ARCH12.md (1435B)
1 # ARCH12: Array-Backed Taint State for Register Maps 2 3 ## Goal 4 5 Reduce allocation and lookup overhead in taint analysis by replacing 6 `Map Reg Taint`/`Map Reg Provenance` with fixed-size arrays indexed by 7 register number, and by making folds strict. 8 9 ## Scope 10 11 - Replace register maps with `Data.Primitive.Array.SmallArray` for taint 12 and provenance (register count < 128). 13 - Keep stack slot maps as `IntMap`. 14 - Use strict folds (`foldl'`) in hot paths. 15 16 ## Rationale 17 18 - Register set is small and fixed; maps add unnecessary overhead. 19 - `SmallArray` is more efficient for small arrays (no card table). 20 - Strict folds prevent buildup of thunks in long blocks. 21 22 ## Architecture 23 24 ### Register Indexing 25 26 - Add `regIndex :: Reg -> Int` and `regCount :: Int`. 27 - Store register taints/provenances in `SmallArray` indexed by 28 `regIndex`. 29 - Provide helpers `getRegTaint`, `setRegTaint`, `getRegProv`, 30 `setRegProv`. 31 32 ### Initialization 33 34 - `initTaintState` builds arrays with default `Unknown/ProvUnknown` and 35 writes `Public/ProvPublic` at `publicRoots` indices. 36 37 ### Strictness 38 39 - Replace `foldl` with `foldl'` in `analyzeBlock` and 40 `analyzeBlockWithSummaries`. 41 42 ## Risks 43 44 - Must keep regIndex mapping in sync with `Reg` constructors. 45 - `SmallArray` is immutable; updates require copying. Use an update 46 helper that writes via `runST`/`MutableArray` for batched updates where 47 it pays off, or accept small copy cost for per-reg updates.