@@ -464,7 +464,7 @@ protected function getTimeAndDelay( $lockFile, $clockSeqSize, $counterSize, $off
464464 // cannot increment further, because the formatted ID would not have enough
465465 // bits to fit the counter.
466466 //
467- // To orchestrate this between independant PHP processes on the same hosts ,
467+ // To orchestrate this between independent PHP processes on the same host ,
468468 // we must have a common sense of time so that we only have to maintain
469469 // a single counter in a single lock file.
470470 //
@@ -473,31 +473,31 @@ protected function getTimeAndDelay( $lockFile, $clockSeqSize, $counterSize, $off
473473 // * Some other clock can be observed via microtime(), which also offers
474474 // millisecond precision.
475475 // * microtime() drifts in-process further and further away from the system
476- // clock the longer the longer the process runs for.
476+ // clock the longer a process runs for.
477477 // For example, on 2018-10-03 an HHVM 3.18 JobQueue process at WMF,
478- // that ran for 9 min 55 sec, drifted 7 seconds.
479- // The drift is immediate for processes running while the system clock changes.
478+ // that ran for 9 min 55 sec, microtime drifted by 7 seconds.
480479 // time() does not have this problem. See https://bugs.php.net/bug.php?id=42659.
481480 //
482481 // We have two choices:
483482 //
484483 // 1. Use microtime() with the following caveats:
485- // - The last stored time may be in the future, or our current time
486- // may be in the past, in which case we'll frequently enter the slow
487- // timeWaitUntil() method to try and "sync" the current process with
488- // the previous process. We mustn't block for long though, max 10ms?
489- // - For any drift above 10ms, we pretend that the clock went backwards,
490- // and treat it the same way as after an NTP sync, by incrementing clock
491- // sequence instead. Given this rolls over automatically and silently
492- // and is meant to be rare, this is essentially sacrifices a reasonable
493- // guarantee of uniqueness.
494- // - For long running processes (e.g. longer than a few seconds) the drift
495- // can easily be more than 2 seconds. Because we only have a single lock
496- // file and don't want to keep too many counters and deal with clearing
497- // those, we fatal the user and refuse to make an ID. (T94522)
498- // 2. Use time() and expand the counter by 1000x and use the first digits
499- // as if they are the millisecond fraction of the timestamp.
500- // Known caveats or perf impact: None.
484+ // - The last stored time may be in the future, or our current time may be in the
485+ // past, in which case we'll frequently enter the slow timeWaitUntil() method to
486+ // try and "sync" the current process with the previous process.
487+ // We mustn't block for long though, max 10ms?
488+ // - For any drift above 10ms, we pretend that the clock went backwards, and treat
489+ // it the same way as after an NTP sync, by incrementing clock sequence instead.
490+ // Given the sequence rolls over automatically, and silently, and is meant to be
491+ // rare, this is essentially sacrifices a reasonable guarantee of uniqueness.
492+ // - For long running processes (e.g. longer than a few seconds) the drift can
493+ // easily be more than 2 seconds. Because we only have a single lock file
494+ // and don't want to keep too many counters and deal with clearing those,
495+ // we fatal the user and refuse to make an ID. (T94522)
496+ // - This offers terrible service availability.
497+ // 2. Use time() instead, and expand the counter size by 1000x and use its
498+ // digits as if they were the millisecond fraction of our timestamp.
499+ // Known caveats or perf impact: None. We still need to read-write our
500+ // lock file on each generation, so might as well make the most of it.
501501 //
502502 // We choose the latter.
503503 $ msecCounterSize$ counterSize1000 ;
0 commit comments