tomoaki/hakmem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sh8bench修正: LRU registry未登録問題 + self-heal修復

Browse Source 
問題:
  - sh8benchでfree(): invalid pointer発生
  - header=0xA0だがsuperslab registry未登録のポインタがlibcへ

根本原因:
  - LRU pop時にhak_super_register()が呼ばれていなかった
  - hakmem_super_registry.c:hak_ss_lru_pop()の設計不備

修正内容:

1. 根治修正 (core/hakmem_super_registry.c:466)
   - LRU popしたSuperSlabを明示的にregistry再登録
   - hak_super_register((uintptr_t)curr, curr) 追加
   - これによりfree時のhak_super_lookup()が成功

2. Self-heal修復 (core/box/hak_wrappers.inc.h:387-436)
   - Safety net: 未登録SuperSlabを検出して再登録
   - mincore()でマッピング確認 + magic検証
   - libcへの誤ルート遮断(free()クラッシュ回避)
   - 詳細デバッグログ追加(HAKMEM_WRAP_DIAG=1)

3. デバッグ指示書追加 (docs/sh8bench_debug_instruction.md)
   - TLS_SLL_HDR_RESET問題の調査手順

テスト:
  - cfrac, larson等の他ベンチマークは正常動作確認
  - sh8benchのTLS_SLL_HDR_RESET問題は別issue(調査中)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Moe Charm (CI)
2025-12-03 09:15:59 +09:00
parent f7d0d236e0
commit 4cc2d8addf
3 changed files with 244 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
core/box/hak_wrappers.inc.h
View File

@ -34,6 +34,10 @@ void* realloc(void* ptr, size_t size) {
#include "../front/malloc_tiny_fast.h" // Phase 26: Front Gate Unification
#include "tiny_front_config_box.h" // Phase 4-Step3: Compile-time config for dead code elimination
#include "wrapper_env_box.h" // Wrapper env cache (step trace / LD safe / free trace)
#include "../hakmem_internal.h" // AllocHeader helpers for diagnostics
#include "../hakmem_super_registry.h" // Superslab lookup for diagnostics
#include "../superslab/superslab_inline.h" // slab_index_for, capacity
#include <sys/mman.h> // mincore for safe mapping checks
#include <unistd.h> // write for diagnostics
#include <string.h> // strlen for diagnostics
@ -232,6 +236,8 @@ void free(void* ptr) {
// Fallback to normal path for non-Tiny or no-header mode
}
const wrapper_env_cfg_t* wcfg = wrapper_env_cfg();
// Phase 26: Front Gate Unification (Tiny free fast path)
// Placed AFTER BenchFast check, BEFORE expensive classify_ptr()
// Bypasses: hak_free_at routing + wrapper overhead + classification
@ -381,6 +387,53 @@ void free(void* ptr) {
#endif
}
// No valid hakmem header → external pointer (BenchMeta, libc allocation, etc.)
if (__builtin_expect(wcfg->wrap_diag, 0)) {
SuperSlab* ss = hak_super_lookup(ptr);
int slab_idx = -1;
int meta_cls = -1;
int alloc_method = -1;
if (__builtin_expect(ss && ss->magic == SUPERSLAB_MAGIC, 0)) {
slab_idx = slab_index_for(ss, (void*)((uint8_t*)ptr - 1));
if (slab_idx >= 0 && slab_idx < ss_slabs_capacity(ss)) {
meta_cls = ss->slabs[slab_idx].class_idx;
}
} else if (offset_in_page >= HEADER_SIZE) {
AllocHeader* ah = hak_header_from_user(ptr);
if (hak_header_validate(ah)) {
alloc_method = ah->method;
}
}
fprintf(stderr,
"[WRAP_FREE_NOT_OWNED] ptr=%p hdr=0x%02x off=0x%lx lockdepth=%d init=%d ss=%p slab=%d meta_cls=%d alloc_method=%d\n",
ptr,
header,
(unsigned long)offset_in_page,
g_hakmem_lock_depth,
g_initializing,
(void*)ss,
slab_idx,
meta_cls,
alloc_method);
}
// Self-heal: if this looks like a SuperSlab (magic matches) but registry lookup failed,
// re-register on the fly and route to hakmem free to avoid libc abort.
{
SuperSlab* ss_guess = (SuperSlab*)((uintptr_t)ptr & ~((uintptr_t)SUPERSLAB_SIZE_MIN - 1u));
long page_sz = sysconf(_SC_PAGESIZE);
unsigned char mincore_vec = 0;
int mapped = (page_sz > 0) &&
(mincore((void*)((uintptr_t)ss_guess & ~(uintptr_t)(page_sz - 1)),
(size_t)page_sz,
&mincore_vec) == 0);
if (mapped && ss_guess->magic == SUPERSLAB_MAGIC) {
hak_super_register((uintptr_t)ss_guess, ss_guess); // idempotent if already registered
g_hakmem_lock_depth++;
hak_free_at(ptr, 0, HAK_CALLSITE());
g_hakmem_lock_depth--;
return;
}
}
extern void __libc_free(void*);
ptr_trace_dump_now("wrap_libc_external_nomag");
wrapper_record_fallback(FB_NOT_OWNED, "[wrap] libc free: not_owned\n");