bool check_algo(struct algo* al, struct symtable *syms)
{
bool correct = true;
struct function* f = malloc(sizeof(struct function));
f->ret = find_type(syms->types, al->return_type);
struct declarations* decl = al->declarations;
if(decl != NULL)
{
struct param_decl* p_decl = decl->param_decl;
vardecllist_t loc = p_decl->local_param;
vardecllist_t glo = p_decl->global_param;
vardecllist_t vars = decl->var_decl;
typedecllist_t typelist = decl->type_decls;
constdecllist_t consts = decl->const_decls;
for(unsigned i =0; i < consts.size; ++i)
correct = correct && check_const(list_nth(consts,i), syms, true);
if(loc.size > 0)
correct = add_variables(syms, loc, false, false, false) && correct;
if(glo.size > 0)
correct = add_variables(syms, glo, false, true, false) && correct;
correct = add_types(syms, typelist) && correct;
correct = add_variables(syms, vars, false, false, false) && correct;
}
for(unsigned i = 0; i < al->instructions.size; i++)
if(!check_inst(list_nth(al->instructions, i), f->ret, syms))
correct = false;
remove_decls(syms, decl);
free(f);
return correct;
}
bool check_prog(struct prog* prog, struct symtable *syms)
{
bool correct = true;
fill_std_types(syms);
fill_std_fun(syms);
constdecllist_t consts = prog->entry_point->const_decls;
for(unsigned i =0; i < consts.size; ++i)
correct = correct && check_const(list_nth(consts,i), syms, true);
correct = correct && add_types(syms, prog->entry_point->type_decls);
correct = correct && add_variables(syms, prog->entry_point->var_decl, true, false, false);
for(unsigned i = 0; i < prog->algos.size; ++i)
{
struct algo* al = list_nth(prog->algos, i);
struct function* f = malloc(sizeof(struct function));
f->ident = al->ident;
f->ret = find_type(syms->types, al->return_type);
f->arg = get_args(al->declarations->param_decl, syms);
add_function(syms->functions, f);
}
for (unsigned i = 0; i < prog->entry_point->instructions.size; ++i)
if (!check_inst(
prog->entry_point->instructions.data[i],
find_type(syms->types, TYPE_INT), syms))
correct = false;
for(unsigned i = 0; i < prog->algos.size; ++i)
{
struct algo* al = list_nth(prog->algos, i);
if (!check_algo(al, syms))
correct = false;
}
return correct;
}
void satcheck_minisat1_baset::lcnf(const bvt &bv)
{
bvt new_bv;
if(process_clause(bv, new_bv))
return;
// Minisat can't do empty clauses
if(new_bv.empty())
{
empty_clause_added=true;
return;
}
add_variables();
vec<Lit> c;
convert(new_bv, c);
for(unsigned i=0; i<new_bv.size(); i++)
assert(new_bv[i].var_no()<(unsigned)solver->nVars());
solver->addClause(c);
clause_counter++;
}
propt::resultt satcheck_minisat1_baset::prop_solve()
{
assert(status!=ERROR);
{
std::string msg=
i2string(_no_variables)+" variables, "+
i2string(solver->nClauses())+" clauses";
messaget::status(msg);
}
add_variables();
solver->simplifyDB();
std::string msg;
if(empty_clause_added)
{
msg="empty clause: negated claim is UNSATISFIABLE, i.e., holds";
}
else if(!solver->okay())
{
msg="SAT checker inconsistent: negated claim is UNSATISFIABLE, i.e., holds";
}
else
{
vec<Lit> MiniSat_assumptions;
convert(assumptions, MiniSat_assumptions);
if(solver->solve(MiniSat_assumptions))
{
msg="SAT checker: negated claim is SATISFIABLE, i.e., does not hold";
messaget::status(msg);
status=SAT;
return P_SATISFIABLE;
}
else
msg="SAT checker: negated claim is UNSATISFIABLE, i.e., holds";
}
messaget::status(msg);
status=UNSAT;
return P_UNSATISFIABLE;
}
/*
* process_request_msg -- process the request that should nominally be
* received from the client over the socket.
* The request is a pseudo-credential, which is close enough
* to the real thing that keynote can parse it and verify it.
* The request has as the authoriser the key of the client
* (and is signed by that key).
* There is no licensees per se, we use the word 'REQUEST' as
* a placeholder and so that the server can confirm that this
* is a request, not a credential.
*
* The conditions are *assignments*. This is were it stops
* looking like a real credential. We read these in as state
* variables for the keynote session (actions).
*
* Processing takes these steps:
* a) verify the request (i.e. that it signed by the authorizer)
* b) extract the authorizer key and feed it into keynote as
* the action authorizer (the key that makes the request)
* c) extract the state variables from the request and feed
* them into keynote.
*
* If all goes OK, we return 0, otherwise a negative number.
*/
int
process_request_msg(int sessionid, char *rbuf, int rlen)
{
int n;
int rval;
char **assertlist;
struct assertion *assertp;
char *vps;
char *vpe;
char c;
if ((assertlist = kn_read_asserts(rbuf, rlen, &n)) == NULL) {
fprintf(stderr, "Out of memory while allocating memory for "
"request.\n");
return(-1);
}
if (n != 1) {
fprintf(stderr, "Request must haev only one assetion\n");
return(-1);
}
if (kn_verify_assertion(assertlist[0], strlen(assertlist[0])) < 0) {
switch (keynote_errno)
{
case ERROR_MEMORY:
fprintf(stderr,
"Out of memory while parsing request.\n");
break;
case ERROR_SYNTAX:
fprintf(stderr,
"Syntax error while parsing request.\n");
break;
default:
fprintf(stderr,
"Unknown error while parsing request.\n");
}
return(-1);
}
/*
* verified, so now we use an internal keynote routine to
* parse the request pseudo-credential and extract the
* authoriser key and the variables.
*/
if ((assertp = keynote_parse_assertion(rbuf, rlen, 0)) == NULL) {
fprintf(stderr, "keynote_parse_assertion failed\n");
return(-1);
}
/*
* we now extract the authoriser key from the request and add it to the
* keynote database. This is to ensure that the key which signed the
* request is the authorizer key for this session.
*/
if ((rval = add_authorizer(sessionid, assertp->as_authorizer_string_s,
assertp->as_authorizer_string_e)) < 0) {
fprintf(stderr, "add_authorizer failed\n");
return(-1);
}
/*
* we now extract the variables from the request and insert them into
* the Keynote database
*
* Why do we trust the variables given to us by the client?
* we have added variables to the root policy (e.g. app_domain,
* nonce, date, etc) from our offer, in order to ensure that
* the request refers to *our* offer.
*/
vps = assertp->as_conditions_s;
vpe = assertp->as_conditions_e;
c = *vpe;
*vpe = '\0';
if ((rval = add_variables(sessionid, vps)) < 0) {
fprintf(stderr, "add_variable, returned %d\n", rval);
return(-1);
}
*vpe = c;
return(0);
}
