mirrors/emacs
1
Fork 0
mirror of git://git.sv.gnu.org/emacs.git synced 2025-12-06 06:20:55 -08:00
Code Issues Projects Releases Wiki Activity

Sync from gnulib

Browse source 
This incorporates:
2016-05-01 mktime: port to stricter signed overflow checking
2016-05-01 mktime: speed up DEBUG_MKTIME benchmarks
2016-05-01 mktime: resurrect DEBUG_MKTIME testing
2016-05-01 mktime: simplify DEBUG_MKTIME
2016-05-01 Port mktime_internal offset to unsigned time_t
2016-04-27 xstrtol: prohibit monstrosities like "1bB"
2016-04-13 mktime: improve integer overflow checking
2016-04-13 intprops: check two's complement assumption
2016-04-13 intprops, mktime, strtol: assume two's complement
* lib/intprops.h, lib/mktime-internal.h, lib/mktime.c:
* lib/strtol.c, lib/timegm.c, m4/mktime.m4, m4/std-gnu11.m4:
Copy from gnulib.
This commit is contained in:
Paul Eggert 2016-05-01 18:36:38 -07:00
parent 13f4efb0fd
commit 3707f609cb
7 changed files with 263 additions and 339 deletions
Download patch file Download diff file Expand all files Collapse all files

45
lib/intprops.h
View file

@ -21,6 +21,7 @@
#define _GL_INTPROPS_H #define _GL_INTPROPS_H
#include <limits.h> #include <limits.h>
#include <verify.h>
/* Return a value with the common real type of E and V and the value of V. */ /* Return a value with the common real type of E and V and the value of V. */
#define _GL_INT_CONVERT(e, v) (0 * (e) + (v)) #define _GL_INT_CONVERT(e, v) (0 * (e) + (v))
@ -36,17 +37,6 @@
an integer. */ an integer. */
#define TYPE_IS_INTEGER(t) ((t) 1.5 == 1) #define TYPE_IS_INTEGER(t) ((t) 1.5 == 1)
/* True if negative values of the signed integer type T use two's
complement, ones' complement, or signed magnitude representation,
respectively. Much GNU code assumes two's complement, but some
people like to be portable to all possible C hosts. */
#define TYPE_TWOS_COMPLEMENT(t) ((t) ~ (t) 0 == (t) -1)
#define TYPE_ONES_COMPLEMENT(t) ((t) ~ (t) 0 == 0)
#define TYPE_SIGNED_MAGNITUDE(t) ((t) ~ (t) 0 < (t) -1)
/* True if the signed integer expression E uses two's complement. */
#define _GL_INT_TWOS_COMPLEMENT(e) (~ _GL_INT_CONVERT (e, 0) == -1)
/* True if the real type T is signed. */ /* True if the real type T is signed. */
#define TYPE_SIGNED(t) (! ((t) 0 < (t) -1)) #define TYPE_SIGNED(t) (! ((t) 0 < (t) -1))
@ -55,18 +45,10 @@
#define EXPR_SIGNED(e) (_GL_INT_NEGATE_CONVERT (e, 1) < 0) #define EXPR_SIGNED(e) (_GL_INT_NEGATE_CONVERT (e, 1) < 0)
/* Minimum and maximum values for integer types and expressions. These /* Minimum and maximum values for integer types and expressions. */
macros have undefined behavior if T is signed and has padding bits.
If this is a problem for you, please let us know how to fix it for
your host. */
/* The maximum and minimum values for the integer type T. */ /* The maximum and minimum values for the integer type T. */
#define TYPE_MINIMUM(t) \ #define TYPE_MINIMUM(t) ((t) ~ TYPE_MAXIMUM (t))
((t) (! TYPE_SIGNED (t) \
? (t) 0 \
: TYPE_SIGNED_MAGNITUDE (t) \
? ~ (t) 0 \
: ~ TYPE_MAXIMUM (t)))
#define TYPE_MAXIMUM(t) \ #define TYPE_MAXIMUM(t) \
((t) (! TYPE_SIGNED (t) \ ((t) (! TYPE_SIGNED (t) \
? (t) -1 \ ? (t) -1 \
@ -76,7 +58,7 @@
after integer promotion. E should not have side effects. */ after integer promotion. E should not have side effects. */
#define _GL_INT_MINIMUM(e) \ #define _GL_INT_MINIMUM(e) \
(EXPR_SIGNED (e) \ (EXPR_SIGNED (e) \
? - _GL_INT_TWOS_COMPLEMENT (e) - _GL_SIGNED_INT_MAXIMUM (e) \ ? ~ _GL_SIGNED_INT_MAXIMUM (e) \
: _GL_INT_CONVERT (e, 0)) : _GL_INT_CONVERT (e, 0))
#define _GL_INT_MAXIMUM(e) \ #define _GL_INT_MAXIMUM(e) \
(EXPR_SIGNED (e) \ (EXPR_SIGNED (e) \
@ -85,8 +67,25 @@
#define _GL_SIGNED_INT_MAXIMUM(e) \ #define _GL_SIGNED_INT_MAXIMUM(e) \
(((_GL_INT_CONVERT (e, 1) << (sizeof ((e) + 0) * CHAR_BIT - 2)) - 1) * 2 + 1) (((_GL_INT_CONVERT (e, 1) << (sizeof ((e) + 0) * CHAR_BIT - 2)) - 1) * 2 + 1)
/* This include file assumes that signed types are two's complement without
padding bits; the above macros have undefined behavior otherwise.
If this is a problem for you, please let us know how to fix it for your host.
As a sanity check, test the assumption for some signed types that
<limits.h> bounds. */
verify (TYPE_MINIMUM (signed char) == SCHAR_MIN);
verify (TYPE_MAXIMUM (signed char) == SCHAR_MAX);
verify (TYPE_MINIMUM (short int) == SHRT_MIN);
verify (TYPE_MAXIMUM (short int) == SHRT_MAX);
verify (TYPE_MINIMUM (int) == INT_MIN);
verify (TYPE_MAXIMUM (int) == INT_MAX);
verify (TYPE_MINIMUM (long int) == LONG_MIN);
verify (TYPE_MAXIMUM (long int) == LONG_MAX);
#ifdef LLONG_MAX
verify (TYPE_MINIMUM (long long int) == LLONG_MIN);
verify (TYPE_MAXIMUM (long long int) == LLONG_MAX);
#endif
/* Return 1 if the __typeof__ keyword works. This could be done by /* Does the __typeof__ keyword work? This could be done by
'configure', but for now it's easier to do it by hand. */ 'configure', but for now it's easier to do it by hand. */
#if (2 <= __GNUC__ || defined __IBM__TYPEOF__ \ #if (2 <= __GNUC__ || defined __IBM__TYPEOF__ \
|| (0x5110 <= __SUNPRO_C && !__STDC__)) || (0x5110 <= __SUNPRO_C && !__STDC__))

35
lib/mktime-internal.h
View file

@ -1,4 +1,37 @@
/* mktime variant that also uses an offset guess
Copyright 2016 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation; either
version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public
License along with this program; if not, see
<http://www.gnu.org/licenses/>. */
#include <time.h> #include <time.h>
/* mktime_offset_t is a signed type wide enough to hold a UTC offset
in seconds, and used as part of the type of the offset-guess
argument to mktime_internal. Use time_t on platforms where time_t
is signed, to be compatible with platforms like BeOS that export
this implementation detail of mktime. On platforms where time_t is
unsigned, GNU and POSIX code can assume 'int' is at least 32 bits
which is wide enough for a UTC offset. */
#if TIME_T_IS_SIGNED
typedef time_t mktime_offset_t;
#else
typedef int mktime_offset_t;
#endif
time_t mktime_internal (struct tm *, time_t mktime_internal (struct tm *,
struct tm * (*) (time_t const *, struct tm *), struct tm * (*) (time_t const *, struct tm *),
time_t *); mktime_offset_t *);

455
lib/mktime.c
View file

@ -17,11 +17,13 @@
License along with the GNU C Library; if not, see License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
/* Define this to have a standalone program to test this implementation of /* Define this to 1 to have a standalone program to test this implementation of
mktime. */ mktime. */
/* #define DEBUG_MKTIME 1 */ #ifndef DEBUG_MKTIME
# define DEBUG_MKTIME 0
#endif
#ifndef _LIBC #if !defined _LIBC && !DEBUG_MKTIME
# include <config.h> # include <config.h>
#endif #endif
@ -35,114 +37,76 @@
#include <time.h> #include <time.h>
#include <limits.h> #include <limits.h>
#include <stdbool.h>
#include <string.h> /* For the real memcpy prototype. */ #include <intprops.h>
#include <verify.h>
#if defined DEBUG_MKTIME && DEBUG_MKTIME #if DEBUG_MKTIME
# include <stdio.h> # include <stdio.h>
# include <stdlib.h> # include <stdlib.h>
# include <string.h>
/* Make it work even if the system's libc has its own mktime routine. */ /* Make it work even if the system's libc has its own mktime routine. */
# undef mktime # undef mktime
# define mktime my_mktime # define mktime my_mktime
#endif /* DEBUG_MKTIME */
/* Some of the code in this file assumes that signed integer overflow
silently wraps around. This assumption can't easily be programmed
around, nor can it be checked for portably at compile-time or
easily eliminated at run-time.
Define WRAPV to 1 if the assumption is valid and if
#pragma GCC optimize ("wrapv")
does not trigger GCC bug 51793
<http://gcc.gnu.org/bugzilla/show_bug.cgi?id=51793>.
Otherwise, define it to 0; this forces the use of slower code that,
while not guaranteed by the C Standard, works on all production
platforms that we know about. */
#ifndef WRAPV
# if (((__GNUC__ == 4 && 4 <= __GNUC_MINOR__) || 4 < __GNUC__) \
&& defined __GLIBC__)
# pragma GCC optimize ("wrapv")
# define WRAPV 1
# else
# define WRAPV 0
# endif
#endif #endif
/* Verify a requirement at compile-time (unlike assert, which is runtime). */ /* A signed type that can represent an integer number of years
#define verify(name, assertion) struct name { char a[(assertion) ? 1 : -1]; } multiplied by three times the number of seconds in a year. It is
needed when converting a tm_year value times the number of seconds
in a year. The factor of three comes because these products need
to be subtracted from each other, and sometimes with an offset
added to them, without worrying about overflow.
/* A signed type that is at least one bit wider than int. */ Much of the code uses long_int to represent time_t values, to
#if INT_MAX <= LONG_MAX / 2 lessen the hassle of dealing with platforms where time_t is
unsigned, and because long_int should suffice to represent all
time_t values that mktime can generate even on platforms where
time_t is excessively wide. */
#if INT_MAX <= LONG_MAX / 3 / 366 / 24 / 60 / 60
typedef long int long_int; typedef long int long_int;
#else #else
typedef long long int long_int; typedef long long int long_int;
#endif #endif
verify (long_int_is_wide_enough, INT_MAX == INT_MAX * (long_int) 2 / 2); verify (INT_MAX <= TYPE_MAXIMUM (long_int) / 3 / 366 / 24 / 60 / 60);
/* Shift A right by B bits portably, by dividing A by 2**B and /* Shift A right by B bits portably, by dividing A by 2**B and
truncating towards minus infinity. A and B should be free of side truncating towards minus infinity. B should be in the range 0 <= B
effects, and B should be in the range 0 <= B <= INT_BITS - 2, where <= LONG_INT_BITS - 2, where LONG_INT_BITS is the number of useful
INT_BITS is the number of useful bits in an int. GNU code can bits in a long_int. LONG_INT_BITS is at least 32.
assume that INT_BITS is at least 32.
ISO C99 says that A >> B is implementation-defined if A < 0. Some ISO C99 says that A >> B is implementation-defined if A < 0. Some
implementations (e.g., UNICOS 9.0 on a Cray Y-MP EL) don't shift implementations (e.g., UNICOS 9.0 on a Cray Y-MP EL) don't shift
right in the usual way when A < 0, so SHR falls back on division if right in the usual way when A < 0, so SHR falls back on division if
ordinary A >> B doesn't seem to be the usual signed shift. */ ordinary A >> B doesn't seem to be the usual signed shift. */
#define SHR(a, b) \
((-1 >> 1 == -1 \
&& (long_int) -1 >> 1 == -1 \
&& ((time_t) -1 >> 1 == -1 || ! TYPE_SIGNED (time_t))) \
? (a) >> (b) \
: (a) / (1 << (b)) - ((a) % (1 << (b)) < 0))
/* The extra casts in the following macros work around compiler bugs, static long_int
e.g., in Cray C 5.0.3.0. */ shr (long_int a, int b)
{
long_int one = 1;
return (-one >> 1 == -1
? a >> b
: a / (one << b) - (a % (one << b) < 0));
}
/* True if the arithmetic type T is an integer type. bool counts as /* Bounds for the intersection of time_t and long_int. */
an integer. */
#define TYPE_IS_INTEGER(t) ((t) 1.5 == 1)
/* True if negative values of the signed integer type T use two's static long_int const mktime_min
complement, or if T is an unsigned integer type. */ = ((TYPE_SIGNED (time_t) && TYPE_MINIMUM (time_t) < TYPE_MINIMUM (long_int))
#define TYPE_TWOS_COMPLEMENT(t) ((t) ~ (t) 0 == (t) -1) ? TYPE_MINIMUM (long_int) : TYPE_MINIMUM (time_t));
static long_int const mktime_max
= (TYPE_MAXIMUM (long_int) < TYPE_MAXIMUM (time_t)
? TYPE_MAXIMUM (long_int) : TYPE_MAXIMUM (time_t));
/* True if the arithmetic type T is signed. */ verify (TYPE_IS_INTEGER (time_t));
#define TYPE_SIGNED(t) (! ((t) 0 < (t) -1))
/* The maximum and minimum values for the integer type T. These
macros have undefined behavior if T is signed and has padding bits.
If this is a problem for you, please let us know how to fix it for
your host. */
#define TYPE_MINIMUM(t) \
((t) (! TYPE_SIGNED (t) \
? (t) 0 \
: ~ TYPE_MAXIMUM (t)))
#define TYPE_MAXIMUM(t) \
((t) (! TYPE_SIGNED (t) \
? (t) -1 \
: ((((t) 1 << (sizeof (t) * CHAR_BIT - 2)) - 1) * 2 + 1)))
#ifndef TIME_T_MIN
# define TIME_T_MIN TYPE_MINIMUM (time_t)
#endif
#ifndef TIME_T_MAX
# define TIME_T_MAX TYPE_MAXIMUM (time_t)
#endif
#define TIME_T_MIDPOINT (SHR (TIME_T_MIN + TIME_T_MAX, 1) + 1)
verify (time_t_is_integer, TYPE_IS_INTEGER (time_t));
verify (twos_complement_arithmetic,
(TYPE_TWOS_COMPLEMENT (int)
&& TYPE_TWOS_COMPLEMENT (long_int)
&& TYPE_TWOS_COMPLEMENT (time_t)));
#define EPOCH_YEAR 1970 #define EPOCH_YEAR 1970
#define TM_YEAR_BASE 1900 #define TM_YEAR_BASE 1900
verify (base_year_is_a_multiple_of_100, TM_YEAR_BASE % 100 == 0); verify (TM_YEAR_BASE % 100 == 0);
/* Return 1 if YEAR + TM_YEAR_BASE is a leap year. */ /* Is YEAR + TM_YEAR_BASE a leap year? */
static int static bool
leapyear (long_int year) leapyear (long_int year)
{ {
/* Don't add YEAR to TM_YEAR_BASE, as that might overflow. /* Don't add YEAR to TM_YEAR_BASE, as that might overflow.
@ -166,7 +130,9 @@ const unsigned short int __mon_yday[2][13] =
}; };
#ifndef _LIBC #ifdef _LIBC
typedef time_t mktime_offset_t;
#else
/* Portable standalone applications should supply a <time.h> that /* Portable standalone applications should supply a <time.h> that
declares a POSIX-compliant localtime_r, for the benefit of older declares a POSIX-compliant localtime_r, for the benefit of older
implementations that lack localtime_r or have a nonstandard one. implementations that lack localtime_r or have a nonstandard one.
@ -177,9 +143,9 @@ const unsigned short int __mon_yday[2][13] =
# include "mktime-internal.h" # include "mktime-internal.h"
#endif #endif
/* Return 1 if the values A and B differ according to the rules for /* Do the values A and B differ according to the rules for tm_isdst?
tm_isdst: A and B differ if one is zero and the other positive. */ A and B differ if one is zero and the other positive. */
static int static bool
isdst_differ (int a, int b) isdst_differ (int a, int b)
{ {
return (!a != !b) && (0 <= a) && (0 <= b); return (!a != !b) && (0 <= a) && (0 <= b);
@ -190,104 +156,65 @@ isdst_differ (int a, int b)
were not adjusted between the time stamps. were not adjusted between the time stamps.
The YEAR values uses the same numbering as TP->tm_year. Values The YEAR values uses the same numbering as TP->tm_year. Values
need not be in the usual range. However, YEAR1 must not be less need not be in the usual range. However, YEAR1 must not overflow
than 2 * INT_MIN or greater than 2 * INT_MAX. when multiplied by three times the number of seconds in a year, and
likewise for YDAY1 and three times the number of seconds in a day. */
The result may overflow. It is the caller's responsibility to static long_int
detect overflow. */
static time_t
ydhms_diff (long_int year1, long_int yday1, int hour1, int min1, int sec1, ydhms_diff (long_int year1, long_int yday1, int hour1, int min1, int sec1,
int year0, int yday0, int hour0, int min0, int sec0) int year0, int yday0, int hour0, int min0, int sec0)
{ {
verify (C99_integer_division, -1 / 2 == 0); verify (-1 / 2 == 0);
/* Compute intervening leap days correctly even if year is negative. /* Compute intervening leap days correctly even if year is negative.
Take care to avoid integer overflow here. */ Take care to avoid integer overflow here. */
int a4 = SHR (year1, 2) + SHR (TM_YEAR_BASE, 2) - ! (year1 & 3); int a4 = shr (year1, 2) + shr (TM_YEAR_BASE, 2) - ! (year1 & 3);
int b4 = SHR (year0, 2) + SHR (TM_YEAR_BASE, 2) - ! (year0 & 3); int b4 = shr (year0, 2) + shr (TM_YEAR_BASE, 2) - ! (year0 & 3);
int a100 = a4 / 25 - (a4 % 25 < 0); int a100 = a4 / 25 - (a4 % 25 < 0);
int b100 = b4 / 25 - (b4 % 25 < 0); int b100 = b4 / 25 - (b4 % 25 < 0);
int a400 = SHR (a100, 2); int a400 = shr (a100, 2);
int b400 = SHR (b100, 2); int b400 = shr (b100, 2);
int intervening_leap_days = (a4 - b4) - (a100 - b100) + (a400 - b400); int intervening_leap_days = (a4 - b4) - (a100 - b100) + (a400 - b400);
/* Compute the desired time in time_t precision. Overflow might /* Compute the desired time without overflowing. */
occur here. */ long_int years = year1 - year0;
time_t tyear1 = year1; long_int days = 365 * years + yday1 - yday0 + intervening_leap_days;
time_t years = tyear1 - year0; long_int hours = 24 * days + hour1 - hour0;
time_t days = 365 * years + yday1 - yday0 + intervening_leap_days; long_int minutes = 60 * hours + min1 - min0;
time_t hours = 24 * days + hour1 - hour0; long_int seconds = 60 * minutes + sec1 - sec0;
time_t minutes = 60 * hours + min1 - min0;
time_t seconds = 60 * minutes + sec1 - sec0;
return seconds; return seconds;
} }
/* Return the average of A and B, even if A + B would overflow. */ /* Return the average of A and B, even if A + B would overflow.
static time_t Round toward positive infinity. */
time_t_avg (time_t a, time_t b) static long_int
long_int_avg (long_int a, long_int b)
{ {
return SHR (a, 1) + SHR (b, 1) + (a & b & 1); return shr (a, 1) + shr (b, 1) + ((a | b) & 1);
}
/* Return 1 if A + B does not overflow. If time_t is unsigned and if
B's top bit is set, assume that the sum represents A - -B, and
return 1 if the subtraction does not wrap around. */
static int
time_t_add_ok (time_t a, time_t b)
{
if (! TYPE_SIGNED (time_t))
{
time_t sum = a + b;
return (sum < a) == (TIME_T_MIDPOINT <= b);
}
else if (WRAPV)
{
time_t sum = a + b;
return (sum < a) == (b < 0);
}
else
{
time_t avg = time_t_avg (a, b);
return TIME_T_MIN / 2 <= avg && avg <= TIME_T_MAX / 2;
}
}
/* Return 1 if A + B does not overflow. */
static int
time_t_int_add_ok (time_t a, int b)
{
verify (int_no_wider_than_time_t, INT_MAX <= TIME_T_MAX);
if (WRAPV)
{
time_t sum = a + b;
return (sum < a) == (b < 0);
}
else
{
int a_odd = a & 1;
time_t avg = SHR (a, 1) + (SHR (b, 1) + (a_odd & b));
return TIME_T_MIN / 2 <= avg && avg <= TIME_T_MAX / 2;
}
} }
/* Return a time_t value corresponding to (YEAR-YDAY HOUR:MIN:SEC), /* Return a time_t value corresponding to (YEAR-YDAY HOUR:MIN:SEC),
assuming that *T corresponds to *TP and that no clock adjustments assuming that T corresponds to *TP and that no clock adjustments
occurred between *TP and the desired time. occurred between *TP and the desired time.
If TP is null, return a value not equal to *T; this avoids false matches. Although T and the returned value are of type long_int,
If overflow occurs, yield the minimal or maximal value, except do not they represent time_t values and must be in time_t range.
yield a value equal to *T. */ If TP is null, return a value not equal to T; this avoids false matches.
static time_t YEAR and YDAY must not be so large that multiplying them by three times the
number of seconds in a year (or day, respectively) would overflow long_int.
If the returned value would be out of range, yield the minimal or
maximal in-range value, except do not yield a value equal to T. */
static long_int
guess_time_tm (long_int year, long_int yday, int hour, int min, int sec, guess_time_tm (long_int year, long_int yday, int hour, int min, int sec,
const time_t *t, const struct tm *tp) long_int t, const struct tm *tp)
{ {
if (tp) if (tp)
{ {
time_t d = ydhms_diff (year, yday, hour, min, sec, long_int result;
tp->tm_year, tp->tm_yday, long_int d = ydhms_diff (year, yday, hour, min, sec,
tp->tm_hour, tp->tm_min, tp->tm_sec); tp->tm_year, tp->tm_yday,
if (time_t_add_ok (*t, d)) tp->tm_hour, tp->tm_min, tp->tm_sec);
return *t + d; if (! INT_ADD_WRAPV (t, d, &result))
return result;
} }
/* Overflow occurred one way or another. Return the nearest result /* Overflow occurred one way or another. Return the nearest result
@ -295,32 +222,51 @@ guess_time_tm (long_int year, long_int yday, int hour, int min, int sec,
if the actual difference is nonzero, as that would cause a false if the actual difference is nonzero, as that would cause a false
match; and don't oscillate between two values, as that would match; and don't oscillate between two values, as that would
confuse the spring-forward gap detector. */ confuse the spring-forward gap detector. */
return (*t < TIME_T_MIDPOINT return (t < long_int_avg (mktime_min, mktime_max)
? (*t <= TIME_T_MIN + 1 ? *t + 1 : TIME_T_MIN) ? (t <= mktime_min + 1 ? t + 1 : mktime_min)
: (TIME_T_MAX - 1 <= *t ? *t - 1 : TIME_T_MAX)); : (mktime_max - 1 <= t ? t - 1 : mktime_max));
}
/* Use CONVERT to convert T to a struct tm value in *TM. T must be in
range for time_t. Return TM if successfull, NULL if T is out of
range for CONVERT. */
static struct tm *
convert_time (struct tm *(*convert) (const time_t *, struct tm *),
long_int t, struct tm *tm)
{
time_t x = t;
return convert (&x, tm);
} }
/* Use CONVERT to convert *T to a broken down time in *TP. /* Use CONVERT to convert *T to a broken down time in *TP.
If *T is out of range for conversion, adjust it so that If *T is out of range for conversion, adjust it so that
it is the nearest in-range value and then convert that. */ it is the nearest in-range value and then convert that.
A value is in range if it fits in both time_t and long_int. */
static struct tm * static struct tm *
ranged_convert (struct tm *(*convert) (const time_t *, struct tm *), ranged_convert (struct tm *(*convert) (const time_t *, struct tm *),
time_t *t, struct tm *tp) long_int *t, struct tm *tp)
{ {
struct tm *r = convert (t, tp); struct tm *r;
if (*t < mktime_min)
*t = mktime_min;
else if (mktime_max < *t)
*t = mktime_max;
r = convert_time (convert, *t, tp);
if (!r && *t) if (!r && *t)
{ {
time_t bad = *t; long_int bad = *t;
time_t ok = 0; long_int ok = 0;
/* BAD is a known unconvertible time_t, and OK is a known good one. /* BAD is a known unconvertible value, and OK is a known good one.
Use binary search to narrow the range between BAD and OK until Use binary search to narrow the range between BAD and OK until
they differ by 1. */ they differ by 1. */
while (bad != ok + (bad < 0 ? -1 : 1)) while (true)
{ {
time_t mid = *t = time_t_avg (ok, bad); long_int mid = long_int_avg (ok, bad);
r = convert (t, tp); if (mid != ok && mid != bad)
break;
r = convert_time (convert, mid, tp);
if (r) if (r)
ok = mid; ok = mid;
else else
@ -331,15 +277,13 @@ ranged_convert (struct tm *(*convert) (const time_t *, struct tm *),
{ {
/* The last conversion attempt failed; /* The last conversion attempt failed;
revert to the most recent successful attempt. */ revert to the most recent successful attempt. */
*t = ok; r = convert_time (convert, ok, tp);
r = convert (t, tp);
} }
} }
return r; return r;
} }
/* Convert *TP to a time_t value, inverting /* Convert *TP to a time_t value, inverting
the monotonic and mostly-unit-linear conversion function CONVERT. the monotonic and mostly-unit-linear conversion function CONVERT.
Use *OFFSET to keep track of a guess at the offset of the result, Use *OFFSET to keep track of a guess at the offset of the result,
@ -349,9 +293,9 @@ ranged_convert (struct tm *(*convert) (const time_t *, struct tm *),
time_t time_t
__mktime_internal (struct tm *tp, __mktime_internal (struct tm *tp,
struct tm *(*convert) (const time_t *, struct tm *), struct tm *(*convert) (const time_t *, struct tm *),
time_t *offset) mktime_offset_t *offset)
{ {
time_t t, gt, t0, t1, t2; long_int t, gt, t0, t1, t2, dt;
struct tm tm; struct tm tm;
/* The maximum number of probes (calls to CONVERT) should be enough /* The maximum number of probes (calls to CONVERT) should be enough
@ -381,9 +325,7 @@ __mktime_internal (struct tm *tp,
long_int year = lyear_requested + mon_years; long_int year = lyear_requested + mon_years;
/* The other values need not be in range: /* The other values need not be in range:
the remaining code handles minor overflows correctly, the remaining code handles overflows correctly. */
assuming int and time_t arithmetic wraps around.
Major overflows are caught at the end. */
/* Calculate day of year from year, month, and day of month. /* Calculate day of year from year, month, and day of month.
The result need not be in range. */ The result need not be in range. */
@ -393,7 +335,7 @@ __mktime_internal (struct tm *tp,
long_int lmday = mday; long_int lmday = mday;
long_int yday = mon_yday + lmday; long_int yday = mon_yday + lmday;
time_t guessed_offset = *offset; int negative_offset_guess;
int sec_requested = sec; int sec_requested = sec;
@ -410,71 +352,14 @@ __mktime_internal (struct tm *tp,
/* Invert CONVERT by probing. First assume the same offset as last /* Invert CONVERT by probing. First assume the same offset as last
time. */ time. */
INT_SUBTRACT_WRAPV (0, *offset, &negative_offset_guess);
t0 = ydhms_diff (year, yday, hour, min, sec, t0 = ydhms_diff (year, yday, hour, min, sec,
EPOCH_YEAR - TM_YEAR_BASE, 0, 0, 0, - guessed_offset); EPOCH_YEAR - TM_YEAR_BASE, 0, 0, 0, negative_offset_guess);
if (TIME_T_MAX / INT_MAX / 366 / 24 / 60 / 60 < 3)
{
/* time_t isn't large enough to rule out overflows, so check
for major overflows. A gross check suffices, since if t0
has overflowed, it is off by a multiple of TIME_T_MAX -
TIME_T_MIN + 1. So ignore any component of the difference
that is bounded by a small value. */
/* Approximate log base 2 of the number of time units per
biennium. A biennium is 2 years; use this unit instead of
years to avoid integer overflow. For example, 2 average
Gregorian years are 2 * 365.2425 * 24 * 60 * 60 seconds,
which is 63113904 seconds, and rint (log2 (63113904)) is
26. */
int ALOG2_SECONDS_PER_BIENNIUM = 26;
int ALOG2_MINUTES_PER_BIENNIUM = 20;
int ALOG2_HOURS_PER_BIENNIUM = 14;
int ALOG2_DAYS_PER_BIENNIUM = 10;
int LOG2_YEARS_PER_BIENNIUM = 1;
int approx_requested_biennia =
(SHR (year_requested, LOG2_YEARS_PER_BIENNIUM)
- SHR (EPOCH_YEAR - TM_YEAR_BASE, LOG2_YEARS_PER_BIENNIUM)
+ SHR (mday, ALOG2_DAYS_PER_BIENNIUM)
+ SHR (hour, ALOG2_HOURS_PER_BIENNIUM)
+ SHR (min, ALOG2_MINUTES_PER_BIENNIUM)
+ (LEAP_SECONDS_POSSIBLE
? 0
: SHR (sec, ALOG2_SECONDS_PER_BIENNIUM)));
int approx_biennia = SHR (t0, ALOG2_SECONDS_PER_BIENNIUM);
int diff = approx_biennia - approx_requested_biennia;
int approx_abs_diff = diff < 0 ? -1 - diff : diff;
/* IRIX 4.0.5 cc miscalculates TIME_T_MIN / 3: it erroneously
gives a positive value of 715827882. Setting a variable
first then doing math on it seems to work.
(ghazi@caip.rutgers.edu) */
time_t time_t_max = TIME_T_MAX;
time_t time_t_min = TIME_T_MIN;
time_t overflow_threshold =
(time_t_max / 3 - time_t_min / 3) >> ALOG2_SECONDS_PER_BIENNIUM;
if (overflow_threshold < approx_abs_diff)
{
/* Overflow occurred. Try repairing it; this might work if
the time zone offset is enough to undo the overflow. */
time_t repaired_t0 = -1 - t0;
approx_biennia = SHR (repaired_t0, ALOG2_SECONDS_PER_BIENNIUM);
diff = approx_biennia - approx_requested_biennia;
approx_abs_diff = diff < 0 ? -1 - diff : diff;
if (overflow_threshold < approx_abs_diff)
return -1;
guessed_offset += repaired_t0 - t0;
t0 = repaired_t0;
}
}
/* Repeatedly use the error to improve the guess. */ /* Repeatedly use the error to improve the guess. */
for (t = t1 = t2 = t0, dst2 = 0; for (t = t1 = t2 = t0, dst2 = 0;
(gt = guess_time_tm (year, yday, hour, min, sec, &t, (gt = guess_time_tm (year, yday, hour, min, sec, t,
ranged_convert (convert, &t, &tm)), ranged_convert (convert, &t, &tm)),
t != gt); t != gt);
t1 = t2, t2 = t, t = gt, dst2 = tm.tm_isdst != 0) t1 = t2, t2 = t, t = gt, dst2 = tm.tm_isdst != 0)
@ -531,39 +416,42 @@ __mktime_internal (struct tm *tp,
for (delta = stride; delta < delta_bound; delta += stride) for (delta = stride; delta < delta_bound; delta += stride)
for (direction = -1; direction <= 1; direction += 2) for (direction = -1; direction <= 1; direction += 2)
if (time_t_int_add_ok (t, delta * direction)) {
{ long_int ot;
time_t ot = t + delta * direction; if (! INT_ADD_WRAPV (t, delta * direction, &ot))
struct tm otm; {
ranged_convert (convert, &ot, &otm); struct tm otm;
if (! isdst_differ (isdst, otm.tm_isdst)) ranged_convert (convert, &ot, &otm);
{ if (! isdst_differ (isdst, otm.tm_isdst))
/* We found the desired tm_isdst. {
Extrapolate back to the desired time. */ /* We found the desired tm_isdst.
t = guess_time_tm (year, yday, hour, min, sec, &ot, &otm); Extrapolate back to the desired time. */
ranged_convert (convert, &t, &tm); t = guess_time_tm (year, yday, hour, min, sec, ot, &otm);
goto offset_found; ranged_convert (convert, &t, &tm);
} goto offset_found;
} }
}
}
} }
offset_found: offset_found:
*offset = guessed_offset + t - t0; /* Set *OFFSET to the low-order bits of T - T0 - NEGATIVE_OFFSET_GUESS.
This is just a heuristic to speed up the next mktime call, and
correctness is unaffected if integer overflow occurs here. */
INT_SUBTRACT_WRAPV (t, t0, &dt);
INT_SUBTRACT_WRAPV (dt, negative_offset_guess, offset);
if (LEAP_SECONDS_POSSIBLE && sec_requested != tm.tm_sec) if (LEAP_SECONDS_POSSIBLE && sec_requested != tm.tm_sec)
{ {
/* Adjust time to reflect the tm_sec requested, not the normalized value. /* Adjust time to reflect the tm_sec requested, not the normalized value.
Also, repair any damage from a false match due to a leap second. */ Also, repair any damage from a false match due to a leap second. */
int sec_adjustment = (sec == 0 && tm.tm_sec == 60) - sec; long_int sec_adjustment = sec == 0 && tm.tm_sec == 60;
if (! time_t_int_add_ok (t, sec_requested)) sec_adjustment -= sec;
sec_adjustment += sec_requested;
if (INT_ADD_WRAPV (t, sec_adjustment, &t)
|| ! (mktime_min <= t && t <= mktime_max)
|| ! convert_time (convert, t, &tm))
return -1; return -1;
t1 = t + sec_requested;
if (! time_t_int_add_ok (t1, sec_adjustment))
return -1;
t2 = t1 + sec_adjustment;
if (! convert (&t2, &tm))
return -1;
t = t2;
} }
*tp = tm; *tp = tm;
@ -571,11 +459,7 @@ __mktime_internal (struct tm *tp,
} }
/* FIXME: This should use a signed type wide enough to hold any UTC static mktime_offset_t localtime_offset;
offset in seconds. 'int' should be good enough for GNU code. We
can't fix this unilaterally though, as other modules invoke
__mktime_internal. */
static time_t localtime_offset;
/* Convert *TP to a time_t value. */ /* Convert *TP to a time_t value. */
time_t time_t
@ -600,7 +484,7 @@ libc_hidden_def (mktime)
libc_hidden_weak (timelocal) libc_hidden_weak (timelocal)
#endif #endif
#if defined DEBUG_MKTIME && DEBUG_MKTIME #if DEBUG_MKTIME
static int static int
not_equal_tm (const struct tm *a, const struct tm *b) not_equal_tm (const struct tm *a, const struct tm *b)
@ -652,6 +536,14 @@ main (int argc, char **argv)
time_t tk, tl, tl1; time_t tk, tl, tl1;
char trailer; char trailer;
/* Sanity check, plus call tzset. */
tl = 0;
if (! localtime (&tl))
{
printf ("localtime (0) fails\n");
status = 1;
}
if ((argc == 3 || argc == 4) if ((argc == 3 || argc == 4)
&& (sscanf (argv[1], "%d-%d-%d%c", && (sscanf (argv[1], "%d-%d-%d%c",
&tm.tm_year, &tm.tm_mon, &tm.tm_mday, &trailer) &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &trailer)
@ -665,12 +557,7 @@ main (int argc, char **argv)
tm.tm_isdst = argc == 3 ? -1 : atoi (argv[3]); tm.tm_isdst = argc == 3 ? -1 : atoi (argv[3]);
tmk = tm; tmk = tm;
tl = mktime (&tmk); tl = mktime (&tmk);
lt = localtime (&tl); lt = localtime_r (&tl, &tml);
if (lt)
{
tml = *lt;
lt = &tml;
}
printf ("mktime returns %ld == ", (long int) tl); printf ("mktime returns %ld == ", (long int) tl);
print_tm (&tmk); print_tm (&tmk);
printf ("\n"); printf ("\n");
@ -685,16 +572,16 @@ main (int argc, char **argv)
if (argc == 4) if (argc == 4)
for (tl = from; by < 0 ? to <= tl : tl <= to; tl = tl1) for (tl = from; by < 0 ? to <= tl : tl <= to; tl = tl1)
{ {
lt = localtime (&tl); lt = localtime_r (&tl, &tml);
if (lt) if (lt)
{ {
tmk = tml = *lt; tmk = tml;
tk = mktime (&tmk); tk = mktime (&tmk);
status |= check_result (tk, tmk, tl, &tml); status |= check_result (tk, tmk, tl, &tml);
} }
else else
{ {
printf ("localtime (%ld) yields 0\n", (long int) tl); printf ("localtime_r (%ld) yields 0\n", (long int) tl);
status = 1; status = 1;
} }
tl1 = tl + by; tl1 = tl + by;
@ -705,16 +592,16 @@ main (int argc, char **argv)
for (tl = from; by < 0 ? to <= tl : tl <= to; tl = tl1) for (tl = from; by < 0 ? to <= tl : tl <= to; tl = tl1)
{ {
/* Null benchmark. */ /* Null benchmark. */
lt = localtime (&tl); lt = localtime_r (&tl, &tml);
if (lt) if (lt)
{ {
tmk = tml = *lt; tmk = tml;
tk = tl; tk = tl;
status |= check_result (tk, tmk, tl, &tml); status |= check_result (tk, tmk, tl, &tml);
} }
else else
{ {
printf ("localtime (%ld) yields 0\n", (long int) tl); printf ("localtime_r (%ld) yields 0\n", (long int) tl);
status = 1; status = 1;
} }
tl1 = tl + by; tl1 = tl + by;

31
lib/strtol.c
View file

@ -121,30 +121,19 @@
/* The extra casts in the following macros work around compiler bugs, /* The extra casts in the following macros work around compiler bugs,
e.g., in Cray C 5.0.3.0. */ e.g., in Cray C 5.0.3.0. */
/* True if negative values of the signed integer type T use two's
complement, ones' complement, or signed magnitude representation,
respectively. Much GNU code assumes two's complement, but some
people like to be portable to all possible C hosts. */
# define TYPE_TWOS_COMPLEMENT(t) ((t) ~ (t) 0 == (t) -1)
# define TYPE_ONES_COMPLEMENT(t) ((t) ~ (t) 0 == 0)
# define TYPE_SIGNED_MAGNITUDE(t) ((t) ~ (t) 0 < (t) -1)
/* True if the arithmetic type T is signed. */ /* True if the arithmetic type T is signed. */
# define TYPE_SIGNED(t) (! ((t) 0 < (t) -1)) # define TYPE_SIGNED(t) (! ((t) 0 < (t) -1))
/* The maximum and minimum values for the integer type T. These /* Minimum and maximum values for integer types.
macros have undefined behavior if T is signed and has padding bits. These macros have undefined behavior for signed types that either
If this is a problem for you, please let us know how to fix it for have padding bits or do not use two's complement. If this is a
your host. */ problem for you, please let us know how to fix it for your host. */
# define TYPE_MINIMUM(t) \
((t) (! TYPE_SIGNED (t) \ /* The maximum and minimum values for the integer type T. */
? (t) 0 \ # define TYPE_MINIMUM(t) ((t) ~ TYPE_MAXIMUM (t))
: TYPE_SIGNED_MAGNITUDE (t) \ # define TYPE_MAXIMUM(t) \
? ~ (t) 0 \ ((t) (! TYPE_SIGNED (t) \
: ~ TYPE_MAXIMUM (t))) ? (t) -1 \
# define TYPE_MAXIMUM(t) \
((t) (! TYPE_SIGNED (t) \
? (t) -1 \
: ((((t) 1 << (sizeof (t) * CHAR_BIT - 2)) - 1) * 2 + 1))) : ((((t) 1 << (sizeof (t) * CHAR_BIT - 2)) - 1) * 2 + 1)))
# ifndef ULLONG_MAX # ifndef ULLONG_MAX

6
lib/timegm.c
View file

@ -22,7 +22,9 @@
#include <time.h> #include <time.h>
#ifndef _LIBC #ifdef _LIBC
typedef time_t mktime_offset_t;
#else
# undef __gmtime_r # undef __gmtime_r
# define __gmtime_r gmtime_r # define __gmtime_r gmtime_r
# define __mktime_internal mktime_internal # define __mktime_internal mktime_internal
@ -32,7 +34,7 @@
time_t time_t
timegm (struct tm *tmp) timegm (struct tm *tmp)
{ {
static time_t gmtime_offset; static mktime_offset_t gmtime_offset;
tmp->tm_isdst = 0; tmp->tm_isdst = 0;
return __mktime_internal (tmp, __gmtime_r, &gmtime_offset); return __mktime_internal (tmp, __gmtime_r, &gmtime_offset);
} }

22
m4/mktime.m4
View file

@ -1,4 +1,4 @@
# serial 25 # serial 26
dnl Copyright (C) 2002-2003, 2005-2007, 2009-2016 Free Software Foundation, dnl Copyright (C) 2002-2003, 2005-2007, 2009-2016 Free Software Foundation,
dnl Inc. dnl Inc.
dnl This file is free software; the Free Software Foundation dnl This file is free software; the Free Software Foundation
@ -7,9 +7,24 @@ dnl with or without modifications, as long as this notice is preserved.
dnl From Jim Meyering. dnl From Jim Meyering.
AC_DEFUN([gl_TIME_T_IS_SIGNED],
[
AC_CACHE_CHECK([whether time_t is signed],
[gl_cv_time_t_is_signed],
[AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM([[#include <time.h>
char time_t_signed[(time_t) -1 < 0 ? 1 : -1];]])],
[gl_cv_time_t_is_signed=yes],
[gl_cv_time_t_is_signed=no])])
if test $gl_cv_time_t_is_signed = yes; then
AC_DEFINE([TIME_T_IS_SIGNED], [1], [Define to 1 if time_t is signed.])
fi
])
AC_DEFUN([gl_FUNC_MKTIME], AC_DEFUN([gl_FUNC_MKTIME],
[ [
AC_REQUIRE([gl_HEADER_TIME_H_DEFAULTS]) AC_REQUIRE([gl_HEADER_TIME_H_DEFAULTS])
AC_REQUIRE([gl_TIME_T_IS_SIGNED])
dnl We don't use AC_FUNC_MKTIME any more, because it is no longer maintained dnl We don't use AC_FUNC_MKTIME any more, because it is no longer maintained
dnl in Autoconf and because it invokes AC_LIBOBJ. dnl in Autoconf and because it invokes AC_LIBOBJ.
@ -169,7 +184,6 @@ main ()
time_t t, delta; time_t t, delta;
int i, j; int i, j;
int time_t_signed_magnitude = (time_t) ~ (time_t) 0 < (time_t) -1; int time_t_signed_magnitude = (time_t) ~ (time_t) 0 < (time_t) -1;
int time_t_signed = ! ((time_t) 0 < (time_t) -1);
#if HAVE_DECL_ALARM #if HAVE_DECL_ALARM
/* This test makes some buggy mktime implementations loop. /* This test makes some buggy mktime implementations loop.
@ -179,11 +193,11 @@ main ()
alarm (60); alarm (60);
#endif #endif
time_t_max = (! time_t_signed time_t_max = (! TIME_T_IS_SIGNED
? (time_t) -1 ? (time_t) -1
: ((((time_t) 1 << (sizeof (time_t) * CHAR_BIT - 2)) - 1) : ((((time_t) 1 << (sizeof (time_t) * CHAR_BIT - 2)) - 1)
* 2 + 1)); * 2 + 1));
time_t_min = (! time_t_signed time_t_min = (! TIME_T_IS_SIGNED
? (time_t) 0 ? (time_t) 0
: time_t_signed_magnitude : time_t_signed_magnitude
? ~ (time_t) 0 ? ~ (time_t) 0

8
m4/std-gnu11.m4
View file

@ -1,8 +1,8 @@
# Prefer GNU C11 and C++11 to earlier versions. -*- coding: utf-8 -*- # Prefer GNU C11 and C++11 to earlier versions. -*- coding: utf-8 -*-
# This implementation is taken from GNU Autoconf lib/autoconf/c.m4 # This implementation is taken from GNU Autoconf lib/autoconf/c.m4
# commit 739cdc82b5325402231f3f5e1a38f681fcbd1db2 # commit 017d5ddd82854911f0119691d91ea8a1438824d6
# dated Tue Mar 15 09:34:11 2016 -0700. # dated Sun Apr 3 13:57:17 2016 -0700
# This implementation will be obsolete once we can assume Autoconf 2.70 # This implementation will be obsolete once we can assume Autoconf 2.70
# or later is installed everywhere a Gnulib program might be developed. # or later is installed everywhere a Gnulib program might be developed.
@ -707,7 +707,7 @@ AC_DEFUN([_AC_CXX_CXX11_TEST_BODY],
short sa[cxx11test::get_val()] = { 0 }; short sa[cxx11test::get_val()] = { 0 };
} }
{ {
// Test initialiser lists // Test initializer lists
cxx11test::testinit il = { 4323, 435234.23544 }; cxx11test::testinit il = { 4323, 435234.23544 };
} }
{ {
@ -801,7 +801,7 @@ dnl with extended modes being tried first.
# considers the compiler to be in ISO C++11 mode if it handles all the # considers the compiler to be in ISO C++11 mode if it handles all the
# tests from the C++98 checks, plus the following: Language features # tests from the C++98 checks, plus the following: Language features
# (auto, constexpr, decltype, default/deleted constructors, delegate # (auto, constexpr, decltype, default/deleted constructors, delegate
# constructors, final, initialiser lists, lambda functions, nullptr, # constructors, final, initializer lists, lambda functions, nullptr,
# override, range-based for loops, template brackets without spaces, # override, range-based for loops, template brackets without spaces,
# unicode literals) and library features (array, memory (shared_ptr, # unicode literals) and library features (array, memory (shared_ptr,
# weak_ptr), regex and tuple types). # weak_ptr), regex and tuple types).