isabelle: src/Pure/General/secure.ML@e46acc0ea1fe (annotated)

20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	1	(* Title: Pure/General/secure.ML
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	2	Author: Makarius
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	3
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	4	Secure critical operations.
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	5	*)
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	6
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	7	signature SECURE =
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	8	sig
20977 dbf1eca9b34e tuned signature; wenzelm parents: 20925 diff changeset	9	val set_secure: unit -> unit
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	10	val is_secure: unit -> bool
26080 d920e4c8ba82 export deny_secure; wenzelm parents: 25753 diff changeset	11	val deny_secure: string -> unit
31330 7bfbd0e07a40 export secure_mltext; wenzelm parents: 30672 diff changeset	12	val secure_mltext: unit -> unit
30672 beaadd5af500 more systematic type use_context, with particular values ML_Parse.global_context and ML_Context.local_context; wenzelm parents: 30625 diff changeset	13	val use_text: use_context -> int * string -> bool -> string -> unit
beaadd5af500 more systematic type use_context, with particular values ML_Parse.global_context and ML_Context.local_context; wenzelm parents: 30625 diff changeset	14	val use_file: use_context -> bool -> string -> unit
30625 d53d1a16d5ee replaced install_pp/make_pp by more general toplevel_pp based on use_text; wenzelm parents: 29606 diff changeset	15	val toplevel_pp: string list -> string -> unit
37239 54b444874be1 uniform ML environment setup for Isar and PG; wenzelm parents: 35010 diff changeset	16	val Isar_setup: unit -> unit
54b444874be1 uniform ML environment setup for Isar and PG; wenzelm parents: 35010 diff changeset	17	val PG_setup: unit -> unit
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	18	val commit: unit -> unit
35010 d6e492cea6e4 renamed system/system_out to bash/bash_output -- to emphasized that this is really GNU bash, not some undefined POSIX sh; wenzelm parents: 32739 diff changeset	19	val bash_output: string -> string * int
d6e492cea6e4 renamed system/system_out to bash/bash_output -- to emphasized that this is really GNU bash, not some undefined POSIX sh; wenzelm parents: 32739 diff changeset	20	val bash: string -> int
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	21	end;
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	22
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	23	structure Secure: SECURE =
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	24	struct
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	25
20992 05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	26	( secure flag )
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	27
32738 15bb09ca0378 explicit indication of Unsynchronized.ref; wenzelm parents: 31473 diff changeset	28	val secure = Unsynchronized.ref false;
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	29
20977 dbf1eca9b34e tuned signature; wenzelm parents: 20925 diff changeset	30	fun set_secure () = secure := true;
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	31	fun is_secure () = ! secure;
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	32
22567 1565d476a9e2 removed assert/deny (avoid clash with Alice keywords and confusion due to strict evaluation); wenzelm parents: 22144 diff changeset	33	fun deny_secure msg = if is_secure () then error msg else ();
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	34
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	35
25753 99c9fc5e11f2 tuned spaces; wenzelm parents: 25703 diff changeset	36
20992 05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	37	( critical operations )
05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	38
05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	39	(* ML evaluation *)
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	40
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	41	fun secure_mltext () = deny_secure "Cannot evaluate ML source in secure mode";
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	42
30672 beaadd5af500 more systematic type use_context, with particular values ML_Parse.global_context and ML_Context.local_context; wenzelm parents: 30625 diff changeset	43	val raw_use_text = use_text;
beaadd5af500 more systematic type use_context, with particular values ML_Parse.global_context and ML_Context.local_context; wenzelm parents: 30625 diff changeset	44	val raw_use_file = use_file;
beaadd5af500 more systematic type use_context, with particular values ML_Parse.global_context and ML_Context.local_context; wenzelm parents: 30625 diff changeset	45	val raw_toplevel_pp = toplevel_pp;
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	46
30672 beaadd5af500 more systematic type use_context, with particular values ML_Parse.global_context and ML_Context.local_context; wenzelm parents: 30625 diff changeset	47	fun use_text context pos verbose txt = (secure_mltext (); raw_use_text context pos verbose txt);
beaadd5af500 more systematic type use_context, with particular values ML_Parse.global_context and ML_Context.local_context; wenzelm parents: 30625 diff changeset	48	fun use_file context verbose name = (secure_mltext (); raw_use_file context verbose name);
23922 707639e9497d marked some CRITICAL sections (for multithreading); wenzelm parents: 22567 diff changeset	49
30672 beaadd5af500 more systematic type use_context, with particular values ML_Parse.global_context and ML_Context.local_context; wenzelm parents: 30625 diff changeset	50	fun toplevel_pp path pp = (secure_mltext (); raw_toplevel_pp ML_Parse.global_context path pp);
30625 d53d1a16d5ee replaced install_pp/make_pp by more general toplevel_pp based on use_text; wenzelm parents: 29606 diff changeset	51
32739 31e75ad9ae17 open_unsynchronized for interactive Isar loop; wenzelm parents: 32738 diff changeset	52
31e75ad9ae17 open_unsynchronized for interactive Isar loop; wenzelm parents: 32738 diff changeset	53	(* global evaluation *)
31e75ad9ae17 open_unsynchronized for interactive Isar loop; wenzelm parents: 32738 diff changeset	54
31e75ad9ae17 open_unsynchronized for interactive Isar loop; wenzelm parents: 32738 diff changeset	55	val use_global = raw_use_text ML_Parse.global_context (0, "") false;
31e75ad9ae17 open_unsynchronized for interactive Isar loop; wenzelm parents: 32738 diff changeset	56
31e75ad9ae17 open_unsynchronized for interactive Isar loop; wenzelm parents: 32738 diff changeset	57	fun commit () = use_global "commit();"; (commit is dynamically bound!)
37239 54b444874be1 uniform ML environment setup for Isar and PG; wenzelm parents: 35010 diff changeset	58
54b444874be1 uniform ML environment setup for Isar and PG; wenzelm parents: 35010 diff changeset	59	fun Isar_setup () = use_global "open Unsynchronized;";
37977 3ceccd415145 simplified/clarified theory loader: more explicit task management, kill old versions at start, commit results only in the very end, non-optional master dependency, do not store text in deps; wenzelm parents: 37239 diff changeset	60	fun PG_setup () = use_global "structure ThyLoad = ProofGeneral.ThyLoad;";
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	61
20992 05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	62
05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	63	(* shell commands *)
05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	64
05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	65	fun secure_shell () = deny_secure "Cannot execute shell commands in secure mode";
05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	66
35010 d6e492cea6e4 renamed system/system_out to bash/bash_output -- to emphasized that this is really GNU bash, not some undefined POSIX sh; wenzelm parents: 32739 diff changeset	67	val orig_bash_output = bash_output;
20992 05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	68
35010 d6e492cea6e4 renamed system/system_out to bash/bash_output -- to emphasized that this is really GNU bash, not some undefined POSIX sh; wenzelm parents: 32739 diff changeset	69	fun bash_output s = (secure_shell (); orig_bash_output s);
26332 aa54cd3ddc9f system: writeln output, if available; wenzelm parents: 26220 diff changeset	70
35010 d6e492cea6e4 renamed system/system_out to bash/bash_output -- to emphasized that this is really GNU bash, not some undefined POSIX sh; wenzelm parents: 32739 diff changeset	71	fun bash s =
d6e492cea6e4 renamed system/system_out to bash/bash_output -- to emphasized that this is really GNU bash, not some undefined POSIX sh; wenzelm parents: 32739 diff changeset	72	(case bash_output s of
26332 aa54cd3ddc9f system: writeln output, if available; wenzelm parents: 26220 diff changeset	73	("", rc) => rc
aa54cd3ddc9f system: writeln output, if available; wenzelm parents: 26220 diff changeset	74	\| (out, rc) => (writeln (perhaps (try (unsuffix "\n")) out); rc));
20992 05c3703cc6c5 added execute/system; wenzelm parents: 20977 diff changeset	75
20925 2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	76	end;
2d19e511fe2c Secure critical operations. wenzelm parents: diff changeset	77
23978 6e8d5a05ffe8 added use_noncritical; wenzelm parents: 23922 diff changeset	78	(override previous toplevel bindings!)
21770 ea6f846d8c4b added use_file; wenzelm parents: 20992 diff changeset	79	val use_text = Secure.use_text;
ea6f846d8c4b added use_file; wenzelm parents: 20992 diff changeset	80	val use_file = Secure.use_file;
30672 beaadd5af500 more systematic type use_context, with particular values ML_Parse.global_context and ML_Context.local_context; wenzelm parents: 30625 diff changeset	81	fun use s = Secure.use_file ML_Parse.global_context true s
31473 fd341ca4b8de use: tuned error; wenzelm parents: 31330 diff changeset	82	handle ERROR msg => (writeln msg; error "ML error");
30625 d53d1a16d5ee replaced install_pp/make_pp by more general toplevel_pp based on use_text; wenzelm parents: 29606 diff changeset	83	val toplevel_pp = Secure.toplevel_pp;
35010 d6e492cea6e4 renamed system/system_out to bash/bash_output -- to emphasized that this is really GNU bash, not some undefined POSIX sh; wenzelm parents: 32739 diff changeset	84	val bash_output = Secure.bash_output;
d6e492cea6e4 renamed system/system_out to bash/bash_output -- to emphasized that this is really GNU bash, not some undefined POSIX sh; wenzelm parents: 32739 diff changeset	85	val bash = Secure.bash;

author	hoelzl
	Thu, 26 Aug 2010 18:41:54 +0200
changeset 39083	e46acc0ea1fe
parent 37977	3ceccd415145
child 38799	712cb964d113
permissions	-rw-r--r--