std/sys/pal/unix/
time.rs

1use core::num::niche_types::Nanoseconds;
2
3use crate::time::Duration;
4use crate::{fmt, io};
5
6const NSEC_PER_SEC: u64 = 1_000_000_000;
7pub const UNIX_EPOCH: SystemTime = SystemTime { t: Timespec::zero() };
8#[allow(dead_code)] // Used for pthread condvar timeouts
9pub const TIMESPEC_MAX: libc::timespec =
10    libc::timespec { tv_sec: <libc::time_t>::MAX, tv_nsec: 1_000_000_000 - 1 };
11
12// This additional constant is only used when calling
13// `libc::pthread_cond_timedwait`.
14#[cfg(target_os = "nto")]
15pub(in crate::sys) const TIMESPEC_MAX_CAPPED: libc::timespec = libc::timespec {
16    tv_sec: (u64::MAX / NSEC_PER_SEC) as i64,
17    tv_nsec: (u64::MAX % NSEC_PER_SEC) as i64,
18};
19
20#[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, Hash)]
21pub struct SystemTime {
22    pub(crate) t: Timespec,
23}
24
25#[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, Hash)]
26pub(crate) struct Timespec {
27    tv_sec: i64,
28    tv_nsec: Nanoseconds,
29}
30
31impl SystemTime {
32    #[cfg_attr(any(target_os = "horizon", target_os = "hurd"), allow(unused))]
33    pub fn new(tv_sec: i64, tv_nsec: i64) -> Result<SystemTime, io::Error> {
34        Ok(SystemTime { t: Timespec::new(tv_sec, tv_nsec)? })
35    }
36
37    pub fn now() -> SystemTime {
38        SystemTime { t: Timespec::now(libc::CLOCK_REALTIME) }
39    }
40
41    pub fn sub_time(&self, other: &SystemTime) -> Result<Duration, Duration> {
42        self.t.sub_timespec(&other.t)
43    }
44
45    pub fn checked_add_duration(&self, other: &Duration) -> Option<SystemTime> {
46        Some(SystemTime { t: self.t.checked_add_duration(other)? })
47    }
48
49    pub fn checked_sub_duration(&self, other: &Duration) -> Option<SystemTime> {
50        Some(SystemTime { t: self.t.checked_sub_duration(other)? })
51    }
52}
53
54impl fmt::Debug for SystemTime {
55    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
56        f.debug_struct("SystemTime")
57            .field("tv_sec", &self.t.tv_sec)
58            .field("tv_nsec", &self.t.tv_nsec)
59            .finish()
60    }
61}
62
63impl Timespec {
64    const unsafe fn new_unchecked(tv_sec: i64, tv_nsec: i64) -> Timespec {
65        Timespec { tv_sec, tv_nsec: unsafe { Nanoseconds::new_unchecked(tv_nsec as u32) } }
66    }
67
68    pub const fn zero() -> Timespec {
69        unsafe { Self::new_unchecked(0, 0) }
70    }
71
72    const fn new(tv_sec: i64, tv_nsec: i64) -> Result<Timespec, io::Error> {
73        // On Apple OS, dates before epoch are represented differently than on other
74        // Unix platforms: e.g. 1/10th of a second before epoch is represented as `seconds=-1`
75        // and `nanoseconds=100_000_000` on other platforms, but is `seconds=0` and
76        // `nanoseconds=-900_000_000` on Apple OS.
77        //
78        // To compensate, we first detect this special case by checking if both
79        // seconds and nanoseconds are in range, and then correct the value for seconds
80        // and nanoseconds to match the common unix representation.
81        //
82        // Please note that Apple OS nonetheless accepts the standard unix format when
83        // setting file times, which makes this compensation round-trippable and generally
84        // transparent.
85        #[cfg(target_vendor = "apple")]
86        let (tv_sec, tv_nsec) =
87            if (tv_sec <= 0 && tv_sec > i64::MIN) && (tv_nsec < 0 && tv_nsec > -1_000_000_000) {
88                (tv_sec - 1, tv_nsec + 1_000_000_000)
89            } else {
90                (tv_sec, tv_nsec)
91            };
92        if tv_nsec >= 0 && tv_nsec < NSEC_PER_SEC as i64 {
93            Ok(unsafe { Self::new_unchecked(tv_sec, tv_nsec) })
94        } else {
95            Err(io::const_error!(io::ErrorKind::InvalidData, "invalid timestamp"))
96        }
97    }
98
99    // FIXME(#115199): Rust currently omits weak function definitions
100    // and its metadata from LLVM IR.
101    #[cfg_attr(
102        all(
103            target_os = "linux",
104            target_env = "gnu",
105            target_pointer_width = "32",
106            not(target_arch = "riscv32")
107        ),
108        no_sanitize(cfi)
109    )]
110    pub fn now(clock: libc::clockid_t) -> Timespec {
111        use crate::mem::MaybeUninit;
112        use crate::sys::cvt;
113
114        // Try to use 64-bit time in preparation for Y2038.
115        #[cfg(all(
116            target_os = "linux",
117            target_env = "gnu",
118            target_pointer_width = "32",
119            not(target_arch = "riscv32")
120        ))]
121        {
122            use crate::sys::weak::weak;
123
124            // __clock_gettime64 was added to 32-bit arches in glibc 2.34,
125            // and it handles both vDSO calls and ENOSYS fallbacks itself.
126            weak!(fn __clock_gettime64(libc::clockid_t, *mut __timespec64) -> libc::c_int);
127
128            if let Some(clock_gettime64) = __clock_gettime64.get() {
129                let mut t = MaybeUninit::uninit();
130                cvt(unsafe { clock_gettime64(clock, t.as_mut_ptr()) }).unwrap();
131                let t = unsafe { t.assume_init() };
132                return Timespec::new(t.tv_sec as i64, t.tv_nsec as i64).unwrap();
133            }
134        }
135
136        let mut t = MaybeUninit::uninit();
137        cvt(unsafe { libc::clock_gettime(clock, t.as_mut_ptr()) }).unwrap();
138        let t = unsafe { t.assume_init() };
139        Timespec::new(t.tv_sec as i64, t.tv_nsec as i64).unwrap()
140    }
141
142    pub fn sub_timespec(&self, other: &Timespec) -> Result<Duration, Duration> {
143        if self >= other {
144            // NOTE(eddyb) two aspects of this `if`-`else` are required for LLVM
145            // to optimize it into a branchless form (see also #75545):
146            //
147            // 1. `self.tv_sec - other.tv_sec` shows up as a common expression
148            //    in both branches, i.e. the `else` must have its `- 1`
149            //    subtraction after the common one, not interleaved with it
150            //    (it used to be `self.tv_sec - 1 - other.tv_sec`)
151            //
152            // 2. the `Duration::new` call (or any other additional complexity)
153            //    is outside of the `if`-`else`, not duplicated in both branches
154            //
155            // Ideally this code could be rearranged such that it more
156            // directly expresses the lower-cost behavior we want from it.
157            let (secs, nsec) = if self.tv_nsec.as_inner() >= other.tv_nsec.as_inner() {
158                (
159                    (self.tv_sec - other.tv_sec) as u64,
160                    self.tv_nsec.as_inner() - other.tv_nsec.as_inner(),
161                )
162            } else {
163                (
164                    (self.tv_sec - other.tv_sec - 1) as u64,
165                    self.tv_nsec.as_inner() + (NSEC_PER_SEC as u32) - other.tv_nsec.as_inner(),
166                )
167            };
168
169            Ok(Duration::new(secs, nsec))
170        } else {
171            match other.sub_timespec(self) {
172                Ok(d) => Err(d),
173                Err(d) => Ok(d),
174            }
175        }
176    }
177
178    pub fn checked_add_duration(&self, other: &Duration) -> Option<Timespec> {
179        let mut secs = self.tv_sec.checked_add_unsigned(other.as_secs())?;
180
181        // Nano calculations can't overflow because nanos are <1B which fit
182        // in a u32.
183        let mut nsec = other.subsec_nanos() + self.tv_nsec.as_inner();
184        if nsec >= NSEC_PER_SEC as u32 {
185            nsec -= NSEC_PER_SEC as u32;
186            secs = secs.checked_add(1)?;
187        }
188        Some(unsafe { Timespec::new_unchecked(secs, nsec.into()) })
189    }
190
191    pub fn checked_sub_duration(&self, other: &Duration) -> Option<Timespec> {
192        let mut secs = self.tv_sec.checked_sub_unsigned(other.as_secs())?;
193
194        // Similar to above, nanos can't overflow.
195        let mut nsec = self.tv_nsec.as_inner() as i32 - other.subsec_nanos() as i32;
196        if nsec < 0 {
197            nsec += NSEC_PER_SEC as i32;
198            secs = secs.checked_sub(1)?;
199        }
200        Some(unsafe { Timespec::new_unchecked(secs, nsec.into()) })
201    }
202
203    #[allow(dead_code)]
204    pub fn to_timespec(&self) -> Option<libc::timespec> {
205        Some(libc::timespec {
206            tv_sec: self.tv_sec.try_into().ok()?,
207            tv_nsec: self.tv_nsec.as_inner().try_into().ok()?,
208        })
209    }
210
211    // On QNX Neutrino, the maximum timespec for e.g. pthread_cond_timedwait
212    // is 2^64 nanoseconds
213    #[cfg(target_os = "nto")]
214    pub(in crate::sys) fn to_timespec_capped(&self) -> Option<libc::timespec> {
215        // Check if timeout in nanoseconds would fit into an u64
216        if (self.tv_nsec.as_inner() as u64)
217            .checked_add((self.tv_sec as u64).checked_mul(NSEC_PER_SEC)?)
218            .is_none()
219        {
220            return None;
221        }
222        self.to_timespec()
223    }
224
225    #[cfg(all(
226        target_os = "linux",
227        target_env = "gnu",
228        target_pointer_width = "32",
229        not(target_arch = "riscv32")
230    ))]
231    pub fn to_timespec64(&self) -> __timespec64 {
232        __timespec64::new(self.tv_sec, self.tv_nsec.as_inner() as _)
233    }
234}
235
236#[cfg(all(
237    target_os = "linux",
238    target_env = "gnu",
239    target_pointer_width = "32",
240    not(target_arch = "riscv32")
241))]
242#[repr(C)]
243pub(crate) struct __timespec64 {
244    pub(crate) tv_sec: i64,
245    #[cfg(target_endian = "big")]
246    _padding: i32,
247    pub(crate) tv_nsec: i32,
248    #[cfg(target_endian = "little")]
249    _padding: i32,
250}
251
252#[cfg(all(
253    target_os = "linux",
254    target_env = "gnu",
255    target_pointer_width = "32",
256    not(target_arch = "riscv32")
257))]
258impl __timespec64 {
259    pub(crate) fn new(tv_sec: i64, tv_nsec: i32) -> Self {
260        Self { tv_sec, tv_nsec, _padding: 0 }
261    }
262}
263
264#[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, Hash)]
265pub struct Instant {
266    t: Timespec,
267}
268
269impl Instant {
270    pub fn now() -> Instant {
271        // https://www.manpagez.com/man/3/clock_gettime/
272        //
273        // CLOCK_UPTIME_RAW   clock that increments monotonically, in the same man-
274        //                    ner as CLOCK_MONOTONIC_RAW, but that does not incre-
275        //                    ment while the system is asleep.  The returned value
276        //                    is identical to the result of mach_absolute_time()
277        //                    after the appropriate mach_timebase conversion is
278        //                    applied.
279        //
280        // Instant on macos was historically implemented using mach_absolute_time;
281        // we preserve this value domain out of an abundance of caution.
282        #[cfg(target_vendor = "apple")]
283        const clock_id: libc::clockid_t = libc::CLOCK_UPTIME_RAW;
284        #[cfg(not(target_vendor = "apple"))]
285        const clock_id: libc::clockid_t = libc::CLOCK_MONOTONIC;
286        Instant { t: Timespec::now(clock_id) }
287    }
288
289    pub fn checked_sub_instant(&self, other: &Instant) -> Option<Duration> {
290        self.t.sub_timespec(&other.t).ok()
291    }
292
293    pub fn checked_add_duration(&self, other: &Duration) -> Option<Instant> {
294        Some(Instant { t: self.t.checked_add_duration(other)? })
295    }
296
297    pub fn checked_sub_duration(&self, other: &Duration) -> Option<Instant> {
298        Some(Instant { t: self.t.checked_sub_duration(other)? })
299    }
300}
301
302impl fmt::Debug for Instant {
303    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
304        f.debug_struct("Instant")
305            .field("tv_sec", &self.t.tv_sec)
306            .field("tv_nsec", &self.t.tv_nsec)
307            .finish()
308    }
309}