[webkit-dev] Crash on xLarge memory allocation using bmalloc on 32bit systems

Ryosuke Niwa rniwa at webkit.org
Fri Jul 3 03:25:05 PDT 2015

On Fri, Jul 3, 2015 at 3:10 AM, Mario Sanchez Prada <mario at webkit.org>

> On 03/07/15 10:47, Ryosuke Niwa wrote:
> > On Fri, Jul 3, 2015 at 2:32 AM, Mario Sanchez Prada <mario at webkit.org
> > [...]
> >     FWIW, I've tried reducing the scope of this flag to bmalloc but the
> crash
> >     was still there. However, passing it instead for WebCore only did
> "fix" the
> >     situation, so perhaps the problem is not strictly related to
> bmalloc, but to
> >     something else in the graphics subsystem?
> >
> >     I could also be a bug on GCC, though.
> >
> > Perhaps you can compare two diassembled bmalloc code with or without
> > -fno-tree-sra since bmallc is a fairly small project?
> Not sure that would be useful, since enabling or disabling that -ftree-sra
> while building bmalloc does not make any difference wrt to this problem,
> but
> perhaps I'm overlooking something.
> The crash goes away when passing -fno-tree-sra for WebCore, unfortunately.

That's interesting. It could be a real bug in WebCore like us relying on
some undefined behavior that happens to work fine in clang.

We've had bugs like that in the past where what we thought would be a null
pointer crash turned into a use-after-free because accessing null pointer
results in undefined behavior and clang was taking the advantage of that in
its optimizer.

- R. Niwa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-dev/attachments/20150703/4c7a84f9/attachment.html>

More information about the webkit-dev mailing list