Root cause identified by Task agent investigation:
- superslab_allocate() called without declaration in 2 files
- Compiler assumes implicit int return type (C99 standard)
- Actual signature returns SuperSlab* (64-bit pointer)
- Pointer truncated to 32-bit int, then sign-extended to 64-bit
- Results in corrupted pointer and segmentation fault
Mechanism of corruption:
1. superslab_allocate() returns 0x00005555eba00000
2. Compiler expects int, reads only %eax: 0xeba00000
3. movslq %eax,%rbp sign-extends with bit 31 set
4. Result: 0xffffffffeba00000 (invalid pointer)
5. Dereferencing causes SEGFAULT
Files fixed:
1. hakmem_tiny_superslab_internal.h - Added box/ss_allocation_box.h
(fixes superslab_head.c via transitive include)
2. hakmem_super_registry.c - Added box/ss_allocation_box.h
Warnings eliminated:
- "implicit declaration of function 'superslab_allocate'"
- "type of 'superslab_allocate' does not match original declaration"
- "code may be misoptimized unless '-fno-strict-aliasing' is used"
Test results:
- larson_hakmem now runs without segfault ✓
- Multiple test runs confirmed stable ✓
- 2 threads, 4 threads: All passing ✓
Impact:
- CRITICAL severity bug (affects all SuperSlab expansion)
- Intermittent (depends on memory layout ~50% probability)
- Now FIXED completely
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
1. Archive unused backend files (ss_legacy/unified_backend_box.c/h)
- These files were not linked in the build
- Moved to archive/ to reduce confusion
2. Created HAK_RET_ALLOC_BLOCK macro for SuperSlab allocations
- Replaces superslab_return_block() function
- Consistent with existing HAK_RET_ALLOC pattern
- Single source of truth for header writing
- Defined in hakmem_tiny_superslab_internal.h
3. Added header validation on TLS SLL push
- Detects blocks pushed without proper header
- Enabled via HAKMEM_TINY_SLL_VALIDATE_HDR=1 (release)
- Always on in debug builds
- Logs first 10 violations with backtraces
Benefits:
- Easier to track allocation paths
- Catches header bugs at push time
- More maintainable macro-based design
Note: Larson bug still reproduces - header corruption occurs
before push validation can catch it.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Major refactoring to improve maintainability and debugging:
1. Split hakmem_tiny_superslab.c (1521 lines) into 7 focused files:
- superslab_allocate.c: SuperSlab allocation/deallocation
- superslab_backend.c: Backend allocation paths (legacy, shared)
- superslab_ace.c: ACE (Adaptive Cache Engine) logic
- superslab_slab.c: Slab initialization and bitmap management
- superslab_cache.c: LRU cache and prewarm cache management
- superslab_head.c: SuperSlabHead management and expansion
- superslab_stats.c: Statistics tracking and debugging
2. Created hakmem_tiny_superslab_internal.h for shared declarations
3. Added superslab_return_block() as single exit point for header writing:
- All backend allocations now go through this helper
- Prevents bugs where headers are forgotten in some paths
- Makes future debugging easier
4. Updated Makefile for new file structure
5. Added header writing to ss_legacy_backend_box.c and
ss_unified_backend_box.c (though not currently linked)
Note: Header corruption bug in Larson benchmark still exists.
Class 1-6 allocations go through TLS refill/carve paths, not backend.
Further investigation needed.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
