Front Gate: registry-first classification (no ptr-1 deref); Pool TLS via registry to avoid unsafe header reads.\nTLS-SLL: splice head normalization, remove false misalignment guard, drop heuristic normalization; add carve/splice debug logs.\nRefill: add one-shot sanity checks (range/stride) at P0 and non-P0 boundaries (debug-only).\nInfra: provide ptr_trace_dump_now stub in release to fix linking.\nVerified: bench_fixed_size_hakmem 200000 1024 128 passes (Debug/Release), no SEGV.

2025-11-11 01:00:37 +09:00
parent 8aabee4392
commit a97005f50e
5 changed files with 103 additions and 46 deletions
--- a/core/hakmem_tiny_refill_p0.inc.h
+++ b/core/hakmem_tiny_refill_p0.inc.h
@ -311,6 +311,39 @@ static inline int sll_refill_batch_from_ss(int class_idx, int max_take) {

        TinyRefillChain carve;
        trc_linear_carve(slab_base, bs, meta, batch, class_idx, &carve);
+
+        // One-shot sanity: validate first few nodes are within the slab and stride-aligned
+#if !HAKMEM_BUILD_RELEASE
+        do {
+            static _Atomic int g_once = 0;
+            int exp = 0;
+            if (atomic_compare_exchange_strong(&g_once, &exp, 1)) {
+                uintptr_t base_chk = (uintptr_t)(tls->slab_base ? tls->slab_base : tiny_slab_base_for(tls->ss, tls->slab_idx));
+                uintptr_t limit_chk = base_chk + tiny_usable_bytes_for_slab(tls->slab_idx);
+                void* node = carve.head;
+                for (int i = 0; i < 3 && node; i++) {
+                    uintptr_t a = (uintptr_t)node;
+                    if (!(a >= base_chk && a < limit_chk)) {
+                        fprintf(stderr, "[P0_SANITY_FAIL] out_of_range cls=%d node=%p base=%p limit=%p bs=%zu\n",
+                                class_idx, node, (void*)base_chk, (void*)limit_chk, bs);
+                        abort();
+                    }
+                    size_t off = (size_t)(a - base_chk);
+                    if ((off % bs) != 0) {
+                        fprintf(stderr, "[P0_SANITY_FAIL] misaligned cls=%d node=%p off=%zu bs=%zu base=%p\n",
+                                class_idx, node, off, bs, (void*)base_chk);
+                        abort();
+                    }
+#if HAKMEM_TINY_HEADER_CLASSIDX
+                    const size_t next_off = (class_idx == 7) ? 0 : 1;
+#else
+                    const size_t next_off = 0;
+#endif
+                    node = *(void**)((uint8_t*)node + next_off);
+                }
+            }
+        } while (0);
+#endif
        trc_splice_to_sll(class_idx, &carve, &g_tls_sll_head[class_idx], &g_tls_sll_count[class_idx]);
        // FIX: Update SuperSlab active counter (was missing!)
        ss_active_add(tls->ss, batch);