- New attack attribute.

src/arachne.c

@@ -2724,13 +2724,7 @@ prune_theorems ()
     }
 
   // Check if all agents of the main run are valid
-  tl = sys->runs[0].agents;
+  if (!isRunTrusted (sys,0))
-  while (tl != NULL)
-    {
-      Term agent;
-
-      agent = deVar (tl->term);
-      if (!realTermVariable (agent) && inTermlist (sys->untrusted, agent))
     {
       if (switches.output == PROOF)
 	{
@@ -2740,8 +2734,6 @@ prune_theorems ()
 	}
       return 1;
     }
-      tl = tl->next;
-    }
 
   // Check if the actors of all other runs are not untrusted
   if (sys->untrusted != NULL)
@@ -2762,7 +2754,7 @@ prune_theorems ()
 		    {
 		      error ("Agent of run %i is NULL", run);
 		    }
-		  if (inTermlist (sys->untrusted, actor))
+		  if (!isAgentTrusted (sys, actor))
 		    {
 		      if (switches.output == PROOF)
 			{

src/compiler.c

@@ -719,7 +719,7 @@ runInstanceCreate (Tac tc)
   /*      first: determine whether the run is untrusted,
    *      by checking whether one of the untrusted agents occurs
    *      in the run instance  */
-  if (untrustedAgent (sys, instParams))
+  if (!isAgentlistTrusted (sys, instParams))
     {
       /* nothing yet */
       /* claims handle this themselves */

src/modelchecker.c

@@ -260,7 +260,7 @@ removeDangling (Roledef rd, const int killclaims)
 Roledef
 removeIrrelevant (const System sys, const int run, Roledef rd)
 {
-  if (untrustedAgent (sys, sys->runs[run].agents))
+  if (!isRunTrusted (sys,run))
     {
       // untrusted, so also remove claims
       return removeDangling (rd, 1);
@@ -384,7 +384,7 @@ explorify (const System sys, const int run)
 	  while (rid < sys->maxruns)
 	    {
 	      /* are claims in this run evaluated anyway? */
-	      if (!untrustedAgent (sys, sys->runs[rid].agents))
+	      if (isRunTrusted(sys, rid))
 		{		/* possibly claims to be checked in this run */
 		  rdscan = runPointerGet (sys, rid);
 		  while (rdscan != NULL)
@@ -465,7 +465,7 @@ explorify (const System sys, const int run)
          rid = 0;
          while (rid < sys->maxruns)
          {
-         if (!untrustedAgent (sys, sys->runs[rid].agents))
+         if (!isRunTrusted (sys, rid))
          {
          }
          rid++;
@@ -1207,7 +1207,7 @@ claimViolationDetails (const System sys, const int run, const Roledef rd,
     {
       /* secrecy claim */
 
-      if (untrustedAgent (sys, sys->runs[run].agents))
+      if (!isRunTrusted (sys,run))
 	{
 	  /* claim was skipped */
 	  return (Termlist) - 1;
@@ -1328,7 +1328,7 @@ executeTry (const System sys, int run)
       if (runPoint->type == CLAIM)
 	{
 	  /* first we might dynamically determine whether the claim is valid */
-	  if (untrustedAgent (sys, sys->runs[run].agents))
+	  if (!isRunTrusted (sys,run))
 	    {
 	      /* for untrusted agents we check no claim violations at all
 	       * so: we know it's okay. */

src/output.c

@@ -609,7 +609,7 @@ graphNode (const System sys)
   // Print step 
   printf ("%i:", sys->runs[run].step - 1);
 
-  if (rd->type == CLAIM && untrustedAgent (sys, sys->runs[run].agents))
+  if (rd->type == CLAIM && (!isRunTrusted(sys,run)))
     {
       printf ("Skip claim in #%i\"", run);
     }

src/system.c

@@ -1212,39 +1212,55 @@ protocolsPrint (Protocol p)
     }
 }
 
-//! Determine whether there is an untrusted agent.
+//! Determine whether an agent term is trusted
 /**
- *@param sys The system, containing system::untrusted.
+ * 1 (True) means trusted, 0 is untrusted
- *@param agents A list of agents to be verified.
- *@return True iff any agent in the list is untrusted.
  */
 int 
-untrustedAgent (const System sys, Termlist agents)
+isAgentTrusted (const System sys, Term agent)
+{
+  agent = deVar (agent);
+  if (!realTermVariable (agent) && inTermlist (sys->untrusted, agent))
+    {
+      // Untrusted agent in the list
+      return 0;
+    }
+  return 1;
+}
+
+//! Determine whether there is an untrusted agent.
+/**
+ *@return True iff all agent in the list are trusted.
+ */
+int
+isAgentlistTrusted (const System sys, Termlist agents)
 {
   while (agents != NULL)
     {
-      if (isTermVariable (agents->term))
+      if (!isAgentTrusted (sys, agents->term))
 	{
-	  if (switches.clp)
+	  return 0;
-	    {
-	      /* clp: variables are difficult */
-	      /* TODO Add as constraint that they're
-	       * trusted */
-	      /* However, that is a branch as well :(
-	       */
-	      /* claim secret is _really_ a instant-multiple
-	       * read. If it is succesful, we sound
-	       * the alert */
-	    }
-	}
-      else
-	{
-	  if (inTermlist (sys->untrusted, agents->term))
-	    return 1;
 	}
       agents = agents->next;
     }
+  return 1;
+}
+
+//! Determine whether all agents of a run are trusted
+/**
+ * Returns 0 (False) if they are not trusted, otherwise 1 (True)
+ */
+int
+isRunTrusted (const System sys, const int run)
+{
+  if (run >= 0 && run < sys->maxruns)
+    {
+      if (!isAgentlistTrusted (sys, sys->runs[run].agents))
+	{
 	  return 0;
+	}
+    }
+  return 1;
 }
 
 //! Yield the maximum length of a trace by analysing the runs in the system.
@@ -1446,3 +1462,4 @@ system_iterate_roles (const System sys, int (*func) ())
     }
   return 1;
 }
+

src/system.h

@@ -203,5 +203,8 @@ int compute_roleeventmax (const System sys);
 
 void scenarioPrint (const System sys);
 int system_iterate_roles (const System sys, int (*func) ());
+int isAgentTrusted (const System sys, Term agent);
+int isAgentlistTrusted (const System sys, Termlist agents);
+int isRunTrusted (const System sys, const int run);
 
 #endif

src/xmlout.c

@@ -672,6 +672,14 @@ xmlRunInfo (const System sys, const int run)
     {
       printf (" intruder=\"true\"");
     }
+  else
+    {
+      // Non-intruder run, check whether communicates with untrusted agents
+      if (!isRunTrusted (sys, run))
+	{
+	  printf(" untrustedrun=\"true\"");
+	}
+    }
   printf (">");
   xmlTermPrint (sys->runs[run].protocol->nameterm);
   printf ("</protocol>\n");