The standard <stdio.h> library is fraught with danger. printf relies on the user to manually match types, leading to runtime errors, while scanf is notorious for buffer overflows and leaving the input stream in undefined states.
Camelot replaces these with a strictly typed, memory-safe I/O layer. We prioritize explicit allocation for input and type verification for output.
API Reference
io.scan
Reads a line of text from standard input (stdin) into an Arena.
String scan(Arena *a, u64 cap);
Safety: This function is buffer-overflow-proof. It reads until a newline \n or until the allocated capacity is reached.
Compatibility: Silently consumes Carriage Returns (\r) to ensure consistent behavior across Windows and Linux.
Behavior
Default (cap = 0): Allocates a safe default of 4KB (4096 bytes).
Explicit (cap > 0): Allocates exactly cap bytes. Use this for constrained environments (e.g., reading a PIN).
Example
// Standard UsageString name = io.scan(&arena,0);// Constrained UsageString pin = io.scan(&arena,5);// 4 digits + null terminator
io.print
Formats and writes to stdout.
Replaces printf with a safe subset of specifiers.
Specifier
Type
Description
%S
String
Prints Camelot strings.
%s
char*
Prints unsafe C-Strings.
%i
int
Prints signed 32-bit integers.
%f
double
Prints 64-bit floats.
%%
N/A
Prints a literal %.
Why %% instead of just %?
The % character is reserved as the Format Trigger. When the parser sees a %, it stops printing and looks for a variable to format.
If you wrote "100% complete", the parser would try to find a format specifier starting with c (from "complete") and fail. By using %%, you explicitly tell the parser: "Escape the trigger and print the raw symbol". This follows the standard C convention, preserving familiarity.
io.put
Writes a raw Camelot string to stdout.
Zero Allocation: Writes directly to the file descriptor without intermediate buffers.
