feat: add parser support for ldur, stur, adcs, negs, mneg - auditor - An aarch64 constant-time memory access auditing tool.

commit 3cc7e8abc015c3a1cf5c9506be0c740924aa7a92
parent 4ad0780e31db624f9220e922e60b6e5aecfe3618
Author: Jared Tobin <jared@jtobin.io>
Date:   Tue, 10 Feb 2026 12:46:21 +0400

feat: add parser support for ldur, stur, adcs, negs, mneg

These instructions appear frequently in GHC aarch64 output and
were previously falling through to Other. Now properly parsed
with correct taint transfer and memory access tracking.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Diffstat:
M lib/Audit/AArch64/Check.hs  | 2 ++
M lib/Audit/AArch64/Parser.hs  | 5 +++++
M lib/Audit/AArch64/Taint.hs  | 5 +++++
M lib/Audit/AArch64/Types.hs  | 5 +++++

4 files changed, 17 insertions(+), 0 deletions(-)
diff --git a/lib/Audit/AArch64/Check.hs b/lib/Audit/AArch64/Check.hs
@@ -79,9 +79,11 @@ getMemoryAccess instr = case instr of
   Ldrsb _ addr -> Just addr
   Ldrsh _ addr -> Just addr
   Ldrsw _ addr -> Just addr
+  Ldur _ addr  -> Just addr
   Str _ addr   -> Just addr
   Strb _ addr  -> Just addr
   Strh _ addr  -> Just addr
+  Stur _ addr  -> Just addr
   Ldp _ _ addr -> Just addr
   Stp _ _ addr -> Just addr
   _            -> Nothing
diff --git a/lib/Audit/AArch64/Parser.hs b/lib/Audit/AArch64/Parser.hs
@@ -133,9 +133,12 @@ parseByMnemonic m = case m of
   "adds" -> Adds <$> pReg <*> (pComma *> pReg) <*> (pComma *> pOperand)
   "subs" -> Subs <$> pReg <*> (pComma *> pReg) <*> (pComma *> pOperand)
   "adc"  -> Adc <$> pReg <*> (pComma *> pReg) <*> (pComma *> pReg)
+  "adcs" -> Adcs <$> pReg <*> (pComma *> pReg) <*> (pComma *> pReg)
   "sbc"  -> Sbc <$> pReg <*> (pComma *> pReg) <*> (pComma *> pReg)
   "neg"  -> Neg <$> pReg <*> (pComma *> pOperand)
+  "negs" -> Negs <$> pReg <*> (pComma *> pOperand)
   "mul"  -> Mul <$> pReg <*> (pComma *> pReg) <*> (pComma *> pReg)
+  "mneg" -> Mneg <$> pReg <*> (pComma *> pReg) <*> (pComma *> pReg)
   "madd" -> Madd <$> pReg <*> (pComma *> pReg) <*> (pComma *> pReg)
                  <*> (pComma *> pReg)
   "msub" -> Msub <$> pReg <*> (pComma *> pReg) <*> (pComma *> pReg)
@@ -180,9 +183,11 @@ parseByMnemonic m = case m of
   "ldrsb" -> Ldrsb <$> pReg <*> (pComma *> pAddrMode)
   "ldrsh" -> Ldrsh <$> pReg <*> (pComma *> pAddrMode)
   "ldrsw" -> Ldrsw <$> pReg <*> (pComma *> pAddrMode)
+  "ldur" -> Ldur <$> pReg <*> (pComma *> pAddrMode)
   "str"  -> Str <$> pReg <*> (pComma *> pAddrMode)
   "strb" -> Strb <$> pReg <*> (pComma *> pAddrMode)
   "strh" -> Strh <$> pReg <*> (pComma *> pAddrMode)
+  "stur" -> Stur <$> pReg <*> (pComma *> pAddrMode)
   "ldp"  -> Ldp <$> pReg <*> (pComma *> pReg) <*> (pComma *> pAddrMode)
   "stp"  -> Stp <$> pReg <*> (pComma *> pReg) <*> (pComma *> pAddrMode)
 
diff --git a/lib/Audit/AArch64/Taint.hs b/lib/Audit/AArch64/Taint.hs
@@ -89,9 +89,12 @@ transfer instr st = case instr of
   Adds dst r1 op -> setTaint dst (join2 (getTaint r1 st) (operandTaint op st)) st
   Subs dst r1 op -> setTaint dst (join2 (getTaint r1 st) (operandTaint op st)) st
   Adc dst r1 r2 -> setTaint dst (join2 (getTaint r1 st) (getTaint r2 st)) st
+  Adcs dst r1 r2 -> setTaint dst (join2 (getTaint r1 st) (getTaint r2 st)) st
   Sbc dst r1 r2 -> setTaint dst (join2 (getTaint r1 st) (getTaint r2 st)) st
   Neg dst op -> setTaint dst (operandTaint op st) st
+  Negs dst op -> setTaint dst (operandTaint op st) st
   Mul dst r1 r2 -> setTaint dst (join2 (getTaint r1 st) (getTaint r2 st)) st
+  Mneg dst r1 r2 -> setTaint dst (join2 (getTaint r1 st) (getTaint r2 st)) st
   Madd dst r1 r2 r3 -> setTaint dst (join3 (getTaint r1 st) (getTaint r2 st)
                                            (getTaint r3 st)) st
   Msub dst r1 r2 r3 -> setTaint dst (join3 (getTaint r1 st) (getTaint r2 st)
@@ -133,12 +136,14 @@ transfer instr st = case instr of
   Ldrsb dst _ -> setTaint dst Unknown st
   Ldrsh dst _ -> setTaint dst Unknown st
   Ldrsw dst _ -> setTaint dst Unknown st
+  Ldur dst _ -> setTaint dst Unknown st
   Ldp dst1 dst2 _ -> setTaint dst1 Unknown (setTaint dst2 Unknown st)
 
   -- Stores: no destination register change
   Str _ _ -> st
   Strb _ _ -> st
   Strh _ _ -> st
+  Stur _ _ -> st
   Stp _ _ _ -> st
 
   -- Conditionals: conservative join
diff --git a/lib/Audit/AArch64/Types.hs b/lib/Audit/AArch64/Types.hs
@@ -137,9 +137,12 @@ data Instr
   | Adds !Reg !Reg !Operand
   | Subs !Reg !Reg !Operand
   | Adc !Reg !Reg !Reg
+  | Adcs !Reg !Reg !Reg
   | Sbc !Reg !Reg !Reg
   | Neg !Reg !Operand
+  | Negs !Reg !Operand
   | Mul !Reg !Reg !Reg
+  | Mneg !Reg !Reg !Reg
   | Madd !Reg !Reg !Reg !Reg
   | Msub !Reg !Reg !Reg !Reg
   | Umulh !Reg !Reg !Reg
@@ -173,9 +176,11 @@ data Instr
   | Ldrsb !Reg !AddrMode
   | Ldrsh !Reg !AddrMode
   | Ldrsw !Reg !AddrMode
+  | Ldur !Reg !AddrMode
   | Str !Reg !AddrMode
   | Strb !Reg !AddrMode
   | Strh !Reg !AddrMode
+  | Stur !Reg !AddrMode
   | Ldp !Reg !Reg !AddrMode
   | Stp !Reg !Reg !AddrMode
   -- Compare and select

	auditor An aarch64 constant-time memory access auditing tool.
	git clone git://git.ppad.tech/auditor.git
	Log \| Files \| Refs \| README \| LICENSE

M	lib/Audit/AArch64/Check.hs	\|	2	++
M	lib/Audit/AArch64/Parser.hs	\|	5	+++++
M	lib/Audit/AArch64/Taint.hs	\|	5	+++++
M	lib/Audit/AArch64/Types.hs	\|	5	+++++