timex 0.1.0

data/lib/timex/strategies/io.rb

@@ -0,0 +1,247 @@
+# frozen_string_literal: true
+
+require "socket"
+require "io/wait"
+require "resolv"
+
+module TIMEx
+  module Strategies
+    # Deadline-aware helpers for non-blocking socket I/O and DNS resolution.
+    #
+    # The nested singleton methods implement reusable primitives; {#run} simply
+    # yields the {Deadline} to the caller for custom protocols.
+    #
+    # @see Base
+    class IO < Base
+
+      # Minimum seconds passed to SO_RCVTIMEO / SO_SNDTIMEO. A packed timeval
+      # of zero often means "disable timeout" on POSIX, which would leave
+      # blocking reads unbounded when the remaining budget rounds to 0.
+      MIN_SOCKET_TIMEOUT = 0.001
+
+      class << self
+
+        # Reads up to +len+ bytes using non-blocking reads bounded by +deadline+.
+        #
+        # @param io [::IO]
+        # @param len [Integer] maximum bytes to read
+        # @param deadline [Deadline, Numeric, Time, nil]
+        # @return [String] data read (may be shorter than +len+)
+        # @raise [Expired] when the wait exhausts the budget
+        def read(io, len, deadline:)
+          deadline = Deadline.coerce(deadline)
+          loop do
+            return io.read_nonblock(len)
+          rescue ::IO::WaitReadable
+            wait_for(io, :read, deadline)
+          end
+        end
+
+        # Writes the full +buffer+, retrying on +IO::WaitWritable+ until done or expired.
+        #
+        # @param io [::IO]
+        # @param buffer [String]
+        # @param deadline [Deadline, Numeric, Time, nil]
+        # @return [Integer] total bytes written
+        # @raise [Expired] when the wait exhausts the budget
+        # @raise [IOError] when +write_nonblock+ reports zero progress
+        def write(io, buffer, deadline:)
+          deadline = Deadline.coerce(deadline)
+          total    = buffer.bytesize
+          offset   = 0
+          while offset < total
+            begin
+              # Avoid the per-iteration `byteslice` alloc on the common path
+              # where we write the whole buffer in one go; only slice once we
+              # know the kernel took a partial write.
+              chunk = offset.zero? ? buffer : buffer.byteslice(offset, total - offset)
+              n     = io.write_nonblock(chunk)
+              raise ::IOError, "write_nonblock returned 0 bytes (no progress)" if n.zero?
+
+              offset += n
+            rescue ::IO::WaitWritable
+              wait_for(io, :write, deadline)
+            end
+          end
+          total
+        end
+
+        # Resolves +host+ (respecting +deadline+) and connects via the first
+        # working address family. Avoids +getaddrinfo+ blocking past the
+        # deadline by delegating to +Resolv+ with the remaining time.
+        #
+        # The returned socket also has SO_{RCV,SND}TIMEO applied to the
+        # remaining deadline so that subsequent blocking reads don't outlive
+        # the budget if the caller forgets to use {.read} / {.write}. Use
+        # +apply_timeouts: false+ to opt out.
+        #
+        # @param host [String]
+        # @param port [Integer]
+        # @param deadline [Deadline, Numeric, Time, nil]
+        # @param apply_timeouts [Boolean] when +true+, sets socket read/write timeouts
+        # @return [::Socket] connected stream socket
+        # @raise [SocketError] when resolution yields no addresses
+        # @raise [Expired] when resolution or connect exceeds the deadline
+        def connect(host, port, deadline:, apply_timeouts: true)
+          deadline  = Deadline.coerce(deadline)
+          addresses = resolve_host(host, deadline)
+          raise ::SocketError, "could not resolve #{host}" if addresses.empty?
+
+          last_error = nil
+          addresses.each do |addr|
+            sock = open_socket(addr, port, deadline)
+            apply_socket_timeouts(sock, deadline:) if apply_timeouts
+            return sock
+          rescue Expired
+            raise
+          rescue StandardError => e
+            last_error = e
+            next
+          end
+          raise last_error || Errno::ECONNREFUSED.new("could not connect to #{host}:#{port}")
+        end
+
+        # Best-effort SO_{RCV,SND}TIMEO setter. The native +pack+ format for
+        # +struct timeval+ differs by platform (64-bit POSIX uses two +long+
+        # fields; Windows uses +DWORD+ milliseconds). When +SO_RCVTIMEO_FLOAT+
+        # is exposed (Darwin, some BSDs) we prefer it because the option's
+        # value is a raw +Float+, avoiding the packed-timeval mismatch.
+        # Failures are swallowed so callers can rely on +wait_for+ as the
+        # primary deadline guard.
+        #
+        # @param sock [::Socket]
+        # @param deadline [Deadline, Numeric, Time, nil]
+        # @return [void]
+        def apply_socket_timeouts(sock, deadline:)
+          deadline = Deadline.coerce(deadline)
+          return if deadline.infinite?
+
+          remaining = deadline.remaining
+          return if remaining <= 0
+
+          remaining = [remaining, MIN_SOCKET_TIMEOUT].max
+          if ::Socket.const_defined?(:SO_RCVTIMEO_FLOAT) && ::Socket.const_defined?(:SO_SNDTIMEO_FLOAT)
+            sock.setsockopt(::Socket::SOL_SOCKET, ::Socket::SO_RCVTIMEO_FLOAT, remaining)
+            sock.setsockopt(::Socket::SOL_SOCKET, ::Socket::SO_SNDTIMEO_FLOAT, remaining)
+          else
+            tv = pack_timeval(remaining)
+            sock.setsockopt(::Socket::SOL_SOCKET, ::Socket::SO_RCVTIMEO, tv)
+            sock.setsockopt(::Socket::SOL_SOCKET, ::Socket::SO_SNDTIMEO, tv)
+          end
+        rescue StandardError
+          nil
+        end
+
+        private
+
+        # @param seconds [Numeric]
+        # @return [String] packed timeval or Windows DWORD milliseconds
+        def pack_timeval(seconds)
+          secs  = seconds.to_i
+          usecs = ((seconds - secs) * 1_000_000).to_i
+          if ::RUBY_PLATFORM.match?(/mswin|mingw|cygwin/)
+            [(seconds * 1000).to_i].pack("L") # Windows: DWORD ms
+          else
+            [secs, usecs].pack("l_l_")        # POSIX: struct timeval { long, long }
+          end
+        end
+
+        # Resolves +host+ with a per-call +Resolv::DNS+ configured with the
+        # remaining deadline as its per-query timeout. We deliberately do NOT
+        # share the +Resolv::DNS+ instance across threads: +dns.timeouts=+
+        # mutates state, so two concurrent callers with different budgets
+        # would race on the setter and one would observe the other's timeout.
+        # +Resolv::DNS.new+ is cheap (a config parse + UDP socket on first
+        # query); per-call construction also sidesteps the post-fork
+        # FD-sharing problem entirely.
+        #
+        # @param host [String]
+        # @param deadline [Deadline]
+        # @return [Array<Array(Integer, String)>>] list of +[family, ip]+ tuples
+        def resolve_host(host, deadline)
+          if literal_ip?(host)
+            family = host.include?(":") ? ::Socket::AF_INET6 : ::Socket::AF_INET
+            return [[family, host]]
+          end
+
+          remaining = deadline.infinite? ? nil : deadline.remaining
+          raise deadline.expired_error(strategy: :io, message: "DNS deadline expired") if remaining && remaining <= 0
+
+          dns = ::Resolv::DNS.new
+          dns.timeouts = [remaining] if remaining
+          begin
+            resolver = ::Resolv.new([::Resolv::Hosts.new, dns])
+            resolver.getaddresses(host).map do |ip|
+              [ip.include?(":") ? ::Socket::AF_INET6 : ::Socket::AF_INET, ip]
+            end
+          ensure
+            dns.close if dns.respond_to?(:close)
+          end
+        rescue ::Resolv::ResolvError, ::Resolv::ResolvTimeout
+          raise deadline.expired_error(strategy: :io, message: "DNS deadline expired") if remaining && deadline.expired?
+
+          []
+        end
+
+        # @param host [String]
+        # @return [Boolean]
+        def literal_ip?(host)
+          host.match?(::Resolv::IPv4::Regex) || host.match?(::Resolv::IPv6::Regex)
+        end
+
+        # @param addr [Array(Integer, String)] +[family, ip]+
+        # @param port [Integer]
+        # @param deadline [Deadline]
+        # @return [::Socket]
+        def open_socket(addr, port, deadline)
+          family, ip = addr
+          sock     = ::Socket.new(family, ::Socket::SOCK_STREAM, 0)
+          sockaddr = ::Socket.sockaddr_in(port, ip)
+          begin
+            sock.connect_nonblock(sockaddr)
+          rescue ::IO::WaitWritable
+            wait_for(sock, :write, deadline)
+            begin
+              sock.connect_nonblock(sockaddr)
+            rescue Errno::EISCONN
+              # connected
+            end
+          end
+          sock
+        rescue StandardError
+          sock&.close
+          raise
+        end
+
+        # @param io [::IO]
+        # @param direction [:read, :write]
+        # @param deadline [Deadline]
+        # @return [void]
+        # @raise [Expired] when not ready before expiry
+        def wait_for(io, direction, deadline)
+          remaining = deadline.remaining
+          remaining = nil if deadline.infinite?
+          raise deadline.expired_error(strategy: :io, message: "IO #{direction} deadline expired") if remaining && remaining <= 0
+
+          ready = direction == :read ? io.wait_readable(remaining) : io.wait_writable(remaining)
+          return if ready
+
+          raise deadline.expired_error(strategy: :io, message: "IO #{direction} deadline expired")
+        end
+
+      end
+
+      protected
+
+      # @param deadline [Deadline]
+      # @yieldparam deadline [Deadline]
+      # @return [Object]
+      def run(deadline)
+        yield(deadline)
+      end
+
+    end
+  end
+end
+
+TIMEx::Registry.register(:io, TIMEx::Strategies::IO)

data/lib/timex/strategies/ractor.rb

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+module TIMEx
+  module Strategies
+    # Runs the block inside a +Ractor+ for isolation from the caller's heap.
+    #
+    # The block and captured state must be Ractor-shareable; typical service
+    # objects that close over +self+ will fail at runtime. Prefer a small frozen
+    # lambda that only uses the yielded {Deadline}.
+    #
+    # @note On timeout the waiter thread is stopped but the Ractor may keep
+    #   running; {Telemetry.emit} records a leak event for operators.
+    #
+    # @see ::Ractor
+    # @see Base
+    class Ractor < Base
+
+      protected
+
+      # @param deadline [Deadline]
+      # @yieldparam deadline [Deadline]
+      # @return [Object] Ractor result value
+      # @raise [TIMEx::Error] when Ruby lacks Ractor support, the block is missing,
+      #   or the block cannot be made shareable
+      # @raise [Expired] when the parent budget expires before the Ractor completes
+      def run(deadline, &block)
+        raise TIMEx::Error, "Ractor strategy requires a Ruby with Ractor support" unless defined?(::Ractor)
+        raise TIMEx::Error, "Ractor strategy requires a block" unless block
+
+        shareable_block    = ensure_shareable(block)
+        shareable_deadline = ::Ractor.make_shareable(deadline)
+
+        ractor = ::Ractor.new(shareable_block, shareable_deadline) do |b, d|
+          b.call(d)
+        end
+
+        remaining = deadline.infinite? ? nil : deadline.remaining
+        waiter    = Thread.new { ractor_value(ractor) }
+
+        if waiter.join(remaining)
+          waiter.value
+        else
+          # No public Ractor#kill — the Ractor will continue to completion
+          # in the background. Surface this leak via telemetry so operators
+          # can spot misbehaving children. Stop our own waiter so we don't
+          # leak the Thread too.
+          waiter.kill if waiter.alive?
+          TIMEx::Telemetry.emit(
+            event: "ractor.leak",
+            deadline_ms: deadline.initial_ms&.round
+          )
+          raise deadline.expired_error(
+            strategy: :ractor,
+            message: "ractor deadline expired"
+          )
+        end
+      end
+
+      private
+
+      # @param block [Proc]
+      # @return [Proc]
+      # @raise [TIMEx::Error] when the block captures non-shareable state
+      def ensure_shareable(block)
+        return block if ::Ractor.shareable?(block)
+
+        ::Ractor.make_shareable(block)
+      rescue ::Ractor::IsolationError, ArgumentError, TypeError => e
+        raise TIMEx::Error,
+          "Ractor strategy requires a shareable block; the supplied block " \
+          "captures non-shareable state (#{e.class}: #{e.message})"
+      end
+
+      # @param ractor [Ractor]
+      # @return [Object]
+      def ractor_value(ractor)
+        ractor.respond_to?(:value) ? ractor.value : ractor.take
+      end
+
+    end
+  end
+end
+
+TIMEx::Registry.register(:ractor, TIMEx::Strategies::Ractor) if defined?(Ractor)

data/lib/timex/strategies/subprocess.rb

@@ -0,0 +1,267 @@
+# frozen_string_literal: true
+
+module TIMEx
+  module Strategies
+    # Runs user code in a forked child and returns the marshalled result to the parent.
+    #
+    # @note The child inherits all open file descriptors; shared connections can
+    #   corrupt the parent if reused in the child. Re-open resources in the child
+    #   or close inherited FDs deliberately.
+    #
+    # @see Base
+    class Subprocess < Base
+
+      # Message used when the child exits without producing a marshalled result
+      # (segfault, OOM, exec, etc.) so the parent can distinguish from a
+      # legitimate `[:ok, nil]` return.
+      EMPTY_PAYLOAD = "the child exited without producing a result"
+
+      # Default ceiling on the marshalled child payload. A buggy or malicious
+      # block can otherwise drive the parent OOM by streaming arbitrary data
+      # through the pipe before the deadline fires.
+      DEFAULT_MAX_PAYLOAD_BYTES = 8 * 1024 * 1024
+
+      # @param kill_after [Numeric] seconds to wait after TERM before KILL when reaping
+      # @param max_payload_bytes [Integer] hard cap on bytes read from the result pipe
+      # @raise [ArgumentError] when parameters are out of range
+      def initialize(kill_after: 0.5, max_payload_bytes: DEFAULT_MAX_PAYLOAD_BYTES)
+        super()
+        raise ArgumentError, "kill_after must be a non-negative Numeric" unless kill_after.is_a?(Numeric) && !kill_after.negative?
+        raise ArgumentError, "max_payload_bytes must be a positive Integer" unless max_payload_bytes.is_a?(Integer) && max_payload_bytes.positive?
+
+        @kill_after = kill_after
+        @max_payload_bytes = max_payload_bytes
+      end
+
+      protected
+
+      # @param deadline [Deadline]
+      # @yieldparam deadline [Deadline]
+      # @return [Object] unmarshalled child return value
+      # @raise [TIMEx::Error] when +fork+ is unavailable
+      # @raise [Expired] when the parent budget expires waiting for the child
+      # @raise [Exception] when the child marshals +[:error, exception]+
+      def run(deadline)
+        raise TIMEx::Error, "Subprocess strategy requires fork (unavailable on this platform)" unless ::Process.respond_to?(:fork)
+
+        reader, writer = ::IO.pipe
+        # Mark pipe FDs close-on-exec so they are not inherited by unrelated
+        # programs started via `Process.spawn`/`exec` from this process. The
+        # parent and this fork still share the pipe by design (child closes
+        # reader, parent closes writer); `Marshal.load` reads only from our
+        # child, not from arbitrary inherited writers.
+        reader.close_on_exec = true
+        writer.close_on_exec = true
+        pid = begin
+          ::Process.fork do
+            reader.close
+            # If `setpgid` raises in the child we MUST NOT proceed: the child's
+            # pgid is still equal to the parent's, and `kill(-pid)` from the
+            # parent would target the parent's process group. Bail out rather
+            # than risk wiping the parent.
+            begin
+              ::Process.setpgid(0, 0) if ::Process.respond_to?(:setpgid)
+            rescue StandardError
+              ::Kernel.exit!(1)
+            end
+            run_child(writer, deadline) { yield(deadline) }
+          end
+        ensure
+          writer.close unless writer.closed?
+        end
+
+        # Race-free pgid setup: the child also calls setpgid(0, 0), but until
+        # that lands the child's pgid is the parent's. Setting it from the
+        # parent and confirming success closes the window during which
+        # `terminate(-pid)` would silently miss its target (or hit the
+        # parent's group). We carry the outcome into terminate/reap so a
+        # failed setpgid never leads to `kill(-pid)`.
+        pgid_established = false
+        if ::Process.respond_to?(:setpgid)
+          begin
+            ::Process.setpgid(pid, pid)
+            pgid_established = true
+          rescue Errno::EACCES
+            pgid_established = true # child already setpgid'd itself
+          rescue Errno::ESRCH, StandardError
+            pgid_established = false
+          end
+        end
+
+        completed = false
+        begin
+          value = wait_for_child(pid, reader, deadline, pgid_established:)
+          completed = true
+          value
+        ensure
+          reader.close unless reader.closed?
+          reap_async(pid, pgid_established:) unless completed
+        end
+      end
+
+      private
+
+      def run_child(writer, deadline)
+        value = yield
+        ::Marshal.dump([:ok, value], writer)
+      rescue Exception => e # rubocop:disable Lint/RescueException
+        # Forward every exception (including {Expired}, +SystemExit+,
+        # +SignalException+, etc.) as `[:error, e]` so the parent can
+        # `rescue TIMEx::Expired` directly and observe the original
+        # strategy/deadline_ms metadata. `safe_dump` falls back to a plain
+        # RuntimeError if a particular exception class can't be marshalled.
+        safe_dump(writer, [:error, e])
+      ensure
+        writer.close unless writer.closed?
+        ::Kernel.exit!(0)
+      end
+
+      def safe_dump(writer, payload)
+        ::Marshal.dump(payload, writer)
+      rescue StandardError
+        fallback_dump(writer, payload)
+      end
+
+      def fallback_dump(writer, payload)
+        kind, value = payload
+        ::Marshal.dump([kind, RuntimeError.new(value.message)], writer)
+      rescue StandardError
+        nil
+      end
+
+      def wait_for_child(pid, reader, deadline, pgid_established: false)
+        deadline_remaining = deadline.infinite? ? nil : deadline.remaining
+        ready = ::IO.select([reader], nil, nil, deadline_remaining) # rubocop:disable Lint/IncompatibleIoSelectWithFiberScheduler
+
+        if ready.nil?
+          reap_async(pid, pgid_established:)
+          raise deadline.expired_error(
+            strategy: :subprocess,
+            message: "subprocess deadline expired"
+          )
+        end
+
+        data    = drain_reader(reader, deadline)
+        expired = deadline.expired?
+        # Reap synchronously only if we still have budget; otherwise hand off
+        # to `reap_async`. `safe_waitpid` swallows ECHILD so a concurrent
+        # signal handler (or the reaper raced with our drain) cannot crash
+        # the parent here.
+        expired ? reap_async(pid, pgid_established:) : safe_waitpid(pid, 0)
+
+        if data.nil? || data.empty?
+          # A child reaped before flushing typically means the deadline reaper
+          # killed it. Prefer Expired so callers can rescue it consistently.
+          if expired
+            raise deadline.expired_error(
+              strategy: :subprocess,
+              message: "subprocess deadline expired (no payload)"
+            )
+          end
+
+          raise TIMEx::Error, EMPTY_PAYLOAD
+        end
+
+        kind, value = begin
+          ::Marshal.load(data) # rubocop:disable Security/MarshalLoad
+        rescue ArgumentError, TypeError => e
+          # A truncated payload typically means the child was killed mid-write
+          # by our deadline reaper. Surface that as Expired rather than a
+          # generic Error so callers can rescue it consistently.
+          if expired
+            raise deadline.expired_error(
+              strategy: :subprocess,
+              message: "subprocess deadline expired (truncated payload)"
+            )
+          end
+
+          raise TIMEx::Error, "subprocess produced unreadable payload (#{e.class}: #{e.message})"
+        end
+        kind == :ok ? value : raise(value)
+      end
+
+      # Reads remaining bytes from `reader` without blocking past the parent
+      # deadline. If the child wrote a partial payload then crashed mid-cleanup,
+      # `reader.read` (blocking) could hang forever; loop on `read_nonblock`
+      # bounded by `deadline.remaining` instead. Caps the buffer at
+      # `@max_payload_bytes` so a runaway child cannot OOM the parent.
+      def drain_reader(reader, deadline)
+        buf = +""
+        cap = @max_payload_bytes
+        loop do
+          chunk = reader.read_nonblock(4096, exception: false)
+          case chunk
+          when :wait_readable
+            remaining = deadline.infinite? ? nil : [deadline.remaining, 0.0].max
+            return buf if remaining && remaining <= 0
+            return buf unless reader.wait_readable(remaining)
+          when nil # EOF
+            return buf
+          else
+            buf << chunk
+            raise TIMEx::Error, "subprocess payload exceeded #{cap} bytes" if buf.bytesize > cap
+          end
+        end
+      end
+
+      def terminate(pid, pgid_established: false)
+        signal_target = pgid_established ? -pid : pid
+        kill_signal(signal_target, "TERM")
+        wait_or_kill(pid, signal_target)
+      end
+
+      # Off-thread reaper so the request thread isn't blocked by `kill_after +
+      # waitpid`. We deliberately do NOT call `Process.detach` here: detaching
+      # lets the kernel reap the zombie as soon as it exits, freeing the PID
+      # for reuse. A subsequent `kill(KILL, pid)` could then signal an
+      # unrelated freshly-spawned process owned by the same uid. By owning
+      # `waitpid` ourselves we keep the zombie around until *we've* observed
+      # it, so the PID cannot be recycled out from under us.
+      def reap_async(pid, pgid_established: false)
+        signal_target = pgid_established ? -pid : pid
+        kill_signal(signal_target, "TERM")
+        Thread.new { wait_or_kill(pid, signal_target) }
+        nil
+      end
+
+      # Polls for the child's exit using `WNOHANG`; if it doesn't drain within
+      # `@kill_after`, escalates to `KILL` and waits synchronously. Either way
+      # we always own the final `waitpid`, so the PID cannot be recycled while
+      # we still hold a reference to it.
+      def wait_or_kill(pid, signal_target)
+        deadline = ::Process.clock_gettime(::Process::CLOCK_MONOTONIC) + @kill_after
+        loop do
+          reaped = safe_waitpid(pid, ::Process::WNOHANG)
+          return if reaped == pid
+
+          break if ::Process.clock_gettime(::Process::CLOCK_MONOTONIC) >= deadline
+
+          sleep 0.01
+        end
+        kill_signal(signal_target, "KILL")
+        safe_waitpid(pid, 0)
+      end
+
+      def safe_waitpid(pid, flags)
+        ::Process.waitpid(pid, flags)
+      rescue Errno::ECHILD, Errno::ESRCH
+        pid # treat "already gone" as reaped so callers stop signalling
+      rescue StandardError
+        nil
+      end
+
+      def kill_signal(target, signal)
+        ::Process.kill(signal, target)
+      rescue StandardError
+        # ESRCH: target already exited. EPERM: target was reaped + the PID
+        # got handed to another uid before we got here (the very situation
+        # `wait_or_kill` exists to prevent, but we still don't want to crash
+        # the request thread). All other Errno::* swallowed for parity.
+        nil
+      end
+
+    end
+  end
+end
+
+TIMEx::Registry.register(:subprocess, TIMEx::Strategies::Subprocess)

data/lib/timex/strategies/unsafe.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module TIMEx
+  module Strategies
+    # Watchdog thread that raises {Expired} into the caller via +Thread#raise+
+    # after the deadline. **Unsafe**: does not stop CPU work; can leave shared
+    # state inconsistent if the block is not written for asynchronous exceptions.
+    #
+    # @note Prefer {Cooperative}, {IO}, {Closeable}, or {Subprocess} unless you
+    #   explicitly accept these semantics.
+    #
+    # @see Base
+    class Unsafe < Base
+
+      protected
+
+      # @param deadline [Deadline]
+      # @yieldparam deadline [Deadline]
+      # @return [Object]
+      # @raise [Expired] from the watcher thread when time elapses before completion
+      def run(deadline)
+        return yield(deadline) if deadline.infinite?
+
+        target = Thread.current
+        state  = { block_done: false, mutex: Mutex.new }
+        watcher = Thread.new do
+          remaining = deadline.remaining
+          ::Kernel.sleep(remaining) if remaining.positive?
+          state[:mutex].synchronize do
+            next if state[:block_done]
+            next unless target.alive?
+
+            target.raise(
+              deadline.expired_error(
+                strategy: :unsafe,
+                message: "unsafe deadline expired"
+              )
+            )
+          end
+        end
+        begin
+          yield(deadline)
+        ensure
+          state[:mutex].synchronize { state[:block_done] = true }
+          watcher.kill if watcher.alive?
+          watcher.join(0.1)
+        end
+      end
+
+    end
+  end
+end
+
+TIMEx::Registry.register(:unsafe, TIMEx::Strategies::Unsafe)