Suggest less bug-prone construction of Duration in docs

[BenWiederhake]

std::time::Duration has a well-known quirk: Duration::as_nanos() returns u128 [1], but Duration::from_nanos() takes u64 [2]. So these methods cannot easily roundtrip [3]. It is not possible to simply accept u128 in from_nanos [4], because it requires breaking other API [5].

It seems to me that callers have basically only two options:

1. Duration::from_nanos(d.as_nanos() as u64), which is the "obvious" and buggy approach.
2. Duration::new(d.as_secs(), d.subsecs_nanos()), which only becomes apparent after reading and digesting the entire Duration struct documentation.

I suggest that the documentation of from_nanos is changed to make option 2 more easily discoverable.

There are two major usecases for this:

• "Weird math" operations that should not be supported directly by Duration, like squaring.
• "Disconnected roundtrips", where the u128 value is passed through various other stack frames, and perhaps reconstructed into a Duration on a different machine.

In both cases, it seems like a good idea to not tempt people into thinking "Eh, u64 is good enough, what could possibly go wrong!". That's why I want to add a note that points out the similarly-easy and safe way to reconstruct a Duration.

[1] https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.as_nanos
[2] https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.from_nanos
[3] https://play.rust-lang.org/?version=stable&mode=debug&edition=2021&gist=fa6bab2b6b72f20c14b5243610ea1dde
[4] #103332
[5] #51107 (comment)

[rustbot]

r? @joshtriplett

(rustbot has picked a reviewer for you, use r? to override)

[the8472]

It seems to me that callers have basically only two options:

You can also split the u128 with a division and modulo and feed that to new. Not very efficient, but simple to write.

[BenWiederhake]

That's exactly what as_secs() and subsecs_nanos() do, just with the possibility of getting it wrong, and also with suspicious casts. That's why I suggest as_secs() and subsecs_nanos(). :)

[joshtriplett]

This is certainly the right approach for if you need to round-trip Duration through numeric types. It'd help to clarify with something like "and you cannot copy the Duration itself".

[BenWiederhake]

I included your suggested rewording and rebased to current master.

[ChrisDenton]

I wonder if this would be better phrased as an example? So you can show that d.clone() is the same as Duration::new(d.as_secs(), d.subsec_nanos()).

[BenWiederhake]

My main point is to make sure that readers informed that and why the obvious approach is wrong. Playing it down as an example does not do it justice. However, I could certainly add an example. What does @joshtriplett think?

[BenWiederhake]

Changes since last push:

• Fix a typo in the "suggestion" code – Thanks @ChrisDenton!
• Rebased on current master

[joshtriplett]

@bors r+

This seems reasonable to me.

Separate from this, it might make sense to add a from_nanos_u128.

[bors]

📌 Commit 27ba1c1 has been approved by joshtriplett

It is now in the queue for this repository.

[joshtriplett]

@bors rollup

[BenWiederhake]

from_nanos_u128 would need to be fallible, because Duration only has a bit less than 96 bits of internal storage. Due to that hassle, I question whether try_from_nanos_u128 is really needed.