This program should be regarded as a DEBUGGING aid, not as a 
certifier of correctness.
Call with the -l flag or read the license file for terms
and conditions of use.
Run this program with "-h" for the list of options.

Bugs, questions, and comments should be directed to
"murphi@verify.stanford.edu".

Murphi compiler last modified date: Jan 29 1999
Include files   last modified date: Jan 29 1999
==========================================================================

==========================================================================
Murphi Release 3.1
Finite-state Concurrent System Verifier.

Copyright (C) 1992 - 1999 by the Board of Trustees of
Leland Stanford Junior University.

==========================================================================

Protocol: chap

Algorithm:
	Verification by breadth first search.
	with symmetry algorithm 3 -- Heuristic Small Memory Normalization
	with permutation trial limit 10.

Memory usage:

	* The size of each state is 79 bits (rounded up to 12 bytes).
	* The memory allocated for the hash table and state queue is
	  104 Mbytes.
	  With two words of overhead per state, the maximum size of
	  the state space is 6393757 states.
	   * Use option "-k" or "-m" to increase this, if necessary.
	* Capacity in queue for breadth-first search: 639375 states.
	   * Change the constant gPercentActiveStates in mu_prolog.inc
	     to increase this, if necessary.

Progress Report:

	1000 states explored in 0.35s, with 2695 rules fired and 444 states in the queue.
	2000 states explored in 0.37s, with 5963 rules fired and 701 states in the queue.

The following is the error trace for the error:

	Invariant "server correctly authenticated" failed.

Startstate Startstate 0 fired.
auth[AuthenticatorId_1].state:A_SLEEP
auth[AuthenticatorId_1].peer:Undefined
peer[PeerId_1].state:P_LINK
peer[PeerId_1].authenticator:Undefined
int[IntruderId_1].passwords[PeerId_1]:false
int[IntruderId_1].passwords[IntruderId_1]:true
int[IntruderId_1].serverNonces[AuthenticatorId_1]:false
int[IntruderId_1].serverNonces[IntruderId_1]:true
int[IntruderId_1].NTResponses[AuthenticatorId_1][PeerId_1][AuthenticatorId_1][PeerId_1]:false
int[IntruderId_1].NTResponses[AuthenticatorId_1][PeerId_1][AuthenticatorId_1][IntruderId_1]:false
int[IntruderId_1].NTResponses[AuthenticatorId_1][PeerId_1][IntruderId_1][PeerId_1]:false
int[IntruderId_1].NTResponses[AuthenticatorId_1][PeerId_1][IntruderId_1][IntruderId_1]:false
int[IntruderId_1].NTResponses[AuthenticatorId_1][IntruderId_1][AuthenticatorId_1][PeerId_1]:false
int[IntruderId_1].NTResponses[AuthenticatorId_1][IntruderId_1][AuthenticatorId_1][IntruderId_1]:false
int[IntruderId_1].NTResponses[AuthenticatorId_1][IntruderId_1][IntruderId_1][PeerId_1]:false
int[IntruderId_1].NTResponses[AuthenticatorId_1][IntruderId_1][IntruderId_1][IntruderId_1]:false
int[IntruderId_1].NTResponses[IntruderId_1][PeerId_1][AuthenticatorId_1][PeerId_1]:false
int[IntruderId_1].NTResponses[IntruderId_1][PeerId_1][AuthenticatorId_1][IntruderId_1]:false
int[IntruderId_1].NTResponses[IntruderId_1][PeerId_1][IntruderId_1][PeerId_1]:false
int[IntruderId_1].NTResponses[IntruderId_1][PeerId_1][IntruderId_1][IntruderId_1]:false
int[IntruderId_1].NTResponses[IntruderId_1][IntruderId_1][AuthenticatorId_1][PeerId_1]:false
int[IntruderId_1].NTResponses[IntruderId_1][IntruderId_1][AuthenticatorId_1][IntruderId_1]:false
int[IntruderId_1].NTResponses[IntruderId_1][IntruderId_1][IntruderId_1][PeerId_1]:false
int[IntruderId_1].NTResponses[IntruderId_1][IntruderId_1][IntruderId_1][IntruderId_1]:true
int[IntruderId_1].sessions[AuthenticatorId_1][PeerId_1]:false
int[IntruderId_1].sessions[AuthenticatorId_1][IntruderId_1]:false
int[IntruderId_1].sessions[IntruderId_1][PeerId_1]:true
int[IntruderId_1].sessions[IntruderId_1][IntruderId_1]:false
----------

Rule Intruder says hello!, i:IntruderId_1, claimed_peer:PeerId_1, destination:AuthenticatorId_1 fired.
net{0}.fromIntruder:true
net{0}.mType:M_Connect
net{0}.session.server:AuthenticatorId_1
net{0}.session.client:PeerId_1
net{0}.serverNonce:Undefined
net{0}.response.session.server:Undefined
net{0}.response.session.client:Undefined
net{0}.response.serverNonce:Undefined
net{0}.response.password:Undefined
----------

Rule authenticator s reacts to peer's connect (step 2), m:0, s:AuthenticatorId_1 fired.
net{0}.fromIntruder:false
net{0}.mType:M_Challenge
net{0}.serverNonce:AuthenticatorId_1
auth[AuthenticatorId_1].state:A_WAIT_RESPONSE
auth[AuthenticatorId_1].peer:PeerId_1
----------

Rule intruder intercepts, i:IntruderId_1, m:0 fired.
net{0}.fromIntruder:Undefined
net{0}.mType:Undefined
net{0}.session.server:Undefined
net{0}.session.client:Undefined
net{0}.serverNonce:Undefined
net{0}.response.session.server:Undefined
net{0}.response.session.client:Undefined
net{0}.response.serverNonce:Undefined
net{0}.response.password:Undefined
int[IntruderId_1].serverNonces[AuthenticatorId_1]:true
int[IntruderId_1].sessions[AuthenticatorId_1][PeerId_1]:true
----------

Rule peer sends Hello (step 1), s:AuthenticatorId_1, p:PeerId_1 fired.
net{0}.fromIntruder:false
net{0}.mType:M_Connect
net{0}.session.server:AuthenticatorId_1
net{0}.session.client:PeerId_1
net{0}.serverNonce:Undefined
net{0}.response.session.server:Undefined
net{0}.response.session.client:Undefined
net{0}.response.serverNonce:Undefined
net{0}.response.password:Undefined
peer[PeerId_1].state:P_WAIT_CHALLENGE
peer[PeerId_1].authenticator:AuthenticatorId_1
----------

Rule intruder intercepts, i:IntruderId_1, m:0 fired.
net{0}.fromIntruder:Undefined
net{0}.mType:Undefined
net{0}.session.server:Undefined
net{0}.session.client:Undefined
net{0}.serverNonce:Undefined
net{0}.response.session.server:Undefined
net{0}.response.session.client:Undefined
net{0}.response.serverNonce:Undefined
net{0}.response.password:Undefined
----------

Rule Intruder sends M_Challenge, nonce_owner:AuthenticatorId_1, claimed_server:AuthenticatorId_1, destination:PeerId_1, i:IntruderId_1 fired.
net{0}.fromIntruder:true
net{0}.mType:M_Challenge
net{0}.session.server:AuthenticatorId_1
net{0}.session.client:PeerId_1
net{0}.serverNonce:AuthenticatorId_1
net{0}.response.session.server:Undefined
net{0}.response.session.client:Undefined
net{0}.response.serverNonce:Undefined
net{0}.response.password:Undefined
----------

Rule peer reacts to challenge (step 3), m:0, p:PeerId_1 fired.
net{0}.fromIntruder:false
net{0}.mType:M_Response
net{0}.serverNonce:Undefined
net{0}.response.session.server:AuthenticatorId_1
net{0}.response.session.client:PeerId_1
net{0}.response.serverNonce:AuthenticatorId_1
net{0}.response.password:PeerId_1
peer[PeerId_1].state:P_WAIT_OK
----------

Rule intruder intercepts, i:IntruderId_1, m:0 fired.
net{0}.fromIntruder:Undefined
net{0}.mType:Undefined
net{0}.session.server:Undefined
net{0}.session.client:Undefined
net{0}.serverNonce:Undefined
net{0}.response.session.server:Undefined
net{0}.response.session.client:Undefined
net{0}.response.serverNonce:Undefined
net{0}.response.password:Undefined
int[IntruderId_1].NTResponses[AuthenticatorId_1][PeerId_1][AuthenticatorId_1][PeerId_1]:true
----------

Rule Intruder sends M_Success, s:AuthenticatorId_1, p:PeerId_1, i:IntruderId_1 fired.
net{0}.fromIntruder:true
net{0}.mType:M_Success
net{0}.session.server:AuthenticatorId_1
net{0}.session.client:PeerId_1
net{0}.serverNonce:Undefined
net{0}.response.session.server:Undefined
net{0}.response.session.client:Undefined
net{0}.response.serverNonce:Undefined
net{0}.response.password:Undefined
----------

Rule peer receives success/failure (step 5), m:0, p:PeerId_1 fired.
The last state of the trace (in full) is:
auth[AuthenticatorId_1].state:A_WAIT_RESPONSE
auth[AuthenticatorId_1].peer:PeerId_1
peer[PeerId_1].state:P_SUCCESS
peer[PeerId_1].authenticator:AuthenticatorId_1
int[IntruderId_1].passwords[PeerId_1]:false
int[IntruderId_1].passwords[IntruderId_1]:true
int[IntruderId_1].serverNonces[AuthenticatorId_1]:true
int[IntruderId_1].serverNonces[IntruderId_1]:true
int[IntruderId_1].NTResponses[AuthenticatorId_1][PeerId_1][AuthenticatorId_1][PeerId_1]:true
int[IntruderId_1].NTResponses[AuthenticatorId_1][PeerId_1][AuthenticatorId_1][IntruderId_1]:false
int[IntruderId_1].NTResponses[AuthenticatorId_1][PeerId_1][IntruderId_1][PeerId_1]:false
int[IntruderId_1].NTResponses[AuthenticatorId_1][PeerId_1][IntruderId_1][IntruderId_1]:false
int[IntruderId_1].NTResponses[AuthenticatorId_1][IntruderId_1][AuthenticatorId_1][PeerId_1]:false
int[IntruderId_1].NTResponses[AuthenticatorId_1][IntruderId_1][AuthenticatorId_1][IntruderId_1]:false
int[IntruderId_1].NTResponses[AuthenticatorId_1][IntruderId_1][IntruderId_1][PeerId_1]:false
int[IntruderId_1].NTResponses[AuthenticatorId_1][IntruderId_1][IntruderId_1][IntruderId_1]:false
int[IntruderId_1].NTResponses[IntruderId_1][PeerId_1][AuthenticatorId_1][PeerId_1]:false
int[IntruderId_1].NTResponses[IntruderId_1][PeerId_1][AuthenticatorId_1][IntruderId_1]:false
int[IntruderId_1].NTResponses[IntruderId_1][PeerId_1][IntruderId_1][PeerId_1]:false
int[IntruderId_1].NTResponses[IntruderId_1][PeerId_1][IntruderId_1][IntruderId_1]:false
int[IntruderId_1].NTResponses[IntruderId_1][IntruderId_1][AuthenticatorId_1][PeerId_1]:false
int[IntruderId_1].NTResponses[IntruderId_1][IntruderId_1][AuthenticatorId_1][IntruderId_1]:false
int[IntruderId_1].NTResponses[IntruderId_1][IntruderId_1][IntruderId_1][PeerId_1]:false
int[IntruderId_1].NTResponses[IntruderId_1][IntruderId_1][IntruderId_1][IntruderId_1]:true
int[IntruderId_1].sessions[AuthenticatorId_1][PeerId_1]:true
int[IntruderId_1].sessions[AuthenticatorId_1][IntruderId_1]:false
int[IntruderId_1].sessions[IntruderId_1][PeerId_1]:true
int[IntruderId_1].sessions[IntruderId_1][IntruderId_1]:false
----------

End of the error trace.

==========================================================================

Result:

	Invariant "server correctly authenticated" failed.

State Space Explored:

	2568 states, 7206 rules fired in 0.38s.

Analysis of State Space:

	There are rules that are never fired.
	If you are running with symmetry, this may be why.  Otherwise,
	please run this program with "-pr" for the rules information.
	The maximum size for the multiset "net" is: 1.
