Lean: Add parsing for datetime in the datetime extension (#519)

Signed-off-by: Adrian Palacios <accorell@amazon.com>

Author: adpaco-aws

cedar-lean/Cedar/Spec/Ext/Datetime.lean

@@ -15,13 +15,60 @@
 -/
 
 import Cedar.Data.Int64
+import Std.Time
+import Std.Time.Format
 
 /-! This file defines Cedar datetime values and functions. -/
 
 namespace Cedar.Spec.Ext
 
 open Cedar.Data
 
+namespace Datetime
+
+/--
+  A datetime value is measured in milliseconds and constructed from a datetime string.
+  A datetime string must be of one of the forms:
+    - `YYYY-MM-DD` (date only)
+    - `YYYY-MM-DDThh:mm:ssZ` (UTC)
+    - `YYYY-MM-DDThh:mm:ss.SSSZ` (UTC with millisecond precision)
+    - `YYYY-MM-DDThh:mm:ss(+|-)hhmm` (With timezone offset in hours and minutes)
+    - `YYYY-MM-DDThh:mm:ss.SSS(+|-)hhmm` (With timezone offset in hours and minutes and millisecond precision)
+
+  Regardless of the timezone, offset is always normalized to UTC.
+
+  The datetime type does not provide a way to create a datetime from a Unix timestamp.
+  One of the readable formats listed above must be used instead.
+-/
+abbrev Datetime := Int64
+
+def MAX_OFFSET_SECONDS: Nat := 86400
+
+def DateOnly : Std.Time.GenericFormat .any := datespec("uuuu-MM-dd")
+def DateUTC : Std.Time.GenericFormat .any := datespec("uuuu-MM-dd'T'HH:mm:ss'Z'")
+def DateUTCWithMillis : Std.Time.GenericFormat .any := datespec("uuuu-MM-dd'T'HH:mm:ss.SSS'Z'")
+def DateWithOffset : Std.Time.GenericFormat .any := datespec("uuuu-MM-dd'T'HH:mm:ssxx")
+def DateWithOffsetAndMillis : Std.Time.GenericFormat .any := datespec("uuuu-MM-dd'T'HH:mm:ss.SSSxx")
+
+abbrev datetime? := Int64.ofInt?
+
+def dateContainsLeapSeconds (str: String) : Bool :=
+  str.length >= 20 && str.get? ⟨17⟩ == some '6' && str.get? ⟨18⟩ == some '0'
+
+def parse (str: String) : Option Datetime := do
+  if dateContainsLeapSeconds str then failure
+  let val :=
+    DateOnly.parse str <|>
+    DateUTC.parse str <|>
+    DateUTCWithMillis.parse str <|>
+    DateWithOffset.parse str <|>
+    DateWithOffsetAndMillis.parse str
+
+  let zonedTime ← val.toOption
+  if zonedTime.timezone.offset.second.val.natAbs < MAX_OFFSET_SECONDS
+  then datetime? zonedTime.toTimestamp.toMillisecondsSinceUnixEpoch.toInt
+  else none
+
 /--
   A duration value is measured in milliseconds and constructed from a duration string.
   A duration string is a concatenated sequence of quantity-unit pairs where the quantity
@@ -40,8 +87,6 @@ open Cedar.Data
 -/
 abbrev Duration := Int64
 
-namespace Datetime
-
 def MILLISECONDS_PER_SECOND: Int := 1000
 def MILLISECONDS_PER_MINUTE: Int := 60000
 def MILLISECONDS_PER_HOUR: Int := 360000

cedar-lean/UnitTest/Datetime.lean

@@ -23,77 +23,130 @@ namespace UnitTest.Datetime
 
 open Cedar.Spec.Ext.Datetime
 
-theorem test1 : toString ((Duration.parse "1ms").get!) = "1" := by native_decide
-theorem test2 : toString ((Duration.parse "1s").get!) = "1000" := by native_decide
-theorem test3 : toString ((Duration.parse "1m").get!) = "60000" := by native_decide
-theorem test4 : toString ((Duration.parse "1h").get!) = "360000" := by native_decide
-theorem test5 : toString ((Duration.parse "1d").get!) = "86400000" := by native_decide
-theorem test6 : toString ((Duration.parse "1d2h3m4s5ms").get!) = "87304005" := by native_decide
-theorem test7 : toString ((Duration.parse "2d12h").get!) = "177120000" := by native_decide
-theorem test8 : toString ((Duration.parse "3m30s").get!) = "210000" := by native_decide
-theorem test9 : toString ((Duration.parse "1h30m45s").get!) = "2205000" := by native_decide
-theorem test10 : toString ((Duration.parse "2d5h20m").get!) = "175800000" := by native_decide
-theorem test11 : toString ((Duration.parse "-1d12h").get!) = "-90720000" := by native_decide
-theorem test12 : toString ((Duration.parse "-3h45m").get!) = "-3780000" := by native_decide
-theorem test13 : toString ((Duration.parse "1d1ms").get!) = "86400001" := by native_decide
-theorem test14 : toString ((Duration.parse "59m59s999ms").get!) = "3599999" := by native_decide
-theorem test15 : toString ((Duration.parse "23h59m59s999ms").get!) = "11879999" := by native_decide
-theorem test16 : toString ((Duration.parse "0d0h0m0s0ms").get!) = "0" := by native_decide
-
-private def testValid (str : String) (rep : Int) : TestCase IO :=
+private def testValidDatetime (str : String) (rep : Int) : TestCase IO :=
+  test str ⟨λ _ => checkEq (parse str) (datetime? rep)⟩
+
+def testsForValidDatetimeStrings :=
+  suite "Datetime.parse for valid strings"
+  [
+    testValidDatetime "2022-10-10" 1665360000000,
+    testValidDatetime "1969-12-31" (-86400000 : Int),
+    testValidDatetime "1969-12-31T23:59:59Z" (-1000 : Int),
+    -- Commented out tests following this comment are impacted by a bug we
+    -- encountered in Lean. Enable them when the bug has been fixed. More
+    -- details in https://github.com/cedar-policy/cedar-spec/issues/525
+    -- testValidDatetime "1969-12-31T23:59:59.001Z" (-999 : Int),
+    -- testValidDatetime "1969-12-31T23:59:59.999Z" (-1 : Int),
+    testValidDatetime "2024-10-15" 1728950400000,
+    testValidDatetime "2024-10-15T11:38:02Z" 1728992282000,
+    testValidDatetime "2024-10-15T11:38:02.101Z" 1728992282101,
+    testValidDatetime "2024-10-15T11:38:02.101-1134" 1729033922101,
+    testValidDatetime "2024-10-15T11:38:02.101+1134" 1728950642101,
+    testValidDatetime "2024-10-15T11:38:02+1134" 1728950642000,
+    testValidDatetime "2024-10-15T11:38:02-1134" 1729033922000,
+  ]
+
+private def testInvalidDatetime (str : String) (msg : String) : TestCase IO :=
+  test s!"{str} [{msg}]" ⟨λ _ => checkEq (parse str) .none⟩
+
+def testsForInvalidDatetimeStrings :=
+  suite "Datetime.parse for invalid strings"
+  [
+    testInvalidDatetime "" "empty string",
+    testInvalidDatetime "a" "string is letter",
+    testInvalidDatetime "-" "string is character",
+    testInvalidDatetime "-1" "string is integer",
+    testInvalidDatetime "11-12-13" "two digits for year",
+    testInvalidDatetime "1111-1x-20" "invalid month",
+    testInvalidDatetime "2024-10-15Z" "Zulu code invalid for date",
+    testInvalidDatetime "2024-10-15T11:38:02ZZ" "double Zulu code",
+    testInvalidDatetime "2024-01-01T" "separator not needed",
+    testInvalidDatetime "2024-01-01Ta" "unexpected character 'a'",
+    testInvalidDatetime "2024-01-01T01:" "only hours",
+    testInvalidDatetime "2024-01-01T01:02" "no seconds",
+    testInvalidDatetime "2024-01-01T01:02:0b" "unexpected character 'b'",
+    testInvalidDatetime "2024-01-01T01::02:03" "double colon",
+    testInvalidDatetime "2024-01-01T01::02::03" "double colons",
+    testInvalidDatetime "2024-01-01T31:02:03Z" "invalid hour range",
+    testInvalidDatetime "2024-01-01T01:60:03Z" "invalid minute range",
+    testInvalidDatetime "2016-12-31T23:59:60Z" "leap second",
+    testInvalidDatetime "2016-12-31T23:59:61Z" "invalid second range",
+    testInvalidDatetime "2024-01-01T00:00:00" "timezone not specified",
+    testInvalidDatetime "2024-01-01T00:00:00T" "separator is not timezone",
+    testInvalidDatetime "2024-01-01T00:00:00ZZ" "double Zulu code",
+    testInvalidDatetime "2024-01-01T00:00:00x001Z" "typo in milliseconds separator",
+    testInvalidDatetime "2024-01-01T00:00:00.001ZZ" "double Zulu code w/ millis",
+    testInvalidDatetime "2016-12-31T23:59:60.000Z" "leap second (millis/UTC)",
+    testInvalidDatetime "2016-12-31T23:59:60.000+0200" "leap second (millis/offset)",
+    testInvalidDatetime "2024-01-01T00:00:00➕0000" "sign `+` is an emoji",
+    testInvalidDatetime "2024-01-01T00:00:00➖0000" "sign `-` is an emoji",
+    testInvalidDatetime "2024-01-01T00:00:00.0001Z" "fraction of seconds is 4 digits",
+    testInvalidDatetime "2024-01-01T00:00:00.001➖0000" "sign `+` is an emoji",
+    testInvalidDatetime "2024-01-01T00:00:00.001➕0000" "sign `-` is an emoji",
+    testInvalidDatetime "2024-01-01T00:00:00.001+00000" "offset is 5 digits",
+    testInvalidDatetime "2024-01-01T00:00:00.001-00000" "offset is 5 digits",
+    testInvalidDatetime "2016-12-31T00:00:00+2400" "invalid offset range",
+    testInvalidDatetime "2016-12-31T00:00:00+9999" "invalid offset range",
+  ]
+
+theorem testDuration16 : toString ((Duration.parse "0d0h0m0s0ms").get!) = "0" := by native_decide
+
+private def testValidDuration (str : String) (rep : Int) : TestCase IO :=
   test str ⟨λ _ => checkEq (Duration.parse str) (duration? rep)⟩
 
 def testsForValidDurationStrings :=
   suite "Duration.parse for valid strings"
   [
-    testValid "0ms" 0,
-    testValid "0d0s" 0,
-    testValid "1ms" 1,
-    testValid "1s" 1000,
-    testValid "1m" 60000,
-    testValid "1h" 360000,
-    testValid "1d" 86400000,
-    testValid "12s340ms" 12340,
-    testValid "1s234ms" 1234,
-    testValid "-1s" (-1000),
-    testValid "-4s200ms" (-4200),
-    testValid "-9s876ms" (-9876),
-    testValid "106751d23h47m16s854ms" 9223297516854,
-    testValid "-106751d23h47m16s854ms" (-9223297516854),
-    testValid "1d2h3m4s5ms" 87304005,
-    testValid "2d12h" 177120000,
-    testValid "3m30s" 210000,
-    testValid "1h30m45s" 2205000,
-    testValid "2d5h20m" 175800000,
-    testValid "-1d12h" (-90720000),
-    testValid "-3h45m" (-3780000),
-    testValid "1d1ms" 86400001,
-    testValid "59m59s999ms" 3599999,
-    testValid "23h59m59s999ms" 11879999
+    testValidDuration "0ms" 0,
+    testValidDuration "0d0s" 0,
+    testValidDuration "1ms" 1,
+    testValidDuration "1s" 1000,
+    testValidDuration "1m" 60000,
+    testValidDuration "1h" 360000,
+    testValidDuration "1d" 86400000,
+    testValidDuration "12s340ms" 12340,
+    testValidDuration "1s234ms" 1234,
+    testValidDuration "-1s" (-1000),
+    testValidDuration "-4s200ms" (-4200),
+    testValidDuration "-9s876ms" (-9876),
+    testValidDuration "106751d23h47m16s854ms" 9223297516854,
+    testValidDuration "-106751d23h47m16s854ms" (-9223297516854),
+    testValidDuration "1d2h3m4s5ms" 87304005,
+    testValidDuration "2d12h" 177120000,
+    testValidDuration "3m30s" 210000,
+    testValidDuration "1h30m45s" 2205000,
+    testValidDuration "2d5h20m" 175800000,
+    testValidDuration "-1d12h" (-90720000),
+    testValidDuration "-3h45m" (-3780000),
+    testValidDuration "1d1ms" 86400001,
+    testValidDuration "59m59s999ms" 3599999,
+    testValidDuration "23h59m59s999ms" 11879999,
+    testValidDuration "0d0h0m0s0ms" 0
   ]
 
-private def testInvalid (str : String) (msg : String) : TestCase IO :=
+private def testInvalidDuration (str : String) (msg : String) : TestCase IO :=
   test s!"{str} [{msg}]" ⟨λ _ => checkEq (Duration.parse str) .none⟩
 
 def testsForInvalidDurationStrings :=
   suite "Duration.parse for invalid strings"
   [
-    testInvalid "" "empty string",
-    testInvalid "d" "unit but no amount",
-    testInvalid "1d-1s" "invalid use of -",
-    testInvalid "1d2h3m4s5ms6" "trailing amount",
-    testInvalid "1x2m3s" "invalid unit",
-    testInvalid "1.23s" "amounts must be integral",
-    testInvalid "1s1d" "invalid order",
-    testInvalid "1s1s" "repeated units",
-    testInvalid "1d2h3m4s5ms " "trailing space",
-    testInvalid " 1d2h3m4s5ms" "leading space",
-    testInvalid "1d9223372036854775807ms" "overflow",
-    testInvalid "1d92233720368547758071ms" "overflow ms",
-    testInvalid "9223372036854776s1ms" "overflow s"
+    testInvalidDuration "" "empty string",
+    testInvalidDuration "d" "unit but no amount",
+    testInvalidDuration "1d-1s" "invalid use of -",
+    testInvalidDuration "1d2h3m4s5ms6" "trailing amount",
+    testInvalidDuration "1x2m3s" "invalid unit",
+    testInvalidDuration "1.23s" "amounts must be integral",
+    testInvalidDuration "1s1d" "invalid order",
+    testInvalidDuration "1s1s" "repeated units",
+    testInvalidDuration "1d2h3m4s5ms " "trailing space",
+    testInvalidDuration " 1d2h3m4s5ms" "leading space",
+    testInvalidDuration "1d9223372036854775807ms" "overflow",
+    testInvalidDuration "1d92233720368547758071ms" "overflow ms",
+    testInvalidDuration "9223372036854776s1ms" "overflow s"
   ]
 
-def tests := [testsForValidDurationStrings, testsForInvalidDurationStrings]
+def tests := [testsForValidDatetimeStrings, testsForInvalidDatetimeStrings,
+              testsForValidDurationStrings, testsForInvalidDurationStrings]
 
 -- Uncomment for interactive debugging
 -- #eval TestSuite.runAll tests