Skip to content

Add defensive code to check buddy allocator.#834

Open
mjp41 wants to merge 2 commits intomicrosoft:mainfrom
mjp41:buddy_validate
Open

Add defensive code to check buddy allocator.#834
mjp41 wants to merge 2 commits intomicrosoft:mainfrom
mjp41:buddy_validate

Conversation

@mjp41
Copy link
Copy Markdown
Member

@mjp41 mjp41 commented Mar 27, 2026

No description provided.

mjp41
mjp41 commented Mar 27, 2026
View reviewed changes
@mjp41 mjp41 requested a review from Copilot March 27, 2026 14:51
Copilot AI reviewed Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds additional debug-time validation to the buddy allocator by tracking and cross-checking the total amount of memory represented in its caches / red-black trees.

Changes:

  • Add RBTree::count() to count nodes for debug accounting.
  • Strengthen Buddy::invariant() to assert caches are empty above empty_at_or_above and to verify a tracked-vs-counted total.
  • Add debug_buddy_total and supporting counting logic to detect accounting mismatches.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
src/snmalloc/ds_core/redblacktree.h Adds node-counting support used by buddy debug checks.
src/snmalloc/backend_helpers/buddy.h Adds debug-time accounting + stricter invariants for buddy allocator internals.

src/snmalloc/backend_helpers/buddy.h
size_t empty_at_or_above{0};

// Tracks the total memory (in bytes) held by this buddy allocator,
// updated at the API boundary. Debug builds only.
Copy link

Copilot AI Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

debug_buddy_total is updated unconditionally in add_block/remove_block, so it will add extra writes and enlarge Buddy even in release builds, despite the comment saying "Debug builds only". Consider making this member and its updates debug-only (e.g., wrap the field and the +=/-= sites in #ifndef NDEBUG or if constexpr (Debug)), so there’s no runtime/size overhead in production builds.

Suggested change
// updated at the API boundary. Debug builds only.
// updated at the API boundary. Intended for debugging/accounting use.

Copilot uses AI. Check for mistakes.
src/snmalloc/backend_helpers/buddy.h
Comment on lines +30 to +31
// Tracks the total memory (in bytes) held by this buddy allocator,
// updated at the API boundary. Debug builds only.
Copy link

Copilot AI Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment says debug_buddy_total is "updated at the API boundary", but it’s also updated by internal calls (e.g., remove_block splits call add_block(second, size)). Please clarify the comment to reflect what this counter actually represents (e.g., total bytes currently tracked by the buddy structures) to avoid misleading future changes.

Suggested change
// Tracks the total memory (in bytes) held by this buddy allocator,
// updated at the API boundary. Debug builds only.
// Tracks the total memory (in bytes) currently represented by this
// buddy allocator's free structures (caches and trees). Used for
// debug-only consistency checks.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mjp41