From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BA9DA233141; Mon, 17 Mar 2025 11:22:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742210556; cv=none; b=DKvF7JONLTNhgRf5AiWoM8Jo79eme9SiyoBrs7BoapOiij7JIxWRB6QbqoECNUgphsPpXv4JyhHiOZZCScrWD+UJeDDdqcM+7TzFN+feyrrSno8gRURBoWALjwmjh8BIYFJemQ9AIb2f9z2d7FRVgJJ8FT7TIcEo+cWaUwKX23Q= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742210556; c=relaxed/simple; bh=SANJtUkZ0zwsElokWUpyA/lX4b4roCBs4fJGQpMCpcc=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=AluCnxoapbK1P7mqncr1jytLQlqS7fKIQNbqnCKeDqhXY40w06PA70/heEDSRjwVJPhXmGm7N3xKuzdOKNBsuXPxLL8OOW+A88AylGALHrG1W9kQCghQW8LBJZx/8hsPieKHlsQ0bmhbDbiPXTURQI93zwIkUXUt97ZKJiuWtw8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=O8GWI8JZ; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="O8GWI8JZ" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E1016C4CEE3; Mon, 17 Mar 2025 11:22:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1742210556; bh=SANJtUkZ0zwsElokWUpyA/lX4b4roCBs4fJGQpMCpcc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=O8GWI8JZ+HeTApLCk80aRuEwLf/ZcRf1cxgV7Dw+G8slkW1NID62OgyejEz5o4mp3 VVvVZJBbnXKxIZHcbmdc1ABfMCmRsAXRUCo5Z0iSRLvtHoRQ1OCI9tYwjB4G/lmflo RaZR7y+rpv0zXAIKI9LT5gVIC/slbbBqowWMVfezaTXWGnDoWvznE28XpDFYpyqM3K NtlS4bSDikZVYjusyTbSz9+T/sBsYvkxE5gSjyrZhn9nGGPKX/yU8zFYRbfEdycmUV OcZ8qQ+P/o2Y7EHr0jRI20P0bsPrVX8jRKP8lY3UmcY8O5MLzSJ0uIIPAz8W72KKxm NhUPbRY1SbUng== Date: Mon, 17 Mar 2025 12:22:31 +0100 From: Danilo Krummrich To: Tamir Duberstein Cc: Andrew Ballance , Alice Ryhl , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?iso-8859-1?Q?Bj=F6rn?= Roy Baron , Benno Lossin , Andreas Hindborg , Trevor Gross , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 2/2] rust: alloc: add `Vec::dec_len` Message-ID: References: <20250316-vec-set-len-v1-0-60f98a28723f@gmail.com> <20250316-vec-set-len-v1-2-60f98a28723f@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Sun, Mar 16, 2025 at 07:27:22PM -0400, Tamir Duberstein wrote: > > Does this suit? I think for dec_ref() it is not the safety requrement that justifies the invariant. I think it should be something along the lines of: // INVARIANT: We drop ownership for all elements within the range // `[self.len - count, self.len]`, hence the updated value of `set.len` // represents the exact number of elements stored within `self`. > > > // INVARIANT: By the safety requirements of this method `self.len - count` represents the > > // exact number of elements stored within `self`. Please do not use the email quote mechanism for code snippets, it's confusing for readers to figure out by whom it has been written.