ARCH13.md (1328B)
1 # ARCH13: Register Kind Tracking (Pointer vs Scalar) 2 3 ## Goal 4 5 Prevent provenance from "laundering" secret-derived scalars by 6 introducing a register kind lattice (pointer vs scalar) and only using 7 provenance upgrades for pointer kinds. 8 9 ## Scope 10 11 Stage 1 (registers only): 12 - Track kind for registers (`Ptr`/`Scalar`/`Unknown`). 13 - Apply pointer-kind checks when upgrading via provenance. 14 15 Stage 2 (with spills): 16 - Extend kind tracking to stack slots to preserve pointer/scalar intent 17 across spills and reloads. 18 19 ## Rationale 20 21 Provenance is safe for pointer bases but unsafe for scalar indices. 22 Kind tracking separates these cases and avoids false negatives in 23 secret-indexed memory accesses. 24 25 ## Kind Propagation Rules (Stage 1) 26 27 - `adr/adrp` -> `Ptr`. 28 - `mov dst, src` -> copy kind. 29 - `add/sub dst, src, #imm` -> `Ptr` if src is `Ptr`, else `Scalar`. 30 - `and` with pointer-untag mask -> preserve `Ptr`. 31 - Loads -> `Scalar` by default. 32 - Other arithmetic/logical ops -> `Scalar`. 33 34 ## Address Checks 35 36 - Base registers: allow provenance upgrade only if kind is `Ptr`. 37 - Index registers: never upgrade via provenance (or only if kind is 38 `Ptr`, which should be rare for indices). 39 40 ## Risks 41 42 - Misclassifying pointer-preserving ops may increase false positives. 43 - Without spill tracking, kind info can be lost across stack stores.