aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRunxi Yu <me@runxiyu.org>2024-12-05 21:34:44 +0800
committerRunxi Yu <me@runxiyu.org>2024-12-05 21:34:44 +0800
commitadb19bb5071328ad0c5a0edc33e20185692bb67a (patch)
tree44ec3785c068ac88e55f369e55d4e3bd5fdc519d
parentThere is language-level support for tagged unions. (diff)
downloade2-spec-adb19bb5071328ad0c5a0edc33e20185692bb67a.tar.gz
e2-spec-adb19bb5071328ad0c5a0edc33e20185692bb67a.tar.zst
e2-spec-adb19bb5071328ad0c5a0edc33e20185692bb67a.zip
Amend malloc example to not assume invalidity of zero pointers
-rw-r--r--language_description.md14
1 files changed, 8 insertions, 6 deletions
diff --git a/language_description.md b/language_description.md
index cdb084b..1a50c37 100644
--- a/language_description.md
+++ b/language_description.md
@@ -34,20 +34,22 @@ identifier` rather than `identifier type`.
When defining a function, the programmer must specify what to do if the
function could not be called (for example, if the stack is full). For example,
-`malloc` for allocating dynamic memory would be structured something like
-follows:
+`malloc` for allocating dynamic memory could be structured like this:
```e2
-func malloc(size_t s) (void*) {
+func malloc(size_t s) (void*, err) {
/* What malloc is supposed to do */
- return ptr;
+ return ptr, NIL;
} onfail {
- return NULL;
+ return 0, ESTACK;
}
```
If something causes `malloc` to be uncallable, e.g. if there is insufficient
-stack space to hold its local variables, it simply returns NULL as if it failed.
+stack space to hold its local variables, it simply returns a meaningless
+pointer and a non-nil error value. Note that although we return "`0`" in the
+example code above, the zero pointer is not guaranteed to be an invalid pointer
+in $e^2$.
Other functions may have different methods of failure. Some might return an
error, so it might be natural to set their error return value to something like