Timestamping (computing)

In computing, timestamping refers to the use of an electronic timestamp to provide a temporal order among a set of events. Timestamping techniques are used in a variety of computing fields, from network management and computer security to concurrency control.^[1]^[2] For instance, a heartbeat network uses timestamping to monitor the nodes on a high availability computer cluster.^[3] Timestamping computer files (updating the timestamp in the per-file metadata every time a file is modified) makes it possible to use efficient build automation tools.

Types of timestamp

Timestamps in computing fall into several distinct categories:

Wall-clock timestamps: Derived from a real-time clock and represent calendar time. The Unix timestamp, defined as the number of non-leap seconds elapsed since 1 January 1970 00:00:00 UTC, is the most widely used representation. It is stored as a 32-bit signed integer in many legacy systems (overflowing in 2038, the Year 2038 problem) and as a 64-bit integer or a double-precision floating-point value in modern systems.

Monotonic timestamps: Derived from a clock that only moves forward and is not affected by calendar adjustments (e.g. NTP slewing or daylight-saving changes). Used for measuring elapsed time within a single process or machine. POSIX provides CLOCK_MONOTONIC; Windows provides QueryPerformanceCounter.

Logical timestamps: Abstract counters that capture causal ordering without reference to wall time. Lamport timestamps assign a counter to each event such that if event A causally precedes event B, A's counter is lower than B's. Vector clocks extend this to track causality across multiple processes. Logical timestamps are used in distributed systems and version control to order concurrent events without requiring synchronised clocks.

File system timestamps

Most file systems store three timestamps per file, accessible via the stat system call:

atime (access time): updated when the file's content is read. Many systems mount with noatime or relatime options to reduce write overhead on frequently accessed files.
mtime (modification time): updated when the file's data content is written. Used by build systems such as GNU Make to determine whether a target is older than its prerequisites and therefore needs rebuilding.
ctime (change time): updated when the file's metadata (permissions, owner, link count) or content is changed. Not the creation time on most Unix systems.

Some file systems (NTFS, HFS+, ext4 with the crtime field) additionally store a creation time. ext4 introduced 32-bit sub-second resolution in timestamps with an additional 2-bit epoch extension, pushing the overflow date to 2446.

Network timestamping

Accurate time synchronisation is a prerequisite for meaningful distributed timestamping. Two main protocols are used:

Network Time Protocol (NTP): a hierarchical protocol that synchronises clocks to within a few milliseconds of UTC over wide-area networks. NTP clients exchange packets with stratum-1 or stratum-2 servers and apply a discipline algorithm to correct offset and drift. NTP timestamps use a 64-bit format: 32 bits of seconds since 1 January 1900 and 32 bits of fractional seconds.

Precision Time Protocol (PTP, IEEE 1588): designed for local area networks where hardware timestamping at the network interface card can achieve sub-microsecond accuracy. PTP is used in financial trading systems, industrial automation, and telecommunications to correlate events across physically separated nodes.

Hardware timestamping support is also present in the Linux kernel's socket API (SO_TIMESTAMPING) and in PCI Express with the Precision Time Measurement (PTM) feature introduced in PCIe 4.0.

Concurrency control

In database and distributed system contexts, timestamps are a central mechanism for concurrency control. In timestamp-based concurrency control, each transaction is assigned a unique timestamp at its start. The scheduler compares timestamps to enforce serialisability: if a transaction attempts to read data written by a later transaction, the earlier transaction is rolled back. This approach avoids locking entirely and is used in multiversion concurrency control (MVCC) systems such as PostgreSQL and Oracle Database, where each row version carries the transaction ID of the transaction that created it.

Trusted timestamping

Trusted timestamping uses public-key cryptography to prove that a document existed at a particular time. A cryptographic hash of the document is sent to a timestamping authority (TSA), which signs the hash together with the current time, returning a signed token. RFC 3161 (Internet X.509 PKI timestamping protocol) defines the standard format. Trusted timestamps are used in legal contexts, electronic signatures, digital forensics and to establish priority in intellectual property disputes.

References

^ Advances in Computer Science and Information Technology by Tai-hoon Kim, Hojjat Adeli 2010 ISBN 3642135765 page 183
^ Computer aided verification: 13th International conference, by Gérard Berry, Hubert Comon, A. Finkel 2001 ISBN 3540423451 page 423
^ Theoretical Aspects of Distributed Computing in Sensor Networks by Sotiris Nikoletseas and José D.P. Rolim 2011 ISBN 3642148484 page 304

This computing article is a stub. You can help Wikipedia by adding missing information.

[1] Advances in Computer Science and Information Technology by Tai-hoon Kim, Hojjat Adeli 2010 ISBN 3642135765 page 183

[2] Computer aided verification: 13th International conference, by Gérard Berry, Hubert Comon, A. Finkel 2001 ISBN 3540423451 page 423

[HBN-3] Theoretical Aspects of Distributed Computing in Sensor Networks by Sotiris Nikoletseas and José D.P. Rolim 2011 ISBN 3642148484 page 304

[1]

[2]

[3]