From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 126809 invoked by alias); 4 Dec 2018 09:03:35 -0000 Mailing-List: contact newlib-cvs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: newlib-cvs-owner@sourceware.org Received: (qmail 126698 invoked by uid 10080); 4 Dec 2018 09:03:34 -0000 Date: Tue, 04 Dec 2018 09:03:00 -0000 Message-ID: <20181204090334.126695.qmail@sourceware.org> Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Sebastian Huber To: newlib-cvs@sourceware.org Subject: [newlib-cygwin] Ensure that all values of ns, us and ms work X-Act-Checkin: newlib-cygwin X-Git-Author: imp X-Git-Refname: refs/heads/master X-Git-Oldrev: 7bf8fc0987838fc435e251183410ed16bfb36c95 X-Git-Newrev: be517bd298641a4148f7b17dfc4528332154b459 X-SW-Source: 2018-q4/txt/msg00038.txt.bz2 https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=be517bd298641a4148f7b17dfc4528332154b459 commit be517bd298641a4148f7b17dfc4528332154b459 Author: imp Date: Tue Nov 20 07:11:23 2018 +0000 Ensure that all values of ns, us and ms work for {n,u,m}stosbt Integer overflows and wrong constants limited the accuracy of these functions and created situatiosn where sbttoXs(Xstosbt(Y)) != Y. This was especailly true in the ns case where we had millions of values that were wrong. Instead, used fixed constants because there's no way to say ceil(X) for integer math. Document what these crazy constants are. Also, use a shift one fewer left to avoid integer overflow causing incorrect results, and adjust the equasion accordingly. Document this. Allow times >= 1s to be well defined for these conversion functions (at least the Xstosbt). There's too many users in the tree that they work for >= 1s. This fixes a failure on boot to program firmware on the mlx4 NIC. There was a msleep(1000) in the code. Prior to my recent rounding changes, msleep(1000) worked, but msleep(1001) did not because the old code rounded to just below 2^64 and the new code rounds to just above it (overflowing, causing the msleep(1000) to really sleep 1ms). A test program to test all cases will be committed shortly. The test exaustively tries every value (thanks to bde for the test). Sponsored by: Netflix, Inc Differential Revision: https://reviews.freebsd.org/D18051 Diff: --- newlib/libc/include/sys/time.h | 59 +++++++++++++++++++++++++++++++++++++----- 1 file changed, 52 insertions(+), 7 deletions(-) diff --git a/newlib/libc/include/sys/time.h b/newlib/libc/include/sys/time.h index 5182dc1..081e0cf 100644 --- a/newlib/libc/include/sys/time.h +++ b/newlib/libc/include/sys/time.h @@ -33,7 +33,7 @@ * SUCH DAMAGE. * * @(#)time.h 8.5 (Berkeley) 5/4/95 - * $FreeBSD$ + * $FreeBSD: head/sys/sys/time.h 340664 2018-11-20 07:11:23Z imp $ */ #ifndef _SYS_TIME_H_ @@ -172,9 +172,24 @@ sbttobt(sbintime_t _sbt) * large roundoff errors which sbttons() and nstosbt() avoid. Millisecond and * microsecond functions are also provided for completeness. * - * These functions return the smallest sbt larger or equal to the number of - * seconds requested so that sbttoX(Xtosbt(y)) == y. The 1 << 32 - 1 term added - * transforms the >> 32 from floor() to ceil(). + * These functions return the smallest sbt larger or equal to the + * number of seconds requested so that sbttoX(Xtosbt(y)) == y. Unlike + * top of second computations below, which require that we tick at the + * top of second, these need to be rounded up so we do whatever for at + * least as long as requested. + * + * The naive computation we'd do is this + * ((unit * 2^64 / SIFACTOR) + 2^32-1) >> 32 + * However, that overflows. Instead, we compute + * ((unit * 2^63 / SIFACTOR) + 2^31-1) >> 32 + * and use pre-computed constants that are the ceil of the 2^63 / SIFACTOR + * term to ensure we are using exactly the right constant. We use the lesser + * evil of ull rather than a uint64_t cast to ensure we have well defined + * right shift semantics. With these changes, we get all the ns, us and ms + * conversions back and forth right. + * Note: This file is used for both kernel and userland includes, so we can't + * rely on KASSERT being defined, nor can we pollute the namespace by including + * assert.h. */ static __inline int64_t sbttons(sbintime_t _sbt) @@ -186,8 +201,18 @@ sbttons(sbintime_t _sbt) static __inline sbintime_t nstosbt(int64_t _ns) { + sbintime_t sb = 0; - return ((_ns * (((uint64_t)1 << 63) / 500000000) + (1ull << 32) - 1) >> 32); +#ifdef KASSERT + KASSERT(_ns >= 0, ("Negative values illegal for nstosbt: %jd", _ns)); +#endif + if (_ns >= SBT_1S) { + sb = (_ns / 1000000000) * SBT_1S; + _ns = _ns % 1000000000; + } + /* 9223372037 = ceil(2^63 / 1000000000) */ + sb += ((_ns * 9223372037ull) + 0x7fffffff) >> 31; + return (sb); } static __inline int64_t @@ -200,8 +225,18 @@ sbttous(sbintime_t _sbt) static __inline sbintime_t ustosbt(int64_t _us) { + sbintime_t sb = 0; - return ((_us * (((uint64_t)1 << 63) / 500000) + (1ull << 32) - 1) >> 32); +#ifdef KASSERT + KASSERT(_us >= 0, ("Negative values illegal for ustosbt: %jd", _us)); +#endif + if (_us >= SBT_1S) { + sb = (_us / 1000000) * SBT_1S; + _us = _us % 1000000; + } + /* 9223372036855 = ceil(2^63 / 1000000) */ + sb += ((_us * 9223372036855ull) + 0x7fffffff) >> 31; + return (sb); } static __inline int64_t @@ -214,8 +249,18 @@ sbttoms(sbintime_t _sbt) static __inline sbintime_t mstosbt(int64_t _ms) { + sbintime_t sb = 0; - return ((_ms * (((uint64_t)1 << 63) / 500) + (1ull << 32) - 1) >> 32); +#ifdef KASSERT + KASSERT(_ms >= 0, ("Negative values illegal for mstosbt: %jd", _ms)); +#endif + if (_ms >= SBT_1S) { + sb = (_ms / 1000) * SBT_1S; + _ms = _ms % 1000; + } + /* 9223372036854776 = ceil(2^63 / 1000) */ + sb += ((_ms * 9223372036854776ull) + 0x7fffffff) >> 31; + return (sb); } /*-