[BZ #535]
2004-11-09 Paul Eggert <eggert@cs.ucla.edu. [BZ #535] * time/difftime.c: Fix a double-rounding bug on hosts with 64-bit time_t and long double being IEEE double. Also, port to more valid C99 hosts, even those that have padding bits. Don't include <values.h> since it is marked as an obsolescent interface. Include <limits.h>, <float.h>, and <stdint.h> instead. (TYPE_BITS, TYPE_FLOATING, TYPE_SIGNED): New macros. (subtract): New static function, that works correctly without double-rounding, even on hosts with 64-bit time_t. Also cater to hosts with padding bits. (__difftime): Use it. Use DBL_MANT_DIG and LDBL_MANT_DIG to determine whether floating types are wide enough: the old test (which used sizeof) could in theory report the wrong results on hosts with padding bits in floating-point values.
This commit is contained in:
parent
37b1a15401
commit
29311370cd
17
ChangeLog
17
ChangeLog
@ -1,3 +1,20 @@
|
||||
2004-11-09 Paul Eggert <eggert@cs.ucla.edu.
|
||||
|
||||
[BZ #535]
|
||||
* time/difftime.c: Fix a double-rounding bug on hosts with
|
||||
64-bit time_t and long double being IEEE double. Also, port
|
||||
to more valid C99 hosts, even those that have padding bits.
|
||||
Don't include <values.h> since it is marked as an obsolescent
|
||||
interface. Include <limits.h>, <float.h>, and <stdint.h> instead.
|
||||
(TYPE_BITS, TYPE_FLOATING, TYPE_SIGNED): New macros.
|
||||
(subtract): New static function, that works correctly without
|
||||
double-rounding, even on hosts with 64-bit time_t. Also cater
|
||||
to hosts with padding bits.
|
||||
(__difftime): Use it. Use DBL_MANT_DIG and LDBL_MANT_DIG to
|
||||
determine whether floating types are wide enough: the old
|
||||
test (which used sizeof) could in theory report the wrong results
|
||||
on hosts with padding bits in floating-point values.
|
||||
|
||||
2004-11-11 Simon Josefsson <jas@extundo.com>
|
||||
|
||||
[BZ #542]
|
||||
|
129
time/difftime.c
129
time/difftime.c
@ -16,52 +16,107 @@
|
||||
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
||||
02111-1307 USA. */
|
||||
|
||||
#include <time.h>
|
||||
#include <values.h>
|
||||
/* Written by Paul Eggert <eggert@cs.ucla.edu>. */
|
||||
|
||||
#include <time.h>
|
||||
|
||||
#include <limits.h>
|
||||
#include <float.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define TYPE_BITS(type) (sizeof (type) * CHAR_BIT)
|
||||
#define TYPE_FLOATING(type) ((type) 0.5 == 0.5)
|
||||
#define TYPE_SIGNED(type) ((type) -1 < 0)
|
||||
|
||||
/* Return the difference between TIME1 and TIME0, where TIME0 <= TIME1.
|
||||
time_t is known to be an integer type. */
|
||||
|
||||
static double
|
||||
subtract (time_t time1, time_t time0)
|
||||
{
|
||||
if (! TYPE_SIGNED (time_t))
|
||||
return time1 - time0;
|
||||
else
|
||||
{
|
||||
/* Optimize the common special cases where time_t
|
||||
can be converted to uintmax_t without losing information. */
|
||||
uintmax_t dt = (uintmax_t) time1 - (uintmax_t) time0;
|
||||
double delta = dt;
|
||||
|
||||
if (UINTMAX_MAX / 2 < INTMAX_MAX)
|
||||
{
|
||||
/* This is a rare host where uintmax_t has padding bits, and possibly
|
||||
information was lost when converting time_t to uintmax_t.
|
||||
Check for overflow by comparing dt/2 to (time1/2 - time0/2).
|
||||
Overflow occurred if they differ by more than a small slop.
|
||||
Thanks to Clive D.W. Feather for detailed technical advice about
|
||||
hosts with padding bits.
|
||||
|
||||
In the following code the "h" prefix means half. By range
|
||||
analysis, we have:
|
||||
|
||||
-0.5 <= ht1 - 0.5*time1 <= 0.5
|
||||
-0.5 <= ht0 - 0.5*time0 <= 0.5
|
||||
-1.0 <= dht - 0.5*(time1 - time0) <= 1.0
|
||||
|
||||
If overflow has not occurred, we also have:
|
||||
|
||||
-0.5 <= hdt - 0.5*(time1 - time0) <= 0
|
||||
-1.0 <= dht - hdt <= 1.5
|
||||
|
||||
and since dht - hdt is an integer, we also have:
|
||||
|
||||
-1 <= dht - hdt <= 1
|
||||
|
||||
or equivalently:
|
||||
|
||||
0 <= dht - hdt + 1 <= 2
|
||||
|
||||
In the above analysis, all the operators have their exact
|
||||
mathematical semantics, not C semantics. However, dht - hdt +
|
||||
1 is unsigned in C, so it need not be compared to zero. */
|
||||
|
||||
uintmax_t hdt = dt / 2;
|
||||
time_t ht1 = time1 / 2;
|
||||
time_t ht0 = time0 / 2;
|
||||
time_t dht = ht1 - ht0;
|
||||
|
||||
if (2 < dht - hdt + 1)
|
||||
{
|
||||
/* Repair delta overflow.
|
||||
|
||||
The following expression contains a second rounding,
|
||||
so the result may not be the closest to the true answer.
|
||||
This problem occurs only with very large differences.
|
||||
It's too painful to fix this portably. */
|
||||
|
||||
delta = dt + 2.0L * (UINTMAX_MAX - UINTMAX_MAX / 2);
|
||||
}
|
||||
}
|
||||
|
||||
return delta;
|
||||
}
|
||||
}
|
||||
|
||||
/* Return the difference between TIME1 and TIME0. */
|
||||
double
|
||||
__difftime (time1, time0)
|
||||
time_t time1;
|
||||
time_t time0;
|
||||
__difftime (time_t time1, time_t time0)
|
||||
{
|
||||
/* Algorithm courtesy Paul Eggert (eggert@twinsun.com). */
|
||||
/* Convert to double and then subtract if no double-rounding error could
|
||||
result. */
|
||||
|
||||
time_t delta, hibit;
|
||||
|
||||
if (sizeof (time_t) < sizeof (double))
|
||||
if (TYPE_BITS (time_t) <= DBL_MANT_DIG
|
||||
|| (TYPE_FLOATING (time_t) && sizeof (time_t) < sizeof (long double)))
|
||||
return (double) time1 - (double) time0;
|
||||
if (sizeof (time_t) < sizeof (long double))
|
||||
|
||||
/* Likewise for long double. */
|
||||
|
||||
if (TYPE_BITS (time_t) <= LDBL_MANT_DIG || TYPE_FLOATING (time_t))
|
||||
return (long double) time1 - (long double) time0;
|
||||
|
||||
if (time1 < time0)
|
||||
return - __difftime (time0, time1);
|
||||
/* Subtract the smaller integer from the larger, convert the difference to
|
||||
double, and then negate if needed. */
|
||||
|
||||
/* As much as possible, avoid loss of precision by computing the
|
||||
difference before converting to double. */
|
||||
delta = time1 - time0;
|
||||
if (delta >= 0)
|
||||
return delta;
|
||||
|
||||
/* Repair delta overflow. */
|
||||
hibit = (~ (time_t) 0) << (_TYPEBITS (time_t) - 1);
|
||||
|
||||
/* The following expression rounds twice, which means the result may not
|
||||
be the closest to the true answer. For example, suppose time_t is
|
||||
64-bit signed int, long_double is IEEE 754 double with default
|
||||
rounding, time1 = 9223372036854775807 and time0 = -1536. Then the
|
||||
true difference is 9223372036854777343, which rounds to
|
||||
9223372036854777856 with a total error of 513. But delta overflows to
|
||||
-9223372036854774273, which rounds to -9223372036854774784, and
|
||||
correcting this by subtracting 2 * (long_double) hibit (i.e. by adding
|
||||
2**64 = 18446744073709551616) yields 9223372036854776832, which rounds
|
||||
to 9223372036854775808 with a total error of 1535 instead. This
|
||||
problem occurs only with very large differences. It's too painful to
|
||||
fix this portably. We are not alone in this problem; many C compilers
|
||||
round twice when converting large unsigned types to small floating
|
||||
types, so if time_t is unsigned the "return delta" above has the same
|
||||
double-rounding problem. */
|
||||
return delta - 2 * (long double) hibit;
|
||||
return time1 < time0 ? - subtract (time0, time1) : subtract (time1, time0);
|
||||
}
|
||||
strong_alias (__difftime, difftime)
|
||||
|
Loading…
x
Reference in New Issue
Block a user