feat(go): Go smithy-dafny-standard-library v0.2.0 release (#1219)

Co-authored-by: Shubham Chaturvedi <scchatur@amazon.com>
Co-authored-by: Rishav karanjit <karanjitrishav4@gmail.com>

Author: 3 people

StandardLibrary/runtimes/go/ImplementationFromDafny-go/go.mod

@@ -2,6 +2,6 @@ module github.com/aws/aws-cryptographic-material-providers-library/releases/go/s
 
 go 1.23.0
 
-require github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.1
+require github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2
 
 require github.com/google/uuid v1.6.0

StandardLibrary/runtimes/go/ImplementationFromDafny-go/go.sum

@@ -1,4 +1,4 @@
-github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.1 h1:dOgaw3i0I9nWKPjfXYzEfgWsVRJykL6FA18DErvQiJQ=
-github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.1/go.mod h1:l2Tm4N2DKuq3ljONC2vOATeM9PUpXbIc8SgXdwwqEto=
+github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2 h1:g/xAj4F7Zt9wXJ6QjfbfocVi/ZYlAFpNddHCFyfzRDg=
+github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2/go.mod h1:l2Tm4N2DKuq3ljONC2vOATeM9PUpXbIc8SgXdwwqEto=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=

StandardLibrary/runtimes/go/TestsFromDafny-go/go.mod

@@ -6,7 +6,7 @@ replace github.com/aws/aws-cryptographic-material-providers-library/releases/go/
 
 require (
 	github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library v0.0.0
-	github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.1
+	github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2
 )
 
 require github.com/google/uuid v1.6.0 // indirect

StandardLibrary/runtimes/go/TestsFromDafny-go/go.sum

@@ -1,4 +1,4 @@
-github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.1 h1:dOgaw3i0I9nWKPjfXYzEfgWsVRJykL6FA18DErvQiJQ=
-github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.1/go.mod h1:l2Tm4N2DKuq3ljONC2vOATeM9PUpXbIc8SgXdwwqEto=
+github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2 h1:g/xAj4F7Zt9wXJ6QjfbfocVi/ZYlAFpNddHCFyfzRDg=
+github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2/go.mod h1:l2Tm4N2DKuq3ljONC2vOATeM9PUpXbIc8SgXdwwqEto=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=

releases/go/smithy-dafny-standard-library/CHANGELOG.md

@@ -1,5 +1,18 @@
 # Changelog
 
+# [0.2.0] (2025-03-17)
+
+- Breaks compatibility with v0.1.0 when using chars with unicode codepoints > 65535
+- utf8-utf16 encoding fix
+- support for utf16 surrogate pairs / chars with unicode codepoints > 65535
+- fix for replacement char U+FFFD
+- empty byte fix to allow custom keyring wrapping
+- other operational improvements
+
+# [0.1.0] (2025-01-15)
+
+Semantic version upgrade from v0.0.1 to v0.1.0
+
 # [0.0.1] (2025-01-10)
 
 Initial release for Go based on MPL [1.8.0](../../../CHANGELOG.md)

releases/go/smithy-dafny-standard-library/README.md

@@ -4,8 +4,6 @@ The AWS Cryptographic Internal StandardLibrary is a helper library used in the A
 
 **DO NOT** take a standalone dependency on this library.
 
-[Security issue notifications](./CONTRIBUTING.md#security-issue-notifications)
-
 ## Installation
 
 `go get github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library@latest`

releases/go/smithy-dafny-standard-library/UTF8/externs.go

@@ -2,14 +2,24 @@ package UTF8
 
 import (
 	"fmt"
-	"unicode"
+	"math"
 	"unicode/utf16"
 	"unicode/utf8"
 
 	"github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers"
 	"github.com/dafny-lang/DafnyRuntimeGo/v4/dafny"
 )
 
+// The following constants are copied from the Go utf16 lib and are used
+// to check the validity of the utf16 surrogate pairs.
+const (
+	// 0xd800-0xdc00 encodes the high 10 bits of a pair.
+	// 0xdc00-0xe000 encodes the low 10 bits of a pair.
+	surr1 = 0xd800
+	surr2 = 0xdc00
+	surr3 = 0xe000
+)
+
 //IMP: The below extern implementations are only compatible
 //with unicode-char:false transpiled code.
 
@@ -19,46 +29,94 @@ import (
 // we need to encode the result in compatible dafny utf16 string before returning
 // the result.
 func Decode(utf8EncodedDafnySeq dafny.Sequence) Wrappers.Result {
-	utf8EncodedByteArray := dafny.ToByteArray(utf8EncodedDafnySeq)
-
-	utf16Encoded := utf16.Encode([]rune(string(utf8EncodedByteArray)))
-	var dafnyCharArray []dafny.Char
-	for _, c := range utf16Encoded {
-		if c == unicode.ReplacementChar {
-			err := fmt.Errorf("Encountered Not Allowed Replacement Character: %s ", unicode.ReplacementChar)
-			return Wrappers.Companion_Result_.Create_Failure_(dafny.SeqOfString(err.Error()))
-		}
-		dafnyCharArray = append(dafnyCharArray, dafny.Char(c))
+	res, err := DecodeFromNativeGoByteArray(dafny.ToByteArray(utf8EncodedDafnySeq))
+	if err != nil {
+		return Wrappers.Companion_Result_.Create_Failure_(dafny.SeqOfString(err.Error()))
 	}
-	return Wrappers.Companion_Result_.Default(dafny.SeqOfChars(dafnyCharArray...))
+
+	return Wrappers.Companion_Result_.Create_Success_(res)
 }
 
 // Encode encodes utf16 encoded dafny char (rune) to utf-8 Go rune sequence.
 // Anything we receive here is supposed to be utf16 encoded Go rune
 // since this extern is for unicode-char:false.
 func Encode(utf16EncodedDafnySeq dafny.Sequence) Wrappers.Result {
-	encodedUtf16 := utf16EncodedDafnySeqToUint16(utf16EncodedDafnySeq)
-	decodedUtf16 := utf16.Decode(encodedUtf16)
-	var utf8EncodedBytes []byte
-	for _, r := range decodedUtf16 {
-		if !utf8.ValidRune(r) || r == unicode.ReplacementChar {
-			return Wrappers.Companion_Result_.Create_Failure_(dafny.SeqOfString("Failed to utf8 encode rune"))
-		}
-		buf := make([]byte, utf8.RuneLen(r))
-		n := utf8.EncodeRune(buf, r)
-		utf8EncodedBytes = append(utf8EncodedBytes, buf[:n]...)
+	utf8EncodedBytes, err := decodeUtf16(utf16EncodedDafnySeq)
+	if err != nil {
+		return Wrappers.Companion_Result_.Create_Failure_(dafny.SeqOfString(err.Error()))
 	}
 	return Wrappers.Companion_Result_.Create_Success_(dafny.SeqOfBytes(utf8EncodedBytes))
 }
 
-func utf16EncodedDafnySeqToUint16(seq dafny.Sequence) []uint16 {
-	var r []uint16
+// This method is to be called from the Type Conversion layer.
+// We reuse the same method so that all conversions are consistent.
+func DecodeFromNativeGoByteArray(utf8EncodedByteArray []byte) (dafny.Sequence, error) {
+	if !utf8.Valid(utf8EncodedByteArray) {
+		return nil, fmt.Errorf("invalid utf8 encoded sequence: %v", utf8EncodedByteArray)
+	}
+	utf16Encoded := utf16.Encode([]rune(string(utf8EncodedByteArray)))
+	var dafnyCharArray []dafny.Char
+	for _, c := range utf16Encoded {
+		dafnyCharArray = append(dafnyCharArray, dafny.Char(c))
+	}
+	return dafny.SeqOfChars(dafnyCharArray...), nil
+}
+
+// decode appends to buf the Unicode code point sequence represented
+// by the UTF-16 encoding seq, then encode the code point as utf8 and return the utf8 buffer
+func decodeUtf16(seq dafny.Sequence) ([]byte, error) {
+	utf8EncodedBytes := []byte{}
+
 	for i := dafny.Iterate(seq); ; {
-		val, notEndOfSequence := i()
-		if !notEndOfSequence {
-			return r
+		firstVal, firstValExists := i()
+		if !firstValExists {
+			// Iterator has finished, return the buffer
+			return utf8EncodedBytes, nil
 		} else {
-			r = append(r, uint16(val.(dafny.Char)))
+			var ar rune
+
+			// We should be able to rely on dafny that anything inside the seq is utf16 encoded
+			// with unicode-char: false. But given the Long Psi issue, it's better to be safe.
+			// First check if it's a dafny.Char type, then check if it's within the limits of uint16.
+			firstChar, firstValIsAChar := firstVal.(dafny.Char)
+			if !firstValIsAChar || firstChar > math.MaxUint16 || firstChar < 0 {
+				return nil, fmt.Errorf("invalid utf16 encoded sequence: %v", seq)
+			}
+
+			// Downcast to uint16
+			switch r1 := uint16(firstChar); {
+
+			case r1 < surr1, surr3 <= r1:
+				// normal rune
+				ar = rune(r1)
+
+			case utf16.IsSurrogate(rune(r1)):
+				// If firstVal is surrogate, then we need the secondVal to construct the pair
+				secondVal, ok := i()
+
+				// Same sanity check as line 84
+				secondChar, secondValIsAChar := secondVal.(dafny.Char)
+				if !ok || !secondValIsAChar || secondChar > math.MaxUint16 || secondChar < 0 {
+					return nil, fmt.Errorf("invalid utf16 encoded sequence: %v", seq)
+				}
+
+				// Check if the secondVal is within the valid low surrogate range
+				if surr2 <= uint16(secondChar) && uint16(secondChar) < surr3 {
+					// valid surrogate sequence
+					ar = utf16.DecodeRune(rune(r1), rune(uint16(secondChar)))
+				} else {
+					return nil, fmt.Errorf("invalid utf16 encoded sequence: %v", seq)
+				}
+			default:
+				return nil, fmt.Errorf("invalid utf16 encoded sequence: %v", seq)
+			}
+
+			// Create the buffer (upto 4 bytes) to hold the utf8 rune
+			buf := make([]byte, utf8.RuneLen(ar))
+			n := utf8.EncodeRune(buf, ar)
+
+			// Append to the result
+			utf8EncodedBytes = append(utf8EncodedBytes, buf[:n]...)
 		}
 	}
 }