hakmem

tomoaki/hakmem

Fork 0

Commit Graph

Author	SHA1	Message	Date
Moe Charm (CI)	3a2e466af1	Add lightweight Fail-Fast layer to Gatekeeper Boxes Core Changes: - Modified: core/box/tiny_free_gate_box.h * Added address range check in tiny_free_gate_try_fast() (line 142) * Catches obviously invalid pointers (addr < 4096) * Rejects fast path for garbage pointers, delegates to slow path * Logs [TINY_FREE_GATE_RANGE_INVALID] (debug-only, max 8 messages) * Cost: ~1 cycle (comparison + unlikely branch) * Behavior: Fails safe by delegating to hak_tiny_free() slow path - Modified: core/box/tiny_alloc_gate_box.h * Added range check for malloc_tiny_fast() return value (line 143) * Debug-only: Checks if returned user_ptr has addr < 4096 * On failure: Logs [TINY_ALLOC_GATE_RANGE_INVALID] and calls abort() * Release build: Entire check compiled out (zero overhead) * Rationale: Invalid allocator return is catastrophic - fail immediately Design Rationale: - Early detection of memory corruption/undefined behavior - Conservative threshold (4096) captures NULL and kernel space - Free path: Graceful degradation (delegate to slow path) - Alloc path: Hard fail (allocator corruption is non-recoverable) - Zero performance impact in production (Release) builds - Debug-only diagnostic output prevents log spam Fail-Fast Strategy: - Layer 3a: Address range sanity check (always enabled) * Rejects addr < 4096 (NULL, low memory garbage) * Free: delegates to slow path (safe fallback) * Alloc: aborts (corruption indicator) - Layer 3b: Detailed Bridge/Header validation (ENV-controlled) * Traditional HAKMEM_TINY_FREE_GATE_DIAG / HAKMEM_TINY_ALLOC_GATE_DIAG * For advanced debugging and observability Testing: - Compilation: RELEASE=0 and RELEASE=1 both successful - Smoke tests: 3/3 passed (simple_alloc, loop 10M, pool_tls) - Performance: No regressions detected - Address threshold (4096): Conservative, minimizes false positives - Verified via Task agent (PASS verdict) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-04 12:36:32 +09:00
Moe Charm (CI)	291c84a1a7	Add Tiny Alloc Gatekeeper Box for unified malloc entry point Core Changes: - New file: core/box/tiny_alloc_gate_box.h * Thin wrapper around malloc_tiny_fast() with diagnostic hooks * TinyAllocGateContext structure for size/class_idx/user/base/bridge information * tiny_alloc_gate_diag_enabled() - ENV-controlled diagnostic mode * tiny_alloc_gate_validate() - Validates class_idx/header/meta consistency * tiny_alloc_gate_fast() - Main gatekeeper function * Zero performance impact when diagnostics disabled - Modified: core/box/hak_wrappers.inc.h * Added #include "tiny_alloc_gate_box.h" (line 35) * Integrated gatekeeper into malloc wrapper (lines 198-200) * Diagnostic mode via HAKMEM_TINY_ALLOC_GATE_DIAG env var Design Rationale: - Complements Free Gatekeeper Box: Together they provide entry/exit hooks - Validates allocation consistency at malloc time - Enables Bridge + BASE/USER conversion validation in debug mode - Maintains backward compatibility: existing behavior unchanged Validation Features: - tiny_ptr_bridge_classify_raw() - Verifies Superslab/Slab/meta lookup - Header vs meta class consistency check (rate-limited, 8 msgs max) - class_idx validation via hak_tiny_size_to_class() - All validation logged but non-blocking (observation points for Guard) Testing: - All smoke tests pass (10M malloc/free cycles, pool TLS, real programs) - Diagnostic mode validated with HAKMEM_TINY_ALLOC_GATE_DIAG=1 - No regressions in existing functionality - Verified via Task agent (PASS verdict) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-04 12:06:14 +09:00

Author

SHA1

Message

Date

Moe Charm (CI)

3a2e466af1

Add lightweight Fail-Fast layer to Gatekeeper Boxes

Core Changes:
- Modified: core/box/tiny_free_gate_box.h
  * Added address range check in tiny_free_gate_try_fast() (line 142)
  * Catches obviously invalid pointers (addr < 4096)
  * Rejects fast path for garbage pointers, delegates to slow path
  * Logs [TINY_FREE_GATE_RANGE_INVALID] (debug-only, max 8 messages)
  * Cost: ~1 cycle (comparison + unlikely branch)
  * Behavior: Fails safe by delegating to hak_tiny_free() slow path

- Modified: core/box/tiny_alloc_gate_box.h
  * Added range check for malloc_tiny_fast() return value (line 143)
  * Debug-only: Checks if returned user_ptr has addr < 4096
  * On failure: Logs [TINY_ALLOC_GATE_RANGE_INVALID] and calls abort()
  * Release build: Entire check compiled out (zero overhead)
  * Rationale: Invalid allocator return is catastrophic - fail immediately

Design Rationale:
- Early detection of memory corruption/undefined behavior
- Conservative threshold (4096) captures NULL and kernel space
- Free path: Graceful degradation (delegate to slow path)
- Alloc path: Hard fail (allocator corruption is non-recoverable)
- Zero performance impact in production (Release) builds
- Debug-only diagnostic output prevents log spam

Fail-Fast Strategy:
- Layer 3a: Address range sanity check (always enabled)
  * Rejects addr < 4096 (NULL, low memory garbage)
  * Free: delegates to slow path (safe fallback)
  * Alloc: aborts (corruption indicator)
- Layer 3b: Detailed Bridge/Header validation (ENV-controlled)
  * Traditional HAKMEM_TINY_FREE_GATE_DIAG / HAKMEM_TINY_ALLOC_GATE_DIAG
  * For advanced debugging and observability

Testing:
- Compilation: RELEASE=0 and RELEASE=1 both successful
- Smoke tests: 3/3 passed (simple_alloc, loop 10M, pool_tls)
- Performance: No regressions detected
- Address threshold (4096): Conservative, minimizes false positives
- Verified via Task agent (PASS verdict)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-12-04 12:36:32 +09:00

Moe Charm (CI)

291c84a1a7

Add Tiny Alloc Gatekeeper Box for unified malloc entry point

Core Changes:
- New file: core/box/tiny_alloc_gate_box.h
  * Thin wrapper around malloc_tiny_fast() with diagnostic hooks
  * TinyAllocGateContext structure for size/class_idx/user/base/bridge information
  * tiny_alloc_gate_diag_enabled() - ENV-controlled diagnostic mode
  * tiny_alloc_gate_validate() - Validates class_idx/header/meta consistency
  * tiny_alloc_gate_fast() - Main gatekeeper function
  * Zero performance impact when diagnostics disabled

- Modified: core/box/hak_wrappers.inc.h
  * Added #include "tiny_alloc_gate_box.h" (line 35)
  * Integrated gatekeeper into malloc wrapper (lines 198-200)
  * Diagnostic mode via HAKMEM_TINY_ALLOC_GATE_DIAG env var

Design Rationale:
- Complements Free Gatekeeper Box: Together they provide entry/exit hooks
- Validates allocation consistency at malloc time
- Enables Bridge + BASE/USER conversion validation in debug mode
- Maintains backward compatibility: existing behavior unchanged

Validation Features:
- tiny_ptr_bridge_classify_raw() - Verifies Superslab/Slab/meta lookup
- Header vs meta class consistency check (rate-limited, 8 msgs max)
- class_idx validation via hak_tiny_size_to_class()
- All validation logged but non-blocking (observation points for Guard)

Testing:
- All smoke tests pass (10M malloc/free cycles, pool TLS, real programs)
- Diagnostic mode validated with HAKMEM_TINY_ALLOC_GATE_DIAG=1
- No regressions in existing functionality
- Verified via Task agent (PASS verdict)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-12-04 12:06:14 +09:00

2 Commits