From: "Alexandre Courbot" <acourbot@nvidia.com>
To: "Hsiu Che Yu" <yu.whisper.personal@gmail.com>,
"Alexandre Courbot" <acourbot@nvidia.com>,
"Miguel Ojeda" <ojeda@kernel.org>
Cc: "Yury Norov" <yury.norov@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3] rust: num: bounded: mark __new as unsafe
Date: Thu, 04 Dec 2025 23:13:18 +0900 [thread overview]
Message-ID: <DEPHSZUPUJBB.2YEABTJ7OR86T@nvidia.com> (raw)
In-Reply-To: <20251204033849.23480-1-yu.whisper.personal@gmail.com>
On Thu Dec 4, 2025 at 12:38 PM JST, Hsiu Che Yu wrote:
> The `Bounded::__new()` constructor relies on the caller to ensure the
> value can be represented within N bits. Failing to uphold this
> requirement breaks the type invariant. Mark it as unsafe and document
> this requirement in a Safety section to make the contract explicit.
>
> Update all call sites to use unsafe blocks and change their comments
> from `INVARIANT:` to `SAFETY:`, as they are now justifying unsafe
> operations rather than establishing type invariants.
>
> Fixes: 01e345e82ec3a ("rust: num: add Bounded integer wrapping type")
> Link: https://lore.kernel.org/all/aS1qC_ol2XEpZ44b@google.com/
> Reported-by: Miguel Ojeda <ojeda@kernel.org>
> Closes: https://github.com/Rust-for-Linux/linux/issues/1211
> Signed-off-by: Hsiu Che Yu <yu.whisper.personal@gmail.com>
I believe I gave my acked-by on v2, but just to make sure it isn't
missed:
Acked-by: Alexandre Courbot <acourbot@nvidia.com>
Miguel, do you prefer to take this directly, or should I gather all the
`num/*` patches and send you a PR in one go sometime later?
next prev parent reply other threads:[~2025-12-04 14:13 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-04 3:38 [PATCH v3] rust: num: bounded: mark __new as unsafe Hsiu Che Yu
2025-12-04 14:13 ` Alexandre Courbot [this message]
2025-12-04 14:28 ` Miguel Ojeda
2025-12-04 14:45 ` Alexandre Courbot
2026-01-04 21:11 ` Miguel Ojeda
2026-01-07 21:38 ` Miguel Ojeda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DEPHSZUPUJBB.2YEABTJ7OR86T@nvidia.com \
--to=acourbot@nvidia.com \
--cc=a.hindborg@kernel.org \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=linux-kernel@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
--cc=yu.whisper.personal@gmail.com \
--cc=yury.norov@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.