auditor, branch HEAD

meta: readme

2026-04-20T08:37:48Z

commit 5c94996fc63c8005b8eba620933adf31620e82c6 parent 1d36785c4bbe482bca5ea0d1f6453e55c524c972 Author: Jared Tobin Date: Mon, 20 Apr 2026 16:37:48 +0800 meta: readme

etc: add misc data files

2026-04-20T08:37:31Z

commit 1d36785c4bbe482bca5ea0d1f6453e55c524c972 parent 409a3ed8f7c3eab88eef8563a5ab4d8503b6da0f Author: Jared Tobin Date: Mon, 20 Apr 2026 16:37:31 +0800 etc: add misc data files

meta: readme

2026-02-28T12:19:20Z

commit 409a3ed8f7c3eab88eef8563a5ab4d8503b6da0f parent e4464a0e0b0c43b655369ba77274188bbb1477d0 Author: Jared Tobin Date: Sat, 28 Feb 2026 16:19:20 +0400 meta: readme

fix: address review feedback for RuntimeConfig refactoring

2026-02-28T09:36:56Z

commit e4464a0e0b0c43b655369ba77274188bbb1477d0 parent 9a4b2fe34c3c30278e85ed7345299ee4e8e5530a Author: Jared Tobin Date: Sat, 28 Feb 2026 13:36:56 +0400 fix: address review feedback for RuntimeConfig refactoring - CLI backward-compat flags: switch <|> switch always succeeds on the left branch (False), so hidden aliases were never reached. Fix by using a single switch with multiple long modifiers. - checkCFGInterProc: hardcoded TaintConfig Map.empty True, ignoring rtSecondaryStack/ssAssumePublic. Now derives tcAssumeStgPublic from the runtime config, consistent with checkCFG. Co-Authored-By: Claude Opus 4.6

feat: parameterise all analysis over RuntimeConfig

2026-02-28T09:13:14Z

commit 9a4b2fe34c3c30278e85ed7345299ee4e8e5530a parent 9bb1c0547562a533bf8e7259310cda9115c33fdf Author: Jared Tobin Date: Sat, 28 Feb 2026 13:13:14 +0400 feat: parameterise all analysis over RuntimeConfig Isolate GHC/STG-specific logic behind a RuntimeConfig record so the auditor can support multiple runtimes. RuntimeConfig captures public root registers, secondary stack configuration, local label classification, pointer untagging masks, NCT pattern filtering, and symbol encoding as data/closures selected once at CLI parse time. New modules: - Audit.AArch64.Runtime: RuntimeConfig and SecondaryStack types - Audit.AArch64.Runtime.GHC: ghcRuntime, genericRuntime, moved isGhcRuntimeFinding helpers, zEncodeSymbol, ghcIsLocalLabel Key changes: - Types.hs: NctReason, NctFinding, LineMap moved here from NCT.hs to break circular dependency with Runtime.hs - CFG.hs: isFunctionLabel, buildCFG, callTargets, buildCallGraph gain RuntimeConfig parameter; LLVM prefixes stay as base checks, NCG prefixes delegated to rtIsLocalLabel - Taint.hs: all hardcoded X20/STG stack logic generalised to secondary stack via ssBaseReg; publicRoots, initTaintState, analyzeLine, runDataflow and all variants gain RuntimeConfig; isPointerUntagMask checks rtUntagMasks - Check.hs: all check functions gain RuntimeConfig - NCT.hs: scanNct gains RuntimeConfig; isGhcRuntimeFinding and helpers removed (moved to Runtime/GHC.hs); filterGhcRuntime replaced by generic filterRuntimePatterns - CallGraph.hs: buildCallGraph gains RuntimeConfig - AArch64.hs: all public API functions gain RuntimeConfig; exports RuntimeConfig, SecondaryStack, ghcRuntime, genericRuntime - Main.hs: --runtime flag (haskell|generic); --show-ghc-runtime renamed to --show-runtime-patterns; --assume-stg-private renamed to --assume-secondary-private; old flags kept as hidden aliases; zEncodeSymbol removed in favour of rtEncodeSymbol from config All 115 tests pass. No behaviour change when using ghcRuntime (the default). Co-Authored-By: Claude Opus 4.6

feat: preserve callee-saved taint across external calls/jumps

2026-02-27T14:11:06Z

commit 9bb1c0547562a533bf8e7259310cda9115c33fdf parent c71f0b539b1e57c0c618fceafd2a506dcbd86ec9 Author: Jared Tobin Date: Fri, 27 Feb 2026 18:11:06 +0400 feat: preserve callee-saved taint across external calls/jumps Per AArch64 ABI, registers X19-X28 are callee-saved. External functions must preserve them, so taint in these registers survives calls. Changes: - Use invalidateCallerSaved for external tail calls and indirect jumps (br), preserving X19-X28 taint - Remove unused invalidateStgArgRegs function - Add tests for callee-saved preservation across external bl and blr Note: mul_wnaf still shows 0 secret violations because the secret is in a boxed Integer closure. The secret_pointee config points to the closure, but the first load [ptr] returns the info pointer, not the secret value. Type-aware analysis would be needed to handle boxed types properly. Co-Authored-By: Claude Opus 4.5

fix: address review feedback for tail call propagation

2026-02-27T11:10:12Z

commit c71f0b539b1e57c0c618fceafd2a506dcbd86ec9 parent 9945a6a7a5d020dfd44f8ba4e830ec96e877ed4f Author: Jared Tobin Date: Fri, 27 Feb 2026 15:10:12 +0400 fix: address review feedback for tail call propagation - Don't apply summaries for in-file tail calls; let CFG edges propagate state. This preserves x0-x7 argument taint across tail calls. - Use enclosing function label for violation symbols instead of block label (fixes attribution for local labels like Lc*). - Add blockFunction helper to CFG.hs for block->function lookup. - Add test case verifying x0 taint preserved across in-file tail calls. Co-Authored-By: Claude Opus 4.5

feat: add inter-procedural tail call taint propagation

2026-02-27T11:02:53Z

commit 9945a6a7a5d020dfd44f8ba4e830ec96e877ed4f parent b9de77630868522fb609abfb0d418b98bae84677 Author: Jared Tobin Date: Fri, 27 Feb 2026 15:02:53 +0400 feat: add inter-procedural tail call taint propagation STG code uses `b _function_info` (tail calls) and `br xN` (indirect jumps) for control flow rather than `bl`. This change enables taint propagation across these boundaries within the same assembly file. Changes: - CFG.hs: extend callTargets to include B to function labels as tail call edges - Taint.hs: handle B/Br in transferWithSummary, add invalidateStgArgRegs for conservative handling of unknown targets, add runDataflowWithConfigAndSummaries for whole-file dataflow - Check.hs: update checkCFGInterProc and checkCFGInterProcWithConfig to use whole-file dataflow with summaries - Main.hs: add tailCallTests group with 10 test cases Co-Authored-By: Claude Opus 4.5

fix: clarify isSecretViolation and add comment for reg-offset handling

2026-02-26T13:32:57Z

commit b9de77630868522fb609abfb0d418b98bae84677 parent 6dd91fa69d98bf078cf11ec505c236699993bd5d Author: Jared Tobin Date: Thu, 26 Feb 2026 17:32:57 +0400 fix: clarify isSecretViolation and add comment for reg-offset handling - NonConstOffset is a structural violation, not secret-derived; return False from isSecretViolation to avoid inflating secret violation counts - Add comment explaining why register-offset modes fall through to coarse heap handling (dynamic offset prevents refined slot tracking) Co-Authored-By: Claude Opus 4.5

fix: improve secret_pointee handling and add tests

2026-02-26T13:22:02Z

commit 6dd91fa69d98bf078cf11ec505c236699993bd5d parent 191611b72312b0990f0e4488c2c61ce47bcd1c3a Author: Jared Tobin Date: Thu, 26 Feb 2026 17:22:02 +0400 fix: improve secret_pointee handling and add tests Address reviewer feedback: - Handle register-offset addressing modes (BaseReg, BaseRegShift, BaseRegExtend) for secret_pointee, not just BaseImm - Require KindPtr and Public taint for isSecretDataPointer, so non-pointer arithmetic invalidates the secret pointee property - Add comprehensive tests: - Load through secret_pointee with immediate offset - Load through secret_pointee with register offset - secret takes precedence over secret_pointee - Non-pointer arithmetic (mul) invalidates secret_pointee - Pointer arithmetic (add #imm) preserves secret_pointee Co-Authored-By: Claude Opus 4.5

docs: modernize README with current features

2026-02-26T13:14:54Z

commit 191611b72312b0990f0e4488c2c61ce47bcd1c3a parent f1f3facd8d49e27fc1f2d90ed222d42025838043 Author: Jared Tobin Date: Thu, 26 Feb 2026 17:14:54 +0400 docs: modernize README with current features Update documentation to cover: - Taint analysis with inter-procedural support - Taint configuration files (secret, public, secret_pointee, STG slots) - NCT scan mode with symbol-focused analysis - GHC runtime filtering - Utility commands (list-symbols, filter, zsymbol) - Updated limitations section Co-Authored-By: Claude Opus 4.5

feat: add secret_pointee policy for pointer-to-secret semantics

2026-02-26T13:12:42Z

commit f1f3facd8d49e27fc1f2d90ed222d42025838043 parent 3ce10429d8b217ce743eaf8823961afa536a9aba Author: Jared Tobin Date: Thu, 26 Feb 2026 17:12:42 +0400 feat: add secret_pointee policy for pointer-to-secret semantics Adds support for marking registers as pointers to secret data, where the pointer address is public but loads through it produce Secret taint. This models closure pointers whose payloads contain secrets. Changes: - Add ProvSecretData to Provenance type - Add apSecretPointee field to ArgPolicy - Add "secret_pointee" JSON key for taint configs - Update load handling to produce Secret when base has ProvSecretData - joinProvenance: ProvSecretData dominates ProvPublic Co-Authored-By: Claude Opus 4.5

fix: fail fast on mismatched config

2026-02-26T12:51:25Z

commit 3ce10429d8b217ce743eaf8823961afa536a9aba parent 4a6f3a6ad8cb49b48c71191a41d94bdf18e271e3 Author: Jared Tobin Date: Thu, 26 Feb 2026 16:51:25 +0400 fix: fail fast on mismatched config

feat: assume STG stack slots are public by default

2026-02-26T12:35:30Z

commit 4a6f3a6ad8cb49b48c71191a41d94bdf18e271e3 parent 70ad704ffd5bd9000441e69539fbfc3e34f74104 Author: Jared Tobin Date: Thu, 26 Feb 2026 16:35:30 +0400 feat: assume STG stack slots are public by default GHC's STG stack holds closure pointers and return addresses, which are inherently public (addresses, not secret data). This adds a configurable assumption that untracked STG stack slots default to Public/ProvPublic/KindPtr. - Add tcAssumeStgPublic to TaintConfig (default: True) - Add tsAssumeStgPublic to TaintState, threaded through dataflow - Add --assume-stg-private CLI flag to restore conservative behavior - Update setTaintLoadStgStack to use the assumption for defaults This eliminates false positives from STG stack loads at function entry, such as the x22 violation in continuation blocks that load arguments from [x20, #offset]. Co-Authored-By: Claude Opus 4.5

feat: add --zsymbol flag for human-readable symbol input

2026-02-14T09:46:02Z

commit 70ad704ffd5bd9000441e69539fbfc3e34f74104 parent 1bfe17d14e2dd2ecf12e2e937aab38a2b71c1bc0 Author: Jared Tobin Date: Sat, 14 Feb 2026 13:46:02 +0400 feat: add --zsymbol flag for human-readable symbol input Adds z-encoding support to convert human-readable Haskell symbols to GHC's internal z-encoded format. Input format uses colons as separators: :: Automatically prepends _ and appends _info$def. Example: pkg-1.0:Mod.Sub:sqrt_vartime -> _pkgzm1zi0_ModziSub_sqrtzuvartime_info$def Encodes: - -> zm, . -> zi, _ -> zu, z -> zz, Z -> ZZ, $ -> zd, ' -> zq, # -> zh Co-Authored-By: Claude Opus 4.5

fix: replace lazy foldl with foldl' to avoid space leaks

2026-02-14T07:49:22Z

commit 1bfe17d14e2dd2ecf12e2e937aab38a2b71c1bc0 parent 622a7ad267120de5326656b4aa68096d41d5c28d Author: Jared Tobin Date: Sat, 14 Feb 2026 11:49:22 +0400 fix: replace lazy foldl with foldl' to avoid space leaks Lazy foldl builds thunks when accumulating strict tuples with Maps. Use foldl' from Data.List in CFG, NCT, and CallGraph modules. Co-Authored-By: Claude Opus 4.5

fix: make --callers work with --scan-nct --symbol

2026-02-13T16:09:57Z

commit 622a7ad267120de5326656b4aa68096d41d5c28d parent 85d6377d5d28913567bfb2226ab1c319717ca399 Author: Jared Tobin Date: Fri, 13 Feb 2026 20:09:57 +0400 fix: make --callers work with --scan-nct --symbol Previously --callers only affected --list-symbols mode. Now it also works with NCT scanning to analyze all symbols that can reach the target rather than all symbols the target can reach. Co-Authored-By: Claude Opus 4.5

feat: add --callers/-c option for reverse reachability

2026-02-13T16:07:08Z

commit 85d6377d5d28913567bfb2226ab1c319717ca399 parent 490a29c43a37c1dfd2c81d8cbe7e163afc6f498e Author: Jared Tobin Date: Fri, 13 Feb 2026 20:07:08 +0400 feat: add --callers/-c option for reverse reachability Shows all symbols that can reach a target symbol (reverse of --symbol). Uses graph transpose for efficient reverse traversal. Usage: auditor -l -s SYMBOL -i file.s # callees (default) auditor -l -s SYMBOL -c -i file.s # callers Co-Authored-By: Claude Opus 4.5

feat: add --list-symbols/-l option to list function symbols

2026-02-13T15:56:36Z

commit 490a29c43a37c1dfd2c81d8cbe7e163afc6f498e parent b9e0153adc2546f8b29a243149b6f0349c9aef01 Author: Jared Tobin Date: Fri, 13 Feb 2026 19:56:36 +0400 feat: add --list-symbols/-l option to list function symbols Lists all function symbols in an assembly file. Supports filtering with --filter/-f PATTERN to show only symbols containing the pattern. Usage: auditor -l -f schnorr -i file.s Co-Authored-By: Claude Opus 4.5

feat: add symbol-focused NCT scan with call graph analysis (IMPL24)

2026-02-13T15:19:10Z

commit b9e0153adc2546f8b29a243149b6f0349c9aef01 parent 50e1c801e8d53f2da47b11b8b858a6978f800104 Author: Jared Tobin Date: Fri, 13 Feb 2026 19:19:10 +0400 feat: add symbol-focused NCT scan with call graph analysis (IMPL24) Adds --symbol/-s option to filter NCT scan to a specific symbol and its transitive callees. Uses Data.Graph for reachability computation. - New CallGraph module with buildCallGraph, reachableSymbols, symbolExists - scanNctFileForSymbol returns SymbolScanResult with filtered findings - CLI shows root symbol, reachable count, and findings summary - 6 new tests for call graph functionality Co-Authored-By: Claude Opus 4.5

feat: filter GHC closure table lookups from NCT findings (IMPL23)

2026-02-13T06:52:04Z

commit 50e1c801e8d53f2da47b11b8b858a6978f800104 parent 193e20530319c6eba1f81ea7ee1f5f023b885881 Author: Jared Tobin Date: Fri, 13 Feb 2026 10:52:04 +0400 feat: filter GHC closure table lookups from NCT findings (IMPL23) Register-indexed loads from *_closure_tbl symbols (e.g., Bool_closure_tbl) are GHC runtime boxing operations, not secret-dependent table lookups. Pattern detected: adrp x9, _ghczmprim_GHCziTypes_Bool_closure_tbl@GOTPAGE ldr x9, [x9, ...] ldr x22, [x9, w8, uxtw #3] ; <-- was flagged as reg-index Now scans backwards within BB to check if base register was loaded from a closure table symbol. secp256k1.s: 252 -> 246 findings (6 Bool boxing operations filtered) Co-Authored-By: Claude Opus 4.5

feat: hide GHC runtime findings by default in NCT scan

2026-02-13T04:52:30Z

commit 193e20530319c6eba1f81ea7ee1f5f023b885881 parent 6ae7b16a191faf0b0da81403533ecffef84c99be Author: Jared Tobin Date: Fri, 13 Feb 2026 08:52:30 +0400 feat: hide GHC runtime findings by default in NCT scan Add --show-ghc-runtime flag to display GHC runtime patterns in NCT scan output. By default, only non-runtime findings are shown for cleaner output focused on user code. Co-Authored-By: Claude Opus 4.5

feat: add NCG tag check and arity check edge case detection (IMPL22)

2026-02-13T04:49:24Z

commit 6ae7b16a191faf0b0da81403533ecffef84c99be parent 81df281f56455c489640898c6820a5674d93c81b Author: Jared Tobin Date: Fri, 13 Feb 2026 08:49:24 +0400 feat: add NCG tag check and arity check edge case detection (IMPL22) Extend GHC runtime pattern detection to handle NCG-specific patterns: - Tag check with `cmp reg, reg` where one register was set by `and #7` (NCG loads tag constant into register before comparing) - Arity check with `ldr` (not just `ldur`) at negative offset from info pointer, with register-to-register comparison - Add `samePhysicalReg` helper to match W/X register variants (NCG uses `ldr w10` but `cmp x10` - same physical register) Both LLVM and NCG backends now show only 6 findings on Curve test files, all in explicitly `_vartime` functions. Co-Authored-By: Claude Opus 4.5

feat: add NCG backend support for GHC runtime detection

2026-02-13T04:41:23Z

commit 81df281f56455c489640898c6820a5674d93c81b parent 89b9a2ab26920214173ff08dea9dfa039c30ba79 Author: Jared Tobin Date: Fri, 13 Feb 2026 08:41:23 +0400 feat: add NCG backend support for GHC runtime detection - Handle br (not just blr) for closure entry, dict calls, RTS calls - Detect STG stack returns: ldr xN, [x20, ...]; br xN - Detect BaseReg dispatch: ldr xN, [x19, ...]; br xN - Add NCG-style tag check: and xN, xM, #7; cbnz xN - Add NCG-style CAF check: mov xN, x0; cbz xN after bl _newCAF Co-Authored-By: Claude Opus 4.5

feat: improve GHC runtime detection with BB-bounded scan

2026-02-13T04:21:26Z

commit 89b9a2ab26920214173ff08dea9dfa039c30ba79 parent 3b2328ecee2adeb3cfae24b20681b718632f6da1 Author: Jared Tobin Date: Fri, 13 Feb 2026 08:21:26 +0400 feat: improve GHC runtime detection with BB-bounded scan - Use basic block bounded backwards scan for closure entry, dict calls, and RTS symbol detection (only stop at LBB* labels, not Lloh* hints) - Add PreIndex/PostIndex addressing modes to closure entry detection - Add tag check variant: and #0x7; cmp #N pattern - Add arity/closure-type check: ldur [r, #-N]; cmp pattern - Reduces false positives from 332 to 6 on Curve.s test case Co-Authored-By: Claude Opus 4.5

feat: detect GHC RTS calls via adrp symbol lookup

2026-02-13T04:00:03Z

commit 3b2328ecee2adeb3cfae24b20681b718632f6da1 parent f0145af0dd904c52a4505ca83616f970c06cf91f Author: Jared Tobin Date: Fri, 13 Feb 2026 08:00:03 +0400 feat: detect GHC RTS calls via adrp symbol lookup Add detection for blr instructions that call GHC runtime system functions. Looks back 20 instructions for adrp loading a _stg_* symbol (e.g., _stg_bh_upd_frame_info, _stg_upd_frame_info). Curve.s: 33 -> 31 findings secp256k1.s: tested with 419 findings Co-Authored-By: Claude Opus 4.5

feat: expand GHC runtime pattern detection

2026-02-13T03:56:02Z

commit f0145af0dd904c52a4505ca83616f970c06cf91f parent b38f3199721e08f9af7efc144f15888224a6b3a1 Author: Jared Tobin Date: Fri, 13 Feb 2026 07:56:02 +0400 feat: expand GHC runtime pattern detection Add recognition for additional GHC runtime patterns: - Nursery checks (cmp against BaseReg offset loads) - CAF result checks (cbz x0 after bl _newCAF) - Dictionary/vtable calls (blr after ldr from object field) - Extend closure entry lookback from 3 to 5 instructions Reduces false positives from 56 to 33 on test file. Co-Authored-By: Claude Opus 4.5

style: hide symbols with only GHC runtime findings

2026-02-13T03:51:28Z

commit b38f3199721e08f9af7efc144f15888224a6b3a1 parent 91d3d7ae853629a3b7b35bfd55f2601593a375ff Author: Jared Tobin Date: Fri, 13 Feb 2026 07:51:28 +0400 style: hide symbols with only GHC runtime findings Symbols where all findings are GHC runtime (count 0) are now omitted from output entirely. Co-Authored-By: Claude Opus 4.5

style: use '(ghc runtime)' prefix instead of wrapping in parens

2026-02-13T03:49:22Z

commit 91d3d7ae853629a3b7b35bfd55f2601593a375ff parent ac535035c890f552caef6783768c881067b3d538 Author: Jared Tobin Date: Fri, 13 Feb 2026 07:49:22 +0400 style: use '(ghc runtime)' prefix instead of wrapping in parens Co-Authored-By: Claude Opus 4.5

refactor: show GHC runtime findings in parens instead of filtering

2026-02-13T03:46:53Z

commit ac535035c890f552caef6783768c881067b3d538 parent 4e45a8f45f3bc928db14b206a961df11ba506a75 Author: Jared Tobin Date: Fri, 13 Feb 2026 07:46:53 +0400 refactor: show GHC runtime findings in parens instead of filtering Instead of completely hiding GHC runtime patterns, now: - All findings are shown in output - GHC runtime patterns displayed in parentheses - Only non-GHC-runtime findings counted in totals - Removed --filter-ghc-runtime flag (no longer needed) This gives better visibility while still highlighting what matters. Co-Authored-By: Claude Opus 4.5

feat: improve NCT scanner accuracy and add GHC runtime filtering

2026-02-13T03:44:12Z

commit 4e45a8f45f3bc928db14b206a961df11ba506a75 parent 1024a263bdbf80cc9451e5171b376aa104d6c4be Author: Jared Tobin Date: Fri, 13 Feb 2026 07:44:12 +0400 feat: improve NCT scanner accuracy and add GHC runtime filtering - Remove DIT instructions from NCT flagging (mul, madd, msub, umulh, smulh, variable shifts) per ARM architecture docs - Add --filter-ghc-runtime flag to filter common GHC runtime patterns: - Heap checks (cmp , x28 followed by conditional branch) - Tag checks (tst , #7 followed by conditional branch) - Closure entry (ldr x8, [...] followed by blr x8) - Show flagged instructions indented under each function symbol - Reduces false positives from 332 to 56 on typical GHC output Co-Authored-By: Claude Opus 4.5

misc: improve nct output

2026-02-13T03:34:27Z

commit 1024a263bdbf80cc9451e5171b376aa104d6c4be parent c226539fea1c99fb6df434406eae0419d39aea00 Author: Jared Tobin Date: Fri, 13 Feb 2026 07:34:27 +0400 misc: improve nct output

feat: add static non-constant-time instruction scanner (IMPL21)

2026-02-11T19:14:12Z

commit c226539fea1c99fb6df434406eae0419d39aea00 parent e48ce759831e9ac6983f51def00e72b451739be0 Author: Jared Tobin Date: Wed, 11 Feb 2026 23:14:12 +0400 feat: add static non-constant-time instruction scanner (IMPL21) Add parser-only scan mode that flags instructions with potential timing variability, grouped by function symbol. No dataflow analysis; purely syntactic inspection. - New Audit.AArch64.NCT module with scanNct function - NctReason: CondBranch, IndirectBranch, Div, MulOp, VarShift, RegIndexAddr - CLI: --scan-nct for scan mode, --nct-detail for per-instruction output - 17 new tests covering all reason categories and symbol grouping Co-Authored-By: Claude Opus 4.5

feat: add acquire/release and exclusive memory ops (IMPL20)

2026-02-11T18:47:22Z

commit e48ce759831e9ac6983f51def00e72b451739be0 parent 8153ab942cbfd3b0df7cfb4851f91d5ac4ab8a22 Author: Jared Tobin Date: Wed, 11 Feb 2026 22:47:22 +0400 feat: add acquire/release and exclusive memory ops (IMPL20) Extend parser, instruction set, and checker to recognize AArch64 load/store variants with acquire/release or exclusive semantics. New instructions: - Acquire loads: ldar, ldarb, ldarh - Release stores: stlr, stlrb, stlrh - Exclusive loads: ldxr, ldxrb, ldxrh - Exclusive stores: stxr, stxrb, stxrh (status, src, addr) - Acquire-exclusive: ldaxr, ldaxrb, ldaxrh - Release-exclusive: stlxr, stlxrb, stlxrh (status, src, addr) Semantics: - Load variants treated same as ldr/ldrb/ldrh - Store variants treated same as str/strb/strh - Exclusive store status register set to Public/ProvPublic/KindScalar Co-Authored-By: Claude Opus 4.5

feat: preserve STG stack slots across constant x20 adjustments (IMPL19)

2026-02-11T18:38:05Z

commit 8153ab942cbfd3b0df7cfb4851f91d5ac4ab8a22 parent 7ab24b4c9867f765cc2ff3a52dc42fb177750a0f Author: Jared Tobin Date: Wed, 11 Feb 2026 22:38:05 +0400 feat: preserve STG stack slots across constant x20 adjustments (IMPL19) Track constant deltas to x20 by shifting STG stack slot maps instead of clearing them. This preserves seeded stg_secret/stg_public slots across common prologue patterns like `sub x20, x20, #16`. Changes: - Add shiftStgStackMap to shift slot offsets by a signed delta - Update Add/Sub/Adds/Subs transfer to shift when x20 += imm or x20 -= imm - Update pre/post-indexed [x20, #imm] handling to shift instead of clear - Remove unused updateWithSpCheckProvKind helper - Add tests for delta tracking across add/sub x20 Semantics: - sub x20, x20, #imm: shift slots by +imm (old offset 8 -> new offset 24) - add x20, x20, #imm: shift slots by -imm (old offset 24 -> new offset 8) - Non-constant x20 updates still clear the map Co-Authored-By: Claude Opus 4.5

feat: implement STG stack slot seeding via taint config (IMPL18)

2026-02-11T18:25:09Z

commit 7ab24b4c9867f765cc2ff3a52dc42fb177750a0f parent e427f099dbf1393289ecc30ae636afb62057d14c Author: Jared Tobin Date: Wed, 11 Feb 2026 22:25:09 +0400 feat: implement STG stack slot seeding via taint config (IMPL18) Extend taint configuration to seed STG stack slots (x20-relative offsets) as secret or public at function entry. Changes: - Add apStgSecret/apStgPublic fields to ArgPolicy for x20-relative offsets - Update JSON parsing to accept stg_secret/stg_public arrays - Extend seedArgs to apply STG stack slot seeding (secret wins on overlap) - Add tests for JSON parsing and entry seeding behavior Example config: {"_foo": {"secret": ["X23"], "stg_secret": [8, 152], "stg_public": [24]}} Co-Authored-By: Claude Opus 4.5

feat: add refined heap slot tracking (IMPL17 Stage 2)

2026-02-11T18:14:09Z

commit e427f099dbf1393289ecc30ae636afb62057d14c parent bfc4d70a9dd50b478247454e14b4757955316cd5 Author: Jared Tobin Date: Wed, 11 Feb 2026 22:14:09 +0400 feat: add refined heap slot tracking (IMPL17 Stage 2) Track per-(base, offset) heap slots for [base, #imm] accesses where base is a public pointer (KindPtr + ProvPublic). This provides more precise taint tracking than the coarse bucket alone. - Add tsHeapSlots :: Map (Reg, Int) (Taint, Provenance, RegKind) - Stores to qualified [base, #imm] update refined slot AND coarse bucket - Loads check refined slot first, fall back to coarse bucket - Clear heap slots for a register when it's modified (via setTaintProvKind) - joinTaintState merges heap slots with element-wise join - Add tests for refined heap tracking Co-Authored-By: Claude Opus 4.5

feat: add --display-unknown flag to filter violation output

2026-02-11T18:03:02Z

commit bfc4d70a9dd50b478247454e14b4757955316cd5 parent 2549b3e1c405920476b40f28a9f21d340a4d257f Author: Jared Tobin Date: Wed, 11 Feb 2026 22:03:02 +0400 feat: add --display-unknown flag to filter violation output By default, only show secret violations (SecretBase, SecretIndex, NonConstOffset). Unknown violations are hidden to reduce noise. - Add -u/--display-unknown flag to show all violations - Filter violations in both text and JSON output - Show "(hidden): N unknown (use -u to show)" in summary when filtered Co-Authored-By: Claude Opus 4.5

feat: implement coarse heap taint propagation (IMPL17 Stage 1)

2026-02-11T17:58:48Z

commit 2549b3e1c405920476b40f28a9f21d340a4d257f parent 510af37cc5ebd973a2c9346a62a07f37722d0c6f Author: Jared Tobin Date: Wed, 11 Feb 2026 21:58:48 +0400 feat: implement coarse heap taint propagation (IMPL17 Stage 1) Add a coarse heap bucket to TaintState that tracks taint for non-stack memory accesses. Secrets stored to heap now propagate to subsequent heap loads, enabling detection of secret-indexed memory access patterns. - Add tsHeapTaint, tsHeapProv, tsHeapKind fields to TaintState - Non-stack stores join source taint into heap bucket - Non-stack loads read from heap bucket (public roots still protected) - Heap starts Unknown for conservative analysis - Add PreIndex SP handling to loadFromStack/loadPairFromStack for symmetry - Add heap taint propagation tests Co-Authored-By: Claude Opus 4.5

feat: track STG stack slots (x20-relative) for taint propagation (IMPL16)

2026-02-11T17:31:56Z

commit 510af37cc5ebd973a2c9346a62a07f37722d0c6f parent b2f6ae41c37e0ef447e3f74ea3a0aa24163d581d Author: Jared Tobin Date: Wed, 11 Feb 2026 21:31:56 +0400 feat: track STG stack slots (x20-relative) for taint propagation (IMPL16) GHC passes arguments via the STG stack (x20), not the hardware stack (sp). Extend stack slot tracking to recognize [x20, #imm] patterns, enabling taint propagation through worker code. Changes: - Add tsStgStack, tsStgStackProv, tsStgStackKind fields to TaintState - Update storeToStack/storePairToStack to handle X20-relative addresses - Update loadFromStack/loadPairFromStack to handle X20-relative addresses including pre-indexed loads (common in GHC output) - Clear STG stack maps when X20 is modified (same as SP handling) - Update joinTaintState to merge STG stack maps - Add tests for STG stack spill/reload preserving taint and kind Co-Authored-By: Claude Opus 4.5

perf: use strict counters in check pass and avoid Map conversion (IMPL15)

2026-02-11T16:51:34Z

commit b2f6ae41c37e0ef447e3f74ea3a0aa24163d581d parent f2600a3da8ea853940d3c6ea3a0a93de29022dde Author: Jared Tobin Date: Wed, 11 Feb 2026 20:51:34 +0400 perf: use strict counters in check pass and avoid Map conversion (IMPL15) Replace per-line AuditResult accumulation with strict counters and reverse-accumulation via foldl' (flip (:)). Use IntMap lookups directly in inter-procedural checks instead of converting to Map. Co-Authored-By: Claude Opus 4.5

perf: use strict counters in check pass and avoid Map conversion (IMPL15)

2026-02-11T16:49:12Z

commit f2600a3da8ea853940d3c6ea3a0a93de29022dde parent 584dc047e8fdfb53d28b2190d5d2f755f1967b57 Author: Jared Tobin Date: Wed, 11 Feb 2026 20:49:12 +0400 perf: use strict counters in check pass and avoid Map conversion (IMPL15) Replace per-line AuditResult accumulation with strict counters and cons-accumulation. Use IntMap lookups directly in inter-procedural checks instead of converting to Map. Co-Authored-By: Claude Opus 4.5

feat: track stack slot kinds to preserve pointer/scalar across spills (IMPL14)

2026-02-11T16:41:13Z

commit 584dc047e8fdfb53d28b2190d5d2f755f1967b57 parent 278bc2d33847f190c2a5b10c1d0955db70428eb5 Author: Jared Tobin Date: Wed, 11 Feb 2026 20:41:13 +0400 feat: track stack slot kinds to preserve pointer/scalar across spills (IMPL14) Extends TaintState with tsStackKind (IntMap RegKind) so pointer vs scalar classification survives spills and reloads. Changes: - Add tsStackKind field to TaintState - Update storeToStack/storePairToStack to record source register kinds - Update setTaintLoadStack to restore kinds from stack map - Update clearStackMap to clear tsStackKind on SP modification - Update joinTaintState to join stack kinds - Add tests for pointer spill/reload and scalar spill/reload Co-Authored-By: Claude Opus 4.5

fix: set KindScalar for scalar ops and clear kinds at call boundaries

2026-02-11T16:36:59Z

commit 278bc2d33847f190c2a5b10c1d0955db70428eb5 parent 208019cd069e91b783af8737490251946abe1e48 Author: Jared Tobin Date: Wed, 11 Feb 2026 20:36:59 +0400 fix: set KindScalar for scalar ops and clear kinds at call boundaries Addresses reviewer comments on IMPL13: 1. Scalar operations (Adc, Neg, Mul, Orr, Lsl, Ubfx, Csel variants, etc.) now use setTaintProvKind with KindScalar instead of setTaintProv, preventing stale KindPtr from enabling incorrect provenance upgrades. 2. invalidateCallerSaved now also clears tsKind to KindUnknown for caller-saved registers (x0-x17). 3. applySummary now also applies kinds from function summaries, not just taint and provenance. Co-Authored-By: Claude Opus 4.5

feat: add register kind tracking to prevent provenance laundering (IMPL13)

2026-02-11T16:08:57Z

commit 208019cd069e91b783af8737490251946abe1e48 parent 08fed64dea0812afa3566a21dfdca511d3dac660 Author: Jared Tobin Date: Wed, 11 Feb 2026 20:08:57 +0400 feat: add register kind tracking to prevent provenance laundering (IMPL13) Introduces a register kind lattice (Ptr/Scalar/Unknown) and restricts provenance-based upgrades to pointer kinds only. This prevents secret scalars from being "laundered" through pointer arithmetic to become valid base registers. Changes: - Add RegKind type and joinKind function to Types.hs - Extend TaintState with tsKind map for kind tracking - Propagate kinds in transfer function (adr/adrp → Ptr, loads → Scalar) - Only allow provenance upgrade in checkBase if kind is KindPtr - Add test for scalar provenance laundering detection Co-Authored-By: Claude Opus 4.5

perf: use strict foldl' in taint analysis

2026-02-11T15:48:10Z

commit 08fed64dea0812afa3566a21dfdca511d3dac660 parent 889aed3a98b5d862ccc80e8b4d66ccf1c3bba710 Author: Jared Tobin Date: Wed, 11 Feb 2026 19:48:10 +0400 perf: use strict foldl' in taint analysis Replace foldl with foldl' in analyzeBlock, analyzeBlockWithSummaries, and joinTaintState folds to prevent thunk accumulation in long blocks. Co-Authored-By: Claude Opus 4.5

Revert "refactor: use SmallArray for register taint/provenance (IMPL12)"

2026-02-11T15:43:47Z

commit 889aed3a98b5d862ccc80e8b4d66ccf1c3bba710 parent e08c2305e1ff2a5eb0ee18fd17dd9983efdc800d Author: Jared Tobin Date: Wed, 11 Feb 2026 19:43:47 +0400 Revert "refactor: use SmallArray for register taint/provenance (IMPL12)" This reverts commit e08c230. Reason: Unclear performance win. While intra-procedural analysis improved (2-5x faster due to O(1) register lookups), inter-procedural analysis regressed significantly (2-3x slower). The regression stems from array-based joins iterating over all 161 register slots, whereas Map-based joins only processed populated entries. For inter-procedural analysis with many join operations across function summaries, this overhead dominates. The tradeoff is not clearly favorable without further optimization (e.g., pointer-equality checks, lazy updates, or hybrid representations). Co-Authored-By: Claude Opus 4.5

refactor: use SmallArray for register taint/provenance (IMPL12)

2026-02-11T15:43:30Z

commit e08c2305e1ff2a5eb0ee18fd17dd9983efdc800d parent d08c45dad9c962dedb108935e04abc5a05d0a8b1 Author: Jared Tobin Date: Wed, 11 Feb 2026 19:43:30 +0400 refactor: use SmallArray for register taint/provenance (IMPL12) Replace Map Reg Taint and Map Reg Provenance with SmallArray for O(1) register lookups. Add Bottom/ProvBottom as identity elements for joins. Changes: - Add regIndex/regCount for register-to-index mapping - TaintState now uses SmallArray instead of Map for registers - Add joinSmallArrayWith for element-wise array joins - Use foldl' in analyzeBlock for strictness - Fix dataflow initialization to only seed entry blocks Benchmark results (mixed): - taint/intra-small: 18ms -> 4ms (4.7x faster) - taint/intra-large: 83ms -> 36ms (2.3x faster) - taint/inter-small: 2.9ms -> 8ms (2.8x slower) - taint/inter-large: 25ms -> 66ms (2.7x slower) Co-Authored-By: Claude Opus 4.5

perf: refactor CFG to indexed blocks with cached metadata (IMPL10)

2026-02-11T15:15:03Z

commit d08c45dad9c962dedb108935e04abc5a05d0a8b1 parent 2f45e0bc6bda9cab4322ee7355359d6d73992d3d Author: Jared Tobin Date: Wed, 11 Feb 2026 19:15:03 +0400 perf: refactor CFG to indexed blocks with cached metadata (IMPL10) - Replace list-based cfgBlocks with Data.Primitive.Array for O(1) indexing - Add bbLastInstr, bbSuccIdxs, bbHasFallthrough to BasicBlock - Cache cfgFuncBlocks map during CFG construction - Update blockSuccessors, functionBlocks, functionLabels to use caches - Update Taint.hs and Check.hs to use indexBlock instead of list indexing Benchmark results show dramatic improvements in taint analysis: - taint/intra-small: 305ms -> 18ms (17x faster) - taint/intra-large: 4.9s -> 84ms (58x faster) - taint/inter-small: 303ms -> 2.9ms (104x faster) - taint/inter-large: 5.1s -> 25ms (204x faster) CFG construction is slightly slower due to caching overhead, but this one-time cost is offset by massive analysis speedups. Co-Authored-By: Claude Opus 4.5

feat: add benchmark suites for parser, CFG, and taint analysis (IMPL9)

2026-02-11T14:50:43Z

commit 2f45e0bc6bda9cab4322ee7355359d6d73992d3d parent ef6f27ce90789a1febf656d063fbfc6d7a7d53ca Author: Jared Tobin Date: Wed, 11 Feb 2026 18:50:43 +0400 feat: add benchmark suites for parser, CFG, and taint analysis (IMPL9) - Add NFData instances for core types (Reg, Shift, Extend, Operand, AddrMode, Instr, Line, BasicBlock, CFG, AuditResult, etc.) to enable full evaluation in benchmarks - Add deepseq dependency to library - Create bench/Main.hs with criterion benchmarks for parse, cfg, and taint (intra/inter-proc) using CurveNCG.s and secp256k1NCG.s fixtures - Create bench/Weight.hs with weigh benchmarks for allocation tracking - Add auditor-bench and auditor-weigh benchmark stanzas to cabal file Run with: cabal bench auditor-bench / cabal bench auditor-weigh Co-Authored-By: Claude Opus 4.5

fix: use hspace after label colon to allow foo:mov x0, x1

2026-02-11T14:27:47Z

commit ef6f27ce90789a1febf656d063fbfc6d7a7d53ca parent 36a32d4668eecafc049ab77f1f90824e1a16e244 Author: Jared Tobin Date: Wed, 11 Feb 2026 18:27:47 +0400 fix: use hspace after label colon to allow foo:mov x0, x1 Co-Authored-By: Claude Opus 4.5

fix: address reviewer comments on parser optimizations

2026-02-11T14:24:16Z

commit 36a32d4668eecafc049ab77f1f90824e1a16e244 parent 09d6199af719380169b380f837ee267675be0245 Author: Jared Tobin Date: Wed, 11 Feb 2026 18:24:16 +0400 fix: address reviewer comments on parser optimizations - Guard pLabelOrInstrLine to only treat identifiers as mnemonics if they start with alphanumeric or '.', preventing behavior change for lines starting with '_' without colon - Add try to all pReg alternatives so it doesn't consume on total failure, allowing pSymbolRef to handle register-like symbols (e.g., xfoo) - Add try around pRegWithModifier in pAddrModeInner to allow fallback to pSymbolRef for symbol-based index offsets - Remove misleading test comment about Other mnemonic Co-Authored-By: Claude Opus 4.5

perf: reduce backtracking in parser

2026-02-11T14:04:38Z

commit 09d6199af719380169b380f837ee267675be0245 parent 1f6ee9dd27249823cd3878d77c51eead36cb5e46 Author: Jared Tobin Date: Wed, 11 Feb 2026 18:04:38 +0400 perf: reduce backtracking in parser - Merge pLabelLine/pInstrLine into pLabelOrInstrLine to parse leading identifier once, then branch on ':' (eliminates double-parse per instruction line) - Merge pShiftedRegOp into pRegOrShiftedReg to parse register once, then optionally parse shift (eliminates double-parse per operand) - Dispatch pReg on first character instead of sequential try chain (reduces failed attempts for most register types) - Remove unnecessary try from pLiteralAddr in pAddrMode Add parser tests for shifted/plain register operands, literal addresses, all register types, and label/instruction line variants. Co-Authored-By: Claude Opus 4.5

docs: misc plans, etc.

2026-02-11T13:23:05Z

commit 1f6ee9dd27249823cd3878d77c51eead36cb5e46 parent 0f8af961e891bcde511792114f7cbcb8b7c3aa26 Author: Jared Tobin Date: Wed, 11 Feb 2026 17:23:05 +0400 docs: misc plans, etc.

perf: cache call graph and function blocks in inter-proc analysis (IMPL8)

2026-02-11T10:39:32Z

commit 0f8af961e891bcde511792114f7cbcb8b7c3aa26 parent e4dfd705e24890b88487199687c4eb7e890e5d0e Author: Jared Tobin Date: Wed, 11 Feb 2026 14:39:32 +0400 perf: cache call graph and function blocks in inter-proc analysis (IMPL8) - Add buildFunctionBlocksMap: O(N) single-pass function boundary scan - Add buildCallerMap: inverted call graph using precomputed blocks map - Cache both in runInterProc/runInterProcWithConfig to avoid rescanning - Filter _L+lowercase NCG internal labels (e.g. _Lblock_info) - Fix worklist propagation bug: use emptyTaintState as default to ensure all reachable blocks are visited Performance: inter-proc analysis now completes in ~1s on secp256k1.s (previously would hang due to O(F²*N) complexity) Co-Authored-By: Claude Opus 4.5

fix: filter NCG local labels in isFunctionLabel

2026-02-11T10:28:21Z

commit e4dfd705e24890b88487199687c4eb7e890e5d0e parent 03eec1f2ce8811a1762f98bf3edf1c5b4f4fde4d Author: Jared Tobin Date: Wed, 11 Feb 2026 14:28:21 +0400 fix: filter NCG local labels in isFunctionLabel NCG-generated labels like Lc*, Ls*, Lu* were being treated as function labels, causing excessive function count and slow inter-procedural analysis. Filter them out alongside LLVM local labels. Co-Authored-By: Claude Opus 4.5

feat: implement sidecar taint config for secret/public arguments (IMPL7)

2026-02-11T10:19:16Z

commit 03eec1f2ce8811a1762f98bf3edf1c5b4f4fde4d parent 4304b5edc8b93688779bb49f3846d0a1993370a4 Author: Jared Tobin Date: Wed, 11 Feb 2026 14:19:16 +0400 feat: implement sidecar taint config for secret/public arguments (IMPL7) Add JSON config file support to declare per-function secret/public argument registers. The taint analysis seeds entry states accordingly, enabling detection of secret-dependent memory accesses. - Add TaintConfig and ArgPolicy types with FromJSON instances - Add --taint-config (-t) CLI option to load config - Implement seedArgs to seed entry taint from policy - Add config-aware dataflow: runDataflowWithConfig, runInterProcWithConfig - Add config-aware checks: checkCFGWithConfig, checkCFGInterProcWithConfig - Add 8 tests for config parsing and taint seeding Config format: {"func_name": {"secret": ["X0"], "public": ["X1", "X2"]}} Secret registers are marked Secret at function entry; taint flows through mov/arithmetic to detect when secrets reach memory addresses. Co-Authored-By: Claude Opus 4.5

etc: add curve source

2026-02-11T09:25:34Z

commit 4304b5edc8b93688779bb49f3846d0a1993370a4 parent fe366c4016e3657a2e18ac975e346bd16b63f8d0 Author: Jared Tobin Date: Wed, 11 Feb 2026 13:25:34 +0400 etc: add curve source

feat: NCG compatibility and succinct parse errors

2026-02-11T09:15:53Z

commit fe366c4016e3657a2e18ac975e346bd16b63f8d0 parent c26861025b6fec495ce79bec99950370156e2ac1 Author: Jared Tobin Date: Wed, 11 Feb 2026 13:15:53 +0400 feat: NCG compatibility and succinct parse errors Parser improvements: - Add showParseError using errorBundlePretty for human-readable errors - Extend identifier chars for GHC NCG symbols: ', #, (), [], operators - Add pSymbolIdent allowing ':' for GHC operator symbols (e.g., _:_con_info) - Support case-insensitive hex (0x/0X) New test file: - etc/CurveNCG.s: GHC native codegen output for comparison Co-Authored-By: Claude Opus 4.5

feat: whitelist GHC pointer untagging pattern

2026-02-11T08:39:46Z

commit c26861025b6fec495ce79bec99950370156e2ac1 parent 9fc28aac98c81c8990bcfc7421232c9c018d30ef Author: Jared Tobin Date: Wed, 11 Feb 2026 12:39:46 +0400 feat: whitelist GHC pointer untagging pattern Recognize AND with tag-clearing mask (0xfffffffffffffff8 or -8) as GHC pointer untagging. Preserve ProvPublic provenance for such operations when the source register already has ProvPublic provenance. Conservative approach: only preserve provenance when source is already known-public; don't upgrade ProvUnknown to ProvPublic, as untagging an unknown pointer doesn't prove its safety. Also fix parser to handle hexadecimal immediates (case-insensitive). Co-Authored-By: Claude Opus 4.5

etc: add secp256k1 test target

2026-02-10T10:49:35Z

commit 9fc28aac98c81c8990bcfc7421232c9c018d30ef parent 95bda73440fff880f2fa770cd8bd5aa5c50251ea Author: Jared Tobin Date: Tue, 10 Feb 2026 14:49:35 +0400 etc: add secp256k1 test target

plans: add

2026-02-10T10:49:24Z

commit 95bda73440fff880f2fa770cd8bd5aa5c50251ea parent a5ec87850ea6e1d5c4ab1d34df162966eab9de9a Author: Jared Tobin Date: Tue, 10 Feb 2026 14:49:24 +0400 plans: add

fix: parser fixes for secp256k1.s compatibility

2026-02-10T10:49:05Z

commit a5ec87850ea6e1d5c4ab1d34df162966eab9de9a parent fb15d345eb83db9a270c3f937552e2a1c2ef7ba1 Author: Jared Tobin Date: Tue, 10 Feb 2026 14:49:05 +0400 fix: parser fixes for secp256k1.s compatibility - Fix backtracking for post-index addressing: wrap pPostIndex in try to allow backtracking when whitespace is consumed before failing on non-comma (e.g., semicolon comment after [sp]) - Parse optional shift amount after extend ops: handle [x9, w8, uxtw #3] patterns where extend has a shift amount - Add --parse flag and parseFile for parse-only mode (useful for debugging parser issues) Co-Authored-By: Claude Opus 4.5

feat: implement def-use provenance tracking (IMPL6)

2026-02-10T10:18:56Z

commit fb15d345eb83db9a270c3f937552e2a1c2ef7ba1 parent f66e98a34416cbf8f5a8bc7c8193de5382b38bc7 Author: Jared Tobin Date: Tue, 10 Feb 2026 14:18:56 +0400 feat: implement def-use provenance tracking (IMPL6) Add provenance tracking alongside taint analysis to recover public status when taint becomes Unknown but derivation chain proves safety. - Add Provenance type (ProvPublic | ProvUnknown) to Types.hs - Extend TaintState with tsProv and tsStackProv maps - Track provenance through all transfer rules: - adr/adrp, movz/movn, public roots -> ProvPublic - Arithmetic/logical ops -> join provenances - Stack stores/loads -> preserve provenance - GOT/PLT loads -> ProvPublic - Other loads, caller-saved on calls -> ProvUnknown - Update checkBase/checkIndex to upgrade Unknown to Public when provenance is ProvPublic - Add 4 provenance tests Co-Authored-By: Claude Opus 4.5

fix: handle adds/subs and post-indexed stores for SP invalidation

2026-02-10T10:07:49Z

commit f66e98a34416cbf8f5a8bc7c8193de5382b38bc7 parent 58c63e037805555270aeedcd49dcb19673287f05 Author: Jared Tobin Date: Tue, 10 Feb 2026 14:07:49 +0400 fix: handle adds/subs and post-indexed stores for SP invalidation - adds/subs now use updateWithSpCheck like add/sub - Post-indexed stores ([sp], #imm) now clear the stack map Co-Authored-By: Claude Opus 4.5

fix: invalidate stack map when SP is modified

2026-02-10T10:05:23Z

commit 58c63e037805555270aeedcd49dcb19673287f05 parent ecca408f0f28a71cfdccfd40c6e0dd32e84a539c Author: Jared Tobin Date: Tue, 10 Feb 2026 14:05:23 +0400 fix: invalidate stack map when SP is modified Clears the stack slot taint map when SP changes to prevent unsound taint tracking with stale offsets. Handles: - add/sub with SP as destination - Pre-indexed stores: [sp, #imm]! (modifies SP after access) - Post-indexed loads: [sp], #imm (modifies SP after access) Co-Authored-By: Claude Opus 4.5

feat: implement stack slot and GOT tracking (IMPL5)

2026-02-10T10:01:15Z

commit ecca408f0f28a71cfdccfd40c6e0dd32e84a539c parent 40198feae33690aaa5d5a9a10c5a8afda01cef89 Author: Jared Tobin Date: Tue, 10 Feb 2026 14:01:15 +0400 feat: implement stack slot and GOT tracking (IMPL5) Extends taint analysis with provenance-aware auto-suppression: - TaintState now includes stack slot tracking (tsStack :: IntMap Taint) - Stores to [sp, #imm] save source register taint to stack map - Loads from [sp, #imm] restore taint from stack map - GOT/PLT patterns (ldr from BaseSymbol/Literal) mark result as Public Reduces Curve.s violations from 146 to 3. Co-Authored-By: Claude Opus 4.5

misc: add plans, test asm

2026-02-10T09:44:49Z

commit 40198feae33690aaa5d5a9a10c5a8afda01cef89 parent b80aaa0c714c56b9534cbde1cd0be7e2be70671a Author: Jared Tobin Date: Tue, 10 Feb 2026 13:44:49 +0400 misc: add plans, test asm

fix: apply callee summaries in inter-proc return state computation

2026-02-10T09:44:07Z

commit b80aaa0c714c56b9534cbde1cd0be7e2be70671a parent abdc5295496088db413cccd84db7cf35fb64d07c Author: Jared Tobin Date: Tue, 10 Feb 2026 13:44:07 +0400 fix: apply callee summaries in inter-proc return state computation runFunctionDataflow was using analyzeBlock instead of analyzeBlockWithSummaries when computing OUT states for return blocks, causing callee summaries to be ignored and potentially under-propagating taint. Also fixes checkCFGInterProc to compute runFunctionBlocks once per function rather than per-block, and removes unused binding. Co-Authored-By: Claude Opus 4.5

feat: implement inter-procedural analysis (IMPL4)

2026-02-10T09:39:06Z

commit abdc5295496088db413cccd84db7cf35fb64d07c parent 11d6acaa0021242ebee68efaa5b7204d086f9b7e Author: Jared Tobin Date: Tue, 10 Feb 2026 13:39:06 +0400 feat: implement inter-procedural analysis (IMPL4) Adds opt-in inter-procedural analysis via --interproc/-p flag. Computes function summaries by fixpoint iteration over the call graph, then applies summaries at call sites. Changes: - CFG.hs: add function partitioning (isFunctionLabel, functionBlocks, functionLabels) and call graph construction (callTargets, buildCallGraph) - Taint.hs: add FuncSummary type, applySummary, runFunctionDataflow, runInterProc for fixpoint computation - Check.hs: add checkCFGInterProc using function summaries - Audit.AArch64: export auditInterProc, auditFileInterProc - app/Main.hs: add -p/--interproc flag - test/Main.hs: add 3 inter-procedural tests The inter-proc mode suppresses false positives when callee sets a register to a known-public value that the caller then uses. Co-Authored-By: Claude Opus 4.5

test: add call boundary tests for IMPL3

2026-02-10T09:26:20Z

commit 11d6acaa0021242ebee68efaa5b7204d086f9b7e parent b8a7cd8dfb9b5cc032fd3ebb6bd1128f6125d51f Author: Jared Tobin Date: Tue, 10 Feb 2026 13:26:20 +0400 test: add call boundary tests for IMPL3 Adds tests verifying intra-procedural call semantics: - bl does not propagate taint to callee blocks - caller-saved registers (x0-x17) invalidated after calls - callee-saved registers (x19+) preserved across calls Clarifies README that callees in the same file are analyzed independently. Co-Authored-By: Claude Opus 4.5

feat: implement inter-block taint propagation

2026-02-10T09:06:18Z

commit b8a7cd8dfb9b5cc032fd3ebb6bd1128f6125d51f parent 6d87c2c5657bdc585bc1032482f1493f7e9ed5a0 Author: Jared Tobin Date: Tue, 10 Feb 2026 13:06:18 +0400 feat: implement inter-block taint propagation Adds worklist-based forward dataflow analysis over the CFG, eliminating the intra-block limitation. Taint now flows across basic block boundaries via fixpoint iteration. Changes: - CFG.hs: add blockSuccessors with fallthrough edge computation - CFG.hs: exclude Bl from successorLabels (calls are interprocedural) - Taint.hs: add joinTaintState, runDataflow, setTaintLoad - Taint.hs: add X22 (HpLim) to public roots - Check.hs: use dataflow IN states instead of fresh initTaintState - test/Main.hs: add cross-block taint propagation tests Public roots are now preserved across loads (GHC spills/restores them). On Curve.s (51k lines): violations reduced from 434 to 146 (~66%). Co-Authored-By: Claude Opus 4.5

meta: docs

2026-02-10T08:52:54Z

commit 6d87c2c5657bdc585bc1032482f1493f7e9ed5a0 parent 8cda84c0798d1401fa706f0c470dc5d53f972ed9 Author: Jared Tobin Date: Tue, 10 Feb 2026 12:52:54 +0400 meta: docs Co-Authored-By: Claude Opus 4.5

fix: parser and taint analysis bugs

2026-02-10T08:49:43Z

commit 8cda84c0798d1401fa706f0c470dc5d53f972ed9 parent 3cc7e8abc015c3a1cf5c9506be0c740924aa7a92 Author: Jared Tobin Date: Tue, 10 Feb 2026 12:49:43 +0400 fix: parser and taint analysis bugs - Parse symbol addends (e.g., @PAGE+2) in symbol references - Reorder Parser.hs type alias for clarity Co-Authored-By: Claude Opus 4.5

feat: add parser support for ldur, stur, adcs, negs, mneg

2026-02-10T08:46:21Z

commit 3cc7e8abc015c3a1cf5c9506be0c740924aa7a92 parent 4ad0780e31db624f9220e922e60b6e5aecfe3618 Author: Jared Tobin Date: Tue, 10 Feb 2026 12:46:21 +0400 feat: add parser support for ldur, stur, adcs, negs, mneg These instructions appear frequently in GHC aarch64 output and were previously falling through to Other. Now properly parsed with correct taint transfer and memory access tracking. Co-Authored-By: Claude Opus 4.5

feat: add BaseSymbol addressing mode for GOT/PIC relocations

2026-02-10T08:44:02Z

commit 4ad0780e31db624f9220e922e60b6e5aecfe3618 parent ef4009793589243d2e89c42e7ce930d56bd202f4 Author: Jared Tobin Date: Tue, 10 Feb 2026 12:44:02 +0400 feat: add BaseSymbol addressing mode for GOT/PIC relocations Parser now handles [base, symbol@PAGEOFF] addressing used in position-independent code and GOT relocations. This unblocks parsing real GHC aarch64 assembly output. - Add BaseSymbol Reg Text constructor to AddrMode - Extend pAddrModeInner to parse symbol references after comma - Update taint analysis and violation checks for new mode - Add parser test for ldr with symbol offset Co-Authored-By: Claude Opus 4.5

meta: docs

2026-02-10T08:35:42Z

commit ef4009793589243d2e89c42e7ce930d56bd202f4 parent 4921ff38f9e774b90501559ba42ed121ee15133f Author: Jared Tobin Date: Tue, 10 Feb 2026 12:35:42 +0400 meta: docs

fix: parser and taint analysis bugs

2026-02-10T08:26:49Z

commit 4921ff38f9e774b90501559ba42ed121ee15133f parent d6cebeeb19325432dc131a5cfede78dc89a2ae43 Author: Jared Tobin Date: Tue, 10 Feb 2026 12:26:49 +0400 fix: parser and taint analysis bugs Parser fixes: - Add try for register parsers to allow backtracking (sp vs s0) - Fix pre-index addressing mode (! after ] not inside) - Restructure line parsing to avoid infinite loop on empty lines - Use hspace instead of space1 to preserve newlines Taint analysis fix: - Correct join lattice: Public+Unknown -> Unknown (not Public) - This ensures secret-derived values are properly flagged Tests pass. Fixtures validate correctly: - good.s: 0 violations (10 memory accesses) - bad.s: 4 violations detected Co-Authored-By: Claude Opus 4.5

meta: add CLAUDE.md

2026-02-10T08:06:58Z

commit d6cebeeb19325432dc131a5cfede78dc89a2ae43 parent 37685ec46605865baab92ed590bd1e97f9ba85b5 Author: Jared Tobin Date: Tue, 10 Feb 2026 12:06:58 +0400 meta: add CLAUDE.md

init: scaffold ppad-auditor project

2026-02-10T08:06:40Z

commit 37685ec46605865baab92ed590bd1e97f9ba85b5 Author: Jared Tobin Date: Tue, 10 Feb 2026 12:06:40 +0400 init: scaffold ppad-auditor project AArch64 constant-time memory access auditor for GHC+LLVM assembly. Implements static analysis to verify memory accesses use only public (non-secret-derived) addresses, helping ensure CT properties for cryptographic code. Components: - Parser: megaparsec-based AArch64 assembly parser - CFG: basic block and control flow graph construction - Taint: forward dataflow analysis for register publicness - Check: memory access validation against taint state - CLI: command-line interface with JSON output GHC 9.10.3 AArch64 register map: - X19: Base, X20: Sp, X21: Hp, X28: SpLim (public roots) - SP, X29, X18, XZR also treated as public Co-Authored-By: Claude Opus 4.5