xfreopen need not depend on freopen-safer
[gnulib.git] / lib / mktime.c
blobaf43a6950d72f7cd85dfa688725391f149539172
1 /* Convert a 'struct tm' to a time_t value.
2 Copyright (C) 1993-2019 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4 Contributed by Paul Eggert <eggert@twinsun.com>.
6 The GNU C Library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
11 The GNU C Library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with the GNU C Library; if not, see
18 <https://www.gnu.org/licenses/>. */
20 /* The following macros influence what gets defined when this file is compiled:
22 Macro/expression Which gnulib module This compilation unit
23 should define
25 _LIBC (glibc proper) mktime
27 NEED_MKTIME_WORKING mktime rpl_mktime
28 || NEED_MKTIME_WINDOWS
30 NEED_MKTIME_INTERNAL mktime-internal mktime_internal
33 #ifndef _LIBC
34 # include <libc-config.h>
35 #endif
37 /* Assume that leap seconds are possible, unless told otherwise.
38 If the host has a 'zic' command with a '-L leapsecondfilename' option,
39 then it supports leap seconds; otherwise it probably doesn't. */
40 #ifndef LEAP_SECONDS_POSSIBLE
41 # define LEAP_SECONDS_POSSIBLE 1
42 #endif
44 #include <time.h>
46 #include <errno.h>
47 #include <limits.h>
48 #include <stdbool.h>
49 #include <stdlib.h>
50 #include <string.h>
52 #include <intprops.h>
53 #include <verify.h>
55 #ifndef NEED_MKTIME_INTERNAL
56 # define NEED_MKTIME_INTERNAL 0
57 #endif
58 #ifndef NEED_MKTIME_WINDOWS
59 # define NEED_MKTIME_WINDOWS 0
60 #endif
61 #ifndef NEED_MKTIME_WORKING
62 # define NEED_MKTIME_WORKING 0
63 #endif
65 #include "mktime-internal.h"
67 #if !defined _LIBC && (NEED_MKTIME_WORKING || NEED_MKTIME_WINDOWS)
68 static void
69 my_tzset (void)
71 # if NEED_MKTIME_WINDOWS
72 /* Rectify the value of the environment variable TZ.
73 There are four possible kinds of such values:
74 - Traditional US time zone names, e.g. "PST8PDT". Syntax: see
75 <https://msdn.microsoft.com/en-us/library/90s5c885.aspx>
76 - Time zone names based on geography, that contain one or more
77 slashes, e.g. "Europe/Moscow".
78 - Time zone names based on geography, without slashes, e.g.
79 "Singapore".
80 - Time zone names that contain explicit DST rules. Syntax: see
81 <http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_03>
82 The Microsoft CRT understands only the first kind. It produces incorrect
83 results if the value of TZ is of the other kinds.
84 But in a Cygwin environment, /etc/profile.d/tzset.sh sets TZ to a value
85 of the second kind for most geographies, or of the first kind in a few
86 other geographies. If it is of the second kind, neutralize it. For the
87 Microsoft CRT, an absent or empty TZ means the time zone that the user
88 has set in the Windows Control Panel.
89 If the value of TZ is of the third or fourth kind -- Cygwin programs
90 understand these syntaxes as well --, it does not matter whether we
91 neutralize it or not, since these values occur only when a Cygwin user
92 has set TZ explicitly; this case is 1. rare and 2. under the user's
93 responsibility. */
94 const char *tz = getenv ("TZ");
95 if (tz != NULL && strchr (tz, '/') != NULL)
96 _putenv ("TZ=");
97 # elif HAVE_TZSET
98 tzset ();
99 # endif
101 # undef __tzset
102 # define __tzset() my_tzset ()
103 #endif
105 #if defined _LIBC || NEED_MKTIME_WORKING || NEED_MKTIME_INTERNAL
107 /* A signed type that can represent an integer number of years
108 multiplied by four times the number of seconds in a year. It is
109 needed when converting a tm_year value times the number of seconds
110 in a year. The factor of four comes because these products need
111 to be subtracted from each other, and sometimes with an offset
112 added to them, and then with another timestamp added, without
113 worrying about overflow.
115 Much of the code uses long_int to represent time_t values, to
116 lessen the hassle of dealing with platforms where time_t is
117 unsigned, and because long_int should suffice to represent all
118 time_t values that mktime can generate even on platforms where
119 time_t is excessively wide. */
121 #if INT_MAX <= LONG_MAX / 4 / 366 / 24 / 60 / 60
122 typedef long int long_int;
123 #else
124 typedef long long int long_int;
125 #endif
126 verify (INT_MAX <= TYPE_MAXIMUM (long_int) / 4 / 366 / 24 / 60 / 60);
128 /* Shift A right by B bits portably, by dividing A by 2**B and
129 truncating towards minus infinity. B should be in the range 0 <= B
130 <= LONG_INT_BITS - 2, where LONG_INT_BITS is the number of useful
131 bits in a long_int. LONG_INT_BITS is at least 32.
133 ISO C99 says that A >> B is implementation-defined if A < 0. Some
134 implementations (e.g., UNICOS 9.0 on a Cray Y-MP EL) don't shift
135 right in the usual way when A < 0, so SHR falls back on division if
136 ordinary A >> B doesn't seem to be the usual signed shift. */
138 static long_int
139 shr (long_int a, int b)
141 long_int one = 1;
142 return (-one >> 1 == -1
143 ? a >> b
144 : a / (one << b) - (a % (one << b) < 0));
147 /* Bounds for the intersection of time_t and long_int. */
149 static long_int const mktime_min
150 = ((TYPE_SIGNED (time_t) && TYPE_MINIMUM (time_t) < TYPE_MINIMUM (long_int))
151 ? TYPE_MINIMUM (long_int) : TYPE_MINIMUM (time_t));
152 static long_int const mktime_max
153 = (TYPE_MAXIMUM (long_int) < TYPE_MAXIMUM (time_t)
154 ? TYPE_MAXIMUM (long_int) : TYPE_MAXIMUM (time_t));
156 verify (TYPE_IS_INTEGER (time_t));
158 #define EPOCH_YEAR 1970
159 #define TM_YEAR_BASE 1900
160 verify (TM_YEAR_BASE % 100 == 0);
162 /* Is YEAR + TM_YEAR_BASE a leap year? */
163 static bool
164 leapyear (long_int year)
166 /* Don't add YEAR to TM_YEAR_BASE, as that might overflow.
167 Also, work even if YEAR is negative. */
168 return
169 ((year & 3) == 0
170 && (year % 100 != 0
171 || ((year / 100) & 3) == (- (TM_YEAR_BASE / 100) & 3)));
174 /* How many days come before each month (0-12). */
175 #ifndef _LIBC
176 static
177 #endif
178 const unsigned short int __mon_yday[2][13] =
180 /* Normal years. */
181 { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 365 },
182 /* Leap years. */
183 { 0, 31, 60, 91, 121, 152, 182, 213, 244, 274, 305, 335, 366 }
187 /* Do the values A and B differ according to the rules for tm_isdst?
188 A and B differ if one is zero and the other positive. */
189 static bool
190 isdst_differ (int a, int b)
192 return (!a != !b) && (0 <= a) && (0 <= b);
195 /* Return an integer value measuring (YEAR1-YDAY1 HOUR1:MIN1:SEC1) -
196 (YEAR0-YDAY0 HOUR0:MIN0:SEC0) in seconds, assuming that the clocks
197 were not adjusted between the timestamps.
199 The YEAR values uses the same numbering as TP->tm_year. Values
200 need not be in the usual range. However, YEAR1 - YEAR0 must not
201 overflow even when multiplied by three times the number of seconds
202 in a year, and likewise for YDAY1 - YDAY0 and three times the
203 number of seconds in a day. */
205 static long_int
206 ydhms_diff (long_int year1, long_int yday1, int hour1, int min1, int sec1,
207 int year0, int yday0, int hour0, int min0, int sec0)
209 verify (-1 / 2 == 0);
211 /* Compute intervening leap days correctly even if year is negative.
212 Take care to avoid integer overflow here. */
213 int a4 = shr (year1, 2) + shr (TM_YEAR_BASE, 2) - ! (year1 & 3);
214 int b4 = shr (year0, 2) + shr (TM_YEAR_BASE, 2) - ! (year0 & 3);
215 int a100 = a4 / 25 - (a4 % 25 < 0);
216 int b100 = b4 / 25 - (b4 % 25 < 0);
217 int a400 = shr (a100, 2);
218 int b400 = shr (b100, 2);
219 int intervening_leap_days = (a4 - b4) - (a100 - b100) + (a400 - b400);
221 /* Compute the desired time without overflowing. */
222 long_int years = year1 - year0;
223 long_int days = 365 * years + yday1 - yday0 + intervening_leap_days;
224 long_int hours = 24 * days + hour1 - hour0;
225 long_int minutes = 60 * hours + min1 - min0;
226 long_int seconds = 60 * minutes + sec1 - sec0;
227 return seconds;
230 /* Return the average of A and B, even if A + B would overflow.
231 Round toward positive infinity. */
232 static long_int
233 long_int_avg (long_int a, long_int b)
235 return shr (a, 1) + shr (b, 1) + ((a | b) & 1);
238 /* Return a long_int value corresponding to (YEAR-YDAY HOUR:MIN:SEC)
239 minus *TP seconds, assuming no clock adjustments occurred between
240 the two timestamps.
242 YEAR and YDAY must not be so large that multiplying them by three times the
243 number of seconds in a year (or day, respectively) would overflow long_int.
244 *TP should be in the usual range. */
245 static long_int
246 tm_diff (long_int year, long_int yday, int hour, int min, int sec,
247 struct tm const *tp)
249 return ydhms_diff (year, yday, hour, min, sec,
250 tp->tm_year, tp->tm_yday,
251 tp->tm_hour, tp->tm_min, tp->tm_sec);
254 /* Use CONVERT to convert T to a struct tm value in *TM. T must be in
255 range for time_t. Return TM if successful, NULL (setting errno) on
256 failure. */
257 static struct tm *
258 convert_time (struct tm *(*convert) (const time_t *, struct tm *),
259 long_int t, struct tm *tm)
261 time_t x = t;
262 return convert (&x, tm);
265 /* Use CONVERT to convert *T to a broken down time in *TP.
266 If *T is out of range for conversion, adjust it so that
267 it is the nearest in-range value and then convert that.
268 A value is in range if it fits in both time_t and long_int.
269 Return TP on success, NULL (setting errno) on failure. */
270 static struct tm *
271 ranged_convert (struct tm *(*convert) (const time_t *, struct tm *),
272 long_int *t, struct tm *tp)
274 long_int t1 = (*t < mktime_min ? mktime_min
275 : *t <= mktime_max ? *t : mktime_max);
276 struct tm *r = convert_time (convert, t1, tp);
277 if (r)
279 *t = t1;
280 return r;
282 if (errno != EOVERFLOW)
283 return NULL;
285 long_int bad = t1;
286 long_int ok = 0;
287 struct tm oktm; oktm.tm_sec = -1;
289 /* BAD is a known out-of-range value, and OK is a known in-range one.
290 Use binary search to narrow the range between BAD and OK until
291 they differ by 1. */
292 while (true)
294 long_int mid = long_int_avg (ok, bad);
295 if (mid == ok || mid == bad)
296 break;
297 if (convert_time (convert, mid, tp))
298 ok = mid, oktm = *tp;
299 else if (errno != EOVERFLOW)
300 return NULL;
301 else
302 bad = mid;
305 if (oktm.tm_sec < 0)
306 return NULL;
307 *t = ok;
308 *tp = oktm;
309 return tp;
313 /* Convert *TP to a time_t value, inverting
314 the monotonic and mostly-unit-linear conversion function CONVERT.
315 Use *OFFSET to keep track of a guess at the offset of the result,
316 compared to what the result would be for UTC without leap seconds.
317 If *OFFSET's guess is correct, only one CONVERT call is needed.
318 If successful, set *TP to the canonicalized struct tm;
319 otherwise leave *TP alone, return ((time_t) -1) and set errno.
320 This function is external because it is used also by timegm.c. */
321 time_t
322 __mktime_internal (struct tm *tp,
323 struct tm *(*convert) (const time_t *, struct tm *),
324 mktime_offset_t *offset)
326 struct tm tm;
328 /* The maximum number of probes (calls to CONVERT) should be enough
329 to handle any combinations of time zone rule changes, solar time,
330 leap seconds, and oscillations around a spring-forward gap.
331 POSIX.1 prohibits leap seconds, but some hosts have them anyway. */
332 int remaining_probes = 6;
334 /* Time requested. Copy it in case CONVERT modifies *TP; this can
335 occur if TP is localtime's returned value and CONVERT is localtime. */
336 int sec = tp->tm_sec;
337 int min = tp->tm_min;
338 int hour = tp->tm_hour;
339 int mday = tp->tm_mday;
340 int mon = tp->tm_mon;
341 int year_requested = tp->tm_year;
342 int isdst = tp->tm_isdst;
344 /* 1 if the previous probe was DST. */
345 int dst2 = 0;
347 /* Ensure that mon is in range, and set year accordingly. */
348 int mon_remainder = mon % 12;
349 int negative_mon_remainder = mon_remainder < 0;
350 int mon_years = mon / 12 - negative_mon_remainder;
351 long_int lyear_requested = year_requested;
352 long_int year = lyear_requested + mon_years;
354 /* The other values need not be in range:
355 the remaining code handles overflows correctly. */
357 /* Calculate day of year from year, month, and day of month.
358 The result need not be in range. */
359 int mon_yday = ((__mon_yday[leapyear (year)]
360 [mon_remainder + 12 * negative_mon_remainder])
361 - 1);
362 long_int lmday = mday;
363 long_int yday = mon_yday + lmday;
365 mktime_offset_t off = *offset;
366 int negative_offset_guess;
368 int sec_requested = sec;
370 if (LEAP_SECONDS_POSSIBLE)
372 /* Handle out-of-range seconds specially,
373 since ydhms_diff assumes every minute has 60 seconds. */
374 if (sec < 0)
375 sec = 0;
376 if (59 < sec)
377 sec = 59;
380 /* Invert CONVERT by probing. First assume the same offset as last
381 time. */
383 INT_SUBTRACT_WRAPV (0, off, &negative_offset_guess);
384 long_int t0 = ydhms_diff (year, yday, hour, min, sec,
385 EPOCH_YEAR - TM_YEAR_BASE, 0, 0, 0,
386 negative_offset_guess);
387 long_int t = t0, t1 = t0, t2 = t0;
389 /* Repeatedly use the error to improve the guess. */
391 while (true)
393 if (! ranged_convert (convert, &t, &tm))
394 return -1;
395 long_int dt = tm_diff (year, yday, hour, min, sec, &tm);
396 if (dt == 0)
397 break;
399 if (t == t1 && t != t2
400 && (tm.tm_isdst < 0
401 || (isdst < 0
402 ? dst2 <= (tm.tm_isdst != 0)
403 : (isdst != 0) != (tm.tm_isdst != 0))))
404 /* We can't possibly find a match, as we are oscillating
405 between two values. The requested time probably falls
406 within a spring-forward gap of size DT. Follow the common
407 practice in this case, which is to return a time that is DT
408 away from the requested time, preferring a time whose
409 tm_isdst differs from the requested value. (If no tm_isdst
410 was requested and only one of the two values has a nonzero
411 tm_isdst, prefer that value.) In practice, this is more
412 useful than returning -1. */
413 goto offset_found;
415 remaining_probes--;
416 if (remaining_probes == 0)
418 __set_errno (EOVERFLOW);
419 return -1;
422 t1 = t2, t2 = t, t += dt, dst2 = tm.tm_isdst != 0;
425 /* We have a match. Check whether tm.tm_isdst has the requested
426 value, if any. */
427 if (isdst_differ (isdst, tm.tm_isdst))
429 /* tm.tm_isdst has the wrong value. Look for a neighboring
430 time with the right value, and use its UTC offset.
432 Heuristic: probe the adjacent timestamps in both directions,
433 looking for the desired isdst. This should work for all real
434 time zone histories in the tz database. */
436 /* Distance between probes when looking for a DST boundary. In
437 tzdata2003a, the shortest period of DST is 601200 seconds
438 (e.g., America/Recife starting 2000-10-08 01:00), and the
439 shortest period of non-DST surrounded by DST is 694800
440 seconds (Africa/Tunis starting 1943-04-17 01:00). Use the
441 minimum of these two values, so we don't miss these short
442 periods when probing. */
443 int stride = 601200;
445 /* The longest period of DST in tzdata2003a is 536454000 seconds
446 (e.g., America/Jujuy starting 1946-10-01 01:00). The longest
447 period of non-DST is much longer, but it makes no real sense
448 to search for more than a year of non-DST, so use the DST
449 max. */
450 int duration_max = 536454000;
452 /* Search in both directions, so the maximum distance is half
453 the duration; add the stride to avoid off-by-1 problems. */
454 int delta_bound = duration_max / 2 + stride;
456 int delta, direction;
458 for (delta = stride; delta < delta_bound; delta += stride)
459 for (direction = -1; direction <= 1; direction += 2)
461 long_int ot;
462 if (! INT_ADD_WRAPV (t, delta * direction, &ot))
464 struct tm otm;
465 if (! ranged_convert (convert, &ot, &otm))
466 return -1;
467 if (! isdst_differ (isdst, otm.tm_isdst))
469 /* We found the desired tm_isdst.
470 Extrapolate back to the desired time. */
471 long_int gt = ot + tm_diff (year, yday, hour, min, sec,
472 &otm);
473 if (mktime_min <= gt && gt <= mktime_max)
475 if (convert_time (convert, gt, &tm))
477 t = gt;
478 goto offset_found;
480 if (errno != EOVERFLOW)
481 return -1;
487 __set_errno (EOVERFLOW);
488 return -1;
491 offset_found:
492 /* Set *OFFSET to the low-order bits of T - T0 - NEGATIVE_OFFSET_GUESS.
493 This is just a heuristic to speed up the next mktime call, and
494 correctness is unaffected if integer overflow occurs here. */
495 INT_SUBTRACT_WRAPV (t, t0, offset);
496 INT_SUBTRACT_WRAPV (*offset, negative_offset_guess, offset);
498 if (LEAP_SECONDS_POSSIBLE && sec_requested != tm.tm_sec)
500 /* Adjust time to reflect the tm_sec requested, not the normalized value.
501 Also, repair any damage from a false match due to a leap second. */
502 long_int sec_adjustment = sec == 0 && tm.tm_sec == 60;
503 sec_adjustment -= sec;
504 sec_adjustment += sec_requested;
505 if (INT_ADD_WRAPV (t, sec_adjustment, &t)
506 || ! (mktime_min <= t && t <= mktime_max))
508 __set_errno (EOVERFLOW);
509 return -1;
511 if (! convert_time (convert, t, &tm))
512 return -1;
515 *tp = tm;
516 return t;
519 #endif /* _LIBC || NEED_MKTIME_WORKING || NEED_MKTIME_INTERNAL */
521 #if defined _LIBC || NEED_MKTIME_WORKING || NEED_MKTIME_WINDOWS
523 /* Convert *TP to a time_t value. */
524 time_t
525 mktime (struct tm *tp)
527 /* POSIX.1 8.1.1 requires that whenever mktime() is called, the
528 time zone names contained in the external variable 'tzname' shall
529 be set as if the tzset() function had been called. */
530 __tzset ();
532 # if defined _LIBC || NEED_MKTIME_WORKING
533 static mktime_offset_t localtime_offset;
534 return __mktime_internal (tp, __localtime_r, &localtime_offset);
535 # else
536 # undef mktime
537 return mktime (tp);
538 # endif
540 #endif /* _LIBC || NEED_MKTIME_WORKING || NEED_MKTIME_WINDOWS */
542 #ifdef weak_alias
543 weak_alias (mktime, timelocal)
544 #endif
546 #ifdef _LIBC
547 libc_hidden_def (mktime)
548 libc_hidden_weak (timelocal)
549 #endif