commit b9de77630868522fb609abfb0d418b98bae84677
parent 6dd91fa69d98bf078cf11ec505c236699993bd5d
Author: Jared Tobin <jared@jtobin.io>
Date: Thu, 26 Feb 2026 17:32:57 +0400
fix: clarify isSecretViolation and add comment for reg-offset handling
- NonConstOffset is a structural violation, not secret-derived; return
False from isSecretViolation to avoid inflating secret violation counts
- Add comment explaining why register-offset modes fall through to
coarse heap handling (dynamic offset prevents refined slot tracking)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Diffstat:
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/lib/Audit/AArch64/Taint.hs b/lib/Audit/AArch64/Taint.hs
@@ -851,6 +851,9 @@ loadFromStack dst addr st = case addr of
| isPublicPointer base st ->
setTaintLoadHeapSlot dst base (fromInteger imm) st
-- Secret data pointer with register offset: [base, xM] variants
+ -- Note: Register-offset modes don't support refined heap slots because
+ -- the offset is dynamic - we can't determine which slot is being accessed.
+ -- These fall through to coarse heap handling if not secret data pointers.
BaseReg base _idx
| isSecretDataPointer base st ->
setTaintProvKind dst Secret ProvUnknown KindScalar st
diff --git a/test/Main.hs b/test/Main.hs
@@ -15,14 +15,14 @@ import qualified Data.Text as T
import Test.Tasty
import Test.Tasty.HUnit
--- | Check if a violation reason is secret (not unknown).
+-- | Check if a violation is secret-derived (not unknown or structural).
isSecretViolation :: ViolationReason -> Bool
isSecretViolation r = case r of
SecretBase _ -> True
SecretIndex _ -> True
UnknownBase _ -> False
UnknownIndex _ -> False
- NonConstOffset -> True
+ NonConstOffset -> False -- Structural violation, not secret-derived
main :: IO ()
main = defaultMain $ testGroup "ppad-auditor" [
