From: "Benno Lossin" <lossin@kernel.org>
To: "Ritvik Gupta" <ritvikfoss@gmail.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>
Cc: <skhan@linuxfoundation.org>, <linux-kernel@vger.kernel.org>,
<rust-for-linux@vger.kernel.org>
Subject: Re: [RESEND PATCH v5] rust: kernel: introduce `unsafe_precondition_assert!` macro
Date: Thu, 18 Sep 2025 18:03:05 +0200 [thread overview]
Message-ID: <DCW1X3ZY82PY.TCFDCBLZ7HDQ@kernel.org> (raw)
In-Reply-To: <20250827060013.6874-1-ritvikfoss@gmail.com>
On Wed Aug 27, 2025 at 8:00 AM CEST, Ritvik Gupta wrote:
> diff --git a/rust/kernel/safety.rs b/rust/kernel/safety.rs
> new file mode 100644
> index 000000000000..e78d49e3e7c8
> --- /dev/null
> +++ b/rust/kernel/safety.rs
> @@ -0,0 +1,54 @@
> +// SPDX-License-Identifier: GPL-2.0
> +
> +//! Safety related APIs.
I think this looks fine to start out with.
> +
> +/// Checks that preconditions of an unsafe function are followed.
> +///
> +/// The check is enabled at runtime if debug assertions (`CONFIG_RUST_DEBUG_ASSERTIONS`)
> +/// are enabled. Otherwise, this macro is no-op.
> +///
> +/// # Examples
> +///
> +/// ```no_run
> +/// use kernel::unsafe_precondition_assert;
> +///
> +/// struct RawBuffer<T: Copy, const N: usize> {
> +/// data: [T; N],
> +/// }
> +///
> +/// impl<T: Copy, const N: usize> RawBuffer<T, N> {
> +/// /// # Safety
> +/// ///
> +/// /// The caller must ensure that `index` is less than `N`
> +/// unsafe fn set_unchecked(&mut self, index: usize, value: T) {
> +/// unsafe_precondition_assert!(
> +/// index < N,
> +/// "RawBuffer::set_unchecked requires index ({}) < N ({})",
> +/// index,
> +/// N,
You can move the names into the `{}`:
unsafe_precondition_assert!(
index < N,
"RawBuffer::set_unchecked requires index ({index}) < N ({N})",
);
> +/// );
> +///
> +/// // SAFETY: By the safety requirements of this function, `index` is valid
> +/// unsafe {
> +/// *self.data.get_unchecked_mut(index) = value;
> +/// }
> +/// }
> +/// }
> +/// ```
> +///
> +/// # Panics
> +///
> +/// Panics if the expression is evaluated to `false` at runtime.
> +#[macro_export]
> +macro_rules! unsafe_precondition_assert {
> + ($cond:expr $(,)?) => {
> + $crate::unsafe_precondition_assert!(@inner $cond, ::core::stringify!($cond))
> + };
> +
> + ($cond:expr, $($arg:tt)+) => {
> + $crate::unsafe_precondition_assert!(@inner $cond, $crate::prelude::fmt!($($arg)+))
> + };
> +
> + (@inner $cond:expr, $msg:expr) => {
> + ::core::debug_assert!($cond, "unsafe precondition(s) violated: {}", $msg) };
The closing `}` should be on the next line.
---
Cheers,
Benno
> +}
>
> base-commit: 8f5ae30d69d7543eee0d70083daf4de8fe15d585
prev parent reply other threads:[~2025-09-18 16:03 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-27 6:00 [RESEND PATCH v5] rust: kernel: introduce `unsafe_precondition_assert!` macro Ritvik Gupta
2025-09-18 16:03 ` Benno Lossin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DCW1X3ZY82PY.TCFDCBLZ7HDQ@kernel.org \
--to=lossin@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=linux-kernel@vger.kernel.org \
--cc=ojeda@kernel.org \
--cc=ritvikfoss@gmail.com \
--cc=rust-for-linux@vger.kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.