From d4393a2873f844529f7ad88545fa82ab73b7ca07 Mon Sep 17 00:00:00 2001 From: Jan Petykiewicz Date: Sat, 18 Apr 2026 23:00:02 -0700 Subject: [PATCH] Rule down transport batch and queued refresh callers --- crates/rrt-runtime/src/smp.rs | 62 +++++++++++++++++++++++++++++++++-- docs/rehost-queue.md | 8 +++++ 2 files changed, 68 insertions(+), 2 deletions(-) diff --git a/crates/rrt-runtime/src/smp.rs b/crates/rrt-runtime/src/smp.rs index d2f4450..992366a 100644 --- a/crates/rrt-runtime/src/smp.rs +++ b/crates/rrt-runtime/src/smp.rs @@ -4643,10 +4643,14 @@ fn build_periodic_company_service_trace_report( .to_string(), "at least one of those tuple-backed callers is now classified too: 0x004707ff sits under multiplayer transport selector-0x13 body 0x004706b0 rather than the ordinary save-load restore strip" .to_string(), + "another tuple-backed 0x004134d0 family is classified too now: 0x00472b40 is the multiplayer transport selector-0x72 counted live-world apply path, and its inner builders 0x00472bef / 0x00472d03 reach 0x004134d0 from counted transport records rather than ordinary save-load restore" + .to_string(), "non-transport caller 0x00422bb4 also reaches 0x004134d0, but it pushes live args plus literal flags 1/0 and returns the created row id through an out-param instead of feeding the tuple-backed finalize path" .to_string(), "the surviving 0x00508fd1 / 0x005098eb family is bounded away from persisted restore too: it caches the created site id in [this+0x7c], re-enters 0x0040eba0 with immediate coords, and later calls 0x0040ef10 with a hard zero third arg" .to_string(), + "0x00473c20 is a separate live queue-drain family over scratch band 0x006ce808..0x006ce988: it iterates queued site ids and coordinate pairs, re-enters 0x0040eba0 at 0x00473c98, then clears each queued id, so it is a local post-create refresh path rather than a persisted replay owner" + .to_string(), "station-detail mutation path 0x0040dc40 already consumes [site+0x276], company stat-family 0x2329/0x0d, and candidate field [candidate+0x22], then commits linked-site side-state rebuild through 0x0040d1f0 / 0x00480710 / 0x0045b160 / 0x0045b9b0 / 0x00418be0 / 0x0040cd70" .to_string(), "city-connection direct-placement family 0x00402cb0 -> 0x00403ed5/0x0040446b -> 0x004134d0 -> 0x0040ef10 already grounds the shared allocator/finalize path for newly created site rows" @@ -4743,8 +4747,10 @@ fn build_periodic_company_service_trace_report( "shared finalize helper 0x0040ef10 now has create-side callers 0x00403ef3 / 0x00404489 and data-driven callers 0x0046f073 / 0x004707ff; the latter feed it from tuple-backed loads after 0x0040eba0 / 0x0052eb90 rather than from the checked-in local replay strip".to_string(), "the loader-side dataflow is narrower now too: 0x0046f073 / 0x004707ff push tuple fields [+0x00/+0x04/+0x0c] into 0x0040ef10, that helper reads arg3 into ebx at 0x0040ef1c, and the paired write at 0x0040f5d4 stores ebx into [site+0x276] while 0x0040f5da stores the computed companion word into [site+0x27a]".to_string(), "the outer owner above 0x004707ff is now classified too: atlas-backed recovery ties that caller to multiplayer transport selector-0x13 body 0x004706b0, which attempts the placed-structure apply path through 0x004197e0 / 0x004134d0 / 0x0040eba0 / 0x0052eb90 / 0x0040ef10 rather than ordinary save-load restore".to_string(), + "the neighboring builder strip 0x00472b40 is classified too now: atlas-backed recovery ties it to multiplayer transport selector-0x72, the heavier counted live-world apply path over 0x0062b2fc / 0x0062b26c / 0x0062bae0, and its inner calls 0x00472bef / 0x00472d03 reach 0x004134d0 from counted transport records rather than ordinary save-load restore".to_string(), "another surviving 0x004134d0 caller is bounded away from persisted restore too: 0x00422bb4 pushes one live 0x0062b2fc record plus local args and literal flags 1/0 into 0x004134d0, then returns the created row id through an out-param rather than re-entering the tuple-backed finalize path".to_string(), "the remaining 0x00508fd1 / 0x005098eb strip is bounded away from persisted restore too: 0x00508fd1 stores the new row id in [this+0x7c], immediately configures the live row through vtable slot +0x58 plus 0x00507cf0, and 0x005098eb later re-enters 0x0040ef10 with arg3 forced to zero, so this family is another live controller path rather than the missing persisted owner seam".to_string(), + "the adjacent 0x00473c20 family is bounded away too: it drains queued site ids and coordinate pairs from scratch band 0x006ce808..0x006ce988, re-enters 0x0040eba0 at 0x00473c98 for each live row, and then clears the queued id slot, so it is a local post-create refresh path rather than the missing persisted owner seam".to_string(), "inside 0x0040ef10 the [site+0x276] write at 0x0040f047 only clears owner-company under a world-flag branch, while the paired [site+0x276]/[site+0x27a] write at 0x0040f5d4 follows a 0x00436590 event/scalar path and is not the generic post-load republisher".to_string(), "direct local writer census now shows the grounded [site+0x276] write side clustering under live mutation families such as 0x004269b0 / 0x00426a10, the create-side 0x0040ef10 / 0x0040f6d0 strip, and the bulk reassignment families 0x00426dce..0x00426ea1 and 0x00430040..0x004300d6 rather than under the known replay strip".to_string(), "direct local control-flow reconstruction now shows those same writer families hanging under the 0x00431b20 opcode dispatcher over 0x0061039c: opcodes 0x04..0x07 dispatch to 0x00430040, opcodes 0x08/0x10..0x13 dispatch to 0x00426d60, and opcodes 0x0d/0x16 dispatch to 0x0042fc90".to_string(), @@ -4908,8 +4914,10 @@ fn build_periodic_company_service_trace_report( "0x0046f073 / 0x004707ff data-driven loader callers of shared finalize helper 0x0040ef10".to_string(), "0x0046f073 / 0x004707ff tuple field [+0x0c] feeding 0x0040ef10 arg3 and then [site+0x276] at 0x0040f5d4".to_string(), "0x004706b0 multiplayer transport selector-0x13 body re-entering 0x004197e0 / 0x004134d0 / 0x0040eba0 / 0x0052eb90 / 0x0040ef10 before 0x004707ff".to_string(), + "0x00472b40 multiplayer transport selector-0x72 counted live-world apply path whose inner builders 0x00472bef / 0x00472d03 reach 0x004134d0 from counted transport records".to_string(), "0x00422bb4 direct non-tuple allocator caller pushing one 0x0062b2fc record plus local args and literal flags 1/0 into 0x004134d0, then returning the created row id through an out-param".to_string(), "0x00508fd1 / 0x005098eb live controller family caching a created site id in [this+0x7c], re-entering 0x0040eba0 with immediate coords, and later calling 0x0040ef10 with arg3 forced to zero".to_string(), + "0x00473c20 live queued-site refresh draining scratch band 0x006ce808..0x006ce988 and re-entering 0x0040eba0 at 0x00473c98 before clearing each queued id slot".to_string(), "0x004134d0 / 0x0040ef10 shared placed-structure allocator and finalize-or-rebuild lane for newly created or tuple-loaded site rows" .to_string(), "0x00481430 / 0x0047d8e0 dynamic side-buffer stream-load owner repopulating route-entry lists, three byte arrays, five proximity buckets, and trailing scratch band" @@ -28146,7 +28154,7 @@ mod tests { let trace = build_periodic_company_service_trace_report(&analysis); assert_eq!(trace.selected_company_id, Some(7)); assert_eq!(trace.atlas_candidate_consumers.len(), 9); - assert_eq!(trace.known_bridge_helpers.len(), 77); + assert_eq!(trace.known_bridge_helpers.len(), 79); assert_eq!(trace.next_owner_questions.len(), 5); assert_eq!(trace.companies.len(), 1); assert_eq!( @@ -28394,6 +28402,14 @@ mod tests { "0x004197e0 / 0x004134d0 / 0x0040eba0 / 0x0052eb90 / 0x0040ef10" )) ); + assert!( + trace.near_city_acquisition_projection_hypotheses[0] + .evidence + .iter() + .any(|line| line.contains("0x00472b40") + && line.contains("selector-0x72") + && line.contains("0x00472bef / 0x00472d03")) + ); assert!( trace.near_city_acquisition_projection_hypotheses[0] .evidence @@ -28412,6 +28428,15 @@ mod tests { && line.contains("vtable slot +0x58 plus 0x00507cf0") && line.contains("arg3 forced to zero")) ); + assert!( + trace.near_city_acquisition_projection_hypotheses[0] + .evidence + .iter() + .any(|line| line.contains("0x00473c20") + && line.contains("0x006ce808..0x006ce988") + && line.contains("0x00473c98") + && line.contains("queued id slot")) + ); assert!( trace.near_city_acquisition_projection_hypotheses[0] .evidence @@ -28507,7 +28532,7 @@ mod tests { trace .near_city_acquisition_runtime_backed_input_families .len(), - 21 + 23 ); assert_eq!(trace.near_city_acquisition_remaining_owner_gaps.len(), 2); assert_eq!(trace.near_city_acquisition_region_lane_statuses.len(), 4); @@ -28604,6 +28629,14 @@ mod tests { && line.contains("0x004706b0") && line.contains("selector-0x13")) ); + assert!( + trace + .near_city_acquisition_runtime_backed_input_families + .iter() + .any(|line| line.contains("0x00472b40") + && line.contains("selector-0x72") + && line.contains("0x00472bef / 0x00472d03")) + ); assert!( trace .near_city_acquisition_runtime_backed_input_families @@ -28622,6 +28655,15 @@ mod tests { && line.contains("0x0040eba0") && line.contains("hard zero third arg")) ); + assert!( + trace + .near_city_acquisition_runtime_backed_input_families + .iter() + .any(|line| line.contains("0x00473c20") + && line.contains("0x006ce808..0x006ce988") + && line.contains("0x00473c98") + && line.contains("post-create refresh path")) + ); assert!( trace .near_city_acquisition_runtime_backed_input_families @@ -29078,6 +29120,14 @@ mod tests { && line.contains("selector-0x13") && line.contains("0x0040ef10")) ); + assert!( + trace + .known_bridge_helpers + .iter() + .any(|line| line.contains("0x00472b40") + && line.contains("selector-0x72") + && line.contains("0x00472bef / 0x00472d03")) + ); assert!( trace .known_bridge_helpers @@ -29096,6 +29146,14 @@ mod tests { && line.contains("0x0040eba0") && line.contains("arg3 forced to zero")) ); + assert!( + trace + .known_bridge_helpers + .iter() + .any(|line| line.contains("0x00473c20") + && line.contains("0x006ce808..0x006ce988") + && line.contains("0x00473c98")) + ); assert!( trace .known_bridge_helpers diff --git a/docs/rehost-queue.md b/docs/rehost-queue.md index b2b6e21..128cdde 100644 --- a/docs/rehost-queue.md +++ b/docs/rehost-queue.md @@ -131,6 +131,10 @@ Working rule: the checked-in atlas ties `0x004707ff` to multiplayer transport selector-`0x13` body `0x004706b0`, which attempts the placed-structure apply path through `0x004197e0 / 0x004134d0 / 0x0040eba0 / 0x0052eb90 / 0x0040ef10` + - the neighboring batch builder is classified too: + `0x00472b40` is the multiplayer transport selector-`0x72` counted live-world apply path, and + its inner builders `0x00472bef / 0x00472d03` reach `0x004134d0` from counted transport + records rather than ordinary save-load restore - one surviving non-transport `0x004134d0` caller is bounded away from persisted restore too: `0x00422bb4` pushes one live `0x0062b2fc` record plus local args and literal flags `1/0` into `0x004134d0`, then returns the created row id through an out-param instead of feeding @@ -139,6 +143,10 @@ Working rule: it caches the created site id in `[this+0x7c]`, re-enters `0x0040eba0` with immediate coords, and later calls `0x0040ef10` with a hard zero third arg, so it reads as another live controller path rather than the missing persisted owner seam + - the adjacent `0x00473c20` family is bounded away too: + it drains queued site ids and coordinate pairs from scratch band `0x006ce808..0x006ce988`, + re-enters `0x0040eba0` at `0x00473c98`, and clears each queued id slot, so it is a local + post-create refresh path rather than a persisted replay owner - the remaining owner-company question is therefore narrower than “find any replay seam”: identify which non-transport persisted source family feeds that tuple and which companion restore/finalize calls are sufficient to repopulate `[site+0x276]` for shellless acquisition