Improved handling of cases with untyped variables.

When untyped variables occur, the encryption level depth pruning is for now unjustified. Maybe we can get a proof later. Previously this was hidden, which was a bad design decision. Now the output is much clearer.
2008-01-28 15:23:40 +01:00 · 2008-01-28 15:23:40 +01:00 · a7c1d8c696
commit a7c1d8c696
parent 03522b7108
5 changed files with 34 additions and 6 deletions
--- a/src/claim.h
+++ b/src/claim.h
@ -17,6 +17,13 @@
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 */

+/**
+ * ===============================================
+ * NOTE:
+ * The claim object structure is defined in role.h
+ * ===============================================
+ */
+
 #ifndef CLAIMS
 #define CLAIMS

--- a/src/compiler.c
+++ b/src/compiler.c
@ -1278,6 +1278,9 @@ tacTermlist (Tac tc)
 }

 //! Compute variables for a roles (for Arachne)
+/**
+ * This also takes care of setting the hasUntypedVariable flag, if needed.
+ */
 void
 compute_role_variables (const System sys, Protocol p, Role r)
 {
@ -1298,13 +1301,25 @@ compute_role_variables (const System sys, Protocol p, Role r)
      roledef_iterate_events (r->roledef, process_event);
      r->variables = tl;

+      /*
+       * Iterate over variables for type checks
+       */
+      for (tl = r->variables; tl != NULL; tl = tl->next)
+	{
+	  if (isOpenVariable (tl->term))
+	    {
+	      sys->hasUntypedVariable = true;
+	      break;
+	    }
+	}
+
 #ifdef DEBUG
      if (DEBUGL (5))
 	{
 	  eprintf ("All variables for role ");
 	  termPrint (r->nameterm);
 	  eprintf (" are ");
-	  termlistPrint (tl);
+	  termlistPrint (r->variables);
 	  eprintf ("\n");
 	}
 #endif
@ -1845,6 +1860,10 @@ compute_prec_sets (const System sys)
 }

 //! Check unused variables
+/**
+ * Some of this code is duplicated in the code that computes the role variables, so
+ * that should be cleaned up some day. TODO.
+ */
 void
 checkRoleVariables (const System sys, const Protocol p, const Role r)
 {
--- a/src/prune_theorems.c
+++ b/src/prune_theorems.c
@ -425,15 +425,15 @@ prune_theorems (const System sys)

      // To be on the safe side, we currently limit the encryption level. 
      /**
-       * This is not a problem for known attacks, but should be addressed more
-       * carefully at some point.  If there are variables that can contain
-       * encryptions, this is maybe not correct: make proof!
-       *
-       * @todo Fix untyped variables reasoning
+       * This is valid *only* if there are no ticket-type variables.
       */
      if (term_encryption_level (b->term) > max_encryption_level)
 	{
 	  // Prune: we do not need to construct such terms
+	  if (sys->hasUntypedVariable)
+	    {
+	      sys->current_claim->complete = false;
+	    }
 	  if (switches.output == PROOF)
 	    {
 	      indentPrint ();
--- a/src/system.c
+++ b/src/system.c
@ -89,6 +89,7 @@ systemInit ()
  sys->bindings = NULL;
  sys->current_claim = NULL;
  sys->trustedRoles = NULL;
+  sys->hasUntypedVariable = false;

  /* reset global counters */
  systemReset (sys);
--- a/src/system.h
+++ b/src/system.h
@ -141,6 +141,7 @@ struct system
  Claimlist claimlist;		//!< List of claims in the system, with occurrence counts
  List labellist;		//!< List of labelinfo stuff
  int knowledgedefined;		//!< True if knowledge is defined for some role (which triggers well-formedness check etc.)
+  int hasUntypedVariable;	//!< True if there is a variable in the role specification that can contain constructors

  /* constructed trace pointers, static */
  Roledef *traceEvent;		//!< Trace roledefs: MaxRuns * maxRoledef