Well-formedness and interpretations

This file defines well-formedness constraints and relations on concrete and symbolic structures. We prove correctness properties of the symbolic compiler with respect to these defintions.

Well-formedness of a concrete structure is defined with respect to a set of concrete entities es : Entities. A Value, Request, or EntityData structure is well-formed with respect to es if it references only entity UIDs that are in the domain of es; i.e., if the structure references a uid, then uid ∈ es. The set es is well-formed if it consists of well-formed EntityData structures, which amounts to saying that there are no dangling references in the entities set es. Finally, an environment Env consisting of a request req and entities es is well-formed for an expression x if es is well-formed, req is well-formed with respect to es, and es supports x. We say that es supports x if all entity UIDs referenced by x are in the domain of es. If env is well-formed for x, then evaluating x against env cannot result in an entityDoesNotExist error.

Well-formed symbolic structures are defined analagously to well-formed concrete structures. In particular, well-formedness of a symbolic structure is defined with respect to a set of symbolic entity declarations εs : SymEntities. A Term, SymRequest, or SymEntityData structure is well-formed with respect to εs if it references only entity types and UIDs that are in the domain of εs, and if all referenced term types represent valid Cedar types. An entity type ety is in the domain of εs if ety ∈ εs, and entity UID uid is in the domain of εs if εs.isValidEntityUID uid. The set εs is well-formed if it consists of well-formed SymEntityData structures. A symbolic environment SymEnv consisting of a symbolic request ρeq and entities εs is well-formed for an expression x if εs is well-formed, ρeq is well-formed with respect to εs, and εs supports x. We say that εs supports x if εs.isValidEntityUID uid for every entity uid referenced by x.

A well-formed symbolic structure represents a set of well-formed symbolic literal structures, which, in turn, represent corresponding well-formed Cedar structures. A literal symbolic structure contains no term variables or uninterpreted functions. Symbolic structures are related to literals through interpretations. An Interpretation binds term variables to literal terms and uninterpreted functions (UUF) to interpreted ones (UDF). When a well-formed symbolic structure is interpreted with respect to a well-formed Interpretation, the result is a well-formed literal symbolic structure. Interpreting a literal against any Interpretation returns the same literal.

A literal term or symbolic request represent a single corresponding Cedar structure (i.e., a Value, Outcome Value, or Request). A well-formed literal symbolic environment εnv : SymEnv represents a set of well-formed concrete environments that lead to equivalent evaluation outcomes. In particular, if εnv is a literal symbolic environment that is well-formed for an expression x, then x produces the same outcome when evaluated against any concrete environment env ∈ εnv that is well-formed for x. We write env ∈ εnv to denote that exists a well-formed interpretation I such that εnv.interpret I is a literal that represents env.

def Cedar.Spec.Prim.WellFormed (es : Entities) : Prim → Prop

Equations

• Cedar.Spec.Prim.WellFormed es (Cedar.Spec.Prim.entityUID uid) = (Cedar.Data.Map.contains es uid = true)
• Cedar.Spec.Prim.WellFormed es x✝ = (true = true)

inductive Cedar.Spec.Value.WellFormed (es : Entities) : Value → Prop

• prim_wf {es : Entities} {p : Prim} (h₁ : Prim.WellFormed es p) : WellFormed es (prim p)
• set_wf {es : Entities} {s : Data.Set Value} (h₁ : ∀ (v : Value), v ∈ s → WellFormed es v) (h₂ : s.WellFormed) : WellFormed es (set s)
• record_wf {es : Entities} {r : Data.Map Attr Value} (h₁ : ∀ (a : Attr) (v : Value), r.find? a = some v → WellFormed es v) (h₂ : r.WellFormed) : WellFormed es (record r)
• ext_wf {es : Entities} {xv : Ext} : WellFormed es (ext xv)

def Cedar.Spec.Request.WellFormed (es : Entities) (req : Request) : Prop

Equations

• One or more equations did not get rendered due to their size.

def Cedar.Spec.EntityData.WellFormed (es : Entities) (d : EntityData) : Prop

Equations

• One or more equations did not get rendered due to their size.

def Cedar.Spec.Entities.WellFormed (es : Entities) : Prop

Equations

• es.WellFormed = (Cedar.Data.Map.WellFormed es ∧ ∀ (uid : Cedar.Spec.EntityUID) (d : Cedar.Spec.EntityData), Cedar.Data.Map.find? es uid = some d → Cedar.Spec.EntityData.WellFormed es d)

def Cedar.Spec.Prim.ValidRef (validRef : EntityUID → Prop) : Prim → Prop

Equations

• Cedar.Spec.Prim.ValidRef validRef (Cedar.Spec.Prim.entityUID uid) = validRef uid
• Cedar.Spec.Prim.ValidRef validRef x✝ = True

inductive Cedar.Spec.Expr.ValidRefs (validRef : EntityUID → Prop) : Expr → Prop

• lit_valid {validRef : EntityUID → Prop} {p : Prim} (h₁ : Prim.ValidRef validRef p) : ValidRefs validRef (lit p)
• var_valid {validRef : EntityUID → Prop} {v : Var} : ValidRefs validRef (var v)
• ite_valid {validRef : EntityUID → Prop} {x₁ x₂ x₃ : Expr} (h₁ : ValidRefs validRef x₁) (h₂ : ValidRefs validRef x₂) (h₃ : ValidRefs validRef x₃) : ValidRefs validRef (x₁.ite x₂ x₃)
• and_valid {validRef : EntityUID → Prop} {x₁ x₂ : Expr} (h₁ : ValidRefs validRef x₁) (h₂ : ValidRefs validRef x₂) : ValidRefs validRef (x₁.and x₂)
• or_valid {validRef : EntityUID → Prop} {x₁ x₂ : Expr} (h₁ : ValidRefs validRef x₁) (h₂ : ValidRefs validRef x₂) : ValidRefs validRef (x₁.or x₂)
• binaryApp_valid {validRef : EntityUID → Prop} {op₂ : BinaryOp} {x₁ x₂ : Expr} (h₁ : ValidRefs validRef x₁) (h₂ : ValidRefs validRef x₂) : ValidRefs validRef (binaryApp op₂ x₁ x₂)
• unaryApp_valid {validRef : EntityUID → Prop} {op₁ : UnaryOp} {x₁ : Expr} (h₁ : ValidRefs validRef x₁) : ValidRefs validRef (unaryApp op₁ x₁)
• hasAttr_valid {validRef : EntityUID → Prop} {x₁ : Expr} {a : Attr} (h₁ : ValidRefs validRef x₁) : ValidRefs validRef (x₁.hasAttr a)
• getAttr_valid {validRef : EntityUID → Prop} {x₁ : Expr} {a : Attr} (h₁ : ValidRefs validRef x₁) : ValidRefs validRef (x₁.getAttr a)
• set_valid {validRef : EntityUID → Prop} {xs : List Expr} (h₁ : ∀ (x : Expr), x ∈ xs → ValidRefs validRef x) : ValidRefs validRef (set xs)
• record_valid {validRef : EntityUID → Prop} {axs : List (Attr × Expr)} (h₁ : ∀ (ax : Attr × Expr), ax ∈ axs → ValidRefs validRef ax.snd) : ValidRefs validRef (record axs)
• call_valid {validRef : EntityUID → Prop} {xfn : ExtFun} {xs : List Expr} (h₁ : ∀ (x : Expr), x ∈ xs → ValidRefs validRef x) : ValidRefs validRef (call xfn xs)

def Cedar.Spec.Env.WellFormed (env : Env) : Prop

Equations

• env.WellFormed = (Cedar.Spec.Request.WellFormed env.entities env.request ∧ env.entities.WellFormed)

@[reducible, inline]

abbrev Cedar.Spec.Entities.ValidRefsFor (es : Entities) (x : Expr) : Prop

Equations

• es.ValidRefsFor x = Cedar.Spec.Expr.ValidRefs (fun (uid : Cedar.Spec.EntityUID) => Cedar.Data.Map.contains es uid = true) x

def Cedar.Spec.Env.WellFormedFor (env : Env) (x : Expr) : Prop

Equations

• env.WellFormedFor x = (env.WellFormed ∧ env.entities.ValidRefsFor x)

def Cedar.Spec.Env.WellFormedForPolicies (env : Env) (ps : Policies) : Prop

Equations

• env.WellFormedForPolicies ps = (env.WellFormed ∧ ∀ (p : Cedar.Spec.Policy), p ∈ ps → env.entities.ValidRefsFor p.toExpr)

inductive Cedar.Spec.Value.WellStructured : Value → Prop

• prim_ws {p : Prim} : (prim p).WellStructured
• set_ws {s : Data.Set Value} (h₁ : ∀ (v : Value), v ∈ s → v.WellStructured) (h₂ : s.WellFormed) : (set s).WellStructured
• record_ws {r : Data.Map Attr Value} (h₁ : ∀ (a : Attr) (v : Value), r.find? a = some v → v.WellStructured) (h₂ : r.WellFormed) : (record r).WellStructured
• ext_ws {xv : Ext} : (ext xv).WellStructured

def Cedar.Spec.Entities.ClosedFor (es : Entities) (uids : Data.Set EntityUID) : Prop

Equations

• es.ClosedFor uids = ∀ (uid : Cedar.Spec.EntityUID), uid ∈ uids → Cedar.Data.Map.contains es uid = true

@[reducible, inline]

abbrev Cedar.Spec.Outcome (α : Type u_1) : Type u_1

Equations

• Cedar.Spec.Outcome α = Except Unit α

def Cedar.Spec.SameOutcomes (res : Result Value) (out : Outcome Value) : Prop

Equations

• Cedar.Spec.SameOutcomes (Except.ok v₁) (Except.ok v₂) = (v₁ = v₂)
• Cedar.Spec.SameOutcomes (Except.error e) (Except.error PUnit.unit) = (e ≠ Cedar.Spec.Error.entityDoesNotExist)
• Cedar.Spec.SameOutcomes res out = False

def Cedar.Spec.SameDecisions (resp : Response) (dec : Decision) : Prop

Equations

• Cedar.Spec.SameDecisions resp dec = (resp.decision = dec)

class Cedar.Spec.Same (α : Type u) (β : Type v) : Type (max u v)

The notation typeclass for the heterogeneous sameness (equivalence) relation. This enables the notation a ∼ b : Prop where a : α, b : β.

• same : α → β → Prop

  a ∼ b relates a and b. The meaning of this notation is type-dependent.

def Cedar.Spec.«term_∼_» : Lean.TrailingParserDescr

Equations

• Cedar.Spec.«term_∼_» = Lean.ParserDescr.trailingNode `Cedar.Spec.«term_∼_» 100 101 (Lean.ParserDescr.binary `andthen (Lean.ParserDescr.symbol " ∼ ") (Lean.ParserDescr.cat `term 101))

instance Cedar.Spec.instSameResultValueOutcome : Same (Result Value) (Outcome Value)

Equations

• Cedar.Spec.instSameResultValueOutcome = { same := Cedar.Spec.SameOutcomes }

instance Cedar.Spec.instSameResponseDecision : Same Response Decision

Equations

• Cedar.Spec.instSameResponseDecision = { same := Cedar.Spec.SameDecisions }

@[irreducible]

def Cedar.SymCC.TermType.cedarType? : TermType → Option Validation.CedarType

Equations

• One or more equations did not get rendered due to their size.
• (Cedar.SymCC.TermType.prim Cedar.SymCC.TermPrimType.bool).cedarType? = some (Cedar.Validation.CedarType.bool Cedar.Validation.BoolType.anyBool)
• (Cedar.SymCC.TermType.prim (Cedar.SymCC.TermPrimType.bitvec 64)).cedarType? = some Cedar.Validation.CedarType.int
• (Cedar.SymCC.TermType.prim Cedar.SymCC.TermPrimType.string).cedarType? = some Cedar.Validation.CedarType.string
• (Cedar.SymCC.TermType.prim (Cedar.SymCC.TermPrimType.entity ety)).cedarType? = some (Cedar.Validation.CedarType.entity ety)
• ty.set.cedarType? = do let __do_lift ← ty.cedarType? some __do_lift.set
• (Cedar.SymCC.TermType.prim (Cedar.SymCC.TermPrimType.ext xty)).cedarType? = some (Cedar.Validation.CedarType.ext xty)
• x✝.cedarType? = none

@[irreducible]

def Cedar.SymCC.TermType.cedarType?.qualifiedType? : TermType → Option Validation.QualifiedType

Equations

• Cedar.SymCC.TermType.cedarType?.qualifiedType? ty.option = do let __do_lift ← ty.cedarType? some (Cedar.Validation.Qualified.optional __do_lift)
• Cedar.SymCC.TermType.cedarType?.qualifiedType? x✝ = do let __do_lift ← x✝.cedarType? some (Cedar.Validation.Qualified.required __do_lift)

def Cedar.SymCC.TermType.isCedarRecordType (ty : TermType) : Bool

Not @[expose]'d -- callers use the public lemmas immediately below which specify things you can conclude when isCedarRecordType is true

Equations

• ty.isCedarRecordType = match ty.cedarType? with | some (Cedar.Validation.CedarType.record rty) => true | x => false

theorem Cedar.SymCC.isCedarRecordType_implies_term_record_type {ty : TermType} : ty.isCedarRecordType = true → ∃ (rty : Data.Map Spec.Attr TermType), ty = TermType.record rty

theorem Cedar.SymCC.isCedarRecordType_implies_cedarType?_some {ty : TermType} : ty.isCedarRecordType = true → ∃ (cty : Validation.CedarType), ty.cedarType? = some cty

def Cedar.SymCC.TermType.isCedarType (ty : TermType) : Bool

Equations

• ty.isCedarType = ty.cedarType?.isSome

inductive Cedar.SymCC.TermType.WellFormed (εs : SymEntities) : TermType → Prop

• bool_wf {εs : SymEntities} : WellFormed εs bool
• bitvec_wf {εs : SymEntities} {n : Nat} : WellFormed εs (bitvec n)
• string_wf {εs : SymEntities} : WellFormed εs string
• option_wf {εs : SymEntities} {ty : TermType} (h₁ : WellFormed εs ty) : WellFormed εs ty.option
• entity_wf {εs : SymEntities} {ety : Spec.EntityType} (h₁ : εs.isValidEntityType ety = true) : WellFormed εs (entity ety)
• set_wf {εs : SymEntities} {ty : TermType} (h₁ : WellFormed εs ty) : WellFormed εs ty.set
• record_wf {εs : SymEntities} {rty : Data.Map Spec.Attr TermType} (h₁ : ∀ (a : Spec.Attr) (ty : TermType), rty.find? a = some ty → WellFormed εs ty) (h₂ : rty.WellFormed) : WellFormed εs (record rty)
• ext_wf {εs : SymEntities} {xty : Validation.ExtType} : WellFormed εs (ext xty)

inductive Cedar.SymCC.TermPrim.WellFormed (εs : SymEntities) : TermPrim → Prop

• bool_wf {εs : SymEntities} {b : Bool} : WellFormed εs (bool b)
• bitvec_wf {εs : SymEntities} {n : Nat} {bv : BitVec n} : WellFormed εs (bitvec bv)
• string_wf {εs : SymEntities} {s : String} : WellFormed εs (string s)
• entity_wf {εs : SymEntities} {uid : Spec.EntityUID} (h₁ : εs.isValidEntityUID uid = true) : WellFormed εs (entity uid)
• ext_wf {εs : SymEntities} {x : Spec.Ext} : WellFormed εs (ext x)

def Cedar.SymCC.TermVar.WellFormed (εs : SymEntities) (v : TermVar) : Prop

Equations

• Cedar.SymCC.TermVar.WellFormed εs v = Cedar.SymCC.TermType.WellFormed εs v.ty

inductive Cedar.SymCC.ExtOp.WellTyped : ExtOp → List Term → TermType → Prop

• val_wt {t : Term} (h₁ : t.typeOf = TermType.ext Validation.ExtType.decimal) : decimal.val.WellTyped [t] (TermType.bitvec 64)
• isV4_wt {t : Term} (h₁ : t.typeOf = TermType.ext Validation.ExtType.ipAddr) : ipaddr.isV4.WellTyped [t] TermType.bool
• addrV4_wt {t : Term} (h₁ : t.typeOf = TermType.ext Validation.ExtType.ipAddr) : ipaddr.addrV4.WellTyped [t] (TermType.bitvec 32)
• prefixV4_wt {t : Term} (h₁ : t.typeOf = TermType.ext Validation.ExtType.ipAddr) : ipaddr.prefixV4.WellTyped [t] (TermType.bitvec 5).option
• addrV6_wt {t : Term} (h₁ : t.typeOf = TermType.ext Validation.ExtType.ipAddr) : ipaddr.addrV6.WellTyped [t] (TermType.bitvec 128)
• prefixV6_wt {t : Term} (h₁ : t.typeOf = TermType.ext Validation.ExtType.ipAddr) : ipaddr.prefixV6.WellTyped [t] (TermType.bitvec 7).option
• val_wt {t : Term} (h₁ : t.typeOf = TermType.ext Validation.ExtType.datetime) : datetime.val.WellTyped [t] (TermType.bitvec 64)
• ofBitVec_wt {t : Term} (h₁ : t.typeOf = TermType.bitvec 64) : datetime.ofBitVec.WellTyped [t] (TermType.ext Validation.ExtType.datetime)
• val_wt {t : Term} (h₁ : t.typeOf = TermType.ext Validation.ExtType.duration) : duration.val.WellTyped [t] (TermType.bitvec 64)
• ofBitVec_wt {t : Term} (h₁ : t.typeOf = TermType.bitvec 64) : duration.ofBitVec.WellTyped [t] (TermType.ext Validation.ExtType.duration)

def Cedar.SymCC.UUF.WellFormed (εs : SymEntities) (f : UUF) : Prop

Equations

• Cedar.SymCC.UUF.WellFormed εs f = (Cedar.SymCC.TermType.WellFormed εs f.arg ∧ Cedar.SymCC.TermType.WellFormed εs f.out)

inductive Cedar.SymCC.Op.WellTyped (εs : SymEntities) : Op → List Term → TermType → Prop

• not_wt {εs : SymEntities} {t : Term} (h₁ : t.typeOf = TermType.bool) : WellTyped εs not [t] TermType.bool
• and_wt {εs : SymEntities} {t₁ t₂ : Term} (h₁ : t₁.typeOf = TermType.bool) (h₂ : t₂.typeOf = TermType.bool) : WellTyped εs and [t₁, t₂] TermType.bool
• or_wt {εs : SymEntities} {t₁ t₂ : Term} (h₁ : t₁.typeOf = TermType.bool) (h₂ : t₂.typeOf = TermType.bool) : WellTyped εs or [t₁, t₂] TermType.bool
• eq_wt {εs : SymEntities} {t₁ t₂ : Term} (h₁ : t₁.typeOf = t₂.typeOf) : WellTyped εs eq [t₁, t₂] TermType.bool
• ite_wt {εs : SymEntities} {t₁ t₂ t₃ : Term} (h₁ : t₁.typeOf = TermType.bool) (h₂ : t₂.typeOf = t₃.typeOf) : WellTyped εs ite [t₁, t₂, t₃] t₂.typeOf
• uuf_wt {εs : SymEntities} {f : UUF} {t : Term} (h₁ : t.typeOf = f.arg) (h₂ : UUF.WellFormed εs f) : WellTyped εs (uuf f) [t] f.out
• bvneg_wt {εs : SymEntities} {t : Term} {n : Nat} (h₁ : t.typeOf = TermType.bitvec n) : WellTyped εs bvneg [t] (TermType.bitvec n)
• bvnego_wt {εs : SymEntities} {t : Term} {n : Nat} (h₁ : t.typeOf = TermType.bitvec n) : WellTyped εs bvnego [t] TermType.bool
• bvadd_wt {εs : SymEntities} {t₁ t₂ : Term} {n : Nat} (h₁ : t₁.typeOf = TermType.bitvec n) (h₂ : t₂.typeOf = TermType.bitvec n) : WellTyped εs bvadd [t₁, t₂] (TermType.bitvec n)
• bvsub_wt {εs : SymEntities} {t₁ t₂ : Term} {n : Nat} (h₁ : t₁.typeOf = TermType.bitvec n) (h₂ : t₂.typeOf = TermType.bitvec n) : WellTyped εs bvsub [t₁, t₂] (TermType.bitvec n)
• bvmul_wt {εs : SymEntities} {t₁ t₂ : Term} {n : Nat} (h₁ : t₁.typeOf = TermType.bitvec n) (h₂ : t₂.typeOf = TermType.bitvec n) : WellTyped εs bvmul [t₁, t₂] (TermType.bitvec n)
• bvsdiv_wt {εs : SymEntities} {t₁ t₂ : Term} {n : Nat} (h₁ : t₁.typeOf = TermType.bitvec n) (h₂ : t₂.typeOf = TermType.bitvec n) : WellTyped εs bvsdiv [t₁, t₂] (TermType.bitvec n)
• bvudiv_wt {εs : SymEntities} {t₁ t₂ : Term} {n : Nat} (h₁ : t₁.typeOf = TermType.bitvec n) (h₂ : t₂.typeOf = TermType.bitvec n) : WellTyped εs bvudiv [t₁, t₂] (TermType.bitvec n)
• bvsrem_wt {εs : SymEntities} {t₁ t₂ : Term} {n : Nat} (h₁ : t₁.typeOf = TermType.bitvec n) (h₂ : t₂.typeOf = TermType.bitvec n) : WellTyped εs bvsrem [t₁, t₂] (TermType.bitvec n)
• bvsmod_wt {εs : SymEntities} {t₁ t₂ : Term} {n : Nat} (h₁ : t₁.typeOf = TermType.bitvec n) (h₂ : t₂.typeOf = TermType.bitvec n) : WellTyped εs bvsmod [t₁, t₂] (TermType.bitvec n)
• bvurem_wt {εs : SymEntities} {t₁ t₂ : Term} {n : Nat} (h₁ : t₁.typeOf = TermType.bitvec n) (h₂ : t₂.typeOf = TermType.bitvec n) : WellTyped εs bvurem [t₁, t₂] (TermType.bitvec n)
• bvshl_wt {εs : SymEntities} {t₁ t₂ : Term} {n : Nat} (h₁ : t₁.typeOf = TermType.bitvec n) (h₂ : t₂.typeOf = TermType.bitvec n) : WellTyped εs bvshl [t₁, t₂] (TermType.bitvec n)
• bvlshr_wt {εs : SymEntities} {t₁ t₂ : Term} {n : Nat} (h₁ : t₁.typeOf = TermType.bitvec n) (h₂ : t₂.typeOf = TermType.bitvec n) : WellTyped εs bvlshr [t₁, t₂] (TermType.bitvec n)
• bvsaddo_wt {εs : SymEntities} {t₁ t₂ : Term} {n : Nat} (h₁ : t₁.typeOf = TermType.bitvec n) (h₂ : t₂.typeOf = TermType.bitvec n) : WellTyped εs bvsaddo [t₁, t₂] TermType.bool
• bvssubo_wt {εs : SymEntities} {t₁ t₂ : Term} {n : Nat} (h₁ : t₁.typeOf = TermType.bitvec n) (h₂ : t₂.typeOf = TermType.bitvec n) : WellTyped εs bvssubo [t₁, t₂] TermType.bool
• bvsmulo_wt {εs : SymEntities} {t₁ t₂ : Term} {n : Nat} (h₁ : t₁.typeOf = TermType.bitvec n) (h₂ : t₂.typeOf = TermType.bitvec n) : WellTyped εs bvsmulo [t₁, t₂] TermType.bool
• bvslt_wt {εs : SymEntities} {t₁ t₂ : Term} {n : Nat} (h₁ : t₁.typeOf = TermType.bitvec n) (h₂ : t₂.typeOf = TermType.bitvec n) : WellTyped εs bvslt [t₁, t₂] TermType.bool
• bvsle_wt {εs : SymEntities} {t₁ t₂ : Term} {n : Nat} (h₁ : t₁.typeOf = TermType.bitvec n) (h₂ : t₂.typeOf = TermType.bitvec n) : WellTyped εs bvsle [t₁, t₂] TermType.bool
• bvult_wt {εs : SymEntities} {t₁ t₂ : Term} {n : Nat} (h₁ : t₁.typeOf = TermType.bitvec n) (h₂ : t₂.typeOf = TermType.bitvec n) : WellTyped εs bvult [t₁, t₂] TermType.bool
• bvule_wt {εs : SymEntities} {t₁ t₂ : Term} {n : Nat} (h₁ : t₁.typeOf = TermType.bitvec n) (h₂ : t₂.typeOf = TermType.bitvec n) : WellTyped εs bvule [t₁, t₂] TermType.bool
• zero_extend_wt {εs : SymEntities} {t : Term} {n m : Nat} (h₁ : t.typeOf = TermType.bitvec m) : WellTyped εs (zero_extend n) [t] (TermType.bitvec (n + m))
• member_wt {εs : SymEntities} {t₁ t₂ : Term} (h₁ : t₂.typeOf = t₁.typeOf.set) : WellTyped εs set.member [t₁, t₂] TermType.bool
• subset_wt {εs : SymEntities} {t₁ t₂ : Term} {ty : TermType} (h₁ : t₁.typeOf = ty.set) (h₂ : t₂.typeOf = ty.set) : WellTyped εs set.subset [t₁, t₂] TermType.bool
• inter_wt {εs : SymEntities} {t₁ t₂ : Term} {ty : TermType} (h₁ : t₁.typeOf = ty.set) (h₂ : t₂.typeOf = ty.set) : WellTyped εs set.inter [t₁, t₂] ty.set
• get_wt {εs : SymEntities} {t : Term} {ty : TermType} (h₁ : t.typeOf = ty.option) : WellTyped εs option.get [t] ty
• get_wt {εs : SymEntities} {t : Term} {a : Spec.Attr} {ty : TermType} {rty : Data.Map Spec.Attr TermType} (h₁ : t.typeOf = TermType.record rty) (h₂ : rty.find? a = some ty) : WellTyped εs (record.get a) [t] ty
• like_wt {εs : SymEntities} {t : Term} {p : Spec.Pattern} (h₁ : t.typeOf = TermType.string) : WellTyped εs (string.like p) [t] TermType.bool
• ext_wt {εs : SymEntities} {xop : ExtOp} {ts : List Term} {ty : TermType} (h₁ : xop.WellTyped ts ty) : WellTyped εs (ext xop) ts ty

inductive Cedar.SymCC.Term.WellFormed (εs : SymEntities) : Term → Prop

• prim_wf {εs : SymEntities} {p : TermPrim} (h₁ : TermPrim.WellFormed εs p) : WellFormed εs (prim p)
• var_wf {εs : SymEntities} {v : TermVar} (h₁ : TermVar.WellFormed εs v) : WellFormed εs (var v)
• none_wf {εs : SymEntities} {ty : TermType} (h₁ : TermType.WellFormed εs ty) : WellFormed εs (none ty)
• some_wf {εs : SymEntities} {t : Term} (h₁ : WellFormed εs t) : WellFormed εs t.some
• app_wf {εs : SymEntities} {op : Op} {ts : List Term} {ty : TermType} (h₁ : ∀ (t : Term), t ∈ ts → WellFormed εs t) (h₂ : Op.WellTyped εs op ts ty) : WellFormed εs (app op ts ty)
• set_wf {εs : SymEntities} {s : Data.Set Term} {ty : TermType} (h₁ : ∀ (t : Term), t ∈ s → WellFormed εs t) (h₂ : ∀ (t : Term), t ∈ s → t.typeOf = ty) (h₃ : TermType.WellFormed εs ty) (h₄ : s.WellFormed) : WellFormed εs (set s ty)
• record_wf {εs : SymEntities} {r : Data.Map Spec.Attr Term} (h₁ : ∀ (a : Spec.Attr) (t : Term), (a, t) ∈ r.toList → WellFormed εs t) (h₂ : r.WellFormed) : WellFormed εs (record r)

def Cedar.SymCC.Term.WellFormedLiteral (εs : SymEntities) (t : Term) : Prop

Equations

• Cedar.SymCC.Term.WellFormedLiteral εs t = (Cedar.SymCC.Term.WellFormed εs t ∧ t.isLiteral = true)

def Cedar.SymCC.UDF.WellFormed (εs : SymEntities) (f : UDF) : Prop

Equations

• One or more equations did not get rendered due to their size.

def Cedar.SymCC.UnaryFunction.WellFormed (εs : SymEntities) : UnaryFunction → Prop

Equations

• Cedar.SymCC.UnaryFunction.WellFormed εs (Cedar.SymCC.UnaryFunction.uuf f) = Cedar.SymCC.UUF.WellFormed εs f
• Cedar.SymCC.UnaryFunction.WellFormed εs (Cedar.SymCC.UnaryFunction.udf f) = Cedar.SymCC.UDF.WellFormed εs f

def Cedar.SymCC.SymRequest.WellFormed (εs : SymEntities) (req : SymRequest) : Prop

Equations

• One or more equations did not get rendered due to their size.

def Cedar.SymCC.SymTags.WellFormed (εs : SymEntities) (ety : Spec.EntityType) (τs : SymTags) : Prop

Equations

• One or more equations did not get rendered due to their size.

def Cedar.SymCC.SymEntityData.WellFormed (εs : SymEntities) (ety : Spec.EntityType) (d : SymEntityData) : Prop

Equations

• One or more equations did not get rendered due to their size.

def Cedar.SymCC.SymEntities.WellFormed (εs : SymEntities) : Prop

Equations

• One or more equations did not get rendered due to their size.

def Cedar.SymCC.SymEnv.WellFormed (εnv : SymEnv) : Prop

Equations

• εnv.WellFormed = (Cedar.SymCC.SymRequest.WellFormed εnv.entities εnv.request ∧ εnv.entities.WellFormed)

@[reducible, inline]

abbrev Cedar.SymCC.SymEntities.ValidRefsFor (εs : SymEntities) (x : Spec.Expr) : Prop

Equations

• εs.ValidRefsFor x = Cedar.Spec.Expr.ValidRefs (fun (x : Cedar.Spec.EntityUID) => εs.isValidEntityUID x = true) x

def Cedar.SymCC.SymEnv.WellFormedFor (εnv : SymEnv) (x : Spec.Expr) : Prop

Equations

• εnv.WellFormedFor x = (εnv.WellFormed ∧ εnv.entities.ValidRefsFor x)

def Cedar.SymCC.SymEnv.WellFormedLiteralFor (εnv : SymEnv) (x : Spec.Expr) : Prop

Equations

• εnv.WellFormedLiteralFor x = (εnv.WellFormedFor x ∧ εnv.isLiteral = true)

def Cedar.SymCC.SymEnv.WellFormedForPolicies (εnv : SymEnv) (ps : Spec.Policies) : Prop

Equations

• εnv.WellFormedForPolicies ps = (εnv.WellFormed ∧ ∀ (p : Cedar.Spec.Policy), p ∈ ps → εnv.entities.ValidRefsFor p.toExpr)

def Cedar.SymCC.Asserts.WellFormed (εs : SymEntities) (asserts : Asserts) : Prop

Equations

• Cedar.SymCC.Asserts.WellFormed εs asserts = ∀ (t : Cedar.SymCC.Term), t ∈ asserts → Cedar.SymCC.Term.WellFormed εs t ∧ t.typeOf = Cedar.SymCC.TermType.bool

def Cedar.SymCC.SameValues (v : Spec.Value) (t : Term) : Prop

Equations

• Cedar.SymCC.SameValues v t = (t.value? = some v)

def Cedar.SymCC.SameOutcomes : Spec.Outcome Spec.Value → Term → Prop

Equations

• Cedar.SymCC.SameOutcomes (Except.ok v) t.some = Cedar.SymCC.SameValues v t
• Cedar.SymCC.SameOutcomes (Except.error a) (Cedar.SymCC.Term.none a_1) = True
• Cedar.SymCC.SameOutcomes x✝¹ x✝ = False

def Cedar.SymCC.SameResults : Spec.Result Spec.Value → Term → Prop

Equations

• Cedar.SymCC.SameResults (Except.ok v) t.some = Cedar.SymCC.SameValues v t
• Cedar.SymCC.SameResults (Except.error e) (Cedar.SymCC.Term.none a) = (e ≠ Cedar.Spec.Error.entityDoesNotExist)
• Cedar.SymCC.SameResults x✝¹ x✝ = False

def Cedar.SymCC.SameDecisions : Spec.Decision → Term → Prop

Equations

• Cedar.SymCC.SameDecisions Cedar.Spec.Decision.allow (Cedar.SymCC.Term.prim (Cedar.SymCC.TermPrim.bool true)) = True
• Cedar.SymCC.SameDecisions Cedar.Spec.Decision.deny (Cedar.SymCC.Term.prim (Cedar.SymCC.TermPrim.bool false)) = True
• Cedar.SymCC.SameDecisions x✝¹ x✝ = False

def Cedar.SymCC.SameResponses (resp : Spec.Response) (t : Term) : Prop

Equations

• Cedar.SymCC.SameResponses resp t = Cedar.SymCC.SameDecisions resp.decision t

def Cedar.SymCC.SameRequests (req : Spec.Request) (ρeq : SymRequest) : Prop

Equations

• One or more equations did not get rendered due to their size.

def Cedar.SymCC.SameTags (uid : Spec.EntityUID) (d : Spec.EntityData) (δ : SymEntityData) : Prop

Equations

• One or more equations did not get rendered due to their size.

def Cedar.SymCC.SameEntityData (uid : Spec.EntityUID) (d : Spec.EntityData) (δ : SymEntityData) : Prop

Equations

• One or more equations did not get rendered due to their size.

def Cedar.SymCC.SameEntityData.InSymAncestors (uid : Spec.EntityUID) (δ : SymEntityData) (anc : Spec.EntityUID) : Prop

Equations

• One or more equations did not get rendered due to their size.

def Cedar.SymCC.SameEntityData.InAncestors (uid : Spec.EntityUID) (d : Spec.EntityData) (ancUF : UnaryFunction) (ancTy : Spec.EntityType) : Prop

Equations

• One or more equations did not get rendered due to their size.

def Cedar.SymCC.SameEntities (es : Spec.Entities) (εs : SymEntities) : Prop

Equations

• One or more equations did not get rendered due to their size.

def Cedar.SymCC.SameEnvs (env : Spec.Env) (εnv : SymEnv) : Prop

Equations

• Cedar.SymCC.SameEnvs env εnv = (Cedar.SymCC.SameRequests env.request εnv.request ∧ Cedar.SymCC.SameEntities env.entities εnv.entities)

instance Cedar.SymCC.instSameOutcomeValueTerm : Spec.Same (Spec.Outcome Spec.Value) Term

Equations

• Cedar.SymCC.instSameOutcomeValueTerm = { same := Cedar.SymCC.SameOutcomes }

instance Cedar.SymCC.instSameResultValueTerm : Spec.Same (Spec.Result Spec.Value) Term

Equations

• Cedar.SymCC.instSameResultValueTerm = { same := Cedar.SymCC.SameResults }

instance Cedar.SymCC.instSameValueTerm : Spec.Same Spec.Value Term

Equations

• Cedar.SymCC.instSameValueTerm = { same := Cedar.SymCC.SameValues }

instance Cedar.SymCC.instSameDecisionTerm : Spec.Same Spec.Decision Term

Equations

• Cedar.SymCC.instSameDecisionTerm = { same := Cedar.SymCC.SameDecisions }

instance Cedar.SymCC.instSameResponseTerm : Spec.Same Spec.Response Term

Equations

• Cedar.SymCC.instSameResponseTerm = { same := Cedar.SymCC.SameResponses }

instance Cedar.SymCC.instSameRequestSymRequest : Spec.Same Spec.Request SymRequest

Equations

• Cedar.SymCC.instSameRequestSymRequest = { same := Cedar.SymCC.SameRequests }

instance Cedar.SymCC.instSameEntitiesSymEntities : Spec.Same Spec.Entities SymEntities

Equations

• Cedar.SymCC.instSameEntitiesSymEntities = { same := Cedar.SymCC.SameEntities }

instance Cedar.SymCC.instSameEnvSymEnv : Spec.Same Spec.Env SymEnv

Equations

• Cedar.SymCC.instSameEnvSymEnv = { same := Cedar.SymCC.SameEnvs }

inductive Cedar.SymCC.Term.WellFormedPartialApp (εs : SymEntities) : Term → Prop

• none_wfp {εs : SymEntities} {ty : TermType} (h₁ : TermType.WellFormed εs ty) : WellFormedPartialApp εs (app Op.option.get [none ty] ty)
• ext_ipddr_addr4_wfp {εs : SymEntities} {ip : Spec.IPAddr} (h₁ : ¬Spec.Ext.IPAddr.IPNet.isV4 ip = true) : WellFormedPartialApp εs (app (Op.ext ExtOp.ipaddr.addrV4) [prim (TermPrim.ext (Spec.Ext.ipaddr ip))] (TermType.bitvec 32))
• ext_ipddr_prefix4_wfp {εs : SymEntities} {ip : Spec.IPAddr} (h₁ : ¬Spec.Ext.IPAddr.IPNet.isV4 ip = true) : WellFormedPartialApp εs (app (Op.ext ExtOp.ipaddr.prefixV4) [prim (TermPrim.ext (Spec.Ext.ipaddr ip))] (TermType.bitvec 5).option)
• ext_ipddr_addr6_wfp {εs : SymEntities} {ip : Spec.IPAddr} (h₁ : ¬Spec.Ext.IPAddr.IPNet.isV6 ip = true) : WellFormedPartialApp εs (app (Op.ext ExtOp.ipaddr.addrV6) [prim (TermPrim.ext (Spec.Ext.ipaddr ip))] (TermType.bitvec 128))
• ext_ipddr_prefix6_wfp {εs : SymEntities} {ip : Spec.IPAddr} (h₁ : ¬Spec.Ext.IPAddr.IPNet.isV6 ip = true) : WellFormedPartialApp εs (app (Op.ext ExtOp.ipaddr.prefixV6) [prim (TermPrim.ext (Spec.Ext.ipaddr ip))] (TermType.bitvec 7).option)

def Cedar.SymCC.Interpretation.WellFormed (I : Interpretation) (εs : SymEntities) : Prop

Equations

• One or more equations did not get rendered due to their size.

def Cedar.SymCC.Interpretation.WellFormed.WellFormedVarInterpretation (εs : SymEntities) (v : TermVar) (t : Term) : Prop

Equations

• Cedar.SymCC.Interpretation.WellFormed.WellFormedVarInterpretation εs v t = (Cedar.SymCC.Term.WellFormedLiteral εs t ∧ t.typeOf = v.ty)

def Cedar.SymCC.Interpretation.WellFormed.WellFormedUUFInterpretation (εs : SymEntities) (uf : UUF) (df : UDF) : Prop

Equations

• Cedar.SymCC.Interpretation.WellFormed.WellFormedUUFInterpretation εs uf df = (Cedar.SymCC.UDF.WellFormed εs df ∧ uf.arg = df.arg ∧ uf.out = df.out)

def Cedar.SymCC.Interpretation.WellFormed.WellFormedPartialAppInterpretation (εs : SymEntities) (t out : Term) : Prop

Equations

• Cedar.SymCC.Interpretation.WellFormed.WellFormedPartialAppInterpretation εs t out = (Cedar.SymCC.Term.WellFormedLiteral εs out ∧ out.typeOf = t.typeOf)

def Cedar.SymCC.Asserts.satisfiedBy (I : Interpretation) (asserts : Asserts) : Bool

Equations

• Cedar.SymCC.Asserts.satisfiedBy I asserts = List.all asserts fun (t : Cedar.SymCC.Term) => decide (Cedar.SymCC.Term.interpret I t = Cedar.SymCC.Term.prim (Cedar.SymCC.TermPrim.bool true))

def Cedar.SymCC.Asserts.Satisfiable (env : SymEnv) (asserts : Asserts) : Prop

Equations

• env ⊧ asserts = ∃ (I : Cedar.SymCC.Interpretation), I.WellFormed env.entities ∧ Cedar.SymCC.Asserts.satisfiedBy I asserts = true

def Cedar.SymCC.Asserts.Unsatisfiable (env : SymEnv) (asserts : Asserts) : Prop

Equations

• env ⊭ asserts = ¬env ⊧ asserts

def Cedar.SymCC.«term_⊧_» : Lean.TrailingParserDescr

Equations

• Cedar.SymCC.«term_⊧_» = Lean.ParserDescr.trailingNode `Cedar.SymCC.«term_⊧_» 100 101 (Lean.ParserDescr.binary `andthen (Lean.ParserDescr.symbol " ⊧ ") (Lean.ParserDescr.cat `term 101))

def Cedar.SymCC.«term_⊭_» : Lean.TrailingParserDescr

Equations

• Cedar.SymCC.«term_⊭_» = Lean.ParserDescr.trailingNode `Cedar.SymCC.«term_⊭_» 100 101 (Lean.ParserDescr.binary `andthen (Lean.ParserDescr.symbol " ⊭ ") (Lean.ParserDescr.cat `term 101))

structure Cedar.SymCC.Term.Outcome (εnv : SymEnv) : Type

• term : Term

def Cedar.SymCC.Term.instReprOutcome.repr {εnv✝ : SymEnv} : Outcome εnv✝ → Nat → Std.Format

Equations

• One or more equations did not get rendered due to their size.

instance Cedar.SymCC.Term.instReprOutcome {εnv✝ : SymEnv} : Repr (Outcome εnv✝)

Equations

• Cedar.SymCC.Term.instReprOutcome = { reprPrec := Cedar.SymCC.Term.instReprOutcome.repr }

instance Cedar.SymCC.Term.instDecidableEqOutcome {εnv✝ : SymEnv} : DecidableEq (Outcome εnv✝)

Equations

• Cedar.SymCC.Term.instDecidableEqOutcome = Cedar.SymCC.Term.instDecidableEqOutcome.decEq

def Cedar.SymCC.Term.instDecidableEqOutcome.decEq {εnv✝ : SymEnv} (x✝ x✝¹ : Outcome εnv✝) : Decidable (x✝ = x✝¹)

Equations

• Cedar.SymCC.Term.instDecidableEqOutcome.decEq { term := a } { term := b } = if h : a = b then h ▸ isTrue ⋯ else isFalse ⋯

instance Cedar.SymCC.instCoeTermOutcome {εnv : SymEnv} : CoeOut (Term.Outcome εnv) Term

Equations

• Cedar.SymCC.instCoeTermOutcome = { coe := fun (t : Cedar.SymCC.Term.Outcome εnv) => t.term }

def Cedar.SymCC.memOfTermOutcome {α : Type u_1} {εnv : SymEnv} [Spec.Same α Term] (o : α) (o' : Term.Outcome εnv) : Prop

Equations

• (o∈ₒo') = ∃ (I : Cedar.SymCC.Interpretation), I.WellFormed εnv.entities ∧ o ∼ Cedar.SymCC.Term.interpret I o'.term

def Cedar.SymCC.«term_∈ₒ_» : Lean.TrailingParserDescr

Equations

• Cedar.SymCC.«term_∈ₒ_» = Lean.ParserDescr.trailingNode `Cedar.SymCC.«term_∈ₒ_» 50 50 (Lean.ParserDescr.binary `andthen (Lean.ParserDescr.symbol "∈ₒ") (Lean.ParserDescr.cat `term 51))

def Cedar.SymCC.memOfSymEnv (env : Spec.Env) (εnv : SymEnv) : Prop

Equations

• (env∈ᵢεnv) = ∃ (I : Cedar.SymCC.Interpretation), I.WellFormed εnv.entities ∧ env ∼ Cedar.SymCC.SymEnv.interpret I εnv

def Cedar.SymCC.«term_∈ᵢ_» : Lean.TrailingParserDescr

Equations

• Cedar.SymCC.«term_∈ᵢ_» = Lean.ParserDescr.trailingNode `Cedar.SymCC.«term_∈ᵢ_» 50 50 (Lean.ParserDescr.binary `andthen (Lean.ParserDescr.symbol "∈ᵢ") (Lean.ParserDescr.cat `term 51))

def Cedar.SymCC.Env.EnumCompleteFor (env : Spec.Env) (εnv : SymEnv) : Prop

This is a condition that env contains all enum entities (including actions) specified in εnv. It's required for completeness (of SymEnv.ofEnv) and satisfied by the concretizer, but it's not required for the soundness, so we keep it as a separate definition here.

Equations

• One or more equations did not get rendered due to their size.