uuidv7 monotonicity

ryanwinchester · ryanwinchester · commit dccb7f8a0395 · 2025-11-21T16:30:10.000-04:00
diff --git a/lib/ecto/uuid.ex b/lib/ecto/uuid.ex
@@ -34,6 +34,20 @@ defmodule Ecto.UUID do
   """
   @type options :: [version: 4 | 7]
 
+  # The bits available for sub-millisecond fractions when using increased clock
+  # precision.
+  @sub_ms_bits 12
+
+  # The number of values that can be represented in the bit space (2^12).
+  @possible_values Bitwise.bsl(1, @sub_ms_bits)
+
+  # The number of nanoseconds in a millisecond.
+  @ns_per_ms 1_000_000
+
+  # The minimum step when using increased clock precision with fractional
+  # milliseconds.
+  @minimal_step_ns div(@ns_per_ms, @possible_values)
+
   @doc false
   def type, do: :uuid
 
@@ -217,9 +231,9 @@ defmodule Ecto.UUID do
   """
   @spec bingenerate(options) :: raw
   def bingenerate(opts \\ []) do
-    case Keyword.get(opts, :version, @default_version) do
-      4 -> bingenerate_v4()
-      7 -> bingenerate_v7()
+    case Keyword.pop(opts, :version, @default_version) do
+      {4, _opts} -> bingenerate_v4()
+      {7, opts} -> bingenerate_v7(opts)
       version -> raise ArgumentError, "unknown UUID version: #{inspect(version)}"
     end
   end
@@ -229,11 +243,91 @@ defmodule Ecto.UUID do
     <<u0::48, 4::4, u1::12, 2::2, u2::62>>
   end
 
-  defp bingenerate_v7 do
-    milliseconds = System.system_time(:millisecond)
-    <<u0::12, u1::62, _::6>> = :crypto.strong_rand_bytes(10)
+  defp bingenerate_v7(opts) do
+    # From RFC 9562:
+    # Monotonicity (each subsequent value being greater than the last) is the
+    # backbone of time-based sortable UUIDs. Normally, time-based UUIDs will be
+    # monotonic due to an embedded timestamp; however, implementations can
+    # guarantee additional monotonicity via the concepts covered in section 6.2.
+    #
+    # Take care to ensure UUIDs generated in batches are also monotonic. That
+    # is, if one thousand UUIDs are generated for the same timestamp, there
+    # should be sufficient logic for organizing the creation order of those
+    # one thousand UUIDs. Batch UUID creation implementations MAY utilize a
+    # monotonic counter that increments for each UUID created during a given
+    # timestamp.
+    case Keyword.get(opts, :monotonic_method) do
+      # Millisecond granularity only. No monotonic guarantee.
+      nil ->
+        milliseconds = System.system_time(:millisecond)
+        <<rand_a::12, _::6, rand_b::62>> = :crypto.strong_rand_bytes(10)
+        <<milliseconds::48, 7::4, rand_a::12, 2::2, rand_b::62>>
+
+      # For single-node UUID implementations that do not need to create
+      # batches of UUIDs, the embedded timestamp within UUIDv7 can provide
+      # sufficient monotonicity guarantees by simply ensuring that timestamp
+      # increments before creating a new UUID. (RFC9562§6.2)
+      :millisecond ->
+        milliseconds = next_ascending(:millisecond)
+        <<rand_a::12, _::6, rand_b::62>> = :crypto.strong_rand_bytes(10)
+        <<milliseconds::48, 7::4, rand_a::12, 2::2, rand_b::62>>
+
+      # Replace Leftmost Random Bits with Increased Clock Precision (RFC9562§6.2, Method 3):
+      :increased_clock_precision ->
+        nanoseconds = next_ascending(:nanosecond)
+        milliseconds = div(nanoseconds, @ns_per_ms)
+        clock_precision = (rem(nanoseconds, @ns_per_ms) * @possible_values) |> div(@ns_per_ms)
+        <<_rand_a::2, rand_b::62>> = :crypto.strong_rand_bytes(8)
+        <<milliseconds::48, 7::4, clock_precision::12, 2::2, rand_b::62>>
+
+      method ->
+        raise ArgumentError, "invalid monotonic method: #{inspect(method)}"
+    end
+  end
+
+  defp next_ascending(time_unit) when time_unit in [:millisecond, :nanosecond] do
+    timestamp_ref =
+      with nil <- :persistent_term.get({__MODULE__, time_unit}, nil) do
+        timestamp_ref = :atomics.new(1, signed: false)
+        :ok = :persistent_term.put({__MODULE__, time_unit}, timestamp_ref)
+        timestamp_ref
+      end
+
+    step =
+      case time_unit do
+        :millisecond -> 1
+        :nanosecond -> @minimal_step_ns
+      end
+
+    previous_ts = :atomics.get(timestamp_ref, 1)
+    current_ts = System.system_time(time_unit)
+
+    min_step_ts =
+      case time_unit do
+        :millisecond -> current_ts + step
+        :nanosecond -> previous_ts + step
+      end
+
+    # If the current timestamp is not at least the minimal step greater than the
+    # previous step, then we make it so.
+    new_ts =
+      if current_ts > min_step_ts do
+        current_ts
+      else
+        min_step_ts
+      end
+
+    compare_exchange(timestamp_ref, previous_ts, new_ts, step)
+  end
 
-    <<milliseconds::48, 7::4, u0::12, 2::2, u1::62>>
+  defp compare_exchange(timestamp_ref, previous_ts, new_ts, step) do
+    case :atomics.compare_exchange(timestamp_ref, 1, previous_ts, new_ts) do
+      # If the new value was written, then we return it.
+      :ok -> new_ts
+      # If the atomic value has changed in the meantime, we add the minimal step
+      # nanoseconds value to that and try again.
+      updated_ts -> compare_exchange(timestamp_ref, updated_ts, updated_ts + step, step)
+    end
   end
 
   # Callback invoked by autogenerate fields.
