Re: [PATCH v4 6/6] rust: bitfield: Use 'as' operator for setter type conversion

Next message: Mathieu Poirier: "Re: [PATCH] mailbox: check mailbox queue is full or not"
Previous message: Tony Battersby: "[PATCH v2 12/16] scsi: qla2xxx: fix invalid memory access with big CDBs"
In reply to: Miguel Ojeda: "Re: [PATCH v4 6/6] rust: bitfield: Use 'as' operator for setter type conversion"
Next in thread: Miguel Ojeda: "Re: [PATCH v4 6/6] rust: bitfield: Use 'as' operator for setter type conversion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alexandre Courbot

Date: Mon Sep 29 2025 - 10:45:03 EST

On Mon Sep 29, 2025 at 10:59 PM JST, Miguel Ojeda wrote:
> On Sat, Sep 20, 2025 at 8:23 PM Joel Fernandes <joelagnelf@xxxxxxxxxx> wrote:
>>
>> The bitfield macro's setter currently uses the From trait for type
>> conversion, which is overly restrictive and prevents use cases such as
>> narrowing conversions (e.g., u32 storage size to u8 field size) which
>> aren't supported by From.
>
> Being restrictive is a good thing

On that note, I have been wondering whether we should not push the
restriction up to having bounded primitive types with only a set number
of bits valid, e.g. `bound_u8::<2>` is guaranteed to only contain values
in the range `0..=3`.

Getters and setters would use these types depending on the number of
bits of the field, meaning that a caller would have to validate the
value they want to write if it does not implement e.g.
`Into<bound_u8<2>>`.

A bit radical maybe, but correcness ensues. :)