a few updates for printing and a shell script to process sequentially

Author: AnoudAlshnakat

hol/policy_to_table/bdd_cake_trans/apply_trans_to_IOLib.sig

@@ -3,5 +3,6 @@ sig
   include Abbrev
 
    val sptrees_gen_bdds_policy_and_table : term * term * term -> (term * term * term)
+   val time_stage : string * Timer.cpu_timer * Timer.real_timer -> {sys: Time.time, usr: Time.time} * Time.time
 
 end

hol/policy_to_table/bdd_cake_trans/apply_trans_to_IOLib.sml

@@ -0,0 +1,5 @@
+#!/bin/bash
+for file in *Script.sml; do
+    base=$(basename "$file" Script.sml)
+    Holmake "${base}Theory.uo"
+done

hol/policy_to_table/bdd_cake_trans/internet_firewall_policies/build_sequential.sh

@@ -82,7 +82,7 @@ val policy_order = “["is_srcPort_le_57222"; "is_srcPort_ge_57222"; "is_dstPort
 
 
 
-val _ = sptrees_fwd_proofLib.sptrees_convert_arith_policy_to_interval_tables (arith_policy, policy_me, test_pd_type, policy_full_order, policy_order)
+val final_thm_res = sptrees_fwd_proofLib.sptrees_convert_arith_policy_to_interval_tables (arith_policy, policy_me, test_pd_type, policy_full_order, policy_order)
 
 
 val _ = export_theory ();

hol/policy_to_table/bdd_cake_trans/internet_firewall_policies/internet_firewall_1Script.sml

@@ -0,0 +1,119 @@
+open HolKernel boolLib liteLib simpLib Parse bossLib;
+
+open policy_arith_to_varTheory;
+
+open bdd_utilsLib;
+open sptrees_fwd_proofLib;
+
+
+val _ = new_theory "internet_firewall_2";
+
+val _ = type_abbrev("single_rule", “:((string# num list) action_expr) arith_rule”);
+
+val test_pd_type = “[("h", type_record [("srcPort", type_length 16);
+                                        ("dstPort", type_length 16);
+                                        ("srcNAT", type_length 16);
+                                        ("dstNAT", type_length 16)])]”;
+
+(************************************************)
+
+(* rule 1 *)
+
+val is_srcPort_le_57222 = “(arithm_le (lv_acc (lv_x "h") "srcPort") ^(bdd_utilsLib.make_bv 57222 16))”;
+val is_srcPort_ge_57222 = “(arithm_ge (lv_acc (lv_x "h") "srcPort") ^(bdd_utilsLib.make_bv 57222 16))”;
+
+val is_dstPort_le_53 = “(arithm_le (lv_acc (lv_x "h") "dstPort") ^(bdd_utilsLib.make_bv 53 16))”;
+val is_dstPort_ge_53 = “(arithm_ge (lv_acc (lv_x "h") "dstPort") ^(bdd_utilsLib.make_bv 53 16))”;
+
+val is_srcNAT_le_54587 = “(arithm_le (lv_acc (lv_x "h") "srcNAT") ^(bdd_utilsLib.make_bv 54587 16))”;
+val is_srcNAT_ge_54587 = “(arithm_ge (lv_acc (lv_x "h") "srcNAT") ^(bdd_utilsLib.make_bv 54587 16))”;
+
+val is_dstNAT_le_53 = “(arithm_le (lv_acc (lv_x "h") "dstNAT") ^(bdd_utilsLib.make_bv 53 16))”;
+val is_dstNAT_ge_53 = “(arithm_ge (lv_acc (lv_x "h") "dstNAT") ^(bdd_utilsLib.make_bv 53 16))”;
+
+
+val arith_policy_rule1 = “((arith_and (arith_a ^is_srcPort_le_57222)
+                          (arith_and (arith_a ^is_srcPort_ge_57222)
+                          (arith_and (arith_a ^is_dstPort_le_53)
+                          (arith_and (arith_a ^is_dstPort_ge_53)
+                          (arith_and (arith_a ^is_srcNAT_le_54587)
+                          (arith_and (arith_a ^is_srcNAT_ge_54587)
+                          (arith_and (arith_a ^is_dstNAT_le_53)
+                                   (arith_a ^is_dstNAT_ge_53)))))))) ,
+                           action ("allow",[1])):single_rule”;
+
+(* rule 2 *)
+
+val is_srcPort_le_56258 = “(arithm_le (lv_acc (lv_x "h") "srcPort") ^(bdd_utilsLib.make_bv 56258 16))”;
+val is_srcPort_ge_56258 = “(arithm_ge (lv_acc (lv_x "h") "srcPort") ^(bdd_utilsLib.make_bv 56258 16))”;
+
+val is_dstPort_le_3389 = “(arithm_le (lv_acc (lv_x "h") "dstPort") ^(bdd_utilsLib.make_bv 3389 16))”;
+val is_dstPort_ge_3389 = “(arithm_ge (lv_acc (lv_x "h") "dstPort") ^(bdd_utilsLib.make_bv 3389 16))”;
+
+val is_srcNAT_le_56258 = “(arithm_le (lv_acc (lv_x "h") "srcNAT") ^(bdd_utilsLib.make_bv 56258 16))”;
+val is_srcNAT_ge_56258 = “(arithm_ge (lv_acc (lv_x "h") "srcNAT") ^(bdd_utilsLib.make_bv 56258 16))”;
+
+val is_dstNAT_le_3389 = “(arithm_le (lv_acc (lv_x "h") "dstNAT") ^(bdd_utilsLib.make_bv 3389 16))”;
+val is_dstNAT_ge_3389 = “(arithm_ge (lv_acc (lv_x "h") "dstNAT") ^(bdd_utilsLib.make_bv 3389 16))”;
+
+
+val arith_policy_rule2 = “((arith_and (arith_a ^is_srcPort_le_56258)
+                          (arith_and (arith_a ^is_srcPort_ge_56258)
+                          (arith_and (arith_a ^is_dstPort_le_3389)
+                          (arith_and (arith_a ^is_dstPort_ge_3389)
+                          (arith_and (arith_a ^is_srcNAT_le_56258)
+                          (arith_and (arith_a ^is_srcNAT_ge_56258)
+                          (arith_and (arith_a ^is_dstNAT_le_3389)
+                                   (arith_a ^is_dstNAT_ge_3389)))))))) ,
+                           action ("allow",[1])):single_rule”;
+
+(* Default policy rule *)
+val arith_policy_rule_default = “(arith_a a_True, action ("drop", [])):single_rule”;
+
+(* Combined arith policy list *)
+val arith_policy = “[
+    ^arith_policy_rule1;
+    ^arith_policy_rule2;
+    ^arith_policy_rule_default
+]:single_rule list”;
+
+
+
+(* Combined policy mapping *)
+val policy_me =   “[
+    ("is_srcPort_le_57222", ^is_srcPort_le_57222);
+    ("is_srcPort_ge_57222", ^is_srcPort_ge_57222);
+    ("is_dstPort_le_53", ^is_dstPort_le_53);
+    ("is_dstPort_ge_53", ^is_dstPort_ge_53);
+    ("is_srcNAT_le_54587", ^is_srcNAT_le_54587);
+    ("is_srcNAT_ge_54587", ^is_srcNAT_ge_54587);
+    ("is_dstNAT_le_53", ^is_dstNAT_le_53);
+    ("is_dstNAT_ge_53", ^is_dstNAT_ge_53);
+    ("is_srcPort_le_56258", ^is_srcPort_le_56258);
+    ("is_srcPort_ge_56258", ^is_srcPort_ge_56258);
+    ("is_dstPort_le_3389", ^is_dstPort_le_3389);
+    ("is_dstPort_ge_3389", ^is_dstPort_ge_3389);
+    ("is_srcNAT_le_56258", ^is_srcNAT_le_56258);
+    ("is_srcNAT_ge_56258", ^is_srcNAT_ge_56258);
+    ("is_dstNAT_le_3389", ^is_dstNAT_le_3389);
+    ("is_dstNAT_ge_3389", ^is_dstNAT_ge_3389);
+]”;
+
+(* Grouped policy ordering *)
+val policy_full_order = “[
+  ("srcPortGrp",["is_srcPort_le_57222";"is_srcPort_ge_57222";"is_srcPort_le_56258";"is_srcPort_ge_56258"]);
+  ("dstPortGrp",["is_dstPort_le_53";"is_dstPort_ge_53";"is_dstPort_le_3389";"is_dstPort_ge_3389"]);
+  ("srcNATGrp" ,["is_srcNAT_le_54587";"is_srcNAT_ge_54587";"is_srcNAT_le_56258";"is_srcNAT_ge_56258"]);
+  ("dstNATGrp" ,["is_dstNAT_le_53";"is_dstNAT_ge_53";"is_dstNAT_le_3389";"is_dstNAT_ge_3389"])
+]”;
+
+(* Flat policy order (grouped) *)
+val policy_order = “["is_srcPort_le_57222"; "is_srcPort_ge_57222"; "is_srcPort_le_56258"; "is_srcPort_ge_56258"; "is_dstPort_le_53"; "is_dstPort_ge_53"; "is_dstPort_le_3389"; "is_dstPort_ge_3389"; "is_srcNAT_le_54587"; "is_srcNAT_ge_54587"; "is_srcNAT_le_56258"; "is_srcNAT_ge_56258"; "is_dstNAT_le_53"; "is_dstNAT_ge_53"; "is_dstNAT_le_3389"; "is_dstNAT_ge_3389"]”;
+
+
+(***********************************************)
+
+val final_thm_res = sptrees_fwd_proofLib.sptrees_convert_arith_policy_to_interval_tables (arith_policy, policy_me, test_pd_type, policy_full_order, policy_order)
+
+
+val _ = export_theory ();

hol/policy_to_table/bdd_cake_trans/internet_firewall_policies/internet_firewall_2Script.sml

@@ -0,0 +1,153 @@
+open HolKernel boolLib liteLib simpLib Parse bossLib;
+
+open policy_arith_to_varTheory;
+
+open bdd_utilsLib;
+open sptrees_fwd_proofLib;
+
+
+val _ = new_theory "internet_firewall_3";
+
+val _ = type_abbrev("single_rule", “:((string# num list) action_expr) arith_rule”);
+ 
+val test_pd_type = “[("h", type_record [("srcPort", type_length 16);
+                                        ("dstPort", type_length 16);
+                                        ("srcNAT", type_length 16);
+                                        ("dstNAT", type_length 16)])]”;
+
+(************************************************)
+
+(* rule 1 *)
+
+val is_srcPort_le_57222 = “(arithm_le (lv_acc (lv_x "h") "srcPort") ^(bdd_utilsLib.make_bv 57222 16))”;
+val is_srcPort_ge_57222 = “(arithm_ge (lv_acc (lv_x "h") "srcPort") ^(bdd_utilsLib.make_bv 57222 16))”;
+
+val is_dstPort_le_53 = “(arithm_le (lv_acc (lv_x "h") "dstPort") ^(bdd_utilsLib.make_bv 53 16))”;
+val is_dstPort_ge_53 = “(arithm_ge (lv_acc (lv_x "h") "dstPort") ^(bdd_utilsLib.make_bv 53 16))”;
+
+val is_srcNAT_le_54587 = “(arithm_le (lv_acc (lv_x "h") "srcNAT") ^(bdd_utilsLib.make_bv 54587 16))”;
+val is_srcNAT_ge_54587 = “(arithm_ge (lv_acc (lv_x "h") "srcNAT") ^(bdd_utilsLib.make_bv 54587 16))”;
+
+val is_dstNAT_le_53 = “(arithm_le (lv_acc (lv_x "h") "dstNAT") ^(bdd_utilsLib.make_bv 53 16))”;
+val is_dstNAT_ge_53 = “(arithm_ge (lv_acc (lv_x "h") "dstNAT") ^(bdd_utilsLib.make_bv 53 16))”;
+
+
+val arith_policy_rule1 = “((arith_and (arith_a ^is_srcPort_le_57222)
+                          (arith_and (arith_a ^is_srcPort_ge_57222)
+                          (arith_and (arith_a ^is_dstPort_le_53)
+                          (arith_and (arith_a ^is_dstPort_ge_53)
+                          (arith_and (arith_a ^is_srcNAT_le_54587)
+                          (arith_and (arith_a ^is_srcNAT_ge_54587)
+                          (arith_and (arith_a ^is_dstNAT_le_53)
+                                   (arith_a ^is_dstNAT_ge_53)))))))) ,
+                           action ("allow",[1])):single_rule”;
+
+(* rule 2 *)
+
+val is_srcPort_le_56258 = “(arithm_le (lv_acc (lv_x "h") "srcPort") ^(bdd_utilsLib.make_bv 56258 16))”;
+val is_srcPort_ge_56258 = “(arithm_ge (lv_acc (lv_x "h") "srcPort") ^(bdd_utilsLib.make_bv 56258 16))”;
+
+val is_dstPort_le_3389 = “(arithm_le (lv_acc (lv_x "h") "dstPort") ^(bdd_utilsLib.make_bv 3389 16))”;
+val is_dstPort_ge_3389 = “(arithm_ge (lv_acc (lv_x "h") "dstPort") ^(bdd_utilsLib.make_bv 3389 16))”;
+
+val is_srcNAT_le_56258 = “(arithm_le (lv_acc (lv_x "h") "srcNAT") ^(bdd_utilsLib.make_bv 56258 16))”;
+val is_srcNAT_ge_56258 = “(arithm_ge (lv_acc (lv_x "h") "srcNAT") ^(bdd_utilsLib.make_bv 56258 16))”;
+
+val is_dstNAT_le_3389 = “(arithm_le (lv_acc (lv_x "h") "dstNAT") ^(bdd_utilsLib.make_bv 3389 16))”;
+val is_dstNAT_ge_3389 = “(arithm_ge (lv_acc (lv_x "h") "dstNAT") ^(bdd_utilsLib.make_bv 3389 16))”;
+
+
+val arith_policy_rule2 = “((arith_and (arith_a ^is_srcPort_le_56258)
+                          (arith_and (arith_a ^is_srcPort_ge_56258)
+                          (arith_and (arith_a ^is_dstPort_le_3389)
+                          (arith_and (arith_a ^is_dstPort_ge_3389)
+                          (arith_and (arith_a ^is_srcNAT_le_56258)
+                          (arith_and (arith_a ^is_srcNAT_ge_56258)
+                          (arith_and (arith_a ^is_dstNAT_le_3389)
+                                   (arith_a ^is_dstNAT_ge_3389)))))))) ,
+                           action ("allow",[1])):single_rule”;
+
+(* rule 3 *)
+
+val is_srcPort_le_6881 = “(arithm_le (lv_acc (lv_x "h") "srcPort") ^(bdd_utilsLib.make_bv 6881 16))”;
+val is_srcPort_ge_6881 = “(arithm_ge (lv_acc (lv_x "h") "srcPort") ^(bdd_utilsLib.make_bv 6881 16))”;
+
+val is_dstPort_le_50321 = “(arithm_le (lv_acc (lv_x "h") "dstPort") ^(bdd_utilsLib.make_bv 50321 16))”;
+val is_dstPort_ge_50321 = “(arithm_ge (lv_acc (lv_x "h") "dstPort") ^(bdd_utilsLib.make_bv 50321 16))”;
+
+val is_srcNAT_le_43265 = “(arithm_le (lv_acc (lv_x "h") "srcNAT") ^(bdd_utilsLib.make_bv 43265 16))”;
+val is_srcNAT_ge_43265 = “(arithm_ge (lv_acc (lv_x "h") "srcNAT") ^(bdd_utilsLib.make_bv 43265 16))”;
+
+val is_dstNAT_le_50321 = “(arithm_le (lv_acc (lv_x "h") "dstNAT") ^(bdd_utilsLib.make_bv 50321 16))”;
+val is_dstNAT_ge_50321 = “(arithm_ge (lv_acc (lv_x "h") "dstNAT") ^(bdd_utilsLib.make_bv 50321 16))”;
+
+
+val arith_policy_rule3 = “((arith_and (arith_a ^is_srcPort_le_6881)
+                          (arith_and (arith_a ^is_srcPort_ge_6881)
+                          (arith_and (arith_a ^is_dstPort_le_50321)
+                          (arith_and (arith_a ^is_dstPort_ge_50321)
+                          (arith_and (arith_a ^is_srcNAT_le_43265)
+                          (arith_and (arith_a ^is_srcNAT_ge_43265)
+                          (arith_and (arith_a ^is_dstNAT_le_50321)
+                                   (arith_a ^is_dstNAT_ge_50321)))))))) ,
+                           action ("allow",[1])):single_rule”;
+
+(* Default policy rule *)
+val arith_policy_rule_default = “(arith_a a_True, action ("drop", [])):single_rule”;
+
+(* Combined arith policy list *)
+val arith_policy = “[
+    ^arith_policy_rule1;
+    ^arith_policy_rule2;
+    ^arith_policy_rule3;
+    ^arith_policy_rule_default
+]:single_rule list”;
+
+
+
+(* Combined policy mapping *)
+val policy_me =   “[
+    ("is_srcPort_le_57222", ^is_srcPort_le_57222);
+    ("is_srcPort_ge_57222", ^is_srcPort_ge_57222);
+    ("is_dstPort_le_53", ^is_dstPort_le_53);
+    ("is_dstPort_ge_53", ^is_dstPort_ge_53);
+    ("is_srcNAT_le_54587", ^is_srcNAT_le_54587);
+    ("is_srcNAT_ge_54587", ^is_srcNAT_ge_54587);
+    ("is_dstNAT_le_53", ^is_dstNAT_le_53);
+    ("is_dstNAT_ge_53", ^is_dstNAT_ge_53);
+    ("is_srcPort_le_56258", ^is_srcPort_le_56258);
+    ("is_srcPort_ge_56258", ^is_srcPort_ge_56258);
+    ("is_dstPort_le_3389", ^is_dstPort_le_3389);
+    ("is_dstPort_ge_3389", ^is_dstPort_ge_3389);
+    ("is_srcNAT_le_56258", ^is_srcNAT_le_56258);
+    ("is_srcNAT_ge_56258", ^is_srcNAT_ge_56258);
+    ("is_dstNAT_le_3389", ^is_dstNAT_le_3389);
+    ("is_dstNAT_ge_3389", ^is_dstNAT_ge_3389);
+    ("is_srcPort_le_6881", ^is_srcPort_le_6881);
+    ("is_srcPort_ge_6881", ^is_srcPort_ge_6881);
+    ("is_dstPort_le_50321", ^is_dstPort_le_50321);
+    ("is_dstPort_ge_50321", ^is_dstPort_ge_50321);
+    ("is_srcNAT_le_43265", ^is_srcNAT_le_43265);
+    ("is_srcNAT_ge_43265", ^is_srcNAT_ge_43265);
+    ("is_dstNAT_le_50321", ^is_dstNAT_le_50321);
+    ("is_dstNAT_ge_50321", ^is_dstNAT_ge_50321);
+]”;
+
+(* Grouped policy ordering *)
+val policy_full_order = “[
+  ("srcPortGrp",["is_srcPort_le_57222";"is_srcPort_ge_57222";"is_srcPort_le_56258";"is_srcPort_ge_56258";"is_srcPort_le_6881";"is_srcPort_ge_6881"]);
+  ("dstPortGrp",["is_dstPort_le_53";"is_dstPort_ge_53";"is_dstPort_le_3389";"is_dstPort_ge_3389";"is_dstPort_le_50321";"is_dstPort_ge_50321"]);
+  ("srcNATGrp" ,["is_srcNAT_le_54587";"is_srcNAT_ge_54587";"is_srcNAT_le_56258";"is_srcNAT_ge_56258";"is_srcNAT_le_43265";"is_srcNAT_ge_43265"]);
+  ("dstNATGrp" ,["is_dstNAT_le_53";"is_dstNAT_ge_53";"is_dstNAT_le_3389";"is_dstNAT_ge_3389";"is_dstNAT_le_50321";"is_dstNAT_ge_50321"])
+]”;
+
+(* Flat policy order (grouped) *)
+val policy_order = “["is_srcPort_le_57222"; "is_srcPort_ge_57222"; "is_srcPort_le_56258"; "is_srcPort_ge_56258"; "is_srcPort_le_6881"; "is_srcPort_ge_6881"; "is_dstPort_le_53"; "is_dstPort_ge_53"; "is_dstPort_le_3389"; "is_dstPort_ge_3389"; "is_dstPort_le_50321"; "is_dstPort_ge_50321"; "is_srcNAT_le_54587"; "is_srcNAT_ge_54587"; "is_srcNAT_le_56258"; "is_srcNAT_ge_56258"; "is_srcNAT_le_43265"; "is_srcNAT_ge_43265"; "is_dstNAT_le_53"; "is_dstNAT_ge_53"; "is_dstNAT_le_3389"; "is_dstNAT_ge_3389"; "is_dstNAT_le_50321"; "is_dstNAT_ge_50321"]”;
+
+
+(***********************************************)
+
+val final_thm_res =
+sptrees_fwd_proofLib.sptrees_convert_arith_policy_to_interval_tables (arith_policy, policy_me, test_pd_type, policy_full_order, policy_order)
+                      
+val _ = export_theory ();

hol/policy_to_table/bdd_cake_trans/internet_firewall_policies/internet_firewall_3Script.sml

@@ -3,7 +3,7 @@ sig
   include Abbrev
 
 
-        val convert_arith_policy_to_interval_tables : term * term * term * term * term -> thm
+        val sptrees_convert_arith_policy_to_interval_tables : term * term * term * term * term -> thm
         val time_stage : string * Timer.cpu_timer * Timer.real_timer -> {sys: Time.time, usr: Time.time} * Time.time
 
 

hol/policy_to_table/bdd_cake_trans/sptrees_fwd_proofLib.sig

@@ -67,6 +67,10 @@ open apply_trans_to_IOLib;
             (*       STAGE 1       *)
             (***********************)
 
+           val start_cpu_stage1 = Timer.startCPUTimer ();
+           val start_real_stage1 = Timer.startRealTimer (); 
+
+
             (*convert arith policy to var policy*)
             val arith_policy_eval = EVAL “convert_arith_to_var_policy ^arith_policy ^policy_me”;
             val var_policy = optionSyntax.dest_some (rhs (concl arith_policy_eval));
@@ -83,6 +87,8 @@ open apply_trans_to_IOLib;
             val arith_policy_var_policy_thm = REWRITE_RULE[all_distinct_conj, arith_policy_eval]
             (ISPECL[arith_policy, var_policy, policy_me] policy_airth_to_var_sem_conversion_correct);
 
+            val _ = time_stage ("Stage 1", start_cpu_stage1, start_real_stage1) 
+
 
             (***********************)
             (*       STAGE 2       *)
@@ -93,9 +99,10 @@ open apply_trans_to_IOLib;
             val (final_policy_bdd, tbl, final_table_bdd) =
             apply_trans_to_IOLib.sptrees_gen_bdds_policy_and_table (var_policy, policy_order, policy_full_order);
 
+            val _ = time_stage ("Stage 2 from var policy to BDD", start_cpu_stage2, start_real_stage2);
+
 
 
-            val get_i_policy = bdd_utilsLib.pairBDDs (final_policy_bdd, final_table_bdd);
 
 
 
@@ -104,7 +111,7 @@ open apply_trans_to_IOLib;
             val eval_table_full_opt_auto = mk_thm ( [], “mk_BDDPred_opt table_structure (0,[],[(0, non_termn (NONE, ^tbl))]) [] ^policy_order 1 = SOME ^final_table_bdd ”);
 
 
-
+(*
             val var_eq_thm_extract = REWRITE_CONV [correct_var_policy_var_tables_exec_def, eval_policy_full_opt , eval_table_full_opt_auto] “correct_var_policy_var_tables_exec ^var_policy ^tbl ^policy_order ^get_i_policy”;
             val var_eq_thm_extract_red = computeLib.RESTR_EVAL_RULE  [“correct_var_policy_var_tables_exec”, “sem_tables”,“sem_policy”, “mv_dom_vars”]  var_eq_thm_extract;
             val var_policy_var_table_thm = SIMP_RULE bool_ss [correct_var_policy_var_tables_exec_thm1] var_eq_thm_extract_red;
@@ -183,9 +190,9 @@ open apply_trans_to_IOLib;
             fs[cond1_thm, cond2_thm, cond3_thm]
             );
 
-
+*)
     in
-    final_thm
+    eval_table_full_opt_auto (*final_thm*)
     end;
 
 end;