search

rust-lang / rust

Empowering everyone to build reliable and efficient software.
https://www.rust-lang.org
Other
99.13k stars 12.8k forks source link

Deprecate `std::time::Instant::saturating_duration_since()`? #133525

Open cher-nov opened 5 days ago

cher-nov commented 5 days ago

As previously suggested here: https://github.com/rust-lang/rust/pull/84448#issuecomment-944421516

Starting from #89926, std::time::Instant::duration_since() effectively does the same thing as the later introduced std::time::Instant::saturating_duration_since() (they are now literally identical). Given that this was a possibly breaking change that has already passed, I propose the latter function for deprecation and subsequent removal, as it currently creates the false ambiguity.

The only objection I see is that the current state of affairs allows to bring back panic! in the future, as mentioned in a comment here: https://doc.rust-lang.org/1.82.0/src/std/time.rs.html#143-144

CodesInChaos commented 3 days ago

I think the semantic difference between these is worth preserving:

When you call duration_since, you say "if later comes before earlier, that's a monotonicity bug". On the other hand it's fine to call saturating_duration_since() if you're not certain which timestamp is supposed to be earlier.

Besides re-introducing the panic, it could be possible to introduce some kind of warning mechanism in the future. Either via specific callback that can be registed, or via a generic warning mechanism.

cher-nov commented 2 days ago

I think the semantic difference between these is worth preserving:

When you call duration_since, you say "if later comes before earlier, that's a monotonicity bug". On the other hand it's fine to call saturating_duration_since() if you're not certain which timestamp is supposed to be earlier.

I disagree. The problem here is that this semantic difference is not backed up or guaranteed by anything, and therefore can only be implied. Which in itself is not necessary, and therefore ephemeral - using saturating_duration_since() with an explanatory comment thus becomes indistinguishable from duration_since().

Besides re-introducing the panic, it could be possible to introduce some kind of warning mechanism in the future. Either via specific callback that can be registed, or via a generic warning mechanism.

This will require a different signature anyway, and therefore a different function - say, checked_duration_since().