[webkit-dev] Webkit mipsel crashing in arenaDelete

Stephan Assmus superstippi at gmx.de
Tue Feb 16 01:17:09 PST 2010 

Hi,

On 2010-02-16 at 09:31:32 [+0100], İsmail Dönmez <ismail at namtrac.org> wrote:
> On Tue, Feb 16, 2010 at 10:22 AM, Stephan Assmus <superstippi at gmx.de> wrote:
> > Hi,
> >
> > On 2010-02-16 at 08:50:21 [+0100], Bharathwaaj S <bharathwaaj.s at gmail.com>
> > wrote:
> >> I could port webkit to mipsel architechture using DirectFB Backend.
> >>
> >> I've taken svn WebKitGtk release 1.1.8 present
> >> here<http://trac.webkit.org/browser/releases/WebKitGTK/webkit-1.1.8>
> >> .
> >>
> >> I could get google.com homepage when I run GtkLauncher. But when I press 
> >> any
> >> the Google Search button, it crashes.
> >>
> >> I added printfs in the code and I found that it is crashing in File
> >> WebCore/rendering/RenderObject.cpp Function arenaDelete in the line
> >>
> >> delete this
> >>
> >> It also crashes when I reload the google page by pressing right click and
> >> reload.
> >>
> >> The same release when built for x86 runs fine.
> >>
> >> Kindly help me in solving this issue.
> >
> > No idea if this is helpful or even applies to your problem, but during the
> > Haiku porting effort, we found out that when using USE_SYSTEM_MALLOC=1,
> > WebCore makes some assumptions about alignment of allocations that are not
> > guarenteed when using malloc() (should use memalign()). When we switched 
> > to
> > using the built-in TCSystemMalloc, those problems went away.
> 
> Thats interesting. How did you force TCSystemMalloc for Haiku port?

I could send you a diff for just this change, but the Haiku port uses it's 
own buildsystem which is not (yet?) part of WebKit trunk. All that seemed 
necessary to enable it was to

1) not define "USE_SYSTEM_MALLOC=1"
2) include TCSystemAlloc.cpp into the libjavascriptcore.so build.

For debug builds, we also force the use of system malloc to OFF:

Index: JavaScriptCore/wtf/FastMalloc.cpp
===================================================================
--- JavaScriptCore/wtf/FastMalloc.cpp	(revision 47)
+++ JavaScriptCore/wtf/FastMalloc.cpp	(revision 49)
@@ -92,7 +92,7 @@
 #if !(defined(USE_SYSTEM_MALLOC) && USE_SYSTEM_MALLOC) && defined(NDEBUG)
 #define FORCE_SYSTEM_MALLOC 0
 #else
-#define FORCE_SYSTEM_MALLOC 1
+#define FORCE_SYSTEM_MALLOC 0 // TODO: hacked to off also in debug build
 #endif
 
 // Use a background thread to periodically scavenge memory to release back 
to the system

This was necessary for some reason I cannot remember right now.

Best regards,
-Stephan

More information about the webkit-dev mailing list