tomoaki/hakmem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Tiny: fix header/stride mismatch and harden refill paths

Browse Source 
- Root cause: header-based class indexing (HEADER_CLASSIDX=1) wrote a 1-byte
  header during allocation, but linear carve/refill and initial slab capacity
  still used bare class block sizes. This mismatch could overrun slab usable
  space and corrupt freelists, causing reproducible SEGV at ~100k iters.

Changes
- Superslab: compute capacity with effective stride (block_size + header for
  classes 0..6; class7 remains headerless) in superslab_init_slab(). Add a
  debug-only bound check in superslab_alloc_from_slab() to fail fast if carve
  would exceed usable bytes.
- Refill (non-P0 and P0): use header-aware stride for all linear carving and
  TLS window bump operations. Ensure alignment/validation in tiny_refill_opt.h
  also uses stride, not raw class size.
- Drain: keep existing defense-in-depth for remote sentinel and sanitize nodes
  before splicing into freelist (already present).

Notes
- This unifies the memory layout across alloc/linear-carve/refill with a single
  stride definition and keeps class7 (1024B) headerless as designed.
- Debug builds add fail-fast checks; release builds remain lean.

Next
- Re-run Tiny benches (256/1024B) in debug to confirm stability, then in
  release. If any remaining crash persists, bisect with HAKMEM_TINY_P0_BATCH_REFILL=0
  to isolate P0 batch carve, and continue reducing branch-miss as planned.
This commit is contained in:
Moe Charm (CI)
2025-11-09 18:55:50 +09:00
parent ab68ee536d
commit 1010a961fb
171 changed files with 10238 additions and 634 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
core/tiny_region_id.h
View File

@ -44,17 +44,18 @@
static inline void* tiny_region_id_write_header(void* base, int class_idx) {
if (!base) return base;
// Special-case class 7 (1024B blocks): return full block without header.
// Rationale: 1024B requests must not pay an extra 1-byte header (would overflow)
// and routing them to Mid/OS causes excessive mmap/madvise. We keep Tiny owner
// and let free() take the slow path (headerless → slab lookup).
if (__builtin_expect(class_idx == 7, 0)) {
return base; // no header written; user gets full 1024B
}
// Write header at block start
uint8_t* header_ptr = (uint8_t*)base;
// CRITICAL (Phase 7-1.3): ALWAYS write magic byte for safety
// Reason: Free path ALWAYS validates magic (even in release) to detect
// non-Tiny allocations. Without magic, all frees would fail validation.
// Performance: Magic write is FREE (same 1-byte write, just different value)
*header_ptr = HEADER_MAGIC | (class_idx & HEADER_CLASS_MASK);
// Return user pointer (skip header)
return header_ptr + 1;
return header_ptr + 1; // skip header for user pointer
}
// ========== Read Header (Free) ==========