Native: handle the platform limits better (#24)

* Native (*nix): Fix crash

The program used to crash (which couldn't be caught) when the
timezone database was queried with large negative instants
(earlier than year -32767).

* Native (Darwin): improve results outside of supported range

Darwin only supports years [1; 4001], and strange things may happen
when requesting from it to perform arithmetic on dates outside this
range. In particular, when converting NSDateComponents to NSDate,
the era is ignored, and so 32000 BC becomes 32000 AD, which is
absolutely wrong.

Reliance on Darwin auto-adjusting NSDate when converting from
NSDateComponents is the core of our solution to acquire the
timezone database information, but in this case it is better to
completely ignore this API and instead return a plausible-looking
result.

* Native (Windows): return more plausible results

When querying the timezone database outside of the supported range
on Windows, the requested value could be too large to fit in the
platform-provided range. Then, instead of returning a completely
arbitrary result, the call will still return values that could be
naturally acquired for some date in the supported range, instead
of garbage values.

* Native (Darwin): use ISO-8601 calendar

This doesn't change the results in the supported ranges, but it
is more clean conceptually to use the same calendar here as in the
other platforms.

Author: dkhalanskyjb

core/nativeMain/cinterop/cpp/apple.mm

@@ -28,6 +28,16 @@
     return [NSTimeZone timeZoneWithName: name];
 }
 
+static NSDate * dateWithTimeIntervalSince1970Saturating(int64_t epoch_sec)
+{
+    auto date = [NSDate dateWithTimeIntervalSince1970: epoch_sec];
+    if ([date timeIntervalSinceDate:[NSDate distantPast]] < 0)
+        date = [NSDate distantPast];
+    else if ([date timeIntervalSinceDate:[NSDate distantFuture]] > 0)
+        date = [NSDate distantFuture];
+    return date;
+}
+
 extern "C" {
 #include "cdate.h"
 }
@@ -154,7 +164,7 @@ int offset_at_instant(TZID zone_id, int64_t epoch_sec)
 {
     auto zone = timezone_by_id(zone_id);
     if (zone == nil) { return INT_MAX; }
-    auto date = [NSDate dateWithTimeIntervalSince1970: epoch_sec];
+    auto date = dateWithTimeIntervalSince1970Saturating(epoch_sec);
     return (int32_t)[zone secondsFromGMTForDate: date];
 }
 
@@ -169,27 +179,27 @@ int offset_at_datetime(TZID zone_id, int64_t epoch_sec, int *offset) {
     if (zone == nil) { return 0; }
     /* a date in an unspecified timezone, defined by the number of seconds since
        the start of the epoch in *that* unspecified timezone */
-    NSDate *date = [NSDate dateWithTimeIntervalSince1970: epoch_sec];
-    // The Gregorian calendar.
-    NSCalendar *gregorian = [NSCalendar
-        calendarWithIdentifier:NSCalendarIdentifierGregorian];
-    if (gregorian == nil) { return 0; }
+    auto date = dateWithTimeIntervalSince1970Saturating(epoch_sec);
+    // The ISO8601 calendar.
+    NSCalendar *iso8601 = [NSCalendar
+        calendarWithIdentifier: NSCalendarIdentifierISO8601];
+    if (iso8601 == nil) { return 0; }
     // The UTC time zone
     NSTimeZone *utc = [NSTimeZone timeZoneForSecondsFromGMT: 0];
     /* Now, we say that the date that we initially meant is `date`, only with
        the context of being in a timezone `zone`. */
-    NSDateComponents *dateComponents = [gregorian
+    NSDateComponents *dateComponents = [iso8601
         componentsInTimeZone: utc
         fromDate: date];
     dateComponents.timeZone = zone;
-    NSDate *newDate = [gregorian dateFromComponents:dateComponents];
+    NSDate *newDate = [iso8601 dateFromComponents:dateComponents];
     if (newDate == nil) { return 0; }
     // we now know the offset of that timezone at this time.
     *offset = (int)[zone secondsFromGMTForDate: newDate];
     /* `dateFromComponents` automatically corrects the date to avoid gaps. We
        need to learn which adjustments it performed. */
     int result = (int)((int64_t)[newDate timeIntervalSince1970] +
-      (int64_t)*offset - epoch_sec);
+      (int64_t)*offset - (int64_t)[date timeIntervalSince1970]);
     return result;
 }
 

core/nativeMain/cinterop/cpp/cdate.cpp

@@ -15,6 +15,32 @@
 using namespace date;
 using namespace std::chrono;
 
+static int64_t first_instant_of_year(const year& yr) {
+    return sys_seconds{sys_days{yr/January/1}}.time_since_epoch().count();
+}
+/* This constant represents the earliest moment that our system recognizes;
+everything earlier than that is considered the same moment.
+This doesn't make us lose any precision in computations, as timezone
+information doesn't make sense to use at that time, as there were no
+timezones, and even the calendars were all different.
+The reason for this explicit check is that the years that are considered
+valid by the "date" library are [-32767; 32767], and library crashes if
+it sees a date in year -32768 or earlier. */
+static const int64_t min_available_instant =
+    first_instant_of_year(++year::min());
+// Lack of this check didn't cause any problems yet, but why not add it too?
+static const int64_t max_available_instant =
+    first_instant_of_year(--year::max());
+
+static seconds saturating(int64_t epoch_sec)
+{
+    if (epoch_sec < min_available_instant)
+        epoch_sec = min_available_instant;
+    else if (epoch_sec > max_available_instant)
+        epoch_sec = max_available_instant;
+    return seconds(epoch_sec);
+}
+
 extern "C" {
 #include "cdate.h"
 }
@@ -94,8 +120,7 @@ int offset_at_instant(TZID zone_id, int64_t epoch_sec)
     try {
         /* `sys_time` is usually Unix time (UTC, not counting leap seconds).
            Starting from C++20, it is specified in the standard. */
-        auto stime = sys_time<std::chrono::seconds>(
-            std::chrono::seconds(epoch_sec));
+        auto stime = sys_time<std::chrono::seconds>(saturating(epoch_sec));
         auto zone = zone_by_id(zone_id);
         auto info = zone->get_info(stime);
         return info.offset.count();
@@ -118,7 +143,7 @@ int offset_at_datetime(TZID zone_id, int64_t epoch_sec, int *offset)
 {
     try {
         auto zone = zone_by_id(zone_id);
-        local_seconds seconds((std::chrono::seconds(epoch_sec)));
+        local_seconds seconds(saturating(epoch_sec));
         auto info = zone->get_info(seconds);
         switch (info.result) {
             case local_info::unique:

core/nativeMain/cinterop/cpp/windows.cpp

@@ -356,7 +356,16 @@ int offset_at_datetime(TZID zone_id, int64_t epoch_sec, int *offset)
     TzSpecificLocalTimeToSystemTimeEx(&dtzi, &localtime, &utctime);
     *offset = offset_at_systime(dtzi, utctime);
     SystemTimeToTzSpecificLocalTimeEx(&dtzi, &utctime, &adjusted);
-    return (int)(systemtime_to_unix_time(adjusted) - epoch_sec);
+    /* We don't use `epoch_sec` instead of `systemtime_to_unix_time(localtime)
+    because `unix_time_to_systemtime(epoch_sec, localtime)` above could
+    overflow the range of instants representable in WinAPI, and then the
+    difference from `epoch_sec` would be large, potentially causing problems.
+    If it happened, we don't return an error as we don't really care which
+    result to return: timezone database information outside of [1970; current
+    time) is not accurate anyway, and WinAPI supports dates in years [1601;
+    30827], which should be enough for all practical purposes. */
+    return (int)(systemtime_to_unix_time(adjusted) -
+        systemtime_to_unix_time(localtime));
 }
 
 }