V8 crashes when profile generator is trying to allocate a raw_entries_ buffer more than 2Gb.

src/profile-generator.h

 // Copyright 2011 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 557 matching lines @@
                            int index,
                            HeapEntry* entry,
                            int retainer_index);
   void SetNamedReference(HeapGraphEdge::Type type,
                          int child_index,
                          const char* name,
                          HeapEntry* entry,
                          int retainer_index);
   void SetUnidirElementReference(int child_index, int index, HeapEntry* entry);
 
-  int EntrySize() { return EntriesSize(1, children_count_, retainers_count_); }
+  uint64_t EntrySize() {
+    return EntriesSize(1, children_count_, retainers_count_);
+  }
 
   void Print(
       const char* prefix, const char* edge_name, int max_depth, int indent);
 
   Handle<HeapObject> GetHeapObject();
 
-  static int EntriesSize(int entries_count,
-                         int children_count,
-                         int retainers_count);
+  static uint64_t EntriesSize(int entries_count,
+                              int children_count,
+                              int retainers_count);
 
  private:
   HeapGraphEdge* children_arr() {
     return reinterpret_cast<HeapGraphEdge*>(this + 1);
   }
   HeapGraphEdge** retainers_arr() {
     return reinterpret_cast<HeapGraphEdge**>(children_arr() + children_count_);
   }
   const char* TypeAsString();
 
@@ skipping 12 matching lines @@
     uint32_t id1_;
     uint32_t id2_;
   } id_;  // This is to avoid extra padding of 64-bit value.
   const char* name_;
 
   DISALLOW_COPY_AND_ASSIGN(HeapEntry);
 };
 
 
 class HeapSnapshotsCollection;
+class RawEntriesStorage;
 
 // HeapSnapshot represents a single heap snapshot. It is stored in
 // HeapSnapshotsCollection, which is also a factory for
 // HeapSnapshots. All HeapSnapshots share strings copied from JS heap
 // to be able to return them even if they were collected.
 // HeapSnapshotGenerator fills in a HeapSnapshot.
 class HeapSnapshot {
  public:
   enum Type {
     kFull = v8::HeapSnapshot::kFull
   };
 
   HeapSnapshot(HeapSnapshotsCollection* collection,
                Type type,
                const char* title,
                unsigned uid);
   ~HeapSnapshot();
   void Delete();
 
   HeapSnapshotsCollection* collection() { return collection_; }
   Type type() { return type_; }
   const char* title() { return title_; }
   unsigned uid() { return uid_; }
   HeapEntry* root() { return root_entry_; }
   HeapEntry* gc_roots() { return gc_roots_entry_; }
   HeapEntry* natives_root() { return natives_root_entry_; }
   HeapEntry* gc_subroot(int index) { return gc_subroot_entries_[index]; }
   List<HeapEntry*>* entries() { return &entries_; }
-  int raw_entries_size() { return raw_entries_size_; }
+  uint64_t raw_entries_size() { return raw_entries_size_; }

[mnaganov (inactive), 2012/03/08 15:25:10]

Why not size_t?

 
   void AllocateEntries(
       int entries_count, int children_count, int retainers_count);
   HeapEntry* AddEntry(HeapEntry::Type type,
                       const char* name,
                       uint64_t id,
                       int size,
                       int children_count,
                       int retainers_count);
   HeapEntry* AddRootEntry(int children_count);
   HeapEntry* AddGcRootsEntry(int children_count, int retainers_count);
   HeapEntry* AddGcSubrootEntry(int tag,
                                int children_count,
                                int retainers_count);
   HeapEntry* AddNativesRootEntry(int children_count, int retainers_count);
   void ClearPaint();
   HeapEntry* GetEntryById(uint64_t id);
   List<HeapEntry*>* GetSortedEntriesList();
   template<class Visitor>
   void IterateEntries(Visitor* visitor) { entries_.Iterate(visitor); }
   void SetDominatorsToSelf();
 
   void Print(int max_depth);
   void PrintEntriesSize();
 
  private:
-  HeapEntry* GetNextEntryToInit();
+  HeapEntry* GetNextEntryToInit(size_t size);
 
   HeapSnapshotsCollection* collection_;
   Type type_;
   const char* title_;
   unsigned uid_;
   HeapEntry* root_entry_;
   HeapEntry* gc_roots_entry_;
   HeapEntry* natives_root_entry_;
   HeapEntry* gc_subroot_entries_[VisitorSynchronization::kNumberOfSyncTags];
-  char* raw_entries_;
+  RawEntriesStorage* raw_entries_;
   List<HeapEntry*> entries_;
   bool entries_sorted_;
-  int raw_entries_size_;
+  uint64_t raw_entries_size_;
 
   friend class HeapSnapshotTester;
 
   DISALLOW_COPY_AND_ASSIGN(HeapSnapshot);
 };
 
 
 class HeapObjectsMap {
  public:
   HeapObjectsMap();
@@ skipping 436 matching lines @@
   int GetStringId(const char* s);
   void SerializeEdge(HeapGraphEdge* edge);
   void SerializeImpl();
   void SerializeNode(HeapEntry* entry);
   void SerializeNodes();
   void SerializeSnapshot();
   void SerializeString(const unsigned char* s);
   void SerializeStrings();
   void SortHashMap(HashMap* map, List<HashMap::Entry*>* sorted_entries);
 
-  static const int kMaxSerializableSnapshotRawSize;
-
   HeapSnapshot* snapshot_;
   HashMap nodes_;
   HashMap strings_;
   int next_node_id_;
   int next_string_id_;
   OutputStreamWriter* writer_;
 
   friend class HeapSnapshotJSONSerializerEnumerator;
   friend class HeapSnapshotJSONSerializerIterator;
 
   DISALLOW_COPY_AND_ASSIGN(HeapSnapshotJSONSerializer);
 };
 
 } }  // namespace v8::internal
 
 #endif  // V8_PROFILE_GENERATOR_H_