The year 2038 problem (also known as Y2038, Y2K38, Y2K38 superbug or the Epochalypse) is a time formatting bug in computer systems with representing times after 03:14:07 UTC on 19 January 2038.
The problem exists in systems which measure Unix time – the number of seconds elapsed since the Unix epoch (00:00:00 UTC on 1 January 1970) – and store it in a signed 32-bit integer. The data type is only capable of representing integers between −(231) and 231 − 1, meaning the latest time that can be properly encoded is 231 − 1 seconds after epoch (03:14:07 UTC on 19 January 2038). Attempting to increment to the following second (03:14:08) will cause the integer to overflow, setting its value to −(231) which systems will interpret as 231 seconds before epoch (20:45:52 UTC on 13 December 1901). The problem is similar in nature to the year 2000 problem.
Computer systems that use time for critical computations may encounter fatal errors if the Y2038 problem is not addressed. Some applications that use future dates have already encountered the bug. The most vulnerable systems are those which are infrequently or never updated, such as legacy and embedded systems. There is no universal solution to the problem, though many modern systems have been upgraded to measure Unix time with signed 64-bit integers which will not overflow for 292 billion years—approximately 21 times the estimated age of the universe.
Cause
Many computer systems measure time and date as Unix time, an international standard for digital timekeeping. Unix time is defined as the number of seconds elapsed since 00:00:00 UTC on 1 January 1970 (an arbitrarily chosen time based on the creation of the first Unix system), which has been dubbed the Unix epoch.
Unix time has historically been encoded as a signed 32-bit integer, a data type composed of 32 binary digits (bits) which represent an integer value, with 'signed' meaning that the number is stored in Two's complement format. Thus, a signed 32-bit integer can only represent integer values from −(231) to 231 − 1 inclusive. Consequently, if a signed 32-bit integer is used to store Unix time, the latest time that can be stored is 231 − 1 (2,147,483,647) seconds after epoch, which is 03:14:07 on Tuesday, 19 January 2038. Systems that attempt to increment this value by one more second to 231 seconds after epoch (03:14:08) will suffer integer overflow, inadvertently flipping the sign bit to indicate a negative number. This changes the integer value to −(231), or 231 seconds before epoch rather than after, which systems will interpret as 20:45:52 on Friday, 13 December 1901. From here, systems will continue to count up, toward zero, and then up through the positive integers again. As many computer systems use time computations to run critical functions, the bug may introduce fatal errors.
Vulnerable systems
Any system using data structures with 32-bit time representations has an inherent risk to fail. A full list of these data structures is virtually impossible to derive, but there are well-known data structures that have the Unix time problem:
- File systems that use 32 bits to represent times in inodes
- Binary file formats with 32-bit time fields
- Databases with 32-bit time fields
- Database query languages (such as SQL) that have
UNIX_TIMESTAMP()
-like commands
Embedded systems
Embedded systems that use dates for either computation or diagnostic logging are most likely to be affected by the Y2038 problem. Despite the modern 18–24 month generational update in computer systems technology, embedded systems are designed to last the lifetime of the machine in which they are a component. It is conceivable that some of these systems may still be in use in 2038. It may be impractical or, in some cases, impossible to upgrade the software running these systems, ultimately requiring replacement if the 32-bit limitations are to be corrected.
Many transportation systems from flight to automobiles use embedded systems extensively. In automotive systems, this may include anti-lock braking system (ABS), electronic stability control (ESC/ESP), traction control (TCS) and automatic four-wheel drive; aircraft may use inertial guidance systems and GPS receivers. Another major use of embedded systems is in communications devices, including cell phones and Internet-enabled appliances (e.g. routers, wireless access points, IP cameras) which rely on storing an accurate time and date and are increasingly based on Unix-like operating systems. For example, the Y2038 problem makes some devices running 32-bit Android crash and not restart when the time is changed to that date.
However, this does not imply that all embedded systems will suffer from the Y2038 problem, since many such systems do not require access to dates. For those that do, those systems which only track the difference between times/dates and not absolute times/dates will, by the nature of the calculation, not experience a major problem. This is the case for automotive diagnostics based on legislated standards such as CARB (California Air Resources Board).
Early problems
In May 2006, reports surfaced of an early manifestation of the Y2038 problem in the AOLserver software. The software was designed with a kludge to handle a database request that should "never" time out. Rather than specifically handling this special case, the initial design simply specified an arbitrary time-out date in the future. The default configuration for the server specified that the request should time out after one billion seconds. One billion seconds (just over 31 years, 251 days, 1 hour, 46 minutes and 40 seconds) after 01:27:28 UTC on 13 May 2006 is beyond the 2038 cutoff date. Thus, after this time, the time-out calculation overflowed and returned a date that was actually in the past, causing the software to crash. When the problem was discovered, AOLServer operators had to edit the configuration file and set the time-out to a lower value.
Solutions
There is no universal solution for the Year 2038 problem. For example, in the C language, any change to the definition of the time_t
data type would result in code-compatibility problems in any application in which date and time representations are dependent on the nature of the signed 32-bit time_t
integer. For example, changing time_t
to an unsigned 32-bit integer, which would extend the range to 2106
(specifically, 06:28:15 UTC on Sunday, 7 February 2106), would adversely
affect programs that store, retrieve, or manipulate dates prior to
1970, as such dates are represented by negative numbers. Increasing the
size of the time_t
type to 64 bits in an existing system
would cause incompatible changes to the layout of structures and the
binary interface of functions.
Most operating systems designed to run on 64-bit hardware already use signed 64-bit time_t
integers. Using a signed 64-bit value introduces a new wraparound date that is over twenty times greater than the estimated age of the universe: approximately 292 billion years from now. The ability to make computations on dates is limited by the fact that tm_year
uses a signed 32-bit integer value starting at 1900 for the year. This
limits the year to a maximum of 2,147,485,547 (2,147,483,647 + 1900).
Alternative proposals have been made (some of which are already in use), such as storing either milliseconds or microseconds since an epoch (typically either 1 January 1970 or 1 January 2000) in a signed 64-bit integer, providing a minimum range of 300,000 years at microsecond resolution. In particular, Java's use of 64-bit long integers everywhere to represent time as "milliseconds since 1 January 1970" will work correctly for the next 292 million years. Other proposals for new time representations provide different precisions, ranges, and sizes (almost always wider than 32 bits), as well as solving other related problems, such as the handling of leap seconds. In particular, TAI64 is an implementation of the International Atomic Time (TAI) standard, the current international real-time standard for defining a second and frame of reference.
Implemented solutions
time_t
.time_t
for both 32-bit and 64-bit architectures. Applications that were compiled for an older NetBSD release with 32-bit time_t
are supported via a binary compatibility layer, but such older applications will still suffer from the Y2038 problem.time_t
for both 32-bit and 64-bit architectures. In contrast to NetBSD, there is no binary compatibility layer. Therefore, applications expecting a 32-bit time_t
and applications using anything different from time_t
to store time values may break.time_t
for 64-bit architectures only; the pure 32-bit ABI was not changed due to backward compatibility. Starting with version 5.6 of 2020, 64-bit time_t
is supported on 32-bit architectures, too. This was done primarily for the sake of embedded Linux systems.time_t
for all 32-bit and 64-bit architectures except 32-bit i386, which uses signed 32-bit time_t
instead.time_t
. Since it was a new environment, there was no need for special compatibility precautions.struct nfstime4 {int64_t seconds; uint32_t nseconds;}
since December 2000.
Values greater than zero for the seconds field denote dates after the
0-hour, January 1, 1970. Values less than zero for the seconds field
denote dates before the 0-hour, January 1, 1970. In both cases, the
nseconds (nanoseconds) field is to be added to the seconds field for the
final time representation.time_t
.
As part of Y2K compliance work that was carried out in 1998, the CRTL
was modified to use unsigned 32-bit integers to represent time;
extending the range of time_t
up to 7 February 2106.FROM_UNIXTIME()
, UNIX_TIMESTAMP()
, and CONVERT_TZ()
handle 64-bit values on platforms that support them. This includes 64-bit versions of Linux, MacOS, and Windows. In relational database versions prior to August 2021, built-in functions like UNIX_TIMESTAMP()
will return 0 after 03:14:07 UTC on 19 January 2038.