Austin Group Defect Tracker

Aardvark Mark IV


Viewing Issue Simple Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Type Date Submitted Last Update
0001614 [1003.1(2016/18)/Issue7+TC2] System Interfaces Objection Omission 2022-11-03 13:36 2024-06-11 09:07
Reporter kre View Status public  
Assigned To
Priority normal Resolution Accepted As Marked  
Status Closed  
Name Robert Elz
Organization
User Reference
Section XSH 3/mktime
Page Number 1331
Line Number 44331-44332
Interp Status Approved
Final Accepted Text See Note: 0006402.
Summary 0001614: XSH 3/mktime does not specify EINVAL and should
Description First, it is possible this is a duplicate bug report, if this issue
has already (or is to be already) handled by some other bug, and this
report doesn't add anything new, then please simply link this to that
as a duplicate, and then close this.

It is possible for the broken down local time passed to mktime() to
represent a time that never existed (eg: a time in the gap (most commonly
hour) when summer time commences, and the clock skips forward from
NN:59 to PP:00 (usually, gaps shorter than an hour exist, but for our
purposes here, as an example, that's not important) where PP==(NN+2)%24
and times MM:xx (usually for all xx) where MM==(NN+1)%24 simply never
existed (with appropriate adjustments to tm_mday, etc, if the %24 makes
any difference to the answer in each case).

If one specifies an input time of MM:20 that simply cannot be converted
to a time_t, it kind of represents NN:59 + 21 mionutes, except that local
time is really PP:20 not MM:20.

Note that tm_isdst does not help here, as the time simply does not exist,
it cannot be either summer or standard (or standard or winter as appropriate)
time. It is possible for an implementation to use tm_isdst as a hint
to what happened so cases like this work

    timeptr = localtime(&t);
    timeptr->tm_min += 20;
    t = mktime(timeptr);

where if tm_isdst should have changed value to represent the new time
calculated, but clearly here does not (and since timeptr came from
localtime, we know tm_isdst is 0 or 1) then the implementation might be
able to guess what was intended.

That does not always work however, there can be gaps in times for reasons
other than the tm_isdst changing seasonal adjustment, such as when a locality
decides to switch from one zone offset to another (eg: sometime, I am too
lazy to look up when, Singapore and Malaysia switched from UTC+0700 to
UTC+0800 (to align their clocks with Hong Kong, which was apparently
considered important - at least for Singapore). Neither used summer time,
before or after than change, tm_isdst is 0 in both zones - but there was
an hour there that never existed.

Similarly, when seasonal time ends, and time jumps backwards, there is an
hour (most commonly) of local time when the time runs twice. If one specifies
a time which is in (one of) those periods, along with a tm_isdst = -1, then
it is impossible to determine which time_t value should apply - EINVAL is
returned in that case.

Note that here, tm_isdst is used to handle this overlap when it is caused
by seasonal adjustments - but just as with the gap, that only works when
the duplicated time are for that reason, if Malaysia decided (which would be
odd, indeed, but could happen) that having their clocks match Thailand,
much of Indonesia (including Jakarta), and Laos and Cambodia, rather than
Singapore, they could decide to jump back to UTC+0700 by running one hour
twice - with tm_isdst==0 in both occurrences.

There is another way that (since bug 1533 was applied) could be considered
reasonable to handle the ambiguous case - one could use the value of tm_gmtoff
to determine which of the possible time_t's to return. This even handles
(never seen that I am aware of, and very unlikely to ever happen) cases
where a time runs more than twice, which tm_isdst cannot do.

It appears very tempting to make use of that to resolve this problem, but
I would strongly advise against it. Doing so would break current conforming
applications (which simple addition of the fields does not) as they currently
do not, and cannot (since the tm_gmtoff field does not appear in the existing
standard - it is not even as of the date of this report in a published draft
of an upcoming version of the standard) set that field, its value from such
an application will be unitialised (or perhaps 0), if mktime() were to attempt
to reference it, undefined behaviour might result. That's unacceptable.

It is not even OK to permit implementations to use tm_gmtoff by making its
use for this purpose unspecified, for the same reason - any implementation
that does risks undefined behaviour from a currently conforming application.
mktime() must not be permitted to reference that field (in the incoming
structure) at all.


An error code is required to handle this invalid or ambiguous input.
EINVAL is the usual one.
Desired Action Between lines 44331 and 44332 (of I7 TC2) add:

    [EINVAL] The local time specified represents a local time which
               either did not exist in the past, or is not expected to exist
               in the future, or the local time specified represents a
               local time which existed, or is expected to exist in the
               future, more than once, and the value supplied in tm_isdst
               is unable to resolve the ambiguity.

It might also be (assuming that you all agree with my reasoning above)
a good idea to add something in the Rationale (line 44359, currently "None")
explaining why tm_gmtoff is not (at least now) considered appropriate to
use to resolve the ambiguous case. I will leave it up to you to determine
whether it would be worth adding a Future Direction indicating that that
might be changed at some future time (ie: advising applications to ensure
that they start setting tm_gmtoff before calling mktime() - it will currently
be ignored, but one day, might be essential in this odd case).

           
Tags applied_after_i8d3, issue8
Attached Files

- Relationships
related to 0001627Closed XSH 3 / mktime() is woefully underspecified 

-  Notes
(0006022)
geoffclare (manager)
2022-11-03 16:54

I'm sure this has been discussed at least once before, but on the mailing list not in Mantis. When the specified time does not exist because it is in the gap created by the change to daylight saving time and tm_isdst is -1, mktime() is not allowed to fail. It must treat the time either as standard time or as daylight time and return the corresponding value. (The value of tm_isdst on output distinguishes the two.) Likewise when daylight saving time ends and times are ambiguous when tm_isdst is -1, mktime() must choose to treat it either as standard time or as daylight time. These cases are tested by one of the UNIX certification test suites.

If you know of an implementation where mktime() returns -1 under these conditions, please report it as a bug to the maintainers.

Cases such as Singapore and Malaysia moving to a different time zone are another matter, and I suppose mktime() could legitimately return -1. However, this would only happen with a TZ that specifies a location (rather than "std offset dst offset, rule"), and the behaviour of all functions that use TZ is implementation-defined in that case anyway, so I don't see the need to add an EINVAL error to the standard for this.
(0006025)
hvd (reporter)
2022-11-03 18:04

> I'm sure this has been discussed at least once before, but on the mailing list not in Mantis. When the specified time does not exist because it is in the gap created by the change to daylight saving time and tm_isdst is -1, mktime() is not allowed to fail.

C does allow this to fail; this has been confirmed at <https://www.open-std.org/jtc1/sc22/wg14/www/docs/dr_136.html>. [^] It is valid for POSIX to require specific behaviour in areas that the C standard leaves unspecified, but I see nothing in the CX-marked additions in POSIX specifies the behaviour for this case.
(0006028)
kre (reporter)
2022-11-03 20:02
edited on: 2022-11-03 20:48

Re Note: 0006022

   I'm sure this has been discussed at least once before,

I thought I remembered it as well, but did not find it, but if it was just
on the list that would explain it. But that's why I included the first
paragraph of the description.

But:
   When the specified time does not exist because it is in the gap created
   by the change to daylight saving time and tm_isdst is -1, mktime() is not
   allowed to fail.

That makes no sense at all. In the ambiguous case, I guess things could
be interpreted that way (the time runs twice), and in that case certainly
the tm_isdst value in the result can distinguish which was chosen (that is,
the implementation picks one if the application did not bother), but I do
not see anything in XSH 3/mktime which actually requires that to happen.
Certainly if the user sets tm_isdst to 0 or 1 in this case, then mktime()
must not fail, but return the appropriate value, but for the -1 case, all
I see in the standard is:

    A negative value for tm_isdst shall cause mktime( ) to attempt to
    determine whether Daylight Savings Time is in effect for the
    specified time.

Nothing there about it being required to pick one. Note that text I
proposed adding does not prohibit an implementation from picking one and
returning that, merely allows EINVAL if

     the value supplied in tm_isdst is unable to resolve the ambiguity.

If an implementation chooses to always pick one or the other (or even roll
the die, and randomly return one or the other) that's fine, in that case it
used the -1 input and used that to resolve the ambiguity, but I see nothing
which requires that kind of result.

But for the gap, the period where the local time specified never existed
at all, no result (except -1 with errno set) makes any sense at all. The
whole idea of mktime() is that localtime() applied to the time_t returned
will produce the same struct tm as that left in *timeptr my mktime() after
it has completed. The two are inverses of each other (to the extent that
EOVERFLOW does not apply, in one direction or the other, anyway). For a
broken down time (a struct tm) passed to mktime() which gives a value that
localtime() can never produce is simply broken. As best I can tell the
standard reference implementation of mktime() acts exactly like this.

Lastly, I have no sympathy at all for an argument by which POSIX deliberately
says that many places in the world don't need to be handled by the standard
TZ definition, and that anything that allows their time zone specification to
correctly translate their times is beyond the standard, and anything is
permitted, is simply outrageous (though this is not the place to debate XBD
8.3: TZ). But if things happen as they are looking like they might, this kind
of issue is likely to occur in the US, and Europe as well, if seasonal
variations are abandoned, and localities are permitted to pick which zone
they will remain in as their standard time - when that transition happens,
and it might not be far away, well before Issue9 of POSIX can possibly appear,
this exact problem will occur in places that the POSIX committee people cannot
simply dismiss as "we don't care what happens in that part of the world",
which seems to be the attitude now.

(0006030)
kre (reporter)
2022-11-03 20:27

I meant to add in the previous note (but this is more than I think should
be done by just amending that), that an option (not one I believe correct,
but if it seems to be) would be that rather than adding EINVAL to the "shall
fail" case, at least in the ambiguous input (time runs twice) scenario,
that could be added as a "may fail" section following the current "shall fail".

For the "time in the never existing gap" case (which exists in all zones
which have summer time (also stupidly known as "daylight savings") no matter
what form they use to specify the TZ setting, there really is no option,
the only thing mktime() can do in that case is return an error, nothing else
is correct, that needs to be a "shall fail".
(0006031)
geoffclare (manager)
2022-11-04 09:36
edited on: 2022-11-04 10:01

Re Note: 0006025 Yes, POSIX is more strict than C here. The CX shaded text that matters is:
A negative value for tm_isdst shall cause mktime() to attempt to determine whether Daylight Savings Time is in effect for the specified time.
(C has something similar, but in a non-normative footnote.)

As I understand it, this requires that if mktime() determines that DST is in effect, it returns the same result as it would for tm_isdst=1, otherwise it returns the same result as it would for tm_isdst=0. That is how all certified UNIX and POSIX systems behave. Until now I thought it was how all mktime() implementations behave, but I see that the C DR that you cite mentions "Arthur David Olson's popular ``tz'' time zone software" as returning -1. That was back in 1994, so I wonder if it still does or if it has changed to behave like other implementations.

Re Note: 0006022

> But for the gap, the period where the local time specified never existed
> at all, no result (except -1 with errno set) makes any sense at all. The
> whole idea of mktime() is that localtime() applied to the time_t returned
> will produce the same struct tm as that left in *timeptr my mktime() after
> it has completed. The two are inverses of each other

If you just feed in a struct tm obtained from localtime(), or any equivalent source of valid date and time info, obviously the "gap" times will never occur. What you are missing here is that an important feature of mktime() is that you can do calculations using the tm members. That is the reason it specifically allows out-of-range values.

If an application uses mktime() to answer the question "What will the date and time be a month from now" (meaning when the wall clock time is the same as it is now, but on the day that is a month from now) by incrementing tm_mon and setting tm_isdst=-1, it is not helpful to get back the answer "that time won't exist". There are probably a very large number of applications that do this kind of thing that will break if ported from an implementation where mktime() does not return -1 to one where it does (if any exist). Worse still, they will only break under rare circumstances, so the problem could go unnoticed for years, decades even, before biting one day.

If we did decide to allow mktime() to return -1, ask yourself how would an application handle this error? The vast majority of applications will want to obtain a time they can use, rather than reporting an error; if that time is adjusted by an hour because it happens to occur right at a DST change, that's all well and good. So the obvious way for them to handle the error would be to repeat the mktime() call with tm_isdst=0 (or 1). This will produce the same result that the standard currently requires. So all that allowing this error will achieve is to force most application writers to add another mktime() call in order to get the same result they would have got before. If an application actually wants to verify whether a given time exists, it can so do simply by checking whether the tm_hour and tm_min values it gets back are the same ones it fed in. This is actually a more reliable method than assuming that a return of -1 with errno EINVAL indicates a non-existent time would be (if we allow it), because EINVAL could be caused for other reasons as well (e.g. an invalid TZ value).

> For a broken down time (a struct tm) passed to mktime() which gives
> a value that localtime() can never produce is simply broken.

I'm having trouble parsing that. If you are suggesting that passing the return value of mktime() to localtime() could produce different struct tm member values than those returned by mktime(), then that can never happen, since mktime() is required to set them the same way localtime() does.

> As best I can tell the standard reference implementation of mktime()
> acts exactly like this

What implementation do you believe to be a reference implementation? The function was invented by the ANSI C committee. As far as I'm aware they did not produce a reference implementation. In the absence of an implementation by the function's inventors, all implementations have equal standing and none is a reference implementation.

Actually, that's not quite true, because POSIX has additional requirements beyond the C standard, so implementations that only claim conformance to C and not POSIX have no standing in relation to the additional POSIX requirements.

> I have no sympathy at all for an argument by which POSIX deliberately
> says that many places in the world don't need to be handled by the
> standard TZ definition, and that anything that allows their time zone
> specification to correctly translate their times is beyond the standard

Perhaps we should add the Area/Location TZ format to POSIX (with no details, just a reference to another standard, maybe RFC 6557).

Re Note: 0006030

> For the "time in the never existing gap" case [...] there really is
> no option, the only thing mktime() can do in that case is return an
> error, nothing else is correct, that needs to be a "shall fail".

This would make every certified implementation non-conforming, along with most if not all implementations that claim POSIX conformance but aren't certified, and would break many applications. There is absolutely no way this change would achieve consensus.

(0006032)
kre (reporter)
2022-11-04 17:37
edited on: 2022-11-04 17:43

Re Note: 0006031

I know this:

  A negative value for tm_isdst shall cause mktime() to attempt to determine
  whether Daylight Savings Time is in effect for the specified time.

and what your note says about it, but note that it says "attempt to determine"
not "determine" which it would not say if it were guaranteed to be able to
work (and I don't mean anything related to the unpredictability of what
might happen into the indefinite future, all we can possibly do is assume
that the current rules apply forever forward, until we discover differently).

If that attempt fails, what do you contend that mktime() should do?

   What you are missing here is that an important feature of mktime()
   is that you can do calculations using the tm members.

I don't think I was missing that, if you look back at the description
section, you'll see that it includes an example...

   It is possible for an implementation to use tm_isdst as a hint
   to what happened so cases like this work

    timeptr = localtime(&t);
    timeptr->tm_min += 20;
    t = mktime(timeptr);

and if you believe that is a requirement, then I don't object to that,
but I'd like a pointer to where in the standard this is stated as required.

But why would any code do, as you postulate:

    incrementing tm_mon and setting tm_isdst=-1,

why the "setting tm_isdst=-1" part? What would be the point?

If tm_isdst remained as localtime set it, then the implementation
can use that when normalising the numbers, to deduce what happened
if no time_t for the time can be produced, and further push the
time through the gap (altering tm_hour). But if we don't know what
tm_isdst applied before, how is the implementation supposed to
determine whether the tm passed to mktime() was produced by an
addition (time moving forwards) as in both your example, and mine,
or by a subtraction (looking for an earlier time). The expected
result in the two cases will be different (when we are crossing the
gap).

Paul Eggert's C query (from 1994) referenced by Harald in Note: 0006025
suggests that the test suites look for either of two answers, as long as
the implementation produces one of them, all is good. Surely you aren't
going to defend that as a practice? "We don't care whether the answer
you give is correct or meaningful, just as long as you give an answer"?

Really? Surely an error response is always better than an incorrect
answer passed off as being correct?

   There are probably a very large number of applications that do this kind
   of thing that will break if ported from an implementation where mktime()
   does not return -1 to one where it does (if any exist).

If there is any implementation where mktime() cannot return -1, it is
already non-compliant -- the standard is quite clear that mktime()
shall return -1 (with errno == EOVERFLOW) in some cases. Any application
that doesn't deal with a -1 return from mktime() is already defective,
whatever happens here.

What the application should do when it gets a -1 I cannot possibly
say - it entirely depends upon the needs of the application, but it
certainly needs to deal with the possibility (or just hope it never
happens, which would be a behaviour that would not need to be changed).

   So the obvious way for them to handle the error would be to repeat the
   mktime() call with tm_isdst=0 (or 1). This will produce the same result
   that the standard currently requires.

The question would be why they did not do that the first time? Why are
you imagining the tm_isdst=-1 being there? Note that even this cannot
handle all the cases (it certainly doesn't help with EOVERFLOW) ?

I am not going to debate application code writer's possible behaviours,
we don't have enough info to discuss that - using EINVAL to signal
"in the gap" as a message to them was never the purpose. Rather it
is a necessity for any implementation which seeks to provide only correct
answers, rather than "if we do this we pass the validation test, so that's
what we do, regardless of how stupid it is". And yes, implementers sometimes
do act just like that, under pressure.

Do you not see the incongruity of these two comments from your note:

    If we did decide to allow mktime() to return -1,
and
    EINVAL could be caused for other reasons as well (e.g. an invalid TZ value).

The second accepts that (even though it is not in the mktime() page,
mktime() can already return -1 with error == EINVAL.

But given all of that, note that tzset() is not actually allowed to
return an error, what happens with an invalid TZ is apparently unspecified,
but tzset() is apparently required to do something in that case, and not
return an error. So, I doubt that your "EINVAL could be caused for other
reasons as well" is actually the case (not that it matters here, a -1
return from mktime() is possible whatever happens as a result of this
issue, including nothing.

But hadn't you already decided that mktime() can return -1 ?? (and
even with errno==EINVAL)

wrt:

   I'm having trouble parsing that.

Sorry, that happens sometimes.

  If you are suggesting that passing the return value of mktime() to
  localtime() could produce different struct tm member values than those
  returned by mktime(), then that can never happen, since mktime() is
  required to set them the same way localtime() does.

what I meant is exactly what you say there is required. And I agree.

But mktime() only gets to adjust the input struct tm values (according
to what is written in the specification:

    the other components shall be set to represent the specified time
    since the Epoch, but with their values forced to the ranges indicated
    in the <time.h> entry;

That is, the "other components" (which means all of the relevant ones,
just not tm_wday and tm_yday which are irrelevant here) are set to
represent the specified time since the Epoch (that is: the time specified
by the caller of mktime()) but with any out of range values (according
to what is specified in <time.h>) adjusted so that are in range (and while
it does not say so, and probably should, I would interpret that to also
mean not having 31 days in November, even though 31 is within the range
permitted for tm_mday in <time.h>) but it doesn't say that they can be
adjusted for any other reason.

If we take Paul's example from C defect report #136 (the 1994 issue cited
by Harald in Note: 0006025) and the application create a struct tm, exactly
as he described it, what justification exists to allow mktime() to alter
any of the fields of the struct tm (except tm_isdst, as a -1 input is never
in range as an output value).

I see none. If the result is not -1, the resulting tm should be (for
the specified fields, other than tm_isdst) be identical to the one supplied.

Given that, if mktime() does not return -1 (if it does, what is in the
tm seems unspecified to me) then we have a case where mktime is (apparently)
required to leave the struct tm in a state which is something that localtime()
can never return - violating the requirement that we both agree should exist.

On the other hand, if it does return -1, which the C committee apparently
agree it can (and yes, I know that posix can make stricter requirements
than exist in C ... though I don't see anything in the spec for mktime()
which does so - only apparently in the broken validation suites) then
this is not an issue.

   What implementation do you believe to be a reference implementation?

I meant the one referenced in that defect report, which is (I believe) by
far the most widely used implementation (though often with minor variations)
existing at the minute, and is public domain. I believe that android
and probably macos both use it, I think all the BSDs use it, and linux.
Some of the commercial OSs use it as well.

   The function was invented by the ANSI C committee.

That is news to me, but I cannot dispute it, as I have no idea of
its origins. I do have vague memories of it in the very ancient
past though. The earliest BSD implementation (taken from the ado
code) I can find is in 4.3 Reno (1990) - but it must have existed
for quite a while before that, as that contains a version of mktime()
based upon one I had done earlier -- using an idea from Bob Kridle, when he
was still at UC Berkeley, Computer Centre -- the time_t desired is
determined by doing a binary search over the range of a time_t (works
for any possible time_t type - including floats) calling localtime on each,
comparing its resulting struct tm with the (already normalised) input
struct tm (and adjusting the upper or lower bound of the search as
appropriate) until equality is found.

When it becomes impossible to subdivide the range smaller (we'd need to
be producing sub-second intervals) if no match has been found, the tm
originally requested, simply cannot exist, and an error happens.

When I did my initial implementation of that, which was adopted (modified
to suit other requirements) in ado's implementation, I was replacing an
earlier algorithmic implementation (kind of like that in XBD 4.16 - but of
course, not nearly as simple as that makes it seem). I moved away from
unix work in the latter 1980's (87 or so) and more into networking and
the IETF for the rest of the century (before that environment became far
too political and commercial after the explosion of the internet in the
late 1990's). In any case, that would mean that there must have been at
least one freely available mktime() implementation around in the mid 1980's.

When did the C committee apparently invent it?

Aside: the advantage of the binary search algorithm is certainly not speed,
it is slower than an algorithmic implementation, usually a lot slower, but
it removes any knowledge of time peculiarities from mktime() - works
whatever (arithmetic) type time_t happens to be, and always guarantees
that one requirement that we agree on, locatime(mktime(tm)) == tm (not that
that is anything like valid C, but you know what I am getting at, and the
error case is being ignored there - that's only for valid time_t returns).
It also works (without adjustment) in environments using UTC, rather than
POSIX time_t (ie: where leap seconds are not simply imagined out of
existence), not that that aspect is relevant here.

While still considering this general point, also note that Paul's C defect
message, also includes this sentence:

    The ANSI C Rationale (corresponding to subclause 7.12.2.3) clearly lets
    mktime yield -1 in the ``fall-backward fold'' that will occur when the
    clock is turned back from 01:59:59 to 01:00:00 on October 30, 1994.

That's the case I have less problem avoiding a -1 result from, as while
it is ambiguous there which time_t is intended, either one will generate
the struct tm that was given to mktime() (and the input tm_isdst, if not -1,
can be used to select which - though there is no help available when the
input tm_isdst == -1) - but this is another case where an error return is
apparently allowed by C, the POSIX mktime() spec claims to defer to the C
standard, and nowhere (I have found) does POSIX say that it is more
restrictive in this area. Where do you believe these additional
requirements are stated?

I really believe that there is no option other than allowing EINVAL in
these cases (if you insist you could make both of them be "may fail if"
rather than "shall fail if") which would allow implementations which
return nonsense results, just because the (apparently broken) conformance
tests require nonsense results, to remain conforming, while still allowing
implementations striving for correctness to generate error returns when no
correct answer is possible.

On this last point:

    Perhaps we should add the Area/Location TZ format to POSIX
    (with no details, just a reference to another standard, maybe RFC 6557).

That would be a great idea. (Would need a new bug report though, it
doesn't belong in this one). "No details" I would agree with, and I'd
specify even less than you do there, I'd give some requirements on what
must be achieved, but no hints as to how to achieve that. Eg: I believe
that windows systems use the timezone data collected by the tz project,
(and probably more as well), but make use of it in a completely different
way, nothing like what that RFC specifies. No reason to prohibit that,
or even suggest it isn't the correct way - as long as it achieves the
correct results.

What matters is a TZ value, that isn't a valid POSIX TZ string (for what
use those are, which isn't much, in any meaningful zone) and doesn't
start with a ':' (which should remain as now), will (in an implementation
unspecified manner) provide access to information which allows any
time_t (ideally since standard time was adopted in a locality, and
certainly since the Epoch) to be converted to the appropriate time_t
(and back again) using the rules appropriate for that timezone at that
particular time. Requiring a '/' in the name isn't required I'd
expect, though in practice, all that matter (and aren't also POSIX
strings) meet that format.

(0006033)
hvd (reporter)
2022-11-04 23:23
edited on: 2022-11-04 23:23

> Re Note: 0006025 Yes, POSIX is more strict than C here. The CX shaded text that matters is:

> A negative value for tm_isdst shall cause mktime() to attempt to determine whether Daylight Savings Time is in effect for the specified time.

> (C has something similar, but in a non-normative footnote.)

Note that this, despite being CX-shaded, is not actually an instance of POSIX being more strict than C. The C footnote, in full, is:

"Thus, a positive or zero value for tm_isdst causes the mktime function to presume initially that Daylight Saving Time, respectively, is or is not in effect for the specified time. A negative value causes it to attempt to determine whether Daylight Saving Time is in effect for the specified time."

The footnote makes it clear that this is considered to follow from the normative wording and there is therefore no need to have this as a separate requirement in the normative wording; the footnote is merely for clarification. I believe that thinking here is correct. Do you disagree?

I'm happy with POSIX choosing to spell this out in normative wording, but if it adds no new requirements, it cannot be the case that it specifies anything that isn't specified by the C standard as well. Either this is unspecified both in ANSI C and in POSIX, or this is defined in both ANSI C and POSIX.

(0006034)
geoffclare (manager)
2022-11-07 12:33

Re Note: 0006032 This discussion is becoming too long to hold in bugnotes. See my response on the mailing list.
(0006035)
geoffclare (manager)
2022-11-07 12:42

Re Note: 0006033

> The footnote makes it clear that this is considered to follow from the
> normative wording and there is therefore no need to have this as a separate
> requirement in the normative wording; the footnote is merely for
> clarification. I believe that thinking here is correct. Do you disagree?

Yes I disagree. The word "thus" is what makes it seems like this follows from normative text, but if you look at the normative text where the footnote marker is, there is nothing there from which the text in the footnote could be derived. So the use of "thus" is puzzling.

I believe the real reason that the text is in a footnote instead of normative is because, earlier on, the C standard says "The local time zone and Daylight Saving Time are implementation-defined." Since DST is implementation-defined the C standard can't have normative text requiring mktime() to behave a certain way with regard to DST; it is left to implementations to decide how to interpret tm_isdst.

In POSIX the DST rules are specified in the description of TZ, so there is no problem requiring mktime() to make use of them.
(0006036)
hvd (reporter)
2022-11-07 12:59

> Yes I disagree. The word "thus" is what makes it seems like this follows from normative text, but if you look at the normative text where the footnote marker is, there is nothing there from which the text in the footnote could be derived. So the use of "thus" is puzzling.

There is. The footnote is attached to a sentence that states that the values on entry of tm_wday and tm_yday are ignored and that the other values not limited to their usual ranges. This tells us all values other than tm_wday and tm_yday are used, including tm_isdst. This means the value on entry of tm_isdst must be interpreted according to the earlier definition of tm_isdst, which is (in normative text) "The value of tm_isdst is positive if Daylight Saving Time is in effect, zero if Daylight Saving Time is not in effect, and negative if the information is not available." The only way to use the value on entry of tm_isdst that is consistent with that definition is what the footnote describes.

It may not be exactly clear, but it's a legitimate reading and one that the wording in the footnote tells us is the intended reading.
(0006037)
geoffclare (manager)
2022-11-08 15:24

Re Note: 0006036

> The only way to use the value on entry of tm_isdst that is consistent
> with that definition is what the footnote describes.

Here's where we disagree. As you say, negative tm_isdst means DST information is "not available"; however, there is nothing in the normative text that says how mktime() must behave when it is told that DST information is not available. The footnote is what does that, but it's non-normative.
(0006039)
hvd (reporter)
2022-11-09 00:01

> however, there is nothing in the normative text that says how mktime() must behave when it is told that DST information is not available.

We know that on a successful return of mktime(), "the other components are set to represent the specified calendar time". These other components again include tm_isdst, which thus must be set according to the description quoted earlier. If the implementation knows that Daylight Saving Time is in effect for the specified date and time, it must set tm_isdst to a positive value. If the implementation knows that Daylight Savings Time is not in effect for the specified date and time, it must set tm_isdst to zero.

It's one thing to think that this isn't clear from the C standard. It's quite another when it has specifically been stated by the C standard committee that this is how the normative text is meant to be read to argue that it doesn't say that. It doesn't matter whether you're right that it doesn't say that: we have zero doubt about the intent, so even if you can convince the committee that they're wrong, we know the outcome would just be to clear up the wording. We save ourselves a whole lot of time by just treating it as settled now.
(0006042)
geoffclare (manager)
2022-11-09 17:07

Re Note: 0006039

> If the implementation knows that Daylight Saving Time is in effect for the
> specified date and time, it must set tm_isdst to a positive value. If the
> implementation knows that Daylight Saving Time is not in effect for the
> specified date and time, it must set tm_isdst to zero.

Where is the normative text that says that? I can see nothing in C99 that forbids mktime(), or localtime() for that matter, returning a negative tm_isdst because "the information is not available".
(0006043)
hvd (reporter)
2022-11-09 17:40

> Where is the normative text that says that? I can see nothing in C99 that forbids mktime(), or localtime() for that matter, returning a negative tm_isdst because "the information is not available".

When we're talking about the cases where that information is available to the implementation, it's right there, "the information is not available" does not apply to that case. Of course, in situations where that information truly is unavailable, a negative tm_isdst could be appropriate, and that is consistent with the footnote and with the POSIX wording, as "attempt to determine" allows for the possibility that the determination fails.
(0006044)
kre (reporter)
2022-11-09 21:15

Re Note: 0006042 and Note: 0006043

You're right, in C99 it is possible for tm_isdst to be returned with the
value -1, if the implementation has no information on whether summer time
applies or not.

But here we tend to (also) live in a POSIX conforming environment, and then
this issue cannot arise. A conforming POSIX environment always has some
known timezone information, and always knows if summer time ever applies,
and if it does apply, always knows when the transitions occur. Those are
requirements to be conforming.

Any time_t value (which represents a year which will fit into the tm_year
field of a struct tm) will always be able to be converted to a struct_tm
with tm_isdst ==0 or tm_isdst == 1 -- -1 as a return value cannot happen.
(0006045)
hvd (reporter)
2022-11-09 23:18

> But here we tend to (also) live in a POSIX conforming environment, and then
> this issue cannot arise.

I was referring to the edge cases this issue is about there, the edge cases for which you have been arguing the most reasonable behaviour is for mktime() to return -1, but other implementations do return valid positive time_t values. I did not want to rule out the possibility of implementations setting tm_isdst to a negative value in those cases. We are in agreement that it should not happen in the normal cases.
(0006046)
kre (reporter)
2022-11-10 10:19

Re Note: 0006045

No, that possibility is already ruled out. The "missing paragraph"
from C99 that didn't make it into the POSIX spec of mktime() makes
it quite clear that that cannot happen - the struct tm returned from
a successful call of mktime() is required to be identical to a struct
tm that would be returned by a call of localtime() on the result of
mktime (and also, a second call of mktime() using the struct tm returned
from the first must not alter the struct tm, and must return the same
result. Since localtime() can (in POSIX) never return with tm_isdst == -1
mktime() cannot either.
(0006047)
kre (reporter)
2022-11-10 10:28

Further re Note: 0006045

Also, if we were in a situation where we don't know whether or
not summer time applies (or perhaps when it applies) in a particular
timezone (somehow) then the "edge cases for which I have been arguing..."
cannot occur either. If we don't know that summer time will commence
(or end), or we don't know when that will happen, then we cannot possibly
determine that a time is in the gap or foldback.
(0006402)
geoffclare (manager)
2023-07-25 14:08
edited on: 2023-07-25 14:16

The following is a suggested resolution which just covers the originally raised issue of the allowed behaviour for "non-existent" times and the function's error handling.

The side-issue of how the conversion from broken-down time to time since the Epoch is performed, particularly with respect to out-of-range struct tm member values, should be addressed in bug 0001627.

Interpretation response
------------------------

The standard clearly states that when an unsuccessful call to mktime() returns (time_t)-1 it sets errno to [EOVERFLOW], and conforming implementations must conform to this.

Rationale:
-------------

The RETURN VALUE section on the mktime() page states:
If the time since the Epoch cannot be represented, the function shall return the value (time_t)-1 [CX]and set errno to indicate the error[/CX].
This requires that errno is set to indicate "the error", and the beginning of the sentence states the nature of the error condition to which "the error" refers: the time since the Epoch (i.e. the integer value to be returned) cannot be represented. The ERRORS section requires that the error number [EOVERFLOW] is used for this condition.

Thus the standard requires that errno is set to [EOVERFLOW] when an unsuccessful call to mktime() returns (time_t)-1 and an implementation that sets it to [EINVAL] does not conform.

The mktime() function does not have any way to indicate to the caller that an error other than [EOVERFLOW] occurred.

Notes to the Editor (not part of this interpretation):
-------------------------------------------------------

On page 425 line 14451 section <time.h>, after applying bug 1253 change:
The value of tm_isdst shall be positive if Daylight Saving Time is in effect, 0 if Daylight Saving Time is not in effect, and negative if the information is not available.
to:
When tm_isdst is set by an interface defined in this standard, its value shall be positive if Daylight Saving Time (DST) is in effect and 0 if DST is not in effect. [CX]It shall not be set to a negative value by any interface defined in this standard. When tm_isdst is passed to the mktime() function, it specifies how mktime() is to handle DST when calculating the time since the Epoch value; see [xref to mktime()].[/CX]

On page 1331 line 44310 section mktime(), delete:
A positive or 0 value for tm_isdst shall cause mktime() to presume initially that Daylight Savings Time, respectively, is or is not in effect for the specified time. A negative value for tm_isdst shall cause mktime() to attempt to determine whether Daylight Savings Time is in effect for the specified time.

On page 1331 line 44317 section mktime(), change:
corrected for timezone and any seasonal time adjustments
to:
corrected for the offset of the timezone's standard time from Coordinated Universal Time and further corrected (if applicable--see below) for Daylight Saving Time

After page 1331 line 44321 section mktime(), add these new paragraphs:
[CX]If the timezone is one that includes Daylight Saving Time (DST) adjustments, the value of tm_isdst in the tm structure controls whether or not mktime() adjusts the calculated seconds since the Epoch value by the DST offset (after it has made the timezone adjustment), as follows:
  • If tm_isdst is zero, mktime() shall not further adjust the seconds since the Epoch by the DST offset.

  • If tm_isdst is positive, mktime() shall further adjust the seconds since the Epoch by the DST offset.

  • If tm_isdst is negative, mktime() shall attempt to determine whether DST is in effect for the specified time; if it determines that DST is in effect it shall produce the same result as an equivalent call with a positive tm_isdst value, otherwise it shall produce the same result as an equivalent call with a tm_isdst value of zero. If the broken-down time specifies a time that is either skipped over or repeated when a transition to or from DST occurs, it is unspecified whether mktime() produces the same result as an equivalent call with a positive tm_isdst value or as an equivalent call with a tm_isdst value of zero.


If the TZ environment variable specifies a geographical timezone for which the implementation's timezone database includes historical or future changes to the offset from Coordinated Universal Time of the timezone's standard time, and the broken-down time corresponds to a time that was (or will be) skipped over or repeated due to the occurrence of such a change, mktime() shall calculate the time since the Epoch value using either the offset in effect before the change or the offset in effect after the change.[/CX]

On page 1331 line 44323 section mktime(), after applying bug 1613 change:
with the specified time since the Epoch as its argument
to:
with the calculated time since the Epoch as its argument

On page 1331 line 44327 section mktime(), change:
The mktime() function shall return the specified time since the Epoch encoded as a value of type time_t. If the time since the Epoch cannot be represented, the function shall return the value (time_t)-1 [CX]and set errno to indicate the error[/CX].
to:
The mktime() function shall return the calculated time since the Epoch encoded as a value of type time_t. If the time since the Epoch cannot be represented as a time_t [CX]or the value to be returned in the tm_year member of the structure pointed to by timeptr cannot be represented as an int[/CX], the function shall return the value (time_t)-1 [CX]and set errno to [EOVERFLOW], and shall not change the value of the tm_wday component of the structure.[/CX]

[CX]Since (time_t)-1 is a valid return value for a successful call to mktime(), an application wishing to check for error situations should set tm_wday to a value less than 0 or greater than 6 before calling mktime(). On return, if tm_wday has not changed an error has occurred.[/CX]

On page 1332 line 44348 section mktime(), change:
if (mktime(&time_str) == -1)
to:
time_str.tm_wday = -1;
if (mktime(&time_str) == (time_t)-1 && time_str.tm_wday == -1)

On page 1332 line 44359 section mktime(), change RATIONALE from "None" to:
In order to allow applications to distinguish between a successful return of (time_t)-1 and an [EOVERFLOW] error, mktime() is required not to change tm_wday on error. This mechanism is used rather than the convention used for other functions whereby the application sets errno to zero before the call and the call does not change errno on error because the ISO C standard does not require mktime() to set errno on error. The next revision of the ISO C standard is expected to require that mktime() does not change tm_wday when returning (time_t)-1 to indicate an error, and that this return convention is used both for the case where the value to be returned by the function cannot be represented as a time_t and the case where the value to be returned in the tm_year member of the tm structure cannot be represented as an int.

The DESCRIPTION section says that mktime() converts the specified broken-down time into a time since the Epoch value. The use of the indefinite article here is necessary because, when tm_isdst is negative and the timezone has Daylight Saving Time transitions, there is not a one-to-one correspondence between broken-down times and time since the Epoch values.

The description of how the value of tm_isdst affects the behavior of mktime() is shaded CX because the requirements in the ISO C standard are unclear. The next revision of the ISO C standard is expected to state the requirements using wording equivalent to the wording in this standard.


(0006404)
agadmin (administrator)
2023-07-27 15:29

An interpretation is proposed: 27 July 2023
(0006436)
ajosey (manager)
2023-08-31 13:28

Interpretation approved: 31 August 2023

- Issue History
Date Modified Username Field Change
2022-11-03 13:36 kre New Issue
2022-11-03 13:36 kre Name => Robert Elz
2022-11-03 13:36 kre Section => XSH 3/mktime
2022-11-03 13:36 kre Page Number => 1331
2022-11-03 13:36 kre Line Number => 44331-44332
2022-11-03 16:54 geoffclare Note Added: 0006022
2022-11-03 18:04 hvd Note Added: 0006025
2022-11-03 20:02 kre Note Added: 0006028
2022-11-03 20:27 kre Note Added: 0006030
2022-11-03 20:43 kre Note Edited: 0006028
2022-11-03 20:48 kre Note Edited: 0006028
2022-11-04 09:36 geoffclare Note Added: 0006031
2022-11-04 10:01 geoffclare Note Edited: 0006031
2022-11-04 17:37 kre Note Added: 0006032
2022-11-04 17:43 kre Note Edited: 0006032
2022-11-04 23:23 hvd Note Added: 0006033
2022-11-04 23:23 hvd Note Edited: 0006033
2022-11-07 12:33 geoffclare Note Added: 0006034
2022-11-07 12:42 geoffclare Note Added: 0006035
2022-11-07 12:59 hvd Note Added: 0006036
2022-11-08 15:24 geoffclare Note Added: 0006037
2022-11-09 00:01 hvd Note Added: 0006039
2022-11-09 17:07 geoffclare Note Added: 0006042
2022-11-09 17:40 hvd Note Added: 0006043
2022-11-09 21:15 kre Note Added: 0006044
2022-11-09 23:18 hvd Note Added: 0006045
2022-11-10 10:19 kre Note Added: 0006046
2022-11-10 10:28 kre Note Added: 0006047
2023-07-25 14:08 geoffclare Note Added: 0006402
2023-07-25 14:09 geoffclare Relationship added related to 0001627
2023-07-25 14:09 geoffclare Note Edited: 0006402
2023-07-25 14:16 geoffclare Note Edited: 0006402
2023-07-27 15:18 Don Cragun Interp Status => ---
2023-07-27 15:18 Don Cragun Final Accepted Text => See Note: 0006402.
2023-07-27 15:18 Don Cragun Status New => Interpretation Required
2023-07-27 15:18 Don Cragun Resolution Open => Accepted As Marked
2023-07-27 15:20 Don Cragun Tag Attached: issue8
2023-07-27 15:29 agadmin Interp Status --- => Proposed
2023-07-27 15:29 agadmin Note Added: 0006404
2023-08-31 13:28 ajosey Interp Status Proposed => Approved
2023-08-31 13:28 ajosey Note Added: 0006436
2023-09-04 10:28 geoffclare Status Interpretation Required => Applied
2023-09-04 10:29 geoffclare Tag Attached: applied_after_i8d3
2024-06-11 09:07 agadmin Status Applied => Closed


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker