Re: [PATCH v3 1/2] rust: kernel: create `overflow_assert!` macro

rust-for-linux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Tamir Duberstein <tamird@gmail.com>
To: Antonio Hickey <contact@antoniohickey.com>
Cc: a.hindborg@kernel.org, alex.gaynor@gmail.com,
	aliceryhl@google.com,  bjorn3_gh@protonmail.com,
	boqun.feng@gmail.com, dakr@kernel.org,
	 danielstonecote@gmail.com, gary@garyguo.net,
	linux-kernel@vger.kernel.org,  lossin@kernel.org,
	ojeda@kernel.org, rust-for-linux@vger.kernel.org,
	 tmgross@umich.edu
Subject: Re: [PATCH v3 1/2] rust: kernel: create `overflow_assert!` macro
Date: Sun, 22 Jun 2025 18:53:22 -0400	[thread overview]
Message-ID: <CAJ-ks9kDTjw7ukrErWgS06HRQ7d-gAsqzzgAnQC92pi2xLFdBQ@mail.gmail.com> (raw)
In-Reply-To: <20250622222023.29071-1-contact@antoniohickey.com>

On Sun, Jun 22, 2025 at 6:20 PM Antonio Hickey
<contact@antoniohickey.com> wrote:
>
> On Sun 22 Jun 13:48, Tamir Duberstein wrote:
> > On Sat, Jun 21, 2025 at 7:06 PM Antonio Hickey
> > <contact@antoniohickey.com> wrote:
> > > +//! Overflow assert.
> >
> > s/assert/assertion/
> >
> > AFAIK the standard library always uses assertion where a noun is
> > needed, and assert where a verb is needed.
> >
>
> Reasonable, I'll fix this verbage in my next version.
>
> > > +/// Verifies at runtime that an expression is within an expected bound.
> > > +///
> > > +/// This macro is only active when `CONFIG_RUST_OVERFLOW_CHECKS` is enabled.
> > > +///
> > > +/// # Examples
> > > +///
> > > +/// ```
> > > +/// overflow_assert!(3 <= 10);
> > > +/// overflow_assert!(5 <= 5);
> > > +///
> > > +/// const X: u8 = 5;
> > > +/// overflow_assert!(X + 3 < 10);
> > > +///
> > > +/// const fn f(x: i32) -> i32 {
> > > +///     x + 1
> > > +/// }
> > > +/// overflow_assert!(f(40) < 42);
> > > +/// ```
> > > +#[macro_export]
> > > +macro_rules! overflow_assert {
> > > +    ($cond:expr) => {
> > > +        if cfg!(CONFIG_RUST_OVERFLOW_CHECKS) {
> > > +            ::core::assert!(
> > > +                $cond,
> > > +                concat!("overflow assertion failed: ", stringify!($cond))
> >
> > Can we still allow the caller to pass additional arguments to the
> > macro, so that the overflowing value can be emitted? Alternatively if
> > the expectation is that this macro is always used with a comparison
> > operator perhaps we could have `overflow_assert_lt` and
> > `overflow_assert_le` which provide panic messages containing the
> > operand values?
> >
>
> Me and Miguel discussed the `overflow_assert_le` and other variants in
> my previous v2 patch set[1]. We decided it would be best to just start
> with a more flexable general expression based variant of the macro for
> now, and consider other variants later.
>
> I agree we should expand this into more specific variants, so it would
> document the intent of the assertions even more clearly.
>
> [1] Link to Miguel's comment on a `overflow_assert_le` variant:
> https://lore.kernel.org/all/CANiq72mvu54B=U+YCUmbFctj_wXgF5zjeE-BB-vHVnAP+3mPcQ@mail.gmail.com/

Ack, thanks for that. Still, I think the "any expression" version
should allow the caller to supply a custom message.

next prev parent reply	other threads:[~2025-06-22 22:54 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-06-21 23:02 [PATCH v3 0/2] rust: `overflow_assert!` macro Antonio Hickey
2025-06-21 23:03 ` [PATCH v3 1/2] rust: kernel: create " Antonio Hickey
2025-06-22 17:48   ` Tamir Duberstein
2025-06-22 22:20     ` Antonio Hickey
2025-06-22 22:53       ` Tamir Duberstein [this message]
2025-06-23  9:39         ` Miguel Ojeda
2025-06-21 23:03 ` [PATCH v3 2/2] rust: uaccess: refactor to use `overflow_assert!` Antonio Hickey

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAJ-ks9kDTjw7ukrErWgS06HRQ7d-gAsqzzgAnQC92pi2xLFdBQ@mail.gmail.com \
    --to=tamird@gmail.com \
    --cc=a.hindborg@kernel.org \
    --cc=alex.gaynor@gmail.com \
    --cc=aliceryhl@google.com \
    --cc=bjorn3_gh@protonmail.com \
    --cc=boqun.feng@gmail.com \
    --cc=contact@antoniohickey.com \
    --cc=dakr@kernel.org \
    --cc=danielstonecote@gmail.com \
    --cc=gary@garyguo.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lossin@kernel.org \
    --cc=ojeda@kernel.org \
    --cc=rust-for-linux@vger.kernel.org \
    --cc=tmgross@umich.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).