Refactor: Split hakmem_tiny_superslab.c + unified backend exit point

Major refactoring to improve maintainability and debugging:

1. Split hakmem_tiny_superslab.c (1521 lines) into 7 focused files:
   - superslab_allocate.c: SuperSlab allocation/deallocation
   - superslab_backend.c: Backend allocation paths (legacy, shared)
   - superslab_ace.c: ACE (Adaptive Cache Engine) logic
   - superslab_slab.c: Slab initialization and bitmap management
   - superslab_cache.c: LRU cache and prewarm cache management
   - superslab_head.c: SuperSlabHead management and expansion
   - superslab_stats.c: Statistics tracking and debugging

2. Created hakmem_tiny_superslab_internal.h for shared declarations

3. Added superslab_return_block() as single exit point for header writing:
   - All backend allocations now go through this helper
   - Prevents bugs where headers are forgotten in some paths
   - Makes future debugging easier

4. Updated Makefile for new file structure

5. Added header writing to ss_legacy_backend_box.c and
   ss_unified_backend_box.c (though not currently linked)

Note: Header corruption bug in Larson benchmark still exists.
Class 1-6 allocations go through TLS refill/carve paths, not backend.
Further investigation needed.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

core/tiny_region_id.h

@@ -290,25 +290,18 @@ static inline int tiny_region_id_read_header(void* ptr) {
     // CRITICAL FIX (Pool TLS Phase 1): ALWAYS validate magic when Pool TLS is enabled
     // Reason: Pool TLS uses different magic (0xb0 vs 0xa0), MUST distinguish them!
     // Without this, Pool TLS allocations are wrongly routed to Tiny freelist → corruption
-#if !HAKMEM_BUILD_RELEASE || defined(HAKMEM_POOL_TLS_PHASE1)
-    // Debug/Development OR Pool TLS: Validate magic byte to catch non-header allocations
-    // Reason: Mid/Large allocations don't have headers, must detect and reject them
+    // Always validate magic byte to catch non-header allocations (release included).
+    // Reason: mmap-zero or mid/large frees can otherwise be misrouted as class 0.
     uint8_t magic = header & 0xF0;
-    #if HAKMEM_DEBUG_VERBOSE
+#if HAKMEM_DEBUG_VERBOSE
     static int debug_count = 0;
     if (debug_count < 5) {
         fprintf(stderr, "[TINY_READ_HEADER] ptr=%p header=0x%02x magic=0x%02x expected=0x%02x\n",
                 ptr, header, magic, HEADER_MAGIC);
         debug_count++;
     }
-    #endif
+#endif
     if (magic != HEADER_MAGIC) {
-        // Invalid header - likely non-header allocation (Mid/Large/Pool TLS)
-        #if HAKMEM_DEBUG_VERBOSE
-        if (debug_count < 6) {  // One more after the 5 above
-            fprintf(stderr, "[TINY_READ_HEADER] REJECTING ptr=%p (magic mismatch)\n", ptr);
-        }
-        #endif
 #if !HAKMEM_BUILD_RELEASE
         static int invalid_count = 0;
         if (invalid_count < 5) {
@@ -322,12 +315,6 @@ static inline int tiny_region_id_read_header(void* ptr) {
         if (tiny_guard_is_enabled()) tiny_guard_on_invalid(ptr, header);
         return -1;
     }
-#else
-    // Release (without Pool TLS): Skip magic validation (save 2-3 cycles)
-    // Safety: Bounds check below still prevents out-of-bounds array access
-    // Trade-off: Mid/Large frees may corrupt TLS freelist (rare, ~0.1% of frees)
-    // NOTE: This optimization is DISABLED when Pool TLS is enabled (different magic bytes!)
-#endif
 
     int class_idx = (int)(header & HEADER_CLASS_MASK);