chore: remove :|

Author: josecorella

DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/BatchGetItemTransform.dfy

@@ -11,6 +11,7 @@ module BatchGetItemTransform {
   import opened AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes
   import EncTypes = AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorTypes
   import Seq
+  import SortedSets
 
   method Input(config: Config, input: BatchGetItemInputTransformInput)
     returns (output: Result<BatchGetItemInputTransformOutput, Error>)
@@ -34,14 +35,15 @@ module BatchGetItemTransform {
       return Success(BatchGetItemOutputTransformOutput(transformedOutput := input.sdkOutput));
     }
     var tableNames := input.sdkOutput.Responses.value.Keys;
+    var tableNamesSeq := SortedSets.ComputeSetToSequence(tableNames);
+    ghost var tableNamesSet' := tableNames;
+    var i := 0;
     var result := map[];
-    while tableNames != {}
-      decreases |tableNames|
-      invariant tableNames <= input.sdkOutput.Responses.value.Keys
+    while i < |tableNamesSeq|
+      invariant tableNamesSet' <= input.sdkOutput.Responses.value.Keys
       // true but expensive -- invariant result.Keys + tableNames == input.sdkOutput.Responses.value.Keys
     {
-      var tableName :| tableName in tableNames;
-      tableNames := tableNames - { tableName };
+      var tableName := tableNamesSeq[i];
       var responses := input.sdkOutput.Responses.value[tableName];
       if tableName in config.tableEncryptionConfigs {
         var tableConfig := config.tableEncryptionConfigs[tableName];
@@ -74,6 +76,7 @@ module BatchGetItemTransform {
       } else {
         result := result + map[tableName := responses];
       }
+      i := i + 1;
     }
     return Success(BatchGetItemOutputTransformOutput(transformedOutput := input.sdkOutput.(Responses := Some(result))));
   }

DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/BatchWriteItemTransform.dfy

@@ -11,22 +11,27 @@ module BatchWriteItemTransform {
   import opened AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes
   import EncTypes = AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorTypes
   import Seq
+  import SortedSets
   import Util = DynamoDbEncryptionUtil
 
-  method Input(config: Config, input: BatchWriteItemInputTransformInput)
+  method {:vcs_split_on_every_assert} Input(config: Config, input: BatchWriteItemInputTransformInput)
     returns (output: Result<BatchWriteItemInputTransformOutput, Error>)
     requires ValidConfig?(config)
     ensures ValidConfig?(config)
     modifies ModifiesConfig(config)
   {
     var tableNames := input.sdkInput.RequestItems.Keys;
     var result : map<DDB.TableName, DDB.WriteRequests> := map[];
-    while tableNames != {}
-      decreases |tableNames|
-      invariant tableNames <= input.sdkInput.RequestItems.Keys
+    var tableNamesSeq := SortedSets.ComputeSetToSequence(tableNames);
+    ghost var tableNamesSet' := tableNames;
+    var i := 0;
+    while i < |tableNamesSeq|
+      invariant Seq.HasNoDuplicates(tableNamesSeq)
+          invariant forall j | i <= j < |tableNamesSeq| :: tableNamesSeq[j] in tableNamesSet'
+          invariant |tableNamesSet'| == |tableNamesSeq| - i
+      invariant tableNamesSet' <= input.sdkInput.RequestItems.Keys
     {
-      var tableName :| tableName in tableNames;
-      tableNames := tableNames - { tableName };
+      var tableName := tableNamesSeq[i];
 
       var writeRequests : DDB.WriteRequests := input.sdkInput.RequestItems[tableName];
       //= specification/dynamodb-encryption-client/ddb-sdk-integration.md#encrypt-before-batchwriteitem
@@ -64,6 +69,11 @@ module BatchWriteItemTransform {
         }
         writeRequests := encryptedItems;
       }
+      tableNamesSet' := tableNamesSet' - {tableName};
+      i := i + 1;
+      assert forall j | i <= j < |tableNamesSeq| :: tableNamesSeq[j] in tableNamesSet' by {
+            reveal Seq.HasNoDuplicates();
+          }
       result := result[tableName := writeRequests];
     }
     :- Need(|result| ==  |input.sdkInput.RequestItems|, E("Internal Error")); // Dafny gets too confused