- Debug of optimization.
- Put down skeleton of new idea, related to a lemma from Niek Palm's work. This needs more investigating though.
This commit is contained in:
ccremers
parent
b6806f6aaf
commit
39a2b4878c
@ -208,26 +208,25 @@ explorify (const System sys, const int run)
|
|||||||
flag = 0;
|
flag = 0;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Special check: if agents have been instantiated in such a way that no more claims need to be evaluated, then we can skip
|
* Special checks after (implicit) choose events; always first in run reads.
|
||||||
* further traversal.
|
|
||||||
* Two cases: internal read or first read of a run; both are the first event of a run.
|
|
||||||
*
|
|
||||||
* Efficiency of the next check heavily relies on lazy L-R evaluation
|
|
||||||
*/
|
*/
|
||||||
if (rd == sys->runs[run].start && rd->type == READ)
|
if (rd == sys->runs[run].start && rd->type == READ)
|
||||||
{
|
{
|
||||||
|
int rid;
|
||||||
|
|
||||||
if (inTermlist (sys->untrusted, agentOfRun (sys, run)))
|
if (inTermlist (sys->untrusted, agentOfRun (sys, run)))
|
||||||
{
|
{
|
||||||
/* this run is executed by an untrusted agent, do not explore */
|
/* this run is executed by an untrusted agent, do not explore */
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
else
|
/* executed by trusted agent */
|
||||||
{
|
|
||||||
/* executed by trusted agent, but is there a claim left to explore? */
|
/* Special check 1: if agents have been instantiated in such a way that no more claims need to be evaluated, then we can skip
|
||||||
|
* further traversal.
|
||||||
|
*/
|
||||||
if (sys->secrets == NULL)
|
if (sys->secrets == NULL)
|
||||||
{ /* there are no remaining secrecy claims to be checked */
|
{ /* there are no remaining secrecy claims to be checked */
|
||||||
Roledef rdscan;
|
Roledef rdscan;
|
||||||
int rid;
|
|
||||||
int validclaim;
|
int validclaim;
|
||||||
|
|
||||||
rid = 0;
|
rid = 0;
|
||||||
@ -261,8 +260,25 @@ explorify (const System sys, const int run)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
/* Special check 2: if all agents in each run send only encrypted stuff, and all agents are trusted,
|
||||||
|
* there is no way for the intruder to learn anything else than encrypted terms, so secrecy claims will not
|
||||||
|
* be violated anymore if they contain no terms that are encrypted with such keys */
|
||||||
|
|
||||||
|
//!@todo For now, there is no check that the runs only send publicly encrypted stuff! Just an assumption to be made true using static analysis.
|
||||||
|
|
||||||
|
/*
|
||||||
|
rid = 0;
|
||||||
|
while (rid < sys->maxruns)
|
||||||
|
{
|
||||||
|
if (!untrustedAgent (sys, sys->runs[rid].agents))
|
||||||
|
{
|
||||||
}
|
}
|
||||||
|
rid++;
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Apparently, all is well, and we can explore further */
|
||||||
if (executeStep (sys, run))
|
if (executeStep (sys, run))
|
||||||
{
|
{
|
||||||
/* traverse the system after the step */
|
/* traverse the system after the step */
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user