diff --git a/ChangeLog b/ChangeLog index c89325aaee..3bf7a3e31c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,20 @@ +2004-11-09 Paul Eggert since it is marked as an obsolescent + interface. Include , , and instead. + (TYPE_BITS, TYPE_FLOATING, TYPE_SIGNED): New macros. + (subtract): New static function, that works correctly without + double-rounding, even on hosts with 64-bit time_t. Also cater + to hosts with padding bits. + (__difftime): Use it. Use DBL_MANT_DIG and LDBL_MANT_DIG to + determine whether floating types are wide enough: the old + test (which used sizeof) could in theory report the wrong results + on hosts with padding bits in floating-point values. + 2004-11-11 Simon Josefsson [BZ #542] diff --git a/time/difftime.c b/time/difftime.c index 228090c057..ad896e207d 100644 --- a/time/difftime.c +++ b/time/difftime.c @@ -16,52 +16,107 @@ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. */ -#include -#include +/* Written by Paul Eggert . */ +#include + +#include +#include +#include + +#define TYPE_BITS(type) (sizeof (type) * CHAR_BIT) +#define TYPE_FLOATING(type) ((type) 0.5 == 0.5) +#define TYPE_SIGNED(type) ((type) -1 < 0) + +/* Return the difference between TIME1 and TIME0, where TIME0 <= TIME1. + time_t is known to be an integer type. */ + +static double +subtract (time_t time1, time_t time0) +{ + if (! TYPE_SIGNED (time_t)) + return time1 - time0; + else + { + /* Optimize the common special cases where time_t + can be converted to uintmax_t without losing information. */ + uintmax_t dt = (uintmax_t) time1 - (uintmax_t) time0; + double delta = dt; + + if (UINTMAX_MAX / 2 < INTMAX_MAX) + { + /* This is a rare host where uintmax_t has padding bits, and possibly + information was lost when converting time_t to uintmax_t. + Check for overflow by comparing dt/2 to (time1/2 - time0/2). + Overflow occurred if they differ by more than a small slop. + Thanks to Clive D.W. Feather for detailed technical advice about + hosts with padding bits. + + In the following code the "h" prefix means half. By range + analysis, we have: + + -0.5 <= ht1 - 0.5*time1 <= 0.5 + -0.5 <= ht0 - 0.5*time0 <= 0.5 + -1.0 <= dht - 0.5*(time1 - time0) <= 1.0 + + If overflow has not occurred, we also have: + + -0.5 <= hdt - 0.5*(time1 - time0) <= 0 + -1.0 <= dht - hdt <= 1.5 + + and since dht - hdt is an integer, we also have: + + -1 <= dht - hdt <= 1 + + or equivalently: + + 0 <= dht - hdt + 1 <= 2 + + In the above analysis, all the operators have their exact + mathematical semantics, not C semantics. However, dht - hdt + + 1 is unsigned in C, so it need not be compared to zero. */ + + uintmax_t hdt = dt / 2; + time_t ht1 = time1 / 2; + time_t ht0 = time0 / 2; + time_t dht = ht1 - ht0; + + if (2 < dht - hdt + 1) + { + /* Repair delta overflow. + + The following expression contains a second rounding, + so the result may not be the closest to the true answer. + This problem occurs only with very large differences. + It's too painful to fix this portably. */ + + delta = dt + 2.0L * (UINTMAX_MAX - UINTMAX_MAX / 2); + } + } + + return delta; + } +} /* Return the difference between TIME1 and TIME0. */ double -__difftime (time1, time0) - time_t time1; - time_t time0; +__difftime (time_t time1, time_t time0) { - /* Algorithm courtesy Paul Eggert (eggert@twinsun.com). */ + /* Convert to double and then subtract if no double-rounding error could + result. */ - time_t delta, hibit; - - if (sizeof (time_t) < sizeof (double)) + if (TYPE_BITS (time_t) <= DBL_MANT_DIG + || (TYPE_FLOATING (time_t) && sizeof (time_t) < sizeof (long double))) return (double) time1 - (double) time0; - if (sizeof (time_t) < sizeof (long double)) + + /* Likewise for long double. */ + + if (TYPE_BITS (time_t) <= LDBL_MANT_DIG || TYPE_FLOATING (time_t)) return (long double) time1 - (long double) time0; - if (time1 < time0) - return - __difftime (time0, time1); + /* Subtract the smaller integer from the larger, convert the difference to + double, and then negate if needed. */ - /* As much as possible, avoid loss of precision by computing the - difference before converting to double. */ - delta = time1 - time0; - if (delta >= 0) - return delta; - - /* Repair delta overflow. */ - hibit = (~ (time_t) 0) << (_TYPEBITS (time_t) - 1); - - /* The following expression rounds twice, which means the result may not - be the closest to the true answer. For example, suppose time_t is - 64-bit signed int, long_double is IEEE 754 double with default - rounding, time1 = 9223372036854775807 and time0 = -1536. Then the - true difference is 9223372036854777343, which rounds to - 9223372036854777856 with a total error of 513. But delta overflows to - -9223372036854774273, which rounds to -9223372036854774784, and - correcting this by subtracting 2 * (long_double) hibit (i.e. by adding - 2**64 = 18446744073709551616) yields 9223372036854776832, which rounds - to 9223372036854775808 with a total error of 1535 instead. This - problem occurs only with very large differences. It's too painful to - fix this portably. We are not alone in this problem; many C compilers - round twice when converting large unsigned types to small floating - types, so if time_t is unsigned the "return delta" above has the same - double-rounding problem. */ - return delta - 2 * (long double) hibit; + return time1 < time0 ? - subtract (time0, time1) : subtract (time1, time0); } strong_alias (__difftime, difftime)