aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRoland McGrath <roland@gnu.org>2004-01-02 22:16:49 +0000
committerRoland McGrath <roland@gnu.org>2004-01-02 22:16:49 +0000
commita28a0500c08d9ca3930e1282c2aba3161c403e2f (patch)
tree32ce5fffc4d167be9fe902ec634de2f7ad1685da
parent56b168be5d3d56f8a729acfb5072e0eca429157e (diff)
downloadglibc-a28a0500c08d9ca3930e1282c2aba3161c403e2f.tar
glibc-a28a0500c08d9ca3930e1282c2aba3161c403e2f.tar.gz
glibc-a28a0500c08d9ca3930e1282c2aba3161c403e2f.tar.bz2
glibc-a28a0500c08d9ca3930e1282c2aba3161c403e2f.zip
2003-12-30 Paul Eggert <eggert@twinsun.com>
* time/mktime.c (verify): New macro. (time_t_is_integer, twos_complement_arithmetic, right_shift_propagates_sign, base_year_is_a_multiple_of_100, C99_integer_division): Document these longstanding assumptions in the code, and verify them at compile-time.
-rw-r--r--time/mktime.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/time/mktime.c b/time/mktime.c
index 136984bad1..c91a84fce8 100644
--- a/time/mktime.c
+++ b/time/mktime.c
@@ -61,8 +61,19 @@
# define TIME_T_MAX TYPE_MAXIMUM (time_t)
#endif
-#define TM_YEAR_BASE 1900
+/* Verify a requirement at compile-time (unlike assert, which is runtime). */
+#define verify(name, assertion) struct name { char a[(assertion) ? 1 : -1]; }
+
+verify (time_t_is_integer, (time_t) 0.5 == 0);
+verify (twos_complement_arithmetic, -1 == ~1 + 1);
+verify (right_shift_propagates_sign, -1 >> 1 == -1);
+/* The code also assumes that signed integer overflow silently wraps
+ around, but this assumption can't be stated without causing a
+ diagnostic on some hosts. */
+
#define EPOCH_YEAR 1970
+#define TM_YEAR_BASE 1900
+verify (base_year_is_a_multiple_of_100, TM_YEAR_BASE % 100 == 0);
#ifndef __isleap
/* Nonzero if YEAR is a leap year (every 4 years,
@@ -109,6 +120,8 @@ ydhms_tm_diff (int year, int yday, int hour, int min, int sec,
return 1;
else
{
+ verify (C99_integer_division, -1 / 2 == 0);
+
/* Compute intervening leap days correctly even if year is negative.
Take care to avoid int overflow. time_t overflow is OK, since
only the low order bits of the correct time_t answer are needed.