auditor

An aarch64 constant-time memory access auditing tool.
git clone git://git.ppad.tech/auditor.git
Log | Files | Refs | README | LICENSE

IMPL21.md (1526B)


      1 # IMPL21: Static Non-Constant-Time Instruction Scanner
      2 
      3 ## Changes
      4 
      5 1. Add `Audit.AArch64.NCT` module:
      6    - `scanNct :: [Line] -> Map Text [NctFinding]`
      7    - `NctFinding` holds line number, instruction, and reason.
      8    - Maintain current function label while walking lines:
      9      - On label line, if `isFunctionLabel`, update current function.
     10      - Default symbol name to input file base or `"<unknown>"`.
     11 
     12 2. Define `NctReason` enumeration:
     13    - `CondBranch`, `IndirectBranch`, `Div`, `Mul`, `VarShift`,
     14      `RegIndexAddr`.
     15    - Extendable in the future.
     16 
     17 3. Implement instruction classifier:
     18    - Branches: `BCond`, `Cbz`, `Cbnz`, `Tbz`, `Tbnz` -> `CondBranch`.
     19    - `Br`, `Blr` -> `IndirectBranch`.
     20    - `Udiv`, `Sdiv` -> `Div`.
     21    - `Mul`, `Madd`, `Msub`, `Umulh`, `Smulh` -> `Mul`.
     22    - `Lsl`, `Lsr`, `Asr`, `Ror` -> `VarShift` when operand is
     23      `OpReg`, `OpShiftedReg`, or `OpExtendedReg`.
     24    - Loads/stores with `AddrMode` `BaseReg`, `BaseRegShift`,
     25      `BaseRegExtend` -> `RegIndexAddr`.
     26 
     27 4. CLI integration (`app/Main.hs`):
     28    - Add `--scan-nct` flag to select scan mode.
     29    - If set, parse and run scanner instead of taint audit.
     30    - Add optional `--nct-detail` to print per-instruction details.
     31 
     32 5. Output formatting:
     33    - Summary: `symbol: count`.
     34    - Detail lines: `symbol:line: reason: instr`.
     35 
     36 6. Tests (`test/Main.hs`):
     37    - Parsing a small snippet and verifying findings grouped by symbol.
     38    - One positive per reason to ensure coverage.
     39 
     40 ## Notes
     41 
     42 - Keep lines under 80 chars.
     43 - No new dependencies.