asomers
commented
3 weeks ago The problem is that a Unix Timespec can't represent times greater than i64::MAX seconds. Saturating the conversion would be bad, because then subtracting two TimeSpecs that were produced by TimeSpec::from_duration wouldn't be guaranteed to give the correct answer. Arguably, what Nix ought to do would be to provide TimeSpec::from_instant(i: std::time::Instant) instead of from_duration, because std::time::Instant actually uses a TimeSpec under the hood. And perhaps a TryFrom<Duration> impl, too.
sirhcel
When creating a
TimeSpecfrom astd::time::Durationwith more thanlibc::time_tseconds, the resulting value might be negative and will no longer preserve monotonicity with respect to the input duration. This happens to the integer casting inTimeSpec::from_duration.See this example on Rust Playground.
I learned about this behavior through errors for negative timeouts from
ppollon Linux at runtime (https://github.com/serialport/serialport-rs/issues/207). I did not expect this for the "porcellain" typeDurationand the docs did not hint at it. And likely other users of the "porcellain" as well. When manually converting to the "plumbing" typetime_tI wold have looked deeper into the nitty gritty integer casts and cared for this case by saturating.So shouldn't
TimeSpec::from_durationpreserve monotonicity? Isn't an inaccurate but still largeTimeSpecless surprising?