__TIME_MIN/__TIME_MAX

Jacques A. Vidrine nectar at FreeBSD.org
Sun Nov 16 02:20:13 PST 2003


On Sat, Nov 15, 2003 at 02:37:03PM -0800, Terry Lambert wrote:
> "Jacques A. Vidrine" wrote:
> > In at least one place in libc, it is necessary to range check a time_t
> > value.  One most platforms, time_t has the same range as `int', but
> > on at least amd64, it has a larger range.  Any objections to adding
> > definitions of __TIME_MIN and __TIME_MAX to sys/${arch}/_limits.h?
> > 
> > I could just do the usual check for lossage after casting, except that
> > in theory time_t could be a floating-point value (but not in reality
> > in FreeBSD).  It seems cleaner to me to have an explicit range.
> 
> XSI:	time_t and clock_t shall be integer or real-floating types.
> 
> The range should be derived from th type.  Defining separate values
> outside the implementation namespace might be OK, but keeping those
> values synchronized with the size_t is likely to be painful for
> years to come.

I don't think I understand your point.  time_t and size_t have no
relationship.  The __TIME_MIN/__TIME_MAX I was suggesting would have
been analogous to other numerical limits defined in <limits.h> such as
INT_MIN/INT_MAX or our implementation-only __OFF_MIN/__OFF_MAX.  Yes,
they'd need to be synchronized with the actual type in use, e.g.

  #define __TIME_MAX __INT_MAX   /* most platforms */
  #define __TIME_MAX __LONG_MAX  /* ia64, amd64 */

(Note that now, I don't intend to implement this because it doesn't
actually help me get out of the quandry I was in.  But, I still feel
like discussing if anyone is interested :-)

By the way, that quote from SUSv3 (``shall be integer or real-floating
types'') is what messes me up.  time_t could be signed or unsigned.  If
it were unsigned (extremely unlikely, but OK according to the letter of
the standard), then I don't think I can detect certain range errors.

    /* How can this be implemented correctly? */
    int range_error(long n, time_t t)
    {
	    return (long)(t = n) == n;
    }
    
Too bad (IMHO) C never grew other operators like sizeof that let you
examine type attributes.

Cheers,
-- 
Jacques Vidrine   NTT/Verio SME      FreeBSD UNIX       Heimdal
nectar at celabo.org jvidrine at verio.net nectar at freebsd.org nectar at kth.se


More information about the freebsd-arch mailing list