<html>
    <head>
      <base href="https://bugs.webkit.org/" />
    </head>
    <body>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Crash on xLarge memory allocation using bmalloc on 32bit systems"
   href="https://bugs.webkit.org/show_bug.cgi?id=146440#c1">Comment # 1</a>
              on <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Crash on xLarge memory allocation using bmalloc on 32bit systems"
   href="https://bugs.webkit.org/show_bug.cgi?id=146440">bug 146440</a>
              from <span class="vcard"><a class="email" href="mailto:mario&#64;webkit.org" title="Mario Sanchez Prada &lt;mario&#64;webkit.org&gt;"> <span class="fn">Mario Sanchez Prada</span></a>
</span></b>
        <pre>(In reply to <a href="show_bug.cgi?id=146440#c0">comment #0</a>)
<span class="quote">&gt; In the last week I've been debugging this quite thoroughly, comparing how
&gt; the webkigtk package was being built in our environment before and after the
&gt; upgrade to 2.8.3 and found that building with -O0 instead of -O2 seems to
&gt; make the crash go away, so perhaps this is related to some compiler options?</span >

JFTR, I confirmed this &quot;theory&quot; yesterday night and tomorrow morning:

  * With -O2: I get the crash 
  * With -O1: I get the crash
  * With -OO: I do NOT get the crash

So, the problem seems to happen when -O1 is enabled, which in my system translates to some of the following optimizations, enabled for that level:

  -fbranch-count-reg                  [enabled]
  -fcombine-stack-adjustments         [enabled]
  -fcompare-elim                      [enabled]
  -fcprop-registers                   [enabled]
  -fdefer-pop                         [enabled]
  -fforward-propagate                 [enabled]
  -fguess-branch-probability          [enabled]
  -fif-conversion                     [enabled]
  -fif-conversion2                    [enabled]
  -finline-functions-called-once     [enabled]
  -fipa-profile                       [enabled]
  -fipa-pure-const                    [enabled]
  -fipa-reference                     [enabled]
  -fmerge-constants                   [enabled]
  -fmove-loop-invariants              [enabled]
  -fshrink-wrap                       [enabled]
  -fsplit-wide-types                  [enabled]
  -ftree-bit-ccp                      [enabled]
  -ftree-ccp                          [enabled]
  -ftree-ch                           [enabled]
  -ftree-copy-prop                    [enabled]
  -ftree-copyrename                   [enabled]
  -ftree-dce                          [enabled]
  -ftree-dominator-opts               [enabled]
  -ftree-dse                          [enabled] *
  -ftree-fre                          [enabled]
  -ftree-pta                          [enabled]
  -ftree-sink                         [enabled]
  -ftree-slsr                         [enabled]
  -ftree-sra                          [enabled]
  -ftree-ter                          [enabled]


If anyone can spot anything in there that might ring a bell, please let me know, otherwise I will continue the investigation myself the best I can.

Last, according to the documentation, -O1 also enables -fomit-frame-pointer (no idea why it does not show up there), but I already tried passing -fno-omit-frame-pointer (as well as -fno-tree-dce) and that did not work, so it has to be something else.</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>