hakmem

tomoaki/hakmem

Fork 0

Commit Graph

Author	SHA1	Message	Date
Moe Charm (CI)	6e2552e654	Bugfix: Add Header Box and fix Class 0/7 header handling (crash rate -50%) Root Cause Analysis: - tls_sll_box.h had hardcoded `class_idx != 7` checks - This incorrectly assumed only C7 uses offset=0 - But C0 (8B) also uses offset=0 (header overwritten by next pointer) - Result: C0 blocks had corrupted headers in TLS SLL → crash Architecture Fix: Header Box (Single Source of Truth) - Created core/box/tiny_header_box.h - Encapsulates "which classes preserve headers" logic - Delegates to tiny_nextptr.h (0x7E bitmask: C0=0, C1-C6=1, C7=0) - API: * tiny_class_preserves_header() - C1-C6 only * tiny_header_write_if_preserved() - Conditional write * tiny_header_validate() - Conditional validation * tiny_header_write_for_alloc() - Unconditional (alloc path) Bug Fixes (6 locations): - tls_sll_box.h:366 - push header restore (C1-C6 only; skip C0/C7) - tls_sll_box.h:560 - pop header validate (C1-C6 only; skip C0/C7) - tls_sll_box.h:700 - splice header restore head (C1-C6 only) - tls_sll_box.h:722 - splice header restore next (C1-C6 only) - carve_push_box.c:198 - freelist→TLS SLL header restore - hakmem_tiny_free.inc:78 - drain freelist header restore Impact: - Before: 23.8% crash rate (bench_random_mixed_hakmem) - After: 12% crash rate - Improvement: 49.6% reduction in crashes - Test: 88/100 runs successful (vs 76/100 before) Design Principles: - Eliminates hardcoded class_idx checks (class_idx != 7) - Single Source of Truth (tiny_nextptr.h → Header Box) - Type-safe API prevents future bugs - Future: Add lint to forbid direct header manipulation Remaining Work: - 12% crash rate still exists (likely different root cause) - Next: Investigate with core dump analysis 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-29 07:57:49 +09:00

Author

SHA1

Message

Date

Moe Charm (CI)

6e2552e654

Bugfix: Add Header Box and fix Class 0/7 header handling (crash rate -50%)

Root Cause Analysis:
- tls_sll_box.h had hardcoded `class_idx != 7` checks
- This incorrectly assumed only C7 uses offset=0
- But C0 (8B) also uses offset=0 (header overwritten by next pointer)
- Result: C0 blocks had corrupted headers in TLS SLL → crash

Architecture Fix: Header Box (Single Source of Truth)
- Created core/box/tiny_header_box.h
- Encapsulates "which classes preserve headers" logic
- Delegates to tiny_nextptr.h (0x7E bitmask: C0=0, C1-C6=1, C7=0)
- API:
  * tiny_class_preserves_header() - C1-C6 only
  * tiny_header_write_if_preserved() - Conditional write
  * tiny_header_validate() - Conditional validation
  * tiny_header_write_for_alloc() - Unconditional (alloc path)

Bug Fixes (6 locations):
- tls_sll_box.h:366 - push header restore (C1-C6 only; skip C0/C7)
- tls_sll_box.h:560 - pop header validate (C1-C6 only; skip C0/C7)
- tls_sll_box.h:700 - splice header restore head (C1-C6 only)
- tls_sll_box.h:722 - splice header restore next (C1-C6 only)
- carve_push_box.c:198 - freelist→TLS SLL header restore
- hakmem_tiny_free.inc:78 - drain freelist header restore

Impact:
- Before: 23.8% crash rate (bench_random_mixed_hakmem)
- After: 12% crash rate
- Improvement: 49.6% reduction in crashes
- Test: 88/100 runs successful (vs 76/100 before)

Design Principles:
- Eliminates hardcoded class_idx checks (class_idx != 7)
- Single Source of Truth (tiny_nextptr.h → Header Box)
- Type-safe API prevents future bugs
- Future: Add lint to forbid direct header manipulation

Remaining Work:
- 12% crash rate still exists (likely different root cause)
- Next: Investigate with core dump analysis

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-29 07:57:49 +09:00

1 Commits