finetime 0.8.1

High-fidelity time library for applications where sub-nanosecond accuracy and exact arithmetic are needed
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818

//! Differences between two time points may be expressed as `Duration`s. These are little more than
//! a count of some unit (or multiple units) of time elapsed between those two time points. This
//! concept is similar to that applied in the C++ `chrono` library.

use core::{
    fmt::Debug,
    hash::Hash,
    ops::{Add, AddAssign, Div, Mul, Neg, Sub, SubAssign},
};

use num_traits::{Bounded, ConstZero, Signed, Zero};

use crate::{
    Fraction, FractionalDigits, MulCeil, MulFloor, MulRound, TryFromExact, TryIntoExact, TryMul,
    units::{
        Atto, ConvertUnit, Femto, Micro, Milli, Nano, Pico, Second, SecondsPerDay,
        SecondsPerHalfDay, SecondsPerHour, SecondsPerMinute, SecondsPerMonth, SecondsPerWeek,
        SecondsPerYear, TryConvertUnit, UnitRatio,
    },
};

/// A `Duration` represents the difference between two time points. It has an associated
/// `Representation`, which determines how the count of elapsed ticks is stored. The `Period`
/// determines the integer (!) ratio of each tick to seconds. This may be used to convert between
/// `Duration`s of differing time units.
pub struct Duration<Representation, Period: ?Sized = Second> {
    count: Representation,
    period: core::marker::PhantomData<Period>,
}

impl<Representation, Period> Duration<Representation, Period>
where
    Period: ?Sized,
{
    /// Constructs a new `Duration` from a given number of time units.
    pub const fn new(count: Representation) -> Self {
        Self {
            count,
            period: core::marker::PhantomData,
        }
    }

    /// Returns the raw number of time units contained in this `Duration`. It is advised not to
    /// use this function unless absolutely necessary, as it effectively throws away all time unit
    /// information and safety.
    pub const fn count(&self) -> Representation
    where
        Representation: Copy,
    {
        self.count
    }

    /// Returns an iterator over the fractional (sub-unit) digits of this duration. Useful as
    /// helper function when printing durations.
    pub fn fractional_digits(&self, precision: Option<usize>, base: u8) -> impl Iterator<Item = u8>
    where
        Representation: Copy + FractionalDigits,
        Period: UnitRatio,
    {
        self.count
            .fractional_digits(Period::FRACTION, precision, base)
    }

    /// Returns an iterator over the fractional (sub-unit) digits of this duration, expressed in
    /// decimal. Useful as helper function when printing durations.
    pub fn decimal_digits(&self, precision: Option<usize>) -> impl Iterator<Item = u8>
    where
        Representation: Copy + FractionalDigits,
        Period: UnitRatio,
    {
        self.fractional_digits(precision, 10)
    }

    /// Converts a `Duration` towards a different time unit. May only be used if the time unit is
    /// smaller than the current one (e.g., seconds to milliseconds) or if the representation of
    /// this `Duration` is a float.
    pub fn into_unit<Target>(self) -> Duration<Representation, Target>
    where
        Representation: ConvertUnit<Period, Target>,
        Target: ?Sized,
    {
        Duration::new(self.count.convert())
    }

    /// Tries to convert a `Duration` towards a different time unit. Will only return a result if
    /// the conversion is lossless.
    pub fn try_into_unit<Target>(self) -> Option<Duration<Representation, Target>>
    where
        Representation: TryConvertUnit<Period, Target>,
        Target: ?Sized,
    {
        Some(Duration::new(self.count.try_convert()?))
    }

    /// Converts towards a different time unit, rounding towards the nearest whole unit.
    pub fn round<Target>(self) -> Duration<Representation, Target>
    where
        Representation: MulRound<Fraction, Output = Representation>,
        Target: UnitRatio + ?Sized,
        Period: UnitRatio,
    {
        let unit_ratio = Period::FRACTION.divide_by(&Target::FRACTION);
        Duration::new(self.count.mul_round(unit_ratio))
    }

    /// Converts towards a different time unit, rounding towards positive infinity if the unit is
    /// not entirely commensurate with the present unit.
    pub fn ceil<Target>(self) -> Duration<Representation, Target>
    where
        Representation: MulCeil<Fraction, Output = Representation>,
        Target: UnitRatio + ?Sized,
        Period: UnitRatio,
    {
        let unit_ratio = Period::FRACTION.divide_by(&Target::FRACTION);
        Duration::new(self.count.mul_ceil(unit_ratio))
    }

    /// Converts towards a different time unit, rounding towards negative infinity if the unit is
    /// not entirely commensurate with the present unit.
    pub fn floor<Target>(self) -> Duration<Representation, Target>
    where
        Representation: MulFloor<Fraction, Output = Representation>,
        Target: UnitRatio + ?Sized,
        Period: UnitRatio,
    {
        let unit_ratio = Period::FRACTION.divide_by(&Target::FRACTION);
        Duration::new(self.count.mul_floor(unit_ratio))
    }

    /// Segments this `Duration` by factoring out the largest possible number of whole multiples of
    /// a given unit. Returns this whole number as well as the remainder.
    ///
    /// An example would be factoring out the number of whole days from some elapsed time: then,
    /// `self.factor_out()` would return a tuple of the number of whole days and the fractional
    /// day part that remains.
    pub fn factor_out<Unit>(
        self,
    ) -> (
        Duration<Representation, Unit>,
        Duration<Representation, Period>,
    )
    where
        Representation: Copy
            + MulFloor<Fraction, Output = Representation>
            + Sub<Representation, Output = Representation>
            + ConvertUnit<Unit, Period>,
        Period: UnitRatio,
        Unit: UnitRatio + ?Sized,
    {
        let factored = self.floor::<Unit>();
        let remainder = self - factored.into_unit();
        (factored, remainder)
    }

    /// Infallibly converts towards a different representation.
    pub fn cast<Target>(self) -> Duration<Target, Period>
    where
        Representation: Into<Target>,
    {
        Duration::new(self.count.into())
    }

    /// Converts towards a different representation. If the underlying representation cannot store
    /// the result of this cast, returns an appropriate `Error`.
    pub fn try_cast<Target>(
        self,
    ) -> Result<Duration<Target, Period>, <Representation as TryIntoExact<Target>>::Error>
    where
        Representation: TryIntoExact<Target>,
    {
        Ok(Duration::new(self.count.try_into_exact()?))
    }
}

#[cfg(kani)]
impl<Representation: kani::Arbitrary, Period> kani::Arbitrary for Duration<Representation, Period>
where
    Period: ?Sized,
{
    fn any() -> Self {
        Duration::new(kani::any())
    }
}

impl<Representation, Period> Debug for Duration<Representation, Period>
where
    Representation: Debug,
    Period: ?Sized,
{
    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
        f.debug_struct("Duration")
            .field("count", &self.count)
            .field("period", &self.period)
            .finish()
    }
}

impl<Representation, Period> Copy for Duration<Representation, Period>
where
    Representation: Copy,
    Period: ?Sized,
{
}

impl<Representation, Period> Clone for Duration<Representation, Period>
where
    Representation: Clone,
    Period: ?Sized,
{
    fn clone(&self) -> Self {
        Self::new(self.count.clone())
    }
}

impl<Representation, Period> PartialEq for Duration<Representation, Period>
where
    Representation: PartialEq,
    Period: ?Sized,
{
    fn eq(&self, other: &Self) -> bool {
        self.count == other.count
    }
}

impl<Representation, Period> Eq for Duration<Representation, Period>
where
    Representation: Eq,
    Period: ?Sized,
{
}

impl<Representation, Period> PartialOrd for Duration<Representation, Period>
where
    Representation: PartialOrd,
    Period: ?Sized,
{
    fn partial_cmp(&self, other: &Self) -> Option<core::cmp::Ordering> {
        self.count.partial_cmp(&other.count)
    }
}

impl<Representation, Period> Ord for Duration<Representation, Period>
where
    Representation: Ord,
    Period: ?Sized,
{
    fn cmp(&self, other: &Self) -> core::cmp::Ordering {
        self.count.cmp(&other.count)
    }
}

impl<Representation, Period> Hash for Duration<Representation, Period>
where
    Representation: Hash,
    Period: ?Sized,
{
    fn hash<H: core::hash::Hasher>(&self, state: &mut H) {
        self.count.hash(state);
    }
}

/// A duration that is expressed in terms of attoseconds.
pub type AttoSeconds<T> = Duration<T, Atto>;
/// A duration that is expressed in units of femtoseconds.
pub type FemtoSeconds<T> = Duration<T, Femto>;
/// A duration that is expressed in units of picoseconds.
pub type PicoSeconds<T> = Duration<T, Pico>;
/// A duration that is expressed in units of nanoseconds.
pub type NanoSeconds<T> = Duration<T, Nano>;
/// A duration that is expressed in units of microseconds.
pub type MicroSeconds<T> = Duration<T, Micro>;
/// A duration that is expressed in units of milliseconds.
pub type MilliSeconds<T> = Duration<T, Milli>;
/// A duration that is expressed in units of seconds.
pub type Seconds<T> = Duration<T, Second>;
/// A duration that is expressed in units of minutes.
pub type Minutes<T> = Duration<T, SecondsPerMinute>;
/// A duration that is expressed in units of hours.
pub type Hours<T> = Duration<T, SecondsPerHour>;
/// A duration that is expressed in units of half days.
pub type HalfDays<T> = Duration<T, SecondsPerHalfDay>;
/// A duration that is expressed in units of days.
pub type Days<T> = Duration<T, SecondsPerDay>;
/// A duration that is expressed in terms of weeks.
pub type Weeks<T> = Duration<T, SecondsPerWeek>;
/// The length of 1/12 of an average year in the Gregorian calendar.
pub type Months<T> = Duration<T, SecondsPerMonth>;
/// The length of an average year in the Gregorian calendar.
pub type Years<T> = Duration<T, SecondsPerYear>;

/// Two `Duration`s may only be added if they are of the same `Period`. We also (relatively
/// arbitrarily) restrict addition to `Duration`s with the same underlying representation. This
/// turns out to be very useful in improving type inference, with the reduced flexibility being of
/// little consequence for any "regular" representation.
impl<Representation, Period> Add for Duration<Representation, Period>
where
    Representation: Add<Output = Representation>,
    Period: ?Sized,
{
    type Output = Self;

    fn add(self, rhs: Self) -> Self::Output {
        Self::Output {
            count: self.count + rhs.count,
            period: core::marker::PhantomData,
        }
    }
}

impl<Representation, Period> AddAssign<Duration<Representation, Period>>
    for Duration<Representation, Period>
where
    Representation: AddAssign<Representation>,
    Period: ?Sized,
{
    fn add_assign(&mut self, rhs: Duration<Representation, Period>) {
        self.count += rhs.count;
    }
}

/// Two `Duration`s may only be subtracted if they are of the same `Period`.  We also (relatively
/// arbitrarily) restrict subtraction to `Duration`s with the same underlying representation. This
/// turns out to be very useful in improving type inference, with the reduced flexibility being of
/// little consequence for any "regular" representation.
impl<Representation, Period> Sub for Duration<Representation, Period>
where
    Representation: Sub<Output = Representation>,
    Period: ?Sized,
{
    type Output = Self;

    fn sub(self, rhs: Self) -> Self::Output {
        Self::Output {
            count: self.count - rhs.count,
            period: core::marker::PhantomData,
        }
    }
}

impl<R1, R2, Period> SubAssign<Duration<R2, Period>> for Duration<R1, Period>
where
    R1: SubAssign<R2>,
    Period: ?Sized,
{
    fn sub_assign(&mut self, rhs: Duration<R2, Period>) {
        self.count -= rhs.count;
    }
}

/// A `Duration` may be negated if its `Representation` is `Signed`. This means nothing more than
/// reversing its direction in time.
impl<Representation, Period> Neg for Duration<Representation, Period>
where
    Representation: Neg<Output = Representation>,
    Period: ?Sized,
{
    type Output = Self;

    fn neg(self) -> Self::Output {
        Self {
            count: self.count.neg(),
            period: core::marker::PhantomData,
        }
    }
}

impl<R1, R2, Period> Mul<R2> for Duration<R1, Period>
where
    R1: Mul<R2>,
    Period: ?Sized,
{
    type Output = Duration<<R1 as Mul<R2>>::Output, Period>;

    /// A `Duration` may not be multiplied with another `Duration` (as that is undefined), but it may
    /// be multiplied with unitless numbers.
    fn mul(self, rhs: R2) -> Self::Output {
        Self::Output {
            count: self.count * rhs,
            period: core::marker::PhantomData,
        }
    }
}

impl<R1, R2, Period> Div<R2> for Duration<R1, Period>
where
    R1: Div<R2>,
    Period: ?Sized,
{
    type Output = Duration<<R1 as Div<R2>>::Output, Period>;

    /// A `Duration` may may be divided by unitless numbers to obtain a new `Duration`.
    fn div(self, rhs: R2) -> Self::Output {
        Self::Output {
            count: self.count / rhs,
            period: core::marker::PhantomData,
        }
    }
}

impl<Representation, Period> Bounded for Duration<Representation, Period>
where
    Representation: Bounded,
    Period: ?Sized,
{
    /// Returns the `Duration` value that is nearest to negative infinity.
    fn min_value() -> Self {
        Self {
            count: Representation::min_value(),
            period: core::marker::PhantomData,
        }
    }

    /// Returns the `Duration` value that is nearest to positive infinity.
    fn max_value() -> Self {
        Self {
            count: Representation::max_value(),
            period: core::marker::PhantomData,
        }
    }
}

impl<Representation, Period> Zero for Duration<Representation, Period>
where
    Representation: Zero,
    Period: ?Sized,
{
    /// Returns a `Duration` value that represents no time passed.
    fn zero() -> Self {
        Self {
            count: Representation::zero(),
            period: core::marker::PhantomData,
        }
    }

    /// Whether this `Duration` has any duration.
    fn is_zero(&self) -> bool {
        self.count.is_zero()
    }
}

impl<Representation, Period> ConstZero for Duration<Representation, Period>
where
    Representation: ConstZero,
    Period: ?Sized,
{
    const ZERO: Self = Self {
        count: Representation::ZERO,
        period: core::marker::PhantomData,
    };
}

impl<Representation, Period> Duration<Representation, Period>
where
    Representation: Signed,
    Period: ?Sized,
{
    pub fn abs(&self) -> Self {
        Self {
            count: self.count.abs(),
            period: core::marker::PhantomData,
        }
    }

    pub fn abs_sub(&self, other: &Self) -> Self {
        Self {
            count: self.count.abs_sub(&other.count),
            period: core::marker::PhantomData,
        }
    }

    pub fn signum(&self) -> Self {
        Self {
            count: self.count.signum(),
            period: core::marker::PhantomData,
        }
    }

    pub fn is_positive(&self) -> bool {
        self.count.is_positive()
    }

    pub fn is_negative(&self) -> bool {
        self.count.is_negative()
    }
}

impl<Representation, Period> TryMul<Fraction> for Duration<Representation, Period>
where
    Representation: TryMul<Fraction>,
    Period: ?Sized,
{
    type Output = Duration<<Representation as TryMul<Fraction>>::Output, Period>;

    fn try_mul(self, rhs: Fraction) -> Option<Self::Output> {
        Some(Duration {
            count: self.count.try_mul(rhs)?,
            period: core::marker::PhantomData,
        })
    }
}

impl<Representation, Period> TryMul<Duration<Representation, Period>> for Fraction
where
    Representation: TryMul<Fraction>,
    Period: ?Sized,
{
    type Output = Duration<<Representation as TryMul<Fraction>>::Output, Period>;

    fn try_mul(self, rhs: Duration<Representation, Period>) -> Option<Self::Output> {
        Some(Duration {
            count: rhs.count.try_mul(self)?,
            period: core::marker::PhantomData,
        })
    }
}

impl<Representation, Period> MulRound<Fraction> for Duration<Representation, Period>
where
    Representation: MulRound<Fraction>,
    Period: ?Sized,
{
    type Output = Duration<<Representation as MulRound<Fraction>>::Output, Period>;

    fn mul_round(self, rhs: Fraction) -> Self::Output {
        Duration {
            count: self.count.mul_round(rhs),
            period: core::marker::PhantomData,
        }
    }
}

impl<Representation, Period> MulRound<Duration<Representation, Period>> for Fraction
where
    Representation: MulRound<Fraction>,
    Period: ?Sized,
{
    type Output = Duration<<Representation as MulRound<Fraction>>::Output, Period>;

    fn mul_round(self, rhs: Duration<Representation, Period>) -> Self::Output {
        Duration {
            count: rhs.count.mul_round(self),
            period: core::marker::PhantomData,
        }
    }
}

impl<Representation, Period> MulCeil<Fraction> for Duration<Representation, Period>
where
    Representation: MulCeil<Fraction>,
    Period: ?Sized,
{
    type Output = Duration<<Representation as MulCeil<Fraction>>::Output, Period>;

    fn mul_ceil(self, rhs: Fraction) -> Self::Output {
        Duration {
            count: self.count.mul_ceil(rhs),
            period: core::marker::PhantomData,
        }
    }
}

impl<Representation, Period> MulCeil<Duration<Representation, Period>> for Fraction
where
    Representation: MulCeil<Fraction>,
    Period: ?Sized,
{
    type Output = Duration<<Representation as MulCeil<Fraction>>::Output, Period>;

    fn mul_ceil(self, rhs: Duration<Representation, Period>) -> Self::Output {
        Duration {
            count: rhs.count.mul_ceil(self),
            period: core::marker::PhantomData,
        }
    }
}

impl<Representation, Period> MulFloor<Fraction> for Duration<Representation, Period>
where
    Representation: MulFloor<Fraction>,
    Period: ?Sized,
{
    type Output = Duration<<Representation as MulFloor<Fraction>>::Output, Period>;

    fn mul_floor(self, rhs: Fraction) -> Self::Output {
        Duration {
            count: self.count.mul_floor(rhs),
            period: core::marker::PhantomData,
        }
    }
}

impl<Representation, Period> MulFloor<Duration<Representation, Period>> for Fraction
where
    Representation: MulFloor<Fraction>,
    Period: ?Sized,
{
    type Output = Duration<<Representation as MulFloor<Fraction>>::Output, Period>;

    fn mul_floor(self, rhs: Duration<Representation, Period>) -> Self::Output {
        Duration {
            count: rhs.count.mul_floor(self),
            period: core::marker::PhantomData,
        }
    }
}

impl<R1, R2, Period> TryFromExact<Duration<R2, Period>> for Duration<R1, Period>
where
    R1: TryFromExact<R2>,
    Period: ?Sized,
{
    type Error = <R1 as TryFromExact<R2>>::Error;

    fn try_from_exact(value: Duration<R2, Period>) -> Result<Self, Self::Error> {
        let count = value.count.try_into_exact()?;
        Ok(Duration::new(count))
    }
}

/// Verification of the fact that conversions to SI units result in the expected ratios.
#[test]
fn convert_si_unit_seconds() {
    let seconds = Seconds::new(1.0f64);
    let milliseconds: MilliSeconds<_> = seconds.into_unit();
    assert_eq!(milliseconds.count(), 1_000.);

    let seconds = Seconds::new(1u64);
    let milliseconds: MilliSeconds<_> = seconds.into_unit();
    let microseconds: MicroSeconds<_> = seconds.into_unit();
    let nanoseconds: NanoSeconds<_> = seconds.into_unit();
    let picoseconds: PicoSeconds<_> = seconds.into_unit();
    let femtoseconds: FemtoSeconds<_> = seconds.into_unit();
    let attoseconds: AttoSeconds<_> = seconds.into_unit();

    assert_eq!(milliseconds.count(), 1_000);
    assert_eq!(microseconds.count(), 1_000_000);
    assert_eq!(nanoseconds.count(), 1_000_000_000);
    assert_eq!(picoseconds.count(), 1_000_000_000_000);
    assert_eq!(femtoseconds.count(), 1_000_000_000_000_000);
    assert_eq!(attoseconds.count(), 1_000_000_000_000_000_000);
}

/// Verification of the fact that conversions to binary fractions result in the expected ratios.
#[test]
fn convert_binary_fraction_seconds() {
    use crate::units::*;
    let seconds = Seconds::new(1u64);
    let fraction1: Duration<_, BinaryFraction1> = seconds.into_unit();
    let fraction2: Duration<_, BinaryFraction2> = seconds.into_unit();
    let fraction3: Duration<_, BinaryFraction3> = seconds.into_unit();
    let fraction4: Duration<_, BinaryFraction4> = seconds.into_unit();
    let fraction5: Duration<_, BinaryFraction5> = seconds.into_unit();
    let fraction6: Duration<_, BinaryFraction6> = seconds.into_unit();

    assert_eq!(fraction1.count(), 0x100);
    assert_eq!(fraction2.count(), 0x10000);
    assert_eq!(fraction3.count(), 0x1000000);
    assert_eq!(fraction4.count(), 0x100000000);
    assert_eq!(fraction5.count(), 0x10000000000);
    assert_eq!(fraction6.count(), 0x1000000000000);
}

/// Verification of the rounding behaviour of `Duration`s when a float is used as underlying
/// representation.
#[test]
fn rounding_floats() {
    let thirteen_hours = Hours::new(13.);
    assert_eq!(thirteen_hours.round(), Days::new(1.));

    let eleven_hours = Hours::new(11.);
    assert_eq!(eleven_hours.round(), Days::new(0.));

    let six_days = Days::new(6.);
    assert_eq!(six_days.round(), Weeks::new(1.));

    let year_fraction = Days::new(550.);
    assert_eq!(year_fraction.round(), Years::new(2.));
}

#[cfg(kani)]
mod proof_harness {
    use super::*;
    use crate::units::*;
    use paste::paste;

    /// Macro for the creation of proof harnesses that verify (formally) that a given integer
    /// roundtrip conversion will never fail, and that it will result in the original value. The
    /// only precondition is that the original value is small enough such that the multiplication
    /// does not overflow.
    macro_rules! proof_roundtrip {
        ($repr:ty, $to:ty) => {
            paste! {
                #[kani::proof]
                fn [<roundtrip_ $to:lower _ $repr:lower>]() {
                    let a: Seconds<$repr> = kani::any();
                    let numerator: Option<$repr> = <$to>::FRACTION.numerator().try_into().ok();
                    let denominator: Option<$repr> = <$to>::FRACTION.denominator().try_into().ok();

                    // We only check this conversion if the numerator and denominator can actually
                    // be represented by the target representation. It doesn't make sense, for
                    // example, to check the conversion from seconds to milliseconds for a `u8`, for
                    // example, because the conversion factor 1_000 means that a valid
                    // `Seconds<u8>` cannot be converted to a valid `MilliSeconds<u8>`.
                    if let (Some(numerator), Some(denominator)) = (numerator, denominator) {
                        kani::assume(a <= Seconds::new(<$repr>::max_value() / denominator));
                        kani::assume(a >= Seconds::new(<$repr>::min_value() / denominator));
                        let b: Duration<_, $to> = a.into_unit();
                        assert_eq!(b.count(), (a.count() * denominator) / numerator);
                        let c: Seconds<_> = b.try_into_unit().unwrap();
                        assert_eq!(a, c);
                    }
                }
            }
        };
    }

    proof_roundtrip!(u64, Atto);
    proof_roundtrip!(u64, Femto);
    proof_roundtrip!(u32, Milli);

    proof_roundtrip!(u64, BinaryFraction1);
    proof_roundtrip!(u64, BinaryFraction2);
    proof_roundtrip!(u64, BinaryFraction3);
    proof_roundtrip!(u64, BinaryFraction4);
    proof_roundtrip!(u64, BinaryFraction5);
    proof_roundtrip!(u64, BinaryFraction6);

    proof_roundtrip!(i64, BinaryFraction1);
    proof_roundtrip!(i64, BinaryFraction2);
    proof_roundtrip!(i64, BinaryFraction3);
    proof_roundtrip!(i64, BinaryFraction4);
    proof_roundtrip!(i64, BinaryFraction5);
    proof_roundtrip!(i64, BinaryFraction6);

    /// Macro for the creation of proof harnesses that verify (formally) that a given integer
    /// rounding will never fail. The only precondition is that the number is small enough not to
    /// result in overflow when multiplied with the unit conversion factor.
    macro_rules! proof_rounding {
        ($repr:ty, $to:ty) => {
            paste! {
                #[kani::proof]
                fn [<rounding_ $to:lower _ $repr:lower>]() {
                    let a: Seconds<$repr> = kani::any();
                    let numerator: Option<$repr> = <$to>::FRACTION.numerator().try_into().ok();
                    let denominator: Option<$repr> = <$to>::FRACTION.denominator().try_into().ok();

                    // We only check this conversion if the numerator and denominator can actually
                    // be represented by the target representation. It doesn't make sense, for
                    // example, to check the conversion from seconds to milliseconds for a `u8`, for
                    // example, because the conversion factor 1_000 means that a valid
                    // `Seconds<u8>` cannot be converted to a valid `MilliSeconds<u8>`.
                    if let (Some(_), Some(denominator)) = (numerator, denominator) {
                        kani::assume(a < Seconds::new(<$repr>::max_value() / denominator));
                        kani::assume(a > Seconds::new(<$repr>::min_value() / denominator));
                        let _: Duration<_, $to> = a.round();
                        let _: Duration<_, $to> = a.ceil();
                        let _: Duration<_, $to> = a.floor();
                    }
                }
            }
        };
    }

    /// Repeats the rounding proof harness for all primitive integer types.
    macro_rules! proof_rounding_all_integers {
        ($to:ty) => {
            proof_rounding!(u128, $to);
            proof_rounding!(u64, $to);
            proof_rounding!(u32, $to);
            proof_rounding!(u16, $to);
            proof_rounding!(u8, $to);
            proof_rounding!(i128, $to);
            proof_rounding!(i64, $to);
            proof_rounding!(i32, $to);
            proof_rounding!(i16, $to);
            proof_rounding!(i8, $to);
        };
    }

    proof_rounding_all_integers!(Atto);
    proof_rounding_all_integers!(Femto);
    proof_rounding_all_integers!(Pico);
    proof_rounding_all_integers!(Nano);
    proof_rounding_all_integers!(Micro);
    proof_rounding_all_integers!(Milli);
    proof_rounding_all_integers!(Centi);
    proof_rounding_all_integers!(BinaryFraction1);
    proof_rounding_all_integers!(BinaryFraction2);
    proof_rounding_all_integers!(BinaryFraction3);
    proof_rounding_all_integers!(BinaryFraction4);
    proof_rounding_all_integers!(BinaryFraction5);
    proof_rounding_all_integers!(BinaryFraction6);
    proof_rounding_all_integers!(SecondsPerMinute);
    proof_rounding_all_integers!(SecondsPerHour);
    proof_rounding_all_integers!(SecondsPerDay);
    proof_rounding_all_integers!(SecondsPerWeek);
    proof_rounding_all_integers!(SecondsPerMonth);
    proof_rounding_all_integers!(SecondsPerYear);
}

/// Verifies that integer rounding logic is implemented correctly for some known values.
#[test]
fn rounding_integers() {
    let thirteen_hours = Hours::new(13);
    assert_eq!(thirteen_hours.round(), Days::new(1));

    let eleven_hours = Hours::new(11);
    assert_eq!(eleven_hours.round(), Days::new(0));

    let six_days = Days::new(6);
    assert_eq!(six_days.round(), Weeks::new(1));

    let year_fraction = Days::new(550);
    assert_eq!(year_fraction.round(), Years::new(2));

    let seconds_per_minute = Seconds::new(-99i8);
    assert_eq!(seconds_per_minute.round(), Minutes::new(-2));
}