stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
fb46a927ad64cbae8b769da558e632b4c1b47dd7
git.stella-ops.org/docs/modules/binary-index/hybrid-diff-stack.md
master fb46a927ad save changes
2026-02-17 00:51:35 +02:00

4.8 KiB
Raw Blame History

Hybrid Diff Stack Architecture (Source -> Symbols -> Normalized Bytes)

Status: Planned (advisory translation, 2026-02-16) Module: BinaryIndex with cross-module contracts (Symbols, EvidenceLocker, Policy, Attestor, ReleaseOrchestrator)

1. Objective

Produce compact, auditable patch artifacts that preserve developer intent and binary truth at the same time:

  • Source-level intent: semantic edit scripts anchored to classes/functions.
  • Build-level mapping: symbol map linked to immutable build identity.
  • Binary-level patching: normalization-first per-symbol deltas.
  • Release evidence: DSSE-signed contract consumed by policy and replay.

2. Current implementation baseline

Implemented today:

  • ELF normalization passes and deterministic delta hash generation.
  • DeltaSig predicate contracts (v1 and v2) with CLI author/sign/verify flows.
  • Symbol manifest model with debug id, code id, source paths, and line data.

Gaps for full advisory scope:

  • No AST semantic edit script artifact pipeline in current release workflow.
  • No canonical builder output for source-range to symbol-address map as a first-class build artifact contract.
  • No end-to-end "source edits -> symbol patch plan -> normalized deltas" bundle schema consumed by release policy.
  • Existing function delta composition still contains placeholder address/size behavior in parts of DeltaSig generation.

3. Target contracts

3.1 Source semantic edit script (semantic_edit_script.json)

Required fields:

  • schemaVersion
  • sourceTreeDigest
  • edits[] where each edit includes:
    • editType: add|remove|move|update|rename
    • nodeKind: class|method|field|import|statement
    • nodePath: stable language-specific path
    • anchor: symbol-like identifier (for example Namespace.Type.Method)
    • pre and post source spans and digests

Determinism rules:

  • Stable sort by file path, then node path.
  • Stable source digests and normalized paths.

3.2 Symbol map (symbol_map.json)

Produced during build from DWARF/PDB + build metadata.

Required fields:

  • schemaVersion
  • buildId
  • binaryDigest
  • symbols[]:
    • name
    • kind (function|object|section)
    • addressStart and addressEnd
    • section
    • sourceRanges[] (file, lineStart, lineEnd)

Determinism rules:

  • Symbol ordering by address then name.
  • Build id must match attestation subject.

3.3 Symbol patch plan (symbol_patch_plan.json)

Joins source edits with concrete symbols.

Required fields:

  • schemaVersion
  • buildIdBefore and buildIdAfter
  • editsDigest
  • symbolMapDigestBefore and symbolMapDigestAfter
  • changes[]:
    • symbol
    • changeType (added|removed|modified|moved)
    • astAnchors[]
    • preHash and postHash
    • deltaRef

3.4 Patch manifest (patch_manifest.json)

Binds per-symbol normalized deltas to evidence and policy.

Required fields:

  • schemaVersion
  • buildId
  • normalizationRecipeId
  • patches[]:
    • symbol
    • addressRange
    • deltaDigest
    • pre (size, hash)
    • post (size, hash)
  • attestation (predicateType, dsseDigest)

4. Evidence and policy integration

EvidenceLocker stores four linked artifacts per release comparison:

  1. semantic edit script
  2. symbol maps (before/after)
  3. symbol patch plan
  4. normalized patch manifest + delta blobs

Policy hooks:

  • Allowlist/denylist by namespace or symbol path.
  • Max function-count and max byte budget controls.
  • API surface change checks.
  • Hot-path and cryptography namespace protection rules.

5. Verifier contract (Attestor/Doctor)

Verifier must prove all of the following before promotion:

  • Build-id and subject digest alignment.
  • Re-normalization of target binary with matching recipe id.
  • Dry-run delta application succeeds within declared symbol boundaries.
  • Resulting hashes equal manifest post values.
  • AST anchors reconcile to changed symbols in symbol patch plan.
  • DSSE signatures and transparency references validate per policy.

6. Integration boundaries

Builder step (CI): emit symbol map and normalized segments.

ReleaseOrchestrator step: combine source edits, symbol maps, and normalized bytes into patch plan and manifest.

BinaryIndex/DeltaSig: own normalization and per-symbol diff generation.

Attestor/Doctor: own verification and attestation checks.

EvidenceLocker: own storage schema and query surfaces.

Policy: consume summarized patch-plan metrics and rule evaluations.

7. Implementation tracker

Execution is tracked in:

  • docs/implplan/SPRINT_20260216_001_BinaryIndex_hybrid_diff_patch_pipeline.md

8. Related documents

  • docs/hybrid-diff-patching.md
  • docs/modules/binary-index/semantic-diffing.md
  • docs/modules/binary-index/deltasig-v2-schema.md
  • docs/modules/scanner/binary-diff-attestation.md
  • docs/modules/evidence-locker/guides/evidence-pack-schema.md