# CYMPLE 1.5 Changelog **Version:** 1.5 **Release Date:** December 15, 2025 **Focus:** Memory safety, concurrency clarity, and footgun prevention --- ## Breaking Changes Summary **πŸ”΄ CRITICAL BREAKING CHANGES:** | Change | Impact | Migration Effort | |--------|--------|------------------| | Pointers removed | HIGH - All pointer code invalid | Rewrite with handles | | EBNF updated to 1.5 | MEDIUM - Syntax unchanged, semantics formal | Update parsers | | Handle validation mandatory | LOW - Was implicit, now explicit | Add error handlers | | Task cap enforced | MEDIUM - May block on spawn storms | Add backpressure | | Channel close mandatory | LOW - Was implicit RAII, still works | Make explicit where needed | **⚠️ SEMANTIC CHANGES:** | What Changed | v1.4 Behavior | v1.5 Behavior | |--------------|---------------|---------------| | Scope exit | Unspecified task cleanup | MUST join/cancel (formal) | | Race simultaneous | Undefined | Lowest index wins (formal) | | Stop signal | Implied behavior | Formally specified | | Channel close | Implicit | Explicit or RAII (both valid) | | Panic unwinding | Unspecified order | RAII reverse order (formal) | --- ## Overview Version 1.5 is a **major safety and clarity update** to Cymple's memory and concurrency model. This release removes unsafe features (pointers), adds precise validation semantics (generational handles), improves concurrency safety (structured concurrency), and provides clear guidance on avoiding common pitfalls. --- ## Formal Specification (NEW in 1.5) **1.5 is the first version with complete formal specification.** ### What's Formal? **EBNF Grammar:** - All syntax formally defined - 80 productions - 17 semantic notes - 25 MUST requirements in grammar comments **Formal Semantics Section:** - Task lifecycle state machine - Scope exit algorithm - Stop signal formal definition - Race determinism rules - Channel state machine - Panic/unwinding algorithm - Task cap enforcement - Error object structure ### Normative vs Informative **Normative (MUST follow):** - Handles section - Memory Blocks section - Concurrency section - Channels section - Error Handling section - Formal Semantics section - EBNF Grammar **Informative (Examples only):** - Code examples - Design rationale - Footguns & guidance **In case of conflict:** Normative sections are authoritative. ### Why This Matters **Before 1.5:** - Spec was mostly examples - Implementation details unclear - No way to verify conformance **After 1.5:** - Unambiguous requirements - Testable semantics - Implementation guide built-in - Multiple compatible implementations possible ### Documentation Improvements (December 15, 2025) **Added to Specification:** 1. **RFC 2119 Conformance Keywords** - Formal definition of MUST/SHOULD/MAY - Clear requirement levels for implementers - Standards-compliant specification language 2. **Design Principles Section** - Five explicit core principles - Safety First, Determinism, Explicitness, Fail-Fast, Minimalism - Explains design decisions (e.g., no break/continue) 3. **Statement Reference Index** - Maps all EBNF statements to semantic sections - Quick navigation for implementers - Completeness verification 4. **Function Return Semantics** - Clarified typed vs. untyped vs. void functions - Explicit rules for missing returns - Removed ambiguity in return behavior 5. **Structured Error Code Ranges** - Organized ranges by category (1000-1999: Memory, 2000-2999: Channels, etc.) - Reserved ranges for future expansion - Clear guidelines for custom error codes (9000-9999) 6. **Minimalism Principle** - Explicitly documents absence of break/continue as design choice - Functions and return are primary control flow abstractions - Aligns with "keep it simple" philosophy **Impact:** Better specification clarity, easier implementation, clearer design rationale. --- ## Breaking Changes ### πŸ”₯ Pointers Completely Removed **What changed:** - All pointer types removed from the language - No pointer arithmetic - No dereference operators **Migration:** ```cymple πŸ“ v1.4 - Pointers (REMOVED) *πŸ”’ptr ← &value πŸ”’val ← *ptr πŸ“ v1.5 - Handles only πŸ’Ύblock ← allocate(100) πŸ“‹val ← block[0] πŸ“ Array-like access, NOT pointer arithmetic ``` **Rationale:** - Pointers were a safety hazard - All memory access now through validated handles - Indexing syntax (`block[i]`) is clearer and safer **Impact:** HIGH - Any code using pointers must be rewritten --- ### πŸ”„ Handle Semantics Completely Redesigned **What changed:** - Handles are now **opaque and read-only** - Generational validation added - Fail-fast on stale handles **New handle structure (internal):** ``` handle: slot/index πŸ“ Into runtime handle table generation πŸ“ Detect use-after-release kind/type πŸ“ Resource type ``` **Validation requirements (MUST):** 1. Slot in range? 2. Slot occupied? 3. Generation matches? 4. Kind matches? **Example:** ```cymple πŸ’Ύblock ← allocate(100) release(block) πŸ“‹val ← block[0] πŸ“ ERROR: Stale handle detected! ``` **Rationale:** - Prevents use-after-free bugs - Catches errors immediately - Type-safe resource access **Impact:** MEDIUM - Mostly transparent, but invalid handle use now fails fast --- ## Major Features ### ✨ Generational Handle Validation Handles now carry **generation counters** to detect stale handle use: ```cymple 🧡 demonstrate_validation() πŸ’Ύblock ← allocate(100) πŸ”— block -> B B[0] ← 42 πŸ“ OK - valid handle, generation matches release(block) πŸ“ Generation increments, resource freed πŸ“‹val ← block[0] πŸ“ ERROR: Generation mismatch! πŸ“ Runtime catches this immediately ``` **Benefits:** - Use-after-free detection - No undefined behavior - Clear error messages --- ### πŸ› οΈ Memory Blocks with Bounds Checking Memory blocks are now **explicit heap-managed objects**: ```cymple πŸ’Ύblock ← allocate(1024) πŸ“ Allocate 1024 bytes πŸ“ Safe indexing with validation πŸ“‹val ← block[0] πŸ“ OK - within bounds block[42] ← 99 πŸ“ OK - within bounds block[1500] ← 5 πŸ“ ERROR: Bounds check fails! ``` **Validation on every access:** 1. Handle valid? 2. Index in range? 3. Perform operation **Properties:** ```cymple πŸ”’size ← block.size πŸ“ Get size βœ…valid ← block.is_valid πŸ“ Check validity ``` --- ### 🧡 Structured Concurrency Tasks are now **automatically managed** within their scope: ```cymple 🧡 parent_function() πŸŒ€πŸ“¦ πŸ“‹results ← [task1(), task2(), task3()] ⏱️ 30s πŸ’¬ "Timeout" βœ… πŸ“‹all ↩ πŸ“‹all πŸ“ Tasks GUARANTEED to be done or cancelled here πŸ’¬ "All tasks finished" ``` **Key features:** - Tasks joined/cancelled on scope exit - No orphaned tasks - Clear lifecycle **Explicit detach (with warning):** ```cymple 🧡 fire_and_forget() 🧡detach worker_task() πŸ“ WARNING: May retain resources! ↩ πŸ“ Parent returns immediately ``` --- ### 🚦 Runtime Task Cap The runtime enforces a **maximum concurrent tasks** (default: 1000): ```cymple πŸ“ Configurable at startup runtime.max_concurrent_tasks ← 1000 ``` **Purpose:** - Prevents "spawn storms" - Provides backpressure - Protects system resources **Behavior when limit reached:** - Task creation blocks or queues - No silent failures - Clear feedback --- ### πŸ“‘ Channel Close Semantics Channels now have **deterministic close behavior**: **Explicit close:** ```cymple πŸ“‘ch ← πŸ›°οΈπŸ”’ πŸš€ ch, 42 close(ch) πŸ“ Explicitly close ``` **RAII close (automatic):** ```cymple 🧡 sender() πŸ“‘ch ← πŸ›°οΈπŸ”’ πŸš€ ch, 42 πŸ“ Channel auto-closes here ``` **Closed channel behavior:** - **Send to closed channel:** Error/panic - **Receive from closed channel:** Returns null/special value - **Loop over closed channel:** Terminates cleanly **Example:** ```cymple 🧡 producer(πŸ“‘out) πŸ” i = 1..10 πŸš€ out, i close(out) πŸ“ Signal end 🧡 consumer(πŸ“‘in) πŸ” msg in in πŸ’¬ "Got: πŸ”’msg" πŸ“ Loop exits when channel closed πŸ’¬ "Done" ``` --- ### πŸ“œ Normative Requirements Added **NEW in v1.5:** Comprehensive normative requirements using RFC 2119 keywords. **Requirements Count:** - 57 MUST statements (critical requirements) - 8 SHOULD statements (strong recommendations) - 9 MAY statements (optional features) **Key Requirements:** **Memory Safety (MUST):** - MUST validate handles on every use - MUST check bounds before every memory access - MUST detect stale handles via generation counters - MUST panic on validation failures - MUST release resources on scope exit **Concurrency (MUST):** - MUST enforce runtime task cap (prevent spawn storms) - MUST join/cancel tasks on scope exit - MUST use fail-fast panic behavior - MUST NOT allow shared memory between tasks **Error Handling (MUST):** - MUST provide deterministic panic behavior - MUST unwind stack with RAII cleanup - MUST support Guru meditation for catching panics - MUST provide standard error types **Best Practices (SHOULD):** - SHOULD provide explicit timeouts for blocking operations - SHOULD close channels explicitly or via RAII - SHOULD zero allocated memory by default - SHOULD warn about detached tasks **Rationale:** Clear requirements enable consistent implementations and prevent ambiguity. --- ## Code Examples ### Example 1: Safe Memory Block Indexing ```cymple 🧡 safe_buffer_demo() πŸ’Ύbuffer ← allocate(100) πŸ“ Safe indexing with validation πŸ”— buffer -> mut B πŸ” i = 0..100 B[i] ← i * 2 πŸ“ Validate before access 🧘 guru(e) πŸ”€ e.type ➜ "BoundsCheck" πŸ’¬ "Index out of bounds" ↩ πŸ’¬ "Value at 50: buffer[50]" πŸ’¬ "Value at 150: buffer[150]" πŸ“ ERROR caught! ``` ### Example 2: Stale Handle Detection ```cymple 🧡 stale_handle_demo() πŸ’Ύblock ← allocate(100) πŸ”— block -> B B[0] ← 42 πŸ“ OK release(block) πŸ“ Handle now stale 🧘 guru(e) πŸ”€ e.type ➜ "GenerationMismatch" πŸ’¬ "Stale handle detected!" ↩ πŸ“‹val ← block[0] πŸ“ ERROR: Stale handle ``` ### Example 3: Structured Concurrency with Timeout ```cymple 🧡 parallel_fetch(πŸ“‹urls) -> πŸ“‹ πŸŒ€πŸ“¦ πŸ“‹results ← create_fetch_tasks(πŸ“‹urls) ⏱️ 30s πŸ“ Overall timeout πŸ’¬ "Fetch timeout - returning partial results" ↩ πŸ“‹results ⏩ πŸ“‹partial every 10 πŸ“ Progress updates πŸ”’percent ← (πŸ“‹partial.length * 100) / πŸ“‹urls.length πŸ’¬ "Progress: πŸ”’percent%" πŸ“ Early cancellation if we have enough ❓ πŸ“‹partial.length >= 50 πŸ›‘ πŸ“ Stop remaining tasks ↩ πŸ“‹partial βœ… πŸ“‹all ↩ filter_ok(πŸ“‹all) πŸ“ All tasks cleaned up here ``` --- ## Migration Guide ### From v1.4 to v1.5 #### 1. Remove All Pointer Code **Before (v1.4):** ```cymple *πŸ”’ptr ← &value πŸ”’result ← *ptr + 10 ``` **After (v1.5):** ```cymple πŸ’Ύblock ← allocate(100) block[0] ← value πŸ”’result ← block[0] + 10 ``` #### 2. Add Timeouts to Quantum Operations **Before (v1.4):** ```cymple πŸŒ€βš‘ πŸ”€result ← [fetch1(), fetch2()] βœ… πŸ”€winner ↩ πŸ”€winner ``` **After (v1.5):** ```cymple πŸŒ€βš‘ πŸ”€result ← [fetch1(), fetch2()] ⏱️ 5s πŸ“ Add timeout! ↩ fallback() βœ… πŸ”€winner ↩ πŸ”€winner ``` #### 3. Handle Validation Errors **Before (v1.4):** ```cymple πŸ’Ύblock ← allocate(100) πŸ“‹val ← block[0] πŸ“ May panic ``` **After (v1.5):** ```cymple πŸ’Ύblock ← allocate(100) 🧘 guru(e) πŸ”€ e.type ➜ "HandleValidation" ↩ null πŸ“‹val ← block[0] πŸ“ Validated ``` --- ## Summary **Version 1.5 is all about safety and clarity:** βœ… Pointers removed - handles only βœ… Generational validation - detect stale handles βœ… Memory blocks - explicit heap management βœ… Structured concurrency - no orphaned tasks βœ… Runtime caps - prevent spawn storms βœ… Channel close semantics - deterministic cleanup βœ… Footguns & guidance - learn from mistakes **Migration effort:** Low to Medium (2-4 hours for typical project) **Safety improvement:** HIGH **Recommended:** Upgrade immediately for better safety --- **Cymple v1.5** - Memory safety through validated handles. *Release Date: December 15, 2025* *Β© 2025 JΓΆrg Burbach*