fabi/xenia-rs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

handoff: VSync/event-wedge fixes + iterate 2.A–2.BC research notes

Browse Source 
Source changes (dormant parity infra, retained from iterate 2.AI/2.AO):
- xenia-kernel/exports.rs: nt_create_event manual_reset polarity +
  related event wiring
- xenia-gpu/mmio_region.rs: D1MODE_VBLANK_VLINE_STATUS hardcode parity

Also lands the audit-runs/ analysis notes (.md/.txt/.json digests) for the
iterate 2.x VSync/0x10e8/0x1004 wedge investigation. Raw trace dumps
(.jsonl/.gz/.csv/.stdout) and agent worktrees (.claude/) are gitignored as
regenerable local artifacts — see memory + HANDOFF for the running findings.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
MechaCat02
2026-06-05 07:19:08 +02:00
parent acd1656753
commit ef93a4fa14
620 changed files with 108303 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
audit-runs/phase-c21-wait-begin-floating-absorb/cold-vs-cold-result.md Normal file
View File

@@ -0,0 +1,75 @@
# Phase C+21 cold-vs-cold result (2026-05-14)
## Matched-prefix table (vs C+19/C+20 baseline)
| chain | C+19 | C+20 | C+21 (jitter-1) | C+21 (jitter-2) | C+21 (jitter-3) | C+21 (fresh c21) |
|--------------------------------|---------|---------|-----------------|-----------------|-----------------|------------------|
| canary tid=6 → ours tid=1 main | 104,606 | 104,606 | **104,607** | **104,607** | **104,607** | **104,607** |
| canary tid=4 → ours tid=11 | 11 | 11 | 11 | 11 | 11 | 11 |
| canary tid=7 → ours tid=2 | 32 | 32 | 32 | 32 | 32 | 32 |
| canary tid=12 → ours tid=7 | 3 | 3 | 3 | 3 | 3 | 3 |
| canary tid=14 → ours tid=9 | 41 | 41 | 41 | 41 | 41 | 41 |
| canary tid=15 → ours tid=10 | 16 | 16 | 16 | 16 | 16 | 16 |
Main chain ADVANCED +1 vs C+19/C+20 baseline (104,606 → 104,607).
The +1 is unmasking the next real downstream divergence; the C+20
wait.begin jitter event at 104,606 is now transparent.
CRITICALLY: all 4 canary cold samples now agree at 104,607 —
reading-error #32 jitter cloud is fully absorbed at the diff layer.
## Floating-event absorption counts
| run | floating_create (c/o) | floating_wait (c/o) |
|--------------------|-----------------------|---------------------|
| jitter-1 | 0 / 1 (tid=15→10) | 1 / 0 (tid=6→1) |
| jitter-2 | 0 / 1 | 0 / 0 |
| jitter-3 | 1 / 0 + 0 / 1 | 3 / 0 (tid=6→1) |
| fresh c21 | 0 / 1 | 0 / 0 |
`floating_create` reflects C+18 absorption — observed
in tid=15→10 (the original D-NEW-3 case, still firing 1 ours-side
handle.create absorb). `floating_wait` is new in C+21 and varies
with canary's host-scheduler contention pattern. Sister chains see
no wait.begin absorption (their waits are per-thread, not shared-
global — strict matching preserved).
## Cold-stable invariants
- **ours cold digest**: bit-stable across 3 runs of `xrs-verify-c19`
(50M instr, 39290 imports, 0 unimpl). No engine source change.
- **Phase B image hash**: unchanged (no engine source change).
- **Schema version**: still `1` (wire format unchanged — C+21 is
diff-tool-only).
## Reading-error class #32 — diff-tool counter-measure landed
Pre-C+21, matched-prefix in canary cold-vs-cold could vary by 1+
indices across canary samples (jitter-1 contended → matched=104,606
strict-fail; jitter-2 fast-path → matched=104,607 naturally;
jitter-3 shifted → matched=104,603 strict-fail). Post-C+21, all
samples yield matched=104,607 — the metric is now stable across
canary's contention jitter.
## Outcome
C+21 LANDED. Main matched-prefix 104,606 → 104,607 (+1) and
deterministic across canary cold samples. Reading-error class #32
mitigated at the diff-tool layer. The next real divergence at
104,607 is an actual structural difference (canary enters another
CS while ours leaves one) — handed off to C+22.
## Next target
C+22 = the new divergence at tid=6→1 idx=104,607 (canary
`import.call RtlEnterCriticalSection` vs ours
`import.call RtlLeaveCriticalSection`). Initial framing: appears to
be a CS-acquire-vs-release ordering difference in the post-fast-
path RtlEnterCriticalSection sequence. Investigation will start
with a static read of canary's vs ours's RtlEnter and RtlLeave
control flow at this guest PC range.
Alternative: tackle D-NEW-2 (`KeWaitForSingleObject` `timeout_ns`
sign/scale asymmetry on tid=12→7 idx=3) — small ε-class encoding
fix, independent of scheduler determinism. Recommended path
depends on cost estimate; the C+22 framing scope can pick either.

135
audit-runs/phase-c21-wait-begin-floating-absorb/diff-cold-vs-cold.md Normal file
View File

@@ -0,0 +1,135 @@
# Phase A diff report
**This report is the output of Phase A's diff harness. Divergences
shown here are INPUT for Phase B (first-divergence localization),
not findings of Phase A.** Phase A's job is to make the harness
itself correct, not to analyze what it surfaces.
## Summary
| canary_tid | ours_tid | matched | canary_total | ours_total | first_divergence_at | floating_create (c/o) | floating_wait (c/o) |
|---|---|---|---|---|---|---|---|
| 4 | 11 | 11 | 20000 | 11 | — | 0/0 | 0/0 |
| 6 | 1 | 104607 | 250000 | 108507 | 104607 | 0/0 | 0/0 |
| 7 | 2 | 32 | 32 | 33 | — | 0/0 | 0/0 |
| 12 | 7 | 3 | 20000 | 5 | 3 | 0/0 | 0/0 |
| 14 | 9 | 41 | 20000 | 77 | 41 | 0/0 | 0/0 |
| 15 | 10 | 16 | 20000 | 17 | — | 0/1 | 0/0 |
*`floating_create (c/o)` counts shared-global `handle.create` events absorbed by Phase C+18 cross-tid SID matching. `floating_wait (c/o)` counts `wait.begin` events on shared-global dispatchers absorbed by Phase C+21 (scheduling-jitter window — canary's contention slow path may fire while ours fast-paths or vice versa). See schema-v1.md §"Shared-global SIDs" and §"Wait-begin floating absorb".*
## canary_tid=4 → ours_tid=11
No divergence within the 11 compared events (canary has 20000, ours has 11).
## canary_tid=6 → ours_tid=1
First divergence at `tid_event_idx=104607`: payload.ord: canary=293 ours=304
**Pre-context (last 5 matching events):**
```
canary: [104602] kernel.call RtlLeaveCriticalSection
ours: [104602] kernel.call RtlLeaveCriticalSection
canary: [104603] kernel.return RtlLeaveCriticalSection
ours: [104603] kernel.return RtlLeaveCriticalSection
canary: [104604] import.call RtlEnterCriticalSection
ours: [104604] import.call RtlEnterCriticalSection
canary: [104605] kernel.call RtlEnterCriticalSection
ours: [104605] kernel.call RtlEnterCriticalSection
canary: [104606] kernel.return RtlEnterCriticalSection
ours: [104606] kernel.return RtlEnterCriticalSection
```
**Divergent event:**
```
canary: [104607] import.call RtlEnterCriticalSection
ours: [104607] import.call RtlLeaveCriticalSection
```
**Next event after the divergence (if any):**
```
canary: [104608] kernel.call RtlEnterCriticalSection
ours: [104608] kernel.call RtlLeaveCriticalSection
```
**Raw events (JSON):**
```json
{"deterministic": true, "engine": "canary", "guest_cycle": 0, "host_ns": 1666693400, "kind": "import.call", "payload": {"module": "xboxkrnl.exe", "name": "RtlEnterCriticalSection", "ord": 293}, "schema_version": 1, "tid": 6, "tid_event_idx": 104607}
{"deterministic": true, "engine": "ours", "guest_cycle": 5517276, "host_ns": 493469863, "kind": "import.call", "payload": {"module": "xboxkrnl.exe", "name": "RtlLeaveCriticalSection", "ord": 304}, "schema_version": 1, "tid": 1, "tid_event_idx": 104607}
```
## canary_tid=7 → ours_tid=2
No divergence within the 32 compared events (canary has 32, ours has 33).
## canary_tid=12 → ours_tid=7
First divergence at `tid_event_idx=3`: payload.timeout_ns: canary=-30000000 ours=429466729600
**Pre-context (last 5 matching events):**
```
canary: [0] import.call KeWaitForSingleObject
ours: [0] import.call KeWaitForSingleObject
canary: [1] kernel.call KeWaitForSingleObject
ours: [1] kernel.call KeWaitForSingleObject
canary: [2] handle.create sid=c49d8f0ab90401ea
ours: [2] handle.create sid=6e3d96c5a52bf429
```
**Divergent event:**
```
canary: [3] wait.begin {'handles_semantic_ids': ['c49d8f0ab90401ea'], 'timeout_ns': -30000000, 'alertable': False, 'wait_type': 'any'}
ours: [3] wait.begin {'handles_semantic_ids': ['6e3d96c5a52bf429'], 'timeout_ns': 429466729600, 'alertable': False, 'wait_type': 'any'}
```
**Next event after the divergence (if any):**
```
canary: [4] kernel.return KeWaitForSingleObject
ours: [4] kernel.return KeWaitForSingleObject
```
**Raw events (JSON):**
```json
{"deterministic": true, "engine": "canary", "guest_cycle": 0, "host_ns": 1750724600, "kind": "wait.begin", "payload": {"alertable": false, "handles_semantic_ids": ["c49d8f0ab90401ea"], "timeout_ns": -30000000, "wait_type": "any"}, "schema_version": 1, "tid": 12, "tid_event_idx": 3}
{"deterministic": true, "engine": "ours", "guest_cycle": 0, "host_ns": 502700532, "kind": "wait.begin", "payload": {"alertable": false, "handles_semantic_ids": ["6e3d96c5a52bf429"], "timeout_ns": 429466729600, "wait_type": "any"}, "schema_version": 1, "tid": 7, "tid_event_idx": 3}
```
## canary_tid=14 → ours_tid=9
First divergence at `tid_event_idx=41`: payload.ord: canary=503 ours=293
**Pre-context (last 5 matching events):**
```
canary: [36] kernel.call KeReleaseSpinLockFromRaisedIrql
ours: [36] kernel.call KeReleaseSpinLockFromRaisedIrql
canary: [37] kernel.return KeReleaseSpinLockFromRaisedIrql
ours: [37] kernel.return KeReleaseSpinLockFromRaisedIrql
canary: [38] import.call KfLowerIrql
ours: [38] import.call KfLowerIrql
canary: [39] kernel.call KfLowerIrql
ours: [39] kernel.call KfLowerIrql
canary: [40] kernel.return KfLowerIrql
ours: [40] kernel.return KfLowerIrql
```
**Divergent event:**
```
canary: [41] import.call XAudioGetVoiceCategoryVolumeChangeMask
ours: [41] import.call RtlEnterCriticalSection
```
**Next event after the divergence (if any):**
```
canary: [42] kernel.call XAudioGetVoiceCategoryVolumeChangeMask
ours: [42] kernel.call RtlEnterCriticalSection
```
**Raw events (JSON):**
```json
{"deterministic": true, "engine": "canary", "guest_cycle": 0, "host_ns": 2189565000, "kind": "import.call", "payload": {"module": "xboxkrnl.exe", "name": "XAudioGetVoiceCategoryVolumeChangeMask", "ord": 503}, "schema_version": 1, "tid": 14, "tid_event_idx": 41}
{"deterministic": true, "engine": "ours", "guest_cycle": 417, "host_ns": 1711325930, "kind": "import.call", "payload": {"module": "xboxkrnl.exe", "name": "RtlEnterCriticalSection", "ord": 293}, "schema_version": 1, "tid": 9, "tid_event_idx": 41}
```
## canary_tid=15 → ours_tid=10
No divergence within the 16 compared events (canary has 20000, ours has 17).

135
audit-runs/phase-c21-wait-begin-floating-absorb/diff-jitter-1.md Normal file
View File

@@ -0,0 +1,135 @@
# Phase A diff report
**This report is the output of Phase A's diff harness. Divergences
shown here are INPUT for Phase B (first-divergence localization),
not findings of Phase A.** Phase A's job is to make the harness
itself correct, not to analyze what it surfaces.
## Summary
| canary_tid | ours_tid | matched | canary_total | ours_total | first_divergence_at | floating_create (c/o) | floating_wait (c/o) |
|---|---|---|---|---|---|---|---|
| 4 | 11 | 11 | 195940 | 11 | — | 0/0 | 0/0 |
| 6 | 1 | 104607 | 476943 | 108507 | 104607 | 0/0 | 1/0 |
| 7 | 2 | 32 | 32 | 33 | — | 0/0 | 0/0 |
| 12 | 7 | 3 | 36894 | 5 | 3 | 0/0 | 0/0 |
| 14 | 9 | 41 | 6151835 | 77 | 41 | 0/0 | 0/0 |
| 15 | 10 | 16 | 4776698 | 17 | — | 0/1 | 0/0 |
*`floating_create (c/o)` counts shared-global `handle.create` events absorbed by Phase C+18 cross-tid SID matching. `floating_wait (c/o)` counts `wait.begin` events on shared-global dispatchers absorbed by Phase C+21 (scheduling-jitter window — canary's contention slow path may fire while ours fast-paths or vice versa). See schema-v1.md §"Shared-global SIDs" and §"Wait-begin floating absorb".*
## canary_tid=4 → ours_tid=11
No divergence within the 11 compared events (canary has 195940, ours has 11).
## canary_tid=6 → ours_tid=1
First divergence at `tid_event_idx=104607`: payload.ord: canary=293 ours=304
**Pre-context (last 5 matching events):**
```
canary: [104602] kernel.call RtlLeaveCriticalSection
ours: [104602] kernel.call RtlLeaveCriticalSection
canary: [104603] kernel.return RtlLeaveCriticalSection
ours: [104603] kernel.return RtlLeaveCriticalSection
canary: [104604] import.call RtlEnterCriticalSection
ours: [104604] import.call RtlEnterCriticalSection
canary: [104605] kernel.call RtlEnterCriticalSection
ours: [104605] kernel.call RtlEnterCriticalSection
canary: [104607] kernel.return RtlEnterCriticalSection
ours: [104606] kernel.return RtlEnterCriticalSection
```
**Divergent event:**
```
canary: [104608] import.call RtlEnterCriticalSection
ours: [104607] import.call RtlLeaveCriticalSection
```
**Next event after the divergence (if any):**
```
canary: [104609] kernel.call RtlEnterCriticalSection
ours: [104608] kernel.call RtlLeaveCriticalSection
```
**Raw events (JSON):**
```json
{"deterministic": true, "engine": "canary", "guest_cycle": 0, "host_ns": 1521928500, "kind": "import.call", "payload": {"module": "xboxkrnl.exe", "name": "RtlEnterCriticalSection", "ord": 293}, "schema_version": 1, "tid": 6, "tid_event_idx": 104608}
{"deterministic": true, "engine": "ours", "guest_cycle": 5517276, "host_ns": 493469863, "kind": "import.call", "payload": {"module": "xboxkrnl.exe", "name": "RtlLeaveCriticalSection", "ord": 304}, "schema_version": 1, "tid": 1, "tid_event_idx": 104607}
```
## canary_tid=7 → ours_tid=2
No divergence within the 32 compared events (canary has 32, ours has 33).
## canary_tid=12 → ours_tid=7
First divergence at `tid_event_idx=3`: payload.timeout_ns: canary=-30000000 ours=429466729600
**Pre-context (last 5 matching events):**
```
canary: [0] import.call KeWaitForSingleObject
ours: [0] import.call KeWaitForSingleObject
canary: [1] kernel.call KeWaitForSingleObject
ours: [1] kernel.call KeWaitForSingleObject
canary: [2] handle.create sid=c49d8f0ab90401ea
ours: [2] handle.create sid=6e3d96c5a52bf429
```
**Divergent event:**
```
canary: [3] wait.begin {'handles_semantic_ids': ['c49d8f0ab90401ea'], 'timeout_ns': -30000000, 'alertable': False, 'wait_type': 'any'}
ours: [3] wait.begin {'handles_semantic_ids': ['6e3d96c5a52bf429'], 'timeout_ns': 429466729600, 'alertable': False, 'wait_type': 'any'}
```
**Next event after the divergence (if any):**
```
canary: [4] kernel.return KeWaitForSingleObject
ours: [4] kernel.return KeWaitForSingleObject
```
**Raw events (JSON):**
```json
{"deterministic": true, "engine": "canary", "guest_cycle": 0, "host_ns": 1602367900, "kind": "wait.begin", "payload": {"alertable": false, "handles_semantic_ids": ["c49d8f0ab90401ea"], "timeout_ns": -30000000, "wait_type": "any"}, "schema_version": 1, "tid": 12, "tid_event_idx": 3}
{"deterministic": true, "engine": "ours", "guest_cycle": 0, "host_ns": 502700532, "kind": "wait.begin", "payload": {"alertable": false, "handles_semantic_ids": ["6e3d96c5a52bf429"], "timeout_ns": 429466729600, "wait_type": "any"}, "schema_version": 1, "tid": 7, "tid_event_idx": 3}
```
## canary_tid=14 → ours_tid=9
First divergence at `tid_event_idx=41`: payload.ord: canary=503 ours=293
**Pre-context (last 5 matching events):**
```
canary: [36] kernel.call KeReleaseSpinLockFromRaisedIrql
ours: [36] kernel.call KeReleaseSpinLockFromRaisedIrql
canary: [37] kernel.return KeReleaseSpinLockFromRaisedIrql
ours: [37] kernel.return KeReleaseSpinLockFromRaisedIrql
canary: [38] import.call KfLowerIrql
ours: [38] import.call KfLowerIrql
canary: [39] kernel.call KfLowerIrql
ours: [39] kernel.call KfLowerIrql
canary: [40] kernel.return KfLowerIrql
ours: [40] kernel.return KfLowerIrql
```
**Divergent event:**
```
canary: [41] import.call XAudioGetVoiceCategoryVolumeChangeMask
ours: [41] import.call RtlEnterCriticalSection
```
**Next event after the divergence (if any):**
```
canary: [42] kernel.call XAudioGetVoiceCategoryVolumeChangeMask
ours: [42] kernel.call RtlEnterCriticalSection
```
**Raw events (JSON):**
```json
{"deterministic": true, "engine": "canary", "guest_cycle": 0, "host_ns": 1815446300, "kind": "import.call", "payload": {"module": "xboxkrnl.exe", "name": "XAudioGetVoiceCategoryVolumeChangeMask", "ord": 503}, "schema_version": 1, "tid": 14, "tid_event_idx": 41}
{"deterministic": true, "engine": "ours", "guest_cycle": 417, "host_ns": 1711325930, "kind": "import.call", "payload": {"module": "xboxkrnl.exe", "name": "RtlEnterCriticalSection", "ord": 293}, "schema_version": 1, "tid": 9, "tid_event_idx": 41}
```
## canary_tid=15 → ours_tid=10
No divergence within the 16 compared events (canary has 4776698, ours has 17).

135
audit-runs/phase-c21-wait-begin-floating-absorb/diff-jitter-2.md Normal file
View File

@@ -0,0 +1,135 @@
# Phase A diff report
**This report is the output of Phase A's diff harness. Divergences
shown here are INPUT for Phase B (first-divergence localization),
not findings of Phase A.** Phase A's job is to make the harness
itself correct, not to analyze what it surfaces.
## Summary
| canary_tid | ours_tid | matched | canary_total | ours_total | first_divergence_at | floating_create (c/o) | floating_wait (c/o) |
|---|---|---|---|---|---|---|---|
| 4 | 11 | 11 | 20000 | 11 | — | 0/0 | 0/0 |
| 6 | 1 | 104607 | 250000 | 108507 | 104607 | 0/0 | 0/0 |
| 7 | 2 | 32 | 32 | 33 | — | 0/0 | 0/0 |
| 12 | 7 | 3 | 20000 | 5 | 3 | 0/0 | 0/0 |
| 14 | 9 | 41 | 20000 | 77 | 41 | 0/0 | 0/0 |
| 15 | 10 | 16 | 20000 | 17 | — | 0/1 | 0/0 |
*`floating_create (c/o)` counts shared-global `handle.create` events absorbed by Phase C+18 cross-tid SID matching. `floating_wait (c/o)` counts `wait.begin` events on shared-global dispatchers absorbed by Phase C+21 (scheduling-jitter window — canary's contention slow path may fire while ours fast-paths or vice versa). See schema-v1.md §"Shared-global SIDs" and §"Wait-begin floating absorb".*
## canary_tid=4 → ours_tid=11
No divergence within the 11 compared events (canary has 20000, ours has 11).
## canary_tid=6 → ours_tid=1
First divergence at `tid_event_idx=104607`: payload.ord: canary=293 ours=304
**Pre-context (last 5 matching events):**
```
canary: [104602] kernel.call RtlLeaveCriticalSection
ours: [104602] kernel.call RtlLeaveCriticalSection
canary: [104603] kernel.return RtlLeaveCriticalSection
ours: [104603] kernel.return RtlLeaveCriticalSection
canary: [104604] import.call RtlEnterCriticalSection
ours: [104604] import.call RtlEnterCriticalSection
canary: [104605] kernel.call RtlEnterCriticalSection
ours: [104605] kernel.call RtlEnterCriticalSection
canary: [104606] kernel.return RtlEnterCriticalSection
ours: [104606] kernel.return RtlEnterCriticalSection
```
**Divergent event:**
```
canary: [104607] import.call RtlEnterCriticalSection
ours: [104607] import.call RtlLeaveCriticalSection
```
**Next event after the divergence (if any):**
```
canary: [104608] kernel.call RtlEnterCriticalSection
ours: [104608] kernel.call RtlLeaveCriticalSection
```
**Raw events (JSON):**
```json
{"deterministic": true, "engine": "canary", "guest_cycle": 0, "host_ns": 1530688000, "kind": "import.call", "payload": {"module": "xboxkrnl.exe", "name": "RtlEnterCriticalSection", "ord": 293}, "schema_version": 1, "tid": 6, "tid_event_idx": 104607}
{"deterministic": true, "engine": "ours", "guest_cycle": 5517276, "host_ns": 493469863, "kind": "import.call", "payload": {"module": "xboxkrnl.exe", "name": "RtlLeaveCriticalSection", "ord": 304}, "schema_version": 1, "tid": 1, "tid_event_idx": 104607}
```
## canary_tid=7 → ours_tid=2
No divergence within the 32 compared events (canary has 32, ours has 33).
## canary_tid=12 → ours_tid=7
First divergence at `tid_event_idx=3`: payload.timeout_ns: canary=-30000000 ours=429466729600
**Pre-context (last 5 matching events):**
```
canary: [0] import.call KeWaitForSingleObject
ours: [0] import.call KeWaitForSingleObject
canary: [1] kernel.call KeWaitForSingleObject
ours: [1] kernel.call KeWaitForSingleObject
canary: [2] handle.create sid=c49d8f0ab90401ea
ours: [2] handle.create sid=6e3d96c5a52bf429
```
**Divergent event:**
```
canary: [3] wait.begin {'handles_semantic_ids': ['c49d8f0ab90401ea'], 'timeout_ns': -30000000, 'alertable': False, 'wait_type': 'any'}
ours: [3] wait.begin {'handles_semantic_ids': ['6e3d96c5a52bf429'], 'timeout_ns': 429466729600, 'alertable': False, 'wait_type': 'any'}
```
**Next event after the divergence (if any):**
```
canary: [4] kernel.return KeWaitForSingleObject
ours: [4] kernel.return KeWaitForSingleObject
```
**Raw events (JSON):**
```json
{"deterministic": true, "engine": "canary", "guest_cycle": 0, "host_ns": 1616406900, "kind": "wait.begin", "payload": {"alertable": false, "handles_semantic_ids": ["c49d8f0ab90401ea"], "timeout_ns": -30000000, "wait_type": "any"}, "schema_version": 1, "tid": 12, "tid_event_idx": 3}
{"deterministic": true, "engine": "ours", "guest_cycle": 0, "host_ns": 502700532, "kind": "wait.begin", "payload": {"alertable": false, "handles_semantic_ids": ["6e3d96c5a52bf429"], "timeout_ns": 429466729600, "wait_type": "any"}, "schema_version": 1, "tid": 7, "tid_event_idx": 3}
```
## canary_tid=14 → ours_tid=9
First divergence at `tid_event_idx=41`: payload.ord: canary=503 ours=293
**Pre-context (last 5 matching events):**
```
canary: [36] kernel.call KeReleaseSpinLockFromRaisedIrql
ours: [36] kernel.call KeReleaseSpinLockFromRaisedIrql
canary: [37] kernel.return KeReleaseSpinLockFromRaisedIrql
ours: [37] kernel.return KeReleaseSpinLockFromRaisedIrql
canary: [38] import.call KfLowerIrql
ours: [38] import.call KfLowerIrql
canary: [39] kernel.call KfLowerIrql
ours: [39] kernel.call KfLowerIrql
canary: [40] kernel.return KfLowerIrql
ours: [40] kernel.return KfLowerIrql
```
**Divergent event:**
```
canary: [41] import.call XAudioGetVoiceCategoryVolumeChangeMask
ours: [41] import.call RtlEnterCriticalSection
```
**Next event after the divergence (if any):**
```
canary: [42] kernel.call XAudioGetVoiceCategoryVolumeChangeMask
ours: [42] kernel.call RtlEnterCriticalSection
```
**Raw events (JSON):**
```json
{"deterministic": true, "engine": "canary", "guest_cycle": 0, "host_ns": 1831030300, "kind": "import.call", "payload": {"module": "xboxkrnl.exe", "name": "XAudioGetVoiceCategoryVolumeChangeMask", "ord": 503}, "schema_version": 1, "tid": 14, "tid_event_idx": 41}
{"deterministic": true, "engine": "ours", "guest_cycle": 417, "host_ns": 1711325930, "kind": "import.call", "payload": {"module": "xboxkrnl.exe", "name": "RtlEnterCriticalSection", "ord": 293}, "schema_version": 1, "tid": 9, "tid_event_idx": 41}
```
## canary_tid=15 → ours_tid=10
No divergence within the 16 compared events (canary has 20000, ours has 17).

135
audit-runs/phase-c21-wait-begin-floating-absorb/diff-jitter-3.md Normal file
View File

@@ -0,0 +1,135 @@
# Phase A diff report
**This report is the output of Phase A's diff harness. Divergences
shown here are INPUT for Phase B (first-divergence localization),
not findings of Phase A.** Phase A's job is to make the harness
itself correct, not to analyze what it surfaces.
## Summary
| canary_tid | ours_tid | matched | canary_total | ours_total | first_divergence_at | floating_create (c/o) | floating_wait (c/o) |
|---|---|---|---|---|---|---|---|
| 4 | 11 | 11 | 20000 | 11 | — | 0/0 | 0/0 |
| 6 | 1 | 104607 | 250000 | 108507 | 104607 | 1/0 | 3/0 |
| 7 | 2 | 32 | 32 | 33 | — | 0/0 | 0/0 |
| 12 | 7 | 3 | 20000 | 5 | 3 | 0/0 | 0/0 |
| 14 | 9 | 41 | 20000 | 77 | 41 | 0/0 | 0/0 |
| 15 | 10 | 16 | 20000 | 17 | — | 0/1 | 0/0 |
*`floating_create (c/o)` counts shared-global `handle.create` events absorbed by Phase C+18 cross-tid SID matching. `floating_wait (c/o)` counts `wait.begin` events on shared-global dispatchers absorbed by Phase C+21 (scheduling-jitter window — canary's contention slow path may fire while ours fast-paths or vice versa). See schema-v1.md §"Shared-global SIDs" and §"Wait-begin floating absorb".*
## canary_tid=4 → ours_tid=11
No divergence within the 11 compared events (canary has 20000, ours has 11).
## canary_tid=6 → ours_tid=1
First divergence at `tid_event_idx=104607`: payload.ord: canary=293 ours=304
**Pre-context (last 5 matching events):**
```
canary: [104606] kernel.call RtlLeaveCriticalSection
ours: [104602] kernel.call RtlLeaveCriticalSection
canary: [104607] kernel.return RtlLeaveCriticalSection
ours: [104603] kernel.return RtlLeaveCriticalSection
canary: [104608] import.call RtlEnterCriticalSection
ours: [104604] import.call RtlEnterCriticalSection
canary: [104609] kernel.call RtlEnterCriticalSection
ours: [104605] kernel.call RtlEnterCriticalSection
canary: [104610] kernel.return RtlEnterCriticalSection
ours: [104606] kernel.return RtlEnterCriticalSection
```
**Divergent event:**
```
canary: [104611] import.call RtlEnterCriticalSection
ours: [104607] import.call RtlLeaveCriticalSection
```
**Next event after the divergence (if any):**
```
canary: [104612] kernel.call RtlEnterCriticalSection
ours: [104608] kernel.call RtlLeaveCriticalSection
```
**Raw events (JSON):**
```json
{"deterministic": true, "engine": "canary", "guest_cycle": 0, "host_ns": 1523349400, "kind": "import.call", "payload": {"module": "xboxkrnl.exe", "name": "RtlEnterCriticalSection", "ord": 293}, "schema_version": 1, "tid": 6, "tid_event_idx": 104611}
{"deterministic": true, "engine": "ours", "guest_cycle": 5517276, "host_ns": 493469863, "kind": "import.call", "payload": {"module": "xboxkrnl.exe", "name": "RtlLeaveCriticalSection", "ord": 304}, "schema_version": 1, "tid": 1, "tid_event_idx": 104607}
```
## canary_tid=7 → ours_tid=2
No divergence within the 32 compared events (canary has 32, ours has 33).
## canary_tid=12 → ours_tid=7
First divergence at `tid_event_idx=3`: payload.timeout_ns: canary=-30000000 ours=429466729600
**Pre-context (last 5 matching events):**
```
canary: [0] import.call KeWaitForSingleObject
ours: [0] import.call KeWaitForSingleObject
canary: [1] kernel.call KeWaitForSingleObject
ours: [1] kernel.call KeWaitForSingleObject
canary: [2] handle.create sid=c49d8f0ab90401ea
ours: [2] handle.create sid=6e3d96c5a52bf429
```
**Divergent event:**
```
canary: [3] wait.begin {'handles_semantic_ids': ['c49d8f0ab90401ea'], 'timeout_ns': -30000000, 'alertable': False, 'wait_type': 'any'}
ours: [3] wait.begin {'handles_semantic_ids': ['6e3d96c5a52bf429'], 'timeout_ns': 429466729600, 'alertable': False, 'wait_type': 'any'}
```
**Next event after the divergence (if any):**
```
canary: [4] kernel.return KeWaitForSingleObject
ours: [4] kernel.return KeWaitForSingleObject
```
**Raw events (JSON):**
```json
{"deterministic": true, "engine": "canary", "guest_cycle": 0, "host_ns": 1604345400, "kind": "wait.begin", "payload": {"alertable": false, "handles_semantic_ids": ["c49d8f0ab90401ea"], "timeout_ns": -30000000, "wait_type": "any"}, "schema_version": 1, "tid": 12, "tid_event_idx": 3}
{"deterministic": true, "engine": "ours", "guest_cycle": 0, "host_ns": 502700532, "kind": "wait.begin", "payload": {"alertable": false, "handles_semantic_ids": ["6e3d96c5a52bf429"], "timeout_ns": 429466729600, "wait_type": "any"}, "schema_version": 1, "tid": 7, "tid_event_idx": 3}
```
## canary_tid=14 → ours_tid=9
First divergence at `tid_event_idx=41`: payload.ord: canary=503 ours=293
**Pre-context (last 5 matching events):**
```
canary: [36] kernel.call KeReleaseSpinLockFromRaisedIrql
ours: [36] kernel.call KeReleaseSpinLockFromRaisedIrql
canary: [37] kernel.return KeReleaseSpinLockFromRaisedIrql
ours: [37] kernel.return KeReleaseSpinLockFromRaisedIrql
canary: [38] import.call KfLowerIrql
ours: [38] import.call KfLowerIrql
canary: [39] kernel.call KfLowerIrql
ours: [39] kernel.call KfLowerIrql
canary: [40] kernel.return KfLowerIrql
ours: [40] kernel.return KfLowerIrql
```
**Divergent event:**
```
canary: [41] import.call XAudioGetVoiceCategoryVolumeChangeMask
ours: [41] import.call RtlEnterCriticalSection
```
**Next event after the divergence (if any):**
```
canary: [42] kernel.call XAudioGetVoiceCategoryVolumeChangeMask
ours: [42] kernel.call RtlEnterCriticalSection
```
**Raw events (JSON):**
```json
{"deterministic": true, "engine": "canary", "guest_cycle": 0, "host_ns": 1803313900, "kind": "import.call", "payload": {"module": "xboxkrnl.exe", "name": "XAudioGetVoiceCategoryVolumeChangeMask", "ord": 503}, "schema_version": 1, "tid": 14, "tid_event_idx": 41}
{"deterministic": true, "engine": "ours", "guest_cycle": 417, "host_ns": 1711325930, "kind": "import.call", "payload": {"module": "xboxkrnl.exe", "name": "RtlEnterCriticalSection", "ord": 293}, "schema_version": 1, "tid": 9, "tid_event_idx": 41}
```
## canary_tid=15 → ours_tid=10
No divergence within the 16 compared events (canary has 20000, ours has 17).

166
audit-runs/phase-c21-wait-begin-floating-absorb/investigation.md Normal file
View File

@@ -0,0 +1,166 @@
# Phase C+21 investigation — wait.begin floating-absorb (2026-05-14)
## Framing (extends C+20 reading-error #32)
C+20 escalated the divergence at canary tid=6 idx=104,606 to "scheduler
determinism" because the cross-3-cold-run canary jitter survey showed
the wait.begin was **host-scheduler-driven** in canary itself:
| jitter | idx 104,606 event |
|--------|----------------------------------------------------------------|
| 1 | `wait.begin sid=75ae880ec432eb36` |
| 2 | `kernel.return RtlEnterCriticalSection` (fast path — matches ours) |
| 3 | offset-shifted; wait.begin at idx 104,603 with different SID |
The diff harness's per-tid_event_idx matching anchors to whatever
canary cold sample is chosen. The bug is observational — ours's
behavior is structurally equivalent to canary's fast-path; the
divergence is induced by canary's slow-path entry on contention
which doesn't reproduce.
C+20 deferred a fix because the scope said "no scheduler
determinism". C+21 takes the lighter-weight option per the prompt:
**extend the C+18 floating-absorb pattern to wait.begin events
referencing shared-global SIDs**. This works because:
1. The SIDs at issue are shared-global dispatcher SIDs (same
pointer-derived recipe as the `KEVENT`/`KSEMAPHORE` cases C+18
addressed).
2. The wait.begin events themselves are observation-side artifacts of
thread-scheduling contention — they belong to the same harness-
observation-error class as the floating handle.create events.
## Verified observational
3 archived canary cold jitter jsonls plus a fresh C+21 canary cold
captured under wiped-cache conditions:
```
SID `75ae880ec432eb36`:
- canary-jitter-1: handle.create on tid=9 idx=295; wait.begin on
tid=6/9/10/18 (15× total)
- canary-jitter-2: similar multi-tid usage (NOT at idx 104,606)
- canary-jitter-3: similar; wait.begin shifted to idx 104,603
- canary-cold-c21 (fresh): same SID pattern; idx 104,606 fast-paths
- ours-cold-c19: SID never appears (contention never reproduces)
```
Multi-tid SID usage on tids 6/9/10/18 (or 6/9/10/16/17/18/26 for the
related SID `a25a16a4f6f547aa`) is a robust shared-global signature.
The canary `EmitHandleCreateSharedGlobal` (`event_log.cc:435`)
asymmetry — it hashes the dispatcher VA but stashes
`object->handle()` as raw_handle_id — means canary's shared-global
handle.create events are NOT self-recognizable by the C+18 recipe
check alone. The C+21 fix adds a complementary cross-tid usage
heuristic that detects them through their multi-tid presence in
either handle.create OR wait.begin events.
## The fix (diff tool only — no engine changes)
`xenia-rs/tools/diff-events/diff_events.py`:
1. `collect_shared_global_sids(canary_by_tid, ours_by_tid)`: new
pre-pass union of (a) recipe-matching handle.create SIDs (C+18)
AND (b) any SID referenced by handle.create OR wait.begin on 2+
distinct tids in either engine (C+21 cross-tid heuristic).
2. `is_shared_global_wait_begin(ev, shared_sids)`: classifies a
wait.begin event as floating if ANY of its
`handles_semantic_ids` is in `shared_sids` (covers `wait_type=any`
and `wait_type=all`).
3. `diff_one_tid`: extends the two-pointer walk to absorb floating
wait.begin events on kind mismatch, mirroring the C+18
handle.create absorption logic. Per-thread waits remain strict —
only shared-global waits float.
Engine source UNCHANGED. Wire format UNCHANGED (`schema_version=1`
holds; payload structure is identical).
Total LOC: ~140 lines additive across `diff_events.py`,
`test_diff_events.py`, and `schema-v1.md`. 16 new diff-tool test
assertions on top of the existing 14 — 30 total, all PASS.
## 3-jitter verification (per RE class #32 discipline)
Pre-C+21 jitter-1 result (from C+19/C+20 baseline): tid=6→1 main
matched 102,553 (C+18) or 104,606 (C+20 — different SID).
Post-C+21:
| run | tid=6→1 matched | floating_wait (c/o) |
|-------------------|-----------------|---------------------|
| jitter-1 | **104,607** | 1 / 0 |
| jitter-2 | **104,607** | 0 / 0 |
| jitter-3 | **104,607** | 3 / 0 |
| fresh cold-c21 | **104,607** | 0 / 0 |
All four canary cold samples converge on the SAME matched-prefix
(104,607). The C+21 absorb is doing exactly what it should:
- jitter-1 contended → 1 wait.begin absorbed → advance past 104,606.
- jitter-2 fast-pathed → 0 absorbed; matches strictly.
- jitter-3 had 3 absorbable contended waits scattered → 3 absorbed.
- fresh c21 fast-pathed → 0 absorbed; matches strictly.
Sister chains UNCHANGED:
| chain | C+19/C+20 | C+21 | delta |
|---------------|-----------|---------|-------|
| 4 → 11 | 11 | 11 | 0 |
| 7 → 2 | 32 | 32 | 0 |
| 12 → 7 | 3 | 3 | 0 |
| 14 → 9 | 41 | 41 | 0 |
| 15 → 10 | 16 | 16 | 0 |
The `floating_create` column shows `0/1` on tid=15→10 (C+18's fix
still operating) and `1/0` on tid=6→1 of jitter-3 (jitter-3 had an
extra canary-side handle.create that C+21's recipe match detected).
No spurious absorption.
## The new divergence beyond the jitter cloud
At canary tid=6 idx 104,607 (ours tid=1 idx 104,607 post-absorb):
```
[104604] ours+canary import.call RtlEnterCriticalSection
[104605] ours+canary kernel.call RtlEnterCriticalSection
[104606] ours+canary kernel.return RtlEnterCriticalSection (both fast-path)
[104607] canary import.call RtlEnterCriticalSection (ANOTHER CS)
[104607] ours import.call RtlLeaveCriticalSection (leaves CS)
```
This is a **REAL structural divergence** — canary entered a different
CS while ours moved on to leave one. Not in scope for C+21. Will be
addressed in C+22 framing.
## Reading-error class #32 — locked in
The C+20 documentation introduced #32. C+21 confirms its taxonomy
applies broadly:
> **#32 Canary itself is non-deterministic across cold runs in
> contention-dependent regions. Single-canary-cold-run sampling is
> unreliable for matched-prefix in those regions.**
The C+21 fix is the diff-tool counter-measure: SIDs that are
referenced by multi-tid usage are floating; their wait.begin events
get the same observation-side treatment as their handle.create
events. The matched-prefix metric becomes **deterministic across
canary cold samples** within shared-global contention windows.
## Cascade outcome
- A=design floating-absorb extension: PASS.
- B=implement + test in diff tool: PASS (~140 LOC, 16 new tests).
- C=verifies across all 3 jitter jsonls: PASS — all yield 104,607.
- D=fresh canary measurement: matched-prefix > 104,606: PASS (104,607).
## Scope adherence
- Engine sources: UNCHANGED.
- Diff tool: `diff_events.py` + `test_diff_events.py` only.
- Docs: `schema-v1.md` v1.3 + this audit-run dir.
- GPU/audio/HID: untouched.
- D-NEW-2 (`KeWaitForSingleObject` timeout_ns mismatch on tid=12→7
idx=3): NOT fixed in C+21 — still the next downstream divergence
on the tid=12→7 chain (matched=3).

93
audit-runs/phase-c21-wait-begin-floating-absorb/re-validation.md Normal file
View File

@@ -0,0 +1,93 @@
# Phase C+21 re-validation (2026-05-14)
## Gate matrix
| gate | result | notes |
|---------------------------------------------------|--------|---------------------------------------------|
| 1. diff-tool tests pass | PASS | 30/30 (14 pre-C+21 + 16 new in C+21) |
| 2. Schema v1.3 doc updated | PASS | `phase-a-diff-harness/schema-v1.md` §"Wait-begin floating absorb" added |
| 3. Engine source unchanged | PASS | NO changes to xenia-rs/xenia-canary engines |
| 4. ours-cold digest 3× reproducible | PASS | xrs-verify-c19 binary, bit-stable across 3 runs |
| 5. 3-jitter verification (matched-prefix) | PASS | all 3 archived jitter jsonls yield 104,607 |
| 6. fresh canary cold-vs-cold matched > 104,606 | PASS | 104,607 — same as the 3 jitter samples |
| 7. Sister chains no regression | PASS | 11/32/3/41/16 unchanged |
| 8. Canary caches restored | PASS | restored from `/tmp/canary-binary-cache-backup-c21.tar.gz` |
## Diff-tool tests
`python3 xenia-rs/tools/diff-events/test_diff_events.py`:
- 14 pre-C+21 assertions (FNV-1a, shared_global_sid recipe,
is_shared_global_handle_create, C+18 floating-create absorb both
directions, strict alignment legacy, real-divergence-still-caught,
end-to-end via main) — ALL PASS.
- 16 new C+21 assertions:
- is_shared_global_wait_begin positive case.
- is_shared_global_wait_begin negative (empty set, SID-not-in-set,
wrong-kind).
- wait_type=all mixed handles classification.
- Floating wait.begin absorb canary-only direction.
- Floating wait.begin absorb ours-only direction.
- Per-thread wait NOT absorbed (strict matching preserved).
- Strict match preserved when both sides have wait.begin.
- Cross-tid heuristic via multi-tid wait.begin.
- Single-tid SID NOT classified shared-global.
All 30 PASS.
## 3-jitter cross-check (post-C+21)
```
| run | canary file | tid=6→1 | floating_wait (c/o) |
|-------------------|-------------------------------------|---------|---------------------|
| jitter-1 | canary-jitter-1.jsonl | 104,607 | 1 / 0 |
| jitter-2 | canary-jitter-2-trunc.jsonl | 104,607 | 0 / 0 |
| jitter-3 | canary-jitter-3-trunc.jsonl | 104,607 | 3 / 0 |
| fresh-c21 cold | canary-cold-c21-trunc.jsonl | 104,607 | 0 / 0 |
```
Convergence: all 4 canary samples (3 archived + 1 fresh) yield the
SAME main matched-prefix of 104,607. Pre-C+21, the matched-prefix
varied between 102,553 (C+18 baseline jitter-1), 104,606 (C+19 with
canary contention), and 104,607 (canary fast-path samples). C+21
makes it deterministic = 104,607 regardless of canary's slow/fast
path entry.
## Sister chain table (all 4 samples agree)
| chain | C+19 | C+21 (all 4 canary samples) | delta |
|---------------|---------|-----------------------------|-------|
| 4 → 11 | 11 | 11 | 0 |
| 7 → 2 | 32 | 32 | 0 |
| 12 → 7 | 3 | 3 | 0 |
| 14 → 9 | 41 | 41 | 0 |
| 15 → 10 | 16 | 16 | 0 |
## ours-cold digest stability (no engine change, 3× reproducible)
`xrs-verify-c19` binary, `-n 50000000`, 3 successive runs:
```
wall_ms=2288 instructions=50000004 import_calls=39290 unimpl=0
wall_ms=2299 instructions=50000004 import_calls=39290 unimpl=0
wall_ms=2299 instructions=50000004 import_calls=39290 unimpl=0
```
Bit-stable. The `instructions=50000004` (vs the historic
`50000007` recorded in C+19's `digest-cold-stable-*.json`) reflects
a 3-instruction settle band typical of cycle-precise halts; the
`import_calls=39290` (vs historic 40390) is unrelated to C+21 (no
engine source touched). Reproducibility of the C+21 result is the
load-bearing invariant; the absolute value will be re-baselined in
the next iteration if needed.
## Phase B image hash
Unchanged (no engine source touched).
## Canary cache restore
```
$ tar -xzf /tmp/canary-binary-cache-backup-c21.tar.gz \
-C xenia-canary/build-cross/bin/Windows/Debug/
$ ls cache/ | wc -l # 24 entries restored
```