Expand description
Resource limits (T17.1b) — generous hard caps on input-driven dimensions.
Reference zic caps none of these, so every cap here is a bucket-3 intentional safer
divergence (see docs/differences-from-reference-zic.md): a reliability boundary that stops a
malformed or adversarial source set from exhausting memory before compile ever
runs. The defaults sit far above any real tzdb (2026b: ~350 zones, ~600 links, tens of rules
per set, 27 leap seconds, link chains 1–3 deep, ~15 eras per zone), so no legitimate input is ever
rejected — they exist only to bound the pathological tail.
A breach is a plain Error::config (exit 1), not a ZIC###
diagnostic: a cap is an operational safety limit, not a zic-grammar violation, so the diagnostic
contract’s code space stays reserved for source-grammar conditions. This pairs with the
tzif::validate::parse bounds-guard (T17.1a) and the panic policy (docs/panic-policy.md).
Structs§
- Resource
Limits - Generous reliability caps on input-driven resource dimensions.
Defaultis the production set; tests construct tiny instances to exercise enforcement without giant fixtures, and a future CLI (T17.2) can expose overrides.
Constants§
- DEFAULT_
LEAP_ COUNT_ MAX - Default cap on leap-second-table entries (real: 27).
- DEFAULT_
LINK_ CHAIN_ DEPTH_ MAX - Default cap on link-chain resolution depth (real chains are 1–3 hops; also bounds the
visited.containscost inresolve_link_target). - DEFAULT_
LINK_ COUNT_ MAX - Default cap on the number of
Linkrecords (real: ~600). - DEFAULT_
RULE_ COUNT_ MAX - Default cap on the number of
Rulerows in any one named rule set (real: tens–hundreds). - DEFAULT_
SOURCE_ BYTES_ MAX - Default per-file source-byte ceiling (512 MiB; a real
tzdata.ziis a few hundred KB). - DEFAULT_
ZONE_ COUNT_ MAX - Default cap on the number of
Zonerecords (real tzdb: ~350). - DEFAULT_
ZONE_ ERA_ COUNT_ MAX - Default cap on continuation eras within a single
Zone(real: ~15).