inductive Cedar.TPE.Error : Type

• evaluation (err : Spec.Error) : Error
• invalidPolicy (err : Validation.TypeError) : Error
• invalidEnvironment : Error
• invalidRequestOrEntities : Error

def Cedar.TPE.instReprError.repr : Error → Nat → Std.Format

Equations

• One or more equations did not get rendered due to their size.

instance Cedar.TPE.instReprError : Repr Error

Equations

• Cedar.TPE.instReprError = { reprPrec := Cedar.TPE.instReprError.repr }

def Cedar.TPE.instInhabitedError.default : Error

Equations

• Cedar.TPE.instInhabitedError.default = Cedar.TPE.Error.invalidEnvironment

instance Cedar.TPE.instInhabitedError : Inhabited Error

Equations

• Cedar.TPE.instInhabitedError = { default := Cedar.TPE.instInhabitedError.default }

def Cedar.TPE.instDecidableEqError.decEq (x✝ x✝¹ : Error) : Decidable (x✝ = x✝¹)

Equations

• Cedar.TPE.instDecidableEqError.decEq (Cedar.TPE.Error.evaluation a) (Cedar.TPE.Error.evaluation b) = if h : a = b then h ▸ isTrue ⋯ else isFalse ⋯
• Cedar.TPE.instDecidableEqError.decEq (Cedar.TPE.Error.evaluation err) (Cedar.TPE.Error.invalidPolicy err_1) = isFalse ⋯
• Cedar.TPE.instDecidableEqError.decEq (Cedar.TPE.Error.evaluation err) Cedar.TPE.Error.invalidEnvironment = isFalse ⋯
• Cedar.TPE.instDecidableEqError.decEq (Cedar.TPE.Error.evaluation err) Cedar.TPE.Error.invalidRequestOrEntities = isFalse ⋯
• Cedar.TPE.instDecidableEqError.decEq (Cedar.TPE.Error.invalidPolicy err) (Cedar.TPE.Error.evaluation err_1) = isFalse ⋯
• Cedar.TPE.instDecidableEqError.decEq (Cedar.TPE.Error.invalidPolicy a) (Cedar.TPE.Error.invalidPolicy b) = if h : a = b then h ▸ isTrue ⋯ else isFalse ⋯
• Cedar.TPE.instDecidableEqError.decEq (Cedar.TPE.Error.invalidPolicy err) Cedar.TPE.Error.invalidEnvironment = isFalse ⋯
• Cedar.TPE.instDecidableEqError.decEq (Cedar.TPE.Error.invalidPolicy err) Cedar.TPE.Error.invalidRequestOrEntities = isFalse ⋯
• Cedar.TPE.instDecidableEqError.decEq Cedar.TPE.Error.invalidEnvironment (Cedar.TPE.Error.evaluation err) = isFalse ⋯
• Cedar.TPE.instDecidableEqError.decEq Cedar.TPE.Error.invalidEnvironment (Cedar.TPE.Error.invalidPolicy err) = isFalse ⋯
• Cedar.TPE.instDecidableEqError.decEq Cedar.TPE.Error.invalidEnvironment Cedar.TPE.Error.invalidEnvironment = isTrue ⋯
• Cedar.TPE.instDecidableEqError.decEq Cedar.TPE.Error.invalidEnvironment Cedar.TPE.Error.invalidRequestOrEntities = isFalse Cedar.TPE.instDecidableEqError.decEq._proof_13
• Cedar.TPE.instDecidableEqError.decEq Cedar.TPE.Error.invalidRequestOrEntities (Cedar.TPE.Error.evaluation err) = isFalse ⋯
• Cedar.TPE.instDecidableEqError.decEq Cedar.TPE.Error.invalidRequestOrEntities (Cedar.TPE.Error.invalidPolicy err) = isFalse ⋯
• Cedar.TPE.instDecidableEqError.decEq Cedar.TPE.Error.invalidRequestOrEntities Cedar.TPE.Error.invalidEnvironment = isFalse Cedar.TPE.instDecidableEqError.decEq._proof_16
• Cedar.TPE.instDecidableEqError.decEq Cedar.TPE.Error.invalidRequestOrEntities Cedar.TPE.Error.invalidRequestOrEntities = isTrue ⋯

instance Cedar.TPE.instDecidableEqError : DecidableEq Error

Equations

• Cedar.TPE.instDecidableEqError = Cedar.TPE.instDecidableEqError.decEq

instance Cedar.TPE.instCoeErrorError : Coe Spec.Error Error

Equations

• Cedar.TPE.instCoeErrorError = { coe := Cedar.TPE.Error.evaluation }

def Cedar.TPE.someOrError : Option Spec.Value → Validation.CedarType → Spec.Residual

Equations

• Cedar.TPE.someOrError (some v) x✝ = Cedar.Spec.Residual.val v x✝
• Cedar.TPE.someOrError none x✝ = Cedar.Spec.Residual.error x✝

def Cedar.TPE.someOrSelf : Option Spec.Value → Validation.CedarType → Spec.Residual → Spec.Residual

Equations

• Cedar.TPE.someOrSelf (some v) x✝¹ x✝ = Cedar.Spec.Residual.val v x✝¹
• Cedar.TPE.someOrSelf none x✝¹ x✝ = x✝

def Cedar.TPE.varₚ (req : PartialRequest) (var : Spec.Var) (ty : Validation.CedarType) : Spec.Residual

Equations

• One or more equations did not get rendered due to their size.
• Cedar.TPE.varₚ req Cedar.Spec.Var.resource ty = Cedar.TPE.varₚ.varₒ Cedar.Spec.Var.resource ty do let a ← req.resource.asEntityUID pure (Cedar.Spec.Value.prim (Cedar.Spec.Prim.entityUID a))
• Cedar.TPE.varₚ req Cedar.Spec.Var.action ty = Cedar.TPE.varₚ.varₒ Cedar.Spec.Var.action ty (some (Cedar.Spec.Value.prim (Cedar.Spec.Prim.entityUID req.action)))

def Cedar.TPE.varₚ.varₒ (var : Spec.Var) (ty : Validation.CedarType) : Option Spec.Value → Spec.Residual

Equations

• Cedar.TPE.varₚ.varₒ var ty x✝ = Cedar.TPE.someOrSelf x✝ ty (Cedar.Spec.Residual.var var ty)

def Cedar.TPE.ite (c t e : Spec.Residual) (ty : Validation.CedarType) : Spec.Residual

Equations

• Cedar.TPE.ite (Cedar.Spec.Residual.val (Cedar.Spec.Value.prim (Cedar.Spec.Prim.bool b)) ty_1) t e ty = if b = true then t else e
• Cedar.TPE.ite (Cedar.Spec.Residual.error ty_1) t e ty = Cedar.Spec.Residual.error ty
• Cedar.TPE.ite c t e ty = c.ite t e ty

def Cedar.TPE.and : Spec.Residual → Spec.Residual → Validation.CedarType → Spec.Residual

Equations

• One or more equations did not get rendered due to their size.
• Cedar.TPE.and (Cedar.Spec.Residual.val (Cedar.Spec.Value.prim (Cedar.Spec.Prim.bool true)) ty) x✝¹ x✝ = x✝¹
• Cedar.TPE.and (Cedar.Spec.Residual.error ty) x✝¹ x✝ = Cedar.Spec.Residual.error x✝
• Cedar.TPE.and x✝¹ (Cedar.Spec.Residual.val (Cedar.Spec.Value.prim (Cedar.Spec.Prim.bool true)) ty) x✝ = x✝¹
• Cedar.TPE.and x✝² x✝¹ x✝ = x✝².and x✝¹ x✝

def Cedar.TPE.or : Spec.Residual → Spec.Residual → Validation.CedarType → Spec.Residual

Equations

• One or more equations did not get rendered due to their size.
• Cedar.TPE.or (Cedar.Spec.Residual.val (Cedar.Spec.Value.prim (Cedar.Spec.Prim.bool false)) ty) x✝¹ x✝ = x✝¹
• Cedar.TPE.or (Cedar.Spec.Residual.error ty) x✝¹ x✝ = Cedar.Spec.Residual.error x✝
• Cedar.TPE.or x✝¹ (Cedar.Spec.Residual.val (Cedar.Spec.Value.prim (Cedar.Spec.Prim.bool false)) ty) x✝ = x✝¹
• Cedar.TPE.or x✝² x✝¹ x✝ = x✝².or x✝¹ x✝

def Cedar.TPE.apply₁ (op₁ : Spec.UnaryOp) (r : Spec.Residual) (ty : Validation.CedarType) : Spec.Residual

Equations

• Cedar.TPE.apply₁ op₁ (Cedar.Spec.Residual.error ty_1) ty = Cedar.Spec.Residual.error ty
• Cedar.TPE.apply₁ op₁ r ty = match r.asValue with | some v => Cedar.TPE.someOrError (Except.toOption (Cedar.Spec.apply₁ op₁ v)) ty | none => Cedar.Spec.Residual.unaryApp op₁ r ty

def Cedar.TPE.inₑ (uid₁ uid₂ : Spec.EntityUID) (es : PartialEntities) : Option Bool

Equations

• Cedar.TPE.inₑ uid₁ uid₂ es = if uid₁ = uid₂ then some true else Option.map (fun (x : Cedar.Data.Set Cedar.Spec.EntityUID) => x.contains uid₂) (es.ancestors uid₁)

def Cedar.TPE.inₛ (uid : Spec.EntityUID) (vs : Data.Set Spec.Value) (es : PartialEntities) : Option Bool

Equations

• Cedar.TPE.inₛ uid vs es = do let __do_lift ← List.mapM (Except.toOption ∘ Cedar.Spec.Value.asEntityUID) vs.toList List.anyM (fun (x : Cedar.Spec.EntityUID) => Cedar.TPE.inₑ uid x es) __do_lift

def Cedar.TPE.hasTag (uid : Spec.EntityUID) (tag : String) (es : PartialEntities) : Option Bool

Equations

• Cedar.TPE.hasTag uid tag es = Option.map (fun (x : Cedar.Data.Map String Cedar.Spec.Value) => x.contains tag) (es.tags uid)

def Cedar.TPE.getTag (uid : Spec.EntityUID) (tag : String) (es : PartialEntities) (ty : Validation.CedarType) : Spec.Residual

Equations

• One or more equations did not get rendered due to their size.

def Cedar.TPE.apply₂ (op₂ : Spec.BinaryOp) (r₁ r₂ : Spec.Residual) (es : PartialEntities) (ty : Validation.CedarType) : Spec.Residual

Equations

• One or more equations did not get rendered due to their size.

def Cedar.TPE.apply₂.self (op₂ : Spec.BinaryOp) (r₁ r₂ : Spec.Residual) (ty : Validation.CedarType) : Spec.Residual

Equations

• Cedar.TPE.apply₂.self op₂ r₁ r₂ ty = Cedar.Spec.Residual.binaryApp op₂ r₁ r₂ ty

def Cedar.TPE.attrsOf (r : Spec.Residual) (lookup : Spec.EntityUID → Option (Data.Map Spec.Attr Spec.Value)) : Option (Data.Map Spec.Attr Spec.Value)

Equations

• Cedar.TPE.attrsOf (Cedar.Spec.Residual.val (Cedar.Spec.Value.record m) ty) lookup = some m
• Cedar.TPE.attrsOf (Cedar.Spec.Residual.val (Cedar.Spec.Value.prim (Cedar.Spec.Prim.entityUID uid)) ty) lookup = lookup uid
• Cedar.TPE.attrsOf r lookup = none

def Cedar.TPE.hasAttr (r : Spec.Residual) (a : Spec.Attr) (es : PartialEntities) (ty : Validation.CedarType) : Spec.Residual

Equations

• One or more equations did not get rendered due to their size.
• Cedar.TPE.hasAttr (Cedar.Spec.Residual.error ty_1) a es ty = Cedar.Spec.Residual.error ty

def Cedar.TPE.getAttr (r : Spec.Residual) (a : Spec.Attr) (es : PartialEntities) (ty : Validation.CedarType) : Spec.Residual

Equations

• Cedar.TPE.getAttr (Cedar.Spec.Residual.error ty_1) a es ty = Cedar.Spec.Residual.error ty
• Cedar.TPE.getAttr r a es ty = match Cedar.TPE.attrsOf r es.attrs with | some m => Cedar.TPE.someOrError (m.find? a) ty | none => r.getAttr a ty

def Cedar.TPE.set (rs : List Spec.Residual) (ty : Validation.CedarType) : Spec.Residual

Equations

• One or more equations did not get rendered due to their size.

def Cedar.TPE.record (m : List (Spec.Attr × Spec.Residual)) (ty : Validation.CedarType) : Spec.Residual

Equations

• One or more equations did not get rendered due to their size.

def Cedar.TPE.call (xfn : Spec.ExtFun) (rs : List Spec.Residual) (ty : Validation.CedarType) : Spec.Residual

Equations

• One or more equations did not get rendered due to their size.

@[irreducible]

def Cedar.TPE.evaluate (x : Spec.Residual) (req : PartialRequest) (es : PartialEntities) : Spec.Residual

Equations

• One or more equations did not get rendered due to their size.
• Cedar.TPE.evaluate (Cedar.Spec.Residual.val l ty) req es = Cedar.Spec.Residual.val l ty
• Cedar.TPE.evaluate (Cedar.Spec.Residual.var v ty) req es = Cedar.TPE.varₚ req v ty
• Cedar.TPE.evaluate (Cedar.Spec.Residual.error ty) req es = Cedar.Spec.Residual.error ty
• Cedar.TPE.evaluate (x₁.ite x₂ x₃ ty) req es = Cedar.TPE.ite (Cedar.TPE.evaluate x₁ req es) (Cedar.TPE.evaluate x₂ req es) (Cedar.TPE.evaluate x₃ req es) ty
• Cedar.TPE.evaluate (x₁.and x₂ ty) req es = Cedar.TPE.and (Cedar.TPE.evaluate x₁ req es) (Cedar.TPE.evaluate x₂ req es) ty
• Cedar.TPE.evaluate (x₁.or x₂ ty) req es = Cedar.TPE.or (Cedar.TPE.evaluate x₁ req es) (Cedar.TPE.evaluate x₂ req es) ty
• Cedar.TPE.evaluate (Cedar.Spec.Residual.unaryApp op₁ x₁ ty) req es = Cedar.TPE.apply₁ op₁ (Cedar.TPE.evaluate x₁ req es) ty
• Cedar.TPE.evaluate (Cedar.Spec.Residual.binaryApp op₂ x₁ x₂ ty) req es = Cedar.TPE.apply₂ op₂ (Cedar.TPE.evaluate x₁ req es) (Cedar.TPE.evaluate x₂ req es) es ty
• Cedar.TPE.evaluate (x₁.hasAttr a ty) req es = Cedar.TPE.hasAttr (Cedar.TPE.evaluate x₁ req es) a es ty
• Cedar.TPE.evaluate (x₁.getAttr a ty) req es = Cedar.TPE.getAttr (Cedar.TPE.evaluate x₁ req es) a es ty

def Cedar.TPE.evaluatePolicy (schema : Validation.Schema) (p : Spec.Policy) (req : PartialRequest) (es : PartialEntities) : Except Error Spec.Residual

Partially evaluating a policy. Note that this function actually evaluates a type-lifted version of TypedExpr produced by the type checker, as opposed to evaluating the expression directly. This design is to simplify proofs otherwise we need to prove theorems that state type-lifting (i.e, TypedExpr.liftBoolTypes) do not change the results of evaluating residuals. The soundness theorem still holds. That is, reauthorizing the residuals produces the same outcome as authorizing the input expressions with consistent requests/entities. It is just that the types in the residuals are all lifted. We essentially trade efficiency for ease of proofs, which I (Shaobo) think is fine because the Lean model is a reference model not used in production.

Equations

• One or more equations did not get rendered due to their size.