Ur/Web: src/iflow.sml comparison

comparison src/iflow.sml @ 1218:48d2ca496d2c

Path conditions, used to track implicit flows

author	Adam Chlipala <adamc@hcoop.net>
date	Sat, 10 Apr 2010 13:02:15 -0400
parents	4d206e603300
children	3224faec752d

comparison

equal deleted inserted replaced

-:4d206e603300
+:48d2ca496d2c
 | _ => false
 (* Congruence closure *)
 structure Cc :> sig
 type database
-type representative
 exception Contradiction
 exception Undetermined
 val database : unit -> database
-val representative : database * exp -> representative
 val assert : database * atom -> unit
 val check : database * atom -> bool
 val p_database : database Print.printer
+val builtFrom : database * {Base : exp list, Derived : exp} -> bool
 end = struct
 exception Contradiction
 exception Undetermined
 type representative = node ref
 val finish = ref (Node {Rep = ref NONE,
 Cons = ref SM.empty,
 Variety = VFinish,
-Known = ref false})
+Known = ref true})
 type database = {Vars : representative IM.map ref,
 Consts : representative CM.map ref,
 Con0s : representative SM.map ref,
 Records : (representative SM.map * representative) list ref,
 newline,
 p_list_sep newline (fn (i, n) => box [string ("x" ^ Int.toString i),
 space,
 string "=",
 space,
-p_rep n]) (IM.listItemsi (!(#Vars db)))]
+p_rep n,
+if !(#Known (unNode n)) then
+box [space,
+string "(known)"]
+else
+box []]) (IM.listItemsi (!(#Vars db)))]
 fun repOf (n : representative) : representative =
 case !(#Rep (unNode n)) of
 NONE => n
 | SOME r =>
 #Rep (unNode n) := SOME r;
 r
 end
 fun markKnown r =
-(#Known (unNode r) := true;
+if !(#Known (unNode r)) then
-case #Variety (unNode r) of
+()
-Dt1 (_, r) => markKnown r
+else
-| Recrd xes => SM.app markKnown (!xes)
+(#Known (unNode r) := true;
-| _ => ())
+SM.app markKnown (!(#Cons (unNode r)));
+case #Variety (unNode r) of
+Dt1 (_, r) => markKnown r
+| Recrd xes => SM.app markKnown (!xes)
+| _ => ())
 fun representative (db : database, e) =
 let
 fun rep e =
 case e of
 | NONE =>
 let
 val r = ref (Node {Rep = ref NONE,
 Cons = ref SM.empty,
 Variety = Dt0 f,
-Known = ref false})
+Known = ref true})
 in
 #Con0s db := SM.insert (!(#Con0s db), f, r);
 r
 end)
 | Func (DtCon0 _, _) => raise Fail "Iflow.rep: DtCon0"
 in
 unif (!xes1, !xes2);
 unif (!xes2, !xes1)
 end
 | (VFinish, VFinish) => ()
-| (Nothing, _) =>
+| (Nothing, _) => mergeNodes (r1, r2)
-(#Rep (unNode r1) := SOME r2;
+| (_, Nothing) => mergeNodes (r2, r1)
-if !(#Known (unNode r1)) andalso not (!(#Known (unNode r2))) then
-markKnown r2
-else
-();
-#Cons (unNode r2) := SM.unionWith #1 (!(#Cons (unNode r2)), !(#Cons (unNode r1)));
-compactFuncs ())
-| (_, Nothing) =>
-(#Rep (unNode r2) := SOME r1;
-if !(#Known (unNode r2)) andalso not (!(#Known (unNode r1))) then
-markKnown r1
-else
-();
-#Cons (unNode r1) := SM.unionWith #1 (!(#Cons (unNode r1)), !(#Cons (unNode r2)));
-compactFuncs ())
 | _ => raise Contradiction
+and mergeNodes (r1, r2) =
+(#Rep (unNode r1) := SOME r2;
+if !(#Known (unNode r1)) then
+markKnown r2
+else
+();
+if !(#Known (unNode r2)) then
+markKnown r1
+else
+();
+#Cons (unNode r2) := SM.unionWith #1 (!(#Cons (unNode r2)), !(#Cons (unNode r1)));
+compactFuncs ())
 and compactFuncs () =
 let
 fun loop funcs =
 case funcs of
 in
 repOf r1 = repOf r2
 end
 | _ => false
+fun builtFrom (db, {Base = bs, Derived = d}) =
+let
+val bs = map (fn b => representative (db, b)) bs
+fun loop d =
+let
+val d = repOf d
+in
+List.exists (fn b => repOf b = d) bs
+orelse case #Variety (unNode d) of
+Dt0 _ => true
+| Dt1 (_, d) => loop d
+| Prim _ => true
+| Recrd xes => List.all loop (SM.listItems (!xes))
+| VFinish => true
+| Nothing => false
+end
+in
+loop (representative (db, d))
+end
 end
 fun decomp fals or =
 let
 fun decomp p k =
 | Cond x => k [ACond x]
 in
 decomp
 end
-fun imply (p1, p2) =
+fun imply (hyps, goals, outs) =
-decomp true (fn (e1, e2) => e1 andalso e2 ()) p1
+let
-(fn hyps =>
+fun gls goals onFail acc =
-decomp false (fn (e1, e2) => e1 orelse e2 ()) p2
+case goals of
-(fn goals =>
+[] =>
-let
+(let
-fun gls goals onFail acc =
+val cc = Cc.database ()
-case goals of
+val () = app (fn a => Cc.assert (cc, a)) hyps
-[] =>
+in
-(let
+(List.all (fn a =>
-val cc = Cc.database ()
+if Cc.check (cc, a) then
-val () = app (fn a => Cc.assert (cc, a)) hyps
+true
-in
+else
-(List.all (fn a =>
+((*Print.prefaces "Can't prove"
-if Cc.check (cc, a) then
+[("a", p_atom a),
-true
+("hyps", Print.p_list p_atom hyps),
-else
+("db", Cc.p_database cc)];*)
-((*Print.prefaces "Can't prove"
+false)) acc
-[("a", p_atom a),
+(*andalso (Print.preface ("Finding", Cc.p_database cc); true)*)
-("hyps", Print.p_list p_atom hyps),
+andalso Cc.builtFrom (cc, {Derived = Var 0,
-("db", Cc.p_database cc)];*)
+Base = outs}))
-false)) acc)
+handle Cc.Contradiction => false
-handle Cc.Contradiction => false
+end handle Cc.Undetermined => false)
-end handle Cc.Undetermined => false)
+orelse onFail ()
-orelse onFail ()
+| (g as AReln (Sql gf, [ge])) :: goals =>
-| (g as AReln (Sql gf, [ge])) :: goals =>
+let
-let
+fun hps hyps =
-fun hps hyps =
+case hyps of
-case hyps of
+[] => gls goals onFail (g :: acc)
-[] => gls goals onFail (g :: acc)
+| (h as AReln (Sql hf, [he])) :: hyps =>
-| (h as AReln (Sql hf, [he])) :: hyps =>
+if gf = hf then
-if gf = hf then
+let
-let
+val saved = save ()
-val saved = save ()
+in
-in
+if eq (ge, he) then
-if eq (ge, he) then
+let
-let
+val changed = IM.numItems (!unif)
-val changed = IM.numItems (!unif)
+<> IM.numItems saved
-<> IM.numItems saved
+in
-in
+gls goals (fn () => (restore saved;
-gls goals (fn () => (restore saved;
+changed
-changed
+andalso hps hyps))
-andalso hps hyps))
+acc
-acc
+end
-end
+else
-else
+hps hyps
-hps hyps
+end
-end
+else
-else
+hps hyps
-hps hyps
+| _ :: hyps => hps hyps
-| _ :: hyps => hps hyps
+in
-in
+hps hyps
-hps hyps
+end
-end
+| g :: goals => gls goals onFail (g :: acc)
-| g :: goals => gls goals onFail (g :: acc)
+in
-in
+reset ();
-reset ();
+(*Print.prefaces "Big go" [("hyps", Print.p_list p_atom hyps),
-(*Print.prefaces "Big go" [("hyps", Print.p_list p_atom hyps),
+("goals", Print.p_list p_atom goals)];*)
-("goals", Print.p_list p_atom goals)];*)
+gls goals (fn () => false) []
-gls goals (fn () => false) []
+end handle Cc.Contradiction => true
-end handle Cc.Contradiction => true))
 fun patCon pc =
 case pc of
 PConVar n => "C" ^ Int.toString n
 | PConFfi {mod = m, datatyp = d, con = c, ...} => m ^ "." ^ d ^ "." ^ c
 else
 x :: ls
 end
 datatype queryMode =
-SomeCol of exp
+SomeCol
 | AllCols of exp
 exception Default
 fun queryProp env rvN rv oe e =
 let
 fun default () = (print ("Warning: Information flow checker can't parse SQL query at "
 ^ ErrorMsg.spanToString (#2 e) ^ "\n");
-(rvN, Unknown, Unknown, []))
+(rvN, Unknown, Unknown, [], []))
 in
 case parse query e of
 NONE => default ()
 | SOME r =>
 let
 case expIn e of
 inr p' => And (p, p')
 | _ => p
 fun normal () =
-(And (p, case oe of
+case oe of
-SomeCol oe =>
+SomeCol =>
-foldl (fn (si, p) =>
+(rvN, p, True,
-let
+List.mapPartial (fn si =>
-val p' = case si of
+case si of
-SqField (v, f) => Reln (Eq, [oe, Proj (rvOf v, f)])
+SqField (v, f) => SOME (Proj (rvOf v, f))
 | SqExp (e, f) =>
 case expIn e of
-inr _ => Unknown
+inr _ => NONE
-| inl e => Reln (Eq, [oe, e])
+| inl e => SOME e) (#Select r))
-in
+| AllCols oe =>
-Or (p, p')
+(rvN, And (p, foldl (fn (si, p) =>
-end)
+let
-False (#Select r)
+val p' = case si of
-| AllCols oe =>
+SqField (v, f) => Reln (Eq, [Proj (Proj (oe, v), f),
-foldl (fn (si, p) =>
+Proj (rvOf v, f)])
-let
+| SqExp (e, f) =>
-val p' = case si of
+case expIn e of
-SqField (v, f) => Reln (Eq, [Proj (Proj (oe, v), f),
+inr p => Cond (Proj (oe, f), p)
-Proj (rvOf v, f)])
+| inl e => Reln (Eq, [Proj (oe, f), e])
-| SqExp (e, f) =>
+in
-case expIn e of
-inr p => Cond (Proj (oe, f), p)
-| inl e => Reln (Eq, [Proj (oe, f), e])
-in
 And (p, p')
 end)
 True (#Select r)),
-True)
+True, [])
-val (p, wp) =
+val (rvN, p, wp, outs) =
 case #Select r of
 [SqExp (Binop (Exps bo, Count, SqConst (Prim.Int 0)), f)] =>
 (case bo (Const (Prim.Int 1), Const (Prim.Int 2)) of
 Reln (Gt, [Const (Prim.Int 1), Const (Prim.Int 2)]) =>
-let
+(case oe of
-val oe = case oe of
+SomeCol =>
-SomeCol oe => oe
+let
-| AllCols oe => Proj (oe, f)
+val (rvN, oe) = rv rvN
 in
-(Or (Reln (Eq, [oe, Func (DtCon0 "Basis.bool.False", [])]),
+(rvN,
-And (Reln (Eq, [oe, Func (DtCon0 "Basis.bool.True", [])]),
+Or (Reln (Eq, [oe, Func (DtCon0 "Basis.bool.False", [])]),
-p)),
+And (Reln (Eq, [oe, Func (DtCon0 "Basis.bool.True", [])]),
-Reln (Eq, [oe, Func (DtCon0 "Basis.bool.True", [])]))
+p)),
-end
+Reln (Eq, [oe, Func (DtCon0 "Basis.bool.True", [])]),
+[oe])
+end
+| AllCols oe =>
+let
+val oe = Proj (oe, f)
+in
+(rvN,
+Or (Reln (Eq, [oe, Func (DtCon0 "Basis.bool.False", [])]),
+And (Reln (Eq, [oe, Func (DtCon0 "Basis.bool.True", [])]),
+p)),
+Reln (Eq, [oe, Func (DtCon0 "Basis.bool.True", [])]),
+[])
+end)
 | _ => normal ())
 | _ => normal ()
 in
 (rvN, p, wp, case #Where r of
 NONE => []
-| SOME e => map (fn (v, f) => Proj (rvOf v, f)) (usedFields e))
+| SOME e => map (fn (v, f) => Proj (rvOf v, f)) (usedFields e), outs)
 end
 handle Default => default ()
 end
 fun evalPat env e (pt, _) =
 | _ => p2
 in
 rr
 end
+datatype cflow = Case | Where
+datatype flow = Data | Control of cflow
+type check = ErrorMsg.span * exp * prop
 structure St :> sig
 type t
 val create : {Var : int,
 Ambient : prop} -> t
 val nextVar : t -> t * int
 val ambient : t -> prop
 val setAmbient : t * prop -> t
-type check = ErrorMsg.span * exp * prop
+val paths : t -> (check * cflow) list
+val addPath : t * (check * cflow) -> t
-val path : t -> check list
+val addPaths : t * (check * cflow) list -> t
-val addPath : t * check -> t
+val clearPaths : t -> t
+val setPaths : t * (check * cflow) list -> t
-val sent : t -> check list
-val addSent : t * check -> t
+val sent : t -> (check * flow) list
-val setSent : t * check list -> t
+val addSent : t * (check * flow) -> t
+val setSent : t * (check * flow) list -> t
 end = struct
-type check = ErrorMsg.span * exp * prop
 type t = {Var : int,
 Ambient : prop,
-Path : check list,
+Path : (check * cflow) list,
-Sent : check list}
+Sent : (check * flow) list}
 fun create {Var = v, Ambient = p} = {Var = v,
 Ambient = p,
 Path = [],
 Sent = []}
 fun setAmbient (t : t, p) = {Var = #Var t,
 Ambient = p,
 Path = #Path t,
 Sent = #Sent t}
-fun path (t : t) = #Path t
+fun paths (t : t) = #Path t
 fun addPath (t : t, c) = {Var = #Var t,
 Ambient = #Ambient t,
 Path = c :: #Path t,
 Sent = #Sent t}
+fun addPaths (t : t, cs) = {Var = #Var t,
+Ambient = #Ambient t,
+Path = cs @ #Path t,
+Sent = #Sent t}
+fun clearPaths (t : t) = {Var = #Var t,
+Ambient = #Ambient t,
+Path = [],
+Sent = #Sent t}
+fun setPaths (t : t, cs) = {Var = #Var t,
+Ambient = #Ambient t,
+Path = cs,
+Sent = #Sent t}
 fun sent (t : t) = #Sent t
 fun addSent (t : t, c) = {Var = #Var t,
 Ambient = #Ambient t,
 Path = #Path t,
 in
 (Var nv, st)
 end
 fun addSent (p, e, st) =
-if isKnown e then
+let
-st
+val st = if isKnown e then
-else
+st
-St.addSent (st, (loc, e, p))
+else
+St.addSent (st, ((loc, e, p), Data))
+val st = foldl (fn ((c, fl), st) => St.addSent (st, (c, Control fl))) st (St.paths st)
+in
+St.clearPaths st
+end
 in
 case #1 e of
 EPrim p => (Const p, st)
 | ERel n => (List.nth (env, n), st)
 | ENamed _ => default ()
 let
 val (e, st) = evalExp env (e, st)
 in
 (Proj (e, s), st)
 end
-| ECase (e, pes, _) =>
+| ECase (e, pes, {result = res, ...}) =>
 let
 val (e, st) = evalExp env (e, st)
 val (st, r) = St.nextVar st
 val orig = St.ambient st
+val origPaths = St.paths st
-val st = foldl (fn ((pt, pe), st) =>
-let
+val st = St.addPath (st, ((loc, e, orig), Case))
-val (env, pp) = evalPat env e pt
-val (pe, st') = evalExp env (pe, St.setAmbient (st, And (orig, pp)))
+val (st, paths) =
-(*val () = Print.prefaces "Case" [("loc", Print.PD.string
+foldl (fn ((pt, pe), (st, paths)) =>
-(ErrorMsg.spanToString (#2 pt))),
+let
-("env", Print.p_list p_exp env),
+val (env, pp) = evalPat env e pt
-("sent", Print.p_list_sep Print.PD.newline
+val (pe, st') = evalExp env (pe, St.setAmbient (st, And (orig, pp)))
-(fn (loc, e, p) =>
-Print.box [Print.PD.string
+val this = And (removeRedundant orig (St.ambient st'),
-(ErrorMsg.spanToString loc),
+Reln (Eq, [Var r, pe]))
-Print.PD.string ":",
+in
-Print.space,
+(St.setPaths (St.setAmbient (st', Or (St.ambient st, this)), origPaths),
-p_exp e,
+St.paths st' @ paths)
-Print.space,
+end) (St.setAmbient (st, False), []) pes
-Print.PD.string "in",
-Print.space,
+val st = case #1 res of
-p_prop p])
+TRecord [] => St.setPaths (st, origPaths)
-(List.take (#3 st', length (#3 st')
+| _ => St.setPaths (st, paths)
-- length (#3 st))))]*)
-val this = And (removeRedundant orig (St.ambient st'),
-Reln (Eq, [Var r, pe]))
-in
-St.setAmbient (st', Or (St.ambient st, this))
-end) (St.setAmbient (st, False)) pes
 in
 (Var r, St.setAmbient (st, And (orig, St.ambient st)))
 end
 | EStrcat (e1, e2) =>
 let
 val (st', r) = St.nextVar st
 val (st', acc) = St.nextVar st'
 val (b, st') = evalExp (Var acc :: Var r :: env) (b, st')
-val (st', qp, qwp, used) =
+val (st', qp, qwp, used, _) =
 queryProp env
 st' (fn st' =>
 let
 val (st', rv) = St.nextVar st'
 in
 p'))
 in
 (St.setAmbient (st, p), Var out)
 end
-val sent = map (fn (loc, e, p) => (loc, e, And (qp, p))) (St.sent st')
+val sent = map (fn ((loc, e, p), fl) => ((loc, e, And (qp, p)), fl)) (St.sent st')
 val p' = And (p', qwp)
-val sent = map (fn e => (loc, e, p')) used @ sent
+val paths = map (fn e => ((loc, e, p'), Where)) used
 in
-(res, St.setSent (st, sent))
+(res, St.addPaths (St.setSent (st, sent), paths))
 end
 | EDml _ => default ()
 | ENextval _ => default ()
 | ESetval _ => default ()
 Ambient = p})
 in
 (St.sent st @ vals, pols)
 end
-| DPolicy (PolClient e) => (vals, #2 (queryProp [] 0 (fn rvN => (rvN + 1, Lvar rvN))
+| DPolicy (PolClient e) =>
-(SomeCol (Var 0)) e) :: pols)
+let
+val (_, p, _, _, outs) = queryProp [] 0 (fn rvN => (rvN + 1, Lvar rvN)) SomeCol e
+in
+(vals, (p, outs) :: pols)
+end
 | _ => (vals, pols)
 val () = reset ()
 val (vals, pols) = foldl decl ([], []) file
 in
-app (fn (loc, e, p) =>
+app (fn ((loc, e, p), fl) =>
 let
 fun doOne e =
 let
 val p = And (p, Reln (Eq, [Var 0, e]))
 in
-if List.exists (fn pol => if imply (p, pol) then
+if decomp true (fn (e1, e2) => e1 andalso e2 ()) p
-(if !debug then
+(fn hyps =>
-Print.prefaces "Match"
+(fl <> Control Where
-[("Hyp", p_prop p),
+andalso imply (hyps, [AReln (Known, [Var 0])], [Var 0]))
-("Goal", p_prop pol)]
+orelse List.exists (fn (p', outs) =>
-else
+decomp false (fn (e1, e2) => e1 orelse e2 ()) p'
-();
+(fn goals => imply (hyps, goals, outs)))
-true)
+pols) then
-else
-false) pols then
 ()
 else
 (ErrorMsg.errorAt loc "The information flow policy may be violated here.";
 Print.preface ("The state satisifies this predicate:", p_prop p))
 end

Mercurial > urweb

comparison src/iflow.sml @ 1218:48d2ca496d2c