Cleanup.
This commit is contained in:
Cas Cremers
parent
6e65138dca
commit
a6370726ef
@ -1,47 +0,0 @@
|
|||||||
Design Issues for the Model Checker
|
|
||||||
-----------------------------------
|
|
||||||
|
|
||||||
- For secrecy, we can trigger all sends at once. For synchronisation,
|
|
||||||
this is not the case.
|
|
||||||
|
|
||||||
- Modules have to be split up sensibly.
|
|
||||||
|
|
||||||
- Although 'knowledge' and 'term matching' seem to different items,
|
|
||||||
their intertwined workings suggest that they should be implemented
|
|
||||||
in parallel.
|
|
||||||
|
|
||||||
- State generation (as in creating instances) might already allow for
|
|
||||||
a lot of static analysis.
|
|
||||||
|
|
||||||
- We should make a list of required operations. Ingmar's work can serve
|
|
||||||
as a starting point.
|
|
||||||
|
|
||||||
- For now, there will be no parser, and test cases will be input by
|
|
||||||
hand.
|
|
||||||
|
|
||||||
- Synchronisation is more difficult to test, so we focus on secrecy
|
|
||||||
first. I've got some good ideas on Synchronisation testing though
|
|
||||||
(with narrowing sets of possible partners). Synchronisation is very
|
|
||||||
hard to prune, I presume. I have to prove that though ;)
|
|
||||||
|
|
||||||
Sketch for secrecy:
|
|
||||||
|
|
||||||
SimulateStep(F,M,constraints):
|
|
||||||
if Empty(F):
|
|
||||||
return
|
|
||||||
else:
|
|
||||||
for (s in PossibleSends):
|
|
||||||
add s.message to M
|
|
||||||
if (secrecy violated):
|
|
||||||
halt
|
|
||||||
remove s from F
|
|
||||||
ReadSets = supersetTransitions(F)
|
|
||||||
for (ReadSet in ReadSets):
|
|
||||||
for (s in ReadSet):
|
|
||||||
// dit is vaag
|
|
||||||
if NonMatch goto next ReadSet
|
|
||||||
constraint = F,M,match()
|
|
||||||
SimulateStep(F \ s,M,constraints)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -1,31 +0,0 @@
|
|||||||
Implemented:
|
|
||||||
|
|
||||||
- scans
|
|
||||||
- test functions (in hidelevel.c)
|
|
||||||
|
|
||||||
TODO:
|
|
||||||
|
|
||||||
- use test functions (impossible for pruning, interesting for goal selection heuristic)
|
|
||||||
- state count display switch for comparisons
|
|
||||||
- consider adding info for goal stuff (only from M_0, not by create)
|
|
||||||
|
|
||||||
*******************************************************************
|
|
||||||
|
|
||||||
roivas:~scyther% ./scyther ccitt509-1c.spdl
|
|
||||||
Global constants: [te, ne, Eve, Bob, Alice, unhash, sk, hash, pk]
|
|
||||||
|
|
||||||
Possibly interesting term: unhash; know 2147483647, prot 2147483647
|
|
||||||
Possibly interesting term: sk; know 1, prot 2
|
|
||||||
|
|
||||||
|
|
||||||
roivas:~scyther% ./scyther yahalom.spdl
|
|
||||||
warning: variable T was declared in role yahalom,R but never used in a read event.
|
|
||||||
Global constants: [Simon, Bob, Alice, Compromised, Fresh, k]
|
|
||||||
|
|
||||||
Possibly interesting term: k; know 2147483647, prot 2
|
|
||||||
|
|
||||||
|
|
||||||
roivas:~scyther% ./scyther ns3.spdl
|
|
||||||
Global constants: [Eve, sk, pk]
|
|
||||||
|
|
||||||
Possibly interesting term: sk; know 1, prot 2147483647
|
|
||||||
Loading…
Reference in New Issue
Block a user