[Webkit-unassigned] [Bug 146440] Crash on xLarge memory allocation using bmalloc on 32bit systems

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jun 30 09:31:07 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=146440

--- Comment #1 from Mario Sanchez Prada <mario at webkit.org> ---
(In reply to comment #0)
> In the last week I've been debugging this quite thoroughly, comparing how
> the webkigtk package was being built in our environment before and after the
> upgrade to 2.8.3 and found that building with -O0 instead of -O2 seems to
> make the crash go away, so perhaps this is related to some compiler options?

JFTR, I confirmed this "theory" yesterday night and tomorrow morning:

  * With -O2: I get the crash 
  * With -O1: I get the crash
  * With -OO: I do NOT get the crash

So, the problem seems to happen when -O1 is enabled, which in my system translates to some of the following optimizations, enabled for that level:

  -fbranch-count-reg                  [enabled]
  -fcombine-stack-adjustments         [enabled]
  -fcompare-elim                      [enabled]
  -fcprop-registers                   [enabled]
  -fdefer-pop                         [enabled]
  -fforward-propagate                 [enabled]
  -fguess-branch-probability          [enabled]
  -fif-conversion                     [enabled]
  -fif-conversion2                    [enabled]
  -finline-functions-called-once     [enabled]
  -fipa-profile                       [enabled]
  -fipa-pure-const                    [enabled]
  -fipa-reference                     [enabled]
  -fmerge-constants                   [enabled]
  -fmove-loop-invariants              [enabled]
  -fshrink-wrap                       [enabled]
  -fsplit-wide-types                  [enabled]
  -ftree-bit-ccp                      [enabled]
  -ftree-ccp                          [enabled]
  -ftree-ch                           [enabled]
  -ftree-copy-prop                    [enabled]
  -ftree-copyrename                   [enabled]
  -ftree-dce                          [enabled]
  -ftree-dominator-opts               [enabled]
  -ftree-dse                          [enabled] *
  -ftree-fre                          [enabled]
  -ftree-pta                          [enabled]
  -ftree-sink                         [enabled]
  -ftree-slsr                         [enabled]
  -ftree-sra                          [enabled]
  -ftree-ter                          [enabled]


If anyone can spot anything in there that might ring a bell, please let me know, otherwise I will continue the investigation myself the best I can.

Last, according to the documentation, -O1 also enables -fomit-frame-pointer (no idea why it does not show up there), but I already tried passing -fno-omit-frame-pointer (as well as -fno-tree-dce) and that did not work, so it has to be something else.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150630/45d0094f/attachment-0001.html>

More information about the webkit-unassigned mailing list