fabi/xenia-rs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[iterate-2E] Add XENIA_AUDIT_DEREF pointer-chase probe

Browse Source 
On each AUDIT-PC-PROBE fire, treat gpr[reg] as a base object, dump its
first 64 bytes, follow [base+off] to a sub-object, dump that, then follow
[[base+off]+0] to its vtable and dump 48 slots. Env-gated
(XENIA_AUDIT_DEREF=<reg>:<off>), read-only, lockstep digest unaffected.

Captures the live work-item + stream object + vtable at sub_824510E0
before the pool recycles the slot — which overturned the prior session's
"infinite spin" diagnosis: the streaming read PROGRESSES 68/68 128KB
chunks of a 9MB file, then the hub (tid=5) blocks INFINITE on a
self-created Event/Manual (0x1060) that is never signaled.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
MechaCat02
2026-06-12 20:29:01 +02:00
parent 0332d1990d
commit 5aaadfec36
2 changed files with 67 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
crates/xenia-app/src/main.rs
View File

@@ -1301,6 +1301,29 @@ fn cmd_exec_inner(
}
}
// iterate-2E — pointer-chase probe. `XENIA_AUDIT_DEREF=<reg>:<off>`
// (e.g. `4:36`). On each AUDIT-PC-PROBE fire, dumps gpr[reg] as a base
// object, the sub-object at [base+off], and that sub-object's vtable.
// Read-only; lockstep digest unaffected.
if let Ok(spec) = std::env::var("XENIA_AUDIT_DEREF") {
if !spec.is_empty() {
let (rs, os) = spec
.split_once(':')
.ok_or_else(|| anyhow::anyhow!("XENIA_AUDIT_DEREF {spec:?}: expected <reg>:<off>"))?;
let reg: u8 = rs.trim_start_matches('r').parse()
.map_err(|e| anyhow::anyhow!("XENIA_AUDIT_DEREF reg {rs:?}: {e}"))?;
let off: u32 = if let Some(h) = os.strip_prefix("0x") {
u32::from_str_radix(h, 16)
} else {
os.parse::<u32>()
}.map_err(|e| anyhow::anyhow!("XENIA_AUDIT_DEREF off {os:?}: {e}"))?;
kernel.audit_deref = Some((reg, off));
if !quiet {
tracing::info!("audit-deref armed: r{} +0x{:x}", reg, off);
}
}
}
// Diagnostic. Parse `--dump-addr=0x828F3D08,...` (or
// `XENIA_DUMP_ADDR=...`) into `kernel.dump_addrs`. The contents
// are dumped at end-of-run by `dump_thread_diagnostic`. Pure