Files

Moe Charm (CI) 8aabee4392 Box TLS-SLL: fix splice head normalization and remove false misalignment guard; add header-aware linear link instrumentation; log splice details in debug.\n\n- Normalize head before publishing to TLS SLL (avoid user-ptr head)\n- Remove size-mod alignment guard (stride!=size); keep small-ptr fail-fast only\n- Drop heuristic base normalization to avoid corrupting base\n- Add [LINEAR_LINK]/[SPLICE_LINK]/[SPLICE_SET_HEAD] debug logs (debug-only)\n- Verified debug build on bench_fixed_size_hakmem with visible carve/splice traces

2025-11-11 00:02:24 +09:00

3.3 KiB

Raw Blame History

Debug Analysis Final - TLS-SLL Guard Investigation

Date: 2025-11-10 Binary: out/debug/bench_fixed_size_hakmem (verbose debug build) Command: 200000 1024 128

1. Maximum Tracing Results

Key Findings:

[TLS_SLL_GUARD] splice_trav: misaligned base=0x7244b7e10009 cls=0 blk=8 off=1
[HAKMEM][EARLY SIGSEGV] backtrace (1 frames)
./out/debug/bench_fixed_size_hakmem(+0x6a5e)[0x5b4a8b13ea5e]

Critical Discovery:

TLS-SLL GUARDが検出！ misaligned base=0x7244b7e10009
SPLICE_TO_SLL直後のsplice_trav操作でアライメント違反
これがSIGSEGVの直接原因！

Analysis of misaligned address:

base=0x7244b7e10009 - 最後の9進数（0x9）が問題
cls=0 blk=8 off=1 - class 0, block 8, offset 1
正しいはず: 0x7244b7e10000 + (8 * 256) + 1 = 0x7244b7e10081
実際: 0x7244b7e10009 - 計算が間違っている！

2. No Cache Results (Frontend Disabled)

Same Pattern:

[TLS_SLL_GUARD] splice_trav: misaligned base=0x7d9100410009 cls=0 blk=8 off=1
[HAKMEM][EARLY SIGSEGV] backtrace (1 frames)
./out/debug/bench_fixed_size_hakmem(+0x6a5e)[0x622ace44fa5e]

Confirmed:

Frontend cacheを無効にしても問題は再現
TLS-SLL境界の問題であることが確定

3. Root Cause Analysis

Problem Location:

SPLICE_TO_SLL直後のTLS-SLL操作
splice_trav（traverse splice）でポインタ計算が破壊されている

Calculation Error:

Expected: base + (blk * size) + off
Actual:   base + ??? = 0x7244b7e10009 (9 bytes from base)

Header Offset Confusion:

Class 0 (128B): header offset should be 1 byte
Block 8: should be at 8 * 128 = 1024 bytes from base
Correct address: 0x7244b7e10000 + 1024 + 1 = 0x7244b7e10401
Actual: 0x7244b7e10009 - 完全に間違った計算！

4. PTR_TRACE Analysis

Missing TLS Operations:

PTR_TRACEにtls_push/tls_pop/tls_sp_trav/tls_sp_linkが記録されていない
TLS-SLL GUARDが発火する段階で既にPTR_TRACEが動いていない
PTR_TRACEマクロ自体が問題のコードパスを通っていない！

5. Recommendations

Immediate Fix:

TLS-SLL splice_travのポインタ計算を修正
- base + (blk * size) + off の計算を確認
- class 0 (128B) × block 8 = 1024 bytes offset

Debug Strategy:

PTR_TRACEマクロをTLS-SLL GUARDの前後に配置
splice_trav関数のアセンブリ出力を確認
TLS-SLL GUARDの条件判定を緩和して詳細ログ取得

Code Location to Fix:

core/box/tls_sll_box.h - splice_trav implementation
SPLICE_TO_SLL直後のTLS-SLL操作フロー

6. Verification Steps

After Fix:

Same test should show proper alignment
TLS-SLL GUARD should not fire
PTR_TRACE should show tls_push/tls_pop operations
SIGSEGV should be resolved

Test Commands:

HAKMEM_DEBUG_SEGV=1 HAKMEM_PTR_TRACE_DUMP=1 HAKMEM_FREE_WRAP_TRACE=1 ./out/debug/bench_fixed_size_hakmem 200000 1024 128

7. Summary

Root Cause: TLS-SLL splice_trav operation has critical pointer calculation error Location: SPLICE_TO_SLL immediate aftermath Impact: Misaligned memory access causes SIGSEGV Fix Priority: CRITICAL - core memory corruption issue

The TLS-SLL GUARD successfully identified the exact location of the problem!

3.3 KiB Raw Blame History Unescape Escape