Tighten Tier2 stock decode boundary
This commit is contained in:
parent
2b57690c1d
commit
ce982ec32e
5 changed files with 22 additions and 6 deletions
|
|
@ -207,7 +207,7 @@ address,size,name,subsystem,calling_convention,prototype_status,source_tool,conf
|
|||
0x00416ec0,1867,placed_structure_build_projected_runtime_scratch_from_candidate_and_coords,map,thiscall,inferred,objdump + caller inspection + local disassembly,2,"Heavy projected-runtime scratch builder beneath the neighboring local placed-structure runtime family. The helper resolves one candidate record from the caller-supplied id, derives rotated footprint extents and centered world-space bounds from the caller-supplied coordinate and heading inputs, allocates and clears several temporary per-footprint mask bands on the stack, then walks up to four candidate-side shape or access sublanes rooted at `[candidate+0xcf]`, `[candidate+0xd3]`, `[candidate+0xd7]`, and `[candidate+0xdb]`. Within that deeper loop it projects rotated footprint cells through the basis pair at `0x006d4024`, rejects out-of-bounds or duplicate cells, checks multiple world-grid acceptance gates through `0x00448af0`, `0x00534e10`, `0x004499c0`, and `0x00413df0`, and marks the surviving cells into both temporary stack masks and the live world-grid byte lane at `[0x0062c120+0x2131]`. The tail publishes the finished scratch payload through `0x00416620`. Current grounded caller is `0x00418be0`, which then copies that scratch block into one queued local runtime record, so this is now the safest current name for the projected-runtime scratch builder rather than a generic placement validator.","objdump + caller inspection + local disassembly + projected-footprint correlation"
|
||||
0x00418040,1168,placed_structure_render_local_runtime_overlay_payload_from_projected_bounds,map,thiscall,inferred,objdump + caller inspection + local disassembly,2,"Heavy local-runtime overlay-payload builder beneath the broader local-runtime record family. The helper derives one projected bounds rectangle through `0x004142e0` and `0x00417f20`, rejects very small payloads, allocates one temporary dword buffer, folds that buffer through `0x00415370`, and then walks the projected rectangle producing one packed dword payload per cell. Current bounded gates include a duplicate-entry or occupancy fast path keyed by `[var_10h]`, world-grid rejection through `0x004499c0`, and several distance- and ratio-shaped thresholds built from the projected rectangle geometry. On accepted cells it writes one four-byte packed value into the caller output stream. Current grounded caller is `placed_structure_build_local_runtime_record_from_candidate_stem_and_projected_scratch` `0x00418be0`, where the result is stored into `[0x0062b7c8]`, so this is now the safest current read for the local-runtime overlay payload renderer rather than a generic geometric sweep.","objdump + caller inspection + local disassembly + overlay-payload correlation"
|
||||
0x00414470,10,placed_structure_cache_projected_rect_profile_slot_id,map,cdecl,inferred,objdump + caller inspection + local disassembly,3,"Tiny setter for the projected-rectangle profile-slot cache at `0x005ee030`. The helper just stores the caller-supplied dword into that global cache. Current grounded caller is `0x0040e450`, where the cached value is set immediately before the current-subject local-runtime clone path at `0x00418a60`.","objdump + caller inspection + local disassembly + global-cache correlation"
|
||||
0x00414490,1063,aux_candidate_record_stream_decode_fixed_fields_and_optional_mask_planes,map,cdecl,inferred,objdump + local disassembly + caller correlation + field-layout correlation,4,"Low decode body beneath the `0x0062b2fc` auxiliary or source record import family. The helper reads the fixed record header and six `0x1e`-byte string bands into the caller record image at `[record+0x04]`, `[+0x22]`, `[+0x40]`, `[+0x5e]`, `[+0x7c]`, and `[+0x9a]`, imports the small scalar tail at `[+0xb8/+0xb9/+0xba/+0xbb/+0xbf/+0xc3/+0xc7/+0xcb/+0xcd]`, applies the two exact-stem fixups that rewrite `[record+0xcd]` to `0x81` or `0x9d`, and then derives one footprint-sized plane length from `[record+0xb8] * [record+0xb9] << 5`. It allocates and zeroes up to four optional heap planes at `[record+0xcf]`, `[+0xd3]`, `[+0xd7]`, and `[+0xdb]`, decodes the packed nibble or bitplane payload into those four buffers, stamps the corresponding presence latches at `[record+0x177]`, `[+0x17b]`, `[+0x17f]`, and `[+0x183]`, frees any plane whose decode path stayed empty, seeds `[record+0x1a3] = 1.0f`, and returns a success flag. Current grounded caller is `aux_candidate_collection_construct_stream_load_records_and_refresh_runtime_followons` `0x004196c0`, so this is the current safest read for the fixed record decode plus optional mask-plane materializer rather than a generic stream helper.","objdump + local disassembly + caller correlation + field-layout correlation + optional-plane correlation"
|
||||
0x00414490,1063,aux_candidate_record_stream_decode_fixed_fields_and_optional_mask_planes,map,cdecl,inferred,objdump + local disassembly + caller correlation + field-layout correlation,4,"Low decode body beneath the `0x0062b2fc` auxiliary or source record import family. The helper reads the fixed record header and six `0x1e`-byte string bands into the caller record image at `[record+0x04]`, `[+0x22]`, `[+0x40]`, `[+0x5e]`, `[+0x7c]`, and `[+0x9a]`, imports the small scalar tail at `[+0xb8/+0xb9/+0xba/+0xbb/+0xbf/+0xc3/+0xc7/+0xcb/+0xcd]`, applies the two exact-stem fixups that rewrite `[record+0xcd]` to `0x81` or `0x9d`, and then derives one footprint-sized plane length from `[record+0xb8] * [record+0xb9] << 5`. The packed-plane side is tighter now too: after allocating and zeroing up to four optional heap planes at `[record+0xcf]`, `[+0xd3]`, `[+0xd7]`, and `[+0xdb]`, the helper uses the high nibble of `[record+0xba]` as part of the decode-state setup while unpacking the source bitplanes into those four buffers. It stamps the corresponding presence latches at `[record+0x177]`, `[+0x17b]`, `[+0x17f]`, and `[+0x183]`, frees any plane whose decode path stayed empty, seeds `[record+0x1a3] = 1.0f`, and returns a success flag. Current grounded caller is `aux_candidate_collection_construct_stream_load_records_and_refresh_runtime_followons` `0x004196c0`, so this is the current safest read for the fixed record decode plus optional mask-plane materializer rather than a generic stream helper.","objdump + local disassembly + caller correlation + field-layout correlation + optional-plane correlation + selector-nibble decode correlation"
|
||||
0x00416620,521,placed_structure_publish_projected_runtime_rect_globals_and_validate_side_windows,map,cdecl,inferred,objdump + caller inspection + local disassembly,2,"Publishes one projected-runtime rectangle and its companion globals beneath the local-runtime scratch builder. The helper copies the current scratch owner id from `0x0062b304` into `0x0062b308`, stores the caller-supplied pair into `0x0062b30c/0x0062b310`, grows the active rectangle bounds at `0x0062b7ac` and `0x0062b7b4` when needed, clears one current index slot in `0x0062b318`, and then validates the rectangle against the route-entry store `0x006cfca8` through `route_entry_collection_query_rect_window_passes_entry_type_gate` `0x00494240`. On failure it raises localized id `185`; on one special-candidate branch keyed by `[record+0x123]` it re-enters `placed_structure_try_select_projected_rect_profile_slot` `0x00415570`, either expands the rectangle by three cells on each side and refreshes the per-cell side tables through `world_grid_refresh_projected_rect_surface_and_region_byte_tables` `0x00414e10` or fails with localized id `186`; and on the ordinary branch it can scan the temporary cell-value bank at `0x0062b300` across the rectangle and fail with localized id `187` before again tailing into `0x00414e10`. Current grounded callers are `placed_structure_build_projected_runtime_scratch_from_candidate_and_coords` `0x00416ec0` and the placement validator `0x004197e0`, so this now looks like the projected-runtime rectangle publisher plus side-window validator rather than an anonymous scratch tail.","objdump + caller inspection + local disassembly + projected-rectangle-global correlation"
|
||||
0x00415570,317,placed_structure_try_select_projected_rect_profile_slot,map,cdecl,inferred,objdump + caller inspection + local disassembly,2,"Small projected-rectangle profile selector beneath `0x00416620`. The helper ensures the temporary dword cell-value bank at `0x0062b300` exists, resets the shared slot id at `0x0062ba3a`, derives one companion value through `0x00413eb0` into `0x0062ba3e`, and then probes the current rectangle at `0x0062b7a8..0x0062b7b4` through repeated `0x004153f0` checks. One fast path reuses the cached selector at `0x005ee030`; one fallback seeds the same search from localized id `11` through `0x00518be0`; and one final iterative path scans slots `0..11` until the probe accepts. On success the helper writes the chosen slot id into `0x0062ba3a`, and the cache fast path also clears `0x005ee030` back to `-1` after consuming it. Current grounded caller is the special-candidate branch inside `0x00416620`, where the returned success decides whether the rectangle can be expanded and the companion byte tables refreshed. This is therefore best-read as a projected-rectangle profile-slot selector rather than a broad route or placement policy helper.","objdump + caller inspection + local disassembly + rectangle-probe correlation"
|
||||
0x00414e10,200,world_grid_refresh_projected_rect_surface_and_region_byte_tables,map,cdecl,inferred,objdump + caller inspection + local disassembly,2,"Refreshes two compact per-cell byte tables for the current projected rectangle rooted at `0x0062b7a8..0x0062b7b4`. The helper scans every cell in that rectangle, counts processed entries in `0x0062ba36`, writes one nibble-packed byte into the table at `0x0062b96c` from the paired world-grid queries `0x00534040` and `0x005340a0`, writes one companion byte into `0x0062b9d1` through `0x00533f80`, and zeroes both tables for out-of-bounds cells. Current grounded callers are the two success paths inside `placed_structure_publish_projected_runtime_rect_globals_and_validate_side_windows` `0x00416620`, so this is now the safest current read for the projected-rectangle per-cell surface or region byte refresh rather than a generic grid scan.","objdump + caller inspection + local disassembly + projected-rectangle-byte-table correlation"
|
||||
|
|
|
|||
|
Can't render this file because it is too large.
|
|
|
@ -202,12 +202,15 @@ So the current strongest ownership split is now:
|
|||
- direct named-availability table `[state+0x66b2]` is not the missing differentiator by itself
|
||||
- both source-record import `0x00414490` and per-record stream-load `0x004120b0` do carry the
|
||||
relevant selector-bank bytes from persisted/source state into the live candidate family
|
||||
- the source decoder `0x00414490` is stronger than a bare copy too: it already derives optional
|
||||
plane lengths from `[record+0xb8] * [record+0xb9] << 5` and uses the high nibble of
|
||||
`[record+0xba]` while materializing `[record+0xcf/+0xd3/+0xd7/+0xdb]`
|
||||
- but the stock `Data/BuildingTypes/*.bca` corpus currently keeps `[record+0xb8/+0xb9/+0xba/+0xbb]`
|
||||
at zero across every observed file, including `Warehouse.bca` and `Port.bca`
|
||||
- so the surviving frontier is no longer “does the lower loader import `[candidate+0xba/+0xbb]`?”
|
||||
but rather which later owner or alternate content path makes the live bank-qualified split differ
|
||||
from that all-zero shipped BCA corpus before `0x00412d70` clones or reuses one bank-qualified
|
||||
live candidate
|
||||
from that mostly zero shipped BCA corpus and the already-decoded source-plane state before
|
||||
`0x00412d70` clones or reuses one bank-qualified live candidate
|
||||
|
||||
That makes the next Tier 2 question more concrete still:
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue