Commit 5016cae9 authored Jan 23, 2026 by Shivam Kalra Committed by Miguel Ojeda Jan 26, 2026

rust: num: bounded: clean __new documentation and comments



Following commit 3a1ec424 ("rust: num: bounded: mark __new as
unsafe"), remove the redundant paragraph in the documentation of __new now
that the Safety section explicitly covers the requirement.

Additionally, add an INVARIANT comment inside the function body where
the Bounded instance is actually constructed to document that the type
invariant is upheld.

Suggested-by: Miguel Ojeda <ojeda@kernel.org>
Link: https://lore.kernel.org/rust-for-linux/CANiq72mUCUh72BWP4eD1PTDpwdb1ML+Xgfom-Ys6thJooqQPwQ@mail.gmail.com/


Signed-off-by: Shivam Kalra <shivamklr@cock.li>
Acked-by: Alexandre Courbot <acourbot@nvidia.com>
Link: https://patch.msgid.link/20260123132132.53854-1-shivamklr@cock.li


[ Reworded slightly. - Miguel ]
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>

parent e440bc5c

rust/kernel/num/bounded.rs

+1 −3

Original line number	Diff line number	Diff line
		@@ -282,9 +282,6 @@ impl<T, const N: u32> Bounded<T, N>
		/// All instances of [`Bounded`] must be created through this method as it enforces most of the
		/// type invariants.
		///
		/// The caller remains responsible for checking, either statically or dynamically, that `value`
		/// can be represented as a `T` using at most `N` bits.
		///
		/// # Safety
		///
		/// The caller must ensure that `value` can be represented within `N` bits.
		@@ -297,6 +294,7 @@ impl<T, const N: u32> Bounded<T, N>
		assert!(N <= T::BITS);
		}

		// INVARIANT: The caller ensures `value` fits within `N` bits.
		Self(value)
		}