Incorrect kCSNow

[ghost]

It seems kCSNow is 0x8000000000000000llu instead of 0x80000000u. This makes sense as times are uint64_t.
This can be checked by e.g. disassembling the 64-bit part of /usr/lib/libdtrace.dylib, function symbolOwnerForName:
Source:

CSSymbolOwnerRef symbolOwnerForName(CSSymbolicatorRef symbolicator, const char* name) {        
    // Check for a.out specifically
    if (strcmp(name, "a.out") == 0) {
        __block CSSymbolOwnerRef owner = kCSNull;
        if (CSSymbolicatorForeachSymbolOwnerWithFlagsAtTime(symbolicator, kCSSymbolOwnerIsAOut, kCSNow, ^(CSSymbolOwnerRef t) { owner = t; }) == 1) {
            return owner;
        }
        return kCSNull;
    }
…

Disassembly:

                                             _symbolOwnerForName:
000000000003a028 55                              pushq      %rbp                ; XREF=_Pxlookup_by_name+89, _Plmid_to_map+42, _Psymbol_iter_by_addr+95
000000000003a029 4889E5                          movq       %rsp, %rbp
000000000003a02c 4157                            pushq      %r15
000000000003a02e 4156                            pushq      %r14
000000000003a030 4155                            pushq      %r13
000000000003a032 4154                            pushq      %r12
000000000003a034 53                              pushq      %rbx
000000000003a035 4881ECD8000000                  subq       $0xd8, %rsp
000000000003a03c 4889D3                          movq       %rdx, %rbx          ; const char* name
000000000003a03f 4989F7                          movq       %rsi, %r15          ; CSSymbolicatorRef symbolicator
000000000003a042 4989FC                          movq       %rdi, %r12
000000000003a045 488D35CC4C0300                  leaq       %ds:0x6ed18, %rsi   ; "a.out", argument "s2" for method imp___stubs__strcmp
000000000003a04c 4889DF                          movq       %rbx, %rdi          ; argument "s1" for method imp___stubs__strcmp
000000000003a04f E868F80100                      callq      $imp___stubs__strcmp
000000000003a054 85C0                            testl      %eax, %eax
000000000003a056 0F8481010000                    jeq        $0x3a1dd

000000000003a05c 48C745B000000000                movq       $0x0, %ss:var_50(%rbp)
000000000003a064 4C8D6DB0                        leaq       %ss:var_50(%rbp), %r13
000000000003a068 4C896DB8                        movq       %r13, %ss:var_48(%rbp)
000000000003a06c C745C000000000                  movl       $0x0, %ss:var_40(%rbp)
000000000003a073 C745C428000000                  movl       $0x28, %ss:var_3C(%rbp)
000000000003a07a 48C745D000000000                movq       $0x0, %ss:var_30(%rbp)
000000000003a082 48C745C800000000                movq       $0x0, %ss:var_38(%rbp)
000000000003a08a 4C8B35778F0300                  movq       %ds:imp___got___NSConcreteStackBlock, %r14
000000000003a091 4C89B560FFFFFF                  movq       %r14, %ss:var_A0(%rbp)
000000000003a098 C78568FFFFFF00000042            movl       $0x42000000, %ss:var_98(%rbp)
000000000003a0a2 C7856CFFFFFF00000000            movl       $0x0, %ss:var_94(%rbp)
000000000003a0ac 488D0540020000                  leaq       %ds:___symbolOwnerForName_block_invoke2, %rax
000000000003a0b3 48898570FFFFFF                  movq       %rax, %ss:var_90(%rbp)
000000000003a0ba 488D051F250400                  leaq       %ds:___block_descriptor_tmp5, %rax
000000000003a0c1 48898578FFFFFF                  movq       %rax, %ss:var_88(%rbp)
000000000003a0c8 4C896D80                        movq       %r13, %ss:var_80(%rbp)
000000000003a0cc 4C8D8560FFFFFF                  leaq       %ss:var_A0(%rbp), %r8 ; argument "iterator" for method imp___stubs__CSSymbolicatorForeachSymbolOwnerWithPathAtTime
000000000003a0d3 4C89E7                          movq       %r12, %rdi          ; argument #1 for method imp___stubs__CSSymbolicatorForeachSymbolOwnerWithPathAtTime
000000000003a0d6 4C89FE                          movq       %r15, %rsi          ; argument "symbolicator" for method imp___stubs__CSSymbolicatorForeachSymbolOwnerWithPathAtTime
000000000003a0d9 4889DA                          movq       %rbx, %rdx          ; argument "name" for method imp___stubs__CSSymbolicatorForeachSymbolOwnerWithPathAtTime
000000000003a0dc 48B90000000000000080            movabsq    $0x8000000000000000, %rcx ; argument "time" for method imp___stubs__CSSymbolicatorForeachSymbolOwnerWithPathAtTime
000000000003a0e6 E88DF30100                      callq      $imp___stubs__CSSymbolicatorForeachSymbolOwnerWithPathAtTime
000000000003a0eb 4885C0                          testq      %rax, %rax
000000000003a0ee 0F85D2000000                    jneq       $0x3a1c6

[zorgiepoo]

Looking at the i386 disassembly, it seems to be pushing 0x0 and 0x80000000 (at offsets 0xC and 0x10):

...
00040a2e    movl    $0x80000000, %eax       ## imm = 0x80000000
00040a33    movl    %eax, 0x10(%esp)
00040a37    movl    %ebx, 0x8(%esp)
00040a3b    movl    0xc(%ebp), %eax
00040a3e    movl    %eax, 0x4(%esp)
00040a42    movl    0x8(%ebp), %eax
00040a45    movl    %eax, (%esp)
00040a48    movl    $0x0, 0xc(%esp)
00040a50    calll   0x60a10                 ## symbol stub for: _CSSymbolicatorForeachSymbolOwnerWithPathAtTime
...

Hopper pseudocode comparison between i386 vs x86_64:

rax = CSSymbolicatorForeachSymbolOwnerWithFlagsAtTime(r12, r15, 0x10, 0x8000000000000000, __NSConcreteStackBlock);
eax = CSSymbolicatorForeachSymbolOwnerWithFlagsAtTime(arg0, arg1, 0x10, 0x0, 0x80000000, __NSConcreteStackBlock);

Perhaps there are two separate arguments? The first one could potentially be a boolean (0x0 or 0x1).

For instance, take a look at CSSymbolicatorCopyDescriptionWithIndent (i386) in /System/Library/PrivateFrameworks/CoreSymbolication.framework/Versions/A/CoreSymbolication:

...
#0x8000000000000001 for x86_64
000283da         mov        dword [ss:esp+0xc], 0x80000000
000283e2         mov        dword [ss:esp+0x8], 0x1
000283ea         call       _CSSymbolicatorForeachSymbolOwnerAtTime
...

There are a couple other references to 0x8000000000000001 as well.

Another constant could be created for 0x8000000000000001 if the two arguments really are tied together, but I've no idea what it means.