Rollup merge of #124701 - scottmcm:unchecked_sub_docs, r=Nilstrieb

Docs: suggest `uN::checked_sub` instead of check-then-unchecked As of #124114 it's exactly the same in codegen, so might as well not use `unsafe`. Note that this is only for *unsigned*, since the overflow conditions for `iN::checked_sub` are more complicated.
2024-05-04 12:37:24 +02:00 · 2024-05-04 12:37:24 +02:00 · 5f4f4fbb98
commit 5f4f4fbb98
parent 770567101c e1c833eb07
1 changed files with 25 additions and 0 deletions
--- a/library/core/src/num/uint_macros.rs
+++ b/library/core/src/num/uint_macros.rs
@ -636,6 +636,31 @@ pub const fn strict_sub(self, rhs: Self) -> Self {
        /// If you're just trying to avoid the panic in debug mode, then **do not**
        /// use this.  Instead, you're looking for [`wrapping_sub`].
        ///
+        /// If you find yourself writing code like this:
+        ///
+        /// ```
+        /// # let foo = 30_u32;
+        /// # let bar = 20;
+        /// if foo >= bar {
+        ///     // SAFETY: just checked it will not overflow
+        ///     let diff = unsafe { foo.unchecked_sub(bar) };
+        ///     // ... use diff ...
+        /// }
+        /// ```
+        ///
+        /// Consider changing it to
+        ///
+        /// ```
+        /// # let foo = 30_u32;
+        /// # let bar = 20;
+        /// if let Some(diff) = foo.checked_sub(bar) {
+        ///     // ... use diff ...
+        /// }
+        /// ```
+        ///
+        /// As that does exactly the same thing -- including telling the optimizer
+        /// that the subtraction cannot overflow -- but avoids needing `unsafe`.
+        ///
        /// # Safety
        ///
        /// This results in undefined behavior when