Enum Outcome

Source

pub enum Outcome {
    Pass {
        leak_probability: f64,
        effect: EffectEstimate,
        samples_used: usize,
        quality: MeasurementQuality,
        diagnostics: Diagnostics,
        theta_user: f64,
        theta_eff: f64,
        theta_floor: f64,
    },
    Fail {
        leak_probability: f64,
        effect: EffectEstimate,
        exploitability: Exploitability,
        samples_used: usize,
        quality: MeasurementQuality,
        diagnostics: Diagnostics,
        theta_user: f64,
        theta_eff: f64,
        theta_floor: f64,
    },
    Inconclusive {
        reason: InconclusiveReason,
        leak_probability: f64,
        effect: EffectEstimate,
        samples_used: usize,
        quality: MeasurementQuality,
        diagnostics: Diagnostics,
        theta_user: f64,
        theta_eff: f64,
        theta_floor: f64,
    },
    Unmeasurable {
        operation_ns: f64,
        threshold_ns: f64,
        platform: String,
        recommendation: String,
    },
    Research(ResearchOutcome),
}

Expand description

Top-level outcome of a timing test.

The adaptive Bayesian oracle returns one of four outcomes:

Pass: No timing leak detected (leak_probability < pass_threshold)
Fail: Timing leak confirmed (leak_probability > fail_threshold)
Inconclusive: Cannot reach a definitive conclusion
Unmeasurable: Operation too fast to measure on this platform

See spec Section 4.1 (Result Types).

Variants§

§

Pass

No timing leak detected.

The posterior probability of a timing leak is below the pass threshold (default 0.05), meaning we’re confident there is no exploitable leak.

Fields

§leak_probability: f64

Posterior probability of timing leak: P(effect > theta | data). Will be < pass_threshold (default 0.05).

§effect: EffectEstimate

Effect size estimate (shift and tail components).

§samples_used: usize

Number of samples used in the analysis.

§quality: MeasurementQuality

Measurement quality assessment.

§diagnostics: Diagnostics

Diagnostic information for debugging.

§theta_user: f64

User’s requested threshold in nanoseconds.

§theta_eff: f64

Effective threshold used for inference (may be elevated due to measurement floor).

§theta_floor: f64

Measurement floor at final sample count.

§

Fail

Timing leak confirmed.

The posterior probability of a timing leak exceeds the fail threshold (default 0.95), meaning we’re confident there is an exploitable leak.

Fields

§leak_probability: f64

Posterior probability of timing leak: P(effect > theta | data). Will be > fail_threshold (default 0.95).

§effect: EffectEstimate

Effect size estimate (shift and tail components).

§exploitability: Exploitability

Exploitability assessment based on effect magnitude.

§samples_used: usize

Number of samples used in the analysis.

§quality: MeasurementQuality

Measurement quality assessment.

§diagnostics: Diagnostics

Diagnostic information for debugging.

§theta_user: f64

User’s requested threshold in nanoseconds.

§theta_eff: f64

Effective threshold used for inference (may be elevated due to measurement floor).

§theta_floor: f64

Measurement floor at final sample count.

§

Inconclusive

Cannot reach a definitive conclusion.

The posterior probability is between pass_threshold and fail_threshold, or the analysis hit a limit (timeout, sample budget, noise).

Fields

§reason: InconclusiveReason

Reason why the result is inconclusive.

§leak_probability: f64

Current posterior probability of timing leak.

§effect: EffectEstimate

Effect size estimate (may have wide credible intervals).

§samples_used: usize

Number of samples used in the analysis.

§quality: MeasurementQuality

Measurement quality assessment.

§diagnostics: Diagnostics

Diagnostic information for debugging.

§theta_user: f64

User’s requested threshold in nanoseconds.

§theta_eff: f64

Effective threshold used for inference (may be elevated due to measurement floor).

§theta_floor: f64

Measurement floor at final sample count.

§

Unmeasurable

Operation too fast to measure reliably on this platform.

The operation completes faster than the timer’s resolution allows for meaningful measurement, even with adaptive batching.

Fields

§operation_ns: f64

Estimated operation duration in nanoseconds.

§threshold_ns: f64

Minimum measurable duration on this platform.

§platform: String

Platform description (e.g., “Apple Silicon (cntvct)”).

§recommendation: String

Suggested actions to make the operation measurable.

§

Research(ResearchOutcome)

Research mode result.

Returned when using AttackerModel::Research. Unlike Pass/Fail/Inconclusive which make threshold-based decisions, research mode characterizes the timing behavior relative to the measurement floor using CI-based semantics.

See ResearchOutcome for details on the stopping conditions.

Implementations§

Source §

impl Outcome

Source

pub fn passed(&self) -> bool

Check if the test passed (no timing leak detected).

Source

pub fn failed(&self) -> bool

Check if the test failed (timing leak detected).

Source

pub fn is_conclusive(&self) -> bool

Check if the result is conclusive (either Pass or Fail).

Source

pub fn is_measurable(&self) -> bool

Check if the operation was measurable.

Source

pub fn leak_probability(&self) -> Option<f64>

Get the leak probability if available.

Returns None for Unmeasurable and Research (research mode uses CI, not probability).

Source

pub fn effect(&self) -> Option<&EffectEstimate>

Get the effect estimate if available.

Source

pub fn quality(&self) -> Option<MeasurementQuality>

Get the measurement quality if available.

Source

pub fn diagnostics(&self) -> Option<&Diagnostics>

Get the diagnostics if available.

Source

pub fn samples_used(&self) -> Option<usize>

Get the number of samples used if available.

Source

pub fn is_reliable(&self) -> bool

Check if the measurement is reliable enough for assertions.

Returns true if:

Test is conclusive (Pass or Fail), AND
Quality is not TooNoisy, OR posterior is very conclusive (< 0.1 or > 0.9)

The key insight: a very conclusive posterior is trustworthy even with noisy measurements - the signal overcame the noise.

For Research mode, reliability is based on whether the CI is clearly above or below the measurement floor.

Source

pub fn unwrap_pass( self, ) -> (f64, EffectEstimate, MeasurementQuality, Diagnostics)

Unwrap a Pass result, panicking otherwise.

Source

pub fn unwrap_fail( self, ) -> (f64, EffectEstimate, Exploitability, MeasurementQuality, Diagnostics)

Unwrap a Fail result, panicking otherwise.

Source

pub fn handle_unreliable( self, test_name: &str, policy: UnreliablePolicy, ) -> Option<Outcome>

Handle unreliable results according to policy.

Returns Some(self) if the result is reliable. For unreliable results:

FailOpen: prints warning, returns None
FailClosed: panics

§Example

let outcome = oracle.test(...);
if let Some(result) = outcome.handle_unreliable("test_name", UnreliablePolicy::FailOpen) {
    assert!(result.passed());
}

Trait Implementations§

Source §

impl Clone for Outcome

Source §

fn clone(&self) -> Outcome

Returns a duplicate of the value. Read more

1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

Source §

impl Debug for Outcome

Source §

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more

Source §

impl<'de> Deserialize<'de> for Outcome

Source §

fn deserialize<D>( deserializer: D, ) -> Result<Outcome, <D as Deserializer<'de>>::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more

Source §

impl Display for Outcome

Source §

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more

Source §

impl Serialize for Outcome

Source §

fn serialize<S>( &self, serializer: S, ) -> Result<<S as Serializer>::Ok, <S as Serializer>::Error>
where S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

§

impl UnwindSafe for Outcome

Blanket Implementations§

Source §

impl<T> Any for T
where T: 'static + ?Sized,

Source §

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

Source §

impl<T> Borrow<T> for T
where T: ?Sized,

Source §

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

Source §

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source §

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

Source §

impl<T> CloneToUninit for T
where T: Clone,

Source §

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

Source §

impl<T> From<T> for T

Source §

fn from(t: T) -> T

Returns the argument unchanged.

Source §

impl<T> Instrument for T

Source §

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

Source §

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Source §

impl<T, U> Into for T
where U: From<T>,

Source §

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source §

impl<T> IntoEither for T

Source §

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more

Source §

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more

Source §