| // Licensed to the Apache Software Foundation (ASF) under one |
| // or more contributor license agreements. See the NOTICE file |
| // distributed with this work for additional information |
| // regarding copyright ownership. The ASF licenses this file |
| // to you under the Apache License, Version 2.0 (the |
| // "License"); you may not use this file except in compliance |
| // with the License. You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, |
| // software distributed under the License is distributed on an |
| // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| // KIND, either express or implied. See the License for the |
| // specific language governing permissions and limitations |
| // under the License.. |
| |
| //! Temporal quantification. |
| |
| use core::cmp; |
| use core::fmt; |
| use core::ops::{Add, AddAssign, Sub, SubAssign}; |
| use crate::error::Error; |
| use crate::sys::time; |
| use crate::sys_common::FromInner; |
| use crate::sync::SgxThreadMutex; |
| |
| pub use core::time::Duration; |
| |
| /// A measurement of a monotonically nondecreasing clock. |
| /// Opaque and useful only with `Duration`. |
| /// |
| /// Instants are always guaranteed to be no less than any previously measured |
| /// instant when created, and are often useful for tasks such as measuring |
| /// benchmarks or timing how long an operation takes. |
| /// |
| /// Note, however, that instants are not guaranteed to be **steady**. In other |
| /// words, each tick of the underlying clock may not be the same length (e.g. |
| /// some seconds may be longer than others). An instant may jump forwards or |
| /// experience time dilation (slow down or speed up), but it will never go |
| /// backwards. |
| /// |
| /// Instants are opaque types that can only be compared to one another. There is |
| /// no method to get "the number of seconds" from an instant. Instead, it only |
| /// allows measuring the duration between two instants (or comparing two |
| /// instants). |
| /// |
| /// The size of an `Instant` struct may vary depending on the target operating |
| /// system. |
| /// |
| #[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, Hash)] |
| pub struct Instant(time::Instant); |
| |
| /// A measurement of the system clock, useful for talking to |
| /// external entities like the file system or other processes. |
| /// |
| /// Distinct from the [`Instant`] type, this time measurement **is not |
| /// monotonic**. This means that you can save a file to the file system, then |
| /// save another file to the file system, **and the second file has a |
| /// `SystemTime` measurement earlier than the first**. In other words, an |
| /// operation that happens after another operation in real time may have an |
| /// earlier `SystemTime`! |
| /// |
| /// Consequently, comparing two `SystemTime` instances to learn about the |
| /// duration between them returns a [`Result`] instead of an infallible [`Duration`] |
| /// to indicate that this sort of time drift may happen and needs to be handled. |
| /// |
| /// Although a `SystemTime` cannot be directly inspected, the [`UNIX_EPOCH`] |
| /// constant is provided in this module as an anchor in time to learn |
| /// information about a `SystemTime`. By calculating the duration from this |
| /// fixed point in time, a `SystemTime` can be converted to a human-readable time, |
| /// or perhaps some other string representation. |
| /// |
| /// The size of a `SystemTime` struct may vary depending on the target operating |
| /// system. |
| /// |
| #[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, Hash)] |
| pub struct SystemTime(time::SystemTime); |
| |
| /// An error returned from the `duration_since` and `elapsed` methods on |
| /// `SystemTime`, used to learn how far in the opposite direction a system time |
| /// lies. |
| /// |
| #[derive(Clone, Debug)] |
| pub struct SystemTimeError(Duration); |
| |
| impl Instant { |
| /// Returns an instant corresponding to "now". |
| /// |
| #[cfg(feature = "untrusted_time")] |
| pub fn now() -> Instant { |
| Instant::_now() |
| } |
| |
| pub(crate) fn _now() -> Instant { |
| let os_now = time::Instant::now(); |
| |
| // And here we come upon a sad state of affairs. The whole point of |
| // `Instant` is that it's monotonically increasing. We've found in the |
| // wild, however, that it's not actually monotonically increasing for |
| // one reason or another. These appear to be OS and hardware level bugs, |
| // and there's not really a whole lot we can do about them. Here's a |
| // taste of what we've found: |
| // |
| // * #48514 - OpenBSD, x86_64 |
| // * #49281 - linux arm64 and s390x |
| // * #51648 - windows, x86 |
| // * #56560 - windows, x86_64, AWS |
| // * #56612 - windows, x86, vm (?) |
| // * #56940 - linux, arm64 |
| // * https://bugzilla.mozilla.org/show_bug.cgi?id=1487778 - a similar |
| // Firefox bug |
| // |
| // It seems that this just happens a lot in the wild. |
| // We're seeing panics across various platforms where consecutive calls |
| // to `Instant::now`, such as via the `elapsed` function, are panicking |
| // as they're going backwards. Placed here is a last-ditch effort to try |
| // to fix things up. We keep a global "latest now" instance which is |
| // returned instead of what the OS says if the OS goes backwards. |
| // |
| // To hopefully mitigate the impact of this, a few platforms are |
| // whitelisted as "these at least haven't gone backwards yet". |
| if time::Instant::actually_monotonic() { |
| return Instant(os_now); |
| } |
| |
| static LOCK: SgxThreadMutex = SgxThreadMutex::new(); |
| static mut LAST_NOW: time::Instant = time::Instant::zero(); |
| unsafe { |
| let r = LOCK.lock(); |
| let now = if r.is_ok() { |
| let now = cmp::max(LAST_NOW, os_now); |
| LAST_NOW = now; |
| LOCK.unlock(); |
| now |
| } else { |
| os_now |
| }; |
| Instant(now) |
| } |
| } |
| |
| /// Returns the amount of time elapsed from another instant to this one. |
| /// |
| /// # Panics |
| /// |
| /// This function will panic if `earlier` is later than `self`. |
| /// |
| pub fn duration_since(&self, earlier: Instant) -> Duration { |
| self.0.checked_sub_instant(&earlier.0).expect("supplied instant is later than self") |
| } |
| |
| /// Returns the amount of time elapsed from another instant to this one, |
| /// or None if that instant is later than this one. |
| /// |
| pub fn checked_duration_since(&self, earlier: Instant) -> Option<Duration> { |
| self.0.checked_sub_instant(&earlier.0) |
| } |
| |
| /// Returns the amount of time elapsed from another instant to this one, |
| /// or zero duration if that instant is later than this one. |
| /// |
| pub fn saturating_duration_since(&self, earlier: Instant) -> Duration { |
| self.checked_duration_since(earlier).unwrap_or(Duration::new(0, 0)) |
| } |
| |
| /// Returns the amount of time elapsed since this instant was created. |
| /// |
| /// # Panics |
| /// |
| /// This function may panic if the current time is earlier than this |
| /// instant, which is something that can happen if an `Instant` is |
| /// produced synthetically. |
| /// |
| #[cfg(feature = "untrusted_time")] |
| pub fn elapsed(&self) -> Duration { |
| Instant::now() - *self |
| } |
| |
| /// Returns `Some(t)` where `t` is the time `self + duration` if `t` can be represented as |
| /// `Instant` (which means it's inside the bounds of the underlying data structure), `None` |
| /// otherwise. |
| pub fn checked_add(&self, duration: Duration) -> Option<Instant> { |
| self.0.checked_add_duration(&duration).map(Instant) |
| } |
| |
| /// Returns `Some(t)` where `t` is the time `self - duration` if `t` can be represented as |
| /// `Instant` (which means it's inside the bounds of the underlying data structure), `None` |
| /// otherwise. |
| pub fn checked_sub(&self, duration: Duration) -> Option<Instant> { |
| self.0.checked_sub_duration(&duration).map(Instant) |
| } |
| |
| /// Return a tup (sec, nsec) |
| /// |
| pub fn get_tup(&self) -> (i64, i64) { |
| self.0.get_tup() |
| } |
| } |
| |
| impl Add<Duration> for Instant { |
| type Output = Instant; |
| |
| /// # Panics |
| /// |
| /// This function may panic if the resulting point in time cannot be represented by the |
| /// underlying data structure. See [`checked_add`] for a version without panic. |
| /// |
| /// [`checked_add`]: ../../std/time/struct.Instant.html#method.checked_add |
| fn add(self, other: Duration) -> Instant { |
| self.checked_add(other).expect("overflow when adding duration to instant") |
| } |
| } |
| |
| impl AddAssign<Duration> for Instant { |
| fn add_assign(&mut self, other: Duration) { |
| *self = *self + other; |
| } |
| } |
| |
| impl Sub<Duration> for Instant { |
| type Output = Instant; |
| |
| fn sub(self, other: Duration) -> Instant { |
| self.checked_sub(other).expect("overflow when subtracting duration from instant") |
| } |
| } |
| |
| impl SubAssign<Duration> for Instant { |
| fn sub_assign(&mut self, other: Duration) { |
| *self = *self - other; |
| } |
| } |
| |
| impl Sub<Instant> for Instant { |
| type Output = Duration; |
| |
| fn sub(self, other: Instant) -> Duration { |
| self.duration_since(other) |
| } |
| } |
| |
| impl fmt::Debug for Instant { |
| fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { |
| self.0.fmt(f) |
| } |
| } |
| |
| impl SystemTime { |
| /// An anchor in time which can be used to create new `SystemTime` instances or |
| /// learn about where in time a `SystemTime` lies. |
| /// |
| /// This constant is defined to be "1970-01-01 00:00:00 UTC" on all systems with |
| /// respect to the system clock. Using `duration_since` on an existing |
| /// `SystemTime` instance can tell how far away from this point in time a |
| /// measurement lies, and using `UNIX_EPOCH + duration` can be used to create a |
| /// `SystemTime` instance to represent another fixed point in time. |
| /// |
| pub const UNIX_EPOCH: SystemTime = UNIX_EPOCH; |
| |
| /// Returns the system time corresponding to "now". |
| /// |
| #[cfg(feature = "untrusted_time")] |
| pub fn now() -> SystemTime { |
| SystemTime::_now() |
| } |
| |
| pub(crate) fn _now() -> SystemTime { |
| SystemTime(time::SystemTime::now()) |
| } |
| |
| /// Returns the amount of time elapsed from an earlier point in time. |
| /// |
| /// This function may fail because measurements taken earlier are not |
| /// guaranteed to always be before later measurements (due to anomalies such |
| /// as the system clock being adjusted either forwards or backwards). |
| /// [`Instant`] can be used to measure elapsed time without this risk of failure. |
| /// |
| /// If successful, [`Ok`]`(`[`Duration`]`)` is returned where the duration represents |
| /// the amount of time elapsed from the specified measurement to this one. |
| /// |
| /// Returns an [`Err`] if `earlier` is later than `self`, and the error |
| /// contains how far from `self` the time is. |
| /// |
| /// [`Ok`]: ../../std/result/enum.Result.html#variant.Ok |
| /// [`Duration`]: ../../std/time/struct.Duration.html |
| /// [`Err`]: ../../std/result/enum.Result.html#variant.Err |
| /// [`Instant`]: ../../std/time/struct.Instant.html |
| /// |
| pub fn duration_since(&self, earlier: SystemTime) -> Result<Duration, SystemTimeError> { |
| self.0.sub_time(&earlier.0).map_err(SystemTimeError) |
| } |
| |
| /// Returns the difference between the clock time when this |
| /// system time was created, and the current clock time. |
| /// |
| /// This function may fail as the underlying system clock is susceptible to |
| /// drift and updates (e.g., the system clock could go backwards), so this |
| /// function may not always succeed. If successful, [`Ok`]`(`[`Duration`]`)` is |
| /// returned where the duration represents the amount of time elapsed from |
| /// this time measurement to the current time. |
| /// |
| /// To measure elapsed time reliably, use [`Instant`] instead. |
| /// |
| /// Returns an [`Err`] if `self` is later than the current system time, and |
| /// the error contains how far from the current system time `self` is. |
| /// |
| /// [`Ok`]: ../../std/result/enum.Result.html#variant.Ok |
| /// [`Duration`]: ../../std/time/struct.Duration.html |
| /// [`Err`]: ../../std/result/enum.Result.html#variant.Err |
| /// [`Instant`]: ../../std/time/struct.Instant.html |
| /// |
| #[cfg(feature = "untrusted_time")] |
| pub fn elapsed(&self) -> Result<Duration, SystemTimeError> { |
| SystemTime::now().duration_since(*self) |
| } |
| |
| /// Returns `Some(t)` where `t` is the time `self + duration` if `t` can be represented as |
| /// `SystemTime` (which means it's inside the bounds of the underlying data structure), `None` |
| /// otherwise. |
| pub fn checked_add(&self, duration: Duration) -> Option<SystemTime> { |
| self.0.checked_add_duration(&duration).map(SystemTime) |
| } |
| |
| /// Returns `Some(t)` where `t` is the time `self - duration` if `t` can be represented as |
| /// `SystemTime` (which means it's inside the bounds of the underlying data structure), `None` |
| /// otherwise. |
| pub fn checked_sub(&self, duration: Duration) -> Option<SystemTime> { |
| self.0.checked_sub_duration(&duration).map(SystemTime) |
| } |
| |
| /// Return a tup (sec, nsec) |
| /// |
| pub fn get_tup(&self) -> (i64, i64) { |
| self.0.get_tup() |
| } |
| } |
| |
| impl Add<Duration> for SystemTime { |
| type Output = SystemTime; |
| |
| /// # Panics |
| /// |
| /// This function may panic if the resulting point in time cannot be represented by the |
| /// underlying data structure. See [`checked_add`] for a version without panic. |
| /// |
| /// [`checked_add`]: ../../std/time/struct.SystemTime.html#method.checked_add |
| fn add(self, dur: Duration) -> SystemTime { |
| self.checked_add(dur).expect("overflow when adding duration to instant") |
| } |
| } |
| |
| impl AddAssign<Duration> for SystemTime { |
| fn add_assign(&mut self, other: Duration) { |
| *self = *self + other; |
| } |
| } |
| |
| impl Sub<Duration> for SystemTime { |
| type Output = SystemTime; |
| |
| fn sub(self, dur: Duration) -> SystemTime { |
| self.checked_sub(dur).expect("overflow when subtracting duration from instant") |
| } |
| } |
| |
| impl SubAssign<Duration> for SystemTime { |
| fn sub_assign(&mut self, other: Duration) { |
| *self = *self - other; |
| } |
| } |
| |
| impl fmt::Debug for SystemTime { |
| fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { |
| self.0.fmt(f) |
| } |
| } |
| |
| /// An anchor in time which can be used to create new `SystemTime` instances or |
| /// learn about where in time a `SystemTime` lies. |
| /// |
| /// This constant is defined to be "1970-01-01 00:00:00 UTC" on all systems with |
| /// respect to the system clock. Using `duration_since` on an existing |
| /// [`SystemTime`] instance can tell how far away from this point in time a |
| /// measurement lies, and using `UNIX_EPOCH + duration` can be used to create a |
| /// [`SystemTime`] instance to represent another fixed point in time. |
| /// |
| /// [`SystemTime`]: ../../std/time/struct.SystemTime.html |
| /// |
| pub const UNIX_EPOCH: SystemTime = SystemTime(time::UNIX_EPOCH); |
| |
| impl SystemTimeError { |
| /// Returns the positive duration which represents how far forward the |
| /// second system time was from the first. |
| /// |
| /// A `SystemTimeError` is returned from the [`duration_since`] and [`elapsed`] |
| /// methods of [`SystemTime`] whenever the second system time represents a point later |
| /// in time than the `self` of the method call. |
| /// |
| /// [`duration_since`]: ../../std/time/struct.SystemTime.html#method.duration_since |
| /// [`elapsed`]: ../../std/time/struct.SystemTime.html#method.elapsed |
| /// [`SystemTime`]: ../../std/time/struct.SystemTime.html |
| /// |
| pub fn duration(&self) -> Duration { |
| self.0 |
| } |
| } |
| |
| impl Error for SystemTimeError { |
| fn description(&self) -> &str { |
| "other time was not earlier than self" |
| } |
| } |
| |
| impl fmt::Display for SystemTimeError { |
| fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { |
| write!(f, "second time provided was later than self") |
| } |
| } |
| |
| impl FromInner<time::SystemTime> for SystemTime { |
| fn from_inner(time: time::SystemTime) -> SystemTime { |
| SystemTime(time) |
| } |
| } |