Skip to content

Commit cd1746b

Browse files
lukaslueglukaslueg
committed
Clarify unreachable_unchecked docs
1 parent 3615cb4 commit cd1746b

File tree

1 file changed

+16
-9
lines changed

1 file changed

+16
-9
lines changed

library/core/src/hint.rs

+16-9
Original file line numberDiff line numberDiff line change
@@ -10,10 +10,11 @@ use crate::intrinsics;
1010
///
1111
/// # Safety
1212
///
13-
/// Reaching this function is *Undefined Behavior* (UB). In particular, as the
14-
/// compiler assumes that all forms of Undefined Behavior can never happen, it
15-
/// will eliminate all branches which themselves reach a call to
16-
/// `unreachable_unchecked()`.
13+
/// Reaching this function is *Undefined Behavior*.
14+
///
15+
/// As the compiler assumes that all forms of Undefined Behavior can never
16+
/// happen, it will eliminate all branches in the surrounding code that it can
17+
/// determine will invariably lead to a call to `unreachable_unchecked()`.
1718
///
1819
/// If the assumptions embedded in using this function turn out to be wrong -
1920
/// that is, if the site which is calling `unreachable_unchecked()` is actually
@@ -40,15 +41,17 @@ use crate::intrinsics;
4041
/// divisors.retain(|divisor| *divisor != 0)
4142
/// }
4243
///
43-
/// fn do_computation(i: u32, divisors: &[u32]) -> u32 {
44+
/// /// # Safety
45+
/// /// All elements of `divisor` must be non-zero.
46+
/// unsafe fn do_computation(i: u32, divisors: &[u32]) -> u32 {
4447
/// divisors.iter().fold(i, |acc, divisor| {
4548
/// // Convince the compiler that a division by zero can't happen here
4649
/// // and a check is not needed below.
4750
/// if *divisor == 0 {
48-
/// // SAFETY: `divisor` can't be zero because of `prepare_inputs`,
51+
/// // Safety: `divisor` can't be zero because of `prepare_inputs`,
4952
/// // but the compiler does not know about this. We *promise*
5053
/// // that we always call `prepare_inputs`.
51-
/// unsafe { std::hint::unreachable_unchecked() }
54+
/// std::hint::unreachable_unchecked()
5255
/// }
5356
/// // The compiler would normally introduce a check here that prevents
5457
/// // a division by zero. However, if `divisor` was zero, the branch
@@ -61,11 +64,15 @@ use crate::intrinsics;
6164
///
6265
/// let mut divisors = vec![2, 0, 4];
6366
/// prepare_inputs(&mut divisors);
64-
/// assert_eq!(do_computation(100, &divisors), 12);
67+
/// let result = unsafe {
68+
/// // Safety: prepare_inputs() guarantees that divisors is non-zero
69+
/// do_computation(100, &divisors)
70+
/// };
71+
/// assert_eq!(result, 12);
6572
///
6673
/// ```
6774
///
68-
/// While using `unreachable_unchecked()` is perfectly safe in the following
75+
/// While using `unreachable_unchecked()` is perfectly sound in the following
6976
/// example, the compiler is able to prove that a division by zero is not
7077
/// possible. Benchmarking reveals that `unreachable_unchecked()` provides
7178
/// no benefit over using [`unreachable!`], while the latter does not introduce

0 commit comments

Comments
 (0)