Changeset 619 for branches

Timestamp:

12/20/12 11:54:42 (3 years ago)

Author:

mmckerns

Message:

enable use of locals in build_constraint; make use of exec more secure

File:

• branches/decorate/_symbolic.py (modified) (11 diffs)

branches/decorate/_symbolic.py

@@ -240 +240 @@
         >>> print simplify_symbolic(equation, target='x2')
         x2 = 3.0 + x1*x3
-"""
+""" #XXX: an expanded version of this code is found in build_constraints XXX#
     # for now, we abort on multi-line equations or inequalities
     if len(constraint.replace('==','=').split('=')) != 2:
@@ -262 +262 @@
 
     warn = True  # if True, don't supress warnings
+    verbose = False  # if True, print debug info
     if kwds.has_key('warn'): warn = kwds['warn']
-    locals = kwds.get('locals', None)
+    if kwds.has_key('verbose'): verbose = kwds['verbose']
 
     # default is _locals with sympy imported
     _locals = {}
+    locals = kwds.get('locals', None)
+    if locals is None: locals = {}
     try:
         code = """from sympy import Eq, Symbol;"""
@@ -284 +287 @@
     code = compile(code, '<string>', 'exec')
     exec code in _locals
-    if locals is None: locals = {}
     _locals.update(locals) #XXX: allow this?
 
     code,left,right,xlist,neqns = _prepare_sympy(constraints, varname, ndim)
 
-    code += 'eq = Eq(' + left[0] + ',' + right[0] + ')\n' 
+    eqlist = ""
+    for i in range(1, neqns+1):
+        eqn = 'eq' + str(i)
+        eqlist += eqn + ","
+        code += eqn + '= Eq(' + left[i-1] + ',' + right[i-1] + ')\n'
+    eqlist = eqlist.rstrip(',')
 
     if not target: #XXX: the goal is solving *only one* equation
-       #code += 'soln = symsol(eq, [' + xlist + '])\n'
+       #code += 'soln = symsol([' + eqlist + '], [' + xlist + '])\n'
         code += '_xlist = %s\n' % xlist
         code += 'soln = {}\n'
-        code += '[soln.update({i:symsol(eq, i)}) for i in _xlist]\n'
-    else:
-        code += 'soln = symsol(eq, [' + target + '])\n'
+        code += '[soln.update({i:symsol('+eqlist+', i)}) for i in _xlist]\n'
+    else:
+        code += 'soln = symsol(' + eqlist + ', [' + target + '])\n'
+    if verbose: print code
     code = compile(code, '<string>', 'exec')
     try: 
@@ -308 +316 @@
         if warn: print "Warning:", error
         return None
+    if verbose: print soln
 
     #XXX Not the best way to handle multiple solutions?
@@ -437 +446 @@
     # >>> soln = symsol([eq2, eq1], [x1, x2, x3])
 
-    # If no Sympy installed, just call generate_constraint
+    # default is _locals with sympy imported
+    _locals = {}
+    locals = kwds.get('locals', None)
+    if locals is None: locals = {}
+    # if sympy not installed, call generate_constraint
     try:
-        from sympy import Eq, Symbol
-        from sympy import solve as symsol
+        code = """from sympy import Eq, Symbol;"""
+        code += """from sympy import solve as symsol;"""
+        code = compile(code, '<string>', 'exec')
+        exec code in _locals
     except ImportError: # Equation will not be simplified."
         if warn: print "Warning: sympy not installed."
-        solv = generate_solvers(constraints, variables=varname)
+        solv = generate_solvers(constraints, variables=varname, locals=locals)
         return generate_constraint(solv)
 
-    code, left, right, xlist, neqns = _prepare_sympy(constraints, varname, ndim)
+    # default is _locals with numpy and math imported
+    # numpy throws an 'AttributeError', but math passes error to sympy
+    code = """from numpy import *; from math import *;""" # prefer math
+    code += """from numpy import mean as average;""" # use np.mean not average
+    code += """from numpy import var as variance;""" # look like mystic.math
+    code += """from numpy import ptp as spread;"""   # look like mystic.math
+    code = compile(code, '<string>', 'exec')
+    exec code in _locals
+    _locals.update(locals) #XXX: allow this?
+
+    code,left,right,xlist,neqns = _prepare_sympy(constraints, varname, ndim)
 
     eqlist = ""
-    for i in range(1, neqns + 1):
+    for i in range(1, neqns+1):
         eqn = 'eq' + str(i)
         eqlist += eqn + ","
         code += eqn + '= Eq(' + left[i-1] + ',' + right[i-1] + ')\n'
+    eqlist = eqlist.rstrip(',')
 
     # Figure out if trying various permutations is necessary
@@ -480 +506 @@
             for item in perm:
                 xstring += item + ","
-            tempcode += 'soln = symsol([' + eqlist.rstrip(',') + '], [' + \
-                        xstring.rstrip(',') + '])'
+            xstring = xstring.rstrip(',')
+            tempcode += 'soln = symsol([' + eqlist + '], [' + xstring + '])'
             if verbose: print tempcode
-            exec tempcode in globals(), locals() #FIXME: insecure
-
-            if soln == None and warn:
-                print "Warning: sympy could not simplify equation."
+
+            tempcode = compile(tempcode, '<string>', 'exec')
+            try: 
+                exec tempcode in globals(), _locals
+                soln = _locals['soln']
+                if soln == None and warn:
+                    print "Warning: sympy could not simplify equation."
+            except NotImplementedError: # catch 'multivariate' error
+                if warn: print "Warning: sympy could not simplify equation."
+                soln = None
+            except NameError, error: # catch when variable is not defined
+                if warn: print "Warning:", error
+                soln = None
+            if verbose: print soln
 
             solvedstring = ""
@@ -509 +545 @@
         # constraints functions. Check if constraints(guess) is in the bounds.
         for string in stringperms:
-            solv = generate_solvers(string, variables=varname)
+            solv = generate_solvers(string, variables=varname, locals=locals)
             cf = generate_constraint(solv)
 #           if guess: compatible = isbounded(cf, guess, min=lower_bounds, \
@@ -534 +570 @@
         # Just form code and get whatever solution sympy comes up with.
         if targets:
-            xlist = ','.join(targets)
-        code += 'soln = symsol([' + eqlist.rstrip(',') + '], [' + xlist.rstrip(',') + '])'
-        exec code in globals(), locals() #FIXME: insecure
-        if soln == None and warn:
-            print "Warning: sympy could not simplify equation."
+            xlist = ','.join(targets).rstrip(',')
+        code += 'soln = symsol([' + eqlist + '], [' + xlist + '])'
+        if verbose: print code
+        code = compile(code, '<string>', 'exec')
+        try: 
+            exec code in globals(), _locals
+            soln = _locals['soln']
+            if soln == None and warn:
+                print "Warning: sympy could not simplify equation."
+        except NotImplementedError: # catch 'multivariate' error
+            if warn: print "Warning: sympy could not simplify equation."
+            soln = None
+        except NameError, error: # catch when variable is not defined
+            if warn: print "Warning:", error
+            soln = None
+        if verbose: print soln
 
         solvedstring = ""
@@ -544 +591 @@
             solvedstring += str(key) + ' = ' + str(value) + '\n'
 
-        solv = generate_solvers(solvedstring, variables=varname)
+        solv = generate_solvers(solvedstring, variables=varname, locals=locals)
         cf = generate_constraint(solv)
         if verbose:
@@ -700 +747 @@
 #   elif lower_bounds: ndim = len(lower_bounds)
 #   elif upper_bounds: ndim = len(upper_bounds)
+
+    locals = kwds.get('locals', None)
+    if locals is None: locals = {}
 
     # Figure out if trying various permutations is necessary
@@ -783 +833 @@
             simplified.append(simplify_symbolic(eqn, variables=varname, target=target, warn=warn))
 
-        solv = generate_solvers('\n'.join(simplified), variables=varname)
+        solv = generate_solvers('\n'.join(simplified), variables=varname, locals=locals)
         cf = generate_constraint(solv)