diff --git a/src/modelchecker.c b/src/modelchecker.c index b08dd43..83acdc4 100644 --- a/src/modelchecker.c +++ b/src/modelchecker.c @@ -187,11 +187,9 @@ executeStep (const System sys, const int run) return 1; } -/* - * explorify - * +//! Explores the system state given by the next step of a run. +/** * grandiose naming scheme (c) sjors dubya. - * explores the system state given by the next step of a run. */ int @@ -207,19 +205,27 @@ explorify (const System sys, const int run) exit (1); } - if (executeStep (sys, run)) - { - /* traverse the system after the step */ + flag = 0; - flag = traverse (sys); + /* special check: internal read + * Efficiency of the next check heavily relies on lazy L-R evaluation + */ + if (rd->internal && rd->type == READ && inTermlist (sys->untrusted, agentOfRun (sys, run))) + { + /* this run is executed by an untrusted agent, do not explore */ } else { - flag = 0; + if (executeStep (sys, run)) + { + /* traverse the system after the step */ + + flag = traverse (sys); + runPointerSet (sys, run, rd); + sys->step--; + indentSet (sys->step); + } } - runPointerSet (sys, run, rd); - sys->step--; - indentSet (sys->step); return flag; } diff --git a/src/todo.txt b/src/todo.txt index e6549ec..a355d28 100644 --- a/src/todo.txt +++ b/src/todo.txt @@ -1,20 +1,18 @@ +- Constraint logic now also has no checks for when a run is done by the + intruder (which should be excluded). - Fix constants in intruder knowledge. Auto add single one of each type, when typed expl. Add single constant when untyped. Fix this also in semantics, and add proof to establish sufficiency. - Fix function handling (signatures). -- Make state space output using dot package. - Intruder should at least have one copy of each type that an agent can construct, I think in any case. Proof needed for single identifier need. Furthermore reduction if type flaw testing; only one constant needed. -- Functions should have a signature. - State counter is off by one. Should start at 1, or should add 1 at printing. - Make filter switch, allowing maybe for some claims only to be evaluated. --check=Secret, --check-all as default. - Some compiler errors are still sent to stdout. This must be fixed ASAP! because it means people get an invisible error using the scripts. -- There is a possible memory leak when buffering attacks, e.g. with -p0. - Investigate. - Make --with-argtabledir= something switch, replacing README/galious-configure.sh constructs. - Move initial intruder knowledge maybe into the title of the MSC.