Yow! That's code that no one on the project knows all that much about -- we haven't changed it too much since the original David Gay library it came from. If you have some skills with assembly-language debugging you might be able to figure out what line of code is involved. You don't need to do a debug build to have symbols. You could try building with "-O2 and -g" to see if that helps you figure out what's wrong. Worst case, you could try to find a completely different solution for dtoa -- it might be hard to find one that has correct behavior and great performance, though.

OK, if it has not changed too much I guess I can try to use the version that comes with gcc and see how it goes with that. What tests should I pay attention to in order to check the performance of each one?

I think that at least one of the sunspider tests exercises dtoa quite heavily.

We do have a number of modifications in our copy of dtoa, including support for additional architectures (e.g. middle endian ones), threading and performance fixes. Is the version that comes with gcc very different from the original? If not, maybe we could just make all the same changes on our copy.

Yes, I just did that. It seems to work OK, although I'm not testing all the codepaths (lots of #ifdef ...). I'll upload the patch now.

Created attachment 29251 [details] dtoaalias.patch OK, I've tried to explain the issue the best I could in the ChangeLog. I've tried to cover all codepaths, but I haven't actually tested them, just the default one. Also, I have not changed the macros defined when YES_ALIAS is defined, although that is unlikely to work with the changes in the code. Sunspider works with the patch, and the crashers are gone. Unfortunately I can't compare performance with the previous version, since it crashes the browser, but I hope someone else will be able to do that.

*** Bug 24326 has been marked as a duplicate of this bug. ***

Created attachment 29278 [details] sunspider results Xan requested that someone ran sunspider on webkit pre- and post-patching with his proposed fix. These are my results.

Created attachment 29306 [details] sunspider Mac results No measurable change.

Comment on attachment 29251 [details] dtoaalias.patch r=me

Committed as r42262, thanks.

dtoa.cpp is getting strict aliasing warnings again in trunk with gcc 4.4 after the latest changes. I'm running this in chromium but it's the same code as far as I can tell. /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp: In function 'void WTF::mult(WTF::BigInt&, const WTF::BigInt&)': /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:505: warning: dereferencing pointer '<anonymous>' does break strict-aliasing rules /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:505: note: initialized from here /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:505: warning: dereferencing pointer 'xc.43' does break strict-aliasing rules /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:505: note: initialized from here /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:517: warning: dereferencing pointer '<anonymous>' does break strict-aliasing rules /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:517: note: initialized from here /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:517: warning: dereferencing pointer 'xc.43' does break strict-aliasing rules /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:517: note: initialized from here /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp: In function 'void WTF::dtoa(char*, double, int, int*, int*, char**)': /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:293: warning: '<anonymous>' may be used uninitialized in this function /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:2135: note: '<anonymous>' was declared here Compiling /home/craig/chromium.git/src/sconsbuild/Release/obj/third_party/WebKit/JavaScriptCore/pcre/pcre_compile.os Compiling /home/craig/chromium.git/src/sconsbuild/Release/obj/third_party/WebKit/JavaScriptCore/pcre/pcre_exec.os /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp: In function 'double WTF::strtod(const char*, char**)': /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:736: warning: dereferencing pointer 'xc.62' does break strict-aliasing rules /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:736: note: initialized from here /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:736: warning: dereferencing pointer '<anonymous>' does break strict-aliasing rules /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:736: note: initialized from here /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:743: warning: dereferencing pointer 'xc.62' does break strict-aliasing rules /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:743: note: initialized from here /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:743: warning: dereferencing pointer '<anonymous>' does break strict-aliasing rules /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:743: note: initialized from here Rolling back to r42264 makes things happy - I have not tried the in-between revisions yet. What's the best plan of action here - reopen this bug (I can't do that) or file a new one? Thank you!!

Reopening based on Craig's comment.

Actually, wait, no, this bug is about segfaulting. Craig, maybe your comment belongs as a new bug?

(In reply to comment #14) > Actually, wait, no, this bug is about segfaulting. Craig, maybe your comment > belongs as a new bug? I have created https://bugs.webkit.org/show_bug.cgi?id=25857 and Cc'ed Xan. Thank you.