Hello, John, > On Sep 20, 2025, at 2:52 AM, John Hubbard <[email protected]> wrote: > > On 9/19/25 5:39 PM, Joel Fernandes wrote: >> On Tue, Sep 16, 2025 at 05:59:18AM -0400, Joel Fernandes wrote: >> [...] >>>>> In C also this is valid. If you passed a higher value than what the >>>>> bitfield can hold, the compiler will still just use the bits that it >>>>> needs and ignore the rest. >>>> >>>> In C we've got FIELD_{PREP,GET,MODIFY}, implementing the checks. >>>> So those who want to stay on safe side have a choice. >>> >>> Ah ok. We can add these checks then for the accessors, I will do so in v4. >> >> The C checks use BUILD_BUG_ON, in rust-for-linux we have build_assert but it >> is fragile and depends on the value being a constant. Since the setter API >> accepts a run-time value and not a constant, we cannot use this. >> >> Or, we can fail at runtime, but that requires changing the set_* to try_set_* >> and returning a Result instead of Self. Alternatively, we can have a debug >> option that panics if the setter API is misued. > > Please no...
True, it requires significant complication. > >> >> Thoughts? >> >> Or for the moment, we can keep it simple and filter out / ignore extra bits >> of the larger value passed (which is what nova-core's register macro bitfield >> implementation currently does anyway). >> > > Yes. Assuming that I'm not completely lost here, you are proposing to > simply truncate to the size of the bitfield--no panics, no warnings. And > that's perfectly fine here IMHO. Ok, thanks. Yeah truncate. This is what register macro also currently does for its bitfields. To the point Jury is making though, the C equivalents do have build checks. We could do that once he have a better build_assert in rust but until then.. hopefully this suffices. I am currently also research better ways of implementing build_assert. - Joel > > thanks, > -- > John Hubbard >
