LONG[x]*yinitializes w to 1000000 but z to 16960. Beware. This will also happen if x and y aredeclared as INTEGER or NAT, since these too are short. There are several forms of whole number literal, given in rule 57. The radix may be:Decimal, the default, or specified by D after the number.Octal, specified by B after the number.Hexadecimal, specified by H after the number. A hex number may include the letters Athrough F, denoting the hex digits with decimal values 10 through 15. It must start with adigit in the range 0 through 9, however.The optional number following the radix character is a scale factor, given in decimal; that manyzeros are tacked on the end of the number. ÿ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?rî·ï_Ûvô�X
î·ï\°rô�ïð(ô�ðð+î·ï[,ô�•qr�qr�qrqr�qrqrqrô�–qrî·ïY¨qrô�‹ô�ŒðHî·ïX$ô�€ð0î
ïV xr�ô�X�qr�s�rs�r�t�r�s�r�î*î
ïUxrqr�s�rs�r�t�r�s�r�î*î
ïS˜xrqr�s�rs�r�t�r�s�r�î*î
ïRxrqr�s�rs�r�t�r�s�r�î*ð#î*ïPs�r�s�rs�rs�r�s�rs�r�î
ïOqrqr�s�r�t�r�s�r�î*
qr�s�rî
ïMˆxrqr�s�r�t�r�s�r�î*î·ïI‰vî·ïF^rô�€
î
ïDÚxr�ô�X�qr�s�rs�r�t�r�s�r�î*qrs�r�s�rs�r�s�rs�r�qr�s�î·ïA¯rô�”ð=ô�•î·ï@+ô�„ð8ô�…ð*î·ï>§ô�†ðTô�‡î·ï=#ô�€ð)î·ï9øô�Ìô�Íð!qrqr	î·ï8tï9wï8trï9wï8trô�ƒð2qrô�„î·ï6ðô�qrð'ô�Žî·ï5lô�°ð(ô�±	s
rî·ï3ès
rô�€qrî·ï0½vrð<î#ï.eî­ð3î#ï,
î­�ô�›ô�œt�r�ï,šwï,
rvrð0î­ï*‰ô�Ù�qrqrô�Úð9î­ï)ô�‡ðDô�ˆqî­ï'rï(wï'rï(wï'rô�¥ô�¦ð)ï(wï'rî­ï%ýô��qrð/ô�Ž�qr�s�r
s�r
î­ï$yô�€î:ï"õsô�Or�ô�Xî:ï!qs�rqr�s�r�s�r�î:ïís�rqr�qr�s�rs�î­ïir
ô�Ñ�s�rs�rð(ô�Òs�rs�rî­ïåô�€qrqrî·ïºðTî­ïbð9î­ï
ð'î­ï²ô�¬ð2ô�­î­ï.ô�–ðSî­ïªô�€ð#î·ï
Rô�­ð$ô�®ð9î·ïÎô�€ð&ÿ�������R��������TVk(����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 3DRAFT OF JULY 20, 198265Note that literals are always non-negative; a static negative value can be obtained by arithmetic;e.g., 1.Performance: Short values are represented in one word; other INT values require two words. Therepresentation is twos complement, with one more negative than positive value. Arithmetic is lessefficient on subranges with FIRST=0 (except for INTEGER, which is efficient). Widening a shortvalue to INT is more efficient if FIRST=0. Multiply and divide are quite slow when the argumentsare not short. Short divide is faster when FIRST=0 than for INTEGER. Cardinal typesThe type LONG CARDINAL has elements in the range [0..232);  CARDINAL is the subrange [0..216).The arithmetic procs produce answers modulo 232 (or modulo 216 if all arguments are shortcardinals). Use of these types is not recommended, mainly because there are confusing coercions toand from INT. If you program so that these coercions are never invoked, by never mixingCARDINAL and INT values, you will avoid thses problems; in the future Cedar will not have thesecoercions, and cardinal types will be harmless.Complications·Current Cedar attempts to do the "right" thing when subranges of INT are mixed with subranges ofLONG CARDINAL in an arithmetic proc, by supplying various coercions which may lose information.Do not use these features (unfortunately, the compiler won't check for their non-use); if you needto understand them, consult a wizard.4.7.2.2 The type REALCedar uses the IEEE standard 32-bit floating point arithmetic for REALs. There are REAL literals withsyntax given in rule 57; they are rounded to the nearest representable number. The exponent, ifpresent, indicates the power of 10 by which the number or fraction should be multiplied. A literalthat overflows the representation is a static error; one that underflows is replaced by itsdenormalized approximation. Note that a REAL literal can begin, but not end, with a decimal point.Exceptions?  Changing modes, etc? Is there an interface?4.7.3 Subrange typesEach discrete type U has a MKSUBRANGE type constructor; its application is denoted by the syntax inrule 25. The first and last arguments specify the first and last elements of the subrange; the FIRSTand LAST items in the subrange cluster have these values. The number of values in the subrangetype is lastfirst+1. The subrange is empty if last<first. It is also possible to make an empty subrangewith first=FIRST[U] using the EMPTYSUBRANGE type constructor. You cannot make an emptysubrange with last=LAST[U].In current Cedar the arguments of MKSUBRANGE must satisfy215<first<215 AND (lastfirst)<2161There is a subrange class for each discrete type, with the namesGROUNDTYPE: TYPE;-- The type whose MKSUBRANGE or    EMPTYSUBRANGE proc produced T.TOGROUND: PROC[x: T]_[GROUNDTYPE]-- A widening coercion.FROMGROUND: PROC[x: GROUNDTYPE]_[T]-- A narrowing coercion; may     raise BoundsFault. Apply by T[x].Note that there are coercions both to and from the ground type. The former cannot loseinformation or raise an exception, but the latter raises BoundsFault if its argument is not in the��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?rî·ï_Ûô�±ðOô�²î·ï^Wô�€î·ï[,v
r�ô�¨ô�©ð+qrî·ïY¨
ô�§ð0ô�¨ð#î·ïX$ô�Âqt�r
qrô�Ãî·ïV ô�˜qrqrð!ô�™î·ïUô�€ð(qrqrî·ïQvô�Xî·ïMòrô�¬qr�qrïNwïMòrqrô�­ïNwïMòrî·ïLnô�çð*ïLûwïLnrïLûwïLnrô�èî·ïJê
ô�ŽðTô�î·ïIfô�òqrðDô�óî·ïGâqrô�žqrô�ŸðGî·ïF^	ô�€ð%î·ïB_vî·ï?4rð!ô�ð!qrî·ï=°qrô�Š�qrô�‹ðAî·ï<,ô�˜ðTô�™î·ï:¨ô�€ð#î·ï6©vô�X	}î·ï3~rô�„	qrð/qrqr
î·ï1úô�­
ô�®ðKî·ï0vô�–ðDô�—î·ï.òôð0ôð'î·ï-nô�€qrð6î·ï)ü{ð8î·ï%ývô�Xî·ï"Òrô�€s�rx	rð0ô�
î·ï!Nô�Ÿsrsr	ô� ð:qî·ïÊrô�§�qrð#ô�¨ð3î·ïFô�sr�srô�‚sr�srð/î·ïÂô�ó�sr�qr�s�rxrô�ôî·ï>ô�€sr�qr�s�rî·ïð"x	rî
ïïwït�srïwïrô�X�qrsr�sr�t�r�ïwïrî·ïdô�€ð;î
ïàx	r�ô�X�qr�î*x	rî*ï\xrs�r�î
ïØxrqr�s�rs�r�t�r�x	r�î*î
ï
Tx	rqr�s�rx	r�t�r�s�r�î*î*ïÐ	s
r
s�r�s�rî·ï
Lô�ûô�üðMî·ïÈ
ô�¿ð.s
rô�À�������D��������TVk(Ü������������������������������������������������������������������������  CEDAR TYPES, PART 3DRAFT OF JULY 20, 198266subrange. Subranges also inherit all the procs of the ground type unchanged; these procs still takethe same arguments, and the coercions make it convenient to apply them to subrange values. Thereare no special arithmetic or comparison procs for subranges. Representation: If T is a subrange type, FIRST[T] is represented the INT 0 (except for INTEGER,which has 0 represented by 0), and LAST[T] by the INT (LAST[T]FIRST[T]+1). The number of bitsrequired to represent a T value is the n such that 2n1<(LAST[T]FIRST[T]+1)<2nIn current Cedar, a subrange value always fits in one word, because a subrange may not have morethan 216 values.4.8 TYPE typesAll type values have type TYPE. TYPE is not a general type; it lacks SIZE, NEW and the other generalprocs nearly all types have. Furthermore, in current Cedar a type can't be passed as a parameter,with two exceptions:An interface type parameter can be declared in a DIRECTORY statement, and the resultinginterface type can be used to declare an interface parameter in an IMPORTS clause. Theargument for this parameter is supplied by an implementation which exports the interfacetype.An opaque or exported type can be declared in an interface module. An implementation ofthe interface provides the actual argument.A type also can't be returned as a result, with two parallel exceptions:an interface type is returned by an interface module;an exported type is returned by an instance of an implementation. The other possible uses of a type value are these:Certain primitives take type arguments: CODE, DESCRIPTOR, ISTYPE, LOOPHOLE, NARROW,NEW, SIZE and a number of type constructors. A type value appears in a declaration, after a colon; e.g., i: INT.A type value appears as a value bound to a type name; e.g., T: TYPE~INT.In current Cedar, type expressions and ordinary expressions do not have the same syntax. Thesevere restrictions on where types can be used ensure that the parser can distinguish the cases wherea type is expected. There are a few cases where this is not true, and type names (rule 37) must bewritten instead of general expressions: subrange type constructors, ???.The runtime type system (ref ???) provides complete facilities for manipulating types duringexecution of the program (but currently not for constructiong them). The type values it manipulateshave the type RTT.Type, rather than TYPE. A RTT.Type can be obtained from a TYPE using theprimitive:CODE: PROC [T: TYPE]_[RTT.Type].In a number of cases the syntax T[x] (applying a type value) can be used. Depending on the class ofT, the meaning varies. The cases are summarized here, and described in detail in the appropriatesection above:TYPE applied to a static integer n yields an opaque type of size n (¶ 4.3.3).An array or record type applied to a group or binding yields a record value; this is called arecord constructor (¶ 4.4.2.1, 4.6.1).A sequence-containing record type applied to a not necessarily static CARDINAL yields arecord type containing a sequence of definite length, which can only be used in NEW andSIZE (¶ 4.4.2.2).ÿ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?rî·ï_Ûô�™ðZî·ï^Wô�Šð>ô�‹î·ï\Óô�€ð:î·ïY¨v
r�ô�Ás�rô�Âqr�s�rqrqr�î·ïX$ô�™qr�s�r�ô�šqrqr�s�rqr�s�rî·ïV ô�€s�r
s�r	î
ïUô�XïU©�wïUrqr�s�rqr�s�rt�r�ïU©�î·ïS˜rô�‰ðPô�Š
î·ïRô�€ïR¡wïRrî·ïMAuô�X
î·ïJrô�…qrqrô�†�qrqrî·ïH’ô�¢ðBô�£î·ïGô�€î­ïD¶ô� ð/qrô�¡	î­ïC2ô�ºô�»ð)qrî­ïA®ô�Ÿô� ð1î­ï@*î­ï=Òô��vrvrô�‘ð=î­ï<Nô�€ð(î·ï9öðHî­ï7žð5î­ï5FðBî·ï2îð2î­ï0–ô�¬
ô�­qrq	rqrqrqr�î­ï/qr�ô�€�qrð$î­ï,ºð<s�rqr�î­ï*bð<s�rqr�qr�î·ï'7ô�Åð@ô�Æî·ï%³ô�€ô�ðOî·ï$/�ô�”ð.ô�•ð3î·ï"«ô�€ð=vî4&ï"sþ­�î5Óï"«r�î·ï€ô�ñðRô�òî·ïüô�†ð"ô�‡ð8î·ïxô�Á	sr�ô�Âqrsrqr	î·ïô	î
ïpqr�ô�X�qrs�rqr�t�r�srî·ïEô�€ô�s�r�s�rð@î·ïÁs�r�ô�¦ð"ô�§ð<î·ï=ô�€î­ïåqrs�rs�r
î­ïô�‡ðYô�ˆî­ï
	ô�€î­ï
±�ô�»ðEqrô�¼î­ï	-ô�ð>ô�žqrî­ï©qrô�€�������*��������TVk(Â����������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 3DRAFT OF JULY 20, 198267A variant record type applied to a static tag value yields a bound variant type (¶ 4.6.2);An enumerated type applied to a name which is one of the enumeration literals yields thecorresponding enumeration value (¶ 4.7.1.1).A subrange type (including NAT, INTEGER, or CARDINAL) applied to a value of its groundtype yields a subrange value (¶ 4.7.3);What about TYPE n?4.9 Miscellaneous typesCONDITION | MONITORLOCK |UNSPECIFIED  | LONG UNSPECIFIEDIncomplete4.10 Kernel-only types --kernel only-- exception | DECL | BINDINGIncompletenotes followexceptionsNEWEXCEPTIONCODEVALUE: TYPE=RECORD[ SELECT tag: {normal, exception, hiddenException} FROMnormal => [v: *T],exception => [code: EXCEPTION[*A, *R], args: *A]hiddenException => [ex: VALUE[exception] , depth: INT]ENDCASE ]CURRENTEXCEPTIONEval[e]W WITH BasicEval[e]. SELECT FROMe: normap => n,ex: exception => ex,hex: hiddenException => IF hex.depth=1 THEN hex.ex ELSE [hiddenException[hex.ex, hex.depth-1]ENDCASE4.11 DefaultsA default in a type cluster provides a value which is supplied automatically in a binding where novalue is explicitly given. Example: PutInt: PROC[i: INT, radix: [0..100]_10]makes PutInt[i~x] short for PutInt[i~x, radix~10]. This is very convenient for infrequently-usedarguments, or if arguments are added to a widely-used proc. In summary, the usual cases for defaults and bindings are:ÿ��������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?rî­ï_Û�ô�€ðYî­ï]ƒô�–ð"ô�—ð4î­ï[ÿô�€î­ïY§�ô�›
ô�œqrqrqrð"î­ïX#ô�€ð#î·ïT±{
v{î·ïOÞuô�Xî·ïMªqrq
rq
rqô�Gî·ïJ8{	î·ïEeuô�Xî·ïC1qô�Grô�Xqrqî·ï?¿{ô�€î·ï>;r	î
ï<·xî
ï;3r�ô�X�qr�qrqrð+qîyï9¯rîyï8+xrîyï6§xrqr�îyï5#qrîyï3Ÿxî
ï2rt�r�qrqô�Gîyï0—rô�Xîyï/qô�G�rîyï-ô�Xqrqrqrð$î)ï,îyï*‡qî·ï%´uî·ï"‰r�ô�“
ô�”ðVî·ï!ô�€îyïsr�ô�X�qr�s�rqrsr
î·ïýô�Ù�sr�s�r�s�rsr�s�r�s�rsrô�Úð!î·ïy	ô�€ð2î·ïNð:�������‚��������TVk(����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 3DRAFT OF JULY 20, 198268Declaration|n: T_n: T_en: T in domain or range decl.|Binding short for|n~xn~x|n~xn~xn~xn~ or nothingn~OMITTED|ERRORn~eERRORTable 46: Usual cases for defaultsThe table says that you can forbid defaulting by writing the defaultTC T_, and you can provide adefault by writing T_e. Anomaly: The last column says that if you just write T in a proc domain or range declaration, anydefault is discarded. This means that you can tell by looking at the declaration whether there willbe defaulting, without knowing anything about the defaulting properties of the types.The basic idea is complicated by an assortment of features for improving efficiency, which aredescribed in the remainder of this section. Defaulting is controlled by two items in the cluster for atype T, and by two special values. The cluster items are:Default: PROC []_[T], a procedure which supplies a default value. If this item is missing,values of T cannot be defaulted. Defaulting is done by coercing the special value OMITTEDto T.Default[].Trash: PROC []_[T]; a procedure which supplies a trash value of type T, a haphazardcollection of bits of the same size as a value of type T. If this item is missing, values of Tcannot be trashed. The main virtue of this procedure is that is executes very fast. See thedescription of TRASH below.The CHANGEDEFAULT primitive makes a new type with these items modified. It cannot be written ina program, but is invoked by the syntax for defaultTC.CHANGEDEFAULT: PROC[OldT: TYPE, Default: PROC []_[T], TrashOK: BOOL]_[NewT: TYPE]NewT has the same predicate and cluster as OldT, except that:NewT.Default is Default. If Default is NIL, it is copied from OldT.Default, or omitted if that ismissing.NewT.Trash is copied from OldT.Trash if TrashOK=TRUE; a missing OldT.Trash causes anerror. It is omitted if AllowTrash=FALSE.As described earlier, a type in a proc domain or range which is not a defaultTC has its Default andTrash procs omitted.The two special values cannot be written explicitly in a program. Instead, they are supplied by thefollowing syntax:OMITTEDin a binding constructor the syntax n~ , which omits the value, means n~OMITTED.Then if there is a DefaultProc, OMITTED is coerced to T.Default[] to provide a value of type T.There is also a coercion which adds n~OMITTED to a binding which lacks n, so that n can beleft out entirely with the same effect as writing n~ . In a group (constructor without names), an empty element means OMITTED; note that thegroup is then coerced to a binding by attaching the binding's names to the group elementsin order (¶ 2.2.6).TRASHa binding can specify this value explicitly with the syntax n: TRASH. It is unwise touse TRASH if the program uses the value. Its purpose is to avoid the cost of initializing avariable which is going to be reinitialized  before it is read.ÿ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?rî·ï`3þ*�ï_Ûþ*�îáï`3þ	¥�ï_Ûþ	¥�î †ï`3þ�÷�ï_Ûþ�÷�î!}ï`3þ*�ï_Ûþ*�î(§ï`3þä�ï_Ûþä�î/‹ï`3þ�ï_Ûþ�î6’ï`3þž�ï_Ûþž�î=0ï`3þ�ï_Ûþ�î·ï^z
î †�î!}s�r�ô�€�s�r�î(§s�rs�r�s�î6’s�rs�rî·ï]¯þ*�Fîáï]¯þ	¥�Fî †ï]�î Þï]¯þ�Ÿ�Fî!}ï]¯þ*�Fî(§ï]¯þä�Fî/‹ï]¯þ�Fî6’ï]¯þž�Fî=0ï]¯þ�Fî·ï[¸î¬î †�î·ï[€þ8€�î·ïZWs�r�s�î¬s�r�s�î †r�î!}s�r�s�î(§s�r�s�î6’s�r�s�î·ïXö�rî¬s�r�xî †r�î!}qî(§s�r�s�î6’qî·ïXhþ*�ïW•þ*�îáïXhþ	¥�ïW•þ	¥�î †ïXhþ�÷�ïW•þ�÷�î!}ïXhþ*�ïW•þ*�î(§ïXhþä�ïW•þä�î/‹ïXhþ�ïW•þ�î6’ïXhþž�ïW•þž�î=0ïXhþ�ïW•þ�îÔïS–vô�Xî·ïPkrô�”ð*ô�•s�rî·ïNçô�€s�r�s�rî·ïK¼vr�ô�”ð-s�rô�•î·ïJ8ô�
ô�žðNî·ïH´ô�€ðSî·ïE‰ô�Æð[î·ïDô�ŠðOô�‹
î·ïBô�€�s�rð3î­ï@)sr�ô�­�qrt�r�s�rô�®ðEî­ï>¥ô�šs�rð(ô�›xî­ï=!rô�€�s�r�srî­ï:Ésr�ô�Ó�qrt�r�s�rô�Ôs�rî­ï9E	ô�—ô�˜s�rð%s�î­ï7Árô�ŸðBô� î­ï6=
ô�€xrî·ï3åô�ˆ�xrð,ô�‰ð"î·ï2a�ô�€ð5îyï0Ýxr�ô�X�qr�sq�ô�Gr�ô�X�srqô�G�rt�r�s�rô�X�srqr�t�r�srqr�î·ï/Ysrô�€ð'sr
î­ï-srô�–ô�—�srsrqrsr�srî­ï+}î­ï)%s	rô�Æsr�srsr�qr�ô�Ç
sr�sr	î­ï'¡ô�€s	r�qr�î·ï$vô�ŽðMô�srî·ï"òsrô�€î·ïÇô�”ô�•ð\î·ïCô�€î­ïëxrô�s�rð!s�r�xr�î­ïgô�…ô�†s
rxrs�r�srs�r�î­ïãô�ƒs�r�xrs�r	s�rô�„î­ï_ô�€ð.s�rî­ïô�¨ð=xrô�©î­ïƒô�ô�ð?î­ïÿô�€î­ï§qrô�’ð3ô�“s�rqrî­ï#ô�£�qrð.ô�¤ð$î­ïŸô�€ð7�������8��������TVk(Ê������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 3DRAFT OF JULY 20, 198269The effect of these rules is that binding [n1~e1 ...] to [n1: T1 ...] has the same effect as binding any of[n1~  ...], [...], or [ , ...] to [n1: T1_e1 ...] (assuming that any free variables have the same bindings inboth cases).Primitive types and those returned by primitive type constructors (except CHANGEDEFAULT) have aTrash proc and a Default proc equal to the Trash proc, with the following exceptions:CONDITION, MONITORLOCK and PORT have no Trash or Default; they do have an INIT procwhich sets any variable to NIL.REF and PROC types have no Trash and a NIL Default.Bound variant records have no Trash and a Default which sets the tag value appropriately.Record and array types have a Trash or Default if all their component types do; it is theobvious concatenation of the component procs.Including the various dangerous uses of TRASH which omit initializations, we get a larger and moreconfusing summary table which should be ignored except by efficiency hackers.:Default type constructor|T_T_eT_e | TRASHT_TRASHT in domain/ range declDefault|l [] IN el [] IN eT.TrashTrash|T.TrashT.TrashDeclaration|n: T_n: T_en: T_e |TRASHn:T_TRASHn: TBinding  short for|n~xn~x|xxxxxn~ or nothingn~OMITTED|ERROReeT.Trash[]ERRORn~TRASHn~TRASH|ERRORERRORT.Trash[]T.Trash[]ERRORTable 47: Complete cases for defaults4.12 ImpliesA type T implies another type T( (TgT( for short) if for any value x, T.PREDICATE[x]gT(.PREDICATE[x]In other words, if any value that has type T (satisfies T's predicate) also has type T(, then T impliesT(. A consequence is that a proc with domain type T( can safely be given a value of type T, sincethis value must also have type T(, as required by the proc. We also say that a T value is as good asa T( value.If T's predicate includes a test for some mark, then any type which implies T must test for the samemark or a bigger one. For instance, if R is a variant record type with variants a, b, and c, thenR[a]gR if SIZE[R[a]]=SIZE[R]. In fact, the predicate for R[a] tests for R's mark and for a tag equalto a. In other words, a bound variant value is as good as an unbound one.From the implementation's viewpoint (and after all, it is the implementation of an abstraction thatis responsible for attaching marks), two values should have the same mark only if they both haverepresentations with all the properties implied by that mark: occupy at least that much space, havethe proper fields interpreted in the proper way, etc. This is the rationale for marks: to distinguishvalues which are not acceptable to the same primitives. Of course this is not an enforceable rule:nothing prevents an implementation from unwisely allowing the marks it controls to be applied tounsuitable values.ÿ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?rî·ï_Ûô�€ð(s�ï_Nw�ï_Ûr�s�ï_Nw�ï_Ûrô�s�ï_Nw�ï_Ûrs�ï_Nw�ï_Ûrð+î·ï]í�s�ï]`w�ï]ír�sô�Œ�rs�ï]`w�ï]írs�ï]`w�ï]ír�s�ï]`w�ï]írð5ô�î·ï[ÿô�€î·ïXÔô�¡ð8ô�¢xrî·ïWPsrô�€srsrð%î­ïTøqr�ô�Ÿ�q
rqrsrsr�ô� xrî­ïStô�€qs�î­ïQqrqrsrqr�sî­ïNÄrsrsrð(î­ïLlô�¬	ô�­
srsrð+î­ïJèô�€ð&î·ïG½ô�ô�Žqrð5î·ïF9ô�€ðEî·ïCfþ*�ïCþ*�îáïCfþ	¥�ïCþ	¥�î †ïCfþ�÷�ïCþ�÷�î!}ïCfþ*�ïCþ*�î(§ïCfþä�ïCþä�î/‹ïCfþ	‚�ïCþ	‚�î9
ïCfþ+�ïCþ+�î@8ïCfþÀ�ïCþÀ�î·ïAŠî †�î!}s�r�î(§s�r�s�î/‹s�r�s�rqî9
s�r�qî@8s�r
î@8ï@
î·ï?Îþ;0�î·ï>‚sî †r�î!}�î(§|�rqr�s�î/‹|�rqr�s�î9
î@8r�î·ï<þsî †r�î!}�î(§�î/‹sî9
î@8r�î·ï<þ*�Fîáï<þ	¥�Fî †ï<þ�÷�Fî!}ï<þ*�Fî(§ï<þä�Fî/‹ï<þ	‚�Fî9
ï<þ+�Fî@8ï<þÀ�Fî·ï9ö
î †�î!}s�rs�r�î(§s�rs�r�s�î/‹s�rs�r�s�rqî9
s�r�s�r�qî@8s�rs�î·ï8rrîáî †�î·ï8:þ;A�î·ï6îs�r�s�îás�r�s�î †r�î!}s�î(§s�î/‹s�î9
�î@8�î·ï5j�rîás�r�xî †r�î!}qî(§s�î/‹s�î9
rî@8qî·ï3æs�r�qîás�r�qî †r�î!}qî(§qî/‹srî9
srî@8qî·ï35þ*�ï2bþ*�îáï35þ	¥�ï2bþ	¥�î †ï35þ�÷�ï2bþ�÷�î!}ï35þ*�ï2bþ*�î(§ï35þä�ï2bþä�î/‹ï35þ	‚�ï2bþ	‚�î9
ï35þ+�ï2bþ+�î@8ï35þÀ�ï2bþÀ�îÊï.cvô�Xð!î·ï)uî·ï&er�ô�€s�r�vr
s�t�rs�t�s�t�rs�rîyï$ás�r�qr�s�r�t�s�t�r�qr�s�r�î·ï#]ô�Œð)s�rs�rô�s�t�rs�rî·ï!Ùs�t�r�ô�šð/s�t�rô�›s�rî·ï Uô�Œ
ô�s�t�rð.s�r	v	î·ïÑr�ô�€�s�t�rî·ï¦ô�ƒ�s�rðGô�„�s�rî·ï"ô�²ô�³s�rð(s�rsrs�rî·ïžs�r�s�r�t�s�rô�–qr�s�r�s�rqr�s�rs�r�s�rs�rô�—î·ïô�€�s�rðEî·ïïô�—ðZô�˜î·ïkô�Ÿð4ô� ð*î·ïçô�’ðOô�“î·ïcô�ð:ô�žð(î·ï
ßô�£ð1ô�¤ð+î·ï[ô�šð?ô�›î·ï
×	ô�€ÿ�������
È��������TVk(7������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 3DRAFT OF JULY 20, 198270For example, [0..5]g[0..7] because both occupy four bits and represent the integer unbiased. But[1..5] does not imply [0..7], because it happens that the implementation biases the representation ofa subrange value, so that the value 1 is represented in [1..5] by binary 0000, but in [0..7] by binary0001. [1..5] and [0..7] must have different marks, but [0..5] and [0..7] can have the same mark (whichmight be called "four bit unbiased representation for unsigned integer"), and distinguish the valueswith the rest of their predicates (0<x<5 vs 0<x<7).For T to imply T(, there must be a proof that T's predicate implies T('s predicate. If T is anarbitrary type, and nothing is known about its relationship to other types, or if it tests for a uniquemark, then no such proof is possible. As a result, only an argument with syntactic type T isacceptable to a T_R proc. For built-in types and type-returning procs, however, the compilerknows the predicates and keeps track of the implications. The implies relations among built-in typeare (the transitive closure of those) specified in the following table. Any argument omitted from thetype proc applications in the table may take any legal value, but it must take the same value inboth applications in a single row.Certain points about the table are of special interest:The first line says that implies extends elementwise to declaration types.The line for transfer types (including PROC) says that (D_R)g(D(_R() if D(gD andRgR(. The relation is reversed for the domain types, because a D(_R( proc P( must acceptany D(, while a D_R proc P only accepts Ds. If P is used in the former context, it is onlyguaranteed to get a D(, and that must imply a D.There are no implications of the form VAR TgVAR U. You might think that TgU shouldimply this, but it doesn't work, because a VAR can be assigned to, and assigning a U (say a[0..7]) to a T (say a [0..5]) clearly won't do. So a VAR T can't be as good as a VAR U, whichcan be assigned a U value. In fact, if there were write-only VARs, the relation would bebackwards. This is a reflection of the fact that the only interesting operation on such VARsis assignment, which has the type [VAR T, T]_[T]; as we have seen, proc type implication isbackwards from the domain type implication.Any argument omitted from the type constructor applications in the table may take any legal value,but it must take the same value in both applications in a single row.ÿ��������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?rî·ï_Ûô�¨t�rð>ô�©
î·ï^Wô�“ô�”ð@î·ï\Ó�ô�’ðMô�“î·ï[Oô�„ðaî·ïYËô�ð9ô�ð&î·ïXGô�€t�s�t�rt�s�t�rî·ïUô�Ë�s�r	s�t�rô�Ìs�rs�t�rs�rî·ïS˜ô�Œ	ô�ðTî·ïRô�Ôð>ô�Õs�rî·ïP	ô�Îs�t�s�rð@ô�Ïî·ïOô�ô�ŽðZî·ïMˆô�‡ð/ô�ˆð3î·ïLô�­ð=ô�®î·ïJ€ô�€î·ïGUð7î­ïDýðJî­ïB¥ô�Êð$qrs�t�s�r�t�r�s�ts�t�r�ô�Ës�ts�rî­ïA!s�t�s�t�r�ô�„ô�…ð6s�ts�t�rs�t�rî­ï?ô�‘�s�t�r�ô�’s�t�s�rs�r
s�rs�rð*î­ï>	ô�€	s�t�rs�r�î­ï;Áô�ô�Ž	qr�s�t�qr�s�rs�t�s�rî­ï:=ð+qrð%s�rî­ï8¹ô�Šô�‹s�rð'qr�s�rqr�s�rî­ï75ô�³s�rð*qrô�´î­ï5±	ô�•ð/ô�–qr�î­ï4-ô�ƒô�„qsrs�r�t�r�s�rð,î­ï2©ô�€ð"î·ï/~ô�ˆô�‰ðEî·ï-úô�€ðBÿ�������	¾��������TVk(Z��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 3DRAFT OF JULY 20, 198271               In current form             In kernel formThese typesImply these typesRemarksThese typesImply these types[n: T , ...][n: T( , ...]if TgT([n: T , ...][n: Tÿ( , ...]Pointwise extension to bindings. Likewise for groups.TU declared by U: TYPETFULLYOPAQUE is fully opaque.TU declared by U: TYPE[n]if SIZE[T]=n ...TOPAQUE[n]... and T has the standard NEW, INIT, ASSIGN and EQUAL procs. U is n-opaque.READONLY TVAR TREADONLY TREADONLY TREADONLY T(if TgT(READONLY TREADONLY Tÿ(PROC/ERROR/...PROC/ERROR/...if T(gTMKXFERTYPE[MKXFERTYPE[  [T]   [T(]and  domain~T,   domain~Tÿ(,   RETURNS [U]  RETURNS [U(]UgU(  range~U]  range~U(]Note the reversed implication for the domain type.SAFE PROC/ERROR/...UNSAFE PROC/ERROR/...ÿMKXFERTYPE[MKXFERTYPE[    safe~TRUE]  safe~FALSE]ARRAY ... OF TARRAY ... OF T(if TgT(MKARRAY[range~T]MKARRAY[range~T(]If PACKED=FALSE or SIZE[T]>1. If PACKED=TRUE and SIZET]=1, the number of bits required torepresent a T and to represent a T( must be equal when rounded up to the next power of 2. Likewisefor SEQUENCE and DESCRIPTOR.REF TREF READONLY TMKREF[range~T, MKREF[range~T,  readOnly~FALSE]readOnly~TRUE]and likewise for POINTER and LIST.REF READONLY T REF READONLY T(if TgT(MKREF[range~T,MKREF[range~T(, readOnly~TRUE]  readOnly~TRUE]and likewise for POINTER and LIST.REF TREF ANYÿMKREF[range~T]MKREF[range~ANY]ORDERED POINTER TO TMKPOINTER[range~T, MKPOINTER[range~T,  POINTER TO T  ordered~TRUE]   ordered~FALSE]BASE POINTER POINTERand vice versaMKPOINTER[ MKPOINTER[base~TRUE]   base~FALSE]T[tag: x]Tif SIZE[T[tag: x]=??????  SIZE[T]A bound variant implies the unbound variant.RECORD[n: T]T1-element recordMKRECORD[fields~[n: T]] Tand likewise for MACHINE DEPENDENT RECORD.(PROC[A]_[n: T]).RANGE  T1-element binding[n: T]T(PROC[A]_[T]).RANGET1-element groupCROSS[[T]]TT[x...y] etc.TT.MKSUBRANGE[x, y]Tif T.FIRST=x and SIZE[T[x...y]]=SIZE[T].T[x...y] etc.T([x...y] etc.T.MKSUBRANGE[x, y]Tÿ(.MKSUBRANGE[x, y]if T.FIRST=T(.FIRST and T.LAST<T(.LAST.Table 48: Implies relations for primitive typesÿ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?rî·ï`3þ
È�ï_Ûþ
È�îï`3þ‰�ï_Ûþ‰�î*ï`3þg�ï_Ûþg�î6oï`3þ*�ï_Ûþ*�îA™ï`3þE�ï_ÛþE�î·ï^uô�€vî6oq}
î·ï\Œu
îuî*uÿ��������Š��������TVk(�Yî6oï\Œwô�€õ��îA™wî·ï[žþ
È�Fîï[žþ‰�Fî*ï[žþg�Fî6oï[žþ*�FîA™ï[žþE�Fî·ïY=q�{�q{�qî�{�q{�}�qî*{�}�{�}�î6ot�~�t~�tîA™�~�t~�����Š���N����TVk(��”Ø�RîCðïY=p�qô�€õ��îõïW¹rð5î·ïUîs�îs�rs�rqî6os�îA™x
îõïTjrî·ïRŸs�îs�rs�rqr�s�r�î*qr�s�rs�rî6os�îA™xr�s�r�îõïQs�rqrxrqrxrs�rs�rî·ïOP�îqr�s�����Ø���ú����TVk(��”Ø�cî6oïOPpqô�€õ���r�îA™sq�r�î·ïM…qt�u�îqt�u�}�î*tu�}�u�}�î6osq�r�îA™sq�r�ÿ���Ò���@����TVk(��”Ø�5îG­ïM…p�î·ïKºqr�qrîqr�qrî*ô�€õ���s�ts�������$����TVk(��”Ø�%î6oïKºp	q�îA™p	q�îõïJ6tô�€õ��u�tî}�t�î*î6oqrq�r�qîA™rq�r����6���<����TVk(��”Ø�/îG
ïJ6p�q�rô�€õ���îõïH²qrs�r�îqrs�t�r�î*s�t�s�t�î6oqq��q�îA™q��p�q�îõïG.rð2î·ïEcqr�qr�qrîqr�qr�qrÿ���r���’����TVk(��”Ø�Lî6oïEcp	q�îA™p	q�îõïCßtô�€õ��î6oqrt�qîA™rt�qî·ïBtqt�u�îqtqt�u�}�î*tu�}�u�}�î6opq�rq�r�q�îA™pq�rq�r�ÿ������t����TVk(��”Ø�JîIÍïBp�q�îõï@rô�»õ���qr�qrqr	qr�qrqrô�¼îõï?ô�ˆs�rs�t�rð%ô�‰îõï=ˆô�€�qrq	r�î·ï;½qr�s�îqr�qr�s�ÿ���x���ì����TVk(��”Ø�Jî6oï;½pq�rq�r�q�ô�€õ���îA™pq�rq�r�q�t�î6oï:9t�rq�sq�îA™rq�sq�îõï8µtqtqt�î·ï6êqt�qt�u�t�îqt�qt�u�}�î*tu�}�u�}�î6opq�rq�r�q�îA™pq�rq�r�ÿ���d���ž����TVk(��”Ø�\îHˆï6êp�q�î6oï5fô�€õ��q�~q�îA™	q�~q�îõï3ârqrqr�î·ï2qr�s�îqr�q������P����TVk(��”Ø�3î6oï2pq�rq�r�q�îA™pq�rq�sq�î·ï0Ltô�€õ���îqt�qt�u�î6opq�rq�r�qîA™pq�rq�r�q�îõï.Ètqt�qt�u�î6oqrq�sqîA™rq�sq�î·ï,ýt�qt�îqî*t
î6opqîA™pq�î6oï+yrq�sq�îA™rq�sq�î·ï)®u�t�utu�t�îu�î*tqt�u�t�utu�tî6oqîA™î*ï(*tqt�u�t�îõï&¦ð,î·ï$Ûqt�u�tu�t�îu�î*tî6opq�rqr�qr�qt�r�îõï#Wtqt�qt�qt�î·ï!Œ�qt�u�t�}�t�u�tu�twtu�î*tî6oq�r�qr�q�îA™r�î·ïÁt�qt�u�t�}�t�u�twîu�î*tî6owt�q�r�qîA™r�î·ïöu�t�u�tu�tîu�î6or�q�p	q�r�qr�q�îA™r�îõïrtu�t�qt�u�tqt�u�t�u�tu�tqt�u�tî·ï§u�t�u�tu�tîu�}�t�u�tu�tî6or�q�p	q�r�qr�q�îA™r�ÿ���R��b����TVk(��”Ø;îB;ï§p�q����´�������TVk(��”Ø�îBÈï§p	q�r�q�ô�€õ���r�q�îõï#tu�t�qt�u�}�t�qtu�t�q}�u�}�t�qt�î·ïrþ
È�ïŸþ
È�îïrþ‰�ïŸþ‰�î*ïrþg�ïŸþg�î6oïrþ*�ïŸþ*�îA™ïrþE�ïŸþE�îuï vô�Xð+ÿ���¶���j����TVk(��”Ø�e��������������������������������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 3DRAFT OF JULY 20, 1982724.13 CoercionsIn an application, the argument value must have the proc's domain type (¶ ???). To ensure that itdoes, an expression fŸ[e] which is an application is type-checked by requiring De to imply thedomain type D of Df (¶ ???). If it does not, an attempt is made to find a coercion function C:De_D which can map the argument to the required type.  If C is found, the application isrewritten as fŸ[C[e]Ÿ], which typechecks. We say that e is coerced to the type D.A coercion may also be done in a binding such as pi: REAL=3; this is actually a special case ofapplication. Note that infix operators, including assignment, are special ways of writing applications,and hence also do coercions. In particular, x: REAL; x_3 will coerce 3 to a REAL.There are no coercions from VAR T to VAR U; this is because coercing produces a new value, but anew VAR would be disjoint from the old one and would increase the size of the state, which isunlikely to be what is wanted.Note that if T implies U (see ¶ ???), no coercion from T to U is needed to make an application type-check. Another way of thinking about this: TgU means that there is a coercion function from T toU, but it does no computation. This is why REF T can be coerced to REF U if TgUA group or binding can be coerced element by element.  Formally, a declaration type, which is thetype of a binding, has one coercion for each coercion that an element type has. These can becomposed to coerce several elements.There is currently no way for the program to specify coercion procs. However, there is a modest setof built-in coercions, which are are listed in the following table. None of them loses information,except those from various whole numbers to REAL; in other words, they all have inverses. None ofthem can raise an exception, except a coercion from a base type to a subrange, which can causeRuntime.BoundsFault. Any argument omitted from the type proc applications in the table may takeany legal value, but it must take the same value in both applications in a single row.ÿ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?tî·ï_Û{ô�X	î·ï\°tô� ð-ô�¡ð2î·ï[,ô�Ðu�tu�tð7}�u�tô�Ñ	î·ïY¨ô�¹u�tô�º}�u�tð7vt	u�t�î·ïX$}�u�}�u�tô�Óô�Ôð$u�tî·ïV ô�€u�tu�t�u�tð#u�tvtu�t�î·ïSu�ô�ªô�«utqtð&î·ïQñô�‡ô�ˆðVî·ïPmô�€ð)îyïNéu�t�ô�X�qtu�tî·ïMeô�€qt�î·ïJ:ô�Šô�‹qt�u�tqt�u�tð6î·ïH¶ô�´�qtðFô�µî·ïG2ô�€î·ïDô�ƒu�tu�tu�tu�tô�„î·ïBƒô�…ô�†u�}�u�tð.u�tî·ï@ÿu�t�ô�€ð)qt�u�tqt�u�tu�}�u�î·ï=Ôt�ô�‹ð(ô�Œð8î·ï<Pô�Ãð9ô�Äî·ï:Ìô�€î·ï7¡ô�†ð^î·ï6ô�¥ð0ô�¦ð1î·ï4™ô�‘ð%qtð1î·ï3ô�«ð@ô�¬î·ï1‘ut�ô�¨ðBô�©î·ï0
ô�€ðSÿ�������$��������TVk(&����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 3DRAFT OF JULY 20, 198273               In current form             In kernel formThese types can be coerced to these typesRemarksThese types can be coerced to these types[..., n: T , ...][..., n: T( , ...]if T coerces to T([..., n: T , ...][..., n: T( , ...]This is pointwise extension of coercion to bindings. Likewise for groups.[T1, ..., Tk][n1: T1, ..., nk: Tk]group to bindingT1ÿX...XTkÿ[n1ÿ: Tÿ1ÿ, ..., nkÿ: Tÿkÿ][n1: T1, ..., nk: Tk][n1:T1, ..., nk:Tk, n: T]if T has a default.[n1ÿ: Tÿ1ÿ, ..., nkÿ: Tÿkÿ][nÿ1ÿ:T1ÿ, ..., nkÿ:Tkÿ, n: T]TT(if TgT(TTÿ(T[x..y]TT.ÿMKSUBRANGE[x, y]TTT[x...y]may raise TT.MKSUBRANGE[x, y]  Runtime.BoundsFaultand the same subrange coercions for relative address types.INT/INTEGER/REALloses informationsameCARDINAL/LONG CARDINALPOINTERLONG POINTERMKPOINTER[MKPOINTER[  long~FALSE]    long~TRUE]and likewise for DESCRIPTOR.T[tag: x]Tbound variant??????variable to valueVAR TTTable 49: Coercions for primitive types4.14 Dot notationCedar provides a single basic mechanism for getting a name looked up in a particular binding,rather than in the current scope (¶ 2.4.4):If b is a binding, then b.n is the value of n in b; it is an error if there is no element of bnamed n. By a natural extension:If T is a type, then T.n is the value of n in T's cluster. By a somewhat less natural, but very useful further extension (inspired by classical notation forrecords, and by Smalltalk):If e is an expression not a type or binding, then let P=(De).n. If P.DOMAIN=[p: D], then e.n is P[e].Otherwise, if P.DOMAIN=[p1: D1,  p2: D2, ..., pn: Dn], e.n is l [p2: D2, ..., pn: Dn] INP[e, p2, ..., pn]In other words, the value of n is obtained from the cluster of e's syntactic type. If it takes oneargument, it is applied to e. Otherwise. e.n is a proc which collects the other arguments p2, ..., pn thatP wants, and applies P to e, p2, ..., pn. In current Cedar you can't do anything with this proc exceptapply it immediately: you have to write e.n[...].There are four major applications for dot notation in current Cedar; they are described in the tablebelow. All use the simple rules just stated (look up n in a binding; in the cluster of a type; or in thecluster of De and then apply it). But the sources of the clusters used and the procedure values inthe clusters are quite various.������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?tî·ï`3þ
È�ï_Ûþ
È�îï`3þ
È�ï_Ûþ
È�î'Gï`3þ
Ç�ï_Ûþ
Ç�î5ï`3þ‹�ï_Ûþ‹�îA™ï`3þE�ï_ÛþE�î·ï^W{ô�€vî5qx
î·ï\Ó{
t{î'G{î5|ð)î·ï[åþ
È�Fîï[åþ
È�Fî'Gï[åþ
Ç�Fî5ï[åþ‹�FîA™ï[åþE�Fî·ïY„tu�tu�tîu�tu�}�tî'Gu�tu�}�î5qr�qr�qî@r�qr����������������TVk(�—îDïY„p�qô�€õ��îõïX�rðIî·ïV5�s�ïU¨w�ïV5rs�ïU¨�ïV5r�î�s�ïU¨w�ïV5rs�ïU¨�ïV5rs�ïU¨�ïV5rs�ïU¨�ïV5r�î'Gî5�ÿ������„����TVk(��”Ø�Gî5°ïU¨p����”�������TVk(��”Ø�î5÷ïV5p�qp�����–�������TVk(��”Ø�î9ïU¨q����œ�������TVk(��”Ø�î@ïV5t�~����ž�������TVk(��”Ø�î@éïU¨p���� �������TVk(��”Ø�îA0ïV5t�ô�€õ���~�ÿ���¢�������TVk(��”Ø�îB³ïU¨q����¦�������TVk(��”Ø�îBúïV5t�ô�€õ��~�ÿ���¨�������TVk(��”Ø�îEßïU¨q����°�������TVk(��”Ø�îF/ïV5t�ô�€õ���~�ÿ���²�������TVk(��”Ø�îG²ïU¨q����¶�������TVk(��”Ø�îHïV5t�î·ïTGq�{�ïSº�ïTGq�ô�€õ���{�ïSº~�ïTGq{�ïSº~�ïTGq{�ïSº~�ïTGq�î�{�ïSº�ïTGq�{�ïSº~�ïTGq{�ïSº~�ïTGq�{�ïSº~�ïTGq{�q{�q�î'G{�qî5t�~����¸���D����TVk(��”Ø�Uî5âïSºp����ü�������TVk(��”Ø�î6)ïTGt�ô�€õ���~�ÿ���þ�������TVk(��”Ø�î7¬ïSºq�����������TVk(��”Ø�î7óïTGt�ô�€õ��~�ÿ����������TVk(��”Ø�î:ØïSºq�����������TVk(��”Ø�î;(ïTGt�ô�€õ���~�ÿ����������TVk(��”Ø�î<«ïSºq�����������TVk(��”Ø�î<ûïTGt�î@�~�����������TVk(��”Ø�î@éïSºp�����������TVk(��”Ø�îA0ïTGt�~�����������TVk(��”Ø�îB3ïSºq�����������TVk(��”Ø�îBzïTGt�ô�€õ��~�ÿ����������TVk(��”Ø�îE_ïSºq����&�������TVk(��”Ø�îE¯ïTGt�~����(�������TVk(��”Ø�îF²ïSºq����*�������TVk(��”Ø�îGïTGt�ô�€õ���~�t~�t�î·ïRY{�î�}�î'Gq{�}�{�}�î5~�î@�ÿ���,�������TVk(��”Ø�*î@·ïRYp�î·ïPŽs�r�s�rs�r�îs�î5�q����@�������TVk(��”Ø�î5öïPŽp	q�r�q�ô�€õ���r�q�î@r�î·ïNÃu�îu�t�u�tu�t�î'G	î5r�î@r�q�p	q�r�qr�q�î'GïM?tuîõïK»tð;î·ïIðqt�qt�îqî'Gtî5qîõïHlt�îõïFèqt�qî·ïEîqt�qî5pq�î@pq�î5ïC™qrq�sq�î@rq�sq�îõïBtq	t�î·ï@Ju�t�utu�t�îu�î'Gtî5qî@î·ï>t�î�î'Gî5pq�r�î@r�î·ï=Îþ
È�ï<ûþ
È�îï=Îþ
È�ï<ûþ
È�î'Gï=Îþ
Ç�ï<ûþ
Ç�î5ï=Îþ‹�ï<ûþ‹�îA™ï=ÎþE�ï<ûþE�îaï8üvô�Xð#î·ï4){î·ï0þtô�¼ð5ô�½ð#î·ï/zô�€ð%î­ï-"ô��u�tu�t�u�tu�tu�tð+u�î­ï+žtô�€�u�tî·ï)Fî­ï&îu�tu�t�u�tu�tu�tî·ï$–ô�¼ð"ô�½ð=î·ï#ô�€î­ï ºu�tð5}�u�tu�tî£ï©u�t�wtu�tu�tutu�t�u�tî£ï˜	ô�¢u�t�wtu�ïz�ï˜tu�ïz�ï˜tu�ïz�ï˜t�ô�£�u�ïz�ï˜tu�ïr�ï˜tu�ïr�ï˜tut~�tu�ïz�ï˜tu�ïz�ï˜tu�ïr�ï˜tu�ïr�ï˜twî£ïªu�t�u�t�ô�€�u�ïz�ïªtu�ïr�ïªt�î·ïRô�¶ô�·
u�tð!u�tð"î·ïÎô�€u�tutô�u�ïAz�ïÎtu�ïAr�ïÎtî·ïàu�tô�Œu�tu�tu�ïSz�ïàtu�ïSr�ïàtô�ð(î·ïòô�€ð#utî·ïÇô�Šð$ô�‹ð;î·ïCô�€ð/u�tð(ô�	î·ï¿ô�}�u�tðRô�žî·ï;ô�€���L��Ì����TVk(��”Ø��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 3DRAFT OF JULY 20, 198274Object notation is the most general, since any opaque or record type T defined in an interfaceacquires a user-defined a cluster by this method. The current implementation is rather clumsy: allthe procs in the interface I from which T comes are added to T's cluster, with the names they havein I, except those whose names are already in T's cluster. Of course, an element of this cluster isonly useful if it takes a T as its first argument.The interface I from which P is obtained is normally an interface instance I (which is imported),not an interface type IT (declared in the DIRECTORY clause), because only the instance provides aproc value for P. Of course if P is bound to an INLINE in IT this is not true. See ¶ 3.3 for more ininterfaces.Restriction: In current Cedar, the value for P always comes from the principal imported instance ofIT (see ¶ 3.3.3). This is of no concern if only one IT value is imported. If more than one IT value isimported, however, confusion can result. If it does, consult a wizard.The cluster for a record type R is formed automatically by the record type constructor, and simplycontains a procedure for each field f: Tf, which takes an R and returns a Tf.  There are similarclusters for VAR R and READONLY R, in which the procedures take VAR or READONLY R and returnVAR or READONLY Tf.An interface type yields a binding, which contains those names which are bound in the interfacerather than simply declared (usually constants and types, sometimes inline procs). An interface value(imported interface) can also be thought of as a binding, with a value for each name in theinterface. Actually it is more like a record; its cluster contains a proc for each name declared in the interface, whichreturns the exported value when applied to the interface value.��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������î·ïf2qô�Gõ��ð,îG?tî·ï_Ûô�½ð$ô�¾u�tî·ï^Wô�œô�ðFvî·ï\Ótô�‹u�tu�tô�Œ
u�tð$î·ï[Oô�£�u�tð)ô�¤�u�tð4î·ïYËô�€u�tî·ïV ô�¦	ô�§�u�tu�tð&vt�u�tî·ïUô� 
vt�utô�¡qtð.î·ïS˜ô�
u�tu�tqtutô�‘î·ïR
î·ïNév
t�ô�‹ð!u�tô�Œð(î·ïMeutô�…ð-ô�†utð%utî·ïKáô�€ð=î·ïH¶ô�“ô�”u�tðCî·ïG2ô�µu�tu�ïF¥r�ïG2tu�tu�ïF¥r�ïG2tî·ïEDô�…qt�u�tô�†qt�u�tqtqt�u�t
î·ïCÀqtô�€qt�u�ïC3r�ïCÀt�î·ï@•ô�¨ô�©ðGî·ï?ô�ðOô�‚î·ï=ô�Ôô�Õð;î·ï<		ô�”�qð7ô�•ð6î·ï:…ô�€ð8ÿ�������.��������TVk(������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������  CEDAR TYPES, PART 3DRAFT OF JULY 20, 198275CaseSource for nDe.ne.ne.n[p2~x, ...]Meaningcan't write this(De).n[e](De).n[e][p2~x, ...]  orliterally.(De).n[p1~e, p2~x, ...] Object n:ŸPROC[self:ŸT_TI.n   WI.n[e], since*notationdeclared in same   nWI.n(De must interface I as De. Useless unless De coerces to T.be record or opaquen: PROC[self: T, I.n No (can't get theWI.n[self~e, p2~x, ...]type).p2: T2, ...] declaredvalue of the curried proc).in same I as De. Useless unless De coerces to T.RecordRECORD [..., n: T, ...]No (can't get theWa VAR T for *record selector field n of record e.value).Imported IT: DEFS{...; n: T;...};No (can't get theW the value exported*interfaceDIRECTORY IT: TYPE; interface selector as n in the e instanceIMPORT e: IT;value).of IT.Interface  IT: DEFS{...; n: T~v;...]No (it would Wv (need a binding *typeDIRECTORY e: TYPE IT;be TYPE.n).for n, not just n: T).* Only if T is a proc type with the right domain.Table 410: Cases for dot notation in current Cedar������������������������������������î·ïf2qô�Gõ��ð,îG?tî·ï`3þ!�ï_Ûþ!�îØï`3þL�ï_ÛþL�î#$ï`3þ
È�ï_Ûþ
È�î0ìï`3þ
È�ï_Ûþ
È�î>´ï`3þE�ï_ÛþE�îFùï`3þE�ï_ÛþE�î·ï^W{îØ{ô�€t�u�î#$}�u�t�u�î0ìu�t�u�î>´u�t�u�t�u�ï]Êz�ï^Wt�u�tî·ï[ÿ{î#$tî0ì�}�u�tu�t�u�t�î>´�}�u�tu�t�u�tu�ï[rz�ï[ÿt�u�t	î#$ïZ	î>´�}�u�tu�t�u�ïY„z�ïZt�u�tu�ïY„z�ïZt�u�tî·ïX¹þ!�FîØïX¹þL�Fî#$ïX¹þ
È�Fî0ìïX¹þ
È�Fî>´ïX¹þE�FîFùïX¹þE�Fî·ïVŸvt�îØu�tqt�utu�}�u�î#$u�t�u�tî0ì�}�ut�u�tî>´�î·ïUvîØtî#$�î0ì�u�}�uî·ïS—t�}�u�tîØ	u�t}�u�t}�u�tuî·ïRt	î·ïPîØu�tqt�utu�tî#$u�t�u�t�î0ìî>´}�u�t�u�t�ut�u�tu�ïPz�ïPt�u�tî·ïN¡îØu�ïNz�ïN¡tu�ïNz�ïN¡tî0ìîØïL³u�t}�u�t}�u�tuî·ïIˆvîØqtu�tu�tî#$î0ì}�tqt�u�tî>´�î#$ïHî0ìu�t
u�t�î#$ïF€î·ïCUvt�îØutqtu�tu�tî#$î0ì}�tî>´�î·ïAÑvîØqt�utqtî#$î0ìu�tu�tîØï@Mqt�u�tut�î#$î0ìut�î·ï="vtîØutqtu�tu�t�u�tî#$î0ì}�u�tî>´�î·ï;žvîØqt�u�tqt�ut�î#$qt�u�tî0ìu�t
u�tu�tî·ï8s	u�tð&î·ï7Âþ!�ï6ïþ!�îØï7ÂþL�ï6ïþL�î#$ï7Âþ
È�ï6ïþ
È�î0ìï7Âþ
È�ï6ïþ
È�î>´ï7ÂþE�ï6ïþE�îFùï7ÂþE�ï6ïþE�îï2ðvô�Xð.ÿ�������Þ��������TVk(,�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
TimesRoman���������������
TimesRoman������������
����
TimesRoman�����������
����
TimesRoman���������������
TimesRoman����������������
TimesRoman�����������
����
TimesRoman���������������
TimesRoman���������������
TimesRoman���������������	�	Helvetica����������������
�	Helvetica�������������
����
TimesRoman�����������	����Hippo�����������������
���
�Math������������������
����
TimesRoman���������������
TimesRoman�����������������	Helvetica�����������������
TimesRoman����������������
TimesRoman���������������
TimesRoman����������������
TimesRoman������������
����
TimesRoman�����������	����
TimesRoman�����������
����	Helvetica�����������������
TimesRoman��������������	�
TimesRoman��������������
�
TimesRoman����������������
TimesRoman�����������
����
TimesRoman��������������
�Math������������������
����Hippo�����������������
����Math�����������������������Math����������������������
TimesRoman����������������
TimesRoman������������
����
TimesRoman�����������	����Math������������������
����
TimesRoman�����������
����
TimesRoman�����������
����
TimesRoman����������������	Helvetica����������������	�	Helvetica�������������
���
�
TimesRoman������������	����
TimesRoman���������������Hippo�����������������
���
�
TimesRoman���������������
TimesRoman����������������
TimesRoman����������������
TimesRoman����������������
TimesRoman�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������r�����í�����ð�����¸�����’����
�–����	�,���&�	����/��Œ���7��å���>�
���H�
�m���R��4���]��µ���d�	�¸���m�
����w��ï���‚��Ø����	�9���–��D����	�$���¦�
����°��[���¸�	�n���Á��È���É�	�J���Ò�
�O����
�t���æ�	�<���ï�
�›���ü�
��������
�´���	�Û��%�
�Œ��/��º��3�	�À��<��‡��?�	�š��H��0��P�	�©��Y�	�e��b��“��e�
�D��o��M��v�	�¼����K��†��_����E��“�	���œ�
�«��¦�
�w��°�	���¹�	���Â��B��Ê�	�m��Ó�	�³��Ü�
�Ú��æ�
�Î��ð�	�T��ù�
����	�ò����í���	�ì���	�$��&�	�>��/��ò��4�	�6��=�
�É��G��¦��N�
�I��X��Ú��_��µ��j��ù��p��Ô�u�ÿÿ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������j/|�Ly���“0Þ��ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿCLRM.bx��������������������������������������������Lampson������������������������July 21, 1982  12:42 AM����������������������������������������������������������������������������������������������������������������������������������������������������