Add defensive layers mapping and diagnostic logging enhancements

Documentation: - Created docs/DEFENSIVE_LAYERS_MAPPING.md documenting all 5 defensive layers - Maps which symptoms each layer suppresses - Defines safe removal order after root cause fix - Includes test methods for each layer removal Diagnostic Logging Enhancements (ChatGPT work): - TLS_SLL_HEAD_SET log with count and backtrace for NORMALIZE_USERPTR - tiny_next_store_log with filtering capability - Environment variables for log filtering: - HAKMEM_TINY_SLL_NEXTCLS: class filter for next store (-1 disables) - HAKMEM_TINY_SLL_NEXTTAG: tag filter (substring match) - HAKMEM_TINY_SLL_HEADCLS: class filter for head trace Current Investigation Status: - sh8bench 60/120s: crash-free, zero NEXT_INVALID/HDR_RESET/SANITIZE - BUT: shot limit (256) exhausted by class3 tls_push before class1/drain - Need: Add tags to pop/clear paths, or increase shot limit for class1 Purpose of this commit: - Document defensive layers for safe removal later - Enable targeted diagnostic logging - Prepare for final root cause identification Next Steps: 1. Add tags to tls_sll_pop tiny_next_write (e.g., "tls_pop_clear") 2. Re-run with HAKMEM_TINY_SLL_NEXTTAG=tls_pop 3. Capture class1 writes that lead to corruption 🤖 Generated with Claude Code (https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-04 04:15:10 +09:00
parent f28cafbad3
commit ab612403a7
10 changed files with 466 additions and 3 deletions
--- a/core/hakmem_shared_pool_release.c
+++ b/core/hakmem_shared_pool_release.c
@ -74,6 +74,24 @@ shared_pool_release_slab(SuperSlab* ss, int slab_idx)

    uint8_t class_idx = slab_meta->class_idx;

+    // Guard: if SuperSlab is pinned (TLS/remote references), defer release to avoid
+    // class_map=255 while pointers are still in-flight.
+    uint32_t ss_refs_guard = superslab_ref_get(ss);
+    if (ss_refs_guard != 0) {
+#if !HAKMEM_BUILD_RELEASE
+        if (dbg == 1) {
+            fprintf(stderr,
+                    "[SP_SLOT_RELEASE_SKIP_PINNED] ss=%p slab_idx=%d class=%d refcount=%u\n",
+                    (void*)ss, slab_idx, class_idx, (unsigned)ss_refs_guard);
+        }
+#endif
+        if (g_lock_stats_enabled == 1) {
+            atomic_fetch_add(&g_lock_release_count, 1);
+        }
+        pthread_mutex_unlock(&g_shared_pool.alloc_lock);
+        return;
+    }
+
    #if !HAKMEM_BUILD_RELEASE
    if (dbg == 1) {
        fprintf(stderr, "[SP_SLOT_RELEASE] ss=%p slab_idx=%d class=%d used=0 (marking EMPTY)\n",