This file proves the soundness and completeness of
Cedar.SymCC.verifyEvaluate for well-behaved verification queries. This
enables proving soundness and completeness of analyses built on verifyEvaluate
by proving that their queries are well-behaved. #
def
Cedar.Thm.WellBehavedEvaluateQuery
(φ : SymCC.Term → SymCC.Term)
(f : Spec.Result Spec.Value → Bool)
:
Equations
- One or more equations did not get rendered due to their size.
Instances For
Equations
Instances For
Equations
- One or more equations did not get rendered due to their size.
Instances For
Equations
- One or more equations did not get rendered due to their size.
Instances For
def
Cedar.Thm.WellBehavedEvaluateQuery.Same
(φ : SymCC.Term → SymCC.Term)
(f : Spec.Result Spec.Value → Bool)
:
Equations
- One or more equations did not get rendered due to their size.
Instances For
theorem
Cedar.Thm.verifyEvaluate_is_sound
{φ : SymCC.Term → SymCC.Term}
{f : Spec.Result Spec.Value → Bool}
{p : Spec.Policy}
{εnv : SymCC.SymEnv}
{asserts : SymCC.Asserts}
:
WellBehavedEvaluateQuery φ f →
εnv.StronglyWellFormedForPolicy p →
SymCC.verifyEvaluate φ p εnv = Except.ok asserts →
εnv ⊭ asserts →
∀ (env : Spec.Env),
env∈ᵢεnv → env.StronglyWellFormedForPolicy p → f (Spec.evaluate p.toExpr env.request env.entities) = true
theorem
Cedar.Thm.verifyEvaluate_is_complete
{φ : SymCC.Term → SymCC.Term}
{f : Spec.Result Spec.Value → Bool}
{p : Spec.Policy}
{εnv : SymCC.SymEnv}
{asserts : SymCC.Asserts}
:
WellBehavedEvaluateQuery φ f →
εnv.StronglyWellFormedForPolicy p →
SymCC.verifyEvaluate φ p εnv = Except.ok asserts →
εnv ⊧ asserts →
∃ (env : Spec.Env), env∈ᵢεnv ∧ env.StronglyWellFormedForPolicy p ∧ SymCC.Env.EnumCompleteFor env εnv ∧ f (Spec.evaluate p.toExpr env.request env.entities) = false