This file defines a level checking of a type-annotated AST. Level checking should behave as defined in RFC#76, although the implementation here is different from what was proposed because this implementation operates over a type-annotated AST instead of being built into the primary typechecking algorithm.

@[irreducible]

def Cedar.Validation.TypedExpr.checkEntityAccessLevel (tx : TypedExpr) (env : TypeEnv) (n nmax : Nat) (path : List Spec.Attr) : Bool

Check that an expression is valid as the argument to an entity dereferencing expression at a level. This functions assumes that tx either evaluates to an entity value or to a record value containing a entity value via path.

Note that this function intentionally returns false for entity literals at any level. This is necessary because entity literals are not one of the "roots" used by the slicing algorithm.

This functions takes two additional arguments not required by checkLevel

• nmax specifies the maximum level allowed for any expression. E.g., for an .ite expression, the maximum level permissible for the guard is independent of any .getAttr expressions it might be nested inside of.
• path is a sequence of attributes specifying an access path through a record value, eventually reaching an attribute that has an entity value. This allows allows more permissive level checking on record attributes that aren't accessed.

Equations

• One or more equations did not get rendered due to their size.
• (Cedar.Validation.TypedExpr.var v ty).checkEntityAccessLevel env n nmax path = true
• (Cedar.Validation.TypedExpr.lit (Cedar.Spec.Prim.entityUID euid) ty).checkEntityAccessLevel env n nmax path = (euid == env.reqty.action)
• (tx₁.ite tx₂ tx₃ ty).checkEntityAccessLevel env n nmax path = (tx₁.checkLevel env nmax && tx₂.checkEntityAccessLevel env n nmax path && tx₃.checkEntityAccessLevel env n nmax path)
• tx.checkEntityAccessLevel env n nmax path = false

@[irreducible]

def Cedar.Validation.TypedExpr.checkLevel (tx : TypedExpr) (env : TypeEnv) (n : Nat) : Bool

Main entry point for level checking an expression. For most expressions, this is a simple recursive traversal of the AST. For entity dereferencing expressions, it calls to checkEntityAccessLevel which ensures that expression is valid specifically in an entity access position

Equations

• One or more equations did not get rendered due to their size.
• (Cedar.Validation.TypedExpr.lit p ty).checkLevel env n = true
• (Cedar.Validation.TypedExpr.var v ty).checkLevel env n = true
• (x₁.ite x₂ x₃ ty).checkLevel env n = (x₁.checkLevel env n && x₂.checkLevel env n && x₃.checkLevel env n)
• (Cedar.Validation.TypedExpr.unaryApp op x₁ ty).checkLevel env n = x₁.checkLevel env n
• (Cedar.Validation.TypedExpr.binaryApp Cedar.Spec.BinaryOp.mem x₁ x₂ ty).checkLevel env n = (decide (n > 0) && x₁.checkEntityAccessLevel env (n - 1) n [] && x₂.checkLevel env n)
• (Cedar.Validation.TypedExpr.binaryApp Cedar.Spec.BinaryOp.getTag x₁ x₂ ty).checkLevel env n = (decide (n > 0) && x₁.checkEntityAccessLevel env (n - 1) n [] && x₂.checkLevel env n)
• (Cedar.Validation.TypedExpr.binaryApp Cedar.Spec.BinaryOp.hasTag x₁ x₂ ty).checkLevel env n = (decide (n > 0) && x₁.checkEntityAccessLevel env (n - 1) n [] && x₂.checkLevel env n)
• (x₁.and x₂ ty).checkLevel env n = (x₁.checkLevel env n && x₂.checkLevel env n)
• (x₁.or x₂ ty).checkLevel env n = (x₁.checkLevel env n && x₂.checkLevel env n)
• (Cedar.Validation.TypedExpr.binaryApp op x₁ x₂ ty).checkLevel env n = (x₁.checkLevel env n && x₂.checkLevel env n)
• (x₁.hasAttr attr ty).checkLevel env n = match x₁.typeOf with | Cedar.Validation.CedarType.entity ety => decide (n > 0) && x₁.checkEntityAccessLevel env (n - 1) n [] | x => x₁.checkLevel env n
• (x₁.getAttr attr ty).checkLevel env n = match x₁.typeOf with | Cedar.Validation.CedarType.entity ety => decide (n > 0) && x₁.checkEntityAccessLevel env (n - 1) n [] | x => x₁.checkLevel env n
• (Cedar.Validation.TypedExpr.call xfn xs ty).checkLevel env n = xs.attach.all fun (e : { x : Cedar.Validation.TypedExpr // x ∈ xs }) => have this := ⋯; e.val.checkLevel env n
• (Cedar.Validation.TypedExpr.set xs ty).checkLevel env n = xs.attach.all fun (e : { x : Cedar.Validation.TypedExpr // x ∈ xs }) => have this := ⋯; e.val.checkLevel env n

def Cedar.Validation.typecheckAtLevel (policy : Spec.Policy) (env : TypeEnv) (n : Nat) : Bool

Equations

• Cedar.Validation.typecheckAtLevel policy env n = match Cedar.Validation.typeOf policy.toExpr ∅ env with | Except.ok (tx, snd) => tx.checkLevel env n | x => false