auditor

An aarch64 constant-time memory access auditing tool.
git clone git://git.ppad.tech/auditor.git
Log | Files | Refs | README | LICENSE
commit 6d87c2c5657bdc585bc1032482f1493f7e9ed5a0
parent 8cda84c0798d1401fa706f0c470dc5d53f972ed9
Author: Jared Tobin <jared@jtobin.io>
Date:   Tue, 10 Feb 2026 12:52:54 +0400

meta: docs

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Diffstat:

AREADME.md | 75+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


1 file changed, 75 insertions(+), 0 deletions(-)

diff --git a/README.md b/README.md
@@ -0,0 +1,75 @@
+# ppad-auditor
+
+![](https://img.shields.io/badge/license-MIT-brightgreen)
+
+A Haskell tool for static analysis of GHC-generated AArch64 assembly,
+focused on constant-time memory access auditing for cryptographic code.
+
+## Overview
+
+ppad-auditor parses AArch64 assembly and performs taint analysis to
+identify memory accesses that may leak secret data through
+timing side-channels. It flags loads and stores where:
+
+- The base register may contain secret-derived data
+- An index register may contain secret-derived data
+
+The tool assumes GHC's calling convention, where certain registers
+(X19-X22, SP) are treated as public (stack/heap pointers), and tracks
+how taint propagates through arithmetic and data movement instructions.
+
+## Usage
+
+```
+$ auditor -i input.s
+```
+
+Sample output:
+
+```
+LBB0_4:42: unknown base register x22
+Lloh5:62: unknown base register x8
+
+Lines checked:    202
+Memory accesses:  37
+Violations:       2
+```
+
+Use `-q` for quiet mode (violations only) or `-j` for JSON output.
+
+## Limitations
+
+This is an early-stage tool with known limitations:
+
+- **Intra-block analysis only**: Taint doesn't propagate across basic
+  block boundaries, leading to false positives at block entry points
+- **No inter-procedural analysis**: Function calls reset taint state
+- **Conservative**: Unknown taint is treated as potentially secret
+
+These limitations mean the tool will over-report violations. Manual
+review of flagged accesses is required.
+
+## Development
+
+You'll require [Nix][nixos] with [flake][flake] support enabled. Enter a
+development shell with:
+
+```
+$ nix develop
+```
+
+Then build and test:
+
+```
+$ cabal build
+$ cabal test
+```
+
+To audit some assembly:
+
+```
+$ cabal run auditor -- -i path/to/file.s
+```
+
+[nixos]: https://nixos.org/
+[flake]: https://nixos.org/manual/nix/unstable/command-ref/new-cli/nix3-flake.html