d8168a2021
## Bug Fix: Restore C7 Exception in TLS SLL Push **File**: `core/box/tls_sll_box.h:309` **Problem**: Commit25d963a4a(Code Cleanup) accidentally reverted the C7 fix by changing: ```c if (class_idx != 0 && class_idx != 7) { // CORRECT (commit8b67718bf) if (class_idx != 0) { // BROKEN (commit25d963a4a) ``` **Impact**: C7 (1024B class) header restoration in TLS SLL push overwrote next pointer at base[0], causing corruption. **Fix**: Restored `&& class_idx != 7` check to prevent header restoration for C7. **Why C7 Needs Exception**: - C7 uses offset=0 (stores next pointer at base[0]) - User pointer is at base+1 - Next pointer MUST NOT be overwritten by header restoration - C1-C6 use offset=1 (next at base[1]), so base[0] header restoration is safe ## Investigation: Larson MT Race Condition (SEPARATE ISSUE) **Finding**: Larson still crashes with 3+ threads due to UNRELATED multi-threading race condition in unified cache freelist management. **Root Cause**: Non-atomic freelist operations in `TinySlabMeta`: ```c typedef struct TinySlabMeta { void* freelist; // ❌ NOT ATOMIC uint16_t used; // ❌ NOT ATOMIC } TinySlabMeta; ``` **Evidence**: ``` 1 thread: ✅ PASS (1.88M - 41.8M ops/s) 2 threads: ✅ PASS (24.6M ops/s) 3 threads: ❌ SEGV (race condition) 4+ threads: ❌ SEGV (race condition) ``` **Status**: C7 fix is CORRECT. Larson crash is separate MT issue requiring atomic freelist implementation. ## Documentation Added Created comprehensive investigation reports: - `LARSON_CRASH_ROOT_CAUSE_REPORT.md` - Full technical analysis - `LARSON_DIAGNOSTIC_PATCH.md` - Implementation guide - `LARSON_INVESTIGATION_SUMMARY.md` - Executive summary - `LARSON_QUICK_REF.md` - Quick reference - `verify_race_condition.sh` - Automated verification script ## Next Steps Implement atomic freelist operations for full MT safety (7-9 hour effort): 1. Make `TinySlabMeta.freelist` atomic with CAS loop 2. Audit 87 freelist access sites 3. Test with Larson 8+ threads 🔧 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
139 lines
5.4 KiB
Makefile
139 lines
5.4 KiB
Makefile
hakmem.o: core/hakmem.c core/hakmem.h core/hakmem_build_flags.h \
|
|
core/hakmem_config.h core/hakmem_features.h core/hakmem_internal.h \
|
|
core/hakmem_sys.h core/hakmem_whale.h core/hakmem_bigcache.h \
|
|
core/hakmem_pool.h core/hakmem_l25_pool.h core/hakmem_policy.h \
|
|
core/hakmem_learner.h core/hakmem_size_hist.h core/hakmem_ace.h \
|
|
core/hakmem_site_rules.h core/hakmem_tiny.h core/hakmem_trace.h \
|
|
core/hakmem_tiny_mini_mag.h core/hakmem_tiny_superslab.h \
|
|
core/superslab/superslab_types.h core/hakmem_tiny_superslab_constants.h \
|
|
core/superslab/superslab_inline.h core/superslab/superslab_types.h \
|
|
core/tiny_debug_ring.h core/tiny_remote.h \
|
|
core/hakmem_tiny_superslab_constants.h core/tiny_fastcache.h \
|
|
core/box/tiny_next_ptr_box.h core/hakmem_tiny_config.h \
|
|
core/tiny_nextptr.h core/tiny_region_id.h core/tiny_box_geometry.h \
|
|
core/hakmem_tiny_config.h core/ptr_track.h core/hakmem_super_registry.h \
|
|
core/hakmem_mid_mt.h core/hakmem_elo.h core/hakmem_ace_stats.h \
|
|
core/hakmem_batch.h core/hakmem_evo.h core/hakmem_debug.h \
|
|
core/hakmem_prof.h core/hakmem_syscall.h core/hakmem_ace_controller.h \
|
|
core/hakmem_ace_metrics.h core/hakmem_ace_ucb1.h \
|
|
core/box/bench_fast_box.h core/ptr_trace.h core/box/hak_exit_debug.inc.h \
|
|
core/box/hak_kpi_util.inc.h core/box/hak_core_init.inc.h \
|
|
core/hakmem_phase7_config.h core/box/ss_hot_prewarm_box.h \
|
|
core/box/hak_alloc_api.inc.h core/box/../hakmem_tiny.h \
|
|
core/box/../hakmem_smallmid.h core/box/../pool_tls.h \
|
|
core/box/hak_free_api.inc.h core/hakmem_tiny_superslab.h \
|
|
core/box/../tiny_free_fast_v2.inc.h core/box/../tiny_region_id.h \
|
|
core/box/../hakmem_build_flags.h core/box/../hakmem_tiny_config.h \
|
|
core/box/../box/tls_sll_box.h core/box/../box/../hakmem_tiny_config.h \
|
|
core/box/../box/../hakmem_build_flags.h core/box/../box/../tiny_remote.h \
|
|
core/box/../box/../tiny_region_id.h \
|
|
core/box/../box/../hakmem_tiny_integrity.h \
|
|
core/box/../box/../hakmem_tiny.h core/box/../box/../ptr_track.h \
|
|
core/box/../box/../tiny_debug_ring.h \
|
|
core/box/../box/../superslab/superslab_inline.h \
|
|
core/box/../box/tls_sll_drain_box.h core/box/../box/tls_sll_box.h \
|
|
core/box/../box/free_local_box.h core/box/../hakmem_tiny_integrity.h \
|
|
core/box/../superslab/superslab_inline.h \
|
|
core/box/../box/ss_slab_meta_box.h \
|
|
core/box/../box/../superslab/superslab_types.h \
|
|
core/box/../box/free_remote_box.h core/box/front_gate_v2.h \
|
|
core/box/external_guard_box.h core/box/ss_slab_meta_box.h \
|
|
core/box/hak_wrappers.inc.h core/box/front_gate_classifier.h \
|
|
core/box/../front/malloc_tiny_fast.h \
|
|
core/box/../front/../hakmem_build_flags.h \
|
|
core/box/../front/../hakmem_tiny_config.h \
|
|
core/box/../front/tiny_unified_cache.h \
|
|
core/box/../front/../tiny_region_id.h core/box/../front/../hakmem_tiny.h
|
|
core/hakmem.h:
|
|
core/hakmem_build_flags.h:
|
|
core/hakmem_config.h:
|
|
core/hakmem_features.h:
|
|
core/hakmem_internal.h:
|
|
core/hakmem_sys.h:
|
|
core/hakmem_whale.h:
|
|
core/hakmem_bigcache.h:
|
|
core/hakmem_pool.h:
|
|
core/hakmem_l25_pool.h:
|
|
core/hakmem_policy.h:
|
|
core/hakmem_learner.h:
|
|
core/hakmem_size_hist.h:
|
|
core/hakmem_ace.h:
|
|
core/hakmem_site_rules.h:
|
|
core/hakmem_tiny.h:
|
|
core/hakmem_trace.h:
|
|
core/hakmem_tiny_mini_mag.h:
|
|
core/hakmem_tiny_superslab.h:
|
|
core/superslab/superslab_types.h:
|
|
core/hakmem_tiny_superslab_constants.h:
|
|
core/superslab/superslab_inline.h:
|
|
core/superslab/superslab_types.h:
|
|
core/tiny_debug_ring.h:
|
|
core/tiny_remote.h:
|
|
core/hakmem_tiny_superslab_constants.h:
|
|
core/tiny_fastcache.h:
|
|
core/box/tiny_next_ptr_box.h:
|
|
core/hakmem_tiny_config.h:
|
|
core/tiny_nextptr.h:
|
|
core/tiny_region_id.h:
|
|
core/tiny_box_geometry.h:
|
|
core/hakmem_tiny_config.h:
|
|
core/ptr_track.h:
|
|
core/hakmem_super_registry.h:
|
|
core/hakmem_mid_mt.h:
|
|
core/hakmem_elo.h:
|
|
core/hakmem_ace_stats.h:
|
|
core/hakmem_batch.h:
|
|
core/hakmem_evo.h:
|
|
core/hakmem_debug.h:
|
|
core/hakmem_prof.h:
|
|
core/hakmem_syscall.h:
|
|
core/hakmem_ace_controller.h:
|
|
core/hakmem_ace_metrics.h:
|
|
core/hakmem_ace_ucb1.h:
|
|
core/box/bench_fast_box.h:
|
|
core/ptr_trace.h:
|
|
core/box/hak_exit_debug.inc.h:
|
|
core/box/hak_kpi_util.inc.h:
|
|
core/box/hak_core_init.inc.h:
|
|
core/hakmem_phase7_config.h:
|
|
core/box/ss_hot_prewarm_box.h:
|
|
core/box/hak_alloc_api.inc.h:
|
|
core/box/../hakmem_tiny.h:
|
|
core/box/../hakmem_smallmid.h:
|
|
core/box/../pool_tls.h:
|
|
core/box/hak_free_api.inc.h:
|
|
core/hakmem_tiny_superslab.h:
|
|
core/box/../tiny_free_fast_v2.inc.h:
|
|
core/box/../tiny_region_id.h:
|
|
core/box/../hakmem_build_flags.h:
|
|
core/box/../hakmem_tiny_config.h:
|
|
core/box/../box/tls_sll_box.h:
|
|
core/box/../box/../hakmem_tiny_config.h:
|
|
core/box/../box/../hakmem_build_flags.h:
|
|
core/box/../box/../tiny_remote.h:
|
|
core/box/../box/../tiny_region_id.h:
|
|
core/box/../box/../hakmem_tiny_integrity.h:
|
|
core/box/../box/../hakmem_tiny.h:
|
|
core/box/../box/../ptr_track.h:
|
|
core/box/../box/../tiny_debug_ring.h:
|
|
core/box/../box/../superslab/superslab_inline.h:
|
|
core/box/../box/tls_sll_drain_box.h:
|
|
core/box/../box/tls_sll_box.h:
|
|
core/box/../box/free_local_box.h:
|
|
core/box/../hakmem_tiny_integrity.h:
|
|
core/box/../superslab/superslab_inline.h:
|
|
core/box/../box/ss_slab_meta_box.h:
|
|
core/box/../box/../superslab/superslab_types.h:
|
|
core/box/../box/free_remote_box.h:
|
|
core/box/front_gate_v2.h:
|
|
core/box/external_guard_box.h:
|
|
core/box/ss_slab_meta_box.h:
|
|
core/box/hak_wrappers.inc.h:
|
|
core/box/front_gate_classifier.h:
|
|
core/box/../front/malloc_tiny_fast.h:
|
|
core/box/../front/../hakmem_build_flags.h:
|
|
core/box/../front/../hakmem_tiny_config.h:
|
|
core/box/../front/tiny_unified_cache.h:
|
|
core/box/../front/../tiny_region_id.h:
|
|
core/box/../front/../hakmem_tiny.h:
|