IMPL3.md (1130B)
1 # IMPL3: Enforce Intra-Procedural Call Boundaries 2 3 ## Summary 4 5 Ensure calls do not create CFG edges to callees, aligning behavior with 6 "no inter-procedural analysis" and preventing taint flow into callee 7 blocks via `bl` labels. 8 9 ## Steps 10 11 1) Update CFG successor labeling 12 - Remove `Bl` from `successorLabels` in `Audit.AArch64.CFG`. 13 - Leave fallthrough behavior unchanged so execution continues after 14 calls within the same function. 15 16 2) Confirm call-site taint model 17 - Keep `Bl`/`Blr` handling in `Audit.AArch64.Taint.transfer` as 18 caller-saved invalidation only. 19 - Ensure no additional propagation from a callee block occurs. 20 21 3) Tests 22 - Add a fixture with a `bl` to a local label and verify no CFG edge is 23 created (taint should not propagate into the callee block). 24 - Add a fixture where taint is set before a `bl` and used after it, 25 ensuring caller-saved invalidation still applies. 26 27 4) Docs 28 - Update README limitations if needed to clarify that call targets in 29 the same file are not traversed. 30 31 ## Files to Touch 32 33 - `lib/Audit/AArch64/CFG.hs` 34 - `test/` fixtures and unit tests 35 - `README.md` (if clarification needed)