Comparison with Instant of u32::MAX is unsound

[henrikssn]

I try this code on a thumbv7em-none-eabihf target:

defmt::println!("{:?}", TimerInstantU32::<100_000_000>::from_ticks(u32::MAX) > TimerInstantU32::<100_000_000>::from_ticks(1000));

Output:

0.099983 false

Since u32::MAX > 1000, something seems to be wrong inside of const_cmp?

[korken89]

Hi, this looks correct to me.
Instant supports time which can roll over, so the maximum range is MAX/2 - 1.

I think the documentation needs clarification here

[korken89]

And thanks for bringing this to my attention!

[henrikssn]

Interesting, thanks for the explanation! What do you think about adding an Instant::MAX constant? :)

[korken89]

I see what you want, but it would be difficult.
As every instant is relative another instant there is no absolute MAX value, it's simply MAX/2 - 1 that is the maximum relative offset that is valid without overflow.

Does that make sense?

[henrikssn]

Hmm, I think so. If we would define u32::MAX/2 - 1 as MAX, would it then be true that

Instant::MAX + Instant::from_ticks(1) > Instant::MAX

[korken89]

That is correct.

[korken89]

You can run this test to verify:

    #[test]
    fn yolo() {
        let max = Instant::<u32, 1, 1>::from_ticks(core::u32::MAX / 2 - 1);
        let maxpone = Instant::<u32, 1, 1>::from_ticks(core::u32::MAX / 2);

        assert!(maxpone > max);
    }