bool check_algo(struct algo* al, struct symtable *syms) { bool correct = true; struct function* f = malloc(sizeof(struct function)); f->ret = find_type(syms->types, al->return_type); struct declarations* decl = al->declarations; if(decl != NULL) { struct param_decl* p_decl = decl->param_decl; vardecllist_t loc = p_decl->local_param; vardecllist_t glo = p_decl->global_param; vardecllist_t vars = decl->var_decl; typedecllist_t typelist = decl->type_decls; constdecllist_t consts = decl->const_decls; for(unsigned i =0; i < consts.size; ++i) correct = correct && check_const(list_nth(consts,i), syms, true); if(loc.size > 0) correct = add_variables(syms, loc, false, false, false) && correct; if(glo.size > 0) correct = add_variables(syms, glo, false, true, false) && correct; correct = add_types(syms, typelist) && correct; correct = add_variables(syms, vars, false, false, false) && correct; } for(unsigned i = 0; i < al->instructions.size; i++) if(!check_inst(list_nth(al->instructions, i), f->ret, syms)) correct = false; remove_decls(syms, decl); free(f); return correct; }
bool check_prog(struct prog* prog, struct symtable *syms) { bool correct = true; fill_std_types(syms); fill_std_fun(syms); constdecllist_t consts = prog->entry_point->const_decls; for(unsigned i =0; i < consts.size; ++i) correct = correct && check_const(list_nth(consts,i), syms, true); correct = correct && add_types(syms, prog->entry_point->type_decls); correct = correct && add_variables(syms, prog->entry_point->var_decl, true, false, false); for(unsigned i = 0; i < prog->algos.size; ++i) { struct algo* al = list_nth(prog->algos, i); struct function* f = malloc(sizeof(struct function)); f->ident = al->ident; f->ret = find_type(syms->types, al->return_type); f->arg = get_args(al->declarations->param_decl, syms); add_function(syms->functions, f); } for (unsigned i = 0; i < prog->entry_point->instructions.size; ++i) if (!check_inst( prog->entry_point->instructions.data[i], find_type(syms->types, TYPE_INT), syms)) correct = false; for(unsigned i = 0; i < prog->algos.size; ++i) { struct algo* al = list_nth(prog->algos, i); if (!check_algo(al, syms)) correct = false; } return correct; }
void satcheck_minisat1_baset::lcnf(const bvt &bv) { bvt new_bv; if(process_clause(bv, new_bv)) return; // Minisat can't do empty clauses if(new_bv.empty()) { empty_clause_added=true; return; } add_variables(); vec<Lit> c; convert(new_bv, c); for(unsigned i=0; i<new_bv.size(); i++) assert(new_bv[i].var_no()<(unsigned)solver->nVars()); solver->addClause(c); clause_counter++; }
propt::resultt satcheck_minisat1_baset::prop_solve() { assert(status!=ERROR); { std::string msg= i2string(_no_variables)+" variables, "+ i2string(solver->nClauses())+" clauses"; messaget::status(msg); } add_variables(); solver->simplifyDB(); std::string msg; if(empty_clause_added) { msg="empty clause: negated claim is UNSATISFIABLE, i.e., holds"; } else if(!solver->okay()) { msg="SAT checker inconsistent: negated claim is UNSATISFIABLE, i.e., holds"; } else { vec<Lit> MiniSat_assumptions; convert(assumptions, MiniSat_assumptions); if(solver->solve(MiniSat_assumptions)) { msg="SAT checker: negated claim is SATISFIABLE, i.e., does not hold"; messaget::status(msg); status=SAT; return P_SATISFIABLE; } else msg="SAT checker: negated claim is UNSATISFIABLE, i.e., holds"; } messaget::status(msg); status=UNSAT; return P_UNSATISFIABLE; }
/* * process_request_msg -- process the request that should nominally be * received from the client over the socket. * The request is a pseudo-credential, which is close enough * to the real thing that keynote can parse it and verify it. * The request has as the authoriser the key of the client * (and is signed by that key). * There is no licensees per se, we use the word 'REQUEST' as * a placeholder and so that the server can confirm that this * is a request, not a credential. * * The conditions are *assignments*. This is were it stops * looking like a real credential. We read these in as state * variables for the keynote session (actions). * * Processing takes these steps: * a) verify the request (i.e. that it signed by the authorizer) * b) extract the authorizer key and feed it into keynote as * the action authorizer (the key that makes the request) * c) extract the state variables from the request and feed * them into keynote. * * If all goes OK, we return 0, otherwise a negative number. */ int process_request_msg(int sessionid, char *rbuf, int rlen) { int n; int rval; char **assertlist; struct assertion *assertp; char *vps; char *vpe; char c; if ((assertlist = kn_read_asserts(rbuf, rlen, &n)) == NULL) { fprintf(stderr, "Out of memory while allocating memory for " "request.\n"); return(-1); } if (n != 1) { fprintf(stderr, "Request must haev only one assetion\n"); return(-1); } if (kn_verify_assertion(assertlist[0], strlen(assertlist[0])) < 0) { switch (keynote_errno) { case ERROR_MEMORY: fprintf(stderr, "Out of memory while parsing request.\n"); break; case ERROR_SYNTAX: fprintf(stderr, "Syntax error while parsing request.\n"); break; default: fprintf(stderr, "Unknown error while parsing request.\n"); } return(-1); } /* * verified, so now we use an internal keynote routine to * parse the request pseudo-credential and extract the * authoriser key and the variables. */ if ((assertp = keynote_parse_assertion(rbuf, rlen, 0)) == NULL) { fprintf(stderr, "keynote_parse_assertion failed\n"); return(-1); } /* * we now extract the authoriser key from the request and add it to the * keynote database. This is to ensure that the key which signed the * request is the authorizer key for this session. */ if ((rval = add_authorizer(sessionid, assertp->as_authorizer_string_s, assertp->as_authorizer_string_e)) < 0) { fprintf(stderr, "add_authorizer failed\n"); return(-1); } /* * we now extract the variables from the request and insert them into * the Keynote database * * Why do we trust the variables given to us by the client? * we have added variables to the root policy (e.g. app_domain, * nonce, date, etc) from our offer, in order to ensure that * the request refers to *our* offer. */ vps = assertp->as_conditions_s; vpe = assertp->as_conditions_e; c = *vpe; *vpe = '\0'; if ((rval = add_variables(sessionid, vps)) < 0) { fprintf(stderr, "add_variable, returned %d\n", rval); return(-1); } *vpe = c; return(0); }