Class: ARBACVerifier::ReachabilityVerifier

Inherits:

Object

• Object
• ARBACVerifier::ReachabilityVerifier

Extended by:

T::Sig

Includes:

Utils

Defined in:

lib/arbac_verifier/classes/reachability_verifier.rb

Instance Attribute Summary

• #instance ⇒ Object readonly

  Returns the value of attribute instance.

Class Method Summary

• .logger ⇒ Object
• .set_logger(logger) ⇒ Object

Instance Method Summary

• #initialize(**params) ⇒ ReachabilityVerifier constructor

  A new instance of ReachabilityVerifier.

• #verify ⇒ Object

Methods included from Utils

#backward_slicing, #forward_slicing, #overaproximate_reachable_roles, #overaproximate_relevant_roles

Constructor Details

#initialize(**params) ⇒ ReachabilityVerifier

Returns a new instance of ReachabilityVerifier.

# File 'lib/arbac_verifier/classes/reachability_verifier.rb', line 30

def initialize(**params)
  if params[:instance].nil?
    path = T.cast(params[:path], String)
    logger.info("Initializing reachability problem for policy from file #{path}...")
    instance = T.let(Instance.new(path: path), Instance)
    logger.info("*** Initial instance info ***")
    log_complexity(instance)
    @instance = forward_slicing(backward_slicing(instance))
    logger.info("*** Post pruning instance info ***")
    log_complexity(@instance)
  else
    instance = T.cast(params[:instance], Instance)
    logger.info("Initializing reachability problem for policy #{instance.hash}...")
    logger.info("*** Initial instance info ***")
    log_complexity(instance)
    @instance = forward_slicing(backward_slicing(instance))
    logger.info("*** Post pruning instance info ***")
    log_complexity(@instance)
  end
end

Instance Attribute Details

#instance ⇒ Object (readonly)

Returns the value of attribute instance.

# File 'lib/arbac_verifier/classes/reachability_verifier.rb', line 15

def instance
  @instance
end

Class Method Details

.logger ⇒ Object

# File 'lib/arbac_verifier/classes/reachability_verifier.rb', line 18

def self.logger
  @@logger ||= Logger.new($stdout).tap do |log|
    log.progname = self.name
  end
end

.set_logger(logger) ⇒ Object

# File 'lib/arbac_verifier/classes/reachability_verifier.rb', line 25

def self.set_logger(logger)
  @@logger = logger
end

Instance Method Details

#verify ⇒ Object

# File 'lib/arbac_verifier/classes/reachability_verifier.rb', line 52

def verify
  all_states = {}
  initial_state = @instance.user_to_role
  new_states = { initial_state => true }
  found = Concurrent::AtomicBoolean.new(false)

  users = @instance.users.to_a
  user_pairs = users.product(users)

  num_cpus = Concurrent.processor_count
  pool = Concurrent::ThreadPoolExecutor.new(
    min_threads: num_cpus,
    max_threads: num_cpus,
    max_queue: num_cpus * 2,
    fallback_policy: :caller_runs
  )

  until found.true? || new_states.empty?
    all_states.merge!(new_states)
    current_states = new_states.keys
    new_states.clear

    futures = current_states.flat_map do |current_state|
      user_pairs.map do |subject, object|
        Concurrent::Future.execute(executor: pool) do
          new_local_states = []
          perform_assignments(subject, object, new_local_states, all_states, current_state, found)
          perform_revocations(subject, object, new_local_states, all_states, current_state)
          new_local_states
        end
      end
    end

    futures.each do |future|
      future.value.each { |state| new_states[state] = true }
    end
    break if found.true?
  end

  pool.shutdown
  pool.wait_for_termination

  found.true?
end