auditor

An aarch64 constant-time memory access auditing tool.
git clone git://git.ppad.tech/auditor.git
Log | Files | Refs | README | LICENSE
commit e4464a0e0b0c43b655369ba77274188bbb1477d0
parent 9a4b2fe34c3c30278e85ed7345299ee4e8e5530a
Author: Jared Tobin <jared@jtobin.io>
Date:   Sat, 28 Feb 2026 13:36:56 +0400

fix: address review feedback for RuntimeConfig refactoring

- CLI backward-compat flags: switch <|> switch always succeeds on
  the left branch (False), so hidden aliases were never reached.
  Fix by using a single switch with multiple long modifiers.

- checkCFGInterProc: hardcoded TaintConfig Map.empty True, ignoring
  rtSecondaryStack/ssAssumePublic. Now derives tcAssumeStgPublic
  from the runtime config, consistent with checkCFG.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Diffstat:

Mapp/Main.hs | 28++++++++++------------------


Mlib/Audit/AArch64/Check.hs | 8++++++--


2 files changed, 16 insertions(+), 20 deletions(-)

diff --git a/app/Main.hs b/app/Main.hs
@@ -114,15 +114,11 @@ optParser = Options
      <> help "Show per-instruction details in NCT \
              \scan mode"
       )
-  <*> ( switch
-          ( long "show-runtime-patterns"
-         <> help "Show runtime patterns in NCT scan \
-                 \(hidden by default)"
-          )
-      <|> switch
-          ( long "show-ghc-runtime"
-         <> internal
-          )
+  <*> switch
+      ( long "show-runtime-patterns"
+     <> long "show-ghc-runtime"
+     <> help "Show runtime patterns in NCT scan \
+             \(hidden by default)"
       )
   <*> optional (strOption
       ( long "symbol"
@@ -158,15 +154,11 @@ optParser = Options
      <> help "Show callers instead of callees \
              \(use with --symbol)"
       )
-  <*> ( switch
-          ( long "assume-secondary-private"
-         <> help "Treat untracked secondary stack \
-                 \slots as private (default: public)"
-          )
-      <|> switch
-          ( long "assume-stg-private"
-         <> internal
-          )
+  <*> switch
+      ( long "assume-secondary-private"
+     <> long "assume-stg-private"
+     <> help "Treat untracked secondary stack \
+             \slots as private (default: public)"
       )
   <*> option runtimeReader
       ( long "runtime"
diff --git a/lib/Audit/AArch64/Check.hs b/lib/Audit/AArch64/Check.hs
@@ -29,7 +29,8 @@ import Audit.AArch64.CFG
   ( BasicBlock(..), CFG(..)
   , cfgBlockCount, indexBlock, blockFunction
   )
-import Audit.AArch64.Runtime (RuntimeConfig)
+import Audit.AArch64.Runtime
+  (RuntimeConfig(..), SecondaryStack(..))
 import Audit.AArch64.Taint
 import Audit.AArch64.Types
   ( Reg(..), Instr(..), Line(..), AddrMode(..)
@@ -235,7 +236,10 @@ checkCFGInterProc :: RuntimeConfig -> Text -> CFG
                   -> AuditResult
 checkCFGInterProc rt sym cfg =
   let summaries = runInterProc rt cfg
-      emptyConfig = TaintConfig Map.empty True
+      assumeStg = case rtSecondaryStack rt of
+        Nothing -> False
+        Just ss -> ssAssumePublic ss
+      emptyConfig = TaintConfig Map.empty assumeStg
       inStates =
         runDataflowWithConfigAndSummaries rt emptyConfig
           summaries cfg