Re: [PATCH 5/5] types: Add standard __ob_trap and __ob_wrap scalar types

Next message: Dmitry Baryshkov: "Re: [PATCH] ARM: dts: qcom: msm8960: expressatt: Add MAX17048 fuel gauge"
Previous message: Sean Christopherson: "Re: [PATCH 10/21] KVM: SEV: Move standard VM-scoped helpers to detect SEV+ guests to sev.c"
In reply to: Linus Torvalds: "Re: [PATCH 5/5] types: Add standard __ob_trap and __ob_wrap scalar types"
Next in thread: Kees Cook: "Re: [PATCH 5/5] types: Add standard __ob_trap and __ob_wrap scalar types"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Kees Cook

Date: Tue Mar 31 2026 - 14:44:14 EST

On Tue, Mar 31, 2026 at 07:47:44PM +0200, Miguel Ojeda wrote:
> In the Rust side, even if those "explicit" types like the
> `wrapping_u32` you suggest exist, we generally use the methods on the
> normal integers instead, e.g.
>
> i.wrapping_add(1)
>
> micros.saturating_mul(NSEC_PER_USEC)
>
> self.index.checked_mul(page::PAGE_SIZE)?
>
> etc.
>
> The advantage is precisely that it is more explicit and avoids
> confusing the operators when copy-pasting code and so on.
>
> So that could perhaps be an option? Kees et al. have been thinking
> about this for a long time as far as I recall.

I went through 7 revisions of creating helpers/accessors[1] (and
function-level annotations) and it ultimately went unused. From memory,
this was specifically from Jakub Kicinski (found breaking up readable
math statements into a series of helpers too bulky), Peter Zijlstra and
Mark Rutland (wanted strictly type-based system)[2].

Link: https://lore.kernel.org/lkml/?q=%22overflow%3A+Introduce+wrapping+helpers%22 [1]
Link: https://lore.kernel.org/lkml/20240424191740.3088894-4-keescook@xxxxxxxxxxxx/ [2]

I view accessors as a non-starter given the near universal pushback
against them in C.

--
Kees Cook