/*	$NetBSD: t_time_arith.c,v 1.3 2025/04/01 23:14:23 riastradh Exp $	*/

/*-
 * Copyright (c) 2024-2025 The NetBSD Foundation, Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include <sys/cdefs.h>
__RCSID("$NetBSD: t_time_arith.c,v 1.3 2025/04/01 23:14:23 riastradh Exp $");

#include <sys/timearith.h>

#include <atf-c.h>
#include <errno.h>
#include <limits.h>
#include <setjmp.h>
#include <signal.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
#include <util.h>

#include "h_macros.h"

enum { HZ = 100 };

int hz = HZ;
int tick = 1000000/HZ;

static sig_atomic_t jmp_en;
static int jmp_sig;
static jmp_buf jmp;

static void
handle_signal(int signo)
{
	const int errno_save = errno;
	char buf[32];

	snprintf_ss(buf, sizeof(buf), "signal %d\n", signo);
	(void)write(STDERR_FILENO, buf, strlen(buf));

	errno = errno_save;

	if (jmp_en) {
		jmp_sig = signo;
		jmp_en = 0;
		longjmp(jmp, 1);
	} else {
		raise_default_signal(signo);
	}
}

const struct itimer_transition {
	struct itimerspec	it_time;
	struct timespec		it_now;
	struct timespec		it_next;
	int			it_overruns;
	const char		*it_xfail;
} itimer_transitions[] = {
	/*
	 * Fired more than one interval early -- treat clock as wound
	 * backwards, not counting overruns.  Advance to the next
	 * integral multiple of it_interval starting from it_value.
	 */
	[0] = {{.it_value = {3,0}, .it_interval = {1,0}},
	       {0,1}, {1,0}, 0,
	       NULL},
	[1] = {{.it_value = {3,0}, .it_interval = {1,0}},
	       {0,500000000}, {1,0}, 0,
	       NULL},
	[2] = {{.it_value = {3,0}, .it_interval = {1,0}},
	       {0,999999999}, {1,0}, 0,
	       NULL},
	[3] = {{.it_value = {3,0}, .it_interval = {1,0}},
	       {1,0}, {2,0}, 0,
	       NULL},
	[4] = {{.it_value = {3,0}, .it_interval = {1,0}},
	       {1,1}, {2,0}, 0,
	       NULL},
	[5] = {{.it_value = {3,0}, .it_interval = {1,0}},
	       {1,500000000}, {2,0}, 0,
	       NULL},
	[6] = {{.it_value = {3,0}, .it_interval = {1,0}},
	       {1,999999999}, {2,0}, 0,
	       NULL},

	/*
	 * Fired exactly one interval early.  Treat this too as clock
	 * wound backwards.
	 */
	[7] = {{.it_value = {3,0}, .it_interval = {1,0}},
	       {2,0}, {3,0}, 0,
	       NULL},

	/*
	 * Fired less than one interval early -- callouts and real-time
	 * clock might not be perfectly synced, counted as zero
	 * overruns.  Advance by one interval from the scheduled time.
	 */
	[8] = {{.it_value = {3,0}, .it_interval = {1,0}},
	       {2,1}, {3,0}, 0,
	       NULL},
	[9] = {{.it_value = {3,0}, .it_interval = {1,0}},
	       {2,500000000}, {3,0}, 0,
	       NULL},
	[10] = {{.it_value = {3,0}, .it_interval = {1,0}},
		{2,999999999}, {3,0}, 0,
		NULL},

	/*
	 * Fired exactly on time.  Advance by one interval.
	 */
	[11] = {{.it_value = {3,0}, .it_interval = {1,0}},
		{3,0}, {4,0}, 0, NULL},

	/*
	 * Fired late by less than one interval -- callouts and
	 * real-time clock might not be prefectly synced, counted as
	 * zero overruns.  Advance by one interval from the scheduled
	 * time (even if it's very close to a full interval).
	 */
	[12] = {{.it_value = {3,0}, .it_interval = {1,0}},
		{3,1}, {4,0}, 0, NULL},
	[14] = {{.it_value = {3,0}, .it_interval = {1,0}},
		{3,500000000}, {4,0}, 0, NULL},
	[15] = {{.it_value = {3,0}, .it_interval = {1,0}},
		{3,999999999}, {4,0}, 0, NULL},

	/*
	 * Fired late by exactly one interval -- treat it as overrun.
	 */
	[16] = {{.it_value = {3,0}, .it_interval = {1,0}},
		{4,0}, {5,0}, 1,
		NULL},

	/*
	 * Fired late by more than one interval but less than two --
	 * overrun.
	 */
	[17] = {{.it_value = {3,0}, .it_interval = {1,0}},
		{4,1}, {5,0}, 1,
		NULL},
	[18] = {{.it_value = {3,0}, .it_interval = {1,0}},
		{4,500000000}, {5,0}, 1,
		NULL},
	[19] = {{.it_value = {3,0}, .it_interval = {1,0}},
		{4,999999999}, {5,0}, 1,
		NULL},

	/*
	 * Fired late by exactly two intervals -- two overruns.
	 */
	[20] = {{.it_value = {3,0}, .it_interval = {1,0}},
		{5,0}, {6,0}, 2,
		NULL},

	/*
	 * Fired late by more intervals plus slop, up to 32.
	 *
	 * XXX Define DELAYTIMER_MAX so we can write it in terms of
	 * that.
	 */
	[21] = {{.it_value = {3,0}, .it_interval = {1,0}},
		{13,123456789}, {14,0}, 10,
		NULL},
	[22] = {{.it_value = {3,0}, .it_interval = {1,0}},
		{34,999999999}, {35,0}, 31,
		NULL},

	/*
	 * Fired late by roughly INT_MAX intervals.
	 */
	[23] = {{.it_value = {3,0}, .it_interval = {1,0}},
		{(time_t)3 + INT_MAX - 1, 0},
		{(time_t)3 + INT_MAX, 0},
		INT_MAX - 1,
		NULL},
	[24] = {{.it_value = {3,0}, .it_interval = {1,0}},
		{(time_t)3 + INT_MAX, 0},
		{(time_t)3 + INT_MAX + 1, 0},
		INT_MAX,
		NULL},
	[25] = {{.it_value = {3,0}, .it_interval = {1,0}},
		{(time_t)3 + INT_MAX + 1, 0},
		{(time_t)3 + INT_MAX + 2, 0},
		INT_MAX,
		NULL},

	/* (2^63 - 1) ns */
	[26] = {{.it_value = {3,0}, .it_interval = {9223372036,854775807}},
		{3,1}, {9223372039,854775807}, 0, NULL},
	/* 2^63 ns */
	[27] = {{.it_value = {3,0}, .it_interval = {9223372036,854775808}},
		{3,1}, {9223372039,854775808}, 0, NULL},
	/* (2^63 + 1) ns */
	[28] = {{.it_value = {3,0}, .it_interval = {9223372036,854775809}},
		{3,1}, {9223372039,854775809}, 0, NULL},

	/*
	 * Overflows -- we should (XXX but currently don't) reject
	 * intervals of at least 2^64 nanoseconds up front, since this
	 * is more time than it is reasonable to wait (more than 584
	 * years).
	 */

	/* (2^64 - 1) ns */
	[29] = {{.it_value = {3,0}, .it_interval = {18446744073,709551615}},
		{2,999999999}, {0,0}, 0,
		NULL},
	/* 2^64 ns */
	[30] = {{.it_value = {3,0}, .it_interval = {18446744073,709551616}},
		{2,999999999}, {0,0}, 0,
		NULL},
	/* (2^64 + 1) ns */
	[31] = {{.it_value = {3,0}, .it_interval = {18446744073,709551617}},
		{2,999999999}, {0,0}, 0,
		NULL},

	/* (2^63 - 1) us */
	[32] = {{.it_value = {3,0}, .it_interval = {9223372036854,775807}},
		{2,999999999}, {0,0}, 0,
		NULL},
	/* 2^63 us */
	[33] = {{.it_value = {3,0}, .it_interval = {9223372036854,775808}},
		{2,999999999}, {0,0}, 0,
		NULL},
	/* (2^63 + 1) us */
	[34] = {{.it_value = {3,0}, .it_interval = {9223372036854,775809}},
		{2,999999999}, {0,0}, 0,
		NULL},

	/* (2^64 - 1) us */
	[35] = {{.it_value = {3,0}, .it_interval = {18446744073709,551615}},
		{2,999999999}, {0,0}, 0,
		NULL},
	/* 2^64 us */
	[36] = {{.it_value = {3,0}, .it_interval = {18446744073709,551616}},
		{2,999999999}, {0,0}, 0,
		NULL},
	/* (2^64 + 1) us */
	[37] = {{.it_value = {3,0}, .it_interval = {18446744073709,551617}},
		{2,999999999}, {0,0}, 0,
		NULL},

	/* (2^63 - 1) ms */
	[38] = {{.it_value = {3,0}, .it_interval = {9223372036854775,807}},
		{2,999999999}, {0,0}, 0,
		NULL},
	/* 2^63 ms */
	[39] = {{.it_value = {3,0}, .it_interval = {9223372036854775,808}},
		{2,999999999}, {0,0}, 0,
		NULL},
	/* (2^63 + 1) ms */
	[40] = {{.it_value = {3,0}, .it_interval = {9223372036854775,809}},
		{2,999999999}, {0,0}, 0,
		NULL},

	/* (2^64 - 1) ms */
	[41] = {{.it_value = {3,0}, .it_interval = {18446744073709551,615}},
		{2,999999999}, {0,0}, 0,
		NULL},
	/* 2^64 ms */
	[42] = {{.it_value = {3,0}, .it_interval = {18446744073709551,616}},
		{2,999999999}, {0,0}, 0,
		NULL},
	/* (2^64 + 1) ms */
	[43] = {{.it_value = {3,0}, .it_interval = {18446744073709551,617}},
		{2,999999999}, {0,0}, 0,
		NULL},

	/* invalid intervals */
	[44] = {{.it_value = {3,0}, .it_interval = {-1,0}},
		{3,1}, {0,0}, 0, NULL},
	[45] = {{.it_value = {3,0}, .it_interval = {0,-1}},
		{3,1}, {0,0}, 0, NULL},
	[46] = {{.it_value = {3,0}, .it_interval = {0,1000000000}},
		{3,1}, {0,0}, 0, NULL},

	/*
	 * Overflow nanosecond arithmetic.  The magic interval number
	 * here is ceiling(INT64_MAX/2) nanoseconds.  The interval
	 * start value will be rounded to an integral number of ticks,
	 * so rather than write exactly `4611686018,427387905', just
	 * round up the `now' value to the next second.  This forces an
	 * overrun _and_ triggers int64_t arithmetic overflow.
	 */
	[47] = {{.it_value = {0,1},
		 .it_interval = {4611686018,427387904}},
		/* XXX needless overflow */
		{4611686019,0}, {0,0}, 1,
		NULL},

	/* interval ~ 1/4 * (2^63 - 1) ns, now ~ 3/4 * (2^63 - 1) ns */
	[48] = {{.it_value = {0,1},
		 .it_interval = {2305843009,213693952}},
		/* XXX needless overflow */
		{6917529028,0}, {0,0}, 3,
		NULL},
	[49] = {{.it_value = {6917529027,0},
		 .it_interval = {2305843009,213693952}},
		{6917529028,0}, {9223372036,213693952}, 0, NULL},
	[50] = {{.it_value = {6917529029,0},
		 .it_interval = {2305843009,213693952}},
		{6917529028,0}, {6917529029,0}, 0,
		NULL},

	/* interval ~ 1/2 * (2^63 - 1) ns, now ~ 3/4 * (2^63 - 1) ns */
	[51] = {{.it_value = {0,1},
		 .it_interval = {4611686018,427387904}},
		/* XXX needless overflow */
		{6917529028,0}, {0,0}, 1,
		NULL},
	[52] = {{.it_value = {2305843009,213693951}, /* ~1/4 * (2^63 - 1) */
		 .it_interval = {4611686018,427387904}},
		/* XXX needless overflow */
		{6917529028,0}, {0,0}, 1,
		NULL},
	[54] = {{.it_value = {6917529027,0},
		 .it_interval = {4611686018,427387904}},
		{6917529028,0}, {11529215045,427387904}, 0, NULL},
	[55] = {{.it_value = {6917529029,0},
		 .it_interval = {4611686018,427387904}},
		{6917529028,0}, {6917529029,0}, 0,
		NULL},

	[56] = {{.it_value = {INT64_MAX - 1,0}, .it_interval = {1,0}},
		/* XXX needless overflow */
		{INT64_MAX - 2,999999999}, {0,0}, 0,
		NULL},
	[57] = {{.it_value = {INT64_MAX - 1,0}, .it_interval = {1,0}},
		{INT64_MAX - 1,0}, {INT64_MAX,0}, 0, NULL},
	[58] = {{.it_value = {INT64_MAX - 1,0}, .it_interval = {1,0}},
		{INT64_MAX - 1,1}, {INT64_MAX,0}, 0, NULL},
	[59] = {{.it_value = {INT64_MAX - 1,0}, .it_interval = {1,0}},
		{INT64_MAX - 1,999999999}, {INT64_MAX,0}, 0, NULL},
	[60] = {{.it_value = {INT64_MAX - 1,0}, .it_interval = {1,0}},
		{INT64_MAX,0}, {0,0}, 0,
		NULL},
	[61] = {{.it_value = {INT64_MAX - 1,0}, .it_interval = {1,0}},
		{INT64_MAX,1}, {0,0}, 0,
		NULL},
	[62] = {{.it_value = {INT64_MAX - 1,0}, .it_interval = {1,0}},
		{INT64_MAX,999999999}, {0,0}, 0,
		NULL},

	[63] = {{.it_value = {INT64_MAX,0}, .it_interval = {1,0}},
		{INT64_MAX - 1,1}, {0,0}, 0,
		NULL},
	[64] = {{.it_value = {INT64_MAX,0}, .it_interval = {1,0}},
		{INT64_MAX - 1,999999999}, {0,0}, 0,
		NULL},
	[65] = {{.it_value = {INT64_MAX,0}, .it_interval = {1,0}},
		{INT64_MAX,0}, {0,0}, 0,
		NULL},
	[66] = {{.it_value = {INT64_MAX,0}, .it_interval = {1,0}},
		{INT64_MAX,1}, {0,0}, 0,
		NULL},
	[67] = {{.it_value = {INT64_MAX,0}, .it_interval = {1,0}},
		{INT64_MAX,999999999}, {0,0}, 0,
		NULL},
};

ATF_TC(itimer_transitions);
ATF_TC_HEAD(itimer_transitions, tc)
{
	atf_tc_set_md_var(tc, "descr",
	    "Tests interval timer transitions");
}
ATF_TC_BODY(itimer_transitions, tc)
{
	volatile unsigned i;

	REQUIRE_LIBC(signal(SIGFPE, handle_signal), SIG_ERR);
	REQUIRE_LIBC(signal(SIGABRT, handle_signal), SIG_ERR);

	for (i = 0; i < __arraycount(itimer_transitions); i++) {
		struct itimer_transition it = itimer_transitions[i];
		struct timespec next;
		int overruns;
		volatile bool aborted = true;
		volatile bool expect_abort = false;

		fprintf(stderr, "case %u\n", i);

		if (it.it_xfail)
			atf_tc_expect_fail("%s", it.it_xfail);

		if (itimespecfix(&it.it_time.it_value) != 0 ||
		    itimespecfix(&it.it_time.it_interval) != 0) {
			fprintf(stderr, "rejected by itimerspecfix\n");
			expect_abort = true;
		}

		if (setjmp(jmp) == 0) {
			jmp_en = 1;
			itimer_transition(&it.it_time, &it.it_now,
			    &next, &overruns);
			jmp_en = 0;
			aborted = false;
		}
		ATF_CHECK(!jmp_en);
		jmp_en = 0;	/* paranoia */
		if (expect_abort) {
			fprintf(stderr, "expected abort\n");
			ATF_CHECK_MSG(aborted,
			    "[%u] missing invariant assertion", i);
			ATF_CHECK_MSG(jmp_sig == SIGABRT,
			    "[%u] missing invariant assertion", i);
		} else {
			ATF_CHECK_MSG(!aborted, "[%u] raised signal %d: %s", i,
			    jmp_sig, strsignal(jmp_sig));
		}

		ATF_CHECK_MSG((next.tv_sec == it.it_next.tv_sec &&
			next.tv_nsec == it.it_next.tv_nsec),
		    "[%u] periodic intervals of %lld.%09d from %lld.%09d"
		    " last expired at %lld.%09d:"
		    " next expiry at %lld.%09d, expected %lld.%09d", i,
		    (long long)it.it_time.it_interval.tv_sec,
		    (int)it.it_time.it_interval.tv_nsec,
		    (long long)it.it_time.it_value.tv_sec,
		    (int)it.it_time.it_value.tv_nsec,
		    (long long)it.it_now.tv_sec, (int)it.it_now.tv_nsec,
		    (long long)next.tv_sec, (int)next.tv_nsec,
		    (long long)it.it_next.tv_sec, (int)it.it_next.tv_nsec);
		ATF_CHECK_EQ_MSG(overruns, it.it_overruns,
		    "[%u] periodic intervals of %lld.%09d from %lld.%09d"
		    " last expired at %lld.%09d:"
		    " overruns %d, expected %d", i,
		    (long long)it.it_time.it_interval.tv_sec,
		    (int)it.it_time.it_interval.tv_nsec,
		    (long long)it.it_time.it_value.tv_sec,
		    (int)it.it_time.it_value.tv_nsec,
		    (long long)it.it_now.tv_sec, (int)it.it_now.tv_nsec,
		    overruns, it.it_overruns);

		if (it.it_xfail)
			atf_tc_expect_pass();
	}
}

ATF_TP_ADD_TCS(tp)
{

	ATF_TP_ADD_TC(tp, itimer_transitions);

	return atf_no_error();
}