Rule down remaining acquisition live controller callers
This commit is contained in:
parent
39a97f173a
commit
ee3f0e9b49
2 changed files with 37 additions and 2 deletions
|
|
@ -4645,6 +4645,8 @@ fn build_periodic_company_service_trace_report(
|
|||
.to_string(),
|
||||
"non-transport caller 0x00422bb4 also reaches 0x004134d0, but it pushes live args plus literal flags 1/0 and returns the created row id through an out-param instead of feeding the tuple-backed finalize path"
|
||||
.to_string(),
|
||||
"the surviving 0x00508fd1 / 0x005098eb family is bounded away from persisted restore too: it caches the created site id in [this+0x7c], re-enters 0x0040eba0 with immediate coords, and later calls 0x0040ef10 with a hard zero third arg"
|
||||
.to_string(),
|
||||
"station-detail mutation path 0x0040dc40 already consumes [site+0x276], company stat-family 0x2329/0x0d, and candidate field [candidate+0x22], then commits linked-site side-state rebuild through 0x0040d1f0 / 0x00480710 / 0x0045b160 / 0x0045b9b0 / 0x00418be0 / 0x0040cd70"
|
||||
.to_string(),
|
||||
"city-connection direct-placement family 0x00402cb0 -> 0x00403ed5/0x0040446b -> 0x004134d0 -> 0x0040ef10 already grounds the shared allocator/finalize path for newly created site rows"
|
||||
|
|
@ -4742,6 +4744,7 @@ fn build_periodic_company_service_trace_report(
|
|||
"the loader-side dataflow is narrower now too: 0x0046f073 / 0x004707ff push tuple fields [+0x00/+0x04/+0x0c] into 0x0040ef10, that helper reads arg3 into ebx at 0x0040ef1c, and the paired write at 0x0040f5d4 stores ebx into [site+0x276] while 0x0040f5da stores the computed companion word into [site+0x27a]".to_string(),
|
||||
"the outer owner above 0x004707ff is now classified too: atlas-backed recovery ties that caller to multiplayer transport selector-0x13 body 0x004706b0, which attempts the placed-structure apply path through 0x004197e0 / 0x004134d0 / 0x0040eba0 / 0x0052eb90 / 0x0040ef10 rather than ordinary save-load restore".to_string(),
|
||||
"another surviving 0x004134d0 caller is bounded away from persisted restore too: 0x00422bb4 pushes one live 0x0062b2fc record plus local args and literal flags 1/0 into 0x004134d0, then returns the created row id through an out-param rather than re-entering the tuple-backed finalize path".to_string(),
|
||||
"the remaining 0x00508fd1 / 0x005098eb strip is bounded away from persisted restore too: 0x00508fd1 stores the new row id in [this+0x7c], immediately configures the live row through vtable slot +0x58 plus 0x00507cf0, and 0x005098eb later re-enters 0x0040ef10 with arg3 forced to zero, so this family is another live controller path rather than the missing persisted owner seam".to_string(),
|
||||
"inside 0x0040ef10 the [site+0x276] write at 0x0040f047 only clears owner-company under a world-flag branch, while the paired [site+0x276]/[site+0x27a] write at 0x0040f5d4 follows a 0x00436590 event/scalar path and is not the generic post-load republisher".to_string(),
|
||||
"direct local writer census now shows the grounded [site+0x276] write side clustering under live mutation families such as 0x004269b0 / 0x00426a10, the create-side 0x0040ef10 / 0x0040f6d0 strip, and the bulk reassignment families 0x00426dce..0x00426ea1 and 0x00430040..0x004300d6 rather than under the known replay strip".to_string(),
|
||||
"direct local control-flow reconstruction now shows those same writer families hanging under the 0x00431b20 opcode dispatcher over 0x0061039c: opcodes 0x04..0x07 dispatch to 0x00430040, opcodes 0x08/0x10..0x13 dispatch to 0x00426d60, and opcodes 0x0d/0x16 dispatch to 0x0042fc90".to_string(),
|
||||
|
|
@ -4906,6 +4909,7 @@ fn build_periodic_company_service_trace_report(
|
|||
"0x0046f073 / 0x004707ff tuple field [+0x0c] feeding 0x0040ef10 arg3 and then [site+0x276] at 0x0040f5d4".to_string(),
|
||||
"0x004706b0 multiplayer transport selector-0x13 body re-entering 0x004197e0 / 0x004134d0 / 0x0040eba0 / 0x0052eb90 / 0x0040ef10 before 0x004707ff".to_string(),
|
||||
"0x00422bb4 direct non-tuple allocator caller pushing one 0x0062b2fc record plus local args and literal flags 1/0 into 0x004134d0, then returning the created row id through an out-param".to_string(),
|
||||
"0x00508fd1 / 0x005098eb live controller family caching a created site id in [this+0x7c], re-entering 0x0040eba0 with immediate coords, and later calling 0x0040ef10 with arg3 forced to zero".to_string(),
|
||||
"0x004134d0 / 0x0040ef10 shared placed-structure allocator and finalize-or-rebuild lane for newly created or tuple-loaded site rows"
|
||||
.to_string(),
|
||||
"0x00481430 / 0x0047d8e0 dynamic side-buffer stream-load owner repopulating route-entry lists, three byte arrays, five proximity buckets, and trailing scratch band"
|
||||
|
|
@ -28142,7 +28146,7 @@ mod tests {
|
|||
let trace = build_periodic_company_service_trace_report(&analysis);
|
||||
assert_eq!(trace.selected_company_id, Some(7));
|
||||
assert_eq!(trace.atlas_candidate_consumers.len(), 9);
|
||||
assert_eq!(trace.known_bridge_helpers.len(), 76);
|
||||
assert_eq!(trace.known_bridge_helpers.len(), 77);
|
||||
assert_eq!(trace.next_owner_questions.len(), 5);
|
||||
assert_eq!(trace.companies.len(), 1);
|
||||
assert_eq!(
|
||||
|
|
@ -28399,6 +28403,15 @@ mod tests {
|
|||
&& line.contains("literal flags 1/0")
|
||||
&& line.contains("out-param"))
|
||||
);
|
||||
assert!(
|
||||
trace.near_city_acquisition_projection_hypotheses[0]
|
||||
.evidence
|
||||
.iter()
|
||||
.any(|line| line.contains("0x00508fd1 / 0x005098eb")
|
||||
&& line.contains("[this+0x7c]")
|
||||
&& line.contains("vtable slot +0x58 plus 0x00507cf0")
|
||||
&& line.contains("arg3 forced to zero"))
|
||||
);
|
||||
assert!(
|
||||
trace.near_city_acquisition_projection_hypotheses[0]
|
||||
.evidence
|
||||
|
|
@ -28494,7 +28507,7 @@ mod tests {
|
|||
trace
|
||||
.near_city_acquisition_runtime_backed_input_families
|
||||
.len(),
|
||||
20
|
||||
21
|
||||
);
|
||||
assert_eq!(trace.near_city_acquisition_remaining_owner_gaps.len(), 2);
|
||||
assert_eq!(trace.near_city_acquisition_region_lane_statuses.len(), 4);
|
||||
|
|
@ -28600,6 +28613,15 @@ mod tests {
|
|||
&& line.contains("literal flags 1/0")
|
||||
&& line.contains("out-param"))
|
||||
);
|
||||
assert!(
|
||||
trace
|
||||
.near_city_acquisition_runtime_backed_input_families
|
||||
.iter()
|
||||
.any(|line| line.contains("0x00508fd1 / 0x005098eb")
|
||||
&& line.contains("[this+0x7c]")
|
||||
&& line.contains("0x0040eba0")
|
||||
&& line.contains("hard zero third arg"))
|
||||
);
|
||||
assert!(
|
||||
trace
|
||||
.near_city_acquisition_runtime_backed_input_families
|
||||
|
|
@ -29065,6 +29087,15 @@ mod tests {
|
|||
&& line.contains("literal flags 1/0")
|
||||
&& line.contains("out-param"))
|
||||
);
|
||||
assert!(
|
||||
trace
|
||||
.known_bridge_helpers
|
||||
.iter()
|
||||
.any(|line| line.contains("0x00508fd1 / 0x005098eb")
|
||||
&& line.contains("[this+0x7c]")
|
||||
&& line.contains("0x0040eba0")
|
||||
&& line.contains("arg3 forced to zero"))
|
||||
);
|
||||
assert!(
|
||||
trace
|
||||
.known_bridge_helpers
|
||||
|
|
|
|||
|
|
@ -135,6 +135,10 @@ Working rule:
|
|||
`0x00422bb4` pushes one live `0x0062b2fc` record plus local args and literal flags `1/0`
|
||||
into `0x004134d0`, then returns the created row id through an out-param instead of feeding
|
||||
the tuple-backed finalize path
|
||||
- the remaining `0x00508fd1 / 0x005098eb` family is bounded away too:
|
||||
it caches the created site id in `[this+0x7c]`, re-enters `0x0040eba0` with immediate coords,
|
||||
and later calls `0x0040ef10` with a hard zero third arg, so it reads as another live
|
||||
controller path rather than the missing persisted owner seam
|
||||
- the remaining owner-company question is therefore narrower than “find any replay seam”:
|
||||
identify which non-transport persisted source family feeds that tuple and which companion
|
||||
restore/finalize calls are sufficient to repopulate `[site+0x276]` for shellless acquisition
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue