diff options
author | Runxi Yu <me@runxiyu.org> | 2024-12-05 21:34:44 +0800 |
---|---|---|
committer | Runxi Yu <me@runxiyu.org> | 2024-12-05 21:34:44 +0800 |
commit | adb19bb5071328ad0c5a0edc33e20185692bb67a (patch) | |
tree | 44ec3785c068ac88e55f369e55d4e3bd5fdc519d | |
parent | There is language-level support for tagged unions. (diff) | |
download | e2-spec-adb19bb5071328ad0c5a0edc33e20185692bb67a.tar.gz e2-spec-adb19bb5071328ad0c5a0edc33e20185692bb67a.tar.zst e2-spec-adb19bb5071328ad0c5a0edc33e20185692bb67a.zip |
Amend malloc example to not assume invalidity of zero pointers
-rw-r--r-- | language_description.md | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/language_description.md b/language_description.md index cdb084b..1a50c37 100644 --- a/language_description.md +++ b/language_description.md @@ -34,20 +34,22 @@ identifier` rather than `identifier type`. When defining a function, the programmer must specify what to do if the function could not be called (for example, if the stack is full). For example, -`malloc` for allocating dynamic memory would be structured something like -follows: +`malloc` for allocating dynamic memory could be structured like this: ```e2 -func malloc(size_t s) (void*) { +func malloc(size_t s) (void*, err) { /* What malloc is supposed to do */ - return ptr; + return ptr, NIL; } onfail { - return NULL; + return 0, ESTACK; } ``` If something causes `malloc` to be uncallable, e.g. if there is insufficient -stack space to hold its local variables, it simply returns NULL as if it failed. +stack space to hold its local variables, it simply returns a meaningless +pointer and a non-nil error value. Note that although we return "`0`" in the +example code above, the zero pointer is not guaranteed to be an invalid pointer +in $e^2$. Other functions may have different methods of failure. Some might return an error, so it might be natural to set their error return value to something like |