tomoaki/hakmem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1010a961fbfa528e4493175b6eb4bc77079a67b9
hakmem/core/tiny_debug_ring.c
Moe Charm (CI) 1da8754d45 CRITICAL FIX: TLS 未初期化による 4T SEGV を完全解消 
**問題:**
- Larson 4T で 100% SEGV (1T は 2.09M ops/s で完走)
- System/mimalloc は 4T で 33.52M ops/s 正常動作
- SS OFF + Remote OFF でも 4T で SEGV

**根本原因: (Task agent ultrathink 調査結果)**
```
CRASH: mov (%r15),%r13
R15 = 0x6261  ← ASCII "ba" (ゴミ値、未初期化TLS)
```

Worker スレッドの TLS 変数が未初期化:
- `__thread void* g_tls_sll_head[TINY_NUM_CLASSES];`  ← 初期化なし
- pthread_create() で生成されたスレッドでゼロ初期化されない
- NULL チェックが通過 (0x6261 != NULL) → dereference → SEGV

**修正内容:**
全 TLS 配列に明示的初期化子 `= {0}` を追加:

1. **core/hakmem_tiny.c:**
   - `g_tls_sll_head[TINY_NUM_CLASSES] = {0}`
   - `g_tls_sll_count[TINY_NUM_CLASSES] = {0}`
   - `g_tls_live_ss[TINY_NUM_CLASSES] = {0}`
   - `g_tls_bcur[TINY_NUM_CLASSES] = {0}`
   - `g_tls_bend[TINY_NUM_CLASSES] = {0}`

2. **core/tiny_fastcache.c:**
   - `g_tiny_fast_cache[TINY_FAST_CLASS_COUNT] = {0}`
   - `g_tiny_fast_count[TINY_FAST_CLASS_COUNT] = {0}`
   - `g_tiny_fast_free_head[TINY_FAST_CLASS_COUNT] = {0}`
   - `g_tiny_fast_free_count[TINY_FAST_CLASS_COUNT] = {0}`

3. **core/hakmem_tiny_magazine.c:**
   - `g_tls_mags[TINY_NUM_CLASSES] = {0}`

4. **core/tiny_sticky.c:**
   - `g_tls_sticky_ss[TINY_NUM_CLASSES][TINY_STICKY_RING] = {0}`
   - `g_tls_sticky_idx[TINY_NUM_CLASSES][TINY_STICKY_RING] = {0}`
   - `g_tls_sticky_pos[TINY_NUM_CLASSES] = {0}`

**効果:**
```
Before: 1T: 2.09M   |  4T: SEGV 💀
After:  1T: 2.41M   |  4T: 4.19M   (+15% 1T, SEGV解消)
```

**テスト:**
```bash
# 1 thread: 完走
./larson_hakmem 2 8 128 1024 1 12345 1
→ Throughput = 2,407,597 ops/s 

# 4 threads: 完走(以前は SEGV)
./larson_hakmem 2 8 128 1024 1 12345 4
→ Throughput = 4,192,155 ops/s 
```

**調査協力:** Task agent (ultrathink mode) による完璧な根本原因特定

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-07 01:27:04 +09:00

216 lines
8.0 KiB
C
Raw Blame History

#include "tiny_debug_ring.h"
#include "hakmem_tiny.h"
#include <signal.h>
#include <stdatomic.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/types.h>
#include <ucontext.h>
#define TINY_RING_IGNORE(expr) do { ssize_t _tw_ret = (expr); (void)_tw_ret; } while(0)
#define TINY_RING_CAP 4096u
typedef struct {
uintptr_t ptr;
uintptr_t aux;
uint16_t event;
uint16_t class_idx;
} TinyRingEntry;
static TinyRingEntry g_tiny_ring[TINY_RING_CAP];
static _Atomic uint32_t g_tiny_ring_head = 0;
static int g_tiny_ring_enabled = 0;
typedef struct {
const char* name;
size_t len;
} TinyRingName;
static TinyRingName tiny_ring_event_name(uint16_t event) {
switch (event) {
case TINY_RING_EVENT_ALLOC_ENTER: return (TinyRingName){"alloc_enter", 11};
case TINY_RING_EVENT_ALLOC_SUCCESS: return (TinyRingName){"alloc_ok", 8};
case TINY_RING_EVENT_ALLOC_NULL: return (TinyRingName){"alloc_null", 10};
case TINY_RING_EVENT_ALLOC_REFILL_START: return (TinyRingName){"refill_start", 12};
case TINY_RING_EVENT_ALLOC_REFILL_NULL: return (TinyRingName){"refill_null", 11};
case TINY_RING_EVENT_ALLOC_BIND: return (TinyRingName){"bind", 4};
case TINY_RING_EVENT_FREE_ENTER: return (TinyRingName){"free_enter", 10};
case TINY_RING_EVENT_FREE_FAST: return (TinyRingName){"free_fast", 8};
case TINY_RING_EVENT_FREE_REMOTE: return (TinyRingName){"free_remote", 11};
case TINY_RING_EVENT_FREE_LOCAL: return (TinyRingName){"free_local", 10};
case TINY_RING_EVENT_FREE_RETURN_MAG: return (TinyRingName){"free_mag", 7};
case TINY_RING_EVENT_SUPERSLAB_ADOPT: return (TinyRingName){"ss_adopt", 8};
case TINY_RING_EVENT_SUPERSLAB_ALLOC: return (TinyRingName){"ss_alloc", 8};
case TINY_RING_EVENT_SUPERSLAB_PUBLISH: return (TinyRingName){"ss_publish", 10};
case TINY_RING_EVENT_SUPERSLAB_ADOPT_FAIL: return (TinyRingName){"ss_adopt_fail", 13};
case TINY_RING_EVENT_REMOTE_PUSH: return (TinyRingName){"remote_push", 11};
case TINY_RING_EVENT_REMOTE_INVALID: return (TinyRingName){"remote_invalid", 14};
case TINY_RING_EVENT_REMOTE_DRAIN: return (TinyRingName){"remote_drain", 12};
case TINY_RING_EVENT_OWNER_ACQUIRE: return (TinyRingName){"owner_acq", 9};
case TINY_RING_EVENT_OWNER_RELEASE: return (TinyRingName){"owner_rel", 9};
case TINY_RING_EVENT_FRONT_BYPASS: return (TinyRingName){"front_bypass", 12};
case TINY_RING_EVENT_MAILBOX_PUBLISH: return (TinyRingName){"mailbox_publish", 15};
case TINY_RING_EVENT_MAILBOX_FETCH: return (TinyRingName){"mailbox_fetch", 13};
case TINY_RING_EVENT_MAILBOX_FETCH_NULL: return (TinyRingName){"mailbox_fetch_null", 18};
case TINY_RING_EVENT_ROUTE: return (TinyRingName){"route", 5};
default: return (TinyRingName){"unknown", 7};
}
}
static void tiny_ring_write_dec(int fd, uint64_t value) {
char buf[32];
int pos = 31;
if (value == 0) {
buf[pos--] = '0';
} else {
while (value > 0 && pos >= 0) {
buf[pos--] = (char)('0' + (value % 10));
value /= 10;
}
}
int len = 31 - pos;
TINY_RING_IGNORE(write(fd, buf + pos + 1, len));
}
static void tiny_ring_write_hex(int fd, uintptr_t value) {
static const char* hex = "0123456789abcdef";
char buf[2 + sizeof(uintptr_t) * 2 + 1];
buf[0] = '0';
buf[1] = 'x';
for (int i = (int)(sizeof(uintptr_t) * 2) - 1; i >= 0; --i) {
buf[2 + i] = hex[value & 0xFu];
value >>= 4;
}
buf[2 + sizeof(uintptr_t) * 2] = '\0';
TINY_RING_IGNORE(write(fd, buf, 2 + sizeof(uintptr_t) * 2));
}
static void tiny_debug_ring_dump(int fd, uintptr_t fault_addr) {
const char hdr[] = "\n[Tiny Debug Ring Dump]\n";
TINY_RING_IGNORE(write(fd, hdr, sizeof(hdr) - 1));
const char addr_prefix[] = "fault_addr=";
TINY_RING_IGNORE(write(fd, addr_prefix, sizeof(addr_prefix) - 1));
tiny_ring_write_hex(fd, fault_addr);
TINY_RING_IGNORE(write(fd, "\n", 1));
uint32_t head = atomic_load_explicit(&g_tiny_ring_head, memory_order_relaxed);
uint32_t count = head < TINY_RING_CAP ? head : TINY_RING_CAP;
for (uint32_t i = 0; i < count; i++) {
uint32_t idx = (head - count + i) & (TINY_RING_CAP - 1u);
TinyRingEntry ent = g_tiny_ring[idx];
TINY_RING_IGNORE(write(fd, "[", 1));
tiny_ring_write_dec(fd, idx);
const char mid[] = "] event=";
TINY_RING_IGNORE(write(fd, mid, sizeof(mid) - 1));
TinyRingName name = tiny_ring_event_name(ent.event);
TINY_RING_IGNORE(write(fd, name.name, name.len));
const char cls[] = " class=";
TINY_RING_IGNORE(write(fd, cls, sizeof(cls) - 1));
tiny_ring_write_dec(fd, ent.class_idx);
const char ptr_prefix[] = " ptr=";
TINY_RING_IGNORE(write(fd, ptr_prefix, sizeof(ptr_prefix) - 1));
tiny_ring_write_hex(fd, ent.ptr);
const char aux_prefix[] = " aux=";
TINY_RING_IGNORE(write(fd, aux_prefix, sizeof(aux_prefix) - 1));
tiny_ring_write_hex(fd, ent.aux);
TINY_RING_IGNORE(write(fd, "\n", 1));
}
}
static void tiny_debug_ring_sigsegv(int signo, siginfo_t* info, void* uctx) {
uintptr_t ip = 0;
#if defined(__x86_64__)
if (uctx) {
ucontext_t* uc = (ucontext_t*)uctx;
#ifdef REG_RIP
ip = (uintptr_t)uc->uc_mcontext.gregs[REG_RIP];
#else
(void)uc; // REG_RIP not available on this platform
#endif
}
#endif
if (g_tiny_ring_enabled) {
uintptr_t fault = info ? (uintptr_t)info->si_addr : 0;
#if defined(__x86_64__)
#ifdef REG_RIP
if (ip != 0) {
const char rip_prefix[] = "rip=";
TINY_RING_IGNORE(write(STDERR_FILENO, rip_prefix, sizeof(rip_prefix) - 1));
tiny_ring_write_hex(STDERR_FILENO, ip);
TINY_RING_IGNORE(write(STDERR_FILENO, "\n", 1));
}
#endif
#endif
tiny_debug_ring_dump(STDERR_FILENO, fault);
}
const char msg[] = "[Tiny Debug Ring] captured SIGSEGV\n";
TINY_RING_IGNORE(write(STDERR_FILENO, msg, sizeof(msg) - 1));
#if defined(__x86_64__)
#ifdef REG_RIP
if (ip != 0) {
const char rip_prefix[] = "rip=";
TINY_RING_IGNORE(write(STDERR_FILENO, rip_prefix, sizeof(rip_prefix) - 1));
tiny_ring_write_hex(STDERR_FILENO, ip);
TINY_RING_IGNORE(write(STDERR_FILENO, "\n", 1));
}
#endif
#endif
_exit(128 + signo);
}
static void tiny_debug_ring_sigusr(int signo, siginfo_t* info, void* uctx) {
(void)signo;
(void)info;
(void)uctx;
if (g_tiny_ring_enabled) {
tiny_debug_ring_dump(STDERR_FILENO, 0);
const char msg[] = "[Tiny Debug Ring] SIGUSR2 dump\n";
TINY_RING_IGNORE(write(STDERR_FILENO, msg, sizeof(msg) - 1));
}
}
void tiny_debug_ring_init(void) {
if (g_tiny_ring_enabled) return;
const char* env = getenv("HAKMEM_TINY_TRACE_RING");
if (!(env && *env && env[0] != '0')) {
return;
}
g_tiny_ring_enabled = 1;
struct sigaction sa;
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_SIGINFO | SA_RESETHAND;
sa.sa_sigaction = tiny_debug_ring_sigsegv;
sigaction(SIGSEGV, &sa, NULL);
struct sigaction su;
sigemptyset(&su.sa_mask);
su.sa_flags = SA_SIGINFO | SA_RESTART;
su.sa_sigaction = tiny_debug_ring_sigusr;
sigaction(SIGUSR2, &su, NULL);
}
void tiny_debug_ring_record(uint16_t event, uint16_t class_idx, void* ptr, uintptr_t aux) {
if (!g_tiny_ring_enabled) return;
uint32_t idx = atomic_fetch_add_explicit(&g_tiny_ring_head, 1u, memory_order_relaxed);
TinyRingEntry entry;
entry.ptr = (uintptr_t)ptr;
entry.aux = aux;
entry.event = event;
entry.class_idx = class_idx;
g_tiny_ring[idx & (TINY_RING_CAP - 1u)] = entry;
}
__attribute__((constructor))
static void tiny_debug_ring_ctor(void) {
tiny_debug_ring_init();
}
__attribute__((destructor))
static void tiny_debug_ring_dtor(void) {
const char* e = getenv("HAKMEM_TINY_DUMP_RING_ATEXIT");
if (e && *e && e[0] != '0') {
tiny_debug_ring_dump(STDERR_FILENO, 0);
}
}
Reference in New Issue View Git Blame Copy Permalink