From: "Gary Guo" <gary@garyguo.net>
To: "Yury Norov" <ynorov@nvidia.com>, "Gary Guo" <gary@garyguo.net>
Cc: "Miguel Ojeda" <ojeda@kernel.org>,
"Boqun Feng" <boqun@kernel.org>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>,
"Alexandre Courbot" <acourbot@nvidia.com>,
"Yury Norov" <yury.norov@gmail.com>,
"Nathan Chancellor" <nathan@kernel.org>,
"Nicolas Schier" <nsc@kernel.org>,
linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org,
linux-kbuild@vger.kernel.org
Subject: Re: [PATCH 2/2] rust: add `const_assert!` macro
Date: Fri, 13 Feb 2026 17:06:54 +0800 [thread overview]
Message-ID: <DGDPR33UQJVR.2HABXQ4SFAGVA@garyguo.net> (raw)
In-Reply-To: <aY57Y9WorBLiJR8E@yury>
On Fri Feb 13, 2026 at 9:16 AM CST, Yury Norov wrote:
> On Fri, Feb 06, 2026 at 05:12:50PM +0000, Gary Guo wrote:
>> From: Gary Guo <gary@garyguo.net>
>>
>> The macro is a more powerful version of `static_assert!` for use inside
>> function contexts. This is powered by inline consts, so enable the feature
>> for old compiler versions that does not have it stably.
>>
>> The `build_assert!` doc is refined to recommend it where possible.
>
> This is a good place to actually explain where this thing is possible.
>
>> While it is possible already to write `const { assert!(...) }`, this
>> provides a short hand that is more uniform with other assertions. It also
>> formats nicer with rustfmt where it will not be formatted into multiple
>> lines.
>>
>> Two users that would route via the Rust tree are converted.
>>
>> Signed-off-by: Gary Guo <gary@garyguo.net>
>> ---
>> rust/kernel/build_assert.rs | 55 +++++++++++++++++++++++++++++++++----
>> rust/kernel/num/bounded.rs | 24 ++++++----------
>> rust/kernel/prelude.rs | 2 +-
>> rust/kernel/ptr.rs | 18 ++++++------
>> scripts/Makefile.build | 3 +-
>> 5 files changed, 71 insertions(+), 31 deletions(-)
>>
>> diff --git a/rust/kernel/build_assert.rs b/rust/kernel/build_assert.rs
>> index d464494d430a..e40f0227e1ef 100644
>> --- a/rust/kernel/build_assert.rs
>> +++ b/rust/kernel/build_assert.rs
>> @@ -41,6 +41,45 @@ macro_rules! static_assert {
>> };
>> }
>>
>> +/// Assertion during constant evaluation.
>> +///
>> +/// This is a more powerful version of `static_assert` that can refer to generics inside functions
>> +/// or implementation blocks. However, it also have a limitation where it can only appear in places
>
> "However, it also has a limitation", I guess?
>
>> +/// where statements can appear; for example, you cannot use it as an item in the module.
>> +///
>> +/// [`static_assert!`] should be preferred where possible.
>> +///
>> +/// # Examples
>> +///
>> +/// When the condition refers to generic parameters [`static_assert!`] cannot be used.
>> +/// Use `const_assert!` in this scenario.
>> +/// ```
>> +/// fn foo<const N: usize>() {
>> +/// // `static_assert!(N > 1);` is not allowed
>> +/// const_assert!(N > 1); // Compile-time check
>> +/// build_assert!(N > 1); // Build-time check
>
> In the other email you say: the assertion failure mechanism is undefined
> symbol and linker error.
>
> So, maybe:
>
> const_assert!(N > 1); // Build-time check at compilation
> build_assert!(N > 1); // Build-time check at linkage
>
> Because compilation is a part of build process, and referring them one
> vs another may confuse.
>
>> +/// assert!(N > 1); // Run-time check
>> +/// }
>> +///
>> +///
>> +/// Note that `const_assert!` cannot be used when referring to function parameter, then
>> +/// `const_assert!` cannot be used even if the function is going to be called during const
>> +/// evaluation. Use `build_assert!` in this case.
>> +/// ```
>> +/// const fn foo(n: usize) {
>> +/// // `const_assert!(n > 1);` is not allowed
>> +/// build_assert!(n > 1);
>> +/// }
>> +///
>> +/// const _: () = foo(2); // Evaluate during const evaluation
>> +/// ```
>
> This part confused me the most. But after all, parameters in rust
> are never constants, and even if foo() is used with '2' only, it
> appears to be a non-constant from the const_assert!() POV.
Yes. For example,
const fn foo(x: u32) -> x {
build_assert!(x > 1);
x
}
require use the `build_assert!()` because it act on value `x` which may not be
constant, as `foo` can be invoked by runtime code.
Therefore, body of const functions are not const context. However, they're still
restricted to perform only operations that can be performed during const
evaluation.
For language lawyers, this is the reference:
https://doc.rust-lang.org/reference/const_eval.html
>
> Seemingly, there are only 3 objects in the language that can be
> specified with the 'const': functions, items and generics. And
> const_assert!() makes sense (doesn't break the build) only for
> them.
Very close. `const_assert!()` can act on invocation of const functions on const
values, but not values inside const functions. So in the above example,
`const_assert!(x > 1)` inside `foo` is not okay, but `const_assert!(foo(2) > 1)`
is okay.
>
> So, the difference between const vs build assertions is that const
> version is only applicable to a certain type of objects and is
> supported by language.
Correct.
> Contrary, build_assert!() is not a part
> of the language and in fact is based on a linkage trick, while
> allows broader set of build-time expressions.
The reason that I want to omit "link-time" is that our `build_assert!()` *can*
still be checked before link-time. Again with example above, user can write
static_assert!(foo(0) == 0);
which means that now `foo` is evaluated by the compiler. When this happens,
`build_assert!()` also abort the build during compilation time, not link-time.
Best,
Gary
>
> And altogether they make sense and even nice.
>
> Can you please consider to add the above passage to your reply in
> the other email, and place them in the documentation?
>
> With that (or without),
>
> Reviewed-by: Yury Norov <ynorov@nvidia.com>
next prev parent reply other threads:[~2026-02-13 9:07 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-06 17:12 [PATCH 1/2] rust: move `static_assert` into `build_assert` Gary Guo
2026-02-06 17:12 ` [PATCH 2/2] rust: add `const_assert!` macro Gary Guo
2026-02-06 21:30 ` Benno Lossin
2026-02-06 21:48 ` Gary Guo
2026-02-08 5:58 ` Yury Norov
2026-02-08 10:35 ` Miguel Ojeda
2026-02-08 21:07 ` Yury Norov
2026-02-09 5:16 ` Gary Guo
2026-02-09 11:44 ` Miguel Ojeda
2026-02-12 20:16 ` Yury Norov
2026-02-06 22:21 ` John Hubbard
2026-02-06 22:28 ` Gary Guo
2026-02-06 23:37 ` John Hubbard
2026-02-13 1:16 ` Yury Norov
2026-02-13 9:06 ` Gary Guo [this message]
2026-02-13 10:26 ` Miguel Ojeda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DGDPR33UQJVR.2HABXQ4SFAGVA@garyguo.net \
--to=gary@garyguo.net \
--cc=a.hindborg@kernel.org \
--cc=acourbot@nvidia.com \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun@kernel.org \
--cc=dakr@kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=nathan@kernel.org \
--cc=nsc@kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
--cc=ynorov@nvidia.com \
--cc=yury.norov@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox