Year 2038 problem
The Year 2038 problem is an issue for computing and data storage situations in which time values are stored or calculated as a signed 32-bit integer, and this number is interpreted as the number of seconds since 00:00:00 UTC on 1 January 1970 (the epoch). Such implementations cannot encode times after 03:14:07 UTC on 19 January 2038, a problem similar to but not entirely analogous to the Y2K problem (also known as the Millennium Bug), in which 2-digit values representing the number of years since 1900 could not encode the year 2000 or later. Most 32-bit Unix-like systems store and manipulate time in this Unix time format, so the year 2038 problem is sometimes referred to as the Unix Millennium Bug by association.
The latest time that can be represented in Unix's signed 32-bit integer time format is 03:14:07 UTC on Tuesday, 19 January 2038 (2,147,483,647 seconds after 1 January 1970). Times beyond that will wrap around and be stored internally as a negative number, which these systems will interpret as having occurred on 13 December 1901 rather than 19 January 2038. This is caused by integer overflow. The counter runs out of usable digit bits, flips the sign bit instead, and reports a maximally negative number (continuing to count up, toward zero). Resulting erroneous calculations on such systems are likely to cause problems for users and other relying parties.
Programs that work with future dates will begin to run into problems sooner; for example a program that works with dates 20 years in the future will have to be fixed no later than 2018.
|This section possibly contains previously unpublished synthesis of published material that conveys ideas not attributable to the original sources. (May 2015) (Learn how and when to remove this template message)|
In May 2006, reports surfaced of an early manifestation of the Y2038 problem in the AOLserver software. The software was designed with a kludge to handle a database request that should "never" time out. Rather than specifically handling this special case, the initial design simply specified an arbitrary time-out date in the future. The default configuration for the server specified that the request should time out after one billion seconds. One billion seconds (approximately thirty-two years) after 9:27.28 pm on 12 May 2006 is beyond the 2038 cutoff date. Thus, after this time, the time-out calculation overflowed and returned a date that was actually in the past, causing the software to crash. When the problem was discovered, AOLServer operators had to edit the configuration file and set the time-out to a lower value.
Players of games or apps which are programmed to impose waiting periods are running into this problem when they attempt to work around the waiting period on devices which harbor the coding, by manually setting their devices (such as the Nexus 7) to a date past 19 January 2038.
Embedded systems that use dates for either computation or diagnostic logging are most likely to be affected by the 2038 bug.
Most worrisome are the command and control systems for nuclear weapon and power systems. These systems were largely designed and built starting in the 1970s and are still in use today. In The United States the General Accountability Office (GAO) released a May 2016 report GAO Report on Legacy Systems noting that the Strategic Automated Command and Control System, (SACCS) which is responsible for coordinating "the operational functions of the United States’ nuclear forces, such as intercontinental ballistic missiles, nuclear bombers, and tanker support craft" "runs on an IBM Series/1 Computer". Which is a computing system built in the 1970s and uses 8-inch floppy disks. Due to state secrecy it is not publicly knowable what a Unix epoch date reset might do to the control logic of the defense systems of nuclear states like the USA and the former USSR but the obvious, maximally negative outcome, is an automated Dead Hand strike due to an epoch vulnerable component of the control system going off-line and that status being perceived by the system as indicating a successful attack that must be retaliated against.
Many transportation systems from flight to automobiles use embedded systems extensively. In automotive systems, this may include anti-lock braking system (ABS), electronic stability control (ESC/ESP), traction control (TCS) and automatic four-wheel drive; aircraft may use inertial guidance systems and GPS receivers. However this does not imply that all these systems will suffer from the bug. Many such systems will not require access to dates. For those that do, those systems which only track the difference between times/dates and not absolute times/dates will, by the nature of the calculation, not experience a problem. This is the case for automotive diagnostics based on legislative standards such as CARB (California Air Resources Board).
Another major use of embedded systems is in communications devices, including cell phones and Internet appliances (routers, wireless access points, etc.) which rely on storing an accurate time and date and are increasingly based on UNIX-like operating systems. For example, the bug makes some Android devices crash and not restart when the time is changed to that date.
Despite the modern 18–24-month generational update in computer systems technology, embedded systems are designed to last the lifetime of the machine in which they are a component. It is conceivable that some of these systems may still be in use in 2038. It may be impractical or, in some cases, impossible to upgrade the software running these systems, ultimately requiring replacement if 32-bit time_t limitations are to be corrected.
Data structures with time problems
Many data structures in use today have 32-bit time representations embedded into their structure. A full list of these data structures is virtually impossible to derive but there are well-known data structures that have the Unix time problem:
- file systems (many file systems use only 32 bits to represent times in inodes)
- binary file formats (that use 32-bit time fields)
- databases (that have 32-bit time fields)
- database query languages, like SQL that have UNIX_TIMESTAMP() like commands
Examples of systems utilizing data structures that may contain 32-bit time representations include:
- COBOL systems of 1970s–1990s vintage that have not been replaced by 2038-compliant systems
- embedded factory, refinery control and monitoring subsystems
- assorted medical devices
- assorted military devices
Any system making use of data structures containing 32-bit time representations will present risk. The degree of risk is dependent on the mode of failure.
The Network Time Protocol has a related overflow issue, which manifests itself in 2036, rather than 2038. The 64-bit timestamps used by NTP consist of a 32-bit part for seconds and a 32-bit part for fractional second, giving NTP a time scale that rolls over every 232 seconds (136 years) and a theoretical resolution of 2−32 seconds (233 picoseconds). NTP uses an epoch of 1 January 1900. The first rollover occurs in 2036, prior to the UNIX year 2038 problem.
Implementations should disambiguate NTP time using a knowledge of the approximate time from other sources. Since NTP only works with the differences between timestamps and never their absolute values, the wraparound is invisible as long as the timestamps are within 68 years of each other.
This means that for NTP the rollover will be invisible for most running systems, since they will have the correct time to within a very small tolerance. However, systems that are starting up need to know the date within no more than 68 years. Given the large allowed error, it is not expected that this is too onerous a requirement. One suggested method is to set the clock to no earlier than the system build date or the release date of the current version of the NTP software. Many systems use a battery-powered hardware clock to avoid this problem.
Even so, future versions of NTP may extend the time representation to 128 bits: 64 bits for the second and 64 bits for the fractional-second. The current NTP4 format has support for Era Number and Era Offset, that when used properly should aid fixing date rollover issues. According to Mills, "The 64 bit value for the fraction is enough to resolve the amount of time it takes a photon to pass an electron at the speed of light. The 64 bit second value is enough to provide unambiguous time representation until the universe goes dim."[note 1]
There is no universal solution for the Year 2038 problem. Any change to the definition of the time_t data type would result in code compatibility problems in any application in which date and time representations are dependent on the nature of the signed 32-bit time_t integer. For example, changing time_t to an unsigned 32-bit integer, which would extend the range to the year 2106, would adversely affect programs that store, retrieve, or manipulate dates prior to 1970, as such dates are represented by negative numbers. Increasing the size of the time_t type to 64-bit in an existing system would cause incompatible changes to the layout of structures and the binary interface of functions.
There is also no universal solution for the issue with DVB and ATSC real time transmitted dates due to issues with legacy receivers. The issue has yet to be acknowledged or resolved by either organization. The only work around would be to discontinue all time related metadata services such as programming guides and automatic date synchronization after the affected dates. One possible option would be to create new table types for the affected part of the specifications and use ISO 8601 date strings rather than fixed integers as is used in ISO 9660 and ISO 13346 filesystems.
Most operating systems designed to run on 64-bit hardware already use signed 64-bit time_t integers. Using a signed 64-bit value introduces a new wraparound date that is over twenty times greater than the estimated age of the universe: approximately 292 billion years from now, at 15:30:08 UTC on Sunday, 4 December 292,277,026,596. The ability to make computations on dates is limited by the fact that tm_year uses a signed 32 bit integer value starting at 1900 for the year. This limits the year to a maximum of 2,147,485,547 (2,147,483,647 + 1900).
Starting with NetBSD version 6.0 (released in October 2012), the NetBSD operating system uses a 64-bit time_t for both 32-bit and 64-bit architectures. Applications that were compiled for an older NetBSD release with 32-bit time_t are supported via a binary compatibility layer, but such older applications will still suffer from the Year 2038 problem.
OpenBSD since version 5.5, released in May 2014, also uses a 64-bit time_t for both 32-bit and 64-bit architectures. In contrast to NetBSD, there is no binary compatibility layer. Therefore, applications expecting a 32-bit time_t and applications using anything different from time_t to store time values may break.
Linux uses a 64-bit time_t for 64-bit architectures only; the pure 32-bit ABI is not changed due to backward compatibility. There is ongoing work, mostly for embedded Linux systems, to support 64-bit time_t on 32-bit architectures, too.
The x32 ABI for Linux (which defines an environment for programs with 32-bit addresses but running the processor in 64-bit mode) uses a 64-bit time_t. Since it was a new environment, there was no need for special compatibility precautions.
Alternative proposals have been made (some of which are in use), such as storing either milliseconds or microseconds since an epoch (typically either 1 January 1970 or 1 January 2000) in a signed 64-bit integer, providing a minimum range of 300,000 years. Other proposals for new time representations provide different precisions, ranges, and sizes (almost always wider than 32 bits), as well as solving other related problems, such as the handling of leap seconds. In particular, TAI64 is an implementation of the Temps Atomique International standard, the current international real-time standard for defining a second and frame of reference.
- Deep Impact, was lost when its internal clock reached exactly 232 one-tenth seconds since 2000 on 11 August 2013, 00:38:49 UTC.
- Time formatting and storage bugs
- Unix billennium
- Year 10,000 problem
- Year 2000 problem
- "The Open Group Base Specifications Issue 6 IEEE Std 1003.1, 2004 Edition (definition of epoch)". IEEE and The Open Group. The Open Group. 2004. Retrieved 7 March 2008.
- Diomidis Spinellis (2006). Code quality: the open source perspective. Effective software development serie in Safari Books Online (illustrated ed.). Adobe Press. p. 49. ISBN 0-321-16607-8.
- "The Future Lies Ahead". 28 June 2006. Retrieved 19 November 2006.
- Weird "memory leak" problem in AOLserver 3.4.2/3.x 12 May 2006
- "It isn't cheating it's time travel".
- "25 Years From Today A Time For Bugs".
Update: I have confirmed Mikko's Android report on a Google Nexus 7 tablet running Android 4.1 Jelly Bean — Even though years beyond 2038 are listed in the Set Date and Time function of the Settings app, try to set it to a date past 1/19/2038 and it refuses.[dead link]
- CARB - Vehicles and Engines (Mobile Source) Test Procedures
- Issue 16899 - android - Year 2038 problem
- Trends in embedded software design
- "aj_blk: Year 2038 Bug". Ajoeblk.blogspot.in. Retrieved 2013-03-12.
- University of Delaware Digital Systems Seminar presentation by David Mills, 2006-04-26
- "The End of Time". 17 April 2010. Retrieved 19 March 2012.
- "Announcing NetBSD 6.0". 17 October 2012. Retrieved 18 January 2016.
- "OpenBSD 5.5 released (May 1, 2014)". 1 May 2014. Retrieved 18 January 2016.
- Jonathan Corbet (14 August 2013). "Pondering 2038". Archived from the original on 4 March 2016. Retrieved 9 March 2016.
- Arnd Bergmann (25 March 2015). "The end of time (32bit edition)" (PDF). Archived from the original (PDF) on 22 September 2015. Retrieved 9 March 2016.
- Jonathan Corbet (5 May 2015). "System call conversion for year 2038". Archived from the original on 11 October 2015. Retrieved 9 March 2016.
- "Unununium Time". Archived from the original on 8 April 2006. Retrieved 19 November 2006.
- Sun Microsystems. "Java API documentation: System.currentTimeMillis". Retrieved 7 May 2007.