The year 2038 problem (also known as Y2038, Y2K38, Y2K38 superbug, or the Epochalypse) is a time computing problem that leaves some computer systems unable to represent times after 03:14:07 UTC on 19 January 2038.
The problem exists in systems which measure Unix timeâÂÂthe number of seconds elapsed since the Unix epoch (00:00:00 UTC on 1 January 1970)âÂÂand store it in a signed 32-bit integer. When the data type's maximum value is surpassed, the integer will overflow to its minimum value, which systems will interpret as in the past. The problem resembles the year 2000 problem but arises from limitations in base-2 (binary) time representation, rather than base-10.
Computer systems that use time for critical computations may encounter fatal errors if the year 2038 problem is not addressed. Some applications that use future dates have already encountered the bug. The most vulnerable systems are those which are infrequently or never updated, such as legacy and embedded systems. Modern systems and software updates address this problem by using signed 64-bit integers, which will take 292 billion years to overflowâÂÂapproximately 21 times the estimated age of the universe.
Many computer systems measure time and date using Unix time, an international standard for digital timekeeping. Unix time is defined as the number of seconds elapsed, ignoring leap seconds, since 00:00:00 UTC on 1 January 1970, known as the Unix epoch.
Unix time has historically been encoded as a signed 32-bit integer, a data type composed of 32 binary digits (bits) which represent an integer value, with 'signed' meaning that the number can represent both positive and negative numbers, as well as zero; and is usually stored in two's complement format. Thus, a signed 32-bit integer can only represent integer values from âÂÂ(2) to 2 â 1 inclusive. Consequently, if a signed 32-bit integer is used to store Unix time, the latest time that can be stored is 2 â 1 () seconds after epoch, which is . Systems that attempt to increment this value by one more second to 2 seconds after epoch () will suffer integer overflow, inadvertently flipping the sign bit to indicate a negative number. This changes the integer value to âÂÂ(2), or 2 seconds before epoch rather than after, which systems will interpret as . From here, systems will continue to count up, toward zero, and then up through the positive integers again. As many computer systems use time computations to run critical functions, the bug may introduce serious problems.
Any system using data structures with signed 32-bit time representations has an inherent risk of failing. A full list of these data structures is virtually impossible to derive, but there are well-known data structures that have the Unix time problem:
Embedded systems that use dates for either computation or diagnostic logging are most likely to be affected by the Y2038 problem. Despite the modern 18âÂÂ24 month generational update in computer systems technology, embedded systems are designed to last the lifetime of the machine in which they are a component. It is conceivable that some of these systems may still be in use in 2038. It may be difficult or, in some cases, impossible to upgrade the software running these systems, ultimately requiring replacement if the 32-bit limitations are to be corrected.
Many transportation systems, from flight to automobiles, use embedded systems extensively. In automotive systems, this may include anti-lock braking system (ABS), electronic stability control (ESC/ESP), traction control (TCS), and automatic four-wheel drive; aircraft may use inertial guidance systems and GPS receivers.
Another major use of embedded systems is in communications devices, including cell phones and Internet-enabled appliances (e.g. routers, wireless access points, IP cameras) which rely on storing an accurate time and date and are increasingly based on Unix-like operating systems.
However, this does not imply that all embedded systems will suffer from the Y2038 problem, since many such systems do not require access to dates. For those that do, those systems which only track the difference between times/dates and not absolute times/dates will, by the nature of the calculation, not experience a major problem. This is the case for automotive diagnostics based on legislated standards such as CARB (California Air Resources Board).
In May 2006, reports surfaced of an early manifestation of the Y2038 problem in the AOLserver software. The software was designed with a kludge to handle a database request that should "never" time out. Rather than specifically handling this special case, the initial design simply specified an arbitrary time-out date in the future with a default configuration specifying that requests should time out after a maximum of one billion seconds. However, one billion seconds before the 2038 cutoff date is 01:27:28 UTC on 13 May 2006, so requests sent after this time would result in a time-out date which is beyond the cutoff. This made time-out calculations overflow and return dates that were actually in the past, causing software to crash. When the problem was discovered, AOLServer operators had to edit the configuration file and set the time-out to a lower value.
Many types of self-signed CA certificates generated on 32-bit systems can have very long expiration dates that go beyond the rollover point, which will make them not work correctly, affecting HTTPS verifications on services (for instance VPNs) and sites that use them.
The MS Filtering Engine Update anti-malware functions of Microsoft Exchange Server installations broke on January 1, 2022 after an update. The functions mapped the processed UpdateVersion numbers (which used a 9- or 10-digit YY-MM-DD-n format) to the Unix time stamp numbers despite their times being very different, so when the engine received the 220101001 (22-01-01 v001) update, which it took to mean 2201010001 with an extra zero near the end, it tried mapping it to the 32-bit Unix time's number and failed due to being higher than 2147483647. Affected Exchange servers failed to work unless they turned off the anti-malware functions, and an automated fix was published on January 5, 2022.
In Oracle Access Management version 10.1.4.3 for Windows, the Identity Console component sets a cookie containing UI preferences with an expiry of 500,000,000 seconds in the future (approximately 15 years, 312 days). This is beyond 19 January 2038 and so it throws an exception for certain search activities after 02:20:48 UTC on 17 March 2022 because the <code>gmtime_r()</code> call cannot convert the number provided to a date to write to the cookie.
There is no universal solution for the Year 2038 problem. For example, in the C language, any change to the definition of the <code>time_t</code> data type would result in code-compatibility problems in any application in which date and time representations are dependent on the nature of the signed 32-bit <code>time_t</code> integer. Changing <code>time_t</code> to an unsigned 32-bit integer, which would extend the range to 2106 (specifically, 06:28:15 UTC on Sunday, 7 February 2106), would adversely affect programs that store, retrieve, or manipulate dates prior to 1970, as such dates are represented by negative numbers. Increasing the size of the <code>time_t</code> type to 64 bits in an existing system would cause incompatible changes to the layout of structures and the binary interface of functions.
Most operating systems designed to run on 64-bit hardware already use signed 64-bit <code>time_t</code> integers. Using a signed 64-bit value introduces a new wraparound date that is over twenty times greater than the estimated age of the universe: approximately 292 billion years from now. The ability to make computations on dates is limited by the fact that <code>tm_year</code> uses a signed 32-bit integer value starting at 1900 for the year. This limits the year to a maximum of 2,147,485,547 (2,147,483,647 + 1900).
Alternative proposals have been made (some of which are already in use), such as storing either milliseconds or microseconds since an epoch (typically either 1 January 1970 or 1 January 2000) in a signed 64-bit integer, providing a minimum range of 292,000 years at microsecond resolution. In particular, Java's and JavaScript's use of 64-bit signed integers to represent absolute timestamps as "milliseconds since 1 January 1970" will work correctly for the next . Other proposals for new time representations provide different precisions, ranges, and sizes (almost always wider than 32 bits), as well as solving other related problems, such as the handling of leap seconds. In particular, TAI64 is an implementation of the International Atomic Time (TAI) standard, the current international real-time standard for defining a second and frame of reference.