IMPL18.md (1167B)
1 # IMPL18: Implement STG Stack Slot Seeding 2 3 ## Summary 4 5 Extend taint config and entry-state seeding to mark STG stack slots 6 (x20-relative offsets) as secret or public. 7 8 ## Steps 9 10 1) Extend ArgPolicy 11 - Add `apStgSecret :: Set Int` and `apStgPublic :: Set Int`. 12 - Update JSON parsing to accept `stg_secret`/`stg_public` arrays. 13 - Validate offsets as integers. 14 15 2) Seeding logic 16 - Add `seedStgStack :: ArgPolicy -> TaintState -> TaintState`. 17 - Apply public first, then secret (secret wins). 18 - Set taint/prov/kind appropriately for each slot: 19 - Secret -> Secret / ProvUnknown / KindUnknown (or KindScalar) 20 - Public -> Public / ProvPublic / KindPtr? (likely KindScalar) 21 22 3) Entry-state integration 23 - Update `seedArgs` or entry seeding paths to include `seedStgStack`. 24 - Ensure both intra-proc and inter-proc config paths use it. 25 26 4) Tests 27 - JSON parsing for `stg_secret`/`stg_public`. 28 - Entry seeding yields secret on load from `[x20, #imm]`. 29 30 ## Files to Touch 31 32 - `lib/Audit/AArch64/Types.hs` 33 - `lib/Audit/AArch64/Taint.hs` 34 - `test/` 35 36 ## Validation 37 38 - `cabal test` 39 - Run `mul_wnaf` with `stg_secret` offsets [8, 152] and expect 40 secret-indexed access to be flagged.