296c809d85
A `v, err := failable()` destructure now binds the value slot(s) "live
only where `err` is proven absent". Reading `v` where the compiler cannot
prove `err == null` is a compile error.
New diagnostic-only Pass 1e (`checkErrorFlow` in ir/lower.zig): a
structured, path-sensitive walk over each main-file function body. A
proven-null set is threaded across branches and joined by intersection
at each `if`'s merge. Proof shapes recognized:
- `if !err { … v … }` (proven inside the guard)
- `if err { return/raise } … v` (proven on the fall-through)
- `if err { … } else { … v … }` (proven in the else branch)
- `!err and <reads v>` (short-circuit refinement)
Error-set tag compares (`if err == error.X`) prove nothing about
absence — they narrow the tag only. Nested lambdas are analyzed as their
own boundaries. Library modules are trusted (skipped).
Migrated the canon value-failable examples (1011/1012/1018/1044) to read
their value slots under `if !err` guards — output unchanged. New
regressions: 1046 (every proof shape compiles + runs, exit 210) and 1047
(unproven reads rejected, exit 1).
Gates: zig build, zig build test, run_examples.sh -> 338 passed, 0 failed.
37 lines
1.4 KiB
Plaintext
37 lines
1.4 KiB
Plaintext
// Value-carrying failable functions (ERR step E2.1a — the producer side of the
|
|
// error-channel tuple ABI). A `-> (T, !E)` function returns EITHER a value OR
|
|
// an error: `return v;` yields the success tuple `{v, 0}` (the compiler appends
|
|
// the no-error slot), and `raise error.X` yields `{undef, tag}` (value slot
|
|
// undefined, error slot = the tag). Today the result is consumed by
|
|
// destructuring `v, err := f()` (which extracts both slots); the value-carrying
|
|
// `try` / `catch` consumers land in E2.1b.
|
|
|
|
#import "modules/std.sx";
|
|
|
|
E :: error { Bad, Empty }
|
|
|
|
parse :: (n: s32) -> (s32, !E) {
|
|
if n < 0 { raise error.Bad; }
|
|
if n == 0 { raise error.Empty; }
|
|
return n * 10; // success → {n*10, 0}
|
|
}
|
|
|
|
main :: () -> s32 {
|
|
r : s32 = 0;
|
|
|
|
// The value slot is live only where the error is proven absent (ERR E1.8):
|
|
// read `v1` under an `if !e1` guard, not after a bare tag-compare.
|
|
v1, e1 := parse(5); // success → v1 = 50, e1 = no error
|
|
if !e1 { r = r + v1; } // success → +50
|
|
|
|
v2, e2 := parse(-1); // Bad
|
|
if e2 == error.Bad { r = r + 7; } // true → +7
|
|
if e2 == error.Empty { r = r + 200; } // false
|
|
|
|
v3, e3 := parse(0); // Empty
|
|
if e3 == error.Empty { r = r + 3; } // true → +3
|
|
|
|
print("value-failable result: {}\n", r); // 50 + 7 + 3 = 60
|
|
return r;
|
|
}
|