2006-07-15 20:32:15 +01:00
|
|
|
- --check is slightly f***ed up because there is no good semantics for
|
|
|
|
the --disable intruder check. As a result, it is now too strict can
|
|
|
|
cause correct protocols to fail. Fix.
|
2006-07-06 16:55:43 +01:00
|
|
|
- When *not* asking for attack output, maybe we should default to
|
|
|
|
--prune = 1. Then, if we ask for --xml output or --dot, we do:
|
|
|
|
if --prune == 1 then --prune == 2 now :) unless otherwise specified.
|
|
|
|
(This should be done after switch checking)
|
2006-02-26 15:00:58 +00:00
|
|
|
- Old version enforced some extra orders:
|
|
|
|
1. M_0 roles were ordered before any other roles.
|
|
|
|
2. Local constants order: if a run has a local variable instantiated by
|
|
|
|
somebody else's variable, that should occur then after the initial sending
|
|
|
|
of that value...
|
2006-01-17 12:30:16 +00:00
|
|
|
- Test 'sk(x)' in goals, somewhere before assessing a state (dus at the
|
|
|
|
beginning of iterate), immediately reduce to 'sk(Eve)'. Test with
|
|
|
|
--experimental. To that end, reintroduce a state-reporting switch.
|
2006-01-07 13:28:13 +00:00
|
|
|
- It is currently not well-defined to define inversekeys within a role:
|
|
|
|
this requires some work at instantiation, because instantiated term
|
|
|
|
couples should be added to the inverses list, and removed at
|
|
|
|
descruction.
|
2006-01-02 14:34:46 +00:00
|
|
|
- Simple timestamps could be added by prefixing send message before the
|
|
|
|
role, sending any timestamp constants out first to the intruder. These
|
|
|
|
should of course be hidden in the output somehow.
|
2005-12-31 19:34:50 +00:00
|
|
|
- Notes on the new attack group displays:
|
|
|
|
* We want to group runs into consistent protocol runs.
|
|
|
|
* Minimal req. for protocol run: equal \rho.
|
|
|
|
* If two runs are candidates for a role in a protocol run,
|
|
|
|
use a metric based on order and data. Maybe data is more important:
|
|
|
|
if equal data, than order might be irrelevant.
|
|
|
|
* Maybe we should refactor the xmlOut code first. In an extreme case,
|
|
|
|
we first factor out all logic, and ranking, and grouping, in to a
|
|
|
|
prepareAttackOutput structure; with a separate source file. Later we
|
|
|
|
can convert this to either ASCII or DOT or XML or something.
|
|
|
|
Now that I think of it; XML should be a plain state probably, and we
|
|
|
|
could add a switch to also output more detailed attack things (is
|
|
|
|
that relevant?)
|
|
|
|
- Add --filter-claim and --filter-label switches; parse as symbols, and
|
|
|
|
turn into (global?) terms, add to switches termlists. Later check them
|
|
|
|
using two new term functions:
|
|
|
|
const char *termSymbolString(Term t);
|
|
|
|
int termSymbolEqual(Term t1, Term t2);
|
|
|
|
Iteration through the termlist should be done by hand.
|
2005-12-29 09:25:42 +00:00
|
|
|
- Maybe add warning for type of matching in the output, maybe stderr.
|
2006-01-07 13:28:13 +00:00
|
|
|
Maybe all state-space bounding info should be displayed.
|
2005-08-01 13:59:05 +01:00
|
|
|
- SConstruct file should check whether ctags actually exists (avoiding
|
|
|
|
errors)
|
|
|
|
- Proof output should be XML, with an external converter to dot format.
|