fabi/xenia-rs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a4926c73f40b2fa574f9bb6aca837e543218f506
xenia-rs/audit-runs/phase-c19-NtDuplicateObject-handle-create/cold-vs-cold-result.md
MechaCat02 ef93a4fa14 handoff: VSync/event-wedge fixes + iterate 2.A–2.BC research notes 
Source changes (dormant parity infra, retained from iterate 2.AI/2.AO):
- xenia-kernel/exports.rs: nt_create_event manual_reset polarity +
  related event wiring
- xenia-gpu/mmio_region.rs: D1MODE_VBLANK_VLINE_STATUS hardcode parity

Also lands the audit-runs/ analysis notes (.md/.txt/.json digests) for the
iterate 2.x VSync/0x10e8/0x1004 wedge investigation. Raw trace dumps
(.jsonl/.gz/.csv/.stdout) and agent worktrees (.claude/) are gitignored as
regenerable local artifacts — see memory + HANDOFF for the running findings.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-05 07:19:08 +02:00

109 lines
4.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Phase C+19 cold-vs-cold result (2026-05-14)
## Verified resolution of D-NEW-1
Direct inspection of `ours-cold.jsonl` (50M instructions, cold cache)
on tid=1 around idx 102553 (the C+18 baseline divergence point):
```
idx=102551 kind=import.call name=NtDuplicateObject
idx=102552 kind=kernel.call name=NtDuplicateObject
idx=102553 kind=handle.create [NEW in C+19 — fresh dup slot]
idx=102554 kind=kernel.return name=NtDuplicateObject ret=0
```
**D-NEW-1 RESOLVED at the source.** Ours now emits `handle.create`
between `kernel.call NtDuplicateObject` and `kernel.return
NtDuplicateObject`, exactly mirroring canary's
`ObjectTable::DuplicateHandle``AddHandle` (object_table.cc:210-223
→ 148-208). The new `handle.create` payload carries:
- `raw_handle_id` = freshly allocated dup id (NOT source id).
- `object_type` = same as source's `KernelObject` variant.
- `handle_semantic_id` = per-tid SID at the allocation point.
## Acceptance gates
- **Gate 1 (default-off digest)**: PASS — 3× reproducible at
`e1dfcb1559f987b35012a7f2dc6d93f5` (unchanged from C+13/C+15-α/
C+16/C+17/C+18 baseline). C+19 is observation-only at the digest
level; instruction count, swaps, draws all bit-identical to C+18.
- **Gate 2 (cvar-on emit)**: PASS — ours-cold produces 121,569
events (matches C+18's 121,544 ± shared-global tid jitter; the
+25 events are the new dup-side `handle.create` and balancing
per-slot `handle.destroy` events).
- **Gate 3 (diff tool runs)**: PASS — produces 6-chain report.
- **Gate 4 (cold-vs-cold matched prefix)**: PARTIALLY PASS — see
"Canary cache jitter" below.
- **Gate 5 (build)**: PASS — both engines build clean (only the
pre-existing `dead_code` warning on `walk_committed_regions`).
- **Gate 6 (tests)**: PASS — ours kernel tests 193 → 204 (+11 new
AUDIT-062 regression + dup lifecycle tests). Workspace tests all
pass.
- **Gate 7 (Phase B image hash)**: PASS — `image_loaded_sha256` =
`ea8d160e9369328a5b922258a92113efb8d7ce3e1a5c12cc521e375985c91c18`
(unchanged).
- **Gate 8 (event-log determinism)**: PASS — emit count bit-stable
across cold runs. The new `handle.create` and per-slot
`handle.destroy` events are deterministically emitted at the
canary-symmetric boundary.
- **Gate 9 (AUDIT-062 regression)**: PASS — see
`audit062-regression-check.md`. All 11 new tests guard the
signal-on-dup-wakes-wait-on-source invariant.
## Canary cache jitter
The diff tool reports main matched-prefix at 102,424 — below the
C+18 baseline of 102,553. Investigation shows this is **canary-side
cache jitter, not a regression of the C+19 fix**:
```
C+18 baseline canary tid=6 idx=102424: status=0xc000000f (NO_SUCH_FILE)
C+19 canary v2 tid=6 idx=102424: status=0x00000000 (SUCCESS)
C+19 canary v3 tid=6 idx=102424: status=0x00000000 (SUCCESS)
C+19 canary v5 tid=6 idx=102424: status=0x00000000 (SUCCESS)
```
`NtQueryFullAttributesFile` on canary's side returned a different
status across cold runs (cache-state-dependent). Ours's status at
this idx is unchanged (`0xc000000f` in both C+18 and C+19 baselines).
The canary log used to establish the C+18 baseline reflected a
specific cache state that successive cold-canary runs have not
reproduced; this is independent of any change in xenia-rs.
The C+19 fix's true effect is verified by direct inspection of
ours-cold.jsonl at idx 102553 (above), NOT by the canary-comparison
matched-prefix at 102,424.
## Sister chain summary
Unchanged from C+18 baseline (canary jitter doesn't affect sisters):
| chain | C+18 | C+19 | delta |
|--------------------------------|---------|---------|-------|
| canary tid=4 → ours tid=11 | 11 | 11 | 0 |
| canary tid=7 → ours tid=2 | 32 | 32 | 0 |
| canary tid=12 → ours tid=7 | 3 | 3 | 0 |
| canary tid=14 → ours tid=9 | 41 | 41 | 0 |
| canary tid=15 → ours tid=10 | 16 | 16 | 0 |
No sister-chain regressions.
## Conclusion
- Direct verification: D-NEW-1 RESOLVED.
- AUDIT-062 invariant: PRESERVED (11 new regression tests + framing
analysis in `audit062-regression-check.md`).
- Cold-stable digest: UNCHANGED.
- Build + tests: PASS.
- Sister chains: UNCHANGED.
- Canary-side cold-run jitter is an independent observability
concern; the C+19 fix itself is correct and minimal.
## Next target
**C+20 = D-NEW-2 (`KeWaitForSingleObject` `timeout_ns` mismatch on
canary tid=12 → ours tid=7 at idx=3)**. ε-class encoding divergence:
canary=`-30000000` ns, ours=`429466729600` ns. Likely a sign/scale
asymmetry in the timeout payload emitter.
Reference in New Issue View Git Blame Copy Permalink