misc/78537: times(2) not functioning per the Posix spec
Bruce Evans
bde at zeta.org.au
Mon Mar 7 21:21:07 GMT 2005
On Mon, 7 Mar 2005, Matthew Soffen wrote:
>> Description:
> This is a finding from the Linux-Ha project and Robert Watson agrees that it does appear to be a bug in the behavior.
>
> According to the posix spec, the times (2) structure is supposed be unchangable from boot to boot. It is affected by any clock changes and per the spec ( http://www.opengroup.org/onlinepubs/009695399/functions/times.html ) it shouldn't be.
Please limit line lengths to considerably less than 241 characters.
I think you mean uniqueness of the returned value, not "unchangable
from boot to boot" of the struct contents or the returned value. POSIX
doesn't require any of these. It explicitly allows overflow of the
returned value and implictly allows overflow of the struct contents, as
in must since this interface is broken as designed and overflow occurs
on most systems.
>> How-To-Repeat:
> Have something using a times(2) structure to generate unique ID ( for the current run), cange the system time and you would be able to create duplicate time structurs.
times(2) cannot be used to generate unique ids, for many reasons:
1. The return value might overflow. It overflows in practice every 388+
days under FreeBSD.
2. The return value shouldn't be, but is under FreeBSD, non-monotonically
increasing. This might be the bug that you mean. The return value
should track a monotonic clock, one that is actually useful like
CLOCK_MONOTONIC, but it actually tracks CLOCK_REALTIME. This is not
a serious bug. Much more than times(2) breaks if CLOCK_REALTIME is
allowed to to go backwards.
3. The return value might be non-strictly monotonic. Since the resolution
of clock_t is too small to be useful for almost everything (still 1/128
seconds despite hat resolution being too small to be useful 10+ years
ago when meachines were 1000+ times slower), the return vaue of times(2)
is very likely to be the same for successive calls.
4. The return value might be non-unique across processes, even on non-SMP
systems with processes making strictly ordered calls to times(), since
POSIX permits even the return value to be relative to the start of the
process so as to reduce the overflow possibilities for the return value.
5. The values in the struct might overflow. Under FreeBSD, this can happen
after 388+ days for a process using 100% of the CPU.
6. The values in the struct might be non-monotically increasing. This isn't
a problem under FreeBSD, but was on old versions until 1999/03/13.
7. The values in the struct might be non-strictly monotonic. This is the
usual case in FreeBSD, as in (3).
8. The values in the struct might are non-unique across processes.
>> Fix:
> Make times(2) work like the posix spec. It shouldn't be based on Epoch being 0, it should be based on "startup" time being the 0 time.
Basing it on the Epoch is not a problem, since overflow of clock_t is
benign and the resulting timestamps are no less usable than ones based
on a more recent starting point (in fact, they are more usable since
you can determine the amount lost to overflow using a non-broken interface).
POSIX doesn't require any particular starting point. As mentioned in (4),
POSIX even allows using the start of the process for the starting point.
Basing it on the Epoch is harder to implement since we only have monotonic
times relative to system boot.
Bruce
More information about the freebsd-bugs
mailing list