Skip to content

Instantly share code, notes, and snippets.

@kartben

kartben/gist:6958a263c606c93791ddc879463cf0ba

Created December 19, 2025 10:12
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save kartben/6958a263c606c93791ddc879463cf0ba to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save kartben/6958a263c606c93791ddc879463cf0ba to your computer and use it in GitHub Desktop.
Download ZIP
y2k38.md
Raw
gistfile1.md

Zephyr Year 2038 Immunity Report

1. Executive Summary

Zephyr is immune to the Year 2038 bug by default.

The operating system enforces 64-bit time representations at both the kernel and application library levels. While it is possible to disable these protections via Kconfig, the default configuration prevents the build from succeeding if the underlying C library tries to use a 32-bit time_t.

2. Understanding the Year 2038 Bug

The Mechanism

The Year 2038 problem (or Y2038) is caused by representing time as a signed 32-bit integer counting the number of seconds since the Unix Epoch (January 1, 1970 00:00:00 UTC).

The Math

A signed 32-bit integer has a maximum value of $2^{31} - 1$, which is 2,147,483,647.

When the time reaches this value, the next second will cause an integer overflow.

  • Maximum Timestamp: 2,147,483,647 seconds = January 19, 2038 at 03:14:07 UTC.
  • Overflow Event: Adding 1 second results in -2,147,483,648.
  • Resulting Date: The time system interprets this negative number as December 13, 1901.

Systems affected by this bug will fail to calculate future dates correctly, causing crashes in scheduling, certificate validation failures, and filesystem corruption.

3. Technical Verification of Zephyr's Immunity

Our investigation into the Zephyr codebase has confirmed immunity in three critical areas:

A. Kernel Timekeeping

The Zephyr kernel's internal timekeeping mechanism is natively 64-bit.

  • API: k_uptime_get()
  • Return Type: int64_t
  • Implication: The kernel can track uptime for millions of years without overflowing, regardless of the calendar date representation.

B. C Library and Application Layer

Zephyr acts as a gatekeeper for the C standard library to ensure time_t is safe.

  • Enforcement: The file lib/libc/validate_libc.c contains a static build assertion: 
    #ifndef CONFIG_LIBC_ALLOW_LESS_THAN_64BIT_TIME
BUILD_ASSERT(sizeof(time_t) >= 8, "time_t cannot hold 64-bit values");
#endif
  • Consequence: If you try to compile Zephyr with a C library that uses a 32-bit time_t (without explicitly allowing it), the build will fail. This guarantees that any successfully built Zephyr application (by default) uses a 64-bit time_t.
  • Default Behavior: Common toolchains like the Zephyr SDK (Newlib) default to 64-bit time_t.

C. Filesystem Support

Filesystem timestamps are a common vector for Y2038 bugs (e.g., ext3 on Linux).

  • Status: The internal Zephyr Virtual Filesystem (VFS) interface currently does not support timestamps.
  • Evidence: The POSIX compatibility layer for stat (lib/posix/options/fs.c) explicitly zeroes out timestamp fields or does not populate them from the underlying driver.
  • Implication: While this means Zephyr lacks file access/modify times, it also means it is immune to Y2038 storage bugs by virtue of omission.

4. Exceptions and Risks

The immunity is robust but can be manually disabled. You are only at risk if you:

  1. Enable CONFIG_LIBC_ALLOW_LESS_THAN_64BIT_TIME=y in your prj.conf.
  2. Use a custom C library or an older toolchain that provides a 32-bit time_t.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment