mirrors/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-28 04:03:35 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
e740e5b1f0
glibc/time/difftime.c
Albert ARIBAUD (3ADEV) ac253355ba Y2038: make __difftime compatible with 64-bit time 
Provide a 64-bit-time version of __difftime (but do not assume
__time64_t is a signed int so that Gnulib can reuse the code)
and make the 32-bit version a wrapper of it.

Current difftime expects two time_t arguments and returns a
double. To preserve source-code compatibility, its 64-bit-time
equivalent expects two __time64_t arguments but still returns
a double.

This patch was tested by running 'make check' on branch
master then applying this patch and its two predecessors and
running 'make check' again, and checking that both 'make check'
yield identical results. This was done on x86_64-linux-gnu and
i686-linux-gnu.

This patch was also functionally tested with an ad hoc userland
C program which checks the result of difftime for various pairs
of 32-bit and, for 64-bit builds, of 64-bit time_t values too.
The program was built and run against a glibc with and without
the patch, and the results compared to ensure the patch does
not change the behavior of difftime.

* include/time.h (__difftime64): Add.
* time/difftime.c (subtract): convert to 64-bit time.
* time/difftime.c (__difftime64): Add.
* time/difftime.c (__difftime): Wrap around __difftime64.
2018-12-20 22:16:55 +01:00

137 lines
4.1 KiB
C
Raw Blame History

/* Copyright (C) 1991-2018 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
/* Written by Paul Eggert <eggert@cs.ucla.edu>. */
#include <time.h>
#include <limits.h>
#include <float.h>
#include <stdint.h>
#define TYPE_BITS(type) (sizeof (type) * CHAR_BIT)
#define TYPE_FLOATING(type) ((type) 0.5 == 0.5)
#define TYPE_SIGNED(type) ((type) -1 < 0)
/* Return the difference between TIME1 and TIME0, where TIME0 <= TIME1.
time_t is known to be an integer type. */
static double
subtract (__time64_t time1, __time64_t time0)
{
if (! TYPE_SIGNED (__time64_t))
return time1 - time0;
else
{
/* Optimize the common special cases where time_t
can be converted to uintmax_t without losing information. */
uintmax_t dt = (uintmax_t) time1 - (uintmax_t) time0;
double delta = dt;
if (UINTMAX_MAX / 2 < INTMAX_MAX)
{
/* This is a rare host where uintmax_t has padding bits, and possibly
information was lost when converting time_t to uintmax_t.
Check for overflow by comparing dt/2 to (time1/2 - time0/2).
Overflow occurred if they differ by more than a small slop.
Thanks to Clive D.W. Feather for detailed technical advice about
hosts with padding bits.
In the following code the "h" prefix means half. By range
analysis, we have:
-0.5 <= ht1 - 0.5*time1 <= 0.5
-0.5 <= ht0 - 0.5*time0 <= 0.5
-1.0 <= dht - 0.5*(time1 - time0) <= 1.0
If overflow has not occurred, we also have:
-0.5 <= hdt - 0.5*(time1 - time0) <= 0
-1.0 <= dht - hdt <= 1.5
and since dht - hdt is an integer, we also have:
-1 <= dht - hdt <= 1
or equivalently:
0 <= dht - hdt + 1 <= 2
In the above analysis, all the operators have their exact
mathematical semantics, not C semantics. However, dht - hdt +
1 is unsigned in C, so it need not be compared to zero. */
uintmax_t hdt = dt / 2;
__time64_t ht1 = time1 / 2;
__time64_t ht0 = time0 / 2;
__time64_t dht = ht1 - ht0;
if (2 < dht - hdt + 1)
{
/* Repair delta overflow.
The following expression contains a second rounding,
so the result may not be the closest to the true answer.
This problem occurs only with very large differences.
It's too painful to fix this portably. */
delta = dt + 2.0L * (UINTMAX_MAX - UINTMAX_MAX / 2);
}
}
return delta;
}
}
/* Return the difference between TIME1 and TIME0. */
double
__difftime64 (__time64_t time1, __time64_t time0)
{
/* Convert to double and then subtract if no double-rounding error could
result. */
if (TYPE_BITS (__time64_t) <= DBL_MANT_DIG
|| (TYPE_FLOATING (__time64_t) && sizeof (__time64_t) < sizeof (long double)))
return (double) time1 - (double) time0;
/* Likewise for long double. */
if (TYPE_BITS (__time64_t) <= LDBL_MANT_DIG || TYPE_FLOATING (__time64_t))
return (long double) time1 - (long double) time0;
/* Subtract the smaller integer from the larger, convert the difference to
double, and then negate if needed. */
return time1 < time0 ? - subtract (time0, time1) : subtract (time1, time0);
}
/* Provide a 32-bit wrapper if needed. */
#if __TIMESIZE != 64
libc_hidden_def (__difftime64)
double
__difftime (time_t time1, time_t time0)
{
return __difftime64 (time1, time0);
}
#endif
strong_alias (__difftime, difftime)
Reference in New Issue View Git Blame Copy Permalink