diff options
author | Roland McGrath <roland@gnu.org> | 2004-11-01 00:21:39 +0000 |
---|---|---|
committer | Roland McGrath <roland@gnu.org> | 2004-11-01 00:21:39 +0000 |
commit | e507cc567353fd77b00604fdfa405d4adc64ed18 (patch) | |
tree | 18dc8504781a232f37b213371dfb69cf5ccb4b80 /time/mktime.c | |
parent | 27b1a5c23501fac604335a8827690e12d4b8498e (diff) | |
download | glibc-e507cc567353fd77b00604fdfa405d4adc64ed18.zip glibc-e507cc567353fd77b00604fdfa405d4adc64ed18.tar.gz glibc-e507cc567353fd77b00604fdfa405d4adc64ed18.tar.bz2 |
[BZ #473, BZ #487]
2004-10-27 Derek R. Price <derek@ximbiot.com>
[BZ #487] This change is imported from gnulib.
* time/mktime.c (not_equal_tm) [DEBUG]: Remove redundant check.
2004-10-24 Paul Eggert <eggert@cs.ucla.edu>
[BZ #473]
* time/tst-mktime.c (main): Don't assume that mktime fails
when given time stamps before 1970. It returns negative
time_t values instead, for compatibility with BSD.
* time/tst-mktime2.c: New file.
* time/Makefile (tests): Add it.
[BZ #473] Import from gnulib. Revamp to avoid several problems near
time_t extrema, and on hosts with 64-bit time_t and 32-bit int.
This fixes Debian bug 177940.
* time/mktime.c (TIME_T_MIDPOINT): New macro.
(ydhms_diff): Renamed from ydhms_tm_diff, with a new signature,
which avoids overflow problems on hosts with 64-bit time_t and
32-bit int. All callers changed. Now an inline function.
Verify at compile-time that long int is wide enough to avoid
these overflow problems.
(guess_time_tm): New function.
(__mktime_internal): Use it. Avoid overflow when computing yday on
hosts with 64-bit long and 32-bit int. Remove tests for 69;
no longer needed. Use if rather than #ifdef for LEAP_SECONDS_POSSIBLE
so that the code is checked by more compilers.
Do not rely on floating point to probe: stick to integer arithmetic,
to avoid potential porting problems.
Repair potential overflow correctly in the Southern Hemisphere.
(localtime_offset): Add a FIXME for the case where time_t is unsigned.
Diffstat (limited to 'time/mktime.c')
-rw-r--r-- | time/mktime.c | 338 |
1 files changed, 212 insertions, 126 deletions
diff --git a/time/mktime.c b/time/mktime.c index 5cd4e99..72b2012 100644 --- a/time/mktime.c +++ b/time/mktime.c @@ -60,6 +60,7 @@ #ifndef TIME_T_MAX # define TIME_T_MAX TYPE_MAXIMUM (time_t) #endif +#define TIME_T_MIDPOINT (((TIME_T_MIN + TIME_T_MAX) >> 1) + 1) /* Verify a requirement at compile-time (unlike assert, which is runtime). */ #define verify(name, assertion) struct name { char a[(assertion) ? 1 : -1]; } @@ -111,42 +112,74 @@ const unsigned short int __mon_yday[2][13] = # define __mktime_internal mktime_internal #endif +/* Return an integer value measuring (YEAR1-YDAY1 HOUR1:MIN1:SEC1) - + (YEAR0-YDAY0 HOUR0:MIN0:SEC0) in seconds, assuming that the clocks + were not adjusted between the time stamps. -/* Yield the difference between (YEAR-YDAY HOUR:MIN:SEC) and (*TP), - measured in seconds, ignoring leap seconds. - YEAR uses the same numbering as TM->tm_year. - All values are in range, except possibly YEAR. - If TP is null, return a nonzero value. - If overflow occurs, yield the low order bits of the correct answer. */ + The YEAR values uses the same numbering as TP->tm_year. Values + need not be in the usual range. However, YEAR1 must not be less + than 2 * INT_MIN or greater than 2 * INT_MAX. + + The result may overflow. It is the caller's responsibility to + detect overflow. */ + +static inline time_t +ydhms_diff (long int year1, long int yday1, int hour1, int min1, int sec1, + int year0, int yday0, int hour0, int min0, int sec0) +{ + verify (C99_integer_division, -1 / 2 == 0); + verify (long_int_year_and_yday_are_wide_enough, + INT_MAX <= LONG_MAX / 2 || TIME_T_MAX <= UINT_MAX); + + /* Compute intervening leap days correctly even if year is negative. + Take care to avoid integer overflow here. */ + int a4 = (year1 >> 2) + (TM_YEAR_BASE >> 2) - ! (year1 & 3); + int b4 = (year0 >> 2) + (TM_YEAR_BASE >> 2) - ! (year0 & 3); + int a100 = a4 / 25 - (a4 % 25 < 0); + int b100 = b4 / 25 - (b4 % 25 < 0); + int a400 = a100 >> 2; + int b400 = b100 >> 2; + int intervening_leap_days = (a4 - b4) - (a100 - b100) + (a400 - b400); + + /* Compute the desired time in time_t precision. Overflow might + occur here. */ + time_t tyear1 = year1; + time_t years = tyear1 - year0; + time_t days = 365 * years + yday1 - yday0 + intervening_leap_days; + time_t hours = 24 * days + hour1 - hour0; + time_t minutes = 60 * hours + min1 - min0; + time_t seconds = 60 * minutes + sec1 - sec0; + return seconds; +} + + +/* Return a time_t value corresponding to (YEAR-YDAY HOUR:MIN:SEC), + assuming that *T corresponds to *TP and that no clock adjustments + occurred between *TP and the desired time. + If TP is null, return a value not equal to *T; this avoids false matches. + If overflow occurs, yield the minimal or maximal value, except do not + yield a value equal to *T. */ static time_t -ydhms_tm_diff (long int year, int yday, int hour, int min, int sec, - const struct tm *tp) +guess_time_tm (long int year, long int yday, int hour, int min, int sec, + const time_t *t, const struct tm *tp) { - if (!tp) - return 1; - else + if (tp) { - verify (C99_integer_division, -1 / 2 == 0); - - /* Compute intervening leap days correctly even if year is negative. - Take care to avoid int overflow. time_t overflow is OK, since - only the low order bits of the correct time_t answer are needed. - Don't convert to time_t until after all divisions are done, since - time_t might be unsigned. */ - int a4 = (year >> 2) + (TM_YEAR_BASE >> 2) - ! (year & 3); - int b4 = (tp->tm_year >> 2) + (TM_YEAR_BASE >> 2) - ! (tp->tm_year & 3); - int a100 = a4 / 25 - (a4 % 25 < 0); - int b100 = b4 / 25 - (b4 % 25 < 0); - int a400 = a100 >> 2; - int b400 = b100 >> 2; - int intervening_leap_days = (a4 - b4) - (a100 - b100) + (a400 - b400); - time_t years = year - (time_t) tp->tm_year; - time_t days = (365 * years + intervening_leap_days - + (yday - tp->tm_yday)); - return (60 * (60 * (24 * days + (hour - tp->tm_hour)) - + (min - tp->tm_min)) - + (sec - tp->tm_sec)); + time_t d = ydhms_diff (year, yday, hour, min, sec, + tp->tm_year, tp->tm_yday, + tp->tm_hour, tp->tm_min, tp->tm_sec); + time_t t1 = *t + d; + if ((t1 < *t) == (TYPE_SIGNED (time_t) ? d < 0 : TIME_T_MAX / 2 < d)) + return t1; } + + /* Overflow occurred one way or another. Return the nearest result + that is actually in range, except don't report a zero difference + if the actual difference is nonzero, as that would cause a false + match. */ + return (*t < TIME_T_MIDPOINT + ? TIME_T_MIN + (*t == TIME_T_MIN) + : TIME_T_MAX - (*t == TIME_T_MAX)); } /* Use CONVERT to convert *T to a broken down time in *TP. @@ -199,13 +232,14 @@ ranged_convert (struct tm *(*convert) (const time_t *, struct tm *), the monotonic and mostly-unit-linear conversion function CONVERT. Use *OFFSET to keep track of a guess at the offset of the result, compared to what the result would be for UTC without leap seconds. - If *OFFSET's guess is correct, only one CONVERT call is needed. */ + If *OFFSET's guess is correct, only one CONVERT call is needed. + This function is external because it is used also by timegm.c. */ time_t __mktime_internal (struct tm *tp, struct tm *(*convert) (const time_t *, struct tm *), time_t *offset) { - time_t t, dt, t0, t1, t2; + time_t t, gt, t0, t1, t2; struct tm tm; /* The maximum number of probes (calls to CONVERT) should be enough @@ -241,38 +275,95 @@ __mktime_internal (struct tm *tp, /* Calculate day of year from year, month, and day of month. The result need not be in range. */ - int yday = ((__mon_yday[leapyear (year)] - [mon_remainder + 12 * negative_mon_remainder]) - + mday - 1); + int mon_yday = ((__mon_yday[leapyear (year)] + [mon_remainder + 12 * negative_mon_remainder]) + - 1); + long int lmday = mday; + long int yday = mon_yday + lmday; + + time_t guessed_offset = *offset; int sec_requested = sec; - /* Only years after 1970 are defined. - If year is 69, it might still be representable due to - timezone differences. */ - if (year < 69) - return -1; - -#if LEAP_SECONDS_POSSIBLE - /* Handle out-of-range seconds specially, - since ydhms_tm_diff assumes every minute has 60 seconds. */ - if (sec < 0) - sec = 0; - if (59 < sec) - sec = 59; -#endif + if (LEAP_SECONDS_POSSIBLE) + { + /* Handle out-of-range seconds specially, + since ydhms_tm_diff assumes every minute has 60 seconds. */ + if (sec < 0) + sec = 0; + if (59 < sec) + sec = 59; + } - /* Invert CONVERT by probing. First assume the same offset as last time. - Then repeatedly use the error to improve the guess. */ + /* Invert CONVERT by probing. First assume the same offset as last + time. */ - tm.tm_year = EPOCH_YEAR - TM_YEAR_BASE; - tm.tm_yday = tm.tm_hour = tm.tm_min = tm.tm_sec = 0; - t0 = ydhms_tm_diff (year, yday, hour, min, sec, &tm); + t0 = ydhms_diff (year, yday, hour, min, sec, + EPOCH_YEAR - TM_YEAR_BASE, 0, 0, 0, - guessed_offset); - for (t = t1 = t2 = t0 + *offset, dst2 = 0; - (dt = ydhms_tm_diff (year, yday, hour, min, sec, - ranged_convert (convert, &t, &tm))); - t1 = t2, t2 = t, t += dt, dst2 = tm.tm_isdst != 0) + if (TIME_T_MAX / INT_MAX / 366 / 24 / 60 / 60 < 3) + { + /* time_t isn't large enough to rule out overflows, so check + for major overflows. A gross check suffices, since if t0 + has overflowed, it is off by a multiple of TIME_T_MAX - + TIME_T_MIN + 1. So ignore any component of the difference + that is bounded by a small value. */ + + /* Approximate log base 2 of the number of time units per + biennium. A biennium is 2 years; use this unit instead of + years to avoid integer overflow. For example, 2 average + Gregorian years are 2 * 365.2425 * 24 * 60 * 60 seconds, + which is 63113904 seconds, and rint (log2 (63113904)) is + 26. */ + int ALOG2_SECONDS_PER_BIENNIUM = 26; + int ALOG2_MINUTES_PER_BIENNIUM = 20; + int ALOG2_HOURS_PER_BIENNIUM = 14; + int ALOG2_DAYS_PER_BIENNIUM = 10; + int LOG2_YEARS_PER_BIENNIUM = 1; + + int approx_requested_biennia = + ((year_requested >> LOG2_YEARS_PER_BIENNIUM) + - ((EPOCH_YEAR - TM_YEAR_BASE) >> LOG2_YEARS_PER_BIENNIUM) + + (mday >> ALOG2_DAYS_PER_BIENNIUM) + + (hour >> ALOG2_HOURS_PER_BIENNIUM) + + (min >> ALOG2_MINUTES_PER_BIENNIUM) + + (LEAP_SECONDS_POSSIBLE ? 0 : sec >> ALOG2_SECONDS_PER_BIENNIUM)); + + int approx_biennia = t0 >> ALOG2_SECONDS_PER_BIENNIUM; + int diff = approx_biennia - approx_requested_biennia; + int abs_diff = diff < 0 ? - diff : diff; + + /* IRIX 4.0.5 cc miscaculates TIME_T_MIN / 3: it erroneously + gives a positive value of 715827882. Setting a variable + first then doing math on it seems to work. + (ghazi@caip.rutgers.edu) */ + time_t time_t_max = TIME_T_MAX; + time_t time_t_min = TIME_T_MIN; + time_t overflow_threshold = + (time_t_max / 3 - time_t_min / 3) >> ALOG2_SECONDS_PER_BIENNIUM; + + if (overflow_threshold < abs_diff) + { + /* Overflow occurred. Try repairing it; this might work if + the time zone offset is enough to undo the overflow. */ + time_t repaired_t0 = -1 - t0; + approx_biennia = repaired_t0 >> ALOG2_SECONDS_PER_BIENNIUM; + diff = approx_biennia - approx_requested_biennia; + abs_diff = diff < 0 ? - diff : diff; + if (overflow_threshold < abs_diff) + return -1; + guessed_offset += repaired_t0 - t0; + t0 = repaired_t0; + } + } + + /* Repeatedly use the error to improve the guess. */ + + for (t = t1 = t2 = t0, dst2 = 0; + (gt = guess_time_tm (year, yday, hour, min, sec, &t, + ranged_convert (convert, &t, &tm)), + t != gt); + t1 = t2, t2 = t, t = gt, dst2 = tm.tm_isdst != 0) if (t == t1 && t != t2 && (tm.tm_isdst < 0 || (isdst < 0 @@ -280,91 +371,83 @@ __mktime_internal (struct tm *tp, : (isdst != 0) != (tm.tm_isdst != 0)))) /* We can't possibly find a match, as we are oscillating between two values. The requested time probably falls - within a spring-forward gap of size DT. Follow the common - practice in this case, which is to return a time that is DT + within a spring-forward gap of size GT - T. Follow the common + practice in this case, which is to return a time that is GT - T away from the requested time, preferring a time whose tm_isdst differs from the requested value. (If no tm_isdst was requested and only one of the two values has a nonzero tm_isdst, prefer that value.) In practice, this is more useful than returning -1. */ - break; + goto offset_found; else if (--remaining_probes == 0) return -1; - /* If we have a match, check whether tm.tm_isdst has the requested + /* We have a match. Check whether tm.tm_isdst has the requested value, if any. */ - if (dt == 0 && isdst != tm.tm_isdst && 0 <= isdst && 0 <= tm.tm_isdst) + if (isdst != tm.tm_isdst && 0 <= isdst && 0 <= tm.tm_isdst) { /* tm.tm_isdst has the wrong value. Look for a neighboring time with the right value, and use its UTC offset. - Heuristic: probe the previous three calendar quarters (approximately), - looking for the desired isdst. This isn't perfect, - but it's good enough in practice. */ - int quarter = 7889238; /* seconds per average 1/4 Gregorian year */ - int i; - - /* If we're too close to the time_t limit, look in future quarters. */ - if (t < TIME_T_MIN + 3 * quarter) - quarter = -quarter; - for (i = 1; i <= 3; i++) - { - time_t ot = t - i * quarter; - struct tm otm; - ranged_convert (convert, &ot, &otm); - if (otm.tm_isdst == isdst) - { - /* We found the desired tm_isdst. - Extrapolate back to the desired time. */ - t = ot + ydhms_tm_diff (year, yday, hour, min, sec, &otm); - ranged_convert (convert, &t, &tm); - break; - } - } + Heuristic: probe the adjacent timestamps in both directions, + looking for the desired isdst. This should work for all real + time zone histories in the tz database. */ + + /* Distance between probes when looking for a DST boundary. In + tzdata2003a, the shortest period of DST is 601200 seconds + (e.g., America/Recife starting 2000-10-08 01:00), and the + shortest period of non-DST surrounded by DST is 694800 + seconds (Africa/Tunis starting 1943-04-17 01:00). Use the + minimum of these two values, so we don't miss these short + periods when probing. */ + int stride = 601200; + + /* The longest period of DST in tzdata2003a is 536454000 seconds + (e.g., America/Jujuy starting 1946-10-01 01:00). The longest + period of non-DST is much longer, but it makes no real sense + to search for more than a year of non-DST, so use the DST + max. */ + int duration_max = 536454000; + + /* Search in both directions, so the maximum distance is half + the duration; add the stride to avoid off-by-1 problems. */ + int delta_bound = duration_max / 2 + stride; + + int delta, direction; + + for (delta = stride; delta < delta_bound; delta += stride) + for (direction = -1; direction <= 1; direction += 2) + { + time_t ot = t + delta * direction; + if ((ot < t) == (direction < 0)) + { + struct tm otm; + ranged_convert (convert, &ot, &otm); + if (otm.tm_isdst == isdst) + { + /* We found the desired tm_isdst. + Extrapolate back to the desired time. */ + t = guess_time_tm (year, yday, hour, min, sec, &ot, &otm); + ranged_convert (convert, &t, &tm); + goto offset_found; + } + } + } } - *offset = t - t0; + offset_found: + *offset = guessed_offset + t - t0; -#if LEAP_SECONDS_POSSIBLE - if (sec_requested != tm.tm_sec) + if (LEAP_SECONDS_POSSIBLE && sec_requested != tm.tm_sec) { /* Adjust time to reflect the tm_sec requested, not the normalized value. Also, repair any damage from a false match due to a leap second. */ - t += sec_requested - sec + (sec == 0 && tm.tm_sec == 60); - if (! (*convert) (&t, &tm)) - return -1; - } -#endif - - if (TIME_T_MAX / INT_MAX / 366 / 24 / 60 / 60 < 3) - { - /* time_t isn't large enough to rule out overflows in ydhms_tm_diff, - so check for major overflows. A gross check suffices, - since if t has overflowed, it is off by a multiple of - TIME_T_MAX - TIME_T_MIN + 1. So ignore any component of - the difference that is bounded by a small value. */ - - double dyear = (double) year_requested + mon_years - tm.tm_year; - double dday = 366 * dyear + mday; - double dsec = 60 * (60 * (24 * dday + hour) + min) + sec_requested; - - /* On Irix4.0.5 cc, dividing TIME_T_MIN by 3 does not produce - correct results, ie., it erroneously gives a positive value - of 715827882. Setting a variable first then doing math on it - seems to work. (ghazi@caip.rutgers.edu) */ - - const time_t time_t_max = TIME_T_MAX; - const time_t time_t_min = TIME_T_MIN; - - if (time_t_max / 3 - time_t_min / 3 < (dsec < 0 ? - dsec : dsec)) - return -1; - } - - if (year == 69) - { - /* If year was 69, need to check whether the time was representable - or not. */ - if (t < 0 || t > 2 * 24 * 60 * 60) + int sec_adjustment = (sec == 0 && tm.tm_sec == 60) - sec; + t1 = t + sec_requested; + t2 = t1 + sec_adjustment; + if (((t1 < t) != (sec_requested < 0)) + | ((t2 < t1) != (sec_adjustment < 0)) + | ! (*convert) (&t, &tm)) return -1; } @@ -373,6 +456,10 @@ __mktime_internal (struct tm *tp, } +/* FIXME: This should use a signed type wide enough to hold any UTC + offset in seconds. 'int' should be good enough for GNU code. We + can't fix this unilaterally though, as other modules invoke + __mktime_internal. */ static time_t localtime_offset; /* Convert *TP to a time_t value. */ @@ -409,7 +496,6 @@ not_equal_tm (const struct tm *a, const struct tm *b) | (a->tm_mday ^ b->tm_mday) | (a->tm_mon ^ b->tm_mon) | (a->tm_year ^ b->tm_year) - | (a->tm_mday ^ b->tm_mday) | (a->tm_yday ^ b->tm_yday) | (a->tm_isdst ^ b->tm_isdst)); } |