ARCH11.md (1296B)
1 # ARCH11: Configurable Public Roots for Taint Analysis 2 3 ## Goal 4 5 Allow users to override or extend the set of public root registers via a 6 JSON sidecar file, instead of hard-wiring the GHC calling convention. 7 8 ## Scope 9 10 - JSON config file for public roots (register list). 11 - CLI flag to load the config (aligned with existing taint config flow). 12 - No new dependencies beyond aeson/text/containers. 13 14 ## Config Model 15 16 Example: 17 18 { 19 "public_roots": ["SP", "X29", "X19", "X20", "X21", "X28", "X18", "XZR", "WZR"] 20 } 21 22 Semantics: 23 24 - If provided, the public root list fully replaces the default set. 25 - Unknown registers remain `Unknown` unless seeded by other policies. 26 - Invalid register names are a configuration error. 27 28 ## Integration Points 29 30 - Extend CLI to accept `--public-roots <path>` (or similar). 31 - Parse config at startup; pass into analysis environment. 32 - Initialize `TaintState` using configured public roots when present. 33 - Inter-proc summaries continue to assume caller-saved unknown unless 34 overridden by config. 35 36 ## Reporting 37 38 - Emit a clear error on invalid register names. 39 - Optional warning if config is empty (all roots unknown). 40 41 ## Risks 42 43 - Overly permissive roots can hide issues; docs should caution users. 44 - Different ABIs may require different defaults; allow opt-in override.