[newlib-cygwin] Ensure that all values of ns, us and ms work

[newlib-cygwin] Ensure that all values of ns, us and ms work

[Sebastian Huber]

https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=be517bd298641a4148f7b17dfc4528332154b459

commit be517bd298641a4148f7b17dfc4528332154b459
Author: imp <imp@FreeBSD.org>
Date:   Tue Nov 20 07:11:23 2018 +0000

    Ensure that all values of ns, us and ms work
    
    for {n,u,m}stosbt
    
    Integer overflows and wrong constants limited the accuracy of these
    functions and created situatiosn where sbttoXs(Xstosbt(Y)) != Y. This
    was especailly true in the ns case where we had millions of values
    that were wrong.
    
    Instead, used fixed constants because there's no way to say ceil(X)
    for integer math. Document what these crazy constants are.
    
    Also, use a shift one fewer left to avoid integer overflow causing
    incorrect results, and adjust the equasion accordingly. Document this.
    
    Allow times >= 1s to be well defined for these conversion functions
    (at least the Xstosbt). There's too many users in the tree that they
    work for >= 1s.
    
    This fixes a failure on boot to program firmware on the mlx4
    NIC. There was a msleep(1000) in the code. Prior to my recent rounding
    changes, msleep(1000) worked, but msleep(1001) did not because the old
    code rounded to just below 2^64 and the new code rounds to just above
    it (overflowing, causing the msleep(1000) to really sleep 1ms).
    
    A test program to test all cases will be committed shortly. The test
    exaustively tries every value (thanks to bde for the test).
    
    Sponsored by: Netflix, Inc
    Differential Revision: https://reviews.freebsd.org/D18051

Diff:
---
 newlib/libc/include/sys/time.h | 59 +++++++++++++++++++++++++++++++++++++-----
 1 file changed, 52 insertions(+), 7 deletions(-)

diff --git a/newlib/libc/include/sys/time.h b/newlib/libc/include/sys/time.h
index 5182dc1..081e0cf 100644
--- a/newlib/libc/include/sys/time.h
+++ b/newlib/libc/include/sys/time.h
@@ -33,7 +33,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)time.h	8.5 (Berkeley) 5/4/95
- * $FreeBSD$
+ * $FreeBSD: head/sys/sys/time.h 340664 2018-11-20 07:11:23Z imp $
  */
 
 #ifndef _SYS_TIME_H_
@@ -172,9 +172,24 @@ sbttobt(sbintime_t _sbt)
  * large roundoff errors which sbttons() and nstosbt() avoid.  Millisecond and
  * microsecond functions are also provided for completeness.
  *
- * These functions return the smallest sbt larger or equal to the number of
- * seconds requested so that sbttoX(Xtosbt(y)) == y. The 1 << 32 - 1 term added
- * transforms the >> 32 from floor() to ceil().
+ * These functions return the smallest sbt larger or equal to the
+ * number of seconds requested so that sbttoX(Xtosbt(y)) == y.  Unlike
+ * top of second computations below, which require that we tick at the
+ * top of second, these need to be rounded up so we do whatever for at
+ * least as long as requested.
+ *
+ * The naive computation we'd do is this
+ *	((unit * 2^64 / SIFACTOR) + 2^32-1) >> 32
+ * However, that overflows. Instead, we compute
+ *	((unit * 2^63 / SIFACTOR) + 2^31-1) >> 32
+ * and use pre-computed constants that are the ceil of the 2^63 / SIFACTOR
+ * term to ensure we are using exactly the right constant. We use the lesser
+ * evil of ull rather than a uint64_t cast to ensure we have well defined
+ * right shift semantics. With these changes, we get all the ns, us and ms
+ * conversions back and forth right.
+ * Note: This file is used for both kernel and userland includes, so we can't
+ * rely on KASSERT being defined, nor can we pollute the namespace by including
+ * assert.h.
  */
 static __inline int64_t
 sbttons(sbintime_t _sbt)
@@ -186,8 +201,18 @@ sbttons(sbintime_t _sbt)
 static __inline sbintime_t
 nstosbt(int64_t _ns)
 {
+	sbintime_t sb = 0;
 
-	return ((_ns * (((uint64_t)1 << 63) / 500000000) + (1ull << 32) - 1) >> 32);
+#ifdef KASSERT
+	KASSERT(_ns >= 0, ("Negative values illegal for nstosbt: %jd", _ns));
+#endif
+	if (_ns >= SBT_1S) {
+		sb = (_ns / 1000000000) * SBT_1S;
+		_ns = _ns % 1000000000;
+	}
+	/* 9223372037 = ceil(2^63 / 1000000000) */
+	sb += ((_ns * 9223372037ull) + 0x7fffffff) >> 31;
+	return (sb);
 }
 
 static __inline int64_t
@@ -200,8 +225,18 @@ sbttous(sbintime_t _sbt)
 static __inline sbintime_t
 ustosbt(int64_t _us)
 {
+	sbintime_t sb = 0;
 
-	return ((_us * (((uint64_t)1 << 63) / 500000) + (1ull << 32) - 1) >> 32);
+#ifdef KASSERT
+	KASSERT(_us >= 0, ("Negative values illegal for ustosbt: %jd", _us));
+#endif
+	if (_us >= SBT_1S) {
+		sb = (_us / 1000000) * SBT_1S;
+		_us = _us % 1000000;
+	}
+	/* 9223372036855 = ceil(2^63 / 1000000) */
+	sb += ((_us * 9223372036855ull) + 0x7fffffff) >> 31;
+	return (sb);
 }
 
 static __inline int64_t
@@ -214,8 +249,18 @@ sbttoms(sbintime_t _sbt)
 static __inline sbintime_t
 mstosbt(int64_t _ms)
 {
+	sbintime_t sb = 0;
 
-	return ((_ms * (((uint64_t)1 << 63) / 500) + (1ull << 32) - 1) >> 32);
+#ifdef KASSERT
+	KASSERT(_ms >= 0, ("Negative values illegal for mstosbt: %jd", _ms));
+#endif
+	if (_ms >= SBT_1S) {
+		sb = (_ms / 1000) * SBT_1S;
+		_ms = _ms % 1000;
+	}
+	/* 9223372036854776 = ceil(2^63 / 1000) */
+	sb += ((_ms * 9223372036854776ull) + 0x7fffffff) >> 31;
+	return (sb);
 }
 
 /*-