From: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
To: Boqun Feng <boqun.feng@gmail.com>
Cc: FUJITA Tomonori <fujita.tomonori@gmail.com>,
netdev@vger.kernel.org, rust-for-linux@vger.kernel.org,
andrew@lunn.ch, hkallweit1@gmail.com, tmgross@umich.edu,
ojeda@kernel.org, alex.gaynor@gmail.com, gary@garyguo.net,
bjorn3_gh@protonmail.com, benno.lossin@proton.me,
a.hindborg@samsung.com, aliceryhl@google.com,
anna-maria@linutronix.de, frederic@kernel.org,
tglx@linutronix.de, arnd@arndb.de, jstultz@google.com,
sboyd@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH net-next v3 4/8] rust: time: Implement addition of Ktime and Delta
Date: Thu, 17 Oct 2024 20:10:17 +0200 [thread overview]
Message-ID: <CANiq72kAL8OWCerpXYOeJDcHZNdT+QRj6Vw3YUBYiQG+hgYcVA@mail.gmail.com> (raw)
In-Reply-To: <ZxFDWRIrgkuneX7_@boqun-archlinux>
On Thu, Oct 17, 2024 at 7:03 PM Boqun Feng <boqun.feng@gmail.com> wrote:
>
> The point I tried to make is that `+` operator of Ktime can cause
> overflow because of *user inputs*, unlike the `-` operator of Ktime,
> which cannot cause overflow as long as Ktime is implemented correctly
> (as a timestamp). Because the overflow possiblity is exposed to users,
> then we need to 1) document it and 2) provide saturating_add() (maybe
> also checked_add() and overflowing_add()) so that users won't need to do
> the saturating themselves:
Generally, operators are expected to possibly wrap/panic, so that
would be fine, no?
It may be surprising to `ktime_t` users, and that is bad. It is one
more reason to avoid using the same name for the type, too.
My only concern is that people may expect this sort of thing (timing
related) to "usually/just work" and not expect panics. That is bad,
but if we remain consistent, it may be best to pay the cost now. In
other words, when someone sees an operator, it is saying it is never
supposed to wrap, and that is easy to remember. Perhaps some types
could avoid providing the operators if it is too dangerous to use
them.
The other option is be inconsistent in our use of operators, and
instead give operators the "best" semantics for each type. That can
definitely provide better ergonomics in some cases, but there is a
high risk of forgetting what each operator does for each type --
operator overloading can be quite risky.
So that is why I think it may be best/easier to generally say "we
don't do operator overloading in general unless the operator really
behaves like a core one", especially early on.
> kt = kt.saturating_add(d);
Yeah, that is what we want (I may be missing something in your argument though).
> but one thing I'm not sure is since it looks like saturating to
> KTIME_SEC_MAX is the current C choice, if we want to do the same, should
> we use the name `add_safe()` instead of `saturating_add()`? FWIW, it
> seems harmless to saturate at KTIME_MAX to me. So personally, I like
> what Alice suggested.
Do you mean it would be confusing to not saturate to the highest the
lower/inner level type can hold?
I mean, nothing says we need to saturate to the highest -- we could
have a type invariant. (One more reason to avoid the same name).
Worst case, we can have two saturating methods, or two types, if really needed.
Thomas can probably tell us what are the most important use cases
needed, and whether it is a good opportunity to clean/redesign this in
Rust differently.
Cheers,
Miguel
next prev parent reply other threads:[~2024-10-17 18:10 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-16 3:52 [PATCH net-next v3 0/8] rust: Add IO polling FUJITA Tomonori
2024-10-16 3:52 ` [PATCH net-next v3 1/8] rust: time: Add PartialEq/Eq/PartialOrd/Ord trait to Ktime FUJITA Tomonori
2024-10-16 8:22 ` Alice Ryhl
2024-10-16 3:52 ` [PATCH net-next v3 2/8] rust: time: Introduce Delta type FUJITA Tomonori
2024-10-16 8:23 ` Alice Ryhl
2024-10-17 11:15 ` FUJITA Tomonori
2024-10-17 10:17 ` Fiona Behrens
2024-10-17 11:24 ` FUJITA Tomonori
2024-10-18 13:49 ` Andrew Lunn
2024-10-18 14:31 ` Miguel Ojeda
2024-10-18 16:55 ` Andrew Lunn
2024-10-19 12:21 ` Miguel Ojeda
2024-10-19 12:41 ` Miguel Ojeda
2024-10-23 11:53 ` FUJITA Tomonori
2024-10-23 13:09 ` Miguel Ojeda
2024-10-19 18:41 ` Andrew Lunn
2024-10-20 13:05 ` Miguel Ojeda
2024-10-23 12:19 ` FUJITA Tomonori
2024-10-16 3:52 ` [PATCH net-next v3 3/8] rust: time: Change output of Ktime's sub operation to Delta FUJITA Tomonori
2024-10-16 8:25 ` Alice Ryhl
2024-10-16 19:47 ` Boqun Feng
2024-10-17 7:10 ` FUJITA Tomonori
2024-10-17 8:22 ` Alice Ryhl
2024-10-17 16:45 ` Miguel Ojeda
2024-10-23 1:58 ` FUJITA Tomonori
2024-10-16 20:03 ` Boqun Feng
2024-10-17 9:17 ` FUJITA Tomonori
2024-10-16 3:52 ` [PATCH net-next v3 4/8] rust: time: Implement addition of Ktime and Delta FUJITA Tomonori
2024-10-16 8:25 ` Alice Ryhl
2024-10-16 19:54 ` Boqun Feng
2024-10-17 9:31 ` FUJITA Tomonori
2024-10-17 9:33 ` Alice Ryhl
2024-10-17 16:33 ` Miguel Ojeda
2024-10-17 17:03 ` Boqun Feng
2024-10-17 18:10 ` Miguel Ojeda [this message]
2024-10-17 19:02 ` Boqun Feng
2024-10-17 18:58 ` Miguel Ojeda
2024-10-25 20:47 ` Boqun Feng
2024-10-23 6:51 ` FUJITA Tomonori
2024-10-23 10:59 ` Miguel Ojeda
2024-10-23 11:24 ` FUJITA Tomonori
2024-10-16 3:52 ` [PATCH net-next v3 5/8] rust: time: Add wrapper for fsleep function FUJITA Tomonori
2024-10-16 8:29 ` Alice Ryhl
2024-10-16 9:42 ` Miguel Ojeda
2024-10-24 0:22 ` FUJITA Tomonori
2024-10-24 17:26 ` Miguel Ojeda
2024-10-23 12:33 ` FUJITA Tomonori
2024-10-18 14:05 ` Andrew Lunn
2024-10-16 3:52 ` [PATCH net-next v3 6/8] MAINTAINERS: rust: Add TIMEKEEPING and TIMER abstractions FUJITA Tomonori
2024-10-16 3:52 ` [PATCH net-next v3 7/8] rust: Add read_poll_timeout functions FUJITA Tomonori
2024-10-16 8:37 ` Alice Ryhl
2024-10-18 14:16 ` FUJITA Tomonori
2024-10-16 8:45 ` Alice Ryhl
2024-10-16 8:52 ` Alice Ryhl
2024-10-16 11:05 ` Miguel Ojeda
2024-10-18 8:10 ` FUJITA Tomonori
2024-10-18 8:30 ` Alice Ryhl
2024-10-18 14:15 ` Andrew Lunn
2024-10-18 14:38 ` Miguel Ojeda
2024-10-18 14:21 ` Andrew Lunn
2024-10-16 3:52 ` [PATCH net-next v3 8/8] net: phy: qt2025: Wait until PHY becomes ready FUJITA Tomonori
2024-10-16 12:00 ` Alice Ryhl
2024-10-18 14:26 ` [PATCH net-next v3 0/8] rust: Add IO polling Andrew Lunn
2024-10-23 4:01 ` FUJITA Tomonori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CANiq72kAL8OWCerpXYOeJDcHZNdT+QRj6Vw3YUBYiQG+hgYcVA@mail.gmail.com \
--to=miguel.ojeda.sandonis@gmail.com \
--cc=a.hindborg@samsung.com \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=andrew@lunn.ch \
--cc=anna-maria@linutronix.de \
--cc=arnd@arndb.de \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=frederic@kernel.org \
--cc=fujita.tomonori@gmail.com \
--cc=gary@garyguo.net \
--cc=hkallweit1@gmail.com \
--cc=jstultz@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=sboyd@kernel.org \
--cc=tglx@linutronix.de \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).