IMPL19.md (1502B)
1 # IMPL19: STG Stack Delta Tracking 2 3 ## Changes 4 5 1. Add `shiftStgStackMap :: Int -> TaintState -> TaintState` in 6 `lib/Audit/AArch64/Taint.hs`: 7 - If delta is 0, return input. 8 - Otherwise rebuild `tsStgStack`, `tsStgStackProv`, `tsStgStackKind` 9 by shifting keys by `delta`. 10 - Preserve values; drop any collisions by `IM.insert` semantics 11 (last wins) or use `IM.fromList` (stable order is fine). 12 13 2. Update transfer for `Add/Sub`: 14 - In `Add dst r1 op` and `Sub dst r1 op`, if `dst == X20`, `r1 == X20`, 15 and `op` is `OpImm imm`, use `shiftStgStackMap` instead of 16 `clearStgStackMap` when updating `x20`. 17 - Preserve existing taint/prov/kind updates for `x20`. 18 - For any other `x20` update, keep `clearStgStackMap` behavior. 19 20 3. Update pre/post-index handling in load/store helpers: 21 - In `storeToStack` and `storePairToStack`, for `PreIndex X20 imm` 22 and `PostIndex X20 imm`, replace `clearStgStackMap` with 23 `shiftStgStackMap` using `imm` (post-index applies after access, 24 so shift after storing). 25 - In `loadFromStack` and `loadPairFromStack`, do the same for 26 `PreIndex X20 imm` and `PostIndex X20 imm` after loading. 27 28 ## Tests 29 30 - Add a small fixture and unit test that seeds `stg_secret` at offset 8, 31 then processes `sub x20, x20, #16` followed by `ldr x1, [x20, #24]` and 32 asserts the load is tainted. 33 - Add a symmetric test for `add x20, x20, #16` shifting the other way. 34 35 ## Notes 36 37 - Keep lines under 80 chars. 38 - Avoid new dependencies.