ARCH6.md (1189B)
1 # ARCH6: Def-Use Provenance for Base Registers 2 3 ## Goal 4 5 Add lightweight def-use provenance so "Unknown base" can be upgraded to 6 Public when the base register is provably derived from public roots via 7 simple arithmetic/move chains. 8 9 ## Scope 10 11 - Track only simple, local provenance within a function. 12 - No symbolic algebra; only safe, explicit patterns. 13 - Inter-proc summaries remain taint-only; provenance is local. 14 15 ## Provenance Model 16 17 - Each register can carry an optional provenance tag: 18 - `ProvRoot r` (public root) 19 - `ProvConst` (adr/adrp/literal) 20 - `ProvDerive r` (derived from another reg via safe op) 21 - A provenance chain resolves to Public if it ends in a public root or 22 constant tag. 23 24 ## Safe Ops 25 26 - mov reg, reg 27 - add/sub reg, reg, #imm 28 - add reg, reg, reg when both are proven public 29 - adrp/adr (constant pool) 30 - and/or/xor with zero register (preserve provenance) 31 32 ## Integration 33 34 - Extend taint state with a provenance map. 35 - When setting taint to Public via provenance, also record provenance. 36 - When provenance is lost/unsafe, clear it. 37 38 ## Reporting 39 40 - No output changes by default. 41 - Optional explain mode can show provenance chains for suppressed 42 violations.