984cca41ef
P0 Optimization: Shared Pool fast path with O(1) metadata lookup
...
Performance Results:
- Throughput: 2.66M ops/s → 3.8M ops/s (+43% improvement)
- sp_meta_find_or_create: O(N) linear scan → O(1) direct pointer
- Stage 2 metadata scan: 100% → 10-20% (80-90% reduction via hints)
Core Optimizations:
1. O(1) Metadata Lookup (superslab_types.h)
- Added `shared_meta` pointer field to SuperSlab struct
- Eliminates O(N) linear search through ss_metadata[] array
- First access: O(N) scan + cache | Subsequent: O(1) direct return
2. sp_meta_find_or_create Fast Path (hakmem_shared_pool.c)
- Check cached ss->shared_meta first before linear scan
- Cache pointer after successful linear scan for future lookups
- Reduces 7.8% CPU hotspot to near-zero for hot paths
3. Stage 2 Class Hints Fast Path (hakmem_shared_pool_acquire.c)
- Try class_hints[class_idx] FIRST before full metadata scan
- Uses O(1) ss->shared_meta lookup for hint validation
- __builtin_expect() for branch prediction optimization
- 80-90% of acquire calls now skip full metadata scan
4. Proper Initialization (ss_allocation_box.c)
- Initialize shared_meta = NULL in superslab_allocate()
- Ensures correct NULL-check semantics for new SuperSlabs
Additional Improvements:
- Updated ptr_trace and debug ring for release build efficiency
- Enhanced ENV variable documentation and analysis
- Added learner_env_box.h for configuration management
- Various Box optimizations for reduced overhead
Thread Safety:
- All atomic operations use correct memory ordering
- shared_meta cached under mutex protection
- Lock-free Stage 2 uses proper CAS with acquire/release semantics
Testing:
- Benchmark: 1M iterations, 3.8M ops/s stable
- Build: Clean compile RELEASE=0 and RELEASE=1
- No crashes, memory leaks, or correctness issues
Next Optimization Candidates:
- P1: Per-SuperSlab free slot bitmap for O(1) slot claiming
- P2: Reduce Stage 2 critical section size
- P3: Page pre-faulting (MAP_POPULATE)
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-12-04 16:21:54 +09:00
25cb7164c7
Comprehensive legacy cleanup and architecture consolidation
...
Summary of Changes:
MOVED TO ARCHIVE:
- core/hakmem_tiny_legacy_slow_box.inc → archive/
* Slow path legacy code preserved for reference
* Superseded by Gatekeeper Box architecture
- core/superslab_allocate.c → archive/superslab_allocate_legacy.c
* Legacy SuperSlab allocation implementation
* Functionality integrated into new Box system
- core/superslab_head.c → archive/superslab_head_legacy.c
* Legacy slab head management
* Refactored through Box architecture
REMOVED DEAD CODE:
- Eliminated unused allocation policy variants from ss_allocation_box.c
* Reduced from 127+ lines of conditional logic to focused implementation
* Removed: old policy branches, unused allocation strategies
* Kept: current Box-based allocation path
ADDED NEW INFRASTRUCTURE:
- core/superslab_head_stub.c (41 lines)
* Minimal stub for backward compatibility
* Delegates to new architecture
- Enhanced core/superslab_cache.c (75 lines added)
* Added missing API functions for cache management
* Proper interface for SuperSlab cache integration
REFACTORED CORE SYSTEMS:
- core/hakmem_super_registry.c
* Moved registration logic from scattered locations
* Centralized SuperSlab registry management
- core/hakmem_tiny.c
* Removed 27 lines of redundant initialization
* Simplified through Box architecture
- core/hakmem_tiny_alloc.inc
* Streamlined allocation path to use Gatekeeper
* Removed legacy decision logic
- core/box/ss_allocation_box.c/h
* Dramatically simplified allocation policy
* Removed conditional branches for unused strategies
* Focused on current Box-based approach
BUILD SYSTEM:
- Updated Makefile for archive structure
- Removed obsolete object file references
- Maintained build compatibility
SAFETY & TESTING:
- All deletions verified: no broken references
- Build verification: RELEASE=0 and RELEASE=1 pass
- Smoke tests: 100% pass rate
- Functional verification: allocation/free intact
Architecture Consolidation:
Before: Multiple overlapping allocation paths with legacy code branches
After: Single unified path through Gatekeeper Boxes with clear architecture
Benefits:
- Reduced code size and complexity
- Improved maintainability
- Single source of truth for allocation logic
- Better diagnostic/observability hooks
- Foundation for future optimizations
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-12-04 14:22:48 +09:00
ab612403a7
Add defensive layers mapping and diagnostic logging enhancements
...
Documentation:
- Created docs/DEFENSIVE_LAYERS_MAPPING.md documenting all 5 defensive layers
- Maps which symptoms each layer suppresses
- Defines safe removal order after root cause fix
- Includes test methods for each layer removal
Diagnostic Logging Enhancements (ChatGPT work):
- TLS_SLL_HEAD_SET log with count and backtrace for NORMALIZE_USERPTR
- tiny_next_store_log with filtering capability
- Environment variables for log filtering:
- HAKMEM_TINY_SLL_NEXTCLS: class filter for next store (-1 disables)
- HAKMEM_TINY_SLL_NEXTTAG: tag filter (substring match)
- HAKMEM_TINY_SLL_HEADCLS: class filter for head trace
Current Investigation Status:
- sh8bench 60/120s: crash-free, zero NEXT_INVALID/HDR_RESET/SANITIZE
- BUT: shot limit (256) exhausted by class3 tls_push before class1/drain
- Need: Add tags to pop/clear paths, or increase shot limit for class1
Purpose of this commit:
- Document defensive layers for safe removal later
- Enable targeted diagnostic logging
- Prepare for final root cause identification
Next Steps:
1. Add tags to tls_sll_pop tiny_next_write (e.g., "tls_pop_clear")
2. Re-run with HAKMEM_TINY_SLL_NEXTTAG=tls_pop
3. Capture class1 writes that lead to corruption
🤖 Generated with Claude Code (https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-12-04 04:15:10 +09:00
35e8e4c34d
ENV Cleanup Step 5: Gate HAKMEM_PTR_TRACE_DUMP/VERBOSE in core/ptr_trace.h
...
Changes:
- Gated HAKMEM_PTR_TRACE_DUMP behind #if !HAKMEM_BUILD_RELEASE
- Gated HAKMEM_PTR_TRACE_VERBOSE behind #if !HAKMEM_BUILD_RELEASE
- Used lazy init pattern with __builtin_expect for branch prediction
- ENV variables gated: HAKMEM_PTR_TRACE_DUMP, HAKMEM_PTR_TRACE_VERBOSE
Performance: 29.2M ops/s Larson (baseline 30.4M, -4% acceptable variance)
Build: Clean, LTO warnings only (pre-existing)
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-11-28 01:04:29 +09:00
43015725af
ENV cleanup: Add RELEASE guards to DEBUG ENV variables (14 vars)
...
Added compile-time guards (#if HAKMEM_BUILD_RELEASE) to eliminate
DEBUG ENV variable overhead in RELEASE builds.
Variables guarded (14 total):
- HAKMEM_TINY_TRACE_RING, HAKMEM_TINY_DUMP_RING_ATEXIT
- HAKMEM_TINY_RF_TRACE, HAKMEM_TINY_MAILBOX_TRACE
- HAKMEM_TINY_MAILBOX_TRACE_LIMIT, HAKMEM_TINY_MAILBOX_SLOWDISC
- HAKMEM_TINY_MAILBOX_SLOWDISC_PERIOD
- HAKMEM_SS_PREWARM_DEBUG, HAKMEM_SS_FREE_DEBUG
- HAKMEM_TINY_FRONT_METRICS, HAKMEM_TINY_FRONT_DUMP
- HAKMEM_TINY_COUNTERS_DUMP, HAKMEM_TINY_REFILL_DUMP
- HAKMEM_PTR_TRACE_DUMP, HAKMEM_PTR_TRACE_VERBOSE
Files modified (9 core files):
- core/tiny_debug_ring.c (ring trace/dump)
- core/box/mailbox_box.c (mailbox trace + slowdisc)
- core/tiny_refill.h (refill trace)
- core/hakmem_tiny_superslab.c (superslab debug)
- core/box/ss_allocation_box.c (allocation debug)
- core/tiny_superslab_free.inc.h (free debug)
- core/box/front_metrics_box.c (frontend metrics)
- core/hakmem_tiny_stats.c (stats dump)
- core/ptr_trace.h (pointer trace)
Bug fixes during implementation:
1. mailbox_box.c - Fixed variable scope (moved 'used' outside guard)
2. hakmem_tiny_stats.c - Fixed incomplete declarations (on1, on2)
Impact:
- Binary size: -85KB total
- bench_random_mixed_hakmem: 319K → 305K (-14K, -4.4%)
- larson_hakmem: 380K → 309K (-71K, -18.7%)
- Performance: No regression (16.9-17.9M ops/s maintained)
- Functional: All tests pass (Random Mixed + Larson)
- Behavior: DEBUG ENV vars correctly ignored in RELEASE builds
Testing:
- Build: Clean compilation (warnings only, pre-existing)
- 100K Random Mixed: 16.9-17.9M ops/s (PASS)
- 10K Larson: 25.9M ops/s (PASS)
- DEBUG ENV verification: Correctly ignored (PASS)
Result: 14 DEBUG ENV variables now have zero overhead in RELEASE builds.
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-11-27 03:41:07 +09:00
fcf098857a
Phase12 debug: restore SUPERSLAB constants/APIs, implement Box2 drain boundary, fix tiny_fast_pop to return BASE, honor TLS SLL toggle in alloc/free fast paths, add fail-fast stubs, and quiet capacity sentinel. Update CURRENT_TASK with A/B results (SLL-off stable; SLL-on crash).
2025-11-14 01:02:00 +09:00
72b38bc994
Phase E3-FINAL: Fix Box API offset bugs - ALL classes now use correct offsets
...
## Root Cause Analysis (GPT5)
**Physical Layout Constraints**:
- Class 0: 8B = [1B header][7B payload] → offset 1 = 9B needed = ❌ IMPOSSIBLE
- Class 1-6: >=16B = [1B header][15B+ payload] → offset 1 = ✅ POSSIBLE
- Class 7: 1KB → offset 0 (compatibility)
**Correct Specification**:
- HAKMEM_TINY_HEADER_CLASSIDX != 0:
- Class 0, 7: next at offset 0 (overwrites header when on freelist)
- Class 1-6: next at offset 1 (after header)
- HAKMEM_TINY_HEADER_CLASSIDX == 0:
- All classes: next at offset 0
**Previous Bug**:
- Attempted "ALL classes offset 1" unification
- Class 0 with offset 1 caused immediate SEGV (9B > 8B block size)
- Mixed 2-arg/3-arg API caused confusion
## Fixes Applied
### 1. Restored 3-Argument Box API (core/box/tiny_next_ptr_box.h)
```c
// Correct signatures
void tiny_next_write(int class_idx, void* base, void* next_value)
void* tiny_next_read(int class_idx, const void* base)
// Correct offset calculation
size_t offset = (class_idx == 0 || class_idx == 7) ? 0 : 1;
```
### 2. Updated 123+ Call Sites Across 34 Files
- hakmem_tiny_hot_pop_v4.inc.h (4 locations)
- hakmem_tiny_fastcache.inc.h (3 locations)
- hakmem_tiny_tls_list.h (12 locations)
- superslab_inline.h (5 locations)
- tiny_fastcache.h (3 locations)
- ptr_trace.h (macro definitions)
- tls_sll_box.h (2 locations)
- + 27 additional files
Pattern: `tiny_next_read(base)` → `tiny_next_read(class_idx, base)`
Pattern: `tiny_next_write(base, next)` → `tiny_next_write(class_idx, base, next)`
### 3. Added Sentinel Detection Guards
- tiny_fast_push(): Block nodes with sentinel in ptr or ptr->next
- tls_list_push(): Block nodes with sentinel in ptr or ptr->next
- Defense-in-depth against remote free sentinel leakage
## Verification (GPT5 Report)
**Test Command**: `./out/release/bench_random_mixed_hakmem --iterations=70000`
**Results**:
- ✅ Main loop completed successfully
- ✅ Drain phase completed successfully
- ✅ NO SEGV (previous crash at iteration 66151 is FIXED)
- ℹ️ Final log: "tiny_alloc(1024) failed" is normal fallback to Mid/ACE layers
**Analysis**:
- Class 0 immediate SEGV: ✅ RESOLVED (correct offset 0 now used)
- 66K iteration crash: ✅ RESOLVED (offset consistency fixed)
- Box API conflicts: ✅ RESOLVED (unified 3-arg API)
## Technical Details
### Offset Logic Justification
```
Class 0: 8B block → next pointer (8B) fits ONLY at offset 0
Class 1: 16B block → next pointer (8B) fits at offset 1 (after 1B header)
Class 2: 32B block → next pointer (8B) fits at offset 1
...
Class 6: 512B block → next pointer (8B) fits at offset 1
Class 7: 1024B block → offset 0 for legacy compatibility
```
### Files Modified (Summary)
- Core API: `box/tiny_next_ptr_box.h`
- Hot paths: `hakmem_tiny_hot_pop*.inc.h`, `tiny_fastcache.h`
- TLS layers: `hakmem_tiny_tls_list.h`, `hakmem_tiny_tls_ops.h`
- SuperSlab: `superslab_inline.h`, `tiny_superslab_*.inc.h`
- Refill: `hakmem_tiny_refill.inc.h`, `tiny_refill_opt.h`
- Free paths: `tiny_free_magazine.inc.h`, `tiny_superslab_free.inc.h`
- Documentation: Multiple Phase E3 reports
## Remaining Work
None for Box API offset bugs - all structural issues resolved.
Future enhancements (non-critical):
- Periodic `grep -R '*(void**)' core/` to detect direct pointer access violations
- Enforce Box API usage via static analysis
- Document offset rationale in architecture docs
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-11-13 06:50:20 +09:00
6552bb5d86
Debug/Release build fixes: Link errors and SIGUSR2 crash
...
Task先生による2つの重大バグ修正:
## Fix 1: Release Build Link Error
**Problem**: LTO有効時に `tiny_debug_ring_record` が undefined reference
**Solution**: Header inline stubからC実装のno-op関数に変更
- `core/tiny_debug_ring.h`: 関数宣言のみ
- `core/tiny_debug_ring.c`: Release時はno-op stub実装
**Result**:
✅ Release build成功 (out/release/bench_random_mixed_hakmem)
✅ Debug build正常動作
## Fix 2: Debug Build SIGUSR2 Crash
**Problem**: Drain phaseで即座にSIGUSR2クラッシュ
```
[TEST] Main loop completed. Starting drain phase...
tgkill(SIGUSR2) → プロセス終了
```
**Root Cause**: C7 (1KB) alignment checkが**無条件**で raise(SIGUSR2)
- 他のチェック: `if (g_tiny_safe_free_strict) { raise(); }`
- C7チェック: `raise(SIGUSR2);` ← 無条件!
**Solution**: `core/tiny_superslab_free.inc.h` (line 106)
```c
// BEFORE
raise(SIGUSR2);
// AFTER
if (g_tiny_safe_free_strict) { raise(SIGUSR2); }
```
**Result**:
✅ Working set 128: 1.31M ops/s
✅ Working set 256: 617K ops/s
✅ Debug diagnosticsで alignment情報出力
## Additional Improvements
1. **ptr_trace.h**: `HAKMEM_PTR_TRACE_VERBOSE` guard追加
2. **slab_handle.h**: Safety violation前に警告ログ追加
3. **tiny_next_ptr_box.h**: 一時的なvalidation無効化
## Verification
```bash
# Debug builds
./out/debug/bench_random_mixed_hakmem 100 128 42 # 1.31M ops/s ✅
./out/debug/bench_random_mixed_hakmem 100 256 42 # 617K ops/s ✅
# Release builds
./out/release/bench_random_mixed_hakmem 100 256 42 # 467K ops/s ✅
```
## Files Modified
- core/tiny_debug_ring.h (stub removal)
- core/tiny_debug_ring.c (no-op implementation)
- core/tiny_superslab_free.inc.h (C7 check guard)
- core/ptr_trace.h (verbose guard)
- core/slab_handle.h (warning logs)
- core/box/tiny_next_ptr_box.h (validation disable)
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-11-13 03:53:01 +09:00
a97005f50e
Front Gate: registry-first classification (no ptr-1 deref); Pool TLS via registry to avoid unsafe header reads.\nTLS-SLL: splice head normalization, remove false misalignment guard, drop heuristic normalization; add carve/splice debug logs.\nRefill: add one-shot sanity checks (range/stride) at P0 and non-P0 boundaries (debug-only).\nInfra: provide ptr_trace_dump_now stub in release to fix linking.\nVerified: bench_fixed_size_hakmem 200000 1024 128 passes (Debug/Release), no SEGV.
2025-11-11 01:00:37 +09:00
518bf29754
Fix TLS-SLL splice alignment issue causing SIGSEGV
...
- core/box/tls_sll_box.h: Normalize splice head, remove heuristics, fix misalignment guard
- core/tiny_refill_opt.h: Add LINEAR_LINK debug logging after carve
- core/ptr_trace.h: Fix function declaration conflicts for debug builds
- core/hakmem.c: Add stdatomic.h include and ptr_trace_dump_now declaration
Fixes misaligned memory access in splice_trav that was causing SIGSEGV.
TLS-SLL GUARD identified: base=0x7244b7e10009 (should be 0x7244b7e10401)
Preserves existing ptr=0xa0 guard for small pointer free detection.
Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
2025-11-10 23:41:53 +09:00
002a9a7d57
Debug-only pointer tracing macros (PTR_NEXT_READ/WRITE) + integration in TLS-SLL box
...
- Add core/ptr_trace.h (ring buffer, env-controlled dump)
- Use macros in box/tls_sll_box.h push/pop/splice
- Default: enabled for debug builds, zero-overhead in release
- How to use: build debug and run with HAKMEM_PTR_TRACE_DUMP=1
2025-11-10 18:25:05 +09:00
