Narrow region restore handoff to vtable callback

2026-04-18 13:09:52 -07:00 · 2026-04-18 13:09:52 -07:00 · a4101b73fc
commit a4101b73fc
parent 12dad6399f
2 changed files with 43 additions and 2 deletions
--- a/crates/rrt-runtime/src/smp.rs
+++ b/crates/rrt-runtime/src/smp.rs
@ -3647,6 +3647,9 @@ fn build_region_service_trace_report(
        "0x0047efe0 placed_structure_query_linked_company_id".to_string(),
        "0x00480bb0 placed_structure_refresh_linked_site_display_name_and_route_anchor".to_string(),
        "0x00420650 city-site local scalar refresh release-side companion".to_string(),
        "0x00421510 world_region_collection_refresh_records_from_tagged_bundle".to_string(),
        "0x0041f5c0 world_region_load_tagged_payload_and_profile_collection_0x37f".to_string(),
        "0x00455fc0 shared region tagged-payload reload companion".to_string(),
    ];
    let next_owner_questions = vec![
        "Which persisted owner seam rebuilds or restores [region+0x25e/+0x276/+0x302/+0x316]?".to_string(),
@ -3677,6 +3680,29 @@ fn build_region_service_trace_report(
                "stable region id or class discriminator".to_string(),
            ],
        },
        SmpServiceConsumerHypothesis {
            label: "region tagged-load restore path".to_string(),
            status: if analysis.region_record_triplets.is_some() {
                "parallel_static_mapping_target".to_string()
            } else {
                "possible_consumer_family".to_string()
            },
            candidate_consumers: vec![
                "0x00421510 world_region_collection_refresh_records_from_tagged_bundle".to_string(),
                "0x0041f5c0 world_region_load_tagged_payload_and_profile_collection_0x37f".to_string(),
                "0x00455fc0 shared region tagged-payload reload companion".to_string(),
            ],
            evidence: vec![
                "the checked-in function map already grounds 0x00421510 as the tagged region-collection load owner that dispatches each live record through vtable slot +0x40".to_string(),
                "the checked-in function map already grounds 0x0041f5c0 as the per-record load slot that reloads the tagged payload through 0x00455fc0 and then rebuilds profile collection [region+0x37f]".to_string(),
                "constructor-side evidence now proves the latches are initialized locally, so the remaining gap can legitimately be framed as post-construction restore or rebuild".to_string(),
                "direct disassembly of 0x00455fc0 now shows the shared loader only clearing and reseeding the common 0x23a-family string/scalar bands before dispatching vtable slot +0x48, which means [region+0x276/+0x302/+0x316] are not restored directly by that shared helper".to_string(),
            ],
            blockers: vec![
                "which region-specific vtable slot +0x48 callback runs after 0x00455fc0 on the world-region table".to_string(),
                "whether [region+0x276/+0x302/+0x316] are serialized in that region-specific callback or rebuilt immediately after payload load".to_string(),
            ],
        },
        SmpServiceConsumerHypothesis {
            label: "periodic producer and queued-notice path".to_string(),
            status: "secondary_candidate_after_pending_service".to_string(),
@ -21827,13 +21853,17 @@ mod tests {
        assert_eq!(trace.queued_notice_record_count, 0);
        assert!(!trace.atlas_candidate_consumers.is_empty());
        assert_eq!(trace.known_owner_bridge_fields.len(), 6);
-        assert_eq!(trace.known_bridge_helpers.len(), 6);
+        assert_eq!(trace.known_bridge_helpers.len(), 9);
        assert_eq!(trace.next_owner_questions.len(), 3);
-        assert_eq!(trace.candidate_consumer_hypotheses.len(), 3);
+        assert_eq!(trace.candidate_consumer_hypotheses.len(), 4);
        assert_eq!(
            trace.candidate_consumer_hypotheses[0].status,
            "highest_priority_static_mapping_target"
        );
        assert_eq!(
            trace.candidate_consumer_hypotheses[1].status,
            "parallel_static_mapping_target"
        );
        assert_eq!(trace.entries.len(), 1);
        assert_eq!(
            trace.entries[0].branches[0].status,
--- a/docs/rehost-queue.md
+++ b/docs/rehost-queue.md
@ -90,6 +90,17 @@ Working rule:
  `[region+0x25a/+0x25e] = 100.0f` and `[region+0x31b] = 1.0f`. That means the remaining queue item
  is specifically post-construction restore or rebuild of the same latches, not their basic field
  identity.
 - The next restore-side target is explicit now too: the checked-in function map already grounds
  `0x00421510` as the tagged region-collection load owner that dispatches each live region through
  vtable slot `+0x40`, and `0x0041f5c0` as the per-record load slot that reloads the tagged payload
  through `0x00455fc0` before rebuilding profile collection `[region+0x37f]`. So the next region
  pass should ask whether `[region+0x276/+0x302/+0x316]` are restored directly inside that payload
  load or rebuilt immediately after it, rather than treating “restore seam” as a generic unknown.
 - Direct disassembly of `0x00455fc0` now answers part of that question: the shared loader clears and
  reseeds the common `0x23a`-family string/scalar bands, then dispatches object vtable slot `+0x48`
  and re-enters `0x0052ebd0`; it does not touch `[region+0x276/+0x302/+0x316]` directly. That
  narrows the remaining restore target further to the world-region table’s region-specific
  `+0x48` callback or the immediate post-load owner above it.
 - Reconstruct the save-side placed-structure collection body on top of the newly grounded
  `0x36b1/0x36b2/0x36b3` header seam so the blocked city-connection / linked-transit branch can
  stop depending on atlas-only placed-structure and local-runtime refresh notes, especially the