diff options
| author | Lyude Paul <lyude@redhat.com> | 2025-08-20 16:26:43 -0400 |
|---|---|---|
| committer | Andreas Hindborg <a.hindborg@kernel.org> | 2025-09-04 16:56:48 +0200 |
| commit | 22b65a40574e597e1919ca22cc3535c2b541f764 (patch) | |
| tree | 4830574870c357f63266cfbff38d3aca94387f16 /rust/kernel | |
| parent | 4b0147494275fdbea98305f4ddad7e2def7b556f (diff) | |
rust: time: Implement Add<Delta>/Sub<Delta> for Instant
In order to copy the behavior rust currently follows for basic arithmetic
operations and panic if the result of an addition or subtraction results in
a value that would violate the invariants of Instant, but only if the
kernel has overflow checking for rust enabled.
Signed-off-by: Lyude Paul <lyude@redhat.com>
Reviewed-by: Alice Ryhl <aliceryhl@google.com>
Reviewed-by: FUJITA Tomonori <fujita.tomonori@gmail.com>
Reviewed-by: Andreas Hindborg <a.hindborg@kernel.org>
Reviewed-by: Daniel Almeida <daniel.almeida@collabora.com>
Link: https://lore.kernel.org/r/20250820203704.731588-2-lyude@redhat.com
Signed-off-by: Andreas Hindborg <a.hindborg@kernel.org>
Diffstat (limited to 'rust/kernel')
| -rw-r--r-- | rust/kernel/time.rs | 43 |
1 files changed, 42 insertions, 1 deletions
diff --git a/rust/kernel/time.rs b/rust/kernel/time.rs index 7320d8715bcc..642c42a520a8 100644 --- a/rust/kernel/time.rs +++ b/rust/kernel/time.rs @@ -25,6 +25,7 @@ //! C header: [`include/linux/ktime.h`](srctree/include/linux/ktime.h). use core::marker::PhantomData; +use core::ops; pub mod delay; pub mod hrtimer; @@ -224,7 +225,7 @@ impl<C: ClockSource> Instant<C> { } } -impl<C: ClockSource> core::ops::Sub for Instant<C> { +impl<C: ClockSource> ops::Sub for Instant<C> { type Output = Delta; // By the type invariant, it never overflows. @@ -236,6 +237,46 @@ impl<C: ClockSource> core::ops::Sub for Instant<C> { } } +impl<T: ClockSource> ops::Add<Delta> for Instant<T> { + type Output = Self; + + #[inline] + fn add(self, rhs: Delta) -> Self::Output { + // INVARIANT: With arithmetic over/underflow checks enabled, this will panic if we overflow + // (e.g. go above `KTIME_MAX`) + let res = self.inner + rhs.nanos; + + // INVARIANT: With overflow checks enabled, we verify here that the value is >= 0 + #[cfg(CONFIG_RUST_OVERFLOW_CHECKS)] + assert!(res >= 0); + + Self { + inner: res, + _c: PhantomData, + } + } +} + +impl<T: ClockSource> ops::Sub<Delta> for Instant<T> { + type Output = Self; + + #[inline] + fn sub(self, rhs: Delta) -> Self::Output { + // INVARIANT: With arithmetic over/underflow checks enabled, this will panic if we overflow + // (e.g. go above `KTIME_MAX`) + let res = self.inner - rhs.nanos; + + // INVARIANT: With overflow checks enabled, we verify here that the value is >= 0 + #[cfg(CONFIG_RUST_OVERFLOW_CHECKS)] + assert!(res >= 0); + + Self { + inner: res, + _c: PhantomData, + } + } +} + /// A span of time. /// /// This struct represents a span of time, with its value stored as nanoseconds. |