1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170

use std::{
    fmt,
    ops::Sub,
    time::{
        Duration,
        SystemTime,
    },
};

use anyhow::Context;
use derive_more::FromStr;
use serde::Serialize;
use serde_json::json;

/// Database transaction timestamp.
/// This is unique across all transactions.
/// Units are nanoseconds since epoch.
#[derive(Copy, Clone, Debug, PartialEq, PartialOrd, Ord, Eq, FromStr, Hash, Serialize, Default)]
pub struct Timestamp(u64);

impl Timestamp {
    // Some SQL and serialization don't support timestamps > i64::MAX,
    // which is fine to use as an upper bound because real timestamps aren't that
    // high.
    pub const MAX: Self = Self(i64::MAX as u64);
    pub const MIN: Self = Self(0);

    pub fn succ(&self) -> anyhow::Result<Self> {
        if *self >= Self::MAX {
            anyhow::bail!("timestamp {self} already at max");
        }
        Ok(Self(self.0 + 1))
    }

    pub fn pred(&self) -> anyhow::Result<Self> {
        if *self <= Self::MIN {
            anyhow::bail!("timestamp {self} already at min");
        }
        Ok(Self(self.0 - 1))
    }

    pub fn add(&self, duration: Duration) -> anyhow::Result<Self> {
        let nanos = self
            .0
            .checked_add(duration.as_nanos() as u64)
            .context("timestamp {self} + {duration:?} overflow u64")?;

        anyhow::ensure!(
            nanos <= u64::from(Self::MAX),
            "timestamp {self} + {duration:?} overflow i64"
        );

        Ok(Self(nanos))
    }

    pub fn sub(&self, duration: Duration) -> anyhow::Result<Self> {
        let nanos = duration.as_nanos() as u64;
        if self.0 <= nanos {
            anyhow::bail!("timestamp {self} already greater than {duration:?}");
        }
        Ok(Self(self.0 - nanos))
    }

    // This is similar to `self - base` but it works if `self` is before `base`.
    // Since Duration is always positive, `self - base` can overflow.
    pub fn secs_since_f64(self, base: Timestamp) -> f64 {
        if self > base {
            (self - base).as_secs_f64()
        } else {
            -(base - self).as_secs_f64()
        }
    }

    pub fn must(value: i32) -> Self {
        if value < Self::MIN.0 as i32 || value as u64 > Self::MAX.0 {
            panic!("timestamp {value} out of bounds");
        }
        Self(value as u64)
    }
}

impl fmt::Display for Timestamp {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "{}", self.0)
    }
}

impl From<Timestamp> for u64 {
    fn from(ts: Timestamp) -> Self {
        ts.0
    }
}

impl From<Timestamp> for i64 {
    fn from(ts: Timestamp) -> Self {
        // This cast is safe because Timestamp checks bounds on construction.
        ts.0 as i64
    }
}

impl TryFrom<i64> for Timestamp {
    type Error = anyhow::Error;

    fn try_from(value: i64) -> Result<Self, Self::Error> {
        Ok(Timestamp(u64::try_from(value)?))
    }
}

impl TryFrom<u64> for Timestamp {
    type Error = anyhow::Error;

    fn try_from(value: u64) -> Result<Self, Self::Error> {
        if value > Self::MAX.0 {
            anyhow::bail!("ts {value} too large");
        }
        Ok(Timestamp(value))
    }
}

impl TryFrom<SystemTime> for Timestamp {
    type Error = anyhow::Error;

    fn try_from(value: SystemTime) -> Result<Self, Self::Error> {
        let system_ns: u64 = value
            .duration_since(SystemTime::UNIX_EPOCH)
            .context("SystemTime before 1970")?
            .as_nanos()
            .try_into()
            .context("SystemTime past 2262")?;
        Self::try_from(system_ns)
    }
}

impl TryFrom<serde_json::Value> for Timestamp {
    type Error = anyhow::Error;

    fn try_from(value: serde_json::Value) -> Result<Self, Self::Error> {
        let ts = value
            .as_i64()
            .ok_or_else(|| anyhow::anyhow!("value is not timestamp"))?;
        Timestamp::try_from(ts)
    }
}

impl From<Timestamp> for serde_json::Value {
    fn from(ts: Timestamp) -> Self {
        json!(i64::from(ts))
    }
}

#[cfg(any(test, feature = "testing"))]
impl proptest::arbitrary::Arbitrary for Timestamp {
    type Parameters = ();
    type Strategy = proptest::strategy::BoxedStrategy<Self>;

    fn arbitrary_with(_args: Self::Parameters) -> Self::Strategy {
        use proptest::strategy::Strategy;
        (Timestamp::MIN.0..=Timestamp::MAX.0)
            .prop_map(Timestamp)
            .boxed()
    }
}

impl Sub for Timestamp {
    type Output = Duration;

    fn sub(self, rhs: Self) -> Self::Output {
        Duration::from_nanos(self.0 - rhs.0)
    }
}