lemma-engine 0.8.18

A language that means business.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325

//! Integration tests for the compiled-instruction VM (planning → execute_instructions).

use lemma::validate_instruction_jumps;
use lemma::{DateTimeValue, Engine, Instruction};
use rust_decimal::Decimal;
use std::collections::HashMap;
use std::str::FromStr;

const PRICING_SPEC: &str = r#"
spec pricing
data quantity: number
data price: 10
rule total: quantity * price
rule discount: 0
  unless quantity >= 10 then 5
  unless quantity >= 50 then 15
"#;

const CALC_SPEC: &str = r#"
spec calc

data money: quantity
  -> decimals 2
  -> unit eur 1

data hourly_rate: 85.00 eur
data hours_worked: 37.5
data is_rush: boolean
data is_super_rush: boolean

rule labor: hourly_rate * hours_worked
rule rush_surcharge: 0 eur
  unless is_rush then labor * 25%
  unless is_super_rush then labor * 50%
rule subtotal: labor + rush_surcharge
rule vat: subtotal * 21%
rule total: subtotal + vat
"#;

fn load_engine(code: &str, path: &str) -> Engine {
    let mut engine = Engine::new();
    engine
        .load(
            code,
            lemma::SourceType::Path(std::sync::Arc::new(std::path::PathBuf::from(path))),
        )
        .expect("load spec");
    engine
}

fn assert_plan_jumps_strict(engine: &Engine, spec: &str) {
    let now = DateTimeValue::now();
    let plan = engine.get_plan(None, spec, Some(&now)).expect("plan");
    for rule in &plan.rules {
        validate_instruction_jumps(&rule.instructions.code);
    }
}

fn run_quantity(engine: &Engine, quantity: &str) -> lemma::Response {
    let now = DateTimeValue::now();
    let mut data = HashMap::new();
    data.insert("quantity".to_string(), quantity.to_string());
    engine
        .run(None, "pricing", Some(&now), data, false, None)
        .expect("run pricing")
}

fn run_calc(data: HashMap<String, String>) -> lemma::Response {
    let engine = load_engine(CALC_SPEC, "calc.lemma");
    let now = DateTimeValue::now();
    engine
        .run(None, "calc", Some(&now), data, false, None)
        .expect("run calc")
}

fn rule_number(response: &lemma::Response, rule: &str) -> Decimal {
    let result = response.get(rule).unwrap_or_else(|_| panic!("rule {rule}"));
    assert!(!result.vetoed, "rule {rule} vetoed");
    Decimal::from_str(result.number.as_ref().expect("number payload")).expect("decimal")
}

fn rule_display(response: &lemma::Response, rule: &str) -> String {
    response
        .get(rule)
        .unwrap_or_else(|_| panic!("rule {rule}"))
        .display
        .clone()
        .expect("display")
}

fn rule_quantity_display(response: &lemma::Response, rule: &str) -> String {
    response
        .get(rule)
        .unwrap_or_else(|_| panic!("rule {rule}"))
        .display
        .clone()
        .expect("display")
}

#[test]
fn pricing_plan_instructions_have_strict_jump_targets() {
    let engine = load_engine(PRICING_SPEC, "pricing.lemma");
    assert_plan_jumps_strict(&engine, "pricing");
    for rule in &engine
        .get_plan(None, "pricing", Some(&DateTimeValue::now()))
        .expect("plan")
        .rules
    {
        assert!(
            rule.instructions
                .code
                .iter()
                .any(|insn| matches!(insn, Instruction::Return { .. })),
            "rule '{}' must terminate with Return",
            rule.name
        );
    }
}

#[test]
fn calc_plan_instructions_have_strict_jump_targets() {
    let engine = load_engine(CALC_SPEC, "calc.lemma");
    assert_plan_jumps_strict(&engine, "calc");
}

#[test]
fn discount_unless_quantity_below_ten() {
    let engine = load_engine(PRICING_SPEC, "pricing.lemma");
    let response = run_quantity(&engine, "5");
    assert_eq!(rule_number(&response, "discount"), Decimal::ZERO);
    assert_eq!(rule_number(&response, "total"), Decimal::from(50));
}

#[test]
fn discount_unless_quantity_ten() {
    let engine = load_engine(PRICING_SPEC, "pricing.lemma");
    let response = run_quantity(&engine, "10");
    assert_eq!(rule_number(&response, "discount"), Decimal::from(5));
}

#[test]
fn discount_unless_quantity_fifty() {
    let engine = load_engine(PRICING_SPEC, "pricing.lemma");
    let response = run_quantity(&engine, "50");
    assert_eq!(rule_number(&response, "discount"), Decimal::from(15));
}

#[test]
fn discount_unless_quantity_between_tiers() {
    let engine = load_engine(PRICING_SPEC, "pricing.lemma");
    let response = run_quantity(&engine, "25");
    assert_eq!(rule_number(&response, "discount"), Decimal::from(5));
}

#[test]
fn nested_rule_reference_in_arithmetic() {
    let code = r#"
spec chain
data x: number
rule base: x * 2
rule offset: 1
  unless x >= 5 then 10
rule total: base + offset
"#;
    let engine = load_engine(code, "chain.lemma");
    let now = DateTimeValue::now();
    let mut data = HashMap::new();
    data.insert("x".to_string(), "3".to_string());
    let response = engine
        .run(None, "chain", Some(&now), data, false, None)
        .expect("run");
    assert_eq!(rule_number(&response, "total"), Decimal::from(7));
}

#[test]
fn inlined_piecewise_subexpression_does_not_return_early_from_parent_rule() {
    let mut data = HashMap::new();
    data.insert("is_rush".into(), "true".into());
    data.insert("is_super_rush".into(), "false".into());
    let response = run_calc(data);

    assert_eq!(rule_display(&response, "total"), "4821.09 eur");
    assert_eq!(
        rule_quantity_display(&response, "rush_surcharge"),
        "796.88 eur"
    );
    assert_ne!(
        rule_display(&response, "total"),
        rule_quantity_display(&response, "rush_surcharge"),
        "total must not equal inlined rush_surcharge alone"
    );
}

#[test]
fn is_veto_detects_transitive_veto() {
    let code = r#"
spec deep_veto
data input: number
rule step1: input
  unless input < 0 then veto "bad input"
rule step2: step1 * 2
rule step3: step2 + 1
rule check_step3: step3 is veto
"#;
    let engine = load_engine(code, "deep_veto.lemma");
    let now = DateTimeValue::now();
    let mut bad = HashMap::new();
    bad.insert("input".to_string(), "-1".to_string());
    let resp = engine
        .run(None, "deep_veto", Some(&now), bad, false, None)
        .expect("run");
    assert_eq!(rule_display(&resp, "check_step3"), "true");

    let mut good = HashMap::new();
    good.insert("input".to_string(), "5".to_string());
    let resp = engine
        .run(None, "deep_veto", Some(&now), good, false, None)
        .expect("run");
    assert_eq!(rule_display(&resp, "check_step3"), "false");
}

#[test]
fn unless_skips_vetoed_condition_and_matches_is_veto_arm() {
    let code = r#"
spec unless_veto_cond
data input: number
rule validated: input
  unless input > 1000 then veto "too large"
rule result: 0
  unless validated > 50 then 100
  unless validated is veto then 0
"#;
    let engine = load_engine(code, "unless_veto.lemma");
    let now = DateTimeValue::now();
    let mut large = HashMap::new();
    large.insert("input".to_string(), "2000".to_string());
    let resp = engine
        .run(None, "unless_veto_cond", Some(&now), large, false, None)
        .expect("run");
    assert_eq!(rule_display(&resp, "result"), "0");

    let mut ok = HashMap::new();
    ok.insert("input".to_string(), "100".to_string());
    let resp = engine
        .run(None, "unless_veto_cond", Some(&now), ok, false, None)
        .expect("run");
    assert_eq!(rule_display(&resp, "result"), "100");
}

#[test]
fn calc_total_without_rush_is_not_zero_surcharge_path() {
    let mut data = HashMap::new();
    data.insert("is_rush".into(), "false".into());
    data.insert("is_super_rush".into(), "false".into());
    let response = run_calc(data);
    assert_eq!(rule_display(&response, "total"), "3856.88 eur");
    assert_eq!(
        rule_quantity_display(&response, "rush_surcharge"),
        "0.00 eur"
    );
}

/// Serialize the pricing plan, tamper with one rule's instructions through the
/// serialized JSON, and reconstruct. The trust boundary must reject the plan
/// with an error — never hang or crash the virtual machine later.
fn tampered_plan_error(tamper: impl FnOnce(&mut lemma::Instructions)) -> String {
    let engine = load_engine(PRICING_SPEC, "pricing.lemma");
    let now = DateTimeValue::now();
    let plan = engine.get_plan(None, "pricing", Some(&now)).expect("plan");
    let mut serialized = lemma::ExecutionPlanSerialized::from(plan);
    tamper(
        &mut serialized
            .rules
            .first_mut()
            .expect("pricing plan has rules")
            .instructions,
    );
    let error = lemma::ExecutionPlan::try_from(serialized)
        .expect_err("tampered serialized plan must be rejected at load time");
    error.to_string()
}

#[test]
fn deserialization_rejects_cyclic_jump() {
    let message = tampered_plan_error(|instructions| {
        instructions.code.insert(
            0,
            Instruction::Jump {
                target_instruction: 0,
            },
        );
    });
    assert!(
        message.contains("unpatched Jump"),
        "expected jump validation error, got: {message}"
    );
}

#[test]
fn deserialization_rejects_out_of_bounds_constant_index() {
    let message = tampered_plan_error(|instructions| {
        for instruction in &mut instructions.code {
            if let Instruction::LoadConstant { constant_index, .. } = instruction {
                *constant_index = u16::MAX;
            }
        }
    });
    assert!(
        message.contains("constant index"),
        "expected constant index validation error, got: {message}"
    );
}

#[test]
fn deserialization_rejects_missing_trailing_return() {
    let message = tampered_plan_error(|instructions| {
        while matches!(instructions.code.last(), Some(Instruction::Return { .. })) {
            instructions.code.pop();
        }
    });
    assert!(
        message.contains("must end with Return") || message.contains("past the last instruction"),
        "expected trailing-return validation error, got: {message}"
    );
}