[BZ #535]

2004-11-09 Paul Eggert <eggert@cs.ucla.edu. [BZ #535] * time/difftime.c: Fix a double-rounding bug on hosts with 64-bit time_t and long double being IEEE double. Also, port to more valid C99 hosts, even those that have padding bits. Don't include <values.h> since it is marked as an obsolescent interface. Include <limits.h>, <float.h>, and <stdint.h> instead. (TYPE_BITS, TYPE_FLOATING, TYPE_SIGNED): New macros. (subtract): New static function, that works correctly without double-rounding, even on hosts with 64-bit time_t. Also cater to hosts with padding bits. (__difftime): Use it. Use DBL_MANT_DIG and LDBL_MANT_DIG to determine whether floating types are wide enough: the old test (which used sizeof) could in theory report the wrong results on hosts with padding bits in floating-point values.
2025-01-08 18:30:18 +00:00 · 2004-11-11 22:31:17 +00:00 · 2004-11-11 22:31:17 +00:00 · 29311370cd
commit 29311370cd
parent 37b1a15401
2 changed files with 109 additions and 37 deletions
--- a/17
+++ b/17
@ -1,3 +1,20 @@
 2004-11-09  Paul Eggert  <eggert@cs.ucla.edu.
 	[BZ #535]
 	* time/difftime.c: Fix a double-rounding bug on hosts with
 	64-bit time_t and long double being IEEE double.  Also, port
 	to more valid C99 hosts, even those that have padding bits.
 	Don't include <values.h> since it is marked as an obsolescent
 	interface.  Include <limits.h>, <float.h>, and <stdint.h> instead.
 	(TYPE_BITS, TYPE_FLOATING, TYPE_SIGNED): New macros.
 	(subtract): New static function, that works correctly without
 	double-rounding, even on hosts with 64-bit time_t.  Also cater
 	to hosts with padding bits.
 	(__difftime): Use it.  Use DBL_MANT_DIG and LDBL_MANT_DIG to
 	determine whether floating types are wide enough: the old
 	test (which used sizeof) could in theory report the wrong results
 	on hosts with padding bits in floating-point values.
 2004-11-11  Simon Josefsson  <jas@extundo.com>
 	[BZ #542]
--- a/time/difftime.c
+++ b/time/difftime.c
@ -16,52 +16,107 @@
   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
   02111-1307 USA.  */
-#include <time.h>
+/* Written by Paul Eggert <eggert@cs.ucla.edu>.  */
 #include <values.h>
 #include <time.h>
 #include <limits.h>
 #include <float.h>
 #include <stdint.h>
 #define TYPE_BITS(type) (sizeof (type) * CHAR_BIT)
 #define TYPE_FLOATING(type) ((type) 0.5 == 0.5)
 #define TYPE_SIGNED(type) ((type) -1 < 0)
 /* Return the difference between TIME1 and TIME0, where TIME0 <= TIME1.
   time_t is known to be an integer type.  */
 static double
 subtract (time_t time1, time_t time0)
 {
  if (! TYPE_SIGNED (time_t))
    return time1 - time0;
  else
    {
      /* Optimize the common special cases where time_t
 	 can be converted to uintmax_t without losing information.  */
      uintmax_t dt = (uintmax_t) time1 - (uintmax_t) time0;
      double delta = dt;
      if (UINTMAX_MAX / 2 < INTMAX_MAX)
 	{
 	  /* This is a rare host where uintmax_t has padding bits, and possibly
 	     information was lost when converting time_t to uintmax_t.
 	     Check for overflow by comparing dt/2 to (time1/2 - time0/2).
 	     Overflow occurred if they differ by more than a small slop.
 	     Thanks to Clive D.W. Feather for detailed technical advice about
 	     hosts with padding bits.
 	     In the following code the "h" prefix means half.  By range
 	     analysis, we have:
                  -0.5 <= ht1 - 0.5*time1 <= 0.5
                  -0.5 <= ht0 - 0.5*time0 <= 0.5
                  -1.0 <= dht - 0.5*(time1 - time0) <= 1.0
             If overflow has not occurred, we also have:
                  -0.5 <= hdt - 0.5*(time1 - time0) <= 0
                  -1.0 <= dht - hdt <= 1.5
             and since dht - hdt is an integer, we also have:
                  -1 <= dht - hdt <= 1
             or equivalently:
                  0 <= dht - hdt + 1 <= 2
             In the above analysis, all the operators have their exact
             mathematical semantics, not C semantics.  However, dht - hdt +
             1 is unsigned in C, so it need not be compared to zero.  */
 	  uintmax_t hdt = dt / 2;
 	  time_t ht1 = time1 / 2;
 	  time_t ht0 = time0 / 2;
 	  time_t dht = ht1 - ht0;
 	  if (2 < dht - hdt + 1)
 	    {
 	      /* Repair delta overflow.
 		 The following expression contains a second rounding,
 		 so the result may not be the closest to the true answer.
 		 This problem occurs only with very large differences.
 		 It's too painful to fix this portably.  */
 	      delta = dt + 2.0L * (UINTMAX_MAX - UINTMAX_MAX / 2);
 	    }
 	}
      return delta;
    }
 }
 /* Return the difference between TIME1 and TIME0.  */
 double
-__difftime (time1, time0)
+__difftime (time_t time1, time_t time0)
     time_t time1;
     time_t time0;
 {
-  /* Algorithm courtesy Paul Eggert (eggert@twinsun.com).  */
+  /* Convert to double and then subtract if no double-rounding error could
     result.  */
-  time_t delta, hibit;
+  if (TYPE_BITS (time_t) <= DBL_MANT_DIG
-
+      || (TYPE_FLOATING (time_t) && sizeof (time_t) < sizeof (long double)))
  if (sizeof (time_t) < sizeof (double))
    return (double) time1 - (double) time0;
-  if (sizeof (time_t) < sizeof (long double))
+
  /* Likewise for long double.  */
  if (TYPE_BITS (time_t) <= LDBL_MANT_DIG || TYPE_FLOATING (time_t))
    return (long double) time1 - (long double) time0;
-  if (time1 < time0)
+  /* Subtract the smaller integer from the larger, convert the difference to
-    return - __difftime (time0, time1);
+     double, and then negate if needed.  */
-  /* As much as possible, avoid loss of precision by computing the
+  return time1 < time0 ? - subtract (time0, time1) : subtract (time1, time0);
    difference before converting to double.  */
  delta = time1 - time0;
  if (delta >= 0)
    return delta;
  /* Repair delta overflow.  */
  hibit = (~ (time_t) 0) << (_TYPEBITS (time_t) - 1);
  /* The following expression rounds twice, which means the result may not
     be the closest to the true answer.  For example, suppose time_t is
     64-bit signed int, long_double is IEEE 754 double with default
     rounding, time1 = 9223372036854775807 and time0 = -1536.  Then the
     true difference is 9223372036854777343, which rounds to
     9223372036854777856 with a total error of 513.  But delta overflows to
     -9223372036854774273, which rounds to -9223372036854774784, and
     correcting this by subtracting 2 * (long_double) hibit (i.e. by adding
     2**64 = 18446744073709551616) yields 9223372036854776832, which rounds
     to 9223372036854775808 with a total error of 1535 instead.  This
     problem occurs only with very large differences.  It's too painful to
     fix this portably.  We are not alone in this problem; many C compilers
     round twice when converting large unsigned types to small floating
     types, so if time_t is unsigned the "return delta" above has the same
     double-rounding problem.  */
  return delta - 2 * (long double) hibit;
 }
 strong_alias (__difftime, difftime)