This program should be regarded as a DEBUGGING aid, not as a 
certifier of correctness.
Call with the -l flag or read the license file for terms
and conditions of use.
Run this program with "-h" for the list of options.

Bugs, questions, and comments should be directed to
"murphi@verify.stanford.edu".

Murphi compiler last modified date: Jan 29 1999
Include files   last modified date: Jan 29 1999
==========================================================================

==========================================================================
Murphi Release 3.1
Finite-state Concurrent System Verifier.

Copyright (C) 1992 - 1999 by the Board of Trustees of
Leland Stanford Junior University.

==========================================================================

Protocol: chap

Algorithm:
	Verification by breadth first search.
	with symmetry algorithm 3 -- Heuristic Small Memory Normalization
	with permutation trial limit 10.

Memory usage:

	* The size of each state is 354 bits (rounded up to 48 bytes).
	* The memory allocated for the hash table and state queue is
	  104 Mbytes.
	  With two words of overhead per state, the maximum size of
	  the state space is 2001101 states.
	   * Use option "-k" or "-m" to increase this, if necessary.
	* Capacity in queue for breadth-first search: 200110 states.
	   * Change the constant gPercentActiveStates in mu_prolog.inc
	     to increase this, if necessary.

The following is the error trace for the error:

	Invariant "server correctly authenticated" failed.

Startstate Startstate 0 fired.
auth[AuthenticatorId_1].state:A_SLEEP
auth[AuthenticatorId_1].peer:AuthenticatorId_1
peer[PeerId_1].state:P_LINK
peer[PeerId_1].authenticator:PeerId_1
int[IntruderId_1].passwords[AuthenticatorId_1]:false
int[IntruderId_1].passwords[PeerId_1]:false
int[IntruderId_1].passwords[IntruderId_1]:true
int[IntruderId_1].sessions[AuthenticatorId_1][PeerId_1]:false
----------

Rule peer sends Hello (step 1), j:AuthenticatorId_1, i:PeerId_1 fired.
net{0}.source:PeerId_1
net{0}.username:PeerId_1
net{0}.dest:AuthenticatorId_1
net{0}.mType:M_Connect
net{0}.hType:Undefined
net{0}.session.server:Undefined
net{0}.session.client:Undefined
net{0}.nonce:Undefined
net{0}.password:Undefined
peer[PeerId_1].state:P_WAIT_CHALLENGE
peer[PeerId_1].authenticator:AuthenticatorId_1
----------

Rule intruder intercepts, i:IntruderId_1, j:0 fired.
net{0}.source:Undefined
net{0}.username:Undefined
net{0}.dest:Undefined
net{0}.mType:Undefined
net{0}.hType:Undefined
net{0}.session.server:Undefined
net{0}.session.client:Undefined
net{0}.nonce:Undefined
net{0}.password:Undefined
int[IntruderId_1].messages{0}.source:Undefined
int[IntruderId_1].messages{0}.username:PeerId_1
int[IntruderId_1].messages{0}.dest:Undefined
int[IntruderId_1].messages{0}.mType:M_Connect
int[IntruderId_1].messages{0}.hType:Undefined
int[IntruderId_1].messages{0}.session.server:Undefined
int[IntruderId_1].messages{0}.session.client:Undefined
int[IntruderId_1].messages{0}.nonce:Undefined
int[IntruderId_1].messages{0}.password:Undefined
----------

Rule intruder sends recorded message, i:IntruderId_1, j:0, k:AuthenticatorId_1 fired.
net{0}.source:IntruderId_1
net{0}.username:PeerId_1
net{0}.dest:AuthenticatorId_1
net{0}.mType:M_Connect
net{0}.hType:Undefined
net{0}.session.server:Undefined
net{0}.session.client:Undefined
net{0}.nonce:Undefined
net{0}.password:Undefined
----------

Rule server reacts to peer's connect (step 2), j:0, i:AuthenticatorId_1 fired.
net{0}.source:AuthenticatorId_1
net{0}.username:AuthenticatorId_1
net{0}.dest:PeerId_1
net{0}.mType:M_Challenge
net{0}.session.server:AuthenticatorId_1
net{0}.session.client:PeerId_1
net{0}.nonce:PeerId_1
auth[AuthenticatorId_1].state:A_WAIT_RESPONSE
auth[AuthenticatorId_1].peer:PeerId_1
----------

Rule intruder intercepts, i:IntruderId_1, j:0 fired.
net{0}.source:Undefined
net{0}.username:Undefined
net{0}.dest:Undefined
net{0}.mType:Undefined
net{0}.hType:Undefined
net{0}.session.server:Undefined
net{0}.session.client:Undefined
net{0}.nonce:Undefined
net{0}.password:Undefined
int[IntruderId_1].messages{1}.source:Undefined
int[IntruderId_1].messages{1}.username:AuthenticatorId_1
int[IntruderId_1].messages{1}.dest:Undefined
int[IntruderId_1].messages{1}.mType:M_Challenge
int[IntruderId_1].messages{1}.hType:Undefined
int[IntruderId_1].messages{1}.session.server:AuthenticatorId_1
int[IntruderId_1].messages{1}.session.client:PeerId_1
int[IntruderId_1].messages{1}.nonce:PeerId_1
int[IntruderId_1].messages{1}.password:Undefined
----------

Rule intruder sends recorded message, i:IntruderId_1, j:1, k:PeerId_1 fired.
net{0}.source:IntruderId_1
net{0}.username:AuthenticatorId_1
net{0}.dest:PeerId_1
net{0}.mType:M_Challenge
net{0}.hType:Undefined
net{0}.session.server:AuthenticatorId_1
net{0}.session.client:PeerId_1
net{0}.nonce:PeerId_1
net{0}.password:Undefined
----------

Rule peer reacts to challenge (step 3), j:0, i:PeerId_1 fired.
net{0}.source:PeerId_1
net{0}.username:PeerId_1
net{0}.dest:AuthenticatorId_1
net{0}.mType:M_Response
net{0}.hType:H_NT
net{0}.password:PeerId_1
peer[PeerId_1].state:P_WAIT_OK
----------

Rule intruder fakes response to Peer Response, i:IntruderId_1, m:0 fired.
net{0}.source:IntruderId_1
net{0}.username:AuthenticatorId_1
net{0}.dest:PeerId_1
net{0}.mType:M_Success
net{0}.hType:Undefined
net{0}.password:Undefined
----------

Rule peer receives success/failure (step 5), j:0, i:PeerId_1 fired.
The last state of the trace (in full) is:
auth[AuthenticatorId_1].state:A_WAIT_RESPONSE
auth[AuthenticatorId_1].peer:PeerId_1
peer[PeerId_1].state:P_SUCCESS
peer[PeerId_1].authenticator:AuthenticatorId_1
int[IntruderId_1].passwords[AuthenticatorId_1]:false
int[IntruderId_1].passwords[PeerId_1]:false
int[IntruderId_1].passwords[IntruderId_1]:true
int[IntruderId_1].sessions[AuthenticatorId_1][PeerId_1]:false
int[IntruderId_1].messages{0}.source:Undefined
int[IntruderId_1].messages{0}.username:PeerId_1
int[IntruderId_1].messages{0}.dest:Undefined
int[IntruderId_1].messages{0}.mType:M_Connect
int[IntruderId_1].messages{0}.hType:Undefined
int[IntruderId_1].messages{0}.session.server:Undefined
int[IntruderId_1].messages{0}.session.client:Undefined
int[IntruderId_1].messages{0}.nonce:Undefined
int[IntruderId_1].messages{0}.password:Undefined
int[IntruderId_1].messages{1}.source:Undefined
int[IntruderId_1].messages{1}.username:AuthenticatorId_1
int[IntruderId_1].messages{1}.dest:Undefined
int[IntruderId_1].messages{1}.mType:M_Challenge
int[IntruderId_1].messages{1}.hType:Undefined
int[IntruderId_1].messages{1}.session.server:AuthenticatorId_1
int[IntruderId_1].messages{1}.session.client:PeerId_1
int[IntruderId_1].messages{1}.nonce:PeerId_1
int[IntruderId_1].messages{1}.password:Undefined
----------

End of the error trace.

==========================================================================

Result:

	Invariant "server correctly authenticated" failed.

State Space Explored:

	118 states, 178 rules fired in 0.16s.

Analysis of State Space:

	There are rules that are never fired.
	If you are running with symmetry, this may be why.  Otherwise,
	please run this program with "-pr" for the rules information.
	The maximum size for the multiset "net" is: 1.
	The maximum size for the multiset "int[IntruderId_1].messages" is: 2.
