From: Alice Ryhl <aliceryhl@google.com>
To: Gary Guo <gary@garyguo.net>
Cc: "Danilo Krummrich" <dakr@kernel.org>,
"Abdiel Janulgue" <abdiel.janulgue@gmail.com>,
"Daniel Almeida" <daniel.almeida@collabora.com>,
"Robin Murphy" <robin.murphy@arm.com>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Boqun Feng" <boqun@kernel.org>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Trevor Gross" <tmgross@umich.edu>,
"Alexandre Courbot" <acourbot@nvidia.com>,
"David Airlie" <airlied@gmail.com>,
"Simona Vetter" <simona@ffwll.ch>,
driver-core@lists.linux.dev, rust-for-linux@vger.kernel.org,
linux-kernel@vger.kernel.org, nouveau@lists.freedesktop.org,
dri-devel@lists.freedesktop.org
Subject: Re: [PATCH 1/5] rust: ptr: add panicking index projection variant
Date: Thu, 16 Apr 2026 07:07:02 +0000 [thread overview]
Message-ID: <aeCKlut-88SbNsyW@google.com> (raw)
In-Reply-To: <20260415-projection-syntax-rework-v1-1-450723cb3727@garyguo.net>
On Wed, Apr 15, 2026 at 08:57:12PM +0100, Gary Guo wrote:
> There have been a few cases where the programmer knows that the indices are
> in bounds but compiler cannot deduce that. This is also
> compiler-version-dependent, so using build indexing here can be
> problematic. On the other hand, it is also not ideal to use the fallible
> variant, as it adds error handling path that is never hit.
>
> Add a new panicking index projection for this scenario. Like all panicking
> operations, this should be used carefully only in cases where the user
> knows the index is going to be in bounds, and panicking would indicate
> something is catastrophically wrong.
>
> To signify this, require users to explicitly denote the type of index being
> used. The existing two types of index projections also gain the keyworded
> version, which will be the recommended way going forward.
>
> The keyworded syntax also paves the way of perhaps adding more flavors in
> the future, e.g. `unsafe` index projection. However, unless the code is
> extremely performance sensitive and bounds checking cannot be tolerated,
> panicking variant is safer and should be preferred, so it will be left to
> future when demand arises.
>
> Signed-off-by: Gary Guo <gary@garyguo.net>
> /// Returns an index-projected pointer; fail the build if it cannot be proved to be in bounds.
> #[inline(always)]
> - fn index(self, slice: *mut T) -> *mut Self::Output {
> + fn build_index(self, slice: *mut T) -> *mut Self::Output {
> Self::get(self, slice).unwrap_or_else(|| build_error!())
> }
This is pre-existing issue but IMO this should use match instead of
unwrap_or_else() to avoid potential inlining issues.
> @@ -208,9 +251,12 @@ unsafe fn proj<F>(_: *mut Self, _: impl FnOnce(*mut Self) -> *mut F) -> *mut F {
> /// `kernel::ptr::project!(mut ptr, projection)`. By default, a const pointer is created.
> ///
> /// `ptr::project!` macro can perform both fallible indexing and build-time checked indexing.
> -/// `[index]` form performs build-time bounds checking; if compiler fails to prove `[index]` is in
> -/// bounds, compilation will fail. `[index]?` can be used to perform runtime bounds checking;
> -/// `OutOfBound` error is raised via `?` if the index is out of bounds.
> +/// The syntax is of form `[<flavor> index]` where `flavor` indicates the way of handling index
> +/// out-of-bound errors.
Missing colon.
Alice
WARNING: multiple messages have this Message-ID (diff)
From: Alice Ryhl <aliceryhl@google.com>
To: Gary Guo <gary@garyguo.net>
Cc: "Danilo Krummrich" <dakr@kernel.org>,
"Abdiel Janulgue" <abdiel.janulgue@gmail.com>,
"Daniel Almeida" <daniel.almeida@collabora.com>,
"Robin Murphy" <robin.murphy@arm.com>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Boqun Feng" <boqun@kernel.org>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Trevor Gross" <tmgross@umich.edu>,
"Alexandre Courbot" <acourbot@nvidia.com>,
"Simona Vetter" <simona@ffwll.ch>,
driver-core@lists.linux.dev, rust-for-linux@vger.kernel.org,
linux-kernel@vger.kernel.org, nouveau@lists.freedesktop.org,
dri-devel@lists.freedesktop.org
Subject: Re: [PATCH 1/5] rust: ptr: add panicking index projection variant
Date: Thu, 16 Apr 2026 07:07:02 +0000 [thread overview]
Message-ID: <aeCKlut-88SbNsyW@google.com> (raw)
In-Reply-To: <20260415-projection-syntax-rework-v1-1-450723cb3727@garyguo.net>
On Wed, Apr 15, 2026 at 08:57:12PM +0100, Gary Guo wrote:
> There have been a few cases where the programmer knows that the indices are
> in bounds but compiler cannot deduce that. This is also
> compiler-version-dependent, so using build indexing here can be
> problematic. On the other hand, it is also not ideal to use the fallible
> variant, as it adds error handling path that is never hit.
>
> Add a new panicking index projection for this scenario. Like all panicking
> operations, this should be used carefully only in cases where the user
> knows the index is going to be in bounds, and panicking would indicate
> something is catastrophically wrong.
>
> To signify this, require users to explicitly denote the type of index being
> used. The existing two types of index projections also gain the keyworded
> version, which will be the recommended way going forward.
>
> The keyworded syntax also paves the way of perhaps adding more flavors in
> the future, e.g. `unsafe` index projection. However, unless the code is
> extremely performance sensitive and bounds checking cannot be tolerated,
> panicking variant is safer and should be preferred, so it will be left to
> future when demand arises.
>
> Signed-off-by: Gary Guo <gary@garyguo.net>
> /// Returns an index-projected pointer; fail the build if it cannot be proved to be in bounds.
> #[inline(always)]
> - fn index(self, slice: *mut T) -> *mut Self::Output {
> + fn build_index(self, slice: *mut T) -> *mut Self::Output {
> Self::get(self, slice).unwrap_or_else(|| build_error!())
> }
This is pre-existing issue but IMO this should use match instead of
unwrap_or_else() to avoid potential inlining issues.
> @@ -208,9 +251,12 @@ unsafe fn proj<F>(_: *mut Self, _: impl FnOnce(*mut Self) -> *mut F) -> *mut F {
> /// `kernel::ptr::project!(mut ptr, projection)`. By default, a const pointer is created.
> ///
> /// `ptr::project!` macro can perform both fallible indexing and build-time checked indexing.
> -/// `[index]` form performs build-time bounds checking; if compiler fails to prove `[index]` is in
> -/// bounds, compilation will fail. `[index]?` can be used to perform runtime bounds checking;
> -/// `OutOfBound` error is raised via `?` if the index is out of bounds.
> +/// The syntax is of form `[<flavor> index]` where `flavor` indicates the way of handling index
> +/// out-of-bound errors.
Missing colon.
Alice
next prev parent reply other threads:[~2026-04-16 7:07 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-15 19:57 [PATCH 0/5] Rework index projection syntax Gary Guo
2026-04-15 19:57 ` [PATCH 1/5] rust: ptr: add panicking index projection variant Gary Guo
2026-04-16 7:07 ` Alice Ryhl [this message]
2026-04-16 7:07 ` Alice Ryhl
2026-04-27 11:24 ` Andreas Hindborg
2026-04-27 12:45 ` Gary Guo
2026-04-27 12:45 ` Gary Guo
2026-04-29 11:22 ` Alexandre Courbot
2026-04-29 11:22 ` Alexandre Courbot
2026-04-29 11:29 ` Gary Guo
2026-04-29 11:29 ` Gary Guo
2026-04-30 11:23 ` Alexandre Courbot
2026-04-30 11:23 ` Alexandre Courbot
2026-04-30 11:54 ` Gary Guo
2026-04-30 11:54 ` Gary Guo
2026-04-15 19:57 ` [PATCH 2/5] rust: dma: update to keyworded index projection syntax Gary Guo
2026-04-16 7:07 ` Alice Ryhl
2026-04-16 7:07 ` Alice Ryhl
2026-04-27 11:25 ` Andreas Hindborg
2026-04-29 11:22 ` Alexandre Courbot
2026-04-29 11:22 ` Alexandre Courbot
2026-04-15 19:57 ` [PATCH 3/5] gpu: nova-core: convert to keyworded " Gary Guo
2026-04-16 7:08 ` Alice Ryhl
2026-04-16 7:08 ` Alice Ryhl
2026-04-29 11:22 ` Alexandre Courbot
2026-04-29 11:22 ` Alexandre Courbot
2026-04-15 19:57 ` [PATCH 4/5] gpu: nova-core: use pointer projection for command queue code Gary Guo
2026-04-16 7:14 ` Alice Ryhl
2026-04-16 7:14 ` Alice Ryhl
2026-04-29 11:23 ` Alexandre Courbot
2026-04-29 11:23 ` Alexandre Courbot
2026-04-15 19:57 ` [PATCH 5/5] rust: ptr: remove implicit index projection syntax Gary Guo
2026-04-16 7:14 ` Alice Ryhl
2026-04-16 7:14 ` Alice Ryhl
2026-04-27 11:28 ` Andreas Hindborg
2026-04-29 11:22 ` Alexandre Courbot
2026-04-29 11:22 ` Alexandre Courbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aeCKlut-88SbNsyW@google.com \
--to=aliceryhl@google.com \
--cc=a.hindborg@kernel.org \
--cc=abdiel.janulgue@gmail.com \
--cc=acourbot@nvidia.com \
--cc=airlied@gmail.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun@kernel.org \
--cc=dakr@kernel.org \
--cc=daniel.almeida@collabora.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=driver-core@lists.linux.dev \
--cc=gary@garyguo.net \
--cc=linux-kernel@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=nouveau@lists.freedesktop.org \
--cc=ojeda@kernel.org \
--cc=robin.murphy@arm.com \
--cc=rust-for-linux@vger.kernel.org \
--cc=simona@ffwll.ch \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.