jan/rrt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Ground infrastructure child serializer dispatch

Browse source
This commit is contained in:
Jan Petykiewicz 2026-04-18 15:25:21 -07:00
commit a6ace52588
3 changed files with 94 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

16
docs/control-loop-atlas/runtime-roots-camera-and-support-families.md
View file

@ -3032,6 +3032,12 @@ The low helper strip beneath that shared family is tighter now too: `0x0052ecd0`
longer “what do these bytes mean?” but “how do those already-grounded selector values surface in
the save-side `0x38a5` classes, especially the `0x0002 / 0xff` bridge class and the
`0x0055 / 0x00` BallastCap class?”.
The exact setter seam is grounded now too: direct disassembly of `0x0048a340` shows its dword
argument writing `[this+0x226]`, its next two byte arguments writing `[this+0x219]` and
`[this+0x251]`, and its final byte argument toggling bit `0x20` in `[this+0x24c]`. So the
remaining infrastructure selector problem is no longer about hidden intermediate state; it is
specifically how those already-grounded setter values are serialized or rebuilt into the
save-side `0x38a5` prefix classes.
One selector byte is partly grounded now too: when `[this+0x219]==2`, the chooser jump tables
stop using the general bridge families and instead route `[this+0x252]` through fixed
`BridgeDT/BridgeST` suspension-cap literals for `R10`, `L10`, `12`, `14`, `16`, and `18`.
@ -3044,9 +3050,13 @@ The low helper strip beneath that shared family is tighter now too: `0x0052ecd0`
with `DT` still grounded statically but not yet exercised by the current save corpus.
The child loader family is explicit now too: local `.rdata` at `0x005cfd00` proves the
`Infrastructure` child vtable uses the shared tagged callback strip directly, with
`+0x40 = 0x00455fc0`, `+0x48 = 0x00455870`, and `+0x4c = 0x00455930`. So the remaining
infrastructure problem is row-to-record mapping inside the `0x38a5` stream, not identifying the
per-child loader family.
`+0x40 = 0x00455fc0`, `+0x44 = 0x004559d0`, `+0x48 = 0x00455870`, and `+0x4c = 0x00455930`.
Direct disassembly of `0x004559d0` now closes the concrete write-side chain behind raw wrapper
`0x00455a40`: it writes `0x55f1`, serializes the string lanes
`[this+0x206/+0x20a/+0x20e]`, writes `0x55f2`, dispatches slot `+0x4c`, runs `0x0052ec50`, and
then closes `0x55f3`. So the remaining infrastructure problem is row-to-record mapping inside
the `0x38a5` stream and which chooser/seed values reach those string lanes and footer bytes, not
identifying the per-child loader family.
The smaller attach helper `0x00490a3c` is now bounded too: it conditionally allocates one
`Infrastructure` child from a caller-supplied payload stem, attaches it to the current owner, and
then seeds three caller-supplied position lanes through `0x00539530` and `0x0053a5b0`. The