misc/78537: times(2) not functioning per the Posix spec

Bruce Evans bde at zeta.org.au
Mon Mar 7 21:21:07 GMT 2005 

On Mon, 7 Mar 2005, Matthew Soffen wrote:

>> Description:
> This is a finding from the Linux-Ha project and Robert Watson agrees that it does appear to be a bug in the behavior.
>
> According to the posix spec, the times (2) structure is supposed be unchangable from boot to boot.  It  is affected by any clock changes and per the spec ( http://www.opengroup.org/onlinepubs/009695399/functions/times.html ) it shouldn't be.

Please limit line lengths to considerably less than 241 characters.

I think you mean uniqueness of the returned value, not "unchangable
from boot to boot" of the struct contents or the returned value.  POSIX
doesn't require any of these.  It explicitly allows overflow of the
returned value and implictly allows overflow of the struct contents, as
in must since this interface is broken as designed and overflow occurs
on most systems.

>> How-To-Repeat:
> Have something using  a times(2) structure to generate unique ID ( for the current run), cange the system time and you would be able to create duplicate time structurs.

times(2) cannot be used to generate unique ids, for many reasons:
1. The return value might overflow.  It overflows in practice every 388+
    days under FreeBSD.
2. The return value shouldn't be, but is under FreeBSD, non-monotonically
    increasing.  This might be the bug that you mean.  The return value
    should track a monotonic clock, one that is actually useful like
    CLOCK_MONOTONIC, but it actually tracks CLOCK_REALTIME.  This is not
    a serious bug.  Much more than times(2) breaks if CLOCK_REALTIME is
    allowed to to go backwards.
3. The return value might be non-strictly monotonic.  Since the resolution
    of clock_t is too small to be useful for almost everything (still 1/128
    seconds despite hat resolution being too small to be useful 10+ years
    ago when meachines were 1000+ times slower), the return vaue of times(2)
    is very likely to be the same for successive calls.
4. The return value might be non-unique across processes, even on non-SMP
    systems with processes making strictly ordered calls to times(), since
    POSIX permits even the return value to be relative to the start of the
    process so as to reduce the overflow possibilities for the return value.
5. The values in the struct might overflow.  Under FreeBSD, this can happen
    after 388+ days for a process using 100% of the CPU.
6. The values in the struct might be non-monotically increasing.  This isn't
    a problem under FreeBSD, but was on old versions until 1999/03/13.
7. The values in the struct might be non-strictly monotonic.  This is the
    usual case in FreeBSD, as in (3).
8. The values in the struct might are non-unique across processes.

>> Fix:
> Make times(2) work like the posix spec.  It shouldn't be based on Epoch being 0, it should be based on "startup" time being the 0 time.

Basing it on the Epoch is not a problem, since overflow of clock_t is
benign and the resulting timestamps are no less usable than ones based
on a more recent starting point (in fact, they are more usable since
you can determine the amount lost to overflow using a non-broken interface).
POSIX doesn't require any particular starting point.  As mentioned in (4),
POSIX even allows using the start of the process for the starting point.

Basing it on the Epoch is harder to implement since we only have monotonic
times relative to system boot.

Bruce

More information about the freebsd-bugs mailing list