-
Notifications
You must be signed in to change notification settings - Fork 4
/
accessControl.fst
32 lines (25 loc) · 1.29 KB
/
accessControl.fst
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
module AccessControl
open FStar.GSet
noeq
type hst (state:Type) (a:Type) (p q:state) =
| State : (state -> (a & state)) -> hst state a p q
assume val pure (#state:Type) (#a:Type) (#w:state) (x:a) : hst state a w w
assume val bind (#state:Type) (#a #b:Type) (#w1 #w2 #w3:state)
(f:hst state a w1 w2) (g:a -> hst state b w2 w3) : hst state b w1 w3
assume val thenn (#state:Type) (#a #b:Type) (#w1 #w2 #w3:state)
(f:hst state a w1 w2) (g:hst state b w2 w3) : hst state b w1 w3
let get (#state:Type) (#w:state) : hst state state w w =
State (fun _ -> w, w)
let put (#state:Type) (#w:state) (w1:state) : hst state unit w w1 =
State (fun _ -> (), w1)
assume val canRead (#acl:set int) (f:int) : (hst (set int) (v:bool{v = mem f acl}) acl acl)
assume val grant (#acl:set int) (f:int) : hst (set int) unit acl (union acl (singleton f))
assume val revoke (#acl:set int) (f:int) : hst (set int) unit acl (intersect acl (complement (singleton f)))
assume val read (#acl:set int) (f:int{mem f acl}) : hst (set int) string acl acl
val main (#acl:set int) (f:int) : hst (set int) string acl acl
let main #acl f =
assume (equal acl (intersect (union acl (singleton f)) (complement (singleton f))));
bind (grant f) (fun _ ->
(bind (read f) (fun contents ->
(bind (revoke f) (fun _ ->
pure contents)))))