It is now possible to declare syntactic macros at the global level.
macro ID = TERM;
After this definition, every occurrence of ID will be replaced by TERM.
For example, this can be used to avoid duplicating message definitions
among roles:
macro M1 = { nI, I}pk(R) ;
protocol X(I,R) {
role I {
send (I,R, M1);
}
role R {
recv (I,R, M1);
}
}
There is a new event:
not match(t1,t2)
where t1,t2 are terms.
They are implemented by using a special claim that simply stores the
intended inequality. The pruning theorems (prune_theorems.c) ensure that
these terms never become equal. If there are equal, the constraint is
violated. As long as they are not equal, there exists a solution using
groung terms such that their instantiation is not equal.
Currently not very efficient implemented and the graph out output is
also ugly for now.
Conflicts:
gui/Scyther/Trace.py
src/compiler.c
src/scanner.l
Introduced a new event:
match(pattern,groundterm)
This event can only be executed if pattern can be matched to groundterm.
Variable substitutions are persistent with respect to later events in
the same role.
Currently implemented as syntactic sugar, essentially unfolded in role R to:
fresh x;
send ( R,R, { groundterm }x );
recv ( R,R, { pattern }x );
This work is not complete yet in the send that the output still contains
the unfolding. Ideally, the graph rendered detects this syntactic sugar
and renders a simplified event. This should be possible on the basis of
the label name prefix.
Conflicts:
src/compiler.c
src/parser.y
src/scanner.l
src/tac.h
After we merged some concepts from the compromise branch, we forgot to add
for the hardcoded PKI that the adversary also should have access to (some) symmetric
keys.
This is not a full copy from the compromise branch. In particular,
some counts (in arachne.c) are missing, as well as the modified dot output (dotout.c).
The automatic mechanism to assign labels to claims was dependent on the
context. In practice, a claim could get a different label when analyzed in
isolation compared to when analyzed in parallel with some other protocols. This
caused problems for the multi-protocol analysis.
There are two new claims:
claim(X,Commit,t) : check for agreement on data
claim(X,Running,t) : signaling claim
The property checked is that each claim Commit needs to be preceded by a Running
with an identical term t.
Cherry-picked from commit 99a6be00e9d3d219ec73665607e8a3a7d65d04d1
Given that sk/pk/k are now hardcoded, we can exploit their occurrences with this
new heuristic.
The heuristic can now scan for the lowest term depth at which either sk or k occur.
This will cause the heuristic to favor looking for sk, then sk(x), and only later
other terms. In a small test this was twice as fast. For protocols based on pk only
the performance loss should be negligible.
The old heuristic was 162, now it is 162+512 = 674.
