hakmem

tomoaki/hakmem

Fork 0

Commit Graph

Author	SHA1	Message	Date
Moe Charm (CI)	b6d9c92f71	Fix: SuperSlab guess loop & header magic SEGV (random_mixed/mid_large_mt) ## Problem bench_random_mixed_hakmem and bench_mid_large_mt_hakmem crashed with SEGV: - random_mixed: Exit 139 (SEGV) ❌ - mid_large_mt: Exit 139 (SEGV) ❌ - Larson: 838K ops/s ✅ (worked fine) Error: Unmapped memory dereference in free path ## Root Causes (2 bugs found by Ultrathink Task) ### Bug 1: Guess Loop (core/box/hak_free_api.inc.h:92-95) ```c for (int lg=21; lg>=20; lg--) { SuperSlab* guess=(SuperSlab)((uintptr_t)ptr & ~mask); if (guess && guess->magic==SUPERSLAB_MAGIC) { // ← SEGV // Dereferences unmapped memory } } ``` ### Bug 2: Header Magic Check (core/box/hak_free_api.inc.h:115) ```c void raw = (char)ptr - HEADER_SIZE; AllocHeader hdr = (AllocHeader)raw; if (hdr->magic != HAKMEM_MAGIC) { // ← SEGV // Dereferences unmapped memory if ptr has no header } ``` Why SEGV:* - Registry lookup fails (allocation not from SuperSlab) - Guess loop calculates 1MB/2MB aligned address - No memory mapping validation - Dereferences unmapped memory → SEGV Why Larson worked but random_mixed failed: - Larson: All from SuperSlab → registry hit → never reaches guess loop - random_mixed: Diverse sizes (8-4096B) → registry miss → enters buggy paths Why LD_PRELOAD worked: - hak_core_init.inc.h:119-121 disables SuperSlab by default - → SS-first path skipped → buggy code never executed ## Fix (2-part) ### Part 1: Remove Guess Loop File: core/box/hak_free_api.inc.h:92-95 - Deleted unsafe guess loop (4 lines) - If registry lookup fails, allocation is not from SuperSlab ### Part 2: Add Memory Safety Check File: core/hakmem_internal.h:277-294 ```c static inline int hak_is_memory_readable(void* addr) { unsigned char vec; return mincore(addr, 1, &vec) == 0; // Check if mapped } ``` File: core/box/hak_free_api.inc.h:115-131 ```c if (!hak_is_memory_readable(raw)) { // Not accessible → route to appropriate handler // Prevents SEGV on unmapped memory goto done; } // Safe to dereference now AllocHeader* hdr = (AllocHeader)raw; ``` ## Verification \| Test \| Before \| After \| Result \| \|------\|--------\|-------\|--------\| \| random_mixed (2KB) \| ❌ SEGV \| ✅ 2.22M ops/s \| 🎉 Fixed \| \| random_mixed (4KB) \| ❌ SEGV \| ✅ 2.58M ops/s \| 🎉 Fixed \| \| Larson 4T \| ✅ 838K \| ✅ 838K ops/s \| ✅ No regression \| Performance Impact:* 0% (mincore only on fallback path) ## Investigation - Complete analysis: SEGV_ROOT_CAUSE_COMPLETE.md - Fix report: SEGV_FIX_REPORT.md - Previous investigation: SEGFAULT_INVESTIGATION_REPORT.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-07 17:34:24 +09:00
Moe Charm (CI)	77ed72fcf6	Fix: LIBC/HAKMEM mixed allocation crashes (0% → 80% success) Problem: 4T Larson crashed 100% due to "free(): invalid pointer" Root Causes (6 bugs found via Task Agent ultrathink): 1. Invalid magic fallback (`hak_free_api.inc.h:87`) - When `hdr->magic != HAKMEM_MAGIC`, ptr came from LIBC (no header) - Was calling `free(raw)` where `raw = ptr - HEADER_SIZE` (garbage!) - Fixed: Use `__libc_free(ptr)` instead 2. BigCache eviction (`hakmem.c:230`) - Same issue: invalid magic means LIBC allocation - Fixed: Use `__libc_free(ptr)` directly 3. Malloc wrapper recursion (`hakmem_internal.h:209`) - `hak_alloc_malloc_impl()` called `malloc()` → wrapper recursion - Fixed: Use `__libc_malloc()` directly 4. ALLOC_METHOD_MALLOC free (`hak_free_api.inc.h:106`) - Was calling `free(raw)` → wrapper recursion - Fixed: Use `__libc_free(raw)` directly 5. fopen/fclose crash (`hakmem_tiny_superslab.c:131`) - `log_superslab_oom_once()` used `fopen()` → FILE buffer via wrapper - `fclose()` calls `__libc_free()` on HAKMEM-allocated buffer → crash - Fixed: Wrap with `g_hakmem_lock_depth++/--` to force LIBC path 6. g_hakmem_lock_depth visibility (`hakmem.c:163`) - Was `static`, needed by hakmem_tiny_superslab.c - Fixed: Remove `static` keyword Result: 4T Larson success rate improved 0% → 80% (8/10 runs) ✅ Remaining: 20% crash rate still needs investigation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-07 02:48:20 +09:00
Moe Charm (CI)	52386401b3	Debug Counters Implementation - Clean History Major Features: - Debug counter infrastructure for Refill Stage tracking - Free Pipeline counters (ss_local, ss_remote, tls_sll) - Diagnostic counters for early return analysis - Unified larson.sh benchmark runner with profiles - Phase 6-3 regression analysis documentation Bug Fixes: - Fix SuperSlab disabled by default (HAKMEM_TINY_USE_SUPERSLAB) - Fix profile variable naming consistency - Add .gitignore patterns for large files Performance: - Phase 6-3: 4.79 M ops/s (has OOM risk) - With SuperSlab: 3.13 M ops/s (+19% improvement) This is a clean repository without large log files. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-05 12:31:14 +09:00

Author

SHA1

Message

Date

Moe Charm (CI)

b6d9c92f71

Fix: SuperSlab guess loop & header magic SEGV (random_mixed/mid_large_mt)

## Problem
bench_random_mixed_hakmem and bench_mid_large_mt_hakmem crashed with SEGV:
- random_mixed: Exit 139 (SEGV) ❌
- mid_large_mt: Exit 139 (SEGV) ❌
- Larson: 838K ops/s ✅ (worked fine)

Error: Unmapped memory dereference in free path

## Root Causes (2 bugs found by Ultrathink Task)

### Bug 1: Guess Loop (core/box/hak_free_api.inc.h:92-95)
```c
for (int lg=21; lg>=20; lg--) {
    SuperSlab* guess=(SuperSlab*)((uintptr_t)ptr & ~mask);
    if (guess && guess->magic==SUPERSLAB_MAGIC) {  // ← SEGV
        // Dereferences unmapped memory
    }
}
```

### Bug 2: Header Magic Check (core/box/hak_free_api.inc.h:115)
```c
void* raw = (char*)ptr - HEADER_SIZE;
AllocHeader* hdr = (AllocHeader*)raw;
if (hdr->magic != HAKMEM_MAGIC) {  // ← SEGV
    // Dereferences unmapped memory if ptr has no header
}
```

**Why SEGV:**
- Registry lookup fails (allocation not from SuperSlab)
- Guess loop calculates 1MB/2MB aligned address
- No memory mapping validation
- Dereferences unmapped memory → SEGV

**Why Larson worked but random_mixed failed:**
- Larson: All from SuperSlab → registry hit → never reaches guess loop
- random_mixed: Diverse sizes (8-4096B) → registry miss → enters buggy paths

**Why LD_PRELOAD worked:**
- hak_core_init.inc.h:119-121 disables SuperSlab by default
- → SS-first path skipped → buggy code never executed

## Fix (2-part)

### Part 1: Remove Guess Loop
File: core/box/hak_free_api.inc.h:92-95
- Deleted unsafe guess loop (4 lines)
- If registry lookup fails, allocation is not from SuperSlab

### Part 2: Add Memory Safety Check
File: core/hakmem_internal.h:277-294
```c
static inline int hak_is_memory_readable(void* addr) {
    unsigned char vec;
    return mincore(addr, 1, &vec) == 0;  // Check if mapped
}
```

File: core/box/hak_free_api.inc.h:115-131
```c
if (!hak_is_memory_readable(raw)) {
    // Not accessible → route to appropriate handler
    // Prevents SEGV on unmapped memory
    goto done;
}
// Safe to dereference now
AllocHeader* hdr = (AllocHeader*)raw;
```

## Verification

| Test | Before | After | Result |
|------|--------|-------|--------|
| random_mixed (2KB) | ❌ SEGV | ✅ 2.22M ops/s | 🎉 Fixed |
| random_mixed (4KB) | ❌ SEGV | ✅ 2.58M ops/s | 🎉 Fixed |
| Larson 4T | ✅ 838K | ✅ 838K ops/s | ✅ No regression |

**Performance Impact:** 0% (mincore only on fallback path)

## Investigation

- Complete analysis: SEGV_ROOT_CAUSE_COMPLETE.md
- Fix report: SEGV_FIX_REPORT.md
- Previous investigation: SEGFAULT_INVESTIGATION_REPORT.md

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-07 17:34:24 +09:00

Moe Charm (CI)

77ed72fcf6

Fix: LIBC/HAKMEM mixed allocation crashes (0% → 80% success)

**Problem**: 4T Larson crashed 100% due to "free(): invalid pointer"

**Root Causes** (6 bugs found via Task Agent ultrathink):

1. **Invalid magic fallback** (`hak_free_api.inc.h:87`)
   - When `hdr->magic != HAKMEM_MAGIC`, ptr came from LIBC (no header)
   - Was calling `free(raw)` where `raw = ptr - HEADER_SIZE` (garbage!)
   - Fixed: Use `__libc_free(ptr)` instead

2. **BigCache eviction** (`hakmem.c:230`)
   - Same issue: invalid magic means LIBC allocation
   - Fixed: Use `__libc_free(ptr)` directly

3. **Malloc wrapper recursion** (`hakmem_internal.h:209`)
   - `hak_alloc_malloc_impl()` called `malloc()` → wrapper recursion
   - Fixed: Use `__libc_malloc()` directly

4. **ALLOC_METHOD_MALLOC free** (`hak_free_api.inc.h:106`)
   - Was calling `free(raw)` → wrapper recursion
   - Fixed: Use `__libc_free(raw)` directly

5. **fopen/fclose crash** (`hakmem_tiny_superslab.c:131`)
   - `log_superslab_oom_once()` used `fopen()` → FILE buffer via wrapper
   - `fclose()` calls `__libc_free()` on HAKMEM-allocated buffer → crash
   - Fixed: Wrap with `g_hakmem_lock_depth++/--` to force LIBC path

6. **g_hakmem_lock_depth visibility** (`hakmem.c:163`)
   - Was `static`, needed by hakmem_tiny_superslab.c
   - Fixed: Remove `static` keyword

**Result**: 4T Larson success rate improved 0% → 80% (8/10 runs) ✅

**Remaining**: 20% crash rate still needs investigation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-07 02:48:20 +09:00

Moe Charm (CI)

52386401b3

Debug Counters Implementation - Clean History

Major Features:
- Debug counter infrastructure for Refill Stage tracking
- Free Pipeline counters (ss_local, ss_remote, tls_sll)
- Diagnostic counters for early return analysis
- Unified larson.sh benchmark runner with profiles
- Phase 6-3 regression analysis documentation

Bug Fixes:
- Fix SuperSlab disabled by default (HAKMEM_TINY_USE_SUPERSLAB)
- Fix profile variable naming consistency
- Add .gitignore patterns for large files

Performance:
- Phase 6-3: 4.79 M ops/s (has OOM risk)
- With SuperSlab: 3.13 M ops/s (+19% improvement)

This is a clean repository without large log files.

🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-05 12:31:14 +09:00

3 Commits