The configuration uses a JSON structure with three main sections:
- config: Global system configuration
- tamarin_versions: Named aliases for different Tamarin executables
- tasks: Individual analysis tasks with specific parameters
The global configuration section defines system-wide settings:
{
"config": {
"global_max_cores": 8,
"global_max_memory": 16,
"default_timeout": 7200,
"output_directory": "./results"
}
}global_max_cores(integer or "max", required): Maximum CPU cores availableglobal_max_memory(integer or "max", required): Maximum memory in GB availabledefault_timeout(integer, required): Default timeout in secondsoutput_directory(string, required): Base directory for all output files
Defines named aliases for different Tamarin prover executables:
{
"tamarin_versions": {
"stable": {
"path": "tamarin-binaries/tamarin-prover-1.8/1.8.0/bin/tamarin-prover"
},
"dev": {
"path": "tamarin-binaries/tamarin-prover-dev/1.11.0/bin/tamarin-prover",
"version": "1.11.0",
"test_success": true
}
}
}path(string, required): File path to the Tamarin prover executableversion(string, optional): Version identifier for this Tamarin provertest_success(boolean, optional): Whether this executable passed integrity tests
version and test_success are overwritten by the --revalidate flag. These fields are usually filled by the UI tool to generate a JSON recipe, there is no real reason to use them manually.
Tasks define individual Tamarin analysis configurations. Each task is identified by a unique key:
{
"tasks": {
"example_protocol_basic": {
"theory_file": "protocols/example.spthy",
"tamarin_versions": ["stable", "dev"],
"output_file_prefix": "example_basic",
"resources": {
"max_cores": 4,
"max_memory": 8,
"timeout": 3200
}
}
}
}theory_file(string, required): Path to the.spthytheory file to analyzetamarin_versions(array of strings, required): List of Tamarin version aliases to run this task onoutput_file_prefix(string, required): Prefix for output file names, format :task_id = {output_file_prefix}\_{task_suffix}.spthy
The task_suffix is formatted like following : {lemma}_{tamarin_version} (with lemma added only if a lemma is specified in config)
lemmas(array, optional): Lemmas to prove. If empty or omitted, all lemmas are proved using--prove. Supports prefix matching for convenient lemma selectiontamarin_options(array of strings, optional): Additional command-line options for Tamarinpreprocess_flags(array of strings, optional): Preprocessor flags (passed as-D=flag)resources(object, optional): Resource allocation for this task
Lemmas support comprehensive per-lemma configuration with full inheritance from task-level settings:
{
"lemmas": [
{
"name": "secrecy",
"tamarin_versions": ["stable"],
"resources": {
"max_cores": 2,
"max_memory": 4,
"timeout": 1200
}
},
{
"name": "authentication",
"tamarin_options": ["--heuristic=S"],
"preprocess_flags": ["AuthOptimization"],
"resources": {
"max_cores": 8,
"max_memory": 16,
"timeout": 3600
}
},
{
"name": "basic_lemma"
// Inherits all task-level configuration
}
]
}name(string, required): Name of the lemma to provetamarin_versions(array of strings, optional): Override which tamarin versions to use for this lemmatamarin_options(array of strings, optional): Override tamarin command-line options for this lemmapreprocess_flags(array of strings, optional): Override preprocessor flags for this lemmaresources(object, optional): Override resource allocation for this lemma
Override Behavior: Lemma-level properties completely replace task-level properties (no merging).
When using the interactive init command, you can efficiently select lemmas using prefix matching:
batch-tamarin init protocol.spthyDuring the interactive configuration process, you can:
- Prefix Matching: Type a prefix (e.g.,
auth) to show all lemmas starting with that prefix - Multiple Selection: Select multiple lemmas by their prefixes
- All Lemmas: Leave empty to include all lemmas found in the theory file
Example: If your .spthy file contains lemmas like authentication_lemma, auth_secrecy, and authorization_check, typing auth will show all three for easy selection.
{
"resources": {
"max_cores": 4,
"max_memory": 8,
"timeout": 3200
}
}When a task doesn't specify resources, the following defaults are used:
- 4 Cores
- 16GB Memory
- Timeout:
default_timeout, from yourglobal_configsection
For each task, the system generates Tamarin commands following this pattern:
tamarin-prover [theory_file] [--prove=lemma] [tamarin_options] [preprocess_flags] --output=[output_file]Basic execution (prove all lemmas):
tamarin-prover protocols/example.spthy --prove --output=example_basic_results.txtSpecific lemmas with options:
tamarin-prover protocols/complex_protocol.spthy --prove=secrecy --prove=authentication --diff -D=GoodKeysOnly -D=bindkttoct --output=complex_results.txtOutput files are automatically named based on the configuration to avoid conflicts:
- Pattern:
{output_file}_{tamarin_version} - Example:
results.txt→results_stable.txt,results_dev.txt
- Pattern:
{output_file}_{lemma_name}_{tamarin_version} - Example: With lemma "auth" →
results_auth_stable.txt,results_auth_dev.txt
Batch Tamarin automatically caches execution results to avoid re-running identical tasks. The cache is based on:
- Theory file content (checksum)
- Task configuration (lemma, options, flags)
- Tamarin executable version
Cache Management:
# Clear all cached results
batch-tamarin --rm-cache
# View cache statistics (shows hit/miss ratios)
# Cache info is displayed during normal executionTasks are automatically skipped if their cached results are still valid, significantly reducing execution time for repeated runs.
See the following examples for complete working configurations:
example_config.json- Basic usage with enhanced lemma configurationwpa2.json- Advanced per-lemma resource allocation and version selection