IMPL21.md (1526B)
1 # IMPL21: Static Non-Constant-Time Instruction Scanner 2 3 ## Changes 4 5 1. Add `Audit.AArch64.NCT` module: 6 - `scanNct :: [Line] -> Map Text [NctFinding]` 7 - `NctFinding` holds line number, instruction, and reason. 8 - Maintain current function label while walking lines: 9 - On label line, if `isFunctionLabel`, update current function. 10 - Default symbol name to input file base or `"<unknown>"`. 11 12 2. Define `NctReason` enumeration: 13 - `CondBranch`, `IndirectBranch`, `Div`, `Mul`, `VarShift`, 14 `RegIndexAddr`. 15 - Extendable in the future. 16 17 3. Implement instruction classifier: 18 - Branches: `BCond`, `Cbz`, `Cbnz`, `Tbz`, `Tbnz` -> `CondBranch`. 19 - `Br`, `Blr` -> `IndirectBranch`. 20 - `Udiv`, `Sdiv` -> `Div`. 21 - `Mul`, `Madd`, `Msub`, `Umulh`, `Smulh` -> `Mul`. 22 - `Lsl`, `Lsr`, `Asr`, `Ror` -> `VarShift` when operand is 23 `OpReg`, `OpShiftedReg`, or `OpExtendedReg`. 24 - Loads/stores with `AddrMode` `BaseReg`, `BaseRegShift`, 25 `BaseRegExtend` -> `RegIndexAddr`. 26 27 4. CLI integration (`app/Main.hs`): 28 - Add `--scan-nct` flag to select scan mode. 29 - If set, parse and run scanner instead of taint audit. 30 - Add optional `--nct-detail` to print per-instruction details. 31 32 5. Output formatting: 33 - Summary: `symbol: count`. 34 - Detail lines: `symbol:line: reason: instr`. 35 36 6. Tests (`test/Main.hs`): 37 - Parsing a small snippet and verifying findings grouped by symbol. 38 - One positive per reason to ensure coverage. 39 40 ## Notes 41 42 - Keep lines under 80 chars. 43 - No new dependencies.