ARCH19.md (1446B)
1 # ARCH19: STG Stack Delta Tracking 2 3 ## Goal 4 5 Preserve STG stack slot taint across constant adjustments of `x20` 6 so seeding by offset remains valid after small prologues/epilogues. 7 8 ## Context 9 10 We currently clear all `tsStgStack*` maps when `x20` changes. This is 11 safe but loses information for common prologue patterns like: 12 13 sub x20, x20, #16 14 15 This wipes seeded `stg_secret` slots before later loads. 16 17 ## Approach 18 19 Track constant deltas to `x20` by shifting STG stack slot maps: 20 21 - On `add x20, x20, #imm`: shift all offsets by `-imm`. 22 - On `sub x20, x20, #imm`: shift all offsets by `+imm`. 23 24 This matches the address mapping: after `sub x20, x20, #16`, the old 25 slot at offset `8` is now at offset `24` relative to the new `x20`. 26 27 For any non-constant update to `x20`, continue to clear all maps. 28 29 ## Scope 30 31 - `tsStgStack`, `tsStgStackProv`, `tsStgStackKind` only. 32 - Do not change `tsStack*` (SP) logic. 33 - Keep taint/provenance/kind semantics unchanged for all other regs. 34 35 ## Integration Points 36 37 - Add a helper to shift STG stack maps by a signed delta. 38 - Update transfer cases for `Add/Sub` where `dst == X20` and operand 39 is an immediate. 40 - Update pre/post-indexed `[x20, #imm]` load/store handling to shift 41 maps by `imm` instead of clearing after access. 42 43 ## Risks 44 45 - Incorrect sign or shift direction causes false positives/negatives. 46 - Large deltas could overflow `Int`; treat as best-effort and allow 47 the existing `Int` semantics.