tomoaki/hakmem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d378ee11a090f2cb15e07eda66606b03389adc38
hakmem/docs/FREE_SAFETY.md
Moe Charm (CI) 52386401b3 Debug Counters Implementation - Clean History 
Major Features:
- Debug counter infrastructure for Refill Stage tracking
- Free Pipeline counters (ss_local, ss_remote, tls_sll)
- Diagnostic counters for early return analysis
- Unified larson.sh benchmark runner with profiles
- Phase 6-3 regression analysis documentation

Bug Fixes:
- Fix SuperSlab disabled by default (HAKMEM_TINY_USE_SUPERSLAB)
- Fix profile variable naming consistency
- Add .gitignore patterns for large files

Performance:
- Phase 6-3: 4.79 M ops/s (has OOM risk)
- With SuperSlab: 3.13 M ops/s (+19% improvement)

This is a clean repository without large log files.

🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-05 12:31:14 +09:00

32 lines
1.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Free Safety (Debug Guards)
==========================
Goal
- Detect invalid/double free and class mismatches early, with minimal intrusion on hot paths (debugonly).
Envs
- `HAKMEM_SAFE_FREE=1`
- Enable freetime validations (SS range, block alignment/size/capacity, light freelist scan for duplicates).
- `HAKMEM_SAFE_FREE_STRICT=1`
- FailFast (emit Tiny Ring + raise SIGUSR2) when invalid free is detected.
Checks (SuperSlab path)
- Pointer must map to a registered `SuperSlab` (registry lookup + `magic` check).
- Block alignment: `(ptr - slab_base) % block_size == 0` and `< block_size * capacity`.
- Optional duplicate scan: traverse up to 64 nodes of `meta->freelist` to see if `ptr` is already present.
- Cross lookup note: the same virtual base may be reused by a different class after SS free/cache reuse.
- Two consecutive `free_enter` with different classes on the same pointer likely means double free, not freelist corruption.
Checks (TinySlab path)
- Registry lookup + membership (ptr in `[base, base+64KB)`).
- Optional duplicate scan (same as above; beware of cost).
Ring Guidance
- Record `free_enter` before validation.
- On invalid free: record ring with pointer/class and boundary that failed; if STRICT then raise SIGUSR2.
Limitations
- No perblock headers: we avoid storing tags in user memory; detection focuses on boundary and freelist duplication checks.
- Reallocatethenfree(UAF) after the pointer is reused may evade duplicate scan; STRICT mode is recommended when chasing crashes.
Reference in New Issue View Git Blame Copy Permalink