jan/rrt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Trace infrastructure tunnel and track-cap caller splits

Browse source
This commit is contained in:
Jan Petykiewicz 2026-04-18 17:26:38 -07:00
commit 8db0a0fe59
1 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
crates/rrt-runtime/src/smp.rs
View file

@ -4554,6 +4554,7 @@ fn build_infrastructure_asset_trace_report(
"the currently grounded direct-constructor chooser branches are narrower now too: the repeated calls at 0x004a2eba/0x004a30f9/0x004a339c feed 0x00490960 with mode arg 0x0a and stem arg 0x005cb138 = BallastCapDT_Cap.3dp, so they bypass the selector-copy block at 0x004909e2 and go straight into fresh child allocation/seeding".to_string(), "the currently grounded direct-constructor chooser branches are narrower now too: the repeated calls at 0x004a2eba/0x004a30f9/0x004a339c feed 0x00490960 with mode arg 0x0a and stem arg 0x005cb138 = BallastCapDT_Cap.3dp, so they bypass the selector-copy block at 0x004909e2 and go straight into fresh child allocation/seeding".to_string(),
"the wider direct-calls sweep now also grounds stable 0x00490960 mode families: mode 0x0b pairs with fixed TrackCapDT/ST_Cap literals at 0x0048ed01/0x0048ed20, mode 0x03 with OverpassST_section at 0x00495a44, mode 0x02 with the decoded TunnelST/TunnelDT tables and zero-stem fallbacks across 0x004a17eb/0x004a1995/0x004a1b44/0x004a1b7d/0x004a1b95, and mode 0x01 with the decoded BridgeDT/BridgeST tables plus bridge zero-stem fallbacks across 0x004a1dae/0x004a2043/0x004a2082/0x004a221e/0x004a22a5/0x004a23aa/0x004a23eb/0x004a2409/0x004a24f6".to_string(), "the wider direct-calls sweep now also grounds stable 0x00490960 mode families: mode 0x0b pairs with fixed TrackCapDT/ST_Cap literals at 0x0048ed01/0x0048ed20, mode 0x03 with OverpassST_section at 0x00495a44, mode 0x02 with the decoded TunnelST/TunnelDT tables and zero-stem fallbacks across 0x004a17eb/0x004a1995/0x004a1b44/0x004a1b7d/0x004a1b95, and mode 0x01 with the decoded BridgeDT/BridgeST tables plus bridge zero-stem fallbacks across 0x004a1dae/0x004a2043/0x004a2082/0x004a221e/0x004a22a5/0x004a23aa/0x004a23eb/0x004a2409/0x004a24f6".to_string(),
"objdump on 0x00490960 now also sharpens the source-side comparison for the remaining mixed exact-prefix classes: mode lives at [esp+0x10], stem at [esp+0x14], args 3/4 at [esp+0x18]/[esp+0x1c] feed 0x539530, arg 5 at [esp+0x20] feeds 0x53a5b0, arg 10 at [esp+0x34] gates whether the new child is cached into [this+0x248], and the selector-copy block at 0x004909e2..0x00490a32 reads bytes from [esp+0x28]/[esp+0x2c]/[esp+0x30] into [this+0x219]/[this+0x251]/bit0x20 in [this+0x24c]. The fixed TrackCap mode-0x0b branches at 0x0048ed01/0x0048ed20 push literals 0x005cb198/0x005cb1ac after the same pre-seeded 1,-1,-1,0,0 flag bundle, so they reach 0x490960 with arg7/arg8/arg9 = -1/-1/0 and bypass that selector-copy block because mode >= 4. The tunnel mode-0x02 family at 0x004a17eb/0x004a1995/0x004a1b44/0x004a1b7d plus zero-stem fallback 0x004a1b95 necessarily flows through the selector-copy block because mode < 4, and the objdump caller bundles show those branches reaching 0x490960 with arg8 fixed at 1, arg9 fixed at 0, and only arg7 varying through the branch-local register (ebx/ebp) before the table or fallback stem is pushed".to_string(), "objdump on 0x00490960 now also sharpens the source-side comparison for the remaining mixed exact-prefix classes: mode lives at [esp+0x10], stem at [esp+0x14], args 3/4 at [esp+0x18]/[esp+0x1c] feed 0x539530, arg 5 at [esp+0x20] feeds 0x53a5b0, arg 10 at [esp+0x34] gates whether the new child is cached into [this+0x248], and the selector-copy block at 0x004909e2..0x00490a32 reads bytes from [esp+0x28]/[esp+0x2c]/[esp+0x30] into [this+0x219]/[this+0x251]/bit0x20 in [this+0x24c]. The fixed TrackCap mode-0x0b branches at 0x0048ed01/0x0048ed20 push literals 0x005cb198/0x005cb1ac after the same pre-seeded 1,-1,-1,0,0 flag bundle, so they reach 0x490960 with arg7/arg8/arg9 = -1/-1/0 and bypass that selector-copy block because mode >= 4. The tunnel mode-0x02 family at 0x004a17eb/0x004a1995/0x004a1b44/0x004a1b7d plus zero-stem fallback 0x004a1b95 necessarily flows through the selector-copy block because mode < 4, and the objdump caller bundles show those branches reaching 0x490960 with arg8 fixed at 1, arg9 fixed at 0, and only arg7 varying through the branch-local register (ebx/ebp) before the table or fallback stem is pushed".to_string(),
"direct disassembly now also makes that tunnel-versus-track-cap residue more exact: 0x004a17eb/0x004a1995 drive mode-0x02 through TunnelDT/TunnelST tables 0x621a94/0x621a64 with arg7 entering as a one-bit selector (0 or 1) after the local sbb/inc pair; 0x004a1b44/0x004a1b7d repeat the same one-bit arg7 pattern through sibling tables 0x621a9c/0x621a6c; and the fallback 0x004a1b95 clears both stem and selector bundle entirely. By contrast, 0x0048ed01/0x0048ed20 reach mode-0x0b with the exact same 1,-1,-1,0,0 bundle and differ only by the pushed stem literal 0x005cb198 versus 0x005cb1ac.".to_string(),
"objdump on 0x00455b70 now also makes the shared child seed strip concrete: after zeroing the same [this+0x206/+0x20a/+0x20e] lanes, it copies stack args 1/2/3 into them through 0x51d820 whenever those args are non-null, so the 0x490960 call pattern seeds [0x206] from fixed payload literal 0x005c87a8, [0x20a] from the caller stem, and [0x20e] from fixed literal 0x005cfd74 = \"Infrastructure\" before 0x004559d0 later serializes those same three lanes".to_string(), "objdump on 0x00455b70 now also makes the shared child seed strip concrete: after zeroing the same [this+0x206/+0x20a/+0x20e] lanes, it copies stack args 1/2/3 into them through 0x51d820 whenever those args are non-null, so the 0x490960 call pattern seeds [0x206] from fixed payload literal 0x005c87a8, [0x20a] from the caller stem, and [0x20e] from fixed literal 0x005cfd74 = \"Infrastructure\" before 0x004559d0 later serializes those same three lanes".to_string(),
"objdump on 0x51d820 now also shows those seeded lanes are owned heap strings, not encoded ids: it frees any prior pointer through 0x5a1145, counts the incoming NUL-terminated ASCII bytes, allocates a fresh buffer through 0x5a125d, and copies the source string byte-for-byte into the destination slot".to_string(), "objdump on 0x51d820 now also shows those seeded lanes are owned heap strings, not encoded ids: it frees any prior pointer through 0x5a1145, counts the incoming NUL-terminated ASCII bytes, allocates a fresh buffer through 0x5a125d, and copies the source string byte-for-byte into the destination slot".to_string(),
"objdump on 0x52ec50 now also makes the short footer bytes literal: it serializes one byte from bit 5 of [this+0x20] and one byte from bit 6 of [this+0x20] through 0x531030, so the residual compact-prefix ambiguity still lives in how those footer bits compose with the next-record prelude rather than in the seeded name lanes themselves".to_string(), "objdump on 0x52ec50 now also makes the short footer bytes literal: it serializes one byte from bit 5 of [this+0x20] and one byte from bit 6 of [this+0x20] through 0x531030, so the residual compact-prefix ambiguity still lives in how those footer bits compose with the next-record prelude rather than in the seeded name lanes themselves".to_string(),
@ -26505,6 +26506,19 @@ mod tests {
&& line.contains("arg8 fixed at 1") && line.contains("arg8 fixed at 1")
&& line.contains("arg9 fixed at 0")) && line.contains("arg9 fixed at 0"))
); );
assert!(
trace.candidate_consumer_hypotheses[0]
.evidence
.iter()
.any(|line| line.contains("0x004a17eb/0x004a1995")
&& line.contains("0x621a94/0x621a64")
&& line.contains("one-bit selector (0 or 1)")
&& line.contains("0x004a1b44/0x004a1b7d")
&& line.contains("0x621a9c/0x621a6c")
&& line.contains("0x004a1b95")
&& line.contains("0x0048ed01/0x0048ed20")
&& line.contains("0x005cb198 versus 0x005cb1ac"))
);
assert!( assert!(
trace.candidate_consumer_hypotheses[0] trace.candidate_consumer_hypotheses[0]
.evidence .evidence