Re: [PATCH v2 1/6] rust: io: turn IoCapable into a functional trait

Next message: Krzysztof Kozlowski: "Re: [PATCH v1 2/3] dt-bindings: hwmon: pmbus/tps1689: Add TPS1689 support"
Previous message: Konrad Dybcio: "Re: [PATCH v2 1/4] soc: qcom: ice: Remove platform_driver support and expose as a pure library"
Next in thread: Danilo Krummrich: "Re: [PATCH v2 1/6] rust: io: turn IoCapable into a functional trait"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alexandre Courbot

Date: Thu Feb 12 2026 - 07:05:50 EST

Hi Lyude,

On Sat Feb 7, 2026 at 5:29 AM JST, lyude wrote:
> On Fri, 2026-02-06 at 15:00 +0900, Alexandre Courbot wrote:
>> `IoCapable<T>` is currently used as a marker trait to signal that the
>> methods of the `Io` trait corresponding to `T` have been overridden
>> by
>> the implementor (the default implementations triggering a build-time
>> error).
>>
>> This goes against the DRY principle and separates the signaling of
>> the
>> capability from its implementation, making it possible to forget a
>> step
>> while implementing a new `Io`.
>
> I realized another thing that might be missing from this series while
> porting the iosys_map code over: it seems like IoCapable is fine being
> a safe trait, but Io and IoKnownSize both seem like they should
> actually be unsafe traits. The main reason being that IoCapable doesn't
> actually provide any methods that provide a guarantee of being able to
> read/write from the IO space, but Io does - and IoKnownSize is making
> the guarantee the IO space is at least of size IoKnownSize::MIN_SIZE.

Mmm I think you are correct. For instance, nothing prevents someone from
implementing `Io` with bogus `addr()` and `maxsize()` methods, which
would trigger undefined behavior with purely safe code.

Danilo/Alice/Daniel: I suppose we want this before this series gets
merged? If so I will respin.