# Debug Analysis Final - TLS-SLL Guard Investigation
**Date**: 2025-11-10
**Binary**: out/debug/bench_fixed_size_hakmem (verbose debug build)
**Command**: 200000 1024 128

## 1. Maximum Tracing Results

### Key Findings:
```
[TLS_SLL_GUARD] splice_trav: misaligned base=0x7244b7e10009 cls=0 blk=8 off=1
[HAKMEM][EARLY SIGSEGV] backtrace (1 frames)
./out/debug/bench_fixed_size_hakmem(+0x6a5e)[0x5b4a8b13ea5e]
```

### Critical Discovery:
- **TLS-SLL GUARDが検出！** `misaligned base=0x7244b7e10009`
- SPLICE_TO_SLL直後の`splice_trav`操作でアライメント違反
- これがSIGSEGVの直接原因！

### Analysis of misaligned address:
- `base=0x7244b7e10009` - 最後の9進数（0x9）が問題
- `cls=0 blk=8 off=1` - class 0, block 8, offset 1
- 正しいはず: `0x7244b7e10000` + (8 * 256) + 1 = `0x7244b7e10081`
- 実際: `0x7244b7e10009` - 計算が間違っている！

## 2. No Cache Results (Frontend Disabled)

### Same Pattern:
```
[TLS_SLL_GUARD] splice_trav: misaligned base=0x7d9100410009 cls=0 blk=8 off=1
[HAKMEM][EARLY SIGSEGV] backtrace (1 frames)
./out/debug/bench_fixed_size_hakmem(+0x6a5e)[0x622ace44fa5e]
```

### Confirmed:
- Frontend cacheを無効にしても問題は再現
- TLS-SLL境界の問題であることが確定

## 3. Root Cause Analysis

### Problem Location:
- **SPLICE_TO_SLL直後のTLS-SLL操作**
- `splice_trav`（traverse splice）でポインタ計算が破壊されている

### Calculation Error:
```
Expected: base + (blk * size) + off
Actual:   base + ??? = 0x7244b7e10009 (9 bytes from base)
```

### Header Offset Confusion:
- Class 0 (128B): header offset should be 1 byte
- Block 8: should be at 8 * 128 = 1024 bytes from base
- Correct address: `0x7244b7e10000 + 1024 + 1 = 0x7244b7e10401`
- Actual: `0x7244b7e10009` - **完全に間違った計算！**

## 4. PTR_TRACE Analysis

### Missing TLS Operations:
- PTR_TRACEに`tls_push/tls_pop/tls_sp_trav/tls_sp_link`が記録されていない
- TLS-SLL GUARDが発火する段階で既にPTR_TRACEが動いていない
- **PTR_TRACEマクロ自体が問題のコードパスを通っていない！**

## 5. Recommendations

### Immediate Fix:
1. **TLS-SLL splice_travのポインタ計算を修正**
   - base + (blk * size) + off の計算を確認
   - class 0 (128B) × block 8 = 1024 bytes offset

### Debug Strategy:
1. **PTR_TRACEマクロをTLS-SLL GUARDの前後に配置**
2. **splice_trav関数のアセンブリ出力を確認**
3. **TLS-SLL GUARDの条件判定を緩和して詳細ログ取得**

### Code Location to Fix:
- `core/box/tls_sll_box.h` - splice_trav implementation
- SPLICE_TO_SLL直後のTLS-SLL操作フロー

## 6. Verification Steps

### After Fix:
1. Same test should show proper alignment
2. TLS-SLL GUARD should not fire
3. PTR_TRACE should show tls_push/tls_pop operations
4. SIGSEGV should be resolved

### Test Commands:
```bash
HAKMEM_DEBUG_SEGV=1 HAKMEM_PTR_TRACE_DUMP=1 HAKMEM_FREE_WRAP_TRACE=1 ./out/debug/bench_fixed_size_hakmem 200000 1024 128
```

## 7. Summary

**Root Cause**: TLS-SLL splice_trav operation has critical pointer calculation error
**Location**: SPLICE_TO_SLL immediate aftermath
**Impact**: Misaligned memory access causes SIGSEGV
**Fix Priority**: CRITICAL - core memory corruption issue

The TLS-SLL GUARD successfully identified the exact location of the problem!