diff --git a/src/claim.h b/src/claim.h index decf803..c66f335 100644 --- a/src/claim.h +++ b/src/claim.h @@ -17,6 +17,13 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ +/** + * =============================================== + * NOTE: + * The claim object structure is defined in role.h + * =============================================== + */ + #ifndef CLAIMS #define CLAIMS diff --git a/src/compiler.c b/src/compiler.c index 67d49ef..5fbeed2 100644 --- a/src/compiler.c +++ b/src/compiler.c @@ -1278,6 +1278,9 @@ tacTermlist (Tac tc) } //! Compute variables for a roles (for Arachne) +/** + * This also takes care of setting the hasUntypedVariable flag, if needed. + */ void compute_role_variables (const System sys, Protocol p, Role r) { @@ -1298,13 +1301,25 @@ compute_role_variables (const System sys, Protocol p, Role r) roledef_iterate_events (r->roledef, process_event); r->variables = tl; + /* + * Iterate over variables for type checks + */ + for (tl = r->variables; tl != NULL; tl = tl->next) + { + if (isOpenVariable (tl->term)) + { + sys->hasUntypedVariable = true; + break; + } + } + #ifdef DEBUG if (DEBUGL (5)) { eprintf ("All variables for role "); termPrint (r->nameterm); eprintf (" are "); - termlistPrint (tl); + termlistPrint (r->variables); eprintf ("\n"); } #endif @@ -1845,6 +1860,10 @@ compute_prec_sets (const System sys) } //! Check unused variables +/** + * Some of this code is duplicated in the code that computes the role variables, so + * that should be cleaned up some day. TODO. + */ void checkRoleVariables (const System sys, const Protocol p, const Role r) { diff --git a/src/prune_theorems.c b/src/prune_theorems.c index 886c9b3..df28a5b 100644 --- a/src/prune_theorems.c +++ b/src/prune_theorems.c @@ -425,15 +425,15 @@ prune_theorems (const System sys) // To be on the safe side, we currently limit the encryption level. /** - * This is not a problem for known attacks, but should be addressed more - * carefully at some point. If there are variables that can contain - * encryptions, this is maybe not correct: make proof! - * - * @todo Fix untyped variables reasoning + * This is valid *only* if there are no ticket-type variables. */ if (term_encryption_level (b->term) > max_encryption_level) { // Prune: we do not need to construct such terms + if (sys->hasUntypedVariable) + { + sys->current_claim->complete = false; + } if (switches.output == PROOF) { indentPrint (); diff --git a/src/system.c b/src/system.c index 1355b09..e8380f1 100644 --- a/src/system.c +++ b/src/system.c @@ -89,6 +89,7 @@ systemInit () sys->bindings = NULL; sys->current_claim = NULL; sys->trustedRoles = NULL; + sys->hasUntypedVariable = false; /* reset global counters */ systemReset (sys); diff --git a/src/system.h b/src/system.h index 7781281..83720f0 100644 --- a/src/system.h +++ b/src/system.h @@ -141,6 +141,7 @@ struct system Claimlist claimlist; //!< List of claims in the system, with occurrence counts List labellist; //!< List of labelinfo stuff int knowledgedefined; //!< True if knowledge is defined for some role (which triggers well-formedness check etc.) + int hasUntypedVariable; //!< True if there is a variable in the role specification that can contain constructors /* constructed trace pointers, static */ Roledef *traceEvent; //!< Trace roledefs: MaxRuns * maxRoledef