m

ajewellamz · ajewellamz · commit fd336882fd60 · 2025-08-06T10:12:30.000-07:00
diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/DDBSupport.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/DDBSupport.dfy
@@ -307,7 +307,6 @@ module DynamoDBSupport {
       return Success(req);
     } else {
       var keyId :- Filter.GetBeaconKeyId(search.value.curr(), req.KeyConditionExpression, req.FilterExpression, req.ExpressionAttributeValues, req.ExpressionAttributeNames);
-
       var foo :- ExtractBucket(search.value.curr(), req.FilterExpression, req.KeyConditionExpression, req.ExpressionAttributeNames, req.ExpressionAttributeValues, actions);
       var (newValues, bucket) := foo;
       var numQueries :- Filter.GetNumQueries(actions, req.KeyConditionExpression, req.ExpressionAttributeNames, search.value.curr());
diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/FilterExpr.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/FilterExpr.dfy
@@ -1999,7 +1999,7 @@ module DynamoDBFilterExpr {
 
   // return the number of queries necessary for these encrypted attributes
   method GetNumQueriesForAttrs(attrs : seq<string>, b : SI.BeaconVersion) returns (output : Result<BucketCount, Error>)
-    ensures output.Success? ==> 0 < output.value
+    ensures output.Success? ==> output.value <= b.numBuckets
   {
     if |attrs| == 0 {
       return Success(1);
@@ -2031,6 +2031,7 @@ module DynamoDBFilterExpr {
     b : SI.BeaconVersion
   )
     returns (output : Result<BucketCount, Error>)
+    ensures output.Success? ==> output.value <= b.numBuckets
   {
     if expr.None? {
       return Success(1);
diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/SearchInfo.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/SearchInfo.dfy
@@ -545,9 +545,13 @@ module SearchableEncryptionInfo {
     | Compound(cmp : CompoundBeacon.ValidCompoundBeacon)
   {
     function method getNumQueries(globalMax : BucketCount) : BucketCount
+      ensures 0 <= getNumQueries(globalMax) <= globalMax
     {
       if Standard? then
-        std.numberOfBuckets
+        if std.numberOfBuckets <= globalMax then
+          std.numberOfBuckets
+        else
+          globalMax
       else
         cmp.getNumQueries(globalMax)
     }

Original file line number	Diff line number	Diff line change
`@@ -1999,7 +1999,7 @@ module DynamoDBFilterExpr {`
`1999`	`1999`
`2000`	`2000`	`// return the number of queries necessary for these encrypted attributes`
`2001`	`2001`	`method GetNumQueriesForAttrs(attrs : seq<string>, b : SI.BeaconVersion) returns (output : Result<BucketCount, Error>)`
`2002`		`- ensures output.Success? ==> 0 < output.value`
	`2002`	`+ ensures output.Success? ==> output.value <= b.numBuckets`
`2003`	`2003`	`{`
`2004`	`2004`	`if \|attrs\| == 0 {`
`2005`	`2005`	`return Success(1);`
`@@ -2031,6 +2031,7 @@ module DynamoDBFilterExpr {`
`2031`	`2031`	`b : SI.BeaconVersion`
`2032`	`2032`	`)`
`2033`	`2033`	`returns (output : Result<BucketCount, Error>)`
	`2034`	`+ ensures output.Success? ==> output.value <= b.numBuckets`
`2034`	`2035`	`{`
`2035`	`2036`	`if expr.None? {`
`2036`	`2037`	`return Success(1);`
Original file line number	Diff line number	Diff line change
`@@ -545,9 +545,13 @@ module SearchableEncryptionInfo {`
`545`	`545`	`\| Compound(cmp : CompoundBeacon.ValidCompoundBeacon)`
`546`	`546`	`{`
`547`	`547`	`function method getNumQueries(globalMax : BucketCount) : BucketCount`
	`548`	`+ ensures 0 <= getNumQueries(globalMax) <= globalMax`
`548`	`549`	`{`
`549`	`550`	`if Standard? then`
`550`		`- std.numberOfBuckets`
	`551`	`+ if std.numberOfBuckets <= globalMax then`
	`552`	`+ std.numberOfBuckets`
	`553`	`+ else`
	`554`	`+ globalMax`
`551`	`555`	`else`
`552`	`556`	`cmp.getNumQueries(globalMax)`
`553`	`557`	`}`