Yang Annotation for a validation, using must on a "case" statement

I’m trying to validate the case statement from a standard yang. In my case I want to allow only 10 ace rules for both cases(ace-ipv4 and ace-ipv6) and each case has two leaf nodes.

Yang Snippet:
container matches {
“Definitions for match criteria for this Access List
choice ace-type {
“Type of access list entry.”;
case ace-ip {
“IP Access List Entry.”;
choice ace-ip-version {
“IP version used in this Acess List Entry.”;
case ace-ipv4 {
uses packet-fields:acl-ipv4-header-fields;
case ace-ipv6 {
uses packet-fields:acl-ipv6-header-fields;

I am able to handle validation for only one case using the following annotation:

tailf:annotate “/acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches” {
must “(count(/acl:access-lists/acl:acl/acl:access-list-entries/acl:ace[.]) <=10)” +
“and (count(/acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:destination-ipv4-network) <=10)” +
“and (count(/acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:source-ipv4-network) <=10)” +
“and (count(/acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:destination-ipv6-network) <=10)” +
“and (count(/acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:source-ipv6-network) <=10)” {
error-message “Exceeding limit”;

This is working fine for “ipv4 or ipv6” but I want to enable this for “ipv4 and ipv6” any suggestion?

I want to implement “(count(/acl:access-lists/acl:acl/acl:access-list-entries/acl:ace[.]) <=10)” check for ipv4 separately and ipv6 separately.
Can someone help understand how to validate both the cases?

If I understand your use case correctly, you can write your validation using two separate must statements as follows:

tailf:annotate "/acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches" {
  must "(count(/acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:destination-ipv4-network) <=10)" +
  "and (count(/acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:source-ipv4-network) <=10)" {
    error-message "Exceeding ipv4 limit";
  must "(count(/acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:destination-ipv6-network) <=10)" +
  "and (count(/acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:source-ipv6-network) <=10)" {
    error-message "Exceeding ipv6 limit";