- Revised dot output.
- Reintroduced intruder events. - Added colors.
This commit is contained in:
parent
f823399a73
commit
16a59624fe
@ -2065,22 +2065,27 @@ iterate ()
|
|||||||
btup = select_tuple_goal ();
|
btup = select_tuple_goal ();
|
||||||
if (btup != NULL)
|
if (btup != NULL)
|
||||||
{
|
{
|
||||||
// Expand tuple goal
|
/* Substitution or something resulted in a tuple goal: we immediately split them into compounds.
|
||||||
|
*/
|
||||||
int count;
|
int count;
|
||||||
|
Term tupletermbuffer;
|
||||||
|
|
||||||
// mark as blocked for iteration
|
tupletermbuffer = btup->term;
|
||||||
binding_block (btup);
|
|
||||||
// simply adding will detect the tuple and add the new subgoals
|
/*
|
||||||
|
* We solve this by replacing the tuple goal by the left term, and adding a goal for the right term.
|
||||||
|
*/
|
||||||
|
btup->term = TermOp1 (tupletermbuffer);
|
||||||
count =
|
count =
|
||||||
goal_add (btup->term, btup->run_to, btup->ev_to,
|
goal_add (TermOp2 (tupletermbuffer), btup->run_to,
|
||||||
btup->level);
|
btup->ev_to, btup->level);
|
||||||
|
|
||||||
// Show this in output
|
// Show this in output
|
||||||
if (switches.output == PROOF)
|
if (switches.output == PROOF)
|
||||||
{
|
{
|
||||||
indentPrint ();
|
indentPrint ();
|
||||||
eprintf ("Expanding tuple goal ");
|
eprintf ("Expanding tuple goal ");
|
||||||
termPrint (btup->term);
|
termPrint (tupletermbuffer);
|
||||||
eprintf (" into %i subgoals.\n", count);
|
eprintf (" into %i subgoals.\n", count);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2089,7 +2094,7 @@ iterate ()
|
|||||||
|
|
||||||
// undo
|
// undo
|
||||||
goal_remove_last (count);
|
goal_remove_last (count);
|
||||||
binding_unblock (btup);
|
btup->term = tupletermbuffer;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -361,7 +361,7 @@ valid_binding (Binding b)
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
//! Iterate over valid bindings
|
//! Iterate over all bindings
|
||||||
/**
|
/**
|
||||||
* Iterator should return true to proceed
|
* Iterator should return true to proceed
|
||||||
*/
|
*/
|
||||||
@ -375,15 +375,11 @@ iterate_bindings (int (*func) (Binding b))
|
|||||||
Binding b;
|
Binding b;
|
||||||
|
|
||||||
b = (Binding) bl->data;
|
b = (Binding) bl->data;
|
||||||
if (valid_binding (b))
|
|
||||||
{
|
|
||||||
if (!func (b))
|
if (!func (b))
|
||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -816,10 +816,12 @@ roleCompile (Term nameterm, Tac tc)
|
|||||||
* in which case we assume that the agent names are possibly received as variables
|
* in which case we assume that the agent names are possibly received as variables
|
||||||
*/
|
*/
|
||||||
thisRole->initiator = 0;
|
thisRole->initiator = 0;
|
||||||
|
firstEvent = 0;
|
||||||
}
|
}
|
||||||
commEvent (READ, tc);
|
commEvent (READ, tc);
|
||||||
break;
|
break;
|
||||||
case TAC_SEND:
|
case TAC_SEND:
|
||||||
|
firstEvent = 0;
|
||||||
commEvent (SEND, tc);
|
commEvent (SEND, tc);
|
||||||
break;
|
break;
|
||||||
case TAC_CLAIM:
|
case TAC_CLAIM:
|
||||||
@ -836,7 +838,6 @@ roleCompile (Term nameterm, Tac tc)
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
firstEvent = 0;
|
|
||||||
tc = tc->next;
|
tc = tc->next;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
1150
src/dotout.c
1150
src/dotout.c
File diff suppressed because it is too large
Load Diff
@ -1,12 +1,11 @@
|
|||||||
|
- If no attack/state output is needed, maybe the attack heuristic should
|
||||||
|
be simpler (which means just weighting the trace length etc.) in order
|
||||||
|
to avoid uneccesary continuation of the search. Maybe even stop
|
||||||
|
altogether after finding *an* attack.
|
||||||
- For the TimeStamps etc, we can implement an 'auto-leak' of such local
|
- For the TimeStamps etc, we can implement an 'auto-leak' of such local
|
||||||
constants. This should works also with a modifier of sorts (e.g.
|
constants. This should works also with a modifier of sorts (e.g.
|
||||||
'predictable') and such constants should be leaked to the intruder at
|
'predictable') and such constants should be leaked to the intruder at
|
||||||
the start of the run, possibly by prefixing a send.
|
the start of the run, possibly by prefixing a send.
|
||||||
- best heuristic currently for -t8: ignore sendsfirst, just look at the
|
|
||||||
previous event and continue at that run.
|
|
||||||
- termPrint must currently be encapsulated in a math environment to work in
|
|
||||||
latex output, I wil change this later to some ensure mathmode construct,
|
|
||||||
probably with something like latexTermPrint.
|
|
||||||
- The trace incremental search should start at something like 'distance of
|
- The trace incremental search should start at something like 'distance of
|
||||||
first claim + SOMECONST * runs'. SOMECONST relates to the partial-order
|
first claim + SOMECONST * runs'. SOMECONST relates to the partial-order
|
||||||
induced trace prolonings.
|
induced trace prolonings.
|
||||||
@ -14,35 +13,6 @@
|
|||||||
- Because the properties checked are related to the partial order reductions,
|
- Because the properties checked are related to the partial order reductions,
|
||||||
it makes sense to check 'all secrecy claims' or 'all synchronisation claims'
|
it makes sense to check 'all secrecy claims' or 'all synchronisation claims'
|
||||||
at once.
|
at once.
|
||||||
- Once an attack is generated, we know the actual scenario and the trace
|
|
||||||
length. We might re-use this information to generate the shortest attack
|
|
||||||
using no partial order reduction. Note that choosing a wise method of
|
|
||||||
finding that is a mathematical issue: searching -t1 is exponential, so how
|
|
||||||
do we step trough these traces in order to find the shortest trace in the
|
|
||||||
quickest way? This can be determined under some (statistical) assumptions.
|
|
||||||
- The incremental check can be done much easier, by just retrying the main
|
|
||||||
loop explore with different parameters. It keeps everything nicely intact.
|
|
||||||
We must check for fails however, and how pruning is affected.
|
|
||||||
- Incremental check can at least be done in two ways: either by limiting the
|
|
||||||
number of runs (big axe method) or by limiting the trace length (nice).
|
|
||||||
There is a drawback to trace length only: the superfluous sends of the
|
|
||||||
algorithm in a scenario with many runs might interfere with the usefulness
|
|
||||||
of short traces. Maybe some heuristic that reduces the runs automatically is
|
|
||||||
required. (e.g. 'number of runs is at most MaxTraceLength/MaxRoleLength' or
|
|
||||||
something like that). Do analysis.
|
|
||||||
- If synch checking is expensive, introduce a limit (for -p0 stuff).
|
|
||||||
Basically, after the limit (if -p0 is set), we stop checking synch claims.
|
|
||||||
This then is default behaviour, to be overridden or changed by a switch.
|
|
||||||
- clp does not yet consider the matching for variables that have not been
|
|
||||||
instantiated. This *might* lead to some improvement, e.g. when there is only
|
|
||||||
one candidate for the variable. In general, I don't think it will help.
|
|
||||||
- match_clp.c 1.25 introduced the variable_in_invkey brancher, which hasn't
|
|
||||||
been thoroughly tested yet. Please do test.
|
|
||||||
- Brutus is slower than -t4. CLP is much, much faster however than both.
|
|
||||||
- It is very important to have variables in the run agent list, because it
|
|
||||||
dramatically decreases the complexity of the system, as opposed to just
|
|
||||||
creating runs for all possibilities. However, this explicitly introduces the
|
|
||||||
clp problem of var encryptions (see above).
|
|
||||||
- Given originator assumptions and such, we might want to implement the
|
- Given originator assumptions and such, we might want to implement the
|
||||||
compiler, that for non-typed matching, it will ignore all type definitions
|
compiler, that for non-typed matching, it will ignore all type definitions
|
||||||
in the code (as in, putting them in stype, but still considering Function).
|
in the code (as in, putting them in stype, but still considering Function).
|
||||||
|
Loading…
Reference in New Issue
Block a user