init - first working version

tests/drop/t1-drop.pml

@@ -0,0 +1,20 @@
+// INTENDED BEHAVIOR: acceptance cycle
+chan c = [8] of { byte };
+byte q=1;
+
+init {
+c!5;
+}
+
+active proctype consume() {
+MAIN:
+  do 
+  :: c ? 5 -> goto PROC;
+  od
+PROC:
+  q=0;
+}
+
+ltl proc {
+  eventually (q == 0);
+}

tests/drop/t2-drop.pml

@@ -0,0 +1,22 @@
+// INTENDED BEHAVIOR: no violation
+// explanation: attacker can only drop one message, but two are on the channel
+chan c = [8] of { byte };
+byte q=1;
+
+init {
+c!5;
+c!5;
+}
+
+active proctype consume() {
+MAIN:
+  do 
+  :: c ? 5 -> goto PROC;
+  od
+PROC:
+  q=0;
+}
+
+ltl proc {
+  eventually (q == 0);
+}

tests/drop/t3-drop.pml

@@ -0,0 +1,22 @@
+// INTENDED BEHAVIOR: violation
+// explanation: attacker should be able to drop both messages
+chan c = [8] of { byte };
+byte q=1;
+
+init {
+c!5;
+c!5;
+}
+
+active proctype consume() {
+MAIN:
+  do 
+  :: c ? 5 -> goto PROC;
+  od
+PROC:
+  q=0;
+}
+
+ltl proc {
+  eventually (q == 0);
+}

tests/drop/t4-drop.pml

@@ -0,0 +1,24 @@
+// INTENDED BEHAVIOR: violation
+// explanation: drop attacker should be able to find the attack in the middle of the chan
+chan c = [8] of { byte };
+byte q=1;
+
+init {
+c!3;
+c!5;
+c!6;
+
+}
+
+active proctype consume() {
+MAIN:
+  do 
+  :: c ? 5 -> goto PROC;
+  od
+PROC:
+  q=0;
+}
+
+ltl proc {
+  eventually (q == 0);
+}

tests/drop/t5-drop-multi.pml

@@ -0,0 +1,24 @@
+// INTENDED BEHAVIOR: acceptance cycle
+chan c = [8] of { byte };
+byte q=1;
+
+init {
+c!5;
+c!5;
+c!5;
+c!5;
+c!5;
+}
+
+active proctype consume() {
+MAIN:
+  do 
+  :: c ? 5 -> goto PROC;
+  od
+PROC:
+  q=0;
+}
+
+ltl proc {
+  eventually (q == 0);
+}

tests/drop/t6-drop-overwhelm.pml

@@ -0,0 +1,24 @@
+// INTENDED BEHAVIOR: acceptance cycle
+chan c = [8] of { byte };
+byte q=1;
+
+init {
+c!5;
+c!5;
+c!5;
+c!5;
+c!5;
+}
+
+active proctype consume() {
+MAIN:
+  do 
+  :: c ? 5 -> goto PROC;
+  od
+PROC:
+  q=0;
+}
+
+ltl proc {
+  eventually (q == 0);
+}