Fix: Restore headers in tiny_drain_freelist_to_sll_once()
Second freelist path identified by Task exploration agent:
- tiny_drain_freelist_to_sll_once() in hakmem_tiny_free.inc
- Activated via HAKMEM_TINY_DRAIN_TO_SLL environment variable
- Pops blocks from freelist without restoring headers
- Missing header restoration before tls_sll_push() call
Fix applied:
1. Added HEADER_MAGIC restoration before tls_sll_push()
in tiny_drain_freelist_to_sll_once() (lines 74-79)
2. Added tiny_region_id.h include for HEADER_MAGIC definition
This completes the header restoration fixes for all known
freelist → TLS SLL code paths:
1. box_carve_and_push_with_freelist() ✓ (commit 3c6c76cb1)
2. tiny_drain_freelist_to_sll_once() ✓ (this commit)
Expected result:
- Eliminates remaining 4-thread header corruption error
- All freelist blocks now have valid headers before TLS SLL push
Note: Encountered segfault in larson_hakmem during testing,
but this appears to be a pre-existing issue unrelated to
header restoration fixes (verified by testing without changes).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Moe Charm (CI)
@ -7,6 +7,7 @@
|
|||||||
#include "box/free_publish_box.h"
|
#include "box/free_publish_box.h"
|
||||||
#include "box/tls_sll_box.h" // Box TLS-SLL: C7-safe push/pop/splice
|
#include "box/tls_sll_box.h" // Box TLS-SLL: C7-safe push/pop/splice
|
||||||
#include "box/tiny_next_ptr_box.h" // Box API: next pointer read/write
|
#include "box/tiny_next_ptr_box.h" // Box API: next pointer read/write
|
||||||
|
#include "tiny_region_id.h" // HEADER_MAGIC, HEADER_CLASS_MASK for freelist header restoration
|
||||||
#include "mid_tcache.h"
|
#include "mid_tcache.h"
|
||||||
#include "front/tiny_heap_v2.h"
|
#include "front/tiny_heap_v2.h"
|
||||||
// Phase 3d-B: TLS Cache Merge - Unified TLS SLL structure
|
// Phase 3d-B: TLS Cache Merge - Unified TLS SLL structure
|
||||||
@ -70,6 +71,13 @@ static inline void tiny_drain_freelist_to_sll_once(SuperSlab* ss, int slab_idx,
|
|||||||
|
|
||||||
m->freelist = tiny_next_read(class_idx, p); // Phase E1-CORRECT: Box API
|
m->freelist = tiny_next_read(class_idx, p); // Phase E1-CORRECT: Box API
|
||||||
|
|
||||||
|
// CRITICAL FIX: Restore header BEFORE pushing to TLS SLL
|
||||||
|
// Freelist blocks may have stale data at offset 0
|
||||||
|
// (same fix as in box_carve_and_push_with_freelist and tiny_superslab_alloc.inc.h)
|
||||||
|
#if HAKMEM_TINY_HEADER_CLASSIDX
|
||||||
|
*(uint8_t*)p = HEADER_MAGIC | (class_idx & HEADER_CLASS_MASK);
|
||||||
|
#endif
|
||||||
|
|
||||||
// Use Box TLS-SLL API (C7-safe push)
|
// Use Box TLS-SLL API (C7-safe push)
|
||||||
// Note: C7 already rejected at line 34, so this always succeeds
|
// Note: C7 already rejected at line 34, so this always succeeds
|
||||||
uint32_t sll_capacity = 256; // Conservative limit
|
uint32_t sll_capacity = 256; // Conservative limit
|
||||||
|
|||||||
Reference in New Issue
Block a user