Re: [PATCH 2/2] rust: add `const_assert!` macro

[Gary Guo]

On Fri Feb 13, 2026 at 9:16 AM CST, Yury Norov wrote:
> On Fri, Feb 06, 2026 at 05:12:50PM +0000, Gary Guo wrote:
>> From: Gary Guo <gary@xxxxxxxxxxx>
>> 
>> The macro is a more powerful version of `static_assert!` for use inside
>> function contexts. This is powered by inline consts, so enable the feature
>> for old compiler versions that does not have it stably.
>> 
>> The `build_assert!` doc is refined to recommend it where possible.
>
> This is a good place to actually explain where this thing is possible.
>  
>> While it is possible already to write `const { assert!(...) }`, this
>> provides a short hand that is more uniform with other assertions. It also
>> formats nicer with rustfmt where it will not be formatted into multiple
>> lines.
>> 
>> Two users that would route via the Rust tree are converted.
>> 
>> Signed-off-by: Gary Guo <gary@xxxxxxxxxxx>
>> ---
>>  rust/kernel/build_assert.rs | 55 +++++++++++++++++++++++++++++++++----
>>  rust/kernel/num/bounded.rs  | 24 ++++++----------
>>  rust/kernel/prelude.rs      |  2 +-
>>  rust/kernel/ptr.rs          | 18 ++++++------
>>  scripts/Makefile.build      |  3 +-
>>  5 files changed, 71 insertions(+), 31 deletions(-)
>> 
>> diff --git a/rust/kernel/build_assert.rs b/rust/kernel/build_assert.rs
>> index d464494d430a..e40f0227e1ef 100644
>> --- a/rust/kernel/build_assert.rs
>> +++ b/rust/kernel/build_assert.rs
>> @@ -41,6 +41,45 @@ macro_rules! static_assert {
>>      };
>>  }
>>  
>> +/// Assertion during constant evaluation.
>> +///
>> +/// This is a more powerful version of `static_assert` that can refer to generics inside functions
>> +/// or implementation blocks. However, it also have a limitation where it can only appear in places
>
> "However, it also has a limitation", I guess?
>
>> +/// where statements can appear; for example, you cannot use it as an item in the module.
>> +///
>> +/// [`static_assert!`] should be preferred where possible.
>> +///
>> +/// # Examples
>> +///
>> +/// When the condition refers to generic parameters [`static_assert!`] cannot be used.
>> +/// Use `const_assert!` in this scenario.
>> +/// ```
>> +/// fn foo<const N: usize>() {
>> +///     // `static_assert!(N > 1);` is not allowed
>> +///     const_assert!(N > 1); // Compile-time check
>> +///     build_assert!(N > 1); // Build-time check
>
> In the other email you say: the assertion failure mechanism is undefined
> symbol and linker error.
>
> So, maybe:
>
>      const_assert!(N > 1); // Build-time check at compilation
>      build_assert!(N > 1); // Build-time check at linkage
>
> Because compilation is a part of build process, and referring them one
> vs another may confuse.
>
>> +///     assert!(N > 1); // Run-time check
>> +/// }
>> +/// 
>> +///
>> +/// Note that `const_assert!` cannot be used when referring to function parameter, then
>> +/// `const_assert!` cannot be used even if the function is going to be called during const
>> +/// evaluation. Use `build_assert!` in this case.
>> +/// ```
>> +/// const fn foo(n: usize) {
>> +///     // `const_assert!(n > 1);` is not allowed
>> +///     build_assert!(n > 1);
>> +/// }
>> +///
>> +/// const _: () = foo(2); // Evaluate during const evaluation
>> +/// ```
>
> This part confused me the most. But after all, parameters in rust
> are never constants, and even if foo() is used with '2' only,  it
> appears to be a non-constant from the const_assert!() POV.

Yes. For example,

    const fn foo(x: u32) -> x {
        build_assert!(x > 1);
        x
    }

require use the `build_assert!()` because it act on value `x` which may not be
constant, as `foo` can be invoked by runtime code.

Therefore, body of const functions are not const context. However, they're still
restricted to perform only operations that can be performed during const
evaluation.

For language lawyers, this is the reference:
https://doc.rust-lang.org/reference/const_eval.html

>
> Seemingly, there are only 3 objects in the language that can be
> specified with the 'const': functions, items and generics. And
> const_assert!() makes sense (doesn't break the build) only for
> them.

Very close. `const_assert!()` can act on invocation of const functions on const
values, but not values inside const functions. So in the above example,
`const_assert!(x > 1)` inside `foo` is not okay, but `const_assert!(foo(2) > 1)`
is okay.

>
> So, the difference between const vs build assertions is that const
> version is only applicable to a certain type of objects and is
> supported by language.

Correct.

> Contrary, build_assert!() is not a part
> of the language and in fact is based on a linkage trick, while
> allows broader set of build-time expressions.

The reason that I want to omit "link-time" is that our `build_assert!()` *can*
still be checked before link-time. Again with example above, user can write

    static_assert!(foo(0) == 0);

which means that now `foo` is evaluated by the compiler. When this happens,
`build_assert!()` also abort the build during compilation time, not link-time.

Best,
Gary


>
> And altogether they make sense and even nice.
>
> Can you please consider to add the above passage to your reply in
> the other email, and place them in the documentation?
>
> With that (or without),
>
> Reviewed-by: Yury Norov <ynorov@xxxxxxxxxx>