lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aQkJxlaHoOdrlrWx@yury>
Date: Mon, 3 Nov 2025 15:00:06 -0500
From: Yury Norov <yury.norov@...il.com>
To: Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
Cc: Alexandre Courbot <acourbot@...dia.com>,
	Alice Ryhl <aliceryhl@...gle.com>,
	Danilo Krummrich <dakr@...nel.org>, Miguel Ojeda <ojeda@...nel.org>,
	Joel Fernandes <joelagnelf@...dia.com>,
	Jesung Yang <y.j3ms.n@...il.com>, Boqun Feng <boqun.feng@...il.com>,
	Gary Guo <gary@...yguo.net>,
	Björn Roy Baron <bjorn3_gh@...tonmail.com>,
	Benno Lossin <lossin@...nel.org>,
	Andreas Hindborg <a.hindborg@...nel.org>,
	Trevor Gross <tmgross@...ch.edu>, linux-kernel@...r.kernel.org,
	rust-for-linux@...r.kernel.org
Subject: Re: [PATCH 1/2] rust: add BitInt integer wrapping type

On Mon, Nov 03, 2025 at 02:43:04PM -0500, Yury Norov wrote:
> On Mon, Nov 03, 2025 at 03:54:08PM +0100, Miguel Ojeda wrote:
> > On Mon, Nov 3, 2025 at 3:26 PM Yury Norov <yury.norov@...il.com> wrote:
> > >
> > > This is exactly what the patch does:
> > 
> > No, there are no arithmetic conversions going on here in the sense of
> > C. It defines a particular operation for a set of types.
> > 
> > What you are seeing there is that literals, in Rust, do type
> > inference, and so the compiler picks a type:
> > 
> >     https://doc.rust-lang.org/reference/expressions/literal-expr.html#r-expr.literal.int.infer
> > 
> > Thus if you do:
> > 
> >     let v1 = BitInt::<u8, 4>::from_expr(15);
> >     let v2 = BitInt::<u16, 4>::from_expr(15);
> >     let i = 5;
> >     assert_eq!(v1 + i, 20);
> >     assert_eq!(v2 + i, 20);
> > 
> > That will not build, because `i` cannot have two types. But it will if
> > you comment one of the two asserts.
> > 
> > And if you do:
> > 
> >     let v = BitInt::<u16, 4>::from_expr(15);
> >     assert_eq!(v + 5u8, 20);
> > 
> > It will not build either -- there is not even "widening" going on from
> > `u8` to `u16` in this last example.
> 
> The current BitInt() allows this:
> 
>   let v = BitInt::<u32, 4>::new::<15>();
>   assert_eq!(v * 10, 150);
> 
> It looks and feels like C integer promotion. If Rust doesn't like it,
> we shouldn't allow such things with BitInt()s.

Sorry, send an unfinished answer.

So, 
     let v = BitInt::<u16, 4>::from_expr(5);
     assert_eq!(v + 5, 10);

is OK, 

     assert_eq!(v + 5u8, 10);

is a compile-time error, and 

     assert_eq!(v + 50, 55);

is OK, and in fact an integer promotion unwelcome in Rust.

This is not what I, as the user of BitInts(), would expect to see.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ