From: Danilo Krummrich <dakr@kernel.org>
To: Tamir Duberstein <tamird@gmail.com>
Cc: "Andrew Ballance" <andrewjballance@gmail.com>,
"Alice Ryhl" <aliceryhl@google.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Trevor Gross" <tmgross@umich.edu>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/2] rust: alloc: add `Vec::dec_len`
Date: Mon, 17 Mar 2025 00:02:53 +0100 [thread overview]
Message-ID: <Z9dYnSC13ruc-VC5@pollux> (raw)
In-Reply-To: <CAJ-ks9mwuLaULKW0cwD73yb3yH-p9KS3ZFoJJ3OxhvUOpXo3KA@mail.gmail.com>
On Sun, Mar 16, 2025 at 06:47:42PM -0400, Tamir Duberstein wrote:
> On Sun, Mar 16, 2025 at 6:42 PM Danilo Krummrich <dakr@kernel.org> wrote:
> >
> > On Sun, Mar 16, 2025 at 06:32:01PM -0400, Tamir Duberstein wrote:
> > > Add `Vec::dec_len` that reduces the length of the receiver. This method
> > > is intended to be used from methods that remove elements from `Vec` such
> > > as `truncate`, `pop`, `remove`, and others. This method is intentionally
> > > not `pub`.
> > >
> > > Signed-off-by: Tamir Duberstein <tamird@gmail.com>
> > > ---
> > > rust/kernel/alloc/kvec.rs | 15 +++++++++++++++
> > > 1 file changed, 15 insertions(+)
> > >
> > > diff --git a/rust/kernel/alloc/kvec.rs b/rust/kernel/alloc/kvec.rs
> > > index d43a1d609434..5d604e04b9a5 100644
> > > --- a/rust/kernel/alloc/kvec.rs
> > > +++ b/rust/kernel/alloc/kvec.rs
> > > @@ -195,6 +195,21 @@ pub unsafe fn inc_len(&mut self, additional: usize) {
> > > self.len += additional;
> > > }
> > >
> > > + /// Decreases `self.len` by `count`.
> > > + ///
> > > + /// Returns a mutable reference to the removed elements.
> > > + ///
> > > + /// # Safety
> > > + ///
> > > + /// - `count` must be less than or equal to `self.len`.
> >
> > Why? We can catch this, no?
> >
> > We can keep the debug_assert!(), but use self.len.saturating_sub(count) instead.
>
> This is why I didn't want to write this until we had an actual caller :)
That just defers this question, the methods you mention in your commit message
will be added, hence I think it's better to do it right away.
> We can, but it's not clear why that's better. What does it mean if the
> caller asked to decrement by more than self.len?
It tells us that the caller is buggy, but that's what the debug_assert!() is
for.
But to me both is fine, it's also good when the caller has to justify.
Forgot to mention, for dec_len(), please add the corresponding invariant comment
when adjusting self.len.
next prev parent reply other threads:[~2025-03-16 23:02 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-16 22:31 [PATCH 0/2] rust: alloc: split `Vec::set_len` into `Vec::{inc,dec}_len` Tamir Duberstein
2025-03-16 22:32 ` [PATCH 1/2] rust: alloc: replace `Vec::set_len` with `inc_len` Tamir Duberstein
2025-03-17 9:58 ` Benno Lossin
2025-03-17 10:23 ` Miguel Ojeda
2025-03-17 14:43 ` Benno Lossin
2025-03-17 10:48 ` Alice Ryhl
2025-03-17 11:25 ` Tamir Duberstein
2025-03-17 14:46 ` Benno Lossin
2025-03-17 15:01 ` Tamir Duberstein
2025-03-17 10:50 ` Alice Ryhl
2025-03-17 11:16 ` Danilo Krummrich
2025-03-17 11:25 ` Tamir Duberstein
2025-03-16 22:32 ` [PATCH 2/2] rust: alloc: add `Vec::dec_len` Tamir Duberstein
2025-03-16 22:35 ` Tamir Duberstein
2025-03-16 22:41 ` Danilo Krummrich
2025-03-16 22:47 ` Tamir Duberstein
2025-03-16 23:02 ` Danilo Krummrich [this message]
2025-03-16 23:27 ` Tamir Duberstein
2025-03-17 11:22 ` Danilo Krummrich
2025-03-17 11:34 ` Tamir Duberstein
2025-03-17 10:04 ` Benno Lossin
2025-03-17 11:34 ` Tamir Duberstein
2025-03-17 11:47 ` Alice Ryhl
2025-03-17 12:59 ` Alice Ryhl
2025-03-17 13:53 ` Tamir Duberstein
2025-03-18 9:30 ` Alice Ryhl
2025-03-18 14:12 ` Tamir Duberstein
2025-03-18 14:44 ` Alice Ryhl
2025-03-18 18:28 ` Tamir Duberstein
2025-03-18 18:46 ` Danilo Krummrich
2025-03-18 18:53 ` Tamir Duberstein
2025-03-18 19:26 ` Danilo Krummrich
2025-03-18 20:05 ` Tamir Duberstein
2025-03-18 20:13 ` Tamir Duberstein
2025-03-18 20:15 ` Danilo Krummrich
2025-03-17 14:42 ` Benno Lossin
2025-03-17 14:44 ` Tamir Duberstein
2025-03-17 16:16 ` Danilo Krummrich
2025-03-17 16:21 ` Tamir Duberstein
2025-03-17 14:39 ` Benno Lossin
2025-03-17 15:37 ` Tamir Duberstein
2025-03-17 15:57 ` Miguel Ojeda
2025-03-17 17:24 ` Benno Lossin
2025-03-17 17:28 ` Tamir Duberstein
2025-03-19 21:05 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z9dYnSC13ruc-VC5@pollux \
--to=dakr@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=andrewjballance@gmail.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=gary@garyguo.net \
--cc=linux-kernel@vger.kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tamird@gmail.com \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.