|
@@ -0,0 +1,155 @@
|
|
|
+
|
|
|
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
|
|
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
|
|
|
+
|
|
|
+
|
|
|
+#include "lib/time/tvdiff.h"
|
|
|
+
|
|
|
+#include "lib/cc/compat_compiler.h"
|
|
|
+#include "lib/log/torlog.h"
|
|
|
+
|
|
|
+#define TOR_USEC_PER_SEC 1000000
|
|
|
+
|
|
|
+
|
|
|
+ * Returns INT64_MAX on overflow and underflow.
|
|
|
+ */
|
|
|
+static int64_t
|
|
|
+tv_secdiff_impl(const struct timeval *start, const struct timeval *end)
|
|
|
+{
|
|
|
+ const int64_t s = (int64_t)start->tv_sec;
|
|
|
+ const int64_t e = (int64_t)end->tv_sec;
|
|
|
+
|
|
|
+
|
|
|
+ * but it's easy to see that it's correct and doesn't overflow */
|
|
|
+
|
|
|
+ if (s > 0 && e < INT64_MIN + s) {
|
|
|
+
|
|
|
+ * overflow */
|
|
|
+ return INT64_MAX;
|
|
|
+ } else if (s < 0 && e > INT64_MAX + s) {
|
|
|
+
|
|
|
+ * overflow */
|
|
|
+ return INT64_MAX;
|
|
|
+ }
|
|
|
+
|
|
|
+ return e - s;
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
+ * Returns LONG_MAX on overflow and underflow.
|
|
|
+ */
|
|
|
+long
|
|
|
+tv_udiff(const struct timeval *start, const struct timeval *end)
|
|
|
+{
|
|
|
+
|
|
|
+ if (start->tv_usec > TOR_USEC_PER_SEC || start->tv_usec < 0) {
|
|
|
+ log_warn(LD_GENERAL, "comparing times on microsecond detail with bad "
|
|
|
+ "start tv_usec: " I64_FORMAT " microseconds",
|
|
|
+ I64_PRINTF_ARG(start->tv_usec));
|
|
|
+ return LONG_MAX;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (end->tv_usec > TOR_USEC_PER_SEC || end->tv_usec < 0) {
|
|
|
+ log_warn(LD_GENERAL, "comparing times on microsecond detail with bad "
|
|
|
+ "end tv_usec: " I64_FORMAT " microseconds",
|
|
|
+ I64_PRINTF_ARG(end->tv_usec));
|
|
|
+ return LONG_MAX;
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ */
|
|
|
+ int64_t udiff;
|
|
|
+ const int64_t secdiff = tv_secdiff_impl(start, end);
|
|
|
+
|
|
|
+
|
|
|
+ if (secdiff > (int64_t)(LONG_MAX/1000000 - 1) ||
|
|
|
+ secdiff < (int64_t)(LONG_MIN/1000000 + 1)) {
|
|
|
+ log_warn(LD_GENERAL, "comparing times on microsecond detail too far "
|
|
|
+ "apart: " I64_FORMAT " seconds", I64_PRINTF_ARG(secdiff));
|
|
|
+ return LONG_MAX;
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ * between 0 and TV_USEC_PER_SEC. */
|
|
|
+ udiff = secdiff*1000000 + ((int64_t)end->tv_usec - (int64_t)start->tv_usec);
|
|
|
+
|
|
|
+
|
|
|
+#if SIZEOF_LONG < 8
|
|
|
+ if (udiff > (int64_t)LONG_MAX || udiff < (int64_t)LONG_MIN) {
|
|
|
+ return LONG_MAX;
|
|
|
+ }
|
|
|
+#endif
|
|
|
+
|
|
|
+ return (long)udiff;
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
+ * If the tv_usec difference is 500, rounds away from zero.
|
|
|
+ * Returns LONG_MAX on overflow and underflow.
|
|
|
+ */
|
|
|
+long
|
|
|
+tv_mdiff(const struct timeval *start, const struct timeval *end)
|
|
|
+{
|
|
|
+
|
|
|
+ if (start->tv_usec > TOR_USEC_PER_SEC || start->tv_usec < 0) {
|
|
|
+ log_warn(LD_GENERAL, "comparing times on millisecond detail with bad "
|
|
|
+ "start tv_usec: " I64_FORMAT " microseconds",
|
|
|
+ I64_PRINTF_ARG(start->tv_usec));
|
|
|
+ return LONG_MAX;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (end->tv_usec > TOR_USEC_PER_SEC || end->tv_usec < 0) {
|
|
|
+ log_warn(LD_GENERAL, "comparing times on millisecond detail with bad "
|
|
|
+ "end tv_usec: " I64_FORMAT " microseconds",
|
|
|
+ I64_PRINTF_ARG(end->tv_usec));
|
|
|
+ return LONG_MAX;
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ */
|
|
|
+ int64_t mdiff;
|
|
|
+ const int64_t secdiff = tv_secdiff_impl(start, end);
|
|
|
+
|
|
|
+
|
|
|
+ * mdiff calculation may add another temporary second for rounding.
|
|
|
+ * Whether this actually causes overflow depends on the compiler's constant
|
|
|
+ * folding and order of operations. */
|
|
|
+ if (secdiff > (int64_t)(LONG_MAX/1000 - 2) ||
|
|
|
+ secdiff < (int64_t)(LONG_MIN/1000 + 1)) {
|
|
|
+ log_warn(LD_GENERAL, "comparing times on millisecond detail too far "
|
|
|
+ "apart: " I64_FORMAT " seconds", I64_PRINTF_ARG(secdiff));
|
|
|
+ return LONG_MAX;
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ mdiff = secdiff*1000 +
|
|
|
+
|
|
|
+ * so that the round-towards-zero behavior of the division will give
|
|
|
+ * the right result for rounding to the nearest msec. Later we subtract
|
|
|
+ * 1000 in order to get the correct result.
|
|
|
+ * We'll never get an overflow here, because we check that both usecs are
|
|
|
+ * between 0 and TV_USEC_PER_SEC. */
|
|
|
+ ((int64_t)end->tv_usec - (int64_t)start->tv_usec + 500 + 1000000) / 1000
|
|
|
+ - 1000;
|
|
|
+
|
|
|
+
|
|
|
+#if SIZEOF_LONG < 8
|
|
|
+ if (mdiff > (int64_t)LONG_MAX || mdiff < (int64_t)LONG_MIN) {
|
|
|
+ return LONG_MAX;
|
|
|
+ }
|
|
|
+#endif
|
|
|
+
|
|
|
+ return (long)mdiff;
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
+ * Converts timeval to milliseconds.
|
|
|
+ */
|
|
|
+int64_t
|
|
|
+tv_to_msec(const struct timeval *tv)
|
|
|
+{
|
|
|
+ int64_t conv = ((int64_t)tv->tv_sec)*1000L;
|
|
|
+
|
|
|
+ conv += ((int64_t)tv->tv_usec+500)/1000L;
|
|
|
+ return conv;
|
|
|
+}
|