fabi/xenia-rs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a4926c73f40b2fa574f9bb6aca837e543218f506
xenia-rs/audit-runs/phase-c6half-xam-audit/hallucination-audit.md
MechaCat02 ef93a4fa14 handoff: VSync/event-wedge fixes + iterate 2.A–2.BC research notes 
Source changes (dormant parity infra, retained from iterate 2.AI/2.AO):
- xenia-kernel/exports.rs: nt_create_event manual_reset polarity +
  related event wiring
- xenia-gpu/mmio_region.rs: D1MODE_VBLANK_VLINE_STATUS hardcode parity

Also lands the audit-runs/ analysis notes (.md/.txt/.json digests) for the
iterate 2.x VSync/0x10e8/0x1004 wedge investigation. Raw trace dumps
(.jsonl/.gz/.csv/.stdout) and agent worktrees (.claude/) are gitignored as
regenerable local artifacts — see memory + HANDOFF for the running findings.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-05 07:19:08 +02:00

111 lines
4.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Phase 02 — XAM hallucination audit (Phase C+6½ XAM)
## Method
For every xam.xex ord ours registers in `crates/xenia-kernel/src/xam.rs::register_exports()`,
cross-reference against canary's `xam_table.inc` (1736 entries; authoritative
Xbox 360 ord→name mapping). Three classes of mismatch are possible:
1. **MATCH** — ours's name == canary's name. Most exports.
2. **HALLUCINATION** — ours's name ≠ canary's name at the same ord.
The hallucinated name may be a real NT/Xam function that exists at a
*different* ord on Xbox 360, making it look plausible.
3. **GHOST ORD** — ours registers an ord canary's table doesn't have.
For each HALLUCINATION, additional severity classification (per C+6½ taxonomy):
* **CRITICAL** — ours's stub body performs different semantics than
canary's named function. Game gets wrong data on every call.
* **HIGH** — ours's stub body is harmless (e.g. `stub_success`) but
registered under wrong name (Phase A name divergence; no behavior
risk at runtime).
* **LOW** — ours's stub body has correct semantics but name is wrong
(rename-only fix).
## Headline
| count | category |
|------:|---|
| 52 | total xam ords ours registers |
| **52** | **MATCH** (name agrees with canary table) |
| **0** | **HALLUCINATION** |
| **0** | **GHOST ORD** (no ord registered in ours that canary's table lacks) |
**Outcome: clean. The XAM table has zero name mismatches.**
This is in contrast to the xboxkrnl table audited in C+6½, which had 2
CRITICAL hallucinations (ord 0x82 `KeQueryIdealProcessor`
`KeQueryInterruptTime`; ord 0x98 `KeSetIdealProcessor`
`KeSetBackgroundProcessors`). Whoever populated ours's XAM
registrations evidently used canary's `xam_table.inc` as the
authoritative source from the start.
## XamTaskCloseHandle (Phase C+7 target) — explicit verification
Phase C+7's pending main-chain first divergence at idx 102158 is
`XamTaskCloseHandle return_value=1 vs 0`. Audit confirms:
* Ord **0x000001B1** in ours's `xam.rs:33` ↔ canary's
`xam_table.inc:230` are BOTH `XamTaskCloseHandle`.
* **NOT a name hallucination.** Both engines call the same function
by name.
* The divergence is a **body-semantic issue**:
* canary's `XamTaskCloseHandle_entry` (`xam_task.cc:83-93`) calls
`NtClose(obj_handle)`, returns `true` (= 1) on success.
* ours registers `stub_success` (`xam.rs:33`) which returns 0.
* The fix is therefore in xam_task body semantics, NOT in this
hallucination-audit scope. **Deferred to a dedicated C+7 session**
per directive "don't widen scope to fix non-hallucinated XAM
functions".
## Class-E sister-sweep candidate (Phase 1 — applied)
While auditing 52 ours-registered XAM ords, cross-referenced which
have NO `DECLARE_XAM_EXPORT` shim in canary (analogous to C+6½'s
class-E sister sweep on xboxkrnl).
Canary's XAM `DECLARE_XAM_EXPORT*` count: **331 shims** declared
across all `src/xenia/kernel/xam/*.cc` files.
Of ours's 52 ords, exactly **one** has a matching name but NO shim
in canary, and is currently registered via the noisy
`register_export` path:
| ord | canary name | ours kind (pre) | canary has shim? |
|---|---|---|---|
| 0x02D5 | XamShowGamerCardUIForXUID | register_export → stub_success | NO (table-only) |
Wait, isn't `XamShowDirtyDiscErrorUI` also class-E? It IS class-E in
canary (table-only), but the audit reviewed and it's already
correctly named and the directive constrains us to bug-class-aware
scope: the 1 candidate flagged is the only one ours is currently
registering through the loud (event-emitting) path under a class-E
name that we have evidence (from C+6 / C+6½) would alter Phase A
matched-prefix if hit.
(Note: ALL other ours `register_export(..., stub_*)` entries with no
canary `DECLARE_XAM_EXPORT` shim were spot-checked. None are
currently live in the 50M Phase A window — confirmed by grep of the
C+6½ ours.jsonl. So even if any others are technically class-E,
they're inert at the current matched-prefix horizon. Per directive
"don't widen scope", only the 1 flagged candidate is touched.)
**Phase 1 action**: rewire ord 0x02D5 to
`register_unimplemented_export`. Mirrors C+6½'s
`StfsCreateDevice`/`DbgPrint`/etc rewires.
## No CRITICAL/HIGH/LOW hallucinations to fix
Per the audit headline. The session's primary deliverable
(hallucination fixes) is **empty by construction** — the XAM table
in ours was already clean.
## Files
* `canary-xam-table.csv` — 1736 raw entries from
`xam_table.inc`.
* `canary-xam-table-classified.csv` — same, with
`has_shim` column (yes/no per `DECLARE_XAM_EXPORT*` grep).
* `canary-xam-declared-shims.txt` — 331 names.
* `ours-vs-canary.csv` — 52-row cross-check with verdict per ord.
Reference in New Issue View Git Blame Copy Permalink