isabelle: src/Pure/General/secure.ML@712cb964d113 (annotated)

20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	1	(* Title: Pure/General/secure.ML
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	2	Author: Makarius
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	3
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	4	Secure critical operations.
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	5	*)
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	6
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	7	signature SECURE =
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	8	sig
20977 dbf1eca9b34e tuned signature; wenzelm parents: 20925 diff changeset	9	val set_secure: unit -> unit
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	10	val is_secure: unit -> bool
26080 d920e4c8ba82 export deny_secure; wenzelm parents: 25753 diff changeset	11	val deny_secure: string -> unit
31330 7bfbd0e07a40 export secure_mltext; wenzelm parents: 30672 diff changeset	12	val secure_mltext: unit -> unit
30672 beaadd5af500 more systematic type use_context, with particular values ML_Parse.global_context and ML_Context.local_context; wenzelm parents: 30625 diff changeset	13	val use_text: use_context -> int * string -> bool -> string -> unit
beaadd5af500 more systematic type use_context, with particular values ML_Parse.global_context and ML_Context.local_context; wenzelm parents: 30625 diff changeset	14	val use_file: use_context -> bool -> string -> unit
30625 d53d1a16d5ee replaced install_pp/make_pp by more general toplevel_pp based on use_text; wenzelm parents: 29606 diff changeset	15	val toplevel_pp: string list -> string -> unit
37239 54b444874be1 uniform ML environment setup for Isar and PG; wenzelm parents: 35010 diff changeset	16	val PG_setup: unit -> unit
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	17	val commit: unit -> unit
35010 d6e492cea6e4 renamed system/system_out to bash/bash_output -- to emphasized that this is really GNU bash, not some undefined POSIX sh; wenzelm parents: 32739 diff changeset	18	val bash_output: string -> string * int
d6e492cea6e4 renamed system/system_out to bash/bash_output -- to emphasized that this is really GNU bash, not some undefined POSIX sh; wenzelm parents: 32739 diff changeset	19	val bash: string -> int
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	20	end;
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	21
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	22	structure Secure: SECURE =
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	23	struct
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	24
20992 05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	25	( secure flag )
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	26
32738 15bb09ca0378 explicit indication of Unsynchronized.ref; wenzelm parents: 31473 diff changeset	27	val secure = Unsynchronized.ref false;
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	28
20977 dbf1eca9b34e tuned signature; wenzelm parents: 20925 diff changeset	29	fun set_secure () = secure := true;
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	30	fun is_secure () = ! secure;
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	31
22567 1565d476a9e2 removed assert/deny (avoid clash with Alice keywords and confusion due to strict evaluation); wenzelm parents: 22144 diff changeset	32	fun deny_secure msg = if is_secure () then error msg else ();
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	33
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	34
25753 99c9fc5e11f2 tuned spaces; wenzelm parents: 25703 diff changeset	35
20992 05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	36	( critical operations )
05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	37
05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	38	(* ML evaluation *)
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	39
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	40	fun secure_mltext () = deny_secure "Cannot evaluate ML source in secure mode";
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	41
30672 beaadd5af500 more systematic type use_context, with particular values ML_Parse.global_context and ML_Context.local_context; wenzelm parents: 30625 diff changeset	42	val raw_use_text = use_text;
beaadd5af500 more systematic type use_context, with particular values ML_Parse.global_context and ML_Context.local_context; wenzelm parents: 30625 diff changeset	43	val raw_use_file = use_file;
beaadd5af500 more systematic type use_context, with particular values ML_Parse.global_context and ML_Context.local_context; wenzelm parents: 30625 diff changeset	44	val raw_toplevel_pp = toplevel_pp;
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	45
30672 beaadd5af500 more systematic type use_context, with particular values ML_Parse.global_context and ML_Context.local_context; wenzelm parents: 30625 diff changeset	46	fun use_text context pos verbose txt = (secure_mltext (); raw_use_text context pos verbose txt);
beaadd5af500 more systematic type use_context, with particular values ML_Parse.global_context and ML_Context.local_context; wenzelm parents: 30625 diff changeset	47	fun use_file context verbose name = (secure_mltext (); raw_use_file context verbose name);
23922 707639e9497d marked some CRITICAL sections (for multithreading); wenzelm parents: 22567 diff changeset	48
30672 beaadd5af500 more systematic type use_context, with particular values ML_Parse.global_context and ML_Context.local_context; wenzelm parents: 30625 diff changeset	49	fun toplevel_pp path pp = (secure_mltext (); raw_toplevel_pp ML_Parse.global_context path pp);
30625 d53d1a16d5ee replaced install_pp/make_pp by more general toplevel_pp based on use_text; wenzelm parents: 29606 diff changeset	50
32739 31e75ad9ae17 open_unsynchronized for interactive Isar loop; wenzelm parents: 32738 diff changeset	51
31e75ad9ae17 open_unsynchronized for interactive Isar loop; wenzelm parents: 32738 diff changeset	52	(* global evaluation *)
31e75ad9ae17 open_unsynchronized for interactive Isar loop; wenzelm parents: 32738 diff changeset	53
31e75ad9ae17 open_unsynchronized for interactive Isar loop; wenzelm parents: 32738 diff changeset	54	val use_global = raw_use_text ML_Parse.global_context (0, "") false;
31e75ad9ae17 open_unsynchronized for interactive Isar loop; wenzelm parents: 32738 diff changeset	55
31e75ad9ae17 open_unsynchronized for interactive Isar loop; wenzelm parents: 32738 diff changeset	56	fun commit () = use_global "commit();"; (commit is dynamically bound!)
37239 54b444874be1 uniform ML environment setup for Isar and PG; wenzelm parents: 35010 diff changeset	57
38799 712cb964d113 structure Unsynchronized is never opened and set/reset/toggle have been discontinued; wenzelm parents: 37977 diff changeset	58	fun PG_setup () =
712cb964d113 structure Unsynchronized is never opened and set/reset/toggle have been discontinued; wenzelm parents: 37977 diff changeset	59	use_global "val change = Unsynchronized.change; structure ThyLoad = ProofGeneral.ThyLoad;";
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	60
20992 05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	61
05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	62	(* shell commands *)
05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	63
05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	64	fun secure_shell () = deny_secure "Cannot execute shell commands in secure mode";
05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	65
35010 d6e492cea6e4 renamed system/system_out to bash/bash_output -- to emphasized that this is really GNU bash, not some undefined POSIX sh; wenzelm parents: 32739 diff changeset	66	val orig_bash_output = bash_output;
20992 05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	67
35010 d6e492cea6e4 renamed system/system_out to bash/bash_output -- to emphasized that this is really GNU bash, not some undefined POSIX sh; wenzelm parents: 32739 diff changeset	68	fun bash_output s = (secure_shell (); orig_bash_output s);
26332 aa54cd3ddc9f system: writeln output, if available; wenzelm parents: 26220 diff changeset	69
35010 d6e492cea6e4 renamed system/system_out to bash/bash_output -- to emphasized that this is really GNU bash, not some undefined POSIX sh; wenzelm parents: 32739 diff changeset	70	fun bash s =
d6e492cea6e4 renamed system/system_out to bash/bash_output -- to emphasized that this is really GNU bash, not some undefined POSIX sh; wenzelm parents: 32739 diff changeset	71	(case bash_output s of
26332 aa54cd3ddc9f system: writeln output, if available; wenzelm parents: 26220 diff changeset	72	("", rc) => rc
aa54cd3ddc9f system: writeln output, if available; wenzelm parents: 26220 diff changeset	73	\| (out, rc) => (writeln (perhaps (try (unsuffix "\n")) out); rc));
20992 05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	74
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	75	end;
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	76
23978 6e8d5a05ffe8 added use_noncritical; wenzelm parents: 23922 diff changeset	77	(override previous toplevel bindings!)
21770 ea6f846d8c4b added use_file; wenzelm parents: 20992 diff changeset	78	val use_text = Secure.use_text;
ea6f846d8c4b added use_file; wenzelm parents: 20992 diff changeset	79	val use_file = Secure.use_file;
30672 beaadd5af500 more systematic type use_context, with particular values ML_Parse.global_context and ML_Context.local_context; wenzelm parents: 30625 diff changeset	80	fun use s = Secure.use_file ML_Parse.global_context true s
31473 fd341ca4b8de use: tuned error; wenzelm parents: 31330 diff changeset	81	handle ERROR msg => (writeln msg; error "ML error");
30625 d53d1a16d5ee replaced install_pp/make_pp by more general toplevel_pp based on use_text; wenzelm parents: 29606 diff changeset	82	val toplevel_pp = Secure.toplevel_pp;
35010 d6e492cea6e4 renamed system/system_out to bash/bash_output -- to emphasized that this is really GNU bash, not some undefined POSIX sh; wenzelm parents: 32739 diff changeset	83	val bash_output = Secure.bash_output;
d6e492cea6e4 renamed system/system_out to bash/bash_output -- to emphasized that this is really GNU bash, not some undefined POSIX sh; wenzelm parents: 32739 diff changeset	84	val bash = Secure.bash;

author	wenzelm
	Fri, 27 Aug 2010 14:14:08 +0200
changeset 38799	712cb964d113
parent 37977	3ceccd415145
child 40748	591b6778d076
permissions	-rw-r--r--