Implement build-time error and assertion

Signed-off-by: Gary Guo <[email protected]>

Author: nbdd0121

lib/Kconfig.debug

@@ -2641,6 +2641,43 @@ config RUST_OPT_LEVEL_Z
 
 endchoice
 
+choice
+	prompt "Build-time assertions"
+	default RUST_BUILD_ASSERT_ALLOW if RUST_OPT_LEVEL_0
+	default RUST_BUILD_ASSERT_DENY if !RUST_OPT_LEVEL_0
+	help
+	  Controls how are `build_error` and `build_assert!` handled during build.
+
+	  If calls to them exist in the binary, it may indicates a violated invariant
+	  or that the optimizer fails to verify the invariant during compilation.
+	  You can choose to abort compilation or ignore them during build and let the
+	  check be carried to runtime.
+
+	  If optimizations are turned off, you cannot select "Deny".
+
+	  If unsure, say "Deny".
+
+config RUST_BUILD_ASSERT_ALLOW
+	bool "Allow"
+	help
+	  Unoptimized calls to `build_error` will be converted to `panic!`
+	  and checked at runtime.
+
+config RUST_BUILD_ASSERT_WARN
+	bool "Warn"
+	help
+	  Unoptimized calls to `build_error` will be converted to `panic!`
+	  and checked at runtime, but warnings will be generated when building.
+
+config RUST_BUILD_ASSERT_DENY
+	bool "Deny"
+	depends on !RUST_OPT_LEVEL_0
+	help
+	  Unoptimized calls to `build_error` will abort compilation.
+
+endchoice
+
+
 endmenu # "Rust"
 
 source "Documentation/Kconfig"

rust/Makefile

@@ -9,6 +9,10 @@ extra-$(CONFIG_RUST) += bindings_generated.rs
 obj-$(CONFIG_RUST) += alloc.o kernel.o
 extra-$(CONFIG_RUST) += exports_alloc_generated.h exports_kernel_generated.h
 
+ifndef CONFIG_RUST_BUILD_ASSERT_DENY
+obj-$(CONFIG_RUST) += build_assert.o
+endif
+
 obj-$(CONFIG_RUST) += exports.o
 
 RUSTDOC = rustdoc
@@ -32,6 +36,7 @@ rustdoc-compiler_builtins: $(srctree)/rust/compiler_builtins.rs FORCE
 	$(call if_changed,rustdoc)
 
 rustdoc-kernel: private rustdoc_target_flags = --extern alloc \
+    --extern build_assert \
     --extern module=$(objtree)/rust/libmodule.so
 rustdoc-kernel: $(srctree)/rust/kernel/lib.rs rustdoc-module \
     $(objtree)/rust/libmodule.so $(objtree)/rust/bindings_generated.rs FORCE
@@ -147,9 +152,15 @@ $(objtree)/rust/alloc.o: $$(RUST_LIB_SRC)/alloc/src/lib.rs \
     $(objtree)/rust/compiler_builtins.o FORCE
 	$(call if_changed_dep,rustc_library)
 
+$(objtree)/rust/build_assert.o: $(srctree)/rust/build_assert.rs \
+    $(objtree)/rust/compiler_builtins.o FORCE
+	$(call if_changed_dep,rustc_library)
+
 # ICE on `--extern module`: https://github.com/rust-lang/rust/issues/56935
 $(objtree)/rust/kernel.o: private rustc_target_flags = --extern alloc \
+    --extern build_assert \
     --extern module=$(objtree)/rust/libmodule.so
 $(objtree)/rust/kernel.o: $(srctree)/rust/kernel/lib.rs $(objtree)/rust/alloc.o \
+    $(objtree)/rust/build_assert.o \
     $(objtree)/rust/libmodule.so $(objtree)/rust/bindings_generated.rs FORCE
 	$(call if_changed_dep,rustc_library)

rust/build_assert.rs

@@ -0,0 +1,50 @@
+// SPDX-License-Identifier: GPL-2.0
+
+//! Build-time assertion.
+//!
+//! In Rust it is very common to use assertions extensively and defensively.
+//! Sometimes we know a condition could be checked statically, but it could not
+//! be enforced in Rust (e.g. perform some checks in const functions, but those
+//! functions could still be called in the runtime).
+//!
+//! This crate provides a method `build_error`, which will panic in
+//! compile-time if executed in const context, and will cause a build error
+//! if not executed in compile time and optimizer does not optimise away the
+//! call.
+
+#![no_std]
+#![feature(const_panic, core_panic)]
+
+/// Panics if executed in const context, or triggers a build error if not.
+#[inline(never)]
+#[no_mangle]
+#[track_caller]
+pub const fn build_error(msg: &'static str) {
+    // Could also be panic!(msg) to avoid using unstable feature `core_panic`,
+    // but it is not allowed in Rust 2021, while panic!("{}", msg) could not
+    // yet be used in const context.
+    core::panicking::panic(msg);
+}
+
+/// Asserts that a boolean expression is `true` at compile time.
+///
+/// This will invoke the [`build_error`] function if the compiler or optimizer
+/// cannot guarantee the condition will be evaluated to `true`.
+#[macro_export]
+macro_rules! build_assert {
+    ($cond:expr $(,)?) => {{
+        if !$cond {
+            $crate::build_error(concat!("assertion failed: ", stringify!($cond)));
+        }
+    }};
+    ($cond:expr, $msg:expr) => {{
+        if !$cond {
+            $crate::build_error($msg);
+        }
+    }};
+}
+
+#[cfg(CONFIG_RUST_BUILD_ASSERT_WARN)]
+#[link_section = ".gnu.warning.build_error"]
+#[used]
+static BUILD_ERROR_WARNING: [u8; 45] = *b"call to build_error present after compilation";

scripts/generate_rust_analyzer.py

@@ -71,11 +71,19 @@ def append_crate(display_name, root_module, is_workspace_member, deps, cfg):
     )
     crates[-1]["proc_macro_dylib_path"] = "rust/libmodule.so"
 
+    append_crate(
+        "build_assert",
+        srctree / "rust" / "build_assert.rs",
+        True,
+        ["core", "compiler_builtins"],
+        [],
+    )
+
     append_crate(
         "kernel",
         srctree / "rust" / "kernel" / "lib.rs",
         True,
-        ["core", "alloc", "module"],
+        ["core", "alloc", "module", "build_assert"],
         cfg,
     )
     crates[-1]["env"]["RUST_BINDINGS_FILE"] = str(bindings_file.resolve(True))