Runtime.hs (1945B)
1 {-# OPTIONS_HADDOCK prune #-} 2 3 -- | 4 -- Module: Audit.AArch64.Runtime 5 -- Copyright: (c) 2025 Jared Tobin 6 -- License: MIT 7 -- Maintainer: jared@ppad.tech 8 -- 9 -- Runtime configuration for AArch64 constant-time auditing. 10 -- 11 -- Parameterises GHC/STG-specific analysis logic so the auditor 12 -- can support multiple runtimes (GHC, Rust, Go, C). 13 14 module Audit.AArch64.Runtime ( 15 RuntimeConfig(..) 16 , SecondaryStack(..) 17 ) where 18 19 import Audit.AArch64.Types 20 (Reg, LineMap, NctFinding) 21 import Data.Text (Text) 22 23 -- | Runtime-specific configuration for the auditor. 24 -- 25 -- Selected once at CLI parse time and threaded through 26 -- analysis. All runtime-varying behaviour is captured here. 27 data RuntimeConfig = RuntimeConfig 28 { rtPublicRoots :: ![Reg] 29 -- ^ Registers assumed public at function entry 30 , rtSecondaryStack :: !(Maybe SecondaryStack) 31 -- ^ Secondary stack configuration (e.g. GHC's STG 32 -- stack via X20). Nothing for runtimes without one. 33 , rtIsLocalLabel :: !(Text -> Bool) 34 -- ^ Runtime-specific local label predicate (e.g. 35 -- GHC NCG prefixes Lc, Ls, Lu) 36 , rtUntagMasks :: ![Integer] 37 -- ^ Pointer untagging masks to whitelist (e.g. 38 -- GHC's low-3-bit tag clearing) 39 , rtFilterNct :: !(LineMap -> NctFinding -> Bool) 40 -- ^ Predicate for runtime-specific NCT patterns 41 -- that should be filtered out 42 , rtEncodeSymbol 43 :: !(Maybe (Text -> Either Text Text)) 44 -- ^ Optional symbol encoder (e.g. GHC z-encoding) 45 } 46 47 -- | Secondary stack configuration. 48 -- 49 -- Some runtimes maintain a separate stack (e.g. GHC's STG 50 -- stack pointed to by X20). This record captures the base 51 -- register and default assumption for untracked slots. 52 data SecondaryStack = SecondaryStack 53 { ssBaseReg :: !Reg 54 -- ^ Register holding the secondary stack pointer 55 , ssAssumePublic :: !Bool 56 -- ^ Default assumption for untracked slots (True 57 -- for GHC: STG stack holds closure pointers) 58 }