| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Following commit 3a1ec424dd9c ("rust: num: bounded: mark __new as
unsafe"), remove the redundant paragraph in the documentation of __new now
that the Safety section explicitly covers the requirement.
Additionally, add an INVARIANT comment inside the function body where
the Bounded instance is actually constructed to document that the type
invariant is upheld.
Suggested-by: Miguel Ojeda <ojeda@kernel.org>
Link: https://lore.kernel.org/rust-for-linux/CANiq72mUCUh72BWP4eD1PTDpwdb1ML+Xgfom-Ys6thJooqQPwQ@mail.gmail.com/
Signed-off-by: Shivam Kalra <shivamklr@cock.li>
Acked-by: Alexandre Courbot <acourbot@nvidia.com>
Link: https://patch.msgid.link/20260123132132.53854-1-shivamklr@cock.li
[ Reworded slightly. - Miguel ]
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
|
|
This code is always inlined to avoid a build error if the error path of
`build_assert` cannot be optimized out. Add a comment justifying the
`#[inline(always)]` property to avoid it being taken away by mistake.
Reviewed-by: Daniel Almeida <daniel.almeida@collabora.com>
Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Link: https://patch.msgid.link/20251208-io-build-assert-v3-7-98aded02c1ea@nvidia.com
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
|
|
The `Bounded::__new()` constructor relies on the caller to ensure the
value can be represented within N bits. Failing to uphold this
requirement breaks the type invariant. Mark it as unsafe and document
this requirement in a Safety section to make the contract explicit.
Update all call sites to use unsafe blocks and change their comments
from `INVARIANT:` to `SAFETY:`, as they are now justifying unsafe
operations rather than establishing type invariants.
Fixes: 01e345e82ec3a ("rust: num: add Bounded integer wrapping type")
Link: https://lore.kernel.org/all/aS1qC_ol2XEpZ44b@google.com/
Reported-by: Miguel Ojeda <ojeda@kernel.org>
Closes: https://github.com/Rust-for-Linux/linux/issues/1211
Signed-off-by: Hsiu Che Yu <yu.whisper.personal@gmail.com>
Acked-by: Alexandre Courbot <acourbot@nvidia.com>
Link: https://patch.msgid.link/20251204033849.23480-1-yu.whisper.personal@gmail.com
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
|
|
Fix several typos and grammatical errors in the Bounded type documentation:
- "less significant bits" -> "least significant bits"
- "with in" -> "within"
- "withheld" -> "upheld"
- "// This" -> "// This" (double space)
- "doesn't fits" -> "doesn't fit" (2 occurrences)
Reported-by: Miguel Ojeda <ojeda@kernel.org>
Closes: https://github.com/Rust-for-Linux/linux/issues/1210
Signed-off-by: Nakamura Shuta <nakamura.shuta@gmail.com>
Acked-by: Alexandre Courbot <acourbot@nvidia.com>
Acked-by: Yury Norov (NVIDIA) <yury.norov@nvidia.com>
Fixes: 01e345e82ec3 ("rust: num: add Bounded integer wrapping type")
Link: https://patch.msgid.link/20251204024336.246587-1-nakamura.shuta@gmail.com
[ Removed Link tag due to duplicated URL. - Miguel ]
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
|
|
This is a remnant from when `Bounded` was called `BitInt` which I didn't
rename. Fix this.
Fixes: 01e345e82ec3 ("rust: num: add Bounded integer wrapping type")
Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Link: https://patch.msgid.link/20251124-bounded_fix-v1-1-d8e34e1c727f@nvidia.com
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
|
|
`from_expr` relies on `build_assert` to infer that the passed expression
fits the type's boundaries at build time. That inference can only be
successful its code (and that of `fits_within`, which performs the
check) is inlined, as a dedicated function would need to work with a
variable and cannot verify that property.
While inlining happens as expected in most cases, it is not guaranteed.
In particular, kernel options that optimize for size like
`CONFIG_CC_OPTIMIZE_FOR_SIZE` can result in `from_expr` not being
inlined.
Add `#[inline(always)]` attributes to both `fits_within` and `from_expr`
to make the compiler inline these functions more aggressively, as it
does not make sense to use them non-inlined anyway.
[ For reference, the errors look like:
ld.lld: error: undefined symbol: rust_build_error
>>> referenced by build_assert.rs:83 (rust/kernel/build_assert.rs:83)
>>> rust/doctests_kernel_generated.o:(<kernel::num::bounded::Bounded<u8, 1>>::from_expr) in archive vmlinux.a
- Miguel ]
Fixes: 01e345e82ec3 ("rust: num: add Bounded integer wrapping type")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202511210055.RUsFNku1-lkp@intel.com/
Suggested-by: Gary Guo <gary@garyguo.net>
Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Link: https://patch.msgid.link/20251122-bounded_ints_fix-v1-1-1e07589d4955@nvidia.com
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
|
|
Add the `Bounded` integer wrapper type, which restricts the number of
bits allowed to represent of value.
This is useful to e.g. enforce guarantees when working with bitfields
that have an arbitrary number of bits.
Alongside this type, provide many `From` and `TryFrom` implementations
are to reduce friction when using with regular integer types. Proxy
implementations of common integer operations are also provided.
Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Reviewed-by: Alice Ryhl <aliceryhl@google.com>
Link: https://patch.msgid.link/20251108-bounded_ints-v4-2-c9342ac7ebd1@nvidia.com
[ Added intra-doc link. Fixed a few other nits. - Miguel ]
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
|
