Auto merge of #56490 - faern:add-checked-add-to-instant, r=alexcrichton

bors · bors · commit f4b07e0713b2 · 2018-12-14T09:10:35.000Z
Add checked_add method to Instant time type Appending functionality to the already opened topic of `checked_add` on time types over at #55940. Doing checked addition between an `Instant` and a `Duration` is important to reliably determine a future instant. We could use this in the `parking_lot` crate to compute an instant when in the future to wake a thread up without risking a panic.
diff --git a/src/libstd/sys/cloudabi/condvar.rs b/src/libstd/sys/cloudabi/condvar.rs
@@ -13,7 +13,7 @@ use mem;
 use sync::atomic::{AtomicU32, Ordering};
 use sys::cloudabi::abi;
 use sys::mutex::{self, Mutex};
-use sys::time::dur2intervals;
+use sys::time::checked_dur2intervals;
 use time::Duration;
 
 extern "C" {
@@ -114,6 +114,8 @@ impl Condvar {
 
         // Call into the kernel to wait on the condition variable.
         let condvar = self.condvar.get();
+        let timeout = checked_dur2intervals(&dur)
+            .expect("overflow converting duration to nanoseconds");
         let subscriptions = [
             abi::subscription {
                 type_: abi::eventtype::CONDVAR,
@@ -132,7 +134,7 @@ impl Condvar {
                 union: abi::subscription_union {
                     clock: abi::subscription_clock {
                         clock_id: abi::clockid::MONOTONIC,
-                        timeout: dur2intervals(&dur),
+                        timeout,
                         ..mem::zeroed()
                     },
                 },
diff --git a/src/libstd/sys/cloudabi/thread.rs b/src/libstd/sys/cloudabi/thread.rs
@@ -16,7 +16,7 @@ use libc;
 use mem;
 use ptr;
 use sys::cloudabi::abi;
-use sys::time::dur2intervals;
+use sys::time::checked_dur2intervals;
 use sys_common::thread::*;
 use time::Duration;
 
@@ -70,13 +70,15 @@ impl Thread {
     }
 
     pub fn sleep(dur: Duration) {
+        let timeout = checked_dur2intervals(&dur)
+            .expect("overflow converting duration to nanoseconds");
         unsafe {
             let subscription = abi::subscription {
                 type_: abi::eventtype::CLOCK,
                 union: abi::subscription_union {
                     clock: abi::subscription_clock {
                         clock_id: abi::clockid::MONOTONIC,
-                        timeout: dur2intervals(&dur),
+                        timeout,
                         ..mem::zeroed()
                     },
                 },
diff --git a/src/libstd/sys/cloudabi/time.rs b/src/libstd/sys/cloudabi/time.rs
@@ -19,15 +19,10 @@ pub struct Instant {
     t: abi::timestamp,
 }
 
-fn checked_dur2intervals(dur: &Duration) -> Option<abi::timestamp> {
+pub fn checked_dur2intervals(dur: &Duration) -> Option<abi::timestamp> {
     dur.as_secs()
-        .checked_mul(NSEC_PER_SEC)
-        .and_then(|nanos| nanos.checked_add(dur.subsec_nanos() as abi::timestamp))
-}
-
-pub fn dur2intervals(dur: &Duration) -> abi::timestamp {
-    checked_dur2intervals(dur)
-        .expect("overflow converting duration to nanoseconds")
+        .checked_mul(NSEC_PER_SEC)?
+        .checked_add(dur.subsec_nanos() as abi::timestamp)
 }
 
 impl Instant {
@@ -47,20 +42,16 @@ impl Instant {
         Duration::new(diff / NSEC_PER_SEC, (diff % NSEC_PER_SEC) as u32)
     }
 
-    pub fn add_duration(&self, other: &Duration) -> Instant {
-        Instant {
-            t: self.t
-                .checked_add(dur2intervals(other))
-                .expect("overflow when adding duration to instant"),
-        }
+    pub fn checked_add_duration(&self, other: &Duration) -> Option<Instant> {
+        Some(Instant {
+            t: self.t.checked_add(checked_dur2intervals(other)?)?,
+        })
     }
 
-    pub fn sub_duration(&self, other: &Duration) -> Instant {
-        Instant {
-            t: self.t
-                .checked_sub(dur2intervals(other))
-                .expect("overflow when subtracting duration from instant"),
-        }
+    pub fn checked_sub_duration(&self, other: &Duration) -> Option<Instant> {
+        Some(Instant {
+            t: self.t.checked_sub(checked_dur2intervals(other)?)?,
+        })
     }
 }
 
@@ -95,23 +86,16 @@ impl SystemTime {
         }
     }
 
-    pub fn add_duration(&self, other: &Duration) -> SystemTime {
-        self.checked_add_duration(other)
-            .expect("overflow when adding duration to instant")
-    }
-
     pub fn checked_add_duration(&self, other: &Duration) -> Option<SystemTime> {
-        checked_dur2intervals(other)
-            .and_then(|d| self.t.checked_add(d))
-            .map(|t| SystemTime {t})
+        Some(SystemTime {
+            t: self.t.checked_add(checked_dur2intervals(other)?)?,
+        })
     }
 
-    pub fn sub_duration(&self, other: &Duration) -> SystemTime {
-        SystemTime {
-            t: self.t
-                .checked_sub(dur2intervals(other))
-                .expect("overflow when subtracting duration from instant"),
-        }
+    pub fn checked_sub_duration(&self, other: &Duration) -> Option<SystemTime> {
+        Some(SystemTime {
+            t: self.t.checked_sub(checked_dur2intervals(other)?)?,
+        })
     }
 }
 
diff --git a/src/libstd/sys/redox/time.rs b/src/libstd/sys/redox/time.rs
@@ -41,10 +41,6 @@ impl Timespec {
         }
     }
 
-    fn add_duration(&self, other: &Duration) -> Timespec {
-        self.checked_add_duration(other).expect("overflow when adding duration to time")
-    }
-
     fn checked_add_duration(&self, other: &Duration) -> Option<Timespec> {
         let mut secs = other
             .as_secs()
@@ -67,27 +63,25 @@ impl Timespec {
         })
     }
 
-    fn sub_duration(&self, other: &Duration) -> Timespec {
+    fn checked_sub_duration(&self, other: &Duration) -> Option<Timespec> {
         let mut secs = other
             .as_secs()
             .try_into() // <- target type would be `i64`
             .ok()
-            .and_then(|secs| self.t.tv_sec.checked_sub(secs))
-            .expect("overflow when subtracting duration from time");
+            .and_then(|secs| self.t.tv_sec.checked_sub(secs))?;
 
         // Similar to above, nanos can't overflow.
         let mut nsec = self.t.tv_nsec as i32 - other.subsec_nanos() as i32;
         if nsec < 0 {
             nsec += NSEC_PER_SEC as i32;
-            secs = secs.checked_sub(1).expect("overflow when subtracting \
-                                               duration from time");
+            secs = secs.checked_sub(1)?;
         }
-        Timespec {
+        Some(Timespec {
             t: syscall::TimeSpec {
                 tv_sec: secs,
                 tv_nsec: nsec as i32,
             },
-        }
+        })
     }
 }
 
@@ -150,12 +144,12 @@ impl Instant {
         })
     }
 
-    pub fn add_duration(&self, other: &Duration) -> Instant {
-        Instant { t: self.t.add_duration(other) }
+    pub fn checked_add_duration(&self, other: &Duration) -> Option<Instant> {
+        Some(Instant { t: self.t.checked_add_duration(other)? })
     }
 
-    pub fn sub_duration(&self, other: &Duration) -> Instant {
-        Instant { t: self.t.sub_duration(other) }
+    pub fn checked_sub_duration(&self, other: &Duration) -> Option<Instant> {
+        Some(Instant { t: self.t.checked_sub_duration(other)? })
     }
 }
 
@@ -178,16 +172,12 @@ impl SystemTime {
         self.t.sub_timespec(&other.t)
     }
 
-    pub fn add_duration(&self, other: &Duration) -> SystemTime {
-        SystemTime { t: self.t.add_duration(other) }
-    }
-
     pub fn checked_add_duration(&self, other: &Duration) -> Option<SystemTime> {
-        self.t.checked_add_duration(other).map(|t| SystemTime { t })
+        Some(SystemTime { t: self.t.checked_add_duration(other)? })
     }
 
-    pub fn sub_duration(&self, other: &Duration) -> SystemTime {
-        SystemTime { t: self.t.sub_duration(other) }
+    pub fn checked_sub_duration(&self, other: &Duration) -> Option<SystemTime> {
+        Some(SystemTime { t: self.t.checked_sub_duration(other)? })
     }
 }
 
diff --git a/src/libstd/sys/sgx/time.rs b/src/libstd/sys/sgx/time.rs
@@ -28,12 +28,12 @@ impl Instant {
         self.0 - other.0
     }
 
-    pub fn add_duration(&self, other: &Duration) -> Instant {
-        Instant(self.0 + *other)
+    pub fn checked_add_duration(&self, other: &Duration) -> Option<Instant> {
+        Some(Instant(self.0.checked_add(*other)?))
     }
 
-    pub fn sub_duration(&self, other: &Duration) -> Instant {
-        Instant(self.0 - *other)
+    pub fn checked_sub_duration(&self, other: &Duration) -> Option<Instant> {
+        Some(Instant(self.0.checked_sub(*other)?))
     }
 }
 
@@ -47,15 +47,11 @@ impl SystemTime {
         self.0.checked_sub(other.0).ok_or_else(|| other.0 - self.0)
     }
 
-    pub fn add_duration(&self, other: &Duration) -> SystemTime {
-        SystemTime(self.0 + *other)
-    }
-
     pub fn checked_add_duration(&self, other: &Duration) -> Option<SystemTime> {
-        self.0.checked_add(*other).map(|d| SystemTime(d))
+        Some(SystemTime(self.0.checked_add(*other)?))
     }
 
-    pub fn sub_duration(&self, other: &Duration) -> SystemTime {
-        SystemTime(self.0 - *other)
+    pub fn checked_sub_duration(&self, other: &Duration) -> Option<SystemTime> {
+        Some(SystemTime(self.0.checked_sub(*other)?))
     }
 }
diff --git a/src/libstd/sys/unix/time.rs b/src/libstd/sys/unix/time.rs
@@ -42,10 +42,6 @@ impl Timespec {
         }
     }
 
-    fn add_duration(&self, other: &Duration) -> Timespec {
-        self.checked_add_duration(other).expect("overflow when adding duration to time")
-    }
-
     fn checked_add_duration(&self, other: &Duration) -> Option<Timespec> {
         let mut secs = other
             .as_secs()
@@ -68,27 +64,25 @@ impl Timespec {
         })
     }
 
-    fn sub_duration(&self, other: &Duration) -> Timespec {
+    fn checked_sub_duration(&self, other: &Duration) -> Option<Timespec> {
         let mut secs = other
             .as_secs()
             .try_into() // <- target type would be `libc::time_t`
             .ok()
-            .and_then(|secs| self.t.tv_sec.checked_sub(secs))
-            .expect("overflow when subtracting duration from time");
+            .and_then(|secs| self.t.tv_sec.checked_sub(secs))?;
 
         // Similar to above, nanos can't overflow.
         let mut nsec = self.t.tv_nsec as i32 - other.subsec_nanos() as i32;
         if nsec < 0 {
             nsec += NSEC_PER_SEC as i32;
-            secs = secs.checked_sub(1).expect("overflow when subtracting \
-                                               duration from time");
+            secs = secs.checked_sub(1)?;
         }
-        Timespec {
+        Some(Timespec {
             t: libc::timespec {
                 tv_sec: secs,
                 tv_nsec: nsec as _,
             },
-        }
+        })
     }
 }
 
@@ -165,18 +159,16 @@ mod inner {
             Duration::new(nanos / NSEC_PER_SEC, (nanos % NSEC_PER_SEC) as u32)
         }
 
-        pub fn add_duration(&self, other: &Duration) -> Instant {
-            Instant {
-                t: self.t.checked_add(dur2intervals(other))
-                       .expect("overflow when adding duration to instant"),
-            }
+        pub fn checked_add_duration(&self, other: &Duration) -> Option<Instant> {
+            Some(Instant {
+                t: self.t.checked_add(checked_dur2intervals(other)?)?,
+            })
         }
 
-        pub fn sub_duration(&self, other: &Duration) -> Instant {
-            Instant {
-                t: self.t.checked_sub(dur2intervals(other))
-                       .expect("overflow when subtracting duration from instant"),
-            }
+        pub fn checked_sub_duration(&self, other: &Duration) -> Option<Instant> {
+            Some(Instant {
+                t: self.t.checked_sub(checked_dur2intervals(other)?)?,
+            })
         }
     }
 
@@ -199,16 +191,12 @@ mod inner {
             self.t.sub_timespec(&other.t)
         }
 
-        pub fn add_duration(&self, other: &Duration) -> SystemTime {
-            SystemTime { t: self.t.add_duration(other) }
-        }
-
         pub fn checked_add_duration(&self, other: &Duration) -> Option<SystemTime> {
-            self.t.checked_add_duration(other).map(|t| SystemTime { t })
+            Some(SystemTime { t: self.t.checked_add_duration(other)? })
         }
 
-        pub fn sub_duration(&self, other: &Duration) -> SystemTime {
-            SystemTime { t: self.t.sub_duration(other) }
+        pub fn checked_sub_duration(&self, other: &Duration) -> Option<SystemTime> {
+            Some(SystemTime { t: self.t.checked_sub_duration(other)? })
         }
     }
 
@@ -236,12 +224,12 @@ mod inner {
         }
     }
 
-    fn dur2intervals(dur: &Duration) -> u64 {
+    fn checked_dur2intervals(dur: &Duration) -> Option<u64> {
+        let nanos = dur.as_secs()
+            .checked_mul(NSEC_PER_SEC)?
+            .checked_add(dur.subsec_nanos() as u64)?;
         let info = info();
-        let nanos = dur.as_secs().checked_mul(NSEC_PER_SEC).and_then(|nanos| {
-            nanos.checked_add(dur.subsec_nanos() as u64)
-        }).expect("overflow converting duration to nanoseconds");
-        mul_div_u64(nanos, info.denom as u64, info.numer as u64)
+        Some(mul_div_u64(nanos, info.denom as u64, info.numer as u64))
     }
 
     fn info() -> &'static libc::mach_timebase_info {
@@ -299,12 +287,12 @@ mod inner {
             })
         }
 
-        pub fn add_duration(&self, other: &Duration) -> Instant {
-            Instant { t: self.t.add_duration(other) }
+        pub fn checked_add_duration(&self, other: &Duration) -> Option<Instant> {
+            Some(Instant { t: self.t.checked_add_duration(other)? })
         }
 
-        pub fn sub_duration(&self, other: &Duration) -> Instant {
-            Instant { t: self.t.sub_duration(other) }
+        pub fn checked_sub_duration(&self, other: &Duration) -> Option<Instant> {
+            Some(Instant { t: self.t.checked_sub_duration(other)? })
         }
     }
 
@@ -327,16 +315,12 @@ mod inner {
             self.t.sub_timespec(&other.t)
         }
 
-        pub fn add_duration(&self, other: &Duration) -> SystemTime {
-            SystemTime { t: self.t.add_duration(other) }
-        }
-
         pub fn checked_add_duration(&self, other: &Duration) -> Option<SystemTime> {
-            self.t.checked_add_duration(other).map(|t| SystemTime { t })
+            Some(SystemTime { t: self.t.checked_add_duration(other)? })
         }
 
-        pub fn sub_duration(&self, other: &Duration) -> SystemTime {
-            SystemTime { t: self.t.sub_duration(other) }
+        pub fn checked_sub_duration(&self, other: &Duration) -> Option<SystemTime> {
+            Some(SystemTime { t: self.t.checked_sub_duration(other)? })
         }
     }
 
diff --git a/src/libstd/sys/wasm/time.rs b/src/libstd/sys/wasm/time.rs
diff --git a/src/libstd/sys/windows/time.rs b/src/libstd/sys/windows/time.rs
diff --git a/src/libstd/time.rs b/src/libstd/time.rs

Original file line number	Diff line number	Diff line change
`@@ -41,10 +41,6 @@ impl Timespec {`
`41`	`41`	`}`
`42`	`42`	`}`
`43`	`43`
`44`		`- fn add_duration(&self, other: &Duration) -> Timespec {`
`45`		`- self.checked_add_duration(other).expect("overflow when adding duration to time")`
`46`		`- }`
`47`		`-`
`48`	`44`	`fn checked_add_duration(&self, other: &Duration) -> Option<Timespec> {`
`49`	`45`	`let mut secs = other`
`50`	`46`	`.as_secs()`
`@@ -67,27 +63,25 @@ impl Timespec {`
`67`	`63`	`})`
`68`	`64`	`}`
`69`	`65`
`70`		`- fn sub_duration(&self, other: &Duration) -> Timespec {`
	`66`	`+ fn checked_sub_duration(&self, other: &Duration) -> Option<Timespec> {`
`71`	`67`	`let mut secs = other`
`72`	`68`	`.as_secs()`
`73`	`69`	.try_into() // <- target type would be `i64`
`74`	`70`	`.ok()`
`75`		`- .and_then(\|secs\| self.t.tv_sec.checked_sub(secs))`
`76`		`- .expect("overflow when subtracting duration from time");`
	`71`	`+ .and_then(\|secs\| self.t.tv_sec.checked_sub(secs))?;`
`77`	`72`
`78`	`73`	`// Similar to above, nanos can't overflow.`
`79`	`74`	`let mut nsec = self.t.tv_nsec as i32 - other.subsec_nanos() as i32;`
`80`	`75`	`if nsec < 0 {`
`81`	`76`	`nsec += NSEC_PER_SEC as i32;`
`82`		`- secs = secs.checked_sub(1).expect("overflow when subtracting \`
`83`		`- duration from time");`
	`77`	`+ secs = secs.checked_sub(1)?;`
`84`	`78`	`}`
`85`		`- Timespec {`
	`79`	`+ Some(Timespec {`
`86`	`80`	`t: syscall::TimeSpec {`
`87`	`81`	`tv_sec: secs,`
`88`	`82`	`tv_nsec: nsec as i32,`
`89`	`83`	`},`
`90`		`- }`
	`84`	`+ })`
`91`	`85`	`}`
`92`	`86`	`}`
`93`	`87`
`@@ -150,12 +144,12 @@ impl Instant {`
`150`	`144`	`})`
`151`	`145`	`}`
`152`	`146`
`153`		`- pub fn add_duration(&self, other: &Duration) -> Instant {`
`154`		`- Instant { t: self.t.add_duration(other) }`
	`147`	`+ pub fn checked_add_duration(&self, other: &Duration) -> Option<Instant> {`
	`148`	`+ Some(Instant { t: self.t.checked_add_duration(other)? })`
`155`	`149`	`}`
`156`	`150`
`157`		`- pub fn sub_duration(&self, other: &Duration) -> Instant {`
`158`		`- Instant { t: self.t.sub_duration(other) }`
	`151`	`+ pub fn checked_sub_duration(&self, other: &Duration) -> Option<Instant> {`
	`152`	`+ Some(Instant { t: self.t.checked_sub_duration(other)? })`
`159`	`153`	`}`
`160`	`154`	`}`
`161`	`155`
`@@ -178,16 +172,12 @@ impl SystemTime {`
`178`	`172`	`self.t.sub_timespec(&other.t)`
`179`	`173`	`}`
`180`	`174`
`181`		`- pub fn add_duration(&self, other: &Duration) -> SystemTime {`
`182`		`- SystemTime { t: self.t.add_duration(other) }`
`183`		`- }`
`184`		`-`
`185`	`175`	`pub fn checked_add_duration(&self, other: &Duration) -> Option<SystemTime> {`
`186`		`- self.t.checked_add_duration(other).map(\|t\| SystemTime { t })`
	`176`	`+ Some(SystemTime { t: self.t.checked_add_duration(other)? })`
`187`	`177`	`}`
`188`	`178`
`189`		`- pub fn sub_duration(&self, other: &Duration) -> SystemTime {`
`190`		`- SystemTime { t: self.t.sub_duration(other) }`
	`179`	`+ pub fn checked_sub_duration(&self, other: &Duration) -> Option<SystemTime> {`
	`180`	`+ Some(SystemTime { t: self.t.checked_sub_duration(other)? })`
`191`	`181`	`}`
`192`	`182`	`}`
`193`	`183`
Original file line number	Diff line number	Diff line change
`@@ -28,12 +28,12 @@ impl Instant {`
`28`	`28`	`self.0 - other.0`
`29`	`29`	`}`
`30`	`30`
`31`		`- pub fn add_duration(&self, other: &Duration) -> Instant {`
`32`		`- Instant(self.0 + *other)`
	`31`	`+ pub fn checked_add_duration(&self, other: &Duration) -> Option<Instant> {`
	`32`	`+ Some(Instant(self.0.checked_add(*other)?))`
`33`	`33`	`}`
`34`	`34`
`35`		`- pub fn sub_duration(&self, other: &Duration) -> Instant {`
`36`		`- Instant(self.0 - *other)`
	`35`	`+ pub fn checked_sub_duration(&self, other: &Duration) -> Option<Instant> {`
	`36`	`+ Some(Instant(self.0.checked_sub(*other)?))`
`37`	`37`	`}`
`38`	`38`	`}`
`39`	`39`
`@@ -47,15 +47,11 @@ impl SystemTime {`
`47`	`47`	`self.0.checked_sub(other.0).ok_or_else(\|\| other.0 - self.0)`
`48`	`48`	`}`
`49`	`49`
`50`		`- pub fn add_duration(&self, other: &Duration) -> SystemTime {`
`51`		`- SystemTime(self.0 + *other)`
`52`		`- }`
`53`		`-`
`54`	`50`	`pub fn checked_add_duration(&self, other: &Duration) -> Option<SystemTime> {`
`55`		`- self.0.checked_add(*other).map(\|d\| SystemTime(d))`
	`51`	`+ Some(SystemTime(self.0.checked_add(*other)?))`
`56`	`52`	`}`
`57`	`53`
`58`		`- pub fn sub_duration(&self, other: &Duration) -> SystemTime {`
`59`		`- SystemTime(self.0 - *other)`
	`54`	`+ pub fn checked_sub_duration(&self, other: &Duration) -> Option<SystemTime> {`
	`55`	`+ Some(SystemTime(self.0.checked_sub(*other)?))`
`60`	`56`	`}`
`61`	`57`	`}`
Original file line number	Diff line number	Diff line change
`@@ -42,10 +42,6 @@ impl Timespec {`
`42`	`42`	`}`
`43`	`43`	`}`
`44`	`44`
`45`		`- fn add_duration(&self, other: &Duration) -> Timespec {`
`46`		`- self.checked_add_duration(other).expect("overflow when adding duration to time")`
`47`		`- }`
`48`		`-`
`49`	`45`	`fn checked_add_duration(&self, other: &Duration) -> Option<Timespec> {`
`50`	`46`	`let mut secs = other`
`51`	`47`	`.as_secs()`
`@@ -68,27 +64,25 @@ impl Timespec {`
`68`	`64`	`})`
`69`	`65`	`}`
`70`	`66`
`71`		`- fn sub_duration(&self, other: &Duration) -> Timespec {`
	`67`	`+ fn checked_sub_duration(&self, other: &Duration) -> Option<Timespec> {`
`72`	`68`	`let mut secs = other`
`73`	`69`	`.as_secs()`
`74`	`70`	.try_into() // <- target type would be `libc::time_t`
`75`	`71`	`.ok()`
`76`		`- .and_then(\|secs\| self.t.tv_sec.checked_sub(secs))`
`77`		`- .expect("overflow when subtracting duration from time");`
	`72`	`+ .and_then(\|secs\| self.t.tv_sec.checked_sub(secs))?;`
`78`	`73`
`79`	`74`	`// Similar to above, nanos can't overflow.`
`80`	`75`	`let mut nsec = self.t.tv_nsec as i32 - other.subsec_nanos() as i32;`
`81`	`76`	`if nsec < 0 {`
`82`	`77`	`nsec += NSEC_PER_SEC as i32;`
`83`		`- secs = secs.checked_sub(1).expect("overflow when subtracting \`
`84`		`- duration from time");`
	`78`	`+ secs = secs.checked_sub(1)?;`
`85`	`79`	`}`
`86`		`- Timespec {`
	`80`	`+ Some(Timespec {`
`87`	`81`	`t: libc::timespec {`
`88`	`82`	`tv_sec: secs,`
`89`	`83`	`tv_nsec: nsec as _,`
`90`	`84`	`},`
`91`		`- }`
	`85`	`+ })`
`92`	`86`	`}`
`93`	`87`	`}`
`94`	`88`
`@@ -165,18 +159,16 @@ mod inner {`
`165`	`159`	`Duration::new(nanos / NSEC_PER_SEC, (nanos % NSEC_PER_SEC) as u32)`
`166`	`160`	`}`
`167`	`161`
`168`		`- pub fn add_duration(&self, other: &Duration) -> Instant {`
`169`		`- Instant {`
`170`		`- t: self.t.checked_add(dur2intervals(other))`
`171`		`- .expect("overflow when adding duration to instant"),`
`172`		`- }`
	`162`	`+ pub fn checked_add_duration(&self, other: &Duration) -> Option<Instant> {`
	`163`	`+ Some(Instant {`
	`164`	`+ t: self.t.checked_add(checked_dur2intervals(other)?)?,`
	`165`	`+ })`
`173`	`166`	`}`
`174`	`167`
`175`		`- pub fn sub_duration(&self, other: &Duration) -> Instant {`
`176`		`- Instant {`
`177`		`- t: self.t.checked_sub(dur2intervals(other))`
`178`		`- .expect("overflow when subtracting duration from instant"),`
`179`		`- }`
	`168`	`+ pub fn checked_sub_duration(&self, other: &Duration) -> Option<Instant> {`
	`169`	`+ Some(Instant {`
	`170`	`+ t: self.t.checked_sub(checked_dur2intervals(other)?)?,`
	`171`	`+ })`
`180`	`172`	`}`
`181`	`173`	`}`
`182`	`174`
`@@ -199,16 +191,12 @@ mod inner {`
`199`	`191`	`self.t.sub_timespec(&other.t)`
`200`	`192`	`}`
`201`	`193`
`202`		`- pub fn add_duration(&self, other: &Duration) -> SystemTime {`
`203`		`- SystemTime { t: self.t.add_duration(other) }`
`204`		`- }`
`205`		`-`
`206`	`194`	`pub fn checked_add_duration(&self, other: &Duration) -> Option<SystemTime> {`
`207`		`- self.t.checked_add_duration(other).map(\|t\| SystemTime { t })`
	`195`	`+ Some(SystemTime { t: self.t.checked_add_duration(other)? })`
`208`	`196`	`}`
`209`	`197`
`210`		`- pub fn sub_duration(&self, other: &Duration) -> SystemTime {`
`211`		`- SystemTime { t: self.t.sub_duration(other) }`
	`198`	`+ pub fn checked_sub_duration(&self, other: &Duration) -> Option<SystemTime> {`
	`199`	`+ Some(SystemTime { t: self.t.checked_sub_duration(other)? })`
`212`	`200`	`}`
`213`	`201`	`}`
`214`	`202`
`@@ -236,12 +224,12 @@ mod inner {`
`236`	`224`	`}`
`237`	`225`	`}`
`238`	`226`
`239`		`- fn dur2intervals(dur: &Duration) -> u64 {`
	`227`	`+ fn checked_dur2intervals(dur: &Duration) -> Option<u64> {`
	`228`	`+ let nanos = dur.as_secs()`
	`229`	`+ .checked_mul(NSEC_PER_SEC)?`
	`230`	`+ .checked_add(dur.subsec_nanos() as u64)?;`
`240`	`231`	`let info = info();`
`241`		`- let nanos = dur.as_secs().checked_mul(NSEC_PER_SEC).and_then(\|nanos\| {`
`242`		`- nanos.checked_add(dur.subsec_nanos() as u64)`
`243`		`- }).expect("overflow converting duration to nanoseconds");`
`244`		`- mul_div_u64(nanos, info.denom as u64, info.numer as u64)`
	`232`	`+ Some(mul_div_u64(nanos, info.denom as u64, info.numer as u64))`
`245`	`233`	`}`
`246`	`234`
`247`	`235`	`fn info() -> &'static libc::mach_timebase_info {`
`@@ -299,12 +287,12 @@ mod inner {`
`299`	`287`	`})`
`300`	`288`	`}`
`301`	`289`
`302`		`- pub fn add_duration(&self, other: &Duration) -> Instant {`
`303`		`- Instant { t: self.t.add_duration(other) }`
	`290`	`+ pub fn checked_add_duration(&self, other: &Duration) -> Option<Instant> {`
	`291`	`+ Some(Instant { t: self.t.checked_add_duration(other)? })`
`304`	`292`	`}`
`305`	`293`
`306`		`- pub fn sub_duration(&self, other: &Duration) -> Instant {`
`307`		`- Instant { t: self.t.sub_duration(other) }`
	`294`	`+ pub fn checked_sub_duration(&self, other: &Duration) -> Option<Instant> {`
	`295`	`+ Some(Instant { t: self.t.checked_sub_duration(other)? })`
`308`	`296`	`}`
`309`	`297`	`}`
`310`	`298`
`@@ -327,16 +315,12 @@ mod inner {`
`327`	`315`	`self.t.sub_timespec(&other.t)`
`328`	`316`	`}`
`329`	`317`
`330`		`- pub fn add_duration(&self, other: &Duration) -> SystemTime {`
`331`		`- SystemTime { t: self.t.add_duration(other) }`
`332`		`- }`
`333`		`-`
`334`	`318`	`pub fn checked_add_duration(&self, other: &Duration) -> Option<SystemTime> {`
`335`		`- self.t.checked_add_duration(other).map(\|t\| SystemTime { t })`
	`319`	`+ Some(SystemTime { t: self.t.checked_add_duration(other)? })`
`336`	`320`	`}`
`337`	`321`
`338`		`- pub fn sub_duration(&self, other: &Duration) -> SystemTime {`
`339`		`- SystemTime { t: self.t.sub_duration(other) }`
	`322`	`+ pub fn checked_sub_duration(&self, other: &Duration) -> Option<SystemTime> {`
	`323`	`+ Some(SystemTime { t: self.t.checked_sub_duration(other)? })`
`340`	`324`	`}`
`341`	`325`	`}`
`342`	`326`