How can I create a function which evaluate only strings which represent only mathematical functions?

1 次查看(过去 30 天)
How can I create a function which evaluates only strings which represent only mathematical functions?
I have an inputdlg box and I insert string which represents a random mathematical function.for example exp(x)+log(x)/cos(2*pi*x). How can I make a function which evaluate this and ignore anything else which doesn't have to do with mathematics?
  2 个评论
Matt Fig
Matt Fig 2011-6-6
I think that is a rather tall order. How will your system know whether or not an item in the string has to do with Mathematics, unless you exhaustively check for use of every possible function?
sadel
sadel 2011-6-6
Yeah, you right but how can I avoid the fact that some user can insert a string like this 'delete(''*.*'')' or this 'cla' or something else which can be evaluated but it isn't what I want?

请先登录,再进行评论。

采纳的回答

Walter Roberson
Walter Roberson 2011-6-8
I used to work in computer security. This is what decades of research in computer security has found:
When you are parsing something, *never* take the approach of rejecting things you know your code does not handle. There will almost always be something you overlooked, some way of slipping something by your rejection filters, perhaps something that was not previously known as being dangerous. Instead, for security, define specifically what you will *accept* and reject everything else.
For example, you want to reject delete('*.*') -- but how well do you know MuPad? Do you know all of the MuPad routines that can be convinced to take numeric input and convert it to character strings that are executed?
Accept only what you know to be safe.
  1 个评论
sadel
sadel 2011-6-8
I think I'll quit. This project is my bachelor thesis and I don't have enough time. Next week I have to present it. I will use my above code with a try-catch function and I will hope. :)

请先登录,再进行评论。

更多回答(5 个)

Walter Roberson
Walter Roberson 2011-6-6
We already went through this. There is no way to do what you are asking. The sample string of symbols means different things under different interpretations. The "real" meaning of a string of symbols depends upon intent.
You can define meanings for all of the functions and operators that you intend to support, but you cannot determine whether a string represents a "mathematical function" or not.
Quoting myself from a week ago:
You haven't defined your requirements.
Paulo recommended symvar and that is likely a good place to start. Extract the variables from the expression, and if any of them in the expression are not on the approved list, veto the expression.
It is also possible to extract the names of all of the functions used and compare them to your approved list. Note, though, that the internal name of functions might not be the obvious one, so experiment to see what the names actually are. In Maple, you would use indets() with fairly specific parameters to extract the function names; I am not sure what the MuPad equivalent would be.
  3 个评论
sadel
sadel 2011-6-7
If I could make symvar to identify the symbol 't' and not return it then I could create
a function which evaluate only strings which represent only mathematical functions
t=0:0.1:10;
insertfunction='cos(2*pi*t))'
gh=symvar(insertfunction)
if (gh is an empty cell array)
eval(['v =0*t+ ',vectorize(gh),';'])
plot(t,v)
end
Well,is this possible?

请先登录,再进行评论。


Matt Fig
Matt Fig 2011-6-6
Here is a radical idea, and I cannot guarantee it will work. But it might be worth a try..
str = '! dir &'; % Example of something you don't want the user to do.
try
F = figure('visible','off');
Ax = axes;
ezplot(str) % This will do the checking for you!
delete(F) % If you made it to here, the string is o.k.
catch
delete(F)
% Do something here, like notify the user that this is invalid.
end
% Now process your string....
F = str2func(['@(x)' ,str]);
Again, this may not be foolproof, but it might be worth a try with some known examples for str...

Robert Cumming
Robert Cumming 2011-6-6
Do you want a method of ensuring your end user can only generate valid matlab code which contains valid mathematical equations?
This commercial software has functionality which allows the generation of controlled matlab functions which contain equations. The code is still under development but the downloadable demo shows the main functionality.
For the matlab end user the output is controlable valid Matlab scripts, functions or class definitions.
  4 个评论
Robert Cumming
Robert Cumming 2011-6-8
there should be tutorials at the back of the user guide which show you how to create equations - which you can then check/verify before saving them as valid matlab code (using export)

请先登录,再进行评论。


Andrei Bobrov
Andrei Bobrov 2011-6-7
how Matt
insertfunction='cos(2*pi*t)';
gh=symvar(insertfunction);
f = str2func(['@(',gh{:},')',vectorize(insertfunction)]);
plot(t,f(t))

sadel
sadel 2011-6-7
Well, I think I found the answer. Tell me your opinion!!!
t=0:0.1:10;
insertfunction='cos(2*pi*t)';
gh=symvar(insertfunction);
if (isempty(gh)) | (strcmp(gh,'t')==1)
eval(['v =0*t+ ',vectorize(insertfunction),';']);
plot(t,v)
else
warn='Invalid variable'
end

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by