about summary refs log tree commit diff
path: root/time/mktime.c
diff options
context:
space:
mode:
authorRoland McGrath <roland@gnu.org>2004-11-01 00:21:39 +0000
committerRoland McGrath <roland@gnu.org>2004-11-01 00:21:39 +0000
commite507cc567353fd77b00604fdfa405d4adc64ed18 (patch)
tree18dc8504781a232f37b213371dfb69cf5ccb4b80 /time/mktime.c
parent27b1a5c23501fac604335a8827690e12d4b8498e (diff)
downloadglibc-e507cc567353fd77b00604fdfa405d4adc64ed18.tar.gz
glibc-e507cc567353fd77b00604fdfa405d4adc64ed18.tar.xz
glibc-e507cc567353fd77b00604fdfa405d4adc64ed18.zip
[BZ #473, BZ #487]
2004-10-27  Derek R. Price  <derek@ximbiot.com>
	[BZ #487] This change is imported from gnulib.
	* time/mktime.c (not_equal_tm) [DEBUG]: Remove redundant check.

2004-10-24  Paul Eggert  <eggert@cs.ucla.edu>

	[BZ #473]
	* time/tst-mktime.c (main): Don't assume that mktime fails
	when given time stamps before 1970.  It returns negative
	time_t values instead, for compatibility with BSD.

	* time/tst-mktime2.c: New file.
	* time/Makefile (tests): Add it.

	[BZ #473] Import from gnulib.  Revamp to avoid several problems near
	time_t extrema, and on hosts with 64-bit time_t and 32-bit int.
	This fixes Debian bug 177940.
	* time/mktime.c (TIME_T_MIDPOINT): New macro.
	(ydhms_diff): Renamed from ydhms_tm_diff, with a new signature,
	which avoids overflow problems on hosts with 64-bit time_t and
	32-bit int.  All callers changed.  Now an inline function.
	Verify at compile-time that long int is wide enough to avoid
	these overflow problems.
	(guess_time_tm): New function.
	(__mktime_internal): Use it.  Avoid overflow when computing yday on
	hosts with 64-bit long and 32-bit int.  Remove tests for 69;
	no longer needed.  Use if rather than #ifdef for LEAP_SECONDS_POSSIBLE
	so that the code is checked by more compilers.
	Do not rely on floating point to probe: stick to integer arithmetic,
	to avoid potential porting problems.
	Repair potential overflow correctly in the Southern Hemisphere.
	(localtime_offset): Add a FIXME for the case where time_t is unsigned.
Diffstat (limited to 'time/mktime.c')
-rw-r--r--time/mktime.c338
1 files changed, 212 insertions, 126 deletions
diff --git a/time/mktime.c b/time/mktime.c
index 5cd4e9983e..72b20128a3 100644
--- a/time/mktime.c
+++ b/time/mktime.c
@@ -60,6 +60,7 @@
 #ifndef TIME_T_MAX
 # define TIME_T_MAX TYPE_MAXIMUM (time_t)
 #endif
+#define TIME_T_MIDPOINT (((TIME_T_MIN + TIME_T_MAX) >> 1) + 1)
 
 /* Verify a requirement at compile-time (unlike assert, which is runtime).  */
 #define verify(name, assertion) struct name { char a[(assertion) ? 1 : -1]; }
@@ -111,42 +112,74 @@ const unsigned short int __mon_yday[2][13] =
 # define __mktime_internal mktime_internal
 #endif
 
+/* Return an integer value measuring (YEAR1-YDAY1 HOUR1:MIN1:SEC1) -
+   (YEAR0-YDAY0 HOUR0:MIN0:SEC0) in seconds, assuming that the clocks
+   were not adjusted between the time stamps.
 
-/* Yield the difference between (YEAR-YDAY HOUR:MIN:SEC) and (*TP),
-   measured in seconds, ignoring leap seconds.
-   YEAR uses the same numbering as TM->tm_year.
-   All values are in range, except possibly YEAR.
-   If TP is null, return a nonzero value.
-   If overflow occurs, yield the low order bits of the correct answer.  */
+   The YEAR values uses the same numbering as TP->tm_year.  Values
+   need not be in the usual range.  However, YEAR1 must not be less
+   than 2 * INT_MIN or greater than 2 * INT_MAX.
+
+   The result may overflow.  It is the caller's responsibility to
+   detect overflow.  */
+
+static inline time_t
+ydhms_diff (long int year1, long int yday1, int hour1, int min1, int sec1,
+	    int year0, int yday0, int hour0, int min0, int sec0)
+{
+  verify (C99_integer_division, -1 / 2 == 0);
+  verify (long_int_year_and_yday_are_wide_enough,
+	  INT_MAX <= LONG_MAX / 2 || TIME_T_MAX <= UINT_MAX);
+
+  /* Compute intervening leap days correctly even if year is negative.
+     Take care to avoid integer overflow here.  */
+  int a4 = (year1 >> 2) + (TM_YEAR_BASE >> 2) - ! (year1 & 3);
+  int b4 = (year0 >> 2) + (TM_YEAR_BASE >> 2) - ! (year0 & 3);
+  int a100 = a4 / 25 - (a4 % 25 < 0);
+  int b100 = b4 / 25 - (b4 % 25 < 0);
+  int a400 = a100 >> 2;
+  int b400 = b100 >> 2;
+  int intervening_leap_days = (a4 - b4) - (a100 - b100) + (a400 - b400);
+
+  /* Compute the desired time in time_t precision.  Overflow might
+     occur here.  */
+  time_t tyear1 = year1;
+  time_t years = tyear1 - year0;
+  time_t days = 365 * years + yday1 - yday0 + intervening_leap_days;
+  time_t hours = 24 * days + hour1 - hour0;
+  time_t minutes = 60 * hours + min1 - min0;
+  time_t seconds = 60 * minutes + sec1 - sec0;
+  return seconds;
+}
+
+
+/* Return a time_t value corresponding to (YEAR-YDAY HOUR:MIN:SEC),
+   assuming that *T corresponds to *TP and that no clock adjustments
+   occurred between *TP and the desired time.
+   If TP is null, return a value not equal to *T; this avoids false matches.
+   If overflow occurs, yield the minimal or maximal value, except do not
+   yield a value equal to *T.  */
 static time_t
-ydhms_tm_diff (long int year, int yday, int hour, int min, int sec,
-	       const struct tm *tp)
+guess_time_tm (long int year, long int yday, int hour, int min, int sec,
+	       const time_t *t, const struct tm *tp)
 {
-  if (!tp)
-    return 1;
-  else
+  if (tp)
     {
-      verify (C99_integer_division, -1 / 2 == 0);
-
-      /* Compute intervening leap days correctly even if year is negative.
-	 Take care to avoid int overflow.  time_t overflow is OK, since
-	 only the low order bits of the correct time_t answer are needed.
-	 Don't convert to time_t until after all divisions are done, since
-	 time_t might be unsigned.  */
-      int a4 = (year >> 2) + (TM_YEAR_BASE >> 2) - ! (year & 3);
-      int b4 = (tp->tm_year >> 2) + (TM_YEAR_BASE >> 2) - ! (tp->tm_year & 3);
-      int a100 = a4 / 25 - (a4 % 25 < 0);
-      int b100 = b4 / 25 - (b4 % 25 < 0);
-      int a400 = a100 >> 2;
-      int b400 = b100 >> 2;
-      int intervening_leap_days = (a4 - b4) - (a100 - b100) + (a400 - b400);
-      time_t years = year - (time_t) tp->tm_year;
-      time_t days = (365 * years + intervening_leap_days
-		     + (yday - tp->tm_yday));
-      return (60 * (60 * (24 * days + (hour - tp->tm_hour))
-		    + (min - tp->tm_min))
-	      + (sec - tp->tm_sec));
+      time_t d = ydhms_diff (year, yday, hour, min, sec,
+			     tp->tm_year, tp->tm_yday,
+			     tp->tm_hour, tp->tm_min, tp->tm_sec);
+      time_t t1 = *t + d;
+      if ((t1 < *t) == (TYPE_SIGNED (time_t) ? d < 0 : TIME_T_MAX / 2 < d))
+	return t1;
     }
+
+  /* Overflow occurred one way or another.  Return the nearest result
+     that is actually in range, except don't report a zero difference
+     if the actual difference is nonzero, as that would cause a false
+     match.  */
+  return (*t < TIME_T_MIDPOINT
+	  ? TIME_T_MIN + (*t == TIME_T_MIN)
+	  : TIME_T_MAX - (*t == TIME_T_MAX));
 }
 
 /* Use CONVERT to convert *T to a broken down time in *TP.
@@ -199,13 +232,14 @@ ranged_convert (struct tm *(*convert) (const time_t *, struct tm *),
    the monotonic and mostly-unit-linear conversion function CONVERT.
    Use *OFFSET to keep track of a guess at the offset of the result,
    compared to what the result would be for UTC without leap seconds.
-   If *OFFSET's guess is correct, only one CONVERT call is needed.  */
+   If *OFFSET's guess is correct, only one CONVERT call is needed.
+   This function is external because it is used also by timegm.c.  */
 time_t
 __mktime_internal (struct tm *tp,
 		   struct tm *(*convert) (const time_t *, struct tm *),
 		   time_t *offset)
 {
-  time_t t, dt, t0, t1, t2;
+  time_t t, gt, t0, t1, t2;
   struct tm tm;
 
   /* The maximum number of probes (calls to CONVERT) should be enough
@@ -241,38 +275,95 @@ __mktime_internal (struct tm *tp,
 
   /* Calculate day of year from year, month, and day of month.
      The result need not be in range.  */
-  int yday = ((__mon_yday[leapyear (year)]
-	       [mon_remainder + 12 * negative_mon_remainder])
-	      + mday - 1);
+  int mon_yday = ((__mon_yday[leapyear (year)]
+		   [mon_remainder + 12 * negative_mon_remainder])
+		  - 1);
+  long int lmday = mday;
+  long int yday = mon_yday + lmday;
+
+  time_t guessed_offset = *offset;
 
   int sec_requested = sec;
 
-  /* Only years after 1970 are defined.
-     If year is 69, it might still be representable due to
-     timezone differences.  */
-  if (year < 69)
-    return -1;
-
-#if LEAP_SECONDS_POSSIBLE
-  /* Handle out-of-range seconds specially,
-     since ydhms_tm_diff assumes every minute has 60 seconds.  */
-  if (sec < 0)
-    sec = 0;
-  if (59 < sec)
-    sec = 59;
-#endif
+  if (LEAP_SECONDS_POSSIBLE)
+    {
+      /* Handle out-of-range seconds specially,
+	 since ydhms_tm_diff assumes every minute has 60 seconds.  */
+      if (sec < 0)
+	sec = 0;
+      if (59 < sec)
+	sec = 59;
+    }
 
-  /* Invert CONVERT by probing.  First assume the same offset as last time.
-     Then repeatedly use the error to improve the guess.  */
+  /* Invert CONVERT by probing.  First assume the same offset as last
+     time.  */
 
-  tm.tm_year = EPOCH_YEAR - TM_YEAR_BASE;
-  tm.tm_yday = tm.tm_hour = tm.tm_min = tm.tm_sec = 0;
-  t0 = ydhms_tm_diff (year, yday, hour, min, sec, &tm);
+  t0 = ydhms_diff (year, yday, hour, min, sec,
+		   EPOCH_YEAR - TM_YEAR_BASE, 0, 0, 0, - guessed_offset);
 
-  for (t = t1 = t2 = t0 + *offset, dst2 = 0;
-       (dt = ydhms_tm_diff (year, yday, hour, min, sec,
-			    ranged_convert (convert, &t, &tm)));
-       t1 = t2, t2 = t, t += dt, dst2 = tm.tm_isdst != 0)
+  if (TIME_T_MAX / INT_MAX / 366 / 24 / 60 / 60 < 3)
+    {
+      /* time_t isn't large enough to rule out overflows, so check
+	 for major overflows.  A gross check suffices, since if t0
+	 has overflowed, it is off by a multiple of TIME_T_MAX -
+	 TIME_T_MIN + 1.  So ignore any component of the difference
+	 that is bounded by a small value.  */
+
+      /* Approximate log base 2 of the number of time units per
+	 biennium.  A biennium is 2 years; use this unit instead of
+	 years to avoid integer overflow.  For example, 2 average
+	 Gregorian years are 2 * 365.2425 * 24 * 60 * 60 seconds,
+	 which is 63113904 seconds, and rint (log2 (63113904)) is
+	 26.  */
+      int ALOG2_SECONDS_PER_BIENNIUM = 26;
+      int ALOG2_MINUTES_PER_BIENNIUM = 20;
+      int ALOG2_HOURS_PER_BIENNIUM = 14;
+      int ALOG2_DAYS_PER_BIENNIUM = 10;
+      int LOG2_YEARS_PER_BIENNIUM = 1;
+
+      int approx_requested_biennia =
+	((year_requested >> LOG2_YEARS_PER_BIENNIUM)
+	 - ((EPOCH_YEAR - TM_YEAR_BASE) >> LOG2_YEARS_PER_BIENNIUM)
+	 + (mday >> ALOG2_DAYS_PER_BIENNIUM)
+	 + (hour >> ALOG2_HOURS_PER_BIENNIUM)
+	 + (min >> ALOG2_MINUTES_PER_BIENNIUM)
+	 + (LEAP_SECONDS_POSSIBLE ? 0 : sec >> ALOG2_SECONDS_PER_BIENNIUM));
+
+      int approx_biennia = t0 >> ALOG2_SECONDS_PER_BIENNIUM;
+      int diff = approx_biennia - approx_requested_biennia;
+      int abs_diff = diff < 0 ? - diff : diff;
+
+      /* IRIX 4.0.5 cc miscaculates TIME_T_MIN / 3: it erroneously
+	 gives a positive value of 715827882.  Setting a variable
+	 first then doing math on it seems to work.
+	 (ghazi@caip.rutgers.edu) */
+      time_t time_t_max = TIME_T_MAX;
+      time_t time_t_min = TIME_T_MIN;
+      time_t overflow_threshold =
+	(time_t_max / 3 - time_t_min / 3) >> ALOG2_SECONDS_PER_BIENNIUM;
+
+      if (overflow_threshold < abs_diff)
+	{
+	  /* Overflow occurred.  Try repairing it; this might work if
+	     the time zone offset is enough to undo the overflow.  */
+	  time_t repaired_t0 = -1 - t0;
+	  approx_biennia = repaired_t0 >> ALOG2_SECONDS_PER_BIENNIUM;
+	  diff = approx_biennia - approx_requested_biennia;
+	  abs_diff = diff < 0 ? - diff : diff;
+	  if (overflow_threshold < abs_diff)
+	    return -1;
+	  guessed_offset += repaired_t0 - t0;
+	  t0 = repaired_t0;
+	}
+    }
+
+  /* Repeatedly use the error to improve the guess.  */
+
+  for (t = t1 = t2 = t0, dst2 = 0;
+       (gt = guess_time_tm (year, yday, hour, min, sec, &t,
+			    ranged_convert (convert, &t, &tm)),
+	t != gt);
+       t1 = t2, t2 = t, t = gt, dst2 = tm.tm_isdst != 0)
     if (t == t1 && t != t2
 	&& (tm.tm_isdst < 0
 	    || (isdst < 0
@@ -280,91 +371,83 @@ __mktime_internal (struct tm *tp,
 		: (isdst != 0) != (tm.tm_isdst != 0))))
       /* We can't possibly find a match, as we are oscillating
 	 between two values.  The requested time probably falls
-	 within a spring-forward gap of size DT.  Follow the common
-	 practice in this case, which is to return a time that is DT
+	 within a spring-forward gap of size GT - T.  Follow the common
+	 practice in this case, which is to return a time that is GT - T
 	 away from the requested time, preferring a time whose
 	 tm_isdst differs from the requested value.  (If no tm_isdst
 	 was requested and only one of the two values has a nonzero
 	 tm_isdst, prefer that value.)  In practice, this is more
 	 useful than returning -1.  */
-      break;
+      goto offset_found;
     else if (--remaining_probes == 0)
       return -1;
 
-  /* If we have a match, check whether tm.tm_isdst has the requested
+  /* We have a match.  Check whether tm.tm_isdst has the requested
      value, if any.  */
-  if (dt == 0 && isdst != tm.tm_isdst && 0 <= isdst && 0 <= tm.tm_isdst)
+  if (isdst != tm.tm_isdst && 0 <= isdst && 0 <= tm.tm_isdst)
     {
       /* tm.tm_isdst has the wrong value.  Look for a neighboring
 	 time with the right value, and use its UTC offset.
-	 Heuristic: probe the previous three calendar quarters (approximately),
-	 looking for the desired isdst.  This isn't perfect,
-	 but it's good enough in practice.  */
-      int quarter = 7889238; /* seconds per average 1/4 Gregorian year */
-      int i;
-
-      /* If we're too close to the time_t limit, look in future quarters.  */
-      if (t < TIME_T_MIN + 3 * quarter)
-	quarter = -quarter;
 
-      for (i = 1; i <= 3; i++)
-	{
-	  time_t ot = t - i * quarter;
-	  struct tm otm;
-	  ranged_convert (convert, &ot, &otm);
-	  if (otm.tm_isdst == isdst)
-	    {
-	      /* We found the desired tm_isdst.
-		 Extrapolate back to the desired time.  */
-	      t = ot + ydhms_tm_diff (year, yday, hour, min, sec, &otm);
-	      ranged_convert (convert, &t, &tm);
-	      break;
-	    }
-	}
+	 Heuristic: probe the adjacent timestamps in both directions,
+	 looking for the desired isdst.  This should work for all real
+	 time zone histories in the tz database.  */
+
+      /* Distance between probes when looking for a DST boundary.  In
+	 tzdata2003a, the shortest period of DST is 601200 seconds
+	 (e.g., America/Recife starting 2000-10-08 01:00), and the
+	 shortest period of non-DST surrounded by DST is 694800
+	 seconds (Africa/Tunis starting 1943-04-17 01:00).  Use the
+	 minimum of these two values, so we don't miss these short
+	 periods when probing.  */
+      int stride = 601200;
+
+      /* The longest period of DST in tzdata2003a is 536454000 seconds
+	 (e.g., America/Jujuy starting 1946-10-01 01:00).  The longest
+	 period of non-DST is much longer, but it makes no real sense
+	 to search for more than a year of non-DST, so use the DST
+	 max.  */
+      int duration_max = 536454000;
+
+      /* Search in both directions, so the maximum distance is half
+	 the duration; add the stride to avoid off-by-1 problems.  */
+      int delta_bound = duration_max / 2 + stride;
+
+      int delta, direction;
+
+      for (delta = stride; delta < delta_bound; delta += stride)
+	for (direction = -1; direction <= 1; direction += 2)
+	  {
+	    time_t ot = t + delta * direction;
+	    if ((ot < t) == (direction < 0))
+	      {
+		struct tm otm;
+		ranged_convert (convert, &ot, &otm);
+		if (otm.tm_isdst == isdst)
+		  {
+		    /* We found the desired tm_isdst.
+		       Extrapolate back to the desired time.  */
+		    t = guess_time_tm (year, yday, hour, min, sec, &ot, &otm);
+		    ranged_convert (convert, &t, &tm);
+		    goto offset_found;
+		  }
+	      }
+	  }
     }
 
-  *offset = t - t0;
+ offset_found:
+  *offset = guessed_offset + t - t0;
 
-#if LEAP_SECONDS_POSSIBLE
-  if (sec_requested != tm.tm_sec)
+  if (LEAP_SECONDS_POSSIBLE && sec_requested != tm.tm_sec)
     {
       /* Adjust time to reflect the tm_sec requested, not the normalized value.
 	 Also, repair any damage from a false match due to a leap second.  */
-      t += sec_requested - sec + (sec == 0 && tm.tm_sec == 60);
-      if (! (*convert) (&t, &tm))
-	return -1;
-    }
-#endif
-
-  if (TIME_T_MAX / INT_MAX / 366 / 24 / 60 / 60 < 3)
-    {
-      /* time_t isn't large enough to rule out overflows in ydhms_tm_diff,
-	 so check for major overflows.  A gross check suffices,
-	 since if t has overflowed, it is off by a multiple of
-	 TIME_T_MAX - TIME_T_MIN + 1.  So ignore any component of
-	 the difference that is bounded by a small value.  */
-
-      double dyear = (double) year_requested + mon_years - tm.tm_year;
-      double dday = 366 * dyear + mday;
-      double dsec = 60 * (60 * (24 * dday + hour) + min) + sec_requested;
-
-      /* On Irix4.0.5 cc, dividing TIME_T_MIN by 3 does not produce
-	 correct results, ie., it erroneously gives a positive value
-	 of 715827882.  Setting a variable first then doing math on it
-	 seems to work.  (ghazi@caip.rutgers.edu) */
-
-      const time_t time_t_max = TIME_T_MAX;
-      const time_t time_t_min = TIME_T_MIN;
-
-      if (time_t_max / 3 - time_t_min / 3 < (dsec < 0 ? - dsec : dsec))
-	return -1;
-    }
-
-  if (year == 69)
-    {
-      /* If year was 69, need to check whether the time was representable
-	 or not.  */
-      if (t < 0 || t > 2 * 24 * 60 * 60)
+      int sec_adjustment = (sec == 0 && tm.tm_sec == 60) - sec;
+      t1 = t + sec_requested;
+      t2 = t1 + sec_adjustment;
+      if (((t1 < t) != (sec_requested < 0))
+	  | ((t2 < t1) != (sec_adjustment < 0))
+	  | ! (*convert) (&t, &tm))
 	return -1;
     }
 
@@ -373,6 +456,10 @@ __mktime_internal (struct tm *tp,
 }
 
 
+/* FIXME: This should use a signed type wide enough to hold any UTC
+   offset in seconds.  'int' should be good enough for GNU code.  We
+   can't fix this unilaterally though, as other modules invoke
+   __mktime_internal.  */
 static time_t localtime_offset;
 
 /* Convert *TP to a time_t value.  */
@@ -409,7 +496,6 @@ not_equal_tm (const struct tm *a, const struct tm *b)
 	  | (a->tm_mday ^ b->tm_mday)
 	  | (a->tm_mon ^ b->tm_mon)
 	  | (a->tm_year ^ b->tm_year)
-	  | (a->tm_mday ^ b->tm_mday)
 	  | (a->tm_yday ^ b->tm_yday)
 	  | (a->tm_isdst ^ b->tm_isdst));
 }