Skip to content
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Commit c74f729

Browse files
ajewellamzajewellamz
committedApr 29, 2025··
m
1 parent 9465722 commit c74f729

File tree

1 file changed

+4
-16
lines changed

1 file changed

+4
-16
lines changed
 

‎DynamoDbEncryption/dafny/DynamoDbEncryption/src/DynamoToStruct.dfy

Lines changed: 4 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -414,7 +414,6 @@ module DynamoToStruct {
414414
&& ListAttrToBytes(a.L, depth).Success?
415415
&& ret.value[PREFIX_LEN..] == ListAttrToBytes(a.L, depth).value
416416
&& ListAttrToBytes(a.L, depth).value[..LENGTH_LEN] == U32ToBigEndian(|a.L|).value
417-
// && ret.value[PREFIX_LEN..PREFIX_LEN+LENGTH_LEN] == U32ToBigEndian(|a.L|).value
418417
&& (|a.L| == 0 ==> |ret.value| == PREFIX_LEN + LENGTH_LEN)
419418

420419
//= specification/dynamodb-encryption-client/ddb-attribute-serialization.md#map-attribute
@@ -737,10 +736,6 @@ module DynamoToStruct {
737736
}
738737

739738
// Can't be {:tailrecursion} because it calls AttrToBytes which might again call CollectList
740-
// However, we really need this to loop and not recurse.
741-
// This verifies without the `by method`, but Dafny is too broken to let it verify by method
742-
// for example, a call to CollectList somehow does not satisfy the decreases clause
743-
// hence the {:verify false}
744739
function {:opaque} CollectList(
745740
listToSerialize : ListAttributeValue,
746741
depth : uint64,
@@ -758,7 +753,8 @@ module DynamoToStruct {
758753
reveal CollectList();
759754
reveal CollectListGhost();
760755
var result := serialized;
761-
for i := 0 to |listToSerialize|
756+
MemoryMath.ValueIsSafeBecauseItIsInMemory(|listToSerialize|);
757+
for i : uint64 := 0 to |listToSerialize| as uint64
762758
{
763759
var val := AttrToBytes(listToSerialize[i], true, depth+1);
764760
if val.Failure? {
@@ -1033,10 +1029,6 @@ module DynamoToStruct {
10331029

10341030
// Bytes to List
10351031
// Can't be {:tailrecursion} because it calls BytesToAttr which might again call DeserializeList
1036-
// However, we really need this to loop and not recurse.
1037-
// This verifies without the `by method`, but Dafny is too broken to let it verify by method
1038-
// for example, a call to DeserializeListEntry somehow does not satisfy the decreases clause
1039-
// hence the {:verify false}
10401032
function {:vcs_split_on_every_assert} {:opaque} DeserializeList(
10411033
serialized : seq<uint8>,
10421034
pos : uint64,
@@ -1063,7 +1055,7 @@ module DynamoToStruct {
10631055
reveal DeserializeList();
10641056
var npos : uint64 := pos;
10651057
var newResultList := resultList;
1066-
for i := 0 to remainingCount
1058+
for i : uint64 := 0 to remainingCount
10671059
invariant serialized == old(serialized)
10681060
invariant newResultList.val.L?
10691061
invariant npos as int <= |serialized|
@@ -1163,10 +1155,6 @@ module DynamoToStruct {
11631155

11641156
// Bytes to Map
11651157
// Can't be {:tailrecursion} because it calls BytesToAttr which might again call DeserializeMap
1166-
// However, we really need this to loop and not recurse.
1167-
// This verifies without the `by method`, but Dafny is too broken to let it verify by method
1168-
// for example, a call to DeserializeMapEntry somehow does not satisfy the decreases clause
1169-
// hence the {:verify false}
11701158
function {:vcs_split_on_every_assert} {:opaque} DeserializeMap(
11711159
serialized : seq<uint8>,
11721160
pos : uint64,
@@ -1192,7 +1180,7 @@ module DynamoToStruct {
11921180
reveal DeserializeMap();
11931181
var npos : uint64 := pos;
11941182
var newResultMap := resultMap;
1195-
for i := 0 to remainingCount
1183+
for i : uint64 := 0 to remainingCount
11961184
invariant serialized == old(serialized)
11971185
invariant newResultMap.val.M?
11981186
invariant npos as int <= |serialized|

0 commit comments

Comments
 (0)
Please sign in to comment.