Skip to content

Fixes an issue where certain cedar policies couldn't be converted to JSON #601

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jan 25, 2024
Merged

Fixes an issue where certain cedar policies couldn't be converted to JSON #601

merged 5 commits into from
Jan 25, 2024

Conversation

aaronjeline
Copy link

@aaronjeline aaronjeline commented Jan 24, 2024
edited
Loading

Description of changes

Previously, the Cedar EST code would fail to generate an EST for any policy containing the constant -9223372036854775808 (i64::MIN). This happened because it was turned into the CST representing the unary op - applied to the constant 9223372036854775808, which outside the range of i64. This adds a tiny pass to ensure that unary op is constant folded.

Issue #, if available

#596

Checklist for requesting a review

The change in this PR is (choose one, and delete the other options):

  • A bug fix or other functionality change requiring a patch to cedar-policy.

I confirm that this PR (choose one, and delete the other options):

  • Updates the "Unreleased" section of the CHANGELOG with a description of my change (required for major/minor version bumps).

I confirm that cedar-spec (choose one, and delete the other options):

  • Does not require updates because my change does not impact the Cedar Dafny model or DRT infrastructure.

Disclaimer

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@aaronjeline aaronjeline requested a review from khieta January 24, 2024 21:08
cdisselkoen
cdisselkoen reviewed Jan 25, 2024
View reviewed changes
Copy link
Contributor

@cdisselkoen cdisselkoen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two more comments:

  1. This approach transforms only INT_MIN. Should we, more generally, represent (-X) as a negative integer literal instead of a negation operation of a positive integer literal, for all X?
  2. It looks to me that only the CST->EST code was adjusted; is this sufficient? Is there AST->EST code that needs to be adjusted? I assume that EST->AST is OK

khieta
khieta reviewed Jan 25, 2024
View reviewed changes
@aaronjeline
Copy link
Author 

1. This approach transforms only INT_MIN.  Should we, more generally, represent (-X) as a negative integer literal instead of a negation operation of a positive integer literal, for all X?

perhaps

2. It looks to me that only the CST->EST code was adjusted; is this sufficient?  Is there AST->EST code that needs to be adjusted?  I assume that EST->AST is OK

Yeah, all of those already have the integer literals as i64, whereas the CST has integers as u64s for the purpose of error messages

@aaronjeline
Copy link
Author

Do we want to remove this code:

                match num_dashes {
                    0 => Ok(inner),
                    1 => Ok(Expr::neg(inner)),
                    2 => {
                        // not safe to collapse `--` to nothing
                        Ok(Expr::neg(Expr::neg(inner)))
                    }
                    n => {
                        if n % 2 == 0 {
                            // safe to collapse to `--` but not to nothing
                            Ok(Expr::neg(Expr::neg(inner)))
                        } else {
                            // safe to collapse to -
                            Ok(Expr::neg(inner))
                        }
                    }
                }

If the intent of the EST is to lossless preserve the policy?

khieta
khieta reviewed Jan 25, 2024
View reviewed changes
khieta
khieta reviewed Jan 25, 2024
View reviewed changes
khieta
khieta reviewed Jan 25, 2024
View reviewed changes
cdisselkoen
cdisselkoen approved these changes Jan 25, 2024
View reviewed changes
Copy link
Contributor

@cdisselkoen cdisselkoen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Happy to approve as-is, possible followup per my comment above (transforming all negative literals and not just INT_MIN)

@aaronjeline aaronjeline merged commit caf7f83 into main Jan 25, 2024
@aaronjeline aaronjeline deleted the aaronjeline/issue596 branch January 25, 2024 18:32
@khieta khieta mentioned this pull request Feb 11, 2024
Merged
shaobo-he-aws pushed a commit that referenced this pull request Feb 27, 2024
@shaobo-he-aws
Fixes an issue where certain cedar policies couldn't be converted to …
5fca202 
…JSON (#601)
@shaobo-he-aws shaobo-he-aws mentioned this pull request Feb 27, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cdisselkoen cdisselkoen cdisselkoen approved these changes

+1 more reviewer

@khieta khieta khieta approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aaronjeline @khieta @cdisselkoen