lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250622222023.29071-1-contact@antoniohickey.com>
Date: Sun, 22 Jun 2025 22:20:30 +0000
From: Antonio Hickey <contact@...oniohickey.com>
To: tamird@...il.com
Cc: a.hindborg@...nel.org, alex.gaynor@...il.com, aliceryhl@...gle.com, bjorn3_gh@...tonmail.com, boqun.feng@...il.com, contact@...oniohickey.com, dakr@...nel.org, danielstonecote@...il.com, gary@...yguo.net, linux-kernel@...r.kernel.org, lossin@...nel.org, ojeda@...nel.org, rust-for-linux@...r.kernel.org, tmgross@...ch.edu
Subject: Re: [PATCH v3 1/2] rust: kernel: create `overflow_assert!` macro

On Sun 22 Jun 13:48, Tamir Duberstein wrote:
> On Sat, Jun 21, 2025 at 7:06 PM Antonio Hickey
> <contact@...oniohickey.com> wrote:
> > +//! Overflow assert.
> 
> s/assert/assertion/
> 
> AFAIK the standard library always uses assertion where a noun is
> needed, and assert where a verb is needed.
> 

Reasonable, I'll fix this verbage in my next version.

> > +/// Verifies at runtime that an expression is within an expected bound.
> > +///
> > +/// This macro is only active when `CONFIG_RUST_OVERFLOW_CHECKS` is enabled.
> > +///
> > +/// # Examples
> > +///
> > +/// ```
> > +/// overflow_assert!(3 <= 10);
> > +/// overflow_assert!(5 <= 5);
> > +///
> > +/// const X: u8 = 5;
> > +/// overflow_assert!(X + 3 < 10);
> > +///
> > +/// const fn f(x: i32) -> i32 {
> > +///     x + 1
> > +/// }
> > +/// overflow_assert!(f(40) < 42);
> > +/// ```
> > +#[macro_export]
> > +macro_rules! overflow_assert {
> > +    ($cond:expr) => {
> > +        if cfg!(CONFIG_RUST_OVERFLOW_CHECKS) {
> > +            ::core::assert!(
> > +                $cond,
> > +                concat!("overflow assertion failed: ", stringify!($cond))
> 
> Can we still allow the caller to pass additional arguments to the
> macro, so that the overflowing value can be emitted? Alternatively if
> the expectation is that this macro is always used with a comparison
> operator perhaps we could have `overflow_assert_lt` and
> `overflow_assert_le` which provide panic messages containing the
> operand values?
> 

Me and Miguel discussed the `overflow_assert_le` and other variants in 
my previous v2 patch set[1]. We decided it would be best to just start 
with a more flexable general expression based variant of the macro for 
now, and consider other variants later. 

I agree we should expand this into more specific variants, so it would
document the intent of the assertions even more clearly.

[1] Link to Miguel's comment on a `overflow_assert_le` variant:
https://lore.kernel.org/all/CANiq72mvu54B=U+YCUmbFctj_wXgF5zjeE-BB-vHVnAP+3mPcQ@mail.gmail.com/

Thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ