From d17e0f73a57eb65c82eb942bf4b33e3c6d8335c3 Mon Sep 17 00:00:00 2001 From: Melody Horn Date: Mon, 2 Nov 2020 20:38:48 -0700 Subject: update examples to use precise integer types --- language/scanning.rst | 6 +++--- language/type-definition.rst | 6 +++--- safety.rst | 19 ++++++++++--------- 3 files changed, 16 insertions(+), 15 deletions(-) diff --git a/language/scanning.rst b/language/scanning.rst index 044441d..2c5e290 100644 --- a/language/scanning.rst +++ b/language/scanning.rst @@ -11,18 +11,18 @@ Scanning Punctuators, string literals, and character constants do not require explicit separation from adjacent tokens. keyword - One of the literal words ``bool``, ``break``, ``byte``, + One of the literal words ``bool``, ``break``, ``case``, ``const``, ``continue``, ``default``, ``do``, ``else``, ``enum``, ``false``, ``float32``, ``float64``, ``for``, ``fragile``, ``function``, - ``if``, :crowbar:ref:`include `, ``int8``, ``int16``, ``int32``, ``int64``, ``intaddr``, + ``if``, :crowbar:ref:`include `, ``int8``, ``int16``, ``int32``, ``int64``, ``intaddr``, ``intmax``, ``intsize``, ``long``, ``opaque``, ``return``, ``short``, ``sizeof``, ``struct``, ``switch``, ``true``, - ``uint8``, ``uint16``, ``uint32``, ``uint64``, ``uintaddr``, ``union``, + ``uint8``, ``uint16``, ``uint32``, ``uint64``, ``uintaddr``, ``uintmax``, ``uintsize``, ``union``, ``void``, or ``while``. diff --git a/language/type-definition.rst b/language/type-definition.rst index 9e3d7c4..7b90934 100644 --- a/language/type-definition.rst +++ b/language/type-definition.rst @@ -67,9 +67,9 @@ Defining Types enum TokenType type; switch (type) { - case Identifier: (const char) * name; - case Constant: int value; - case Operator: char op; + case Identifier: (const byte) * name; + case Constant: intmax value; + case Operator: (const byte) * op; case Whitespace: ; } } diff --git a/safety.rst b/safety.rst index 6a73b85..b3df7f4 100644 --- a/safety.rst +++ b/safety.rst @@ -15,29 +15,30 @@ Buffer overflow --------------- Crowbar addresses buffer overflow with bounds checking. -In C, the type ``char *`` can point to a single character, a null-terminated string of unknown length, a buffer of fixed size, or nothing at all. -In Crowbar, the type ``char *`` can only point to either a single character or nothing at all. -If a buffer is declared as ``char[50] name;`` then it has type ``char[50]``, and can be implicitly converted to ``(char[50])*``, a pointer-to-50-chars. +In C, the type ``uint8_t *`` can point to a single byte, a null-terminated string of unknown length, a buffer of fixed size, or nothing at all. +In Crowbar, the type ``uint8 *`` can only point to either a single byte or nothing at all. +If a buffer is declared as ``uint8[50] name;`` then it has type ``uint8[50]``, and can be implicitly converted to ``(uint8[50])*``, a pointer-to-50-bytes. If memory is dynamically allocated, it works as follows:: - void process(size_t bufferSize, char[bufferSize] buffer) { + void process(uintsize bufferSize, uint8[bufferSize] buffer) { // do some work with buffer, given that we know its size } - int main(int argc, (char[1024?])[argc] argv) { - size_t bufferSize = getBufferSize(); - (char[bufferSize])* buffer = malloc(bufferSize); + int8 main(uintsize argc, (uint8[1024?])[argc] argv) { + uintsize bufferSize = getBufferSize(); + (uint8[bufferSize])* buffer = malloc(bufferSize); process(bufferSize, buffer); free(buffer); } -Note that ``malloc`` as part of the Crowbar standard library has signature ``(void[size])* malloc(size_t size);`` and so no cast is needed above. +Note that ``malloc`` as part of the Crowbar standard library has signature ``(void[size])* malloc(uintsize size);`` and so no cast is needed above. In C, ``buffer`` in ``main`` would have type pointer-to-VLA-of-char, but ``buffer`` in ``process`` would have type VLA-of-char, and this conversion would emit a compiler warning. However, in Crowbar, a ``(T[N])*`` is always implicitly convertible to ``T[N]``, so no warning exists. Note as well that the type of ``argv`` is complicated. This is because the elements of ``argv`` have unconstrained size. -TODO figure out if that's the right way to handle that + +.. todo:: figure out if that's the right way to handle that Buffer over-read ---------------- -- cgit v1.2.3