REVIEW ME Avoid overflow from 64-bit A * B / C in std::sys::windows::time.

pnkfelix · pnkfelix · commit e6da3e6da4e0 · 2015-02-25T09:09:58.000+01:00
I should check if this method for "safer" multiplication by a ratio is
already provided somewhere in `core::num`.  (And if not, add it.)

Also, I should look into whether I have any better options here, and
whether I should just be calling the WrappingOps or OverflowingOps
anyway. But this should serve for the short term.
diff --git a/src/libstd/sys/windows/time.rs b/src/libstd/sys/windows/time.rs
@@ -24,7 +24,33 @@ impl SteadyTime {
     }
 
     pub fn ns(&self) -> u64 {
-        self.t as u64 * 1_000_000_000 / frequency() as u64
+        // Want to multiply self.t by the ratio `1_000_000_000 / frequency()`,
+        // but want to avoid overflow on the multiply.
+        // Solution: split self.t into separate high- and low-order parts:
+        // T = A * 2^32 + B
+        //
+        // (A * 2^32   +   B) * G / F
+        // =
+        // A * G / F * 2^32   +   B * G / F
+        // =
+        // (A * G div F + A * G rem F / F) * 2^32  +  B * G / F
+        // =
+        // A * G div F * 2^32  +  A * G rem F * 2^32 / F  +  B * G / F
+        // =
+        // A * G div F * 2^32  +  (A * G rem F * 2^32  +  B * G) / F
+        // ~~~~~~~~~~~~~~~~~~     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+        // hi                     lo
+
+        let f = frequency() as u64;
+        let g = 1_000_000_000;
+        let a = (self.t as u64) >> 32;
+        let b = (self.t as u64) & 0xFFFF_FFFF;
+        let ag = a * g;
+
+        let hi = ag / f << 32;
+        let lo = ((ag % f << 32) + b * g) / f;
+
+        hi + lo
     }
 }
 
