From a28a0500c08d9ca3930e1282c2aba3161c403e2f Mon Sep 17 00:00:00 2001 From: Roland McGrath Date: Fri, 2 Jan 2004 22:16:49 +0000 Subject: [PATCH] 2003-12-30 Paul Eggert * time/mktime.c (verify): New macro. (time_t_is_integer, twos_complement_arithmetic, right_shift_propagates_sign, base_year_is_a_multiple_of_100, C99_integer_division): Document these longstanding assumptions in the code, and verify them at compile-time. --- time/mktime.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/time/mktime.c b/time/mktime.c index 136984bad1..c91a84fce8 100644 --- a/time/mktime.c +++ b/time/mktime.c @@ -61,8 +61,19 @@ # define TIME_T_MAX TYPE_MAXIMUM (time_t) #endif -#define TM_YEAR_BASE 1900 +/* Verify a requirement at compile-time (unlike assert, which is runtime). */ +#define verify(name, assertion) struct name { char a[(assertion) ? 1 : -1]; } + +verify (time_t_is_integer, (time_t) 0.5 == 0); +verify (twos_complement_arithmetic, -1 == ~1 + 1); +verify (right_shift_propagates_sign, -1 >> 1 == -1); +/* The code also assumes that signed integer overflow silently wraps + around, but this assumption can't be stated without causing a + diagnostic on some hosts. */ + #define EPOCH_YEAR 1970 +#define TM_YEAR_BASE 1900 +verify (base_year_is_a_multiple_of_100, TM_YEAR_BASE % 100 == 0); #ifndef __isleap /* Nonzero if YEAR is a leap year (every 4 years, @@ -109,6 +120,8 @@ ydhms_tm_diff (int year, int yday, int hour, int min, int sec, return 1; else { + verify (C99_integer_division, -1 / 2 == 0); + /* Compute intervening leap days correctly even if year is negative. Take care to avoid int overflow. time_t overflow is OK, since only the low order bits of the correct time_t answer are needed. -- 2.43.5