Open jedisct1 opened 6 years ago
To clarify, for this example and commandline:
~ $ cat ct.c
const int k1=1;
const int k2=4;
const int k3[4] = {1, 2, 3, 4};
int secret[4] = {3, 4, 5, 6};
int f(void)
{
int s = 0;
for (int i=0; i<k2; i++) {
s += secret[k3[i] - k1];
if ("abcd"[i] == 'b') s++;
}
return s;
}
int main(void) {
return f();
}
~ $ tis-kernel -val ct.c -slevel 100 -graphdeps -experimental-path-deps -experimental-mem-deps
The following result is shown:
[from] ====== DISPLAYING PATH DEPENDENCIES ======
[from] Function: f
Path dependency at `ct.c:9':
Dependencies: k2
Path dependency at `ct.c:11':
Dependencies: k2; "abcd"
[from] ====== END OF PATH DEPENDENCIES ======
[from] ====== DISPLAYING MEM DEPENDENCIES ======
[from] Function: f
Dependencies: k1; k2; k3[0..3]
The request is for a commandline option not to show k1
,k2
, k3
or "abcd"
in the results.
When using
-experimental-path-deps
or-experimental-mem-deps
, staticconst
arrays typically hold non-secret data:In this real world example,
BASE_POINT
is the base point used with an elliptic curve, that is public by definition.Having a switch to avoid reporting dependencies on data in the
.rodata
section would be very useful.