On Tue, Sep 16, 2025 at 05:59:18AM -0400, Joel Fernandes wrote:
[...]
> > > In C also this is valid. If you passed a higher value than what the
> > > bitfield can hold, the compiler will still just use the bits that it
> > > needs and ignore the rest.
> >
> > In C we've got FIELD_{PREP,GET,MODIFY}, implementing the checks.
> > So those who want to stay on safe side have a choice.
>
> Ah ok. We can add these checks then for the accessors, I will do so in v4.
The C checks use BUILD_BUG_ON, in rust-for-linux we have build_assert but it
is fragile and depends on the value being a constant. Since the setter API
accepts a run-time value and not a constant, we cannot use this.
Or, we can fail at runtime, but that requires changing the set_* to try_set_*
and returning a Result instead of Self. Alternatively, we can have a debug
option that panics if the setter API is misued.
Thoughts?
Or for the moment, we can keep it simple and filter out / ignore extra bits
of the larger value passed (which is what nova-core's register macro bitfield
implementation currently does anyway).
thanks,
- Joel
