[olsr-dev] strange using of times() ?

Bernd Petrovitsch (spam-protected)
Thu Dec 29 21:22:41 CET 2005 

On Thu, 2005-12-29 at 20:36 +0100, Andreas Tønnesen wrote:
> Hmmm... Ok, how about skipping the -1 test of the times(2) return value?
> The current idea is that we call times(2) once again if it returns -1, but
> this is rather hackish.

:-) This was also my first idea to "solve" the -1 case. However
POSIX itself doesn't list any errors causes
(http://www.opengroup.org/onlinepubs/009695399/functions/times.html) but
http://www.scit.wlv.ac.uk/cgi-bin/mansec?2+times (I don't know which
Unix the docs mean) lists EFAULT as possible errno value (which makes
sense from the kernel point of view).
Since we call the function with valid arguments we can pretty much rule
out such a problem as an invalid address.

> And we also need wraparound checks for the tick values. I guess we only
> need to consider the lower 32 bits on 64 bit systems as well(?) and that

As far as
----  snip  ----
find /usr/include -name '*.h' | xargs egrep -w '(define|
typedef).*(clock_t|__clock_t|__CLOCK_T_TYPE|__SLONGWORD_TYPE)'
----  snip  ----
(on Linux, i.e. glibc) reveals clock_t is a "long int", so 64bit archs
won't have a problem in the foreseeable future.
I don't think it buys anything to force 64bit CPUs to use only 32bits
for this - just use "long"/"unsigned long" and it should work on 32bit
and 64bit.

> we could use something along the lines of what we use on olsr timestamp
> wraparound checking(in olsr_protocol.h). (I'm currently away on vacation

If you actually mean the SEQNO_GREATER_THAN macro, this can IMHO also be
simplified to the below:

> so I have not had any time to look at this).

E.g. the Linux kernel uses #defines as (after removing typechecking)
----  snip  ----
#define time_after(a,b) ((long)(b) - (long)(a) < 0))
----  snip  ----
which looks odd from an C standard anal point of view - the
overflow/underrun behaviour of "signed" types is not well defined.
"unsigned" types are defined to behave like module calculations.
So in theory it should be rewritten as
----  snip  ----
#define time_after(a,b) \
                  ((long)((unsigned long)(b) - (unsigned long)(a)) < 0))
----  snip  ----
to get an overflowing/underrunning "unsigned" operation and a "signed"
interpretation of the result.
In practice the former one is equivalent since there are only CPUs out
there which behave that way (i.e. have 2s complement representation for
negative numbers).

	Bernd
-- 
Firmix Software GmbH                   http://www.firmix.at/
mobil: +43 664 4416156                 fax: +43 1 7890849-55
          Embedded Linux Development and Services

More information about the Olsr-dev mailing list