• Stars
    star
    2,211
  • Rank 20,865 (Top 0.5 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created almost 7 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Fast, portable, non-Turing complete expression evaluation with gradual typing (Go)

Common Expression Language

Go Report Card GoDoc

The Common Expression Language (CEL) is a non-Turing complete language designed for simplicity, speed, safety, and portability. CEL's C-like syntax looks nearly identical to equivalent expressions in C++, Go, Java, and TypeScript.

// Check whether a resource name starts with a group name.
resource.name.startsWith("/groups/" + auth.claims.group)
// Determine whether the request is in the permitted time window.
request.time - resource.age < duration("24h")
// Check whether all resource names in a list match a given filter.
auth.claims.email_verified && resources.all(r, r.startsWith(auth.claims.email))

A CEL "program" is a single expression. The examples have been tagged as java, go, and typescript within the markdown to showcase the commonality of the syntax.

CEL is ideal for lightweight expression evaluation when a fully sandboxed scripting language is too resource intensive. To get started, try the Codelab.

A dashboard that shows results of cel-go conformance tests can be found here.



Overview

Determine the variables and functions you want to provide to CEL. Parse and check an expression to make sure it's valid. Then evaluate the output AST against some input. Checking is optional, but strongly encouraged.

Environment Setup

Let's expose name and group variables to CEL using the cel.Declarations environment option:

import "github.com/google/cel-go/cel"

env, err := cel.NewEnv(
    cel.Variable("name", cel.StringType),
    cel.Variable("group", cel.StringType),
)

That's it. The environment is ready to be used for parsing and type-checking. CEL supports all the usual primitive types in addition to lists, maps, as well as first-class support for JSON and Protocol Buffers.

Parse and Check

The parsing phase indicates whether the expression is syntactically valid and expands any macros present within the environment. Parsing and checking are more computationally expensive than evaluation, and it is recommended that expressions be parsed and checked ahead of time.

The parse and check phases are combined for convenience into the Compile step:

ast, issues := env.Compile(`name.startsWith("/groups/" + group)`)
if issues != nil && issues.Err() != nil {
    log.Fatalf("type-check error: %s", issues.Err())
}
prg, err := env.Program(ast)
if err != nil {
    log.Fatalf("program construction error: %s", err)
}

The cel.Program generated at the end of parse and check is stateless, thread-safe, and cachable.

Type-checking in an optional, but strongly encouraged, step that can reject some semantically invalid expressions using static analysis. Additionally, the check produces metadata which can improve function invocation performance and object field selection at evaluation-time.

Macros

Macros are optional but enabled by default. Macros were introduced to support optional CEL features that might not be desired in all use cases without the syntactic burden and complexity such features might desire if they were part of the core CEL syntax. Macros are expanded at parse time and their expansions are type-checked at check time.

For example, when macros are enabled it is possible to support bounded iteration / fold operators. The macros all, exists, exists_one, filter, and map are particularly useful for evaluating a single predicate against list and map values.

// Ensure all tweets are less than 140 chars
tweets.all(t, t.size() <= 140)

The has macro is useful for unifying field presence testing logic across protobuf types and dynamic (JSON-like) types.

// Test whether the field is a non-default value if proto-based, or defined
// in the JSON case.
has(message.field)

Both cases traditionally require special syntax at the language level, but these features are exposed via macros in CEL.

Evaluate

Now, evaluate for fun and profit. The evaluation is thread-safe and side-effect free. Many different inputs can be sent to the same cel.Program and if fields are present in the input, but not referenced in the expression, they are ignored.

// The `out` var contains the output of a successful evaluation.
// The `details' var would contain intermediate evaluation state if enabled as
// a cel.ProgramOption. This can be useful for visualizing how the `out` value
// was arrive at.
out, details, err := prg.Eval(map[string]interface{}{
    "name": "/groups/acme.co/documents/secret-stuff",
    "group": "acme.co"})
fmt.Println(out) // 'true'

Partial State

What if name hadn't been supplied? CEL is designed for this case. In distributed apps it is not uncommon to have edge caches and central services. If possible, evaluation should happen at the edge, but it isn't always possible to know the full state required for all values and functions present in the CEL expression.

To improve the odds of successful evaluation with partial state, CEL uses commutative logical operators &&, ||. If an error or unknown value (not the same thing) is encountered on the left-hand side, the right hand side is evaluated also to determine the outcome. While it is possible to implement evaluation with partial state without this feature, this method was chosen because it aligns with the semantics of SQL evaluation and because it's more robust to evaluation against dynamic data types such as JSON inputs.

In the following truth-table, the symbols <x> and <y> represent error or unknown values, with the ? indicating that the branch is not taken due to short-circuiting. When the result is <x, y> this means that the both args are possibly relevant to the result.

Expression Result
false && ? false
true && false false
<x> && false false
true && true true
true && <x> <x>
<x> && true <x>
<x> && <y> <x, y>
true || ? true
false || true true
<x> || true true
false || false false
false || <x> <x>
<x> || false <x>
<x> || <y> <x, y>

In the cases where unknowns are expected, cel.EvalOptions(cel.OptTrackState) should be enabled. The details value returned by Eval() will contain the intermediate evaluation values and can be provided to the interpreter.Prune function to generate a residual expression. e.g.:

// Residual when `name` omitted:
name.startsWith("/groups/acme.co")

This technique can be useful when there are variables that are expensive to compute unless they are absolutely needed. This functionality will be the focus of many future improvements, so keep an eye out for more goodness here!

Errors

Parse and check errors have friendly error messages with pointers to where the issues occur in source:

ERROR: <input>:1:40: undefined field 'undefined'
    | TestAllTypes{single_int32: 1, undefined: 2}
    | .......................................^`,

Both the parsed and checked expressions contain source position information about each node that appears in the output AST. This information can be used to determine error locations at evaluation time as well.

Install

CEL-Go supports modules and uses semantic versioning. For more info see the Go Modules docs.

And of course, there is always the option to build from source directly.

Common Questions

Why not JavaScript, Lua, or WASM?

JavaScript and Lua are rich languages that require sandboxing to execute safely. Sandboxing is costly and factors into the "what will I let users evaluate?" question heavily when the answer is anything more than O(n) complexity.

CEL evaluates linearly with respect to the size of the expression and the input being evaluated when macros are disabled. The only functions beyond the built-ins that may be invoked are provided by the host environment. While extension functions may be more complex, this is a choice by the application embedding CEL.

But, why not WASM? WASM is an excellent choice for certain applications and is far superior to embedded JavaScript and Lua, but it does not have support for garbage collection and non-primitive object types require semi-expensive calls across modules. In most cases CEL will be faster and just as portable for its intended use case, though for node.js and web-based execution CEL too may offer a WASM evaluator with direct to WASM compilation.

Do I need to Parse and Check?

Checking is an optional, but strongly suggested, step in CEL expression validation. It is sufficient in some cases to simply Parse and rely on the runtime bindings and error handling to do the right thing.

Where can I learn more about the language?

  • See the CEL Spec for the specification and conformance test suite.
  • Ask for support on the CEL Go Discuss Google group.

Where can I learn more about the internals?

  • See GoDoc to learn how to integrate CEL into services written in Go.
  • See the CEL C++ toolchain (under development) for information about how to integrate CEL evaluation into other environments.

How can I contribute?

Some tests don't work with go test?

A handful of tests rely on Bazel. In particular dynamic proto support at check time and the conformance test driver require Bazel to coordinate the test inputs:

bazel test ...

License

Released under the Apache License.

Disclaimer: This is not an official Google product.

More Repositories

1

material-design-icons

Material Design icons by Google (Material Symbols)
50,560
star
2

guava

Google core libraries for Java
Java
48,313
star
3

zx

A tool for writing better scripts
JavaScript
42,760
star
4

styleguide

Style guides for Google-originated open-source projects
HTML
37,420
star
5

leveldb

LevelDB is a fast key-value storage library written at Google that provides an ordered mapping from string keys to string values.
C++
36,205
star
6

googletest

GoogleTest - Google Testing and Mocking Framework
C++
34,040
star
7

material-design-lite

Material Design Components in HTML/CSS/JS
HTML
32,281
star
8

comprehensive-rust

This is the Rust course used by the Android team at Google. It provides you the material to quickly teach Rust.
Rust
27,842
star
9

python-fire

Python Fire is a library for automatically generating command line interfaces (CLIs) from absolutely any Python object.
Python
26,842
star
10

mediapipe

Cross-platform, customizable ML solutions for live and streaming media.
C++
25,626
star
11

gson

A Java serialization/deserialization library to convert Java Objects into JSON and back
Java
23,317
star
12

flatbuffers

FlatBuffers: Memory Efficient Serialization Library
C++
23,037
star
13

iosched

The Google I/O Android App
Kotlin
21,772
star
14

ExoPlayer

This project is deprecated and stale. The latest ExoPlayer code is available in https://github.com/androidx/media
Java
21,710
star
15

eng-practices

Google's Engineering Practices documentation
19,942
star
16

web-starter-kit

Web Starter Kit - a workflow for multi-device websites
HTML
18,422
star
17

flexbox-layout

Flexbox for Android
Kotlin
18,230
star
18

fonts

Font files available from Google Fonts, and a public issue tracker for all things Google Fonts
HTML
18,222
star
19

filament

Filament is a real-time physically based rendering engine for Android, iOS, Windows, Linux, macOS, and WebGL2
C++
17,554
star
20

cadvisor

Analyzes resource usage and performance characteristics of running containers.
Go
17,078
star
21

gvisor

Application Kernel for Containers
Go
15,733
star
22

libphonenumber

Google's common Java, C++ and JavaScript library for parsing, formatting, and validating international phone numbers.
C++
15,728
star
23

WebFundamentals

Former git repo for WebFundamentals on developers.google.com
JavaScript
13,851
star
24

yapf

A formatter for Python files
Python
13,755
star
25

brotli

Brotli compression format
TypeScript
13,363
star
26

tink

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
Java
13,318
star
27

deepdream

13,212
star
28

wire

Compile-time Dependency Injection for Go
Go
12,919
star
29

guetzli

Perceptual JPEG encoder
C++
12,917
star
30

guice

Guice (pronounced 'juice') is a lightweight dependency injection framework for Java 11 and above, brought to you by Google.
Java
12,458
star
31

blockly

The web-based visual programming editor.
TypeScript
12,392
star
32

sanitizers

AddressSanitizer, ThreadSanitizer, MemorySanitizer
C
11,410
star
33

or-tools

Google's Operations Research tools:
C++
11,144
star
34

dopamine

Dopamine is a research framework for fast prototyping of reinforcement learning algorithms.
Jupyter Notebook
10,529
star
35

grumpy

Grumpy is a Python to Go source code transcompiler and runtime.
Go
10,464
star
36

oss-fuzz

OSS-Fuzz - continuous fuzzing for open source software.
Shell
10,389
star
37

auto

A collection of source code generators for Java.
Java
10,234
star
38

go-github

Go library for accessing the GitHub v3 API
Go
10,206
star
39

go-cloud

The Go Cloud Development Kit (Go CDK): A library and tools for open cloud development in Go.
Go
9,546
star
40

sentencepiece

Unsupervised text tokenizer for Neural Network-based text generation.
C++
8,657
star
41

tsunami-security-scanner

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
Java
8,232
star
42

re2

RE2 is a fast, safe, thread-friendly alternative to backtracking regular expression engines like those used in PCRE, Perl, and Python. It is a C++ library.
C++
8,190
star
43

traceur-compiler

Traceur is a JavaScript.next-to-JavaScript-of-today compiler
JavaScript
8,173
star
44

trax

Trax โ€” Deep Learning with Clear Code and Speed
Python
8,051
star
45

pprof

pprof is a tool for visualization and analysis of profiling data
Go
7,875
star
46

skia

Skia is a complete 2D graphic library for drawing Text, Geometries, and Images.
C++
7,874
star
47

benchmark

A microbenchmark support library
C++
7,812
star
48

magika

Detect file content types with deep learning
Rust
7,680
star
49

android-classyshark

Android and Java bytecode viewer
Java
7,492
star
50

accompanist

A collection of extension libraries for Jetpack Compose
Kotlin
7,442
star
51

closure-compiler

A JavaScript checker and optimizer.
Java
7,394
star
52

agera

Reactive Programming for Android
Java
7,227
star
53

latexify_py

A library to generate LaTeX expression from Python code.
Python
7,160
star
54

diff-match-patch

Diff Match Patch is a high-performance library in multiple languages that manipulates plain text.
Python
7,132
star
55

flutter-desktop-embedding

Experimental plugins for Flutter for Desktop
C++
7,102
star
56

glog

C++ implementation of the Google logging module
C++
7,017
star
57

jsonnet

Jsonnet - The data templating language
Jsonnet
6,938
star
58

model-viewer

Easily display interactive 3D models on the web and in AR!
TypeScript
6,858
star
59

lovefield

Lovefield is a relational database for web apps. Written in JavaScript, works cross-browser. Provides SQL-like APIs that are fast, safe, and easy to use.
JavaScript
6,847
star
60

error-prone

Catch common Java mistakes as compile-time errors
Java
6,818
star
61

draco

Draco is a library for compressing and decompressing 3D geometric meshes and point clouds. It is intended to improve the storage and transmission of 3D graphics.
C++
6,459
star
62

gops

A tool to list and diagnose Go processes currently running on your system
Go
6,375
star
63

gopacket

Provides packet processing capabilities for Go
Go
6,289
star
64

automl

Google Brain AutoML
Jupyter Notebook
6,230
star
65

osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev
Go
6,222
star
66

flax

Flax is a neural network library for JAX that is designed for flexibility.
Jupyter Notebook
6,085
star
67

grafika

Grafika test app
Java
6,071
star
68

snappy

A fast compressor/decompressor
C++
6,068
star
69

physical-web

The Physical Web: walk up and use anything
Java
6,017
star
70

j2objc

A Java to iOS Objective-C translation tool and runtime.
Java
5,990
star
71

gemma.cpp

lightweight, standalone C++ inference engine for Google's Gemma models.
C++
5,961
star
72

ios-webkit-debug-proxy

A DevTools proxy (Chrome Remote Debugging Protocol) for iOS devices (Safari Remote Web Inspector).
C
5,918
star
73

seesaw

Seesaw v2 is a Linux Virtual Server (LVS) based load balancing platform.
Go
5,634
star
74

EarlGrey

๐Ÿต iOS UI Automation Test Framework
Objective-C
5,616
star
75

seq2seq

A general-purpose encoder-decoder framework for Tensorflow
Python
5,577
star
76

google-java-format

Reformats Java source code to comply with Google Java Style.
Java
5,538
star
77

mesop

Rapidly build AI apps in Python
Python
5,401
star
78

wireit

Wireit upgrades your npm/pnpm/yarn scripts to make them smarter and more efficient.
TypeScript
5,385
star
79

syzkaller

syzkaller is an unsupervised coverage-guided kernel fuzzer
Go
5,350
star
80

uuid

Go package for UUIDs based on RFC 4122 and DCE 1.1: Authentication and Security Services.
Go
5,284
star
81

clusterfuzz

Scalable fuzzing infrastructure.
Python
5,283
star
82

battery-historian

Battery Historian is a tool to analyze battery consumers using Android "bugreport" files.
Go
5,249
star
83

gemma_pytorch

The official PyTorch implementation of Google's Gemma models
Python
5,242
star
84

bbr

5,156
star
85

gumbo-parser

An HTML5 parsing library in pure C99
HTML
5,141
star
86

git-appraise

Distributed code review system for Git repos
Go
5,122
star
87

google-authenticator

Open source version of Google Authenticator (except the Android app)
Java
5,077
star
88

gts

โ˜‚๏ธ TypeScript style guide, formatter, and linter.
TypeScript
5,071
star
89

closure-library

Google's common JavaScript library
JavaScript
4,881
star
90

grr

GRR Rapid Response: remote live forensics for incident response
Python
4,757
star
91

cameraview

[DEPRECATED] Easily integrate Camera features into your Android app
Java
4,734
star
92

pytype

A static type analyzer for Python code
Python
4,731
star
93

liquidfun

2D physics engine for games
C++
4,559
star
94

clasp

๐Ÿ”— Command Line Apps Script Projects
TypeScript
4,525
star
95

google-ctf

Google CTF
Python
4,477
star
96

gxui

An experimental Go cross platform UI library.
Go
4,450
star
97

santa

A binary authorization and monitoring system for macOS
Objective-C++
4,402
star
98

bloaty

Bloaty: a size profiler for binaries
C++
4,386
star
99

tcmalloc

C++
4,339
star
100

ko

Build and deploy Go applications on Kubernetes
Go
4,329
star