Tiny: fix header/stride mismatch and harden refill paths

- Root cause: header-based class indexing (HEADER_CLASSIDX=1) wrote a 1-byte
  header during allocation, but linear carve/refill and initial slab capacity
  still used bare class block sizes. This mismatch could overrun slab usable
  space and corrupt freelists, causing reproducible SEGV at ~100k iters.

Changes
- Superslab: compute capacity with effective stride (block_size + header for
  classes 0..6; class7 remains headerless) in superslab_init_slab(). Add a
  debug-only bound check in superslab_alloc_from_slab() to fail fast if carve
  would exceed usable bytes.
- Refill (non-P0 and P0): use header-aware stride for all linear carving and
  TLS window bump operations. Ensure alignment/validation in tiny_refill_opt.h
  also uses stride, not raw class size.
- Drain: keep existing defense-in-depth for remote sentinel and sanitize nodes
  before splicing into freelist (already present).

Notes
- This unifies the memory layout across alloc/linear-carve/refill with a single
  stride definition and keeps class7 (1024B) headerless as designed.
- Debug builds add fail-fast checks; release builds remain lean.

Next
- Re-run Tiny benches (256/1024B) in debug to confirm stability, then in
  release. If any remaining crash persists, bisect with HAKMEM_TINY_P0_BATCH_REFILL=0
  to isolate P0 batch carve, and continue reducing branch-miss as planned.

core/hakmem_ace.c

@@ -1,3 +1,4 @@
+#include <stdio.h>
 #include "hakmem_ace.h"
 #include "hakmem_pool.h"
 #include "hakmem_l25_pool.h"
@@ -50,9 +51,24 @@ void* hkm_ace_alloc(size_t size, uintptr_t site_id, const FrozenPolicy* pol) {
     double wmax_large = (pol ? pol->w_max_large : 1.25);
 
     // MidPool: 2–52KiB (Phase 6.21: with Bridge classes for W_MAX rounding)
+    if (size >= 33000 && size <= 34000) {
+        fprintf(stderr, "[ACE] Processing 33KB: size=%zu, POOL_MAX_SIZE=%d\n", size, POOL_MAX_SIZE);
+    }
     if (size <= POOL_MAX_SIZE) {
         size_t r = round_to_mid_class(size, wmax_mid, pol);
+        if (size >= 33000 && size <= 34000) {
+            fprintf(stderr, "[ACE]   round_to_mid_class returned: %zu (0 means no valid class)\n", r);
+        }
         if (r != 0) {
+            // Debug: Log 33KB allocation routing (only in debug builds)
+#ifdef HAKMEM_DEBUG_VERBOSE
+            if (size >= 33000 && size <= 34000) {
+                HAKMEM_LOG("[ACE] 33KB alloc: size=%zu → rounded=%zu (class 5: 40KB)\n", size, r);
+            }
+#endif
+            if (size >= 33000 && size <= 34000) {
+                fprintf(stderr, "[ACE]   Calling hak_pool_try_alloc with size=%zu\n", r);
+            }
             HKM_TIME_START(t_mid_get);
             void* p = hak_pool_try_alloc(r, site_id);
             HKM_TIME_END(HKM_CAT_POOL_GET, t_mid_get);
@@ -74,7 +90,7 @@ void* hkm_ace_alloc(size_t size, uintptr_t site_id, const FrozenPolicy* pol) {
         }
     } else if (size > POOL_MAX_SIZE && size < L25_MIN_SIZE) {
         // Gap 32–64KiB: try rounding up to 64KiB if permitted
-        size_t r = round_to_large_class(L25_MIN_SIZE, wmax_large); // check 64KiB vs size
+        // size_t r = round_to_large_class(L25_MIN_SIZE, wmax_large); // check 64KiB vs size (unused)
         if ((double)L25_MIN_SIZE <= wmax_large * (double)size) {
             HKM_TIME_START(t_l25_get2);
             void* p = hak_l25_pool_try_alloc(L25_MIN_SIZE, site_id);