Zig defer Patterns
A short note about some unexpected usages of Zig’s defer statement.
This post assumes that you already know the basics about RAII, defer and errdefer. While
discussing the differences between them is not the point, I will allow myself one high level
comment. I don’t like defer as a replacement for RAII: after writing Zig for some time, I am
relatively confident that humans are just not good at not forgetting defers, especially when
“optional” ownership transfer is at play (i.e, this function takes ownership of an argument, unless
an error is returned). But defer is good at discouraging RAII oriented programming. RAII encourages
binding lifetime of resources (such as memory) with lifetimes of individual domain objects (such as
a String). But often, in pursuit of performance and small code size, you want to separate the two
concerns, and let many domain objects to share the single pool of resources. Instead of each
individual string managing its own allocation, you might want to store the contents of all related
strings into a single continuously allocated buffer. Because RAII with defer is painful, Zig
naturally pushes you towards batching your resource acquisition and release calls, such that you have
far fewer resources than objects in your program.
But, as I’ve said, this post isn’t about all that. This post is about non-resource-oriented usages
of defer. There’s more to defer than just RAII, it’s a nice little powerful construct! This is way
to much ado already, so here come the patterns:
Asserting Post Conditions
defer gives you poor man’s contract programming in the form of
assert(precondition)
defer assert(postcondition)Real life example:
{
assert(!grid.free_set.opened);
defer assert(grid.free_set.opened);
// Code to open the free set
}Statically Enforcing Absence of Errors
This is basically peak Zig:
errdefer comptime unreachableerrdefer runs when a function returns an error (e.g., when a try fails). unreachable
crashes the program (in ReleaseSafe). But comptime unreachable straight up fails compilation
if the compiler tries to generate the corresponding runtime code. The three together ensure the
absence of error-returning paths.
Here’s an example from the standard library, the function to grow a hash map:
// The function as a whole can fail...
fn grow(
self: *Self,
allocator: Allocator,
new_capacity: Size,
) Allocator.Error!void {
@setCold(true);
var map: Self = .{};
try map.allocate(allocator, new_capacity);
// ...but from this point on, failure is impossible
errdefer comptime unreachable;
// Code to rehash© self to map
std.mem.swap(Self, self, &map);
map.deinit(allocator);
}Logging Errors
Zig’s error handling mechanism provides only error code (a number) and an error trace. This is usually plenty to programmatically handle the error in an application and for the operator to debug a failure, but this is decidedly not enough to provide a nice report for the end user. However, if you are in a business of reporting errors to users, you are likely writing an application, and application might get away without propagating extra information about the error to the caller. Often, there’s enough context at the point where the error originates in the first place to produce a user-facing report right there.
const port = port: {
errdefer |err| log.err("failed to read the port number: {}", .{err});
var buf: [fmt.count("{}\n", .{maxInt(u16)})]u8 = undefined;
const len = try process.stdout.?.readAll(&buf);
break :port try fmt.parseInt(u16, buf[0 .. len -| 1], 10);
};Post Increment
Finally, defer can be used as an i++ of sorts. For
example,
here’s how you can pop an item off a free list:
pub fn acquire(self: *ScanBufferPool) Error!*const ScanBuffer {
if (self.scan_buffer_used == constants.lsm_scans_max) {
return Error.ScansMaxExceeded;
}
defer self.scan_buffer_used += 1;
return &self.scan_buffers[self.scan_buffer_used];
}