auditor

An aarch64 constant-time memory access auditing tool.
git clone git://git.ppad.tech/auditor.git
Log | Files | Refs | README | LICENSE

ARCH3.md (1232B)


      1 # ARCH3: Call Handling and Inter-Procedural Boundaries
      2 
      3 ## Problem
      4 
      5 The tool claims "no inter-procedural analysis," but the CFG currently
      6 adds successor edges for `bl` targets when the label is resolvable in
      7 the same assembly file. This causes taint to flow into callee blocks as
      8 if they were intra-procedural, which can under-report violations or
      9 smear caller taint across unrelated code.
     10 
     11 ## Goal
     12 
     13 Enforce a clear intra-procedural boundary for calls:
     14 - Calls should not create CFG edges to callee blocks.
     15 - Taint effects of calls should be modeled conservatively at the call
     16   site (caller-saved invalidation only, or a configurable summary).
     17 
     18 ## Approach
     19 
     20 - Treat `bl`/`blr` as terminators for intra-procedural CFG purposes
     21   (no explicit successor labels).
     22 - Preserve fallthrough after calls within the same block sequence.
     23 - Keep the call-site taint model (invalidate caller-saved) as the sole
     24   effect of calls.
     25 
     26 ## Rationale
     27 
     28 This aligns behavior with the stated limitation and avoids accidental
     29 inter-procedural propagation when the callee label is present in the
     30 same asm file.
     31 
     32 ## Future Extension
     33 
     34 Introduce optional call summaries to model callee effects (e.g. JSON
     35 summary per symbol), but keep it explicit and opt-in.