How can I create a function which evaluate only strings which represent only mathematical functions?

1 vue (au cours des 30 derniers jours)
How can I create a function which evaluates only strings which represent only mathematical functions?
I have an inputdlg box and I insert string which represents a random mathematical function.for example exp(x)+log(x)/cos(2*pi*x). How can I make a function which evaluate this and ignore anything else which doesn't have to do with mathematics?
  2 commentaires
Matt Fig
Matt Fig le 6 Juin 2011
I think that is a rather tall order. How will your system know whether or not an item in the string has to do with Mathematics, unless you exhaustively check for use of every possible function?
sadel
sadel le 6 Juin 2011
Yeah, you right but how can I avoid the fact that some user can insert a string like this 'delete(''*.*'')' or this 'cla' or something else which can be evaluated but it isn't what I want?

Connectez-vous pour commenter.

Réponse acceptée

Walter Roberson
Walter Roberson le 8 Juin 2011
I used to work in computer security. This is what decades of research in computer security has found:
When you are parsing something, *never* take the approach of rejecting things you know your code does not handle. There will almost always be something you overlooked, some way of slipping something by your rejection filters, perhaps something that was not previously known as being dangerous. Instead, for security, define specifically what you will *accept* and reject everything else.
For example, you want to reject delete('*.*') -- but how well do you know MuPad? Do you know all of the MuPad routines that can be convinced to take numeric input and convert it to character strings that are executed?
Accept only what you know to be safe.
  1 commentaire
sadel
sadel le 8 Juin 2011
I think I'll quit. This project is my bachelor thesis and I don't have enough time. Next week I have to present it. I will use my above code with a try-catch function and I will hope. :)

Connectez-vous pour commenter.

Plus de réponses (5)

Walter Roberson
Walter Roberson le 6 Juin 2011
We already went through this. There is no way to do what you are asking. The sample string of symbols means different things under different interpretations. The "real" meaning of a string of symbols depends upon intent.
You can define meanings for all of the functions and operators that you intend to support, but you cannot determine whether a string represents a "mathematical function" or not.
Quoting myself from a week ago:
You haven't defined your requirements.
Paulo recommended symvar and that is likely a good place to start. Extract the variables from the expression, and if any of them in the expression are not on the approved list, veto the expression.
It is also possible to extract the names of all of the functions used and compare them to your approved list. Note, though, that the internal name of functions might not be the obvious one, so experiment to see what the names actually are. In Maple, you would use indets() with fairly specific parameters to extract the function names; I am not sure what the MuPad equivalent would be.
  3 commentaires
sadel
sadel le 7 Juin 2011
Do you know FCNCHK function? Do you think that it can help me for my purpose?
sadel
sadel le 7 Juin 2011
If I could make symvar to identify the symbol 't' and not return it then I could create
a function which evaluate only strings which represent only mathematical functions
t=0:0.1:10;
insertfunction='cos(2*pi*t))'
gh=symvar(insertfunction)
if (gh is an empty cell array)
eval(['v =0*t+ ',vectorize(gh),';'])
plot(t,v)
end
Well,is this possible?

Connectez-vous pour commenter.


Matt Fig
Matt Fig le 6 Juin 2011
Here is a radical idea, and I cannot guarantee it will work. But it might be worth a try..
str = '! dir &'; % Example of something you don't want the user to do.
try
F = figure('visible','off');
Ax = axes;
ezplot(str) % This will do the checking for you!
delete(F) % If you made it to here, the string is o.k.
catch
delete(F)
% Do something here, like notify the user that this is invalid.
end
% Now process your string....
F = str2func(['@(x)' ,str]);
Again, this may not be foolproof, but it might be worth a try with some known examples for str...

Robert Cumming
Robert Cumming le 6 Juin 2011
Do you want a method of ensuring your end user can only generate valid matlab code which contains valid mathematical equations?
This commercial software has functionality which allows the generation of controlled matlab functions which contain equations. The code is still under development but the downloadable demo shows the main functionality.
For the matlab end user the output is controlable valid Matlab scripts, functions or class definitions.
  4 commentaires
sadel
sadel le 7 Juin 2011
I was doing something wrong. Now it's ok. What can I do now with this program?
Robert Cumming
Robert Cumming le 8 Juin 2011
there should be tutorials at the back of the user guide which show you how to create equations - which you can then check/verify before saving them as valid matlab code (using export)

Connectez-vous pour commenter.


Andrei Bobrov
Andrei Bobrov le 7 Juin 2011
how Matt
insertfunction='cos(2*pi*t)';
gh=symvar(insertfunction);
f = str2func(['@(',gh{:},')',vectorize(insertfunction)]);
plot(t,f(t))

sadel
sadel le 7 Juin 2011
Well, I think I found the answer. Tell me your opinion!!!
t=0:0.1:10;
insertfunction='cos(2*pi*t)';
gh=symvar(insertfunction);
if (isempty(gh)) | (strcmp(gh,'t')==1)
eval(['v =0*t+ ',vectorize(insertfunction),';']);
plot(t,v)
else
warn='Invalid variable'
end

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by