This is not a full copy from the compromise branch. In particular,
some counts (in arachne.c) are missing, as well as the modified dot output (dotout.c).
The automatic mechanism to assign labels to claims was dependent on the
context. In practice, a claim could get a different label when analyzed in
isolation compared to when analyzed in parallel with some other protocols. This
caused problems for the multi-protocol analysis.
There are two new claims:
claim(X,Commit,t) : check for agreement on data
claim(X,Running,t) : signaling claim
The property checked is that each claim Commit needs to be preceded by a Running
with an identical term t.
Cherry-picked from commit 99a6be00e9d3d219ec73665607e8a3a7d65d04d1
Given that sk/pk/k are now hardcoded, we can exploit their occurrences with this
new heuristic.
The heuristic can now scan for the lowest term depth at which either sk or k occur.
This will cause the heuristic to favor looking for sk, then sk(x), and only later
other terms. In a small test this was twice as fast. For protocols based on pk only
the performance loss should be negligible.
The old heuristic was 162, now it is 162+512 = 674.
In the near future, the default exit code behavior should be made obsolete anyway,
as the exit codes are not a nice way to report status.
It used to be convenient for shell scripting in early times,
when the parallel tests were run using the forward model
checker, but no modern script should be relying on it.
When untyped variables occur, the encryption level depth pruning is for
now unjustified. Maybe we can get a proof later. Previously this was
hidden, which was a bad design decision. Now the output is much
clearer.
This cleans up some graphs rather nicely. There is only one potential
drawback (not observed in practive):
If two bindings have the same from/to, but different interpretations,
we might lose information. In particular the 'select' intermediate nodes might
pose a problem and we would be better off by not having any interpretation on
what is selected.