diff -Nru chromium-browser-64.0.3282.140/build/util/LASTCHANGE chromium-browser-64.0.3282.167/build/util/LASTCHANGE --- chromium-browser-64.0.3282.140/build/util/LASTCHANGE 2018-02-02 01:27:27.000000000 +0000 +++ chromium-browser-64.0.3282.167/build/util/LASTCHANGE 2018-02-14 02:06:09.000000000 +0000 @@ -1 +1 @@ -LASTCHANGE=a666f93c834dc52cc3b76d334e1ec60b882c9284- +LASTCHANGE=4a47f74f5d4ab136d46ec8febed14aee295a5985- diff -Nru chromium-browser-64.0.3282.140/build/util/LASTCHANGE.blink chromium-browser-64.0.3282.167/build/util/LASTCHANGE.blink --- chromium-browser-64.0.3282.140/build/util/LASTCHANGE.blink 2018-02-02 01:27:28.000000000 +0000 +++ chromium-browser-64.0.3282.167/build/util/LASTCHANGE.blink 2018-02-14 02:06:09.000000000 +0000 @@ -1 +1 @@ -LASTCHANGE=a666f93c834dc52cc3b76d334e1ec60b882c9284- +LASTCHANGE=4a47f74f5d4ab136d46ec8febed14aee295a5985- diff -Nru chromium-browser-64.0.3282.140/chrome/browser/chromeos/login/lock/views_screen_locker.cc chromium-browser-64.0.3282.167/chrome/browser/chromeos/login/lock/views_screen_locker.cc --- chromium-browser-64.0.3282.140/chrome/browser/chromeos/login/lock/views_screen_locker.cc 2018-02-02 01:25:32.000000000 +0000 +++ chromium-browser-64.0.3282.167/chrome/browser/chromeos/login/lock/views_screen_locker.cc 2018-02-14 02:04:07.000000000 +0000 @@ -6,9 +6,12 @@ #include +#include "base/bind.h" #include "base/i18n/time_formatting.h" #include "base/metrics/histogram_macros.h" #include "base/strings/utf_string_conversions.h" +#include "base/threading/thread_task_runner_handle.h" +#include "base/time/time.h" #include "chrome/browser/browser_process.h" #include "chrome/browser/chromeos/lock_screen_apps/state_controller.h" #include "chrome/browser/chromeos/login/lock_screen_utils.h" @@ -100,7 +103,6 @@ UMA_HISTOGRAM_TIMES("LockScreen.LockReady", base::TimeTicks::Now() - lock_time_); screen_locker_->ScreenLockReady(); - SessionControllerClient::Get()->NotifyChromeLockAnimationsComplete(); if (lock_screen_apps::StateController::IsEnabled()) lock_screen_apps::StateController::Get()->SetFocusCyclerDelegate(this); OnAllowedInputMethodsChanged(); @@ -140,7 +142,29 @@ } void ViewsScreenLocker::OnAshLockAnimationFinished() { - NOTIMPLEMENTED(); + // Notify session controller that the lock animations are done. + // This is used to notify chromeos::PowerEventObserver that lock screen UI + // has finished showing. PowerEventObserver uses this notification during + // device suspend - device suspend is delayed until lock UI reports it's done + // animating. Additionally, PowerEventObserver will not stop root windows + // compositors until it receives this notification. + // Historically, this was called when Web UI lock implementation reported + // that all animations for showing the UI have finished, which gave enough + // time to update display's frame buffers with new UI before compositing was + // stopped. + // This is not the case with views lock implementation. + // OnAshLockAnimationFinished() is called too soon, thus the display's frame + // buffers might still contain the UI from before the lock window was shown + // at this time - see https://crbug.com/807511. + // To work around this, add additional delay before notifying + // PowerEventObserver lock screen UI is ready. + // TODO(tbarzic): Find a more deterministic way to determine when the display + // can be turned off during device suspend. + base::ThreadTaskRunnerHandle::Get()->PostDelayedTask( + FROM_HERE, + base::BindOnce(&ViewsScreenLocker::NotifyChromeLockAnimationsComplete, + weak_factory_.GetWeakPtr()), + base::TimeDelta::FromMilliseconds(1500)); } void ViewsScreenLocker::SetFingerprintState( @@ -275,6 +299,10 @@ OnDevChannelInfoUpdated(); } +void ViewsScreenLocker::NotifyChromeLockAnimationsComplete() { + SessionControllerClient::Get()->NotifyChromeLockAnimationsComplete(); +} + void ViewsScreenLocker::UpdatePinKeyboardState(const AccountId& account_id) { quick_unlock::QuickUnlockStorage* quick_unlock_storage = quick_unlock::QuickUnlockFactory::GetForAccountId(account_id); diff -Nru chromium-browser-64.0.3282.140/chrome/browser/chromeos/login/lock/views_screen_locker.h chromium-browser-64.0.3282.167/chrome/browser/chromeos/login/lock/views_screen_locker.h --- chromium-browser-64.0.3282.140/chrome/browser/chromeos/login/lock/views_screen_locker.h 2018-02-02 01:25:32.000000000 +0000 +++ chromium-browser-64.0.3282.167/chrome/browser/chromeos/login/lock/views_screen_locker.h 2018-02-14 02:04:07.000000000 +0000 @@ -81,6 +81,9 @@ void OnAllowedInputMethodsChanged(); void OnDevChannelInfoUpdated(); + // Notifies the session manager that the lock animations are complete. + void NotifyChromeLockAnimationsComplete(); + std::unique_ptr user_selection_screen_proxy_; std::unique_ptr user_selection_screen_; diff -Nru chromium-browser-64.0.3282.140/chrome/browser/ui/cocoa/status_bubble_mac.h chromium-browser-64.0.3282.167/chrome/browser/ui/cocoa/status_bubble_mac.h --- chromium-browser-64.0.3282.140/chrome/browser/ui/cocoa/status_bubble_mac.h 2018-02-02 01:25:34.000000000 +0000 +++ chromium-browser-64.0.3282.167/chrome/browser/ui/cocoa/status_bubble_mac.h 2018-02-14 02:04:10.000000000 +0000 @@ -12,6 +12,7 @@ #include #include "base/compiler_specific.h" +#include "base/mac/scoped_nsobject.h" #include "base/macros.h" #include "base/memory/weak_ptr.h" #include "base/strings/string16.h" @@ -92,7 +93,7 @@ // Is the status bubble attached to the browser window? It should be attached // when shown and during any fades, but should be detached when hidden. - bool is_attached() { return [window_ parentWindow] != nil; } + bool is_attached(); // Begins fading the status bubble window in or out depending on the value // of |show|. This must be called from the appropriate fade state, @@ -147,6 +148,9 @@ // concerns. unsigned long OSDependentCornerFlags(NSRect window_frame); + // Returns the status bubble window as an NSWindow. For use in tests. + NSWindow* GetWindow(); + // The window we attach ourselves to. NSWindow* parent_; // WEAK @@ -154,7 +158,7 @@ id delegate_; // WEAK // The window we own. - StatusBubbleWindow* window_; + base::scoped_nsobject window_; // The status text we want to display when there are no URLs to display. NSString* status_text_; diff -Nru chromium-browser-64.0.3282.140/chrome/browser/ui/cocoa/status_bubble_mac.mm chromium-browser-64.0.3282.167/chrome/browser/ui/cocoa/status_bubble_mac.mm --- chromium-browser-64.0.3282.140/chrome/browser/ui/cocoa/status_bubble_mac.mm 2018-02-02 01:25:34.000000000 +0000 +++ chromium-browser-64.0.3282.167/chrome/browser/ui/cocoa/status_bubble_mac.mm 2018-02-14 02:04:10.000000000 +0000 @@ -64,128 +64,100 @@ } // namespace -@interface StatusBubbleAnimationDelegate : NSObject { - @private - base::mac::ScopedBlock completionHandler_; -} - -- (id)initWithCompletionHandler:(void (^)(void))completionHandler; +// StatusBubbleWindow becomes a child of |statusBubbleParentWindow|, but waits +// until |statusBubbleParentWindow| is visible. This works around macOS +// bugs/features which make unexpected things happen when adding a child window +// to a window that's in another space, miniaturized, or hidden +// (https://crbug.com/783521, https://crbug.com/798792). +@interface StatusBubbleWindow : NSWindow + +// The window which this window should become a child of. May be changed or +// nilled out at any time. +@property(assign, nonatomic) NSWindow* statusBubbleParentWindow; -// CAAnimation delegate methods -- (void)animationDidStart:(CAAnimation*)animation; -- (void)animationDidStop:(CAAnimation*)animation finished:(BOOL)finished; @end -@implementation StatusBubbleAnimationDelegate +@implementation StatusBubbleWindow { + BOOL observingParentWindowVisibility_; +} +@synthesize statusBubbleParentWindow = statusBubbleParentWindow_; -- (id)initWithCompletionHandler:(void (^)(void))completionHandler { - if ((self = [super init])) { - completionHandler_.reset(completionHandler, base::scoped_policy::RETAIN); +- (void)dealloc { + // StatusBubbleMac is expected to always clear statusBubbleParentWindow + // before releasing StatusBubbleWindow. If that changes, it's OK to remove + // this DCHECK as long as StatusBubbleWindow will never outlive its parent. + DCHECK(!statusBubbleParentWindow_); + + [self stopObserving]; + [super dealloc]; +} + +- (void)setStatusBubbleParentWindow:(NSWindow*)statusBubbleParentWindow { + if (statusBubbleParentWindow_ == statusBubbleParentWindow) + return; + + // First, detach from the current parent window, if any. + if (statusBubbleParentWindow_) { + [self stopObserving]; + [self orderOut:nil]; // Also removes |self| from its parent window. + } + + // Assign the new parent window. + statusBubbleParentWindow_ = statusBubbleParentWindow; + + if (statusBubbleParentWindow_) { + // Attach to the new parent window if it's visible and on the active space. + [self maybeAttach]; + + if (!self.parentWindow) { + // If maybeAttach bailed, start observing the window's visibility and the + // active space, and try again when they change. + observingParentWindowVisibility_ = YES; + [statusBubbleParentWindow_ addObserver:self + forKeyPath:@"visible" + options:0 + context:nil]; + [[NSWorkspace sharedWorkspace].notificationCenter + addObserver:self + selector:@selector(maybeAttach) + name:NSWorkspaceActiveSpaceDidChangeNotification + object:[NSWorkspace sharedWorkspace]]; + } } - - return self; } -- (void)animationDidStart:(CAAnimation*)theAnimation { - // CAAnimationDelegate method added on OSX 10.12. -} -- (void)animationDidStop:(CAAnimation*)animation finished:(BOOL)finished { - completionHandler_.get()(); +- (void)stopObserving { + if (!observingParentWindowVisibility_) + return; + observingParentWindowVisibility_ = NO; + [statusBubbleParentWindow_ removeObserver:self + forKeyPath:@"visible" + context:nil]; + [[NSWorkspace sharedWorkspace].notificationCenter removeObserver:self]; } -@end - -@interface StatusBubbleWindow : NSWindow { - @private - void (^completionHandler_)(void); +- (void)maybeAttach { + if (![statusBubbleParentWindow_ isVisible]) + return; + if (![statusBubbleParentWindow_ isOnActiveSpace]) + return; + [self stopObserving]; + // Adding |self| as a child window also orders it in. + [statusBubbleParentWindow_ addChildWindow:self ordered:NSWindowAbove]; } -- (id)animationForKey:(NSString *)key; -- (void)runAnimationGroup:(void (^)(NSAnimationContext *context))changes - completionHandler:(void (^)(void))completionHandler; -@end - -@implementation StatusBubbleWindow - -- (id)animationForKey:(NSString *)key { - CAAnimation* animation = [super animationForKey:key]; - // If completionHandler_ isn't nil, then this is the first of (potentially) - // multiple animations in a grouping; give it the completion handler. If - // completionHandler_ is nil, then some other animation was tagged with the - // completion handler. - if (completionHandler_) { - DCHECK(![NSAnimationContext respondsToSelector: - @selector(runAnimationGroup:completionHandler:)]); - StatusBubbleAnimationDelegate* animation_delegate = - [[StatusBubbleAnimationDelegate alloc] - initWithCompletionHandler:completionHandler_]; - [animation setDelegate:animation_delegate]; - completionHandler_ = nil; - } - return animation; -} - -- (void)runAnimationGroup:(void (^)(NSAnimationContext *context))changes - completionHandler:(void (^)(void))completionHandler { - if ([NSAnimationContext respondsToSelector: - @selector(runAnimationGroup:completionHandler:)]) { - [NSAnimationContext runAnimationGroup:changes - completionHandler:completionHandler]; - } else { - // Mac OS 10.6 does not have completion handler callbacks at the Cocoa - // level, only at the CoreAnimation level. So intercept calls made to - // -animationForKey: and tag one of the animations with a delegate that will - // execute the completion handler. - completionHandler_ = completionHandler; - [NSAnimationContext beginGrouping]; - changes([NSAnimationContext currentContext]); - // At this point, -animationForKey should have been called by CoreAnimation - // to set up the animation to run. Verify this. - DCHECK(completionHandler_ == nil); - [NSAnimationContext endGrouping]; - } +- (void)observeValueForKeyPath:(NSString*)keyPath + ofObject:(id)object + change:(NSDictionary*)change + context:(void*)context { + [self maybeAttach]; } @end -// Mac implementation of the status bubble. -// -// TODO(crbug.com/780521): The comment below no longer applies and should be -// cleaned up along with all of the code it refers to. Setting the bubble's -// collectionBehavior lets it be removed from the screen with orderOut: instead -// of just made very small and invisible. Full screen low power will shortly -// depend on this (crrev.com/c/739185). -// -// - - - -// -// Child windows interact with Spaces in interesting ways, so this code has to -// follow these rules: -// -// 1) NSWindows cannot have zero size. At times when the status bubble window -// has no specific size (for example, when hidden), its size is set to -// ui::kWindowSizeDeterminedLater. -// -// 2) Child window frames are in the coordinate space of the screen, not of the -// parent window. If a child window has its origin at (0, 0), Spaces will -// position it in the corner of the screen but group it with the parent -// window in Spaces. This causes Chrome windows to have a large (mostly -// blank) area in Spaces. To avoid this, child windows always have their -// origin set to the lower-left corner of the window. -// -// 3) Detached child windows may show up as top-level windows in Spaces. To -// avoid this, once the status bubble is Attach()ed to the parent, it is -// never detached (except in rare cases when reparenting to a fullscreen -// window). -// -// 4) To avoid unnecessary redraws, if a bubble is in the kBubbleHidden state, -// its size is always set to ui::kWindowSizeDeterminedLater. The proper -// width for the current URL or status text is not calculated until the -// bubble leaves the kBubbleHidden state. - StatusBubbleMac::StatusBubbleMac(NSWindow* parent, id delegate) : parent_(parent), delegate_(delegate), - window_(nil), status_text_(nil), url_text_(nil), state_(kBubbleHidden), @@ -204,8 +176,6 @@ completion_handler_factory_.InvalidateWeakPtrs(); Detach(); - [window_ release]; - window_ = nil; } void StatusBubbleMac::SetStatus(const base::string16& status) { @@ -444,11 +414,11 @@ void StatusBubbleMac::Create() { DCHECK(!window_); - window_ = [[StatusBubbleWindow alloc] + window_.reset([[StatusBubbleWindow alloc] initWithContentRect:ui::kWindowSizeDeterminedLater styleMask:NSBorderlessWindowMask backing:NSBackingStoreBuffered - defer:NO]; + defer:NO]); [window_ setCollectionBehavior:[window_ collectionBehavior] | NSWindowCollectionBehaviorTransient]; [window_ setMovableByWindowBackground:NO]; @@ -473,7 +443,7 @@ void StatusBubbleMac::Attach() { if (is_attached()) return; - [parent_ addChildWindow:window_ ordered:NSWindowAbove]; + [window_ setStatusBubbleParentWindow:parent_]; [[window_ contentView] setThemeProvider:parent_]; } @@ -489,13 +459,17 @@ if (state_ != kBubbleHidden) { frame = CalculateWindowFrame(/*expand=*/false); } + // See https://crbug.com/28107 and https://crbug.com/29054. [window_ setFrame:frame display:NO]; - [parent_ removeChildWindow:window_]; // See crbug.com/28107 ... - [window_ orderOut:nil]; // ... and crbug.com/29054. + [window_ setStatusBubbleParentWindow:nil]; [[window_ contentView] setThemeProvider:nil]; } +bool StatusBubbleMac::is_attached() { + return [window_ statusBubbleParentWindow] != nil; +} + void StatusBubbleMac::AnimationDidStop() { DCHECK([NSThread isMainThread]); DCHECK(state_ == kBubbleShowingFadeIn || state_ == kBubbleHidingFadeOut); @@ -572,14 +546,13 @@ completion_handler_factory_.InvalidateWeakPtrs(); base::WeakPtr weak_ptr( completion_handler_factory_.GetWeakPtr()); - [window_ - runAnimationGroup:^(NSAnimationContext* context) { - [context setDuration:duration]; - [[window_ animator] setAlphaValue:alpha]; - } + [NSAnimationContext runAnimationGroup:^(NSAnimationContext* context) { + [context setDuration:duration]; + [[window_ animator] setAlphaValue:alpha]; + } completionHandler:^{ - if (weak_ptr) - weak_ptr->AnimationDidStop(); + if (weak_ptr) + weak_ptr->AnimationDidStop(); }]; } @@ -819,3 +792,7 @@ return corner_flags; } + +NSWindow* StatusBubbleMac::GetWindow() { + return window_; +} diff -Nru chromium-browser-64.0.3282.140/chrome/browser/ui/cocoa/status_bubble_mac_unittest.mm chromium-browser-64.0.3282.167/chrome/browser/ui/cocoa/status_bubble_mac_unittest.mm --- chromium-browser-64.0.3282.140/chrome/browser/ui/cocoa/status_bubble_mac_unittest.mm 2018-02-02 01:25:34.000000000 +0000 +++ chromium-browser-64.0.3282.167/chrome/browser/ui/cocoa/status_bubble_mac_unittest.mm 2018-02-14 02:04:10.000000000 +0000 @@ -93,7 +93,7 @@ public: void SetUp() override { CocoaTest::SetUp(); - NSWindow* window = test_window(); + CocoaTestHelperWindow* window = test_window(); EXPECT_TRUE(window); delegate_.reset( [[StatusBubbleMacTestDelegate alloc] initWithWindow: window]); @@ -133,9 +133,7 @@ BubbleView* bubbleView = [bubble_->window_ contentView]; return [bubbleView content]; } - StatusBubbleWindow* GetWindow() { - return bubble_->window_; - } + NSWindow* GetWindow() { return bubble_->GetWindow(); } NSWindow* parent() { return bubble_->parent_; } @@ -534,7 +532,7 @@ // Show the bubble and make sure it has the same origin as |window|. bubble_->SetStatus(UTF8ToUTF16("Showing")); - StatusBubbleWindow* child = GetWindow(); + NSWindow* child = GetWindow(); EXPECT_NSEQ([window frame].origin, [child frame].origin); // Hide the bubble, move the window, and show it again. @@ -554,7 +552,7 @@ // Show the bubble and make sure it has the same origin as |window|. bubble_->SetStatus(UTF8ToUTF16("Showing")); - StatusBubbleWindow* child = GetWindow(); + NSWindow* child = GetWindow(); EXPECT_NSEQ([window frame].origin, [child frame].origin); // Hide the bubble, change base frame offset, and show it again. @@ -681,3 +679,21 @@ bubble_->SetStatus(UTF8ToUTF16("Showing")); bubble_->SwitchParentWindow(test_window()); } + +TEST_F(StatusBubbleMacTest, WaitsUntilVisible) { + [test_window() orderOut:nil]; + bubble_->SetStatus(UTF8ToUTF16("Show soon")); + EXPECT_NSEQ(nil, GetWindow().parentWindow); + + [test_window() orderBack:nil]; + EXPECT_NSNE(nil, GetWindow().parentWindow); +} + +TEST_F(StatusBubbleMacTest, WaitsUntilOnActiveSpace) { + test_window().pretendIsOnActiveSpace = NO; + bubble_->SetStatus(UTF8ToUTF16("Show soon")); + EXPECT_NSEQ(nil, GetWindow().parentWindow); + + test_window().pretendIsOnActiveSpace = YES; + EXPECT_NSNE(nil, GetWindow().parentWindow); +} diff -Nru chromium-browser-64.0.3282.140/chrome/VERSION chromium-browser-64.0.3282.167/chrome/VERSION --- chromium-browser-64.0.3282.140/chrome/VERSION 2018-02-02 01:25:30.000000000 +0000 +++ chromium-browser-64.0.3282.167/chrome/VERSION 2018-02-14 02:04:04.000000000 +0000 @@ -1,4 +1,4 @@ MAJOR=64 MINOR=0 BUILD=3282 -PATCH=140 +PATCH=167 diff -Nru chromium-browser-64.0.3282.140/content/renderer/media_capture_from_element/canvas_capture_handler.cc chromium-browser-64.0.3282.167/content/renderer/media_capture_from_element/canvas_capture_handler.cc --- chromium-browser-64.0.3282.140/content/renderer/media_capture_from_element/canvas_capture_handler.cc 2018-02-02 01:25:43.000000000 +0000 +++ chromium-browser-64.0.3282.167/content/renderer/media_capture_from_element/canvas_capture_handler.cc 2018-02-14 02:04:19.000000000 +0000 @@ -289,6 +289,7 @@ base::Bind(&CanvasCaptureHandler::OnARGBPixelsReadAsync, weak_ptr_factory_.GetWeakPtr(), image, temp_argb_frame, timestamp, surface_origin != kTopLeft_GrSurfaceOrigin)); + context_provider->InvalidateGrContext(kTextureBinding_GrGLBackendState); } void CanvasCaptureHandler::ReadYUVPixelsAsync( diff -Nru chromium-browser-64.0.3282.140/debian/changelog chromium-browser-64.0.3282.167/debian/changelog --- chromium-browser-64.0.3282.140/debian/changelog 2018-02-02 14:39:55.000000000 +0000 +++ chromium-browser-64.0.3282.167/debian/changelog 2018-02-14 11:02:53.000000000 +0000 @@ -1,3 +1,10 @@ +chromium-browser (64.0.3282.167-0ubuntu0.14.04.1) trusty; urgency=medium + + * Upstream release: 64.0.3282.167 + - CVE-2018-6056: Incorrect derived class instantiation in V8. + + -- Olivier Tilloy Wed, 14 Feb 2018 12:02:53 +0100 + chromium-browser (64.0.3282.140-0ubuntu0.14.04.1) trusty; urgency=medium * Upstream release: 64.0.3282.140 diff -Nru chromium-browser-64.0.3282.140/DEPS chromium-browser-64.0.3282.167/DEPS --- chromium-browser-64.0.3282.140/DEPS 2018-02-02 01:25:27.000000000 +0000 +++ chromium-browser-64.0.3282.167/DEPS 2018-02-14 02:04:01.000000000 +0000 @@ -555,7 +555,7 @@ 'src/tools/swarming_client': (Var("chromium_git")) + '/infra/luci/client-py.git@6fd3c7b6eb7c60f89e83f8ab1f93c133488f984e', 'src/v8': - (Var("chromium_git")) + '/v8/v8.git@b8e695a5f1f59576670206aef30f8b896f0813cd' + (Var("chromium_git")) + '/v8/v8.git@8930b3975cfe944333cf84fc1f1c12d582207eeb' } gclient_gn_args = [ diff -Nru chromium-browser-64.0.3282.140/gpu/config/gpu_lists_version.h chromium-browser-64.0.3282.167/gpu/config/gpu_lists_version.h --- chromium-browser-64.0.3282.140/gpu/config/gpu_lists_version.h 2018-02-02 01:27:28.000000000 +0000 +++ chromium-browser-64.0.3282.167/gpu/config/gpu_lists_version.h 2018-02-14 02:06:09.000000000 +0000 @@ -3,6 +3,6 @@ #ifndef GPU_CONFIG_GPU_LISTS_VERSION_H_ #define GPU_CONFIG_GPU_LISTS_VERSION_H_ -#define GPU_LISTS_VERSION "a666f93c834dc52cc3b76d334e1ec60b882c9284" +#define GPU_LISTS_VERSION "4a47f74f5d4ab136d46ec8febed14aee295a5985" #endif // GPU_CONFIG_GPU_LISTS_VERSION_H_ diff -Nru chromium-browser-64.0.3282.140/media/blink/webmediaplayer_impl.cc chromium-browser-64.0.3282.167/media/blink/webmediaplayer_impl.cc --- chromium-browser-64.0.3282.140/media/blink/webmediaplayer_impl.cc 2018-02-02 01:25:48.000000000 +0000 +++ chromium-browser-64.0.3282.167/media/blink/webmediaplayer_impl.cc 2018-02-14 02:04:28.000000000 +0000 @@ -23,6 +23,7 @@ #include "base/single_thread_task_runner.h" #include "base/strings/string_number_conversions.h" #include "base/task_runner_util.h" +#include "base/task_scheduler/post_task.h" #include "base/threading/thread_task_runner_handle.h" #include "base/trace_event/trace_event.h" #include "build/build_config.h" @@ -336,10 +337,44 @@ vfc_task_runner_->DeleteSoon(FROM_HERE, std::move(compositor_)); + if (chunk_demuxer_) { + // Continue destruction of |chunk_demuxer_| on the |media_task_runner_| to + // avoid racing other pending tasks on |chunk_demuxer_| on that runner while + // not further blocking |main_task_runner_| to perform the destruction. + media_task_runner_->PostTask( + FROM_HERE, base::BindOnce(&WebMediaPlayerImpl::DemuxerDestructionHelper, + media_task_runner_, std::move(demuxer_))); + } + media_log_->AddEvent( media_log_->CreateEvent(MediaLogEvent::WEBMEDIAPLAYER_DESTROYED)); } +// static +void WebMediaPlayerImpl::DemuxerDestructionHelper( + scoped_refptr task_runner, + std::unique_ptr demuxer) { + DCHECK(task_runner->BelongsToCurrentThread()); + // ChunkDemuxer's streams may contain much buffered, compressed media that may + // need to be paged back in during destruction. Paging delay may exceed the + // renderer hang monitor's threshold on at least Windows while also blocking + // other work on the renderer main thread, so we do the actual destruction in + // the background without blocking WMPI destruction or |task_runner|. On + // advice of task_scheduler OWNERS, MayBlock() is not used because virtual + // memory overhead is not considered blocking I/O; and CONTINUE_ON_SHUTDOWN is + // used to allow process termination to not block on completing the task. + base::PostTaskWithTraits( + FROM_HERE, + {base::TaskPriority::BACKGROUND, + base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN}, + base::BindOnce( + [](std::unique_ptr demuxer_to_destroy) { + SCOPED_UMA_HISTOGRAM_TIMER("Media.MSE.DemuxerDestructionTime"); + demuxer_to_destroy.reset(); + }, + std::move(demuxer))); +} + void WebMediaPlayerImpl::Load(LoadType load_type, const blink::WebMediaPlayerSource& source, CORSMode cors_mode) { @@ -1127,6 +1162,7 @@ format, type, level, premultiply_alpha, flip_y); } +// static void WebMediaPlayerImpl::ComputeFrameUploadMetadata( VideoFrame* frame, int already_uploaded_id, @@ -1382,8 +1418,10 @@ memory_pressure_level == base::MemoryPressureListener::MEMORY_PRESSURE_LEVEL_CRITICAL); - // base::Unretained is safe, since chunk_demuxer_ is actually owned by - // |this| via this->demuxer_. + // base::Unretained is safe, since |chunk_demuxer_| is actually owned by + // |this| via this->demuxer_. Note the destruction of |chunk_demuxer_| is done + // from ~WMPI by first hopping to |media_task_runner_| to prevent race with + // this task. media_task_runner_->PostTask( FROM_HERE, base::Bind(&ChunkDemuxer::OnMemoryPressure, base::Unretained(chunk_demuxer_), diff -Nru chromium-browser-64.0.3282.140/media/blink/webmediaplayer_impl.h chromium-browser-64.0.3282.167/media/blink/webmediaplayer_impl.h --- chromium-browser-64.0.3282.140/media/blink/webmediaplayer_impl.h 2018-02-02 01:25:48.000000000 +0000 +++ chromium-browser-64.0.3282.167/media/blink/webmediaplayer_impl.h 2018-02-14 02:04:28.000000000 +0000 @@ -109,6 +109,15 @@ std::unique_ptr params); ~WebMediaPlayerImpl() override; + // Destroys |demuxer| and records a UMA for the time taken to destroy it. + // |task_runner| is the expected runner on which this method is called, and is + // used as a parameter to ensure a scheduled task bound to this method is run + // (to prevent uncontrolled |demuxer| destruction if |task_runner| has no + // other references before such task is executed.) + static void DemuxerDestructionHelper( + scoped_refptr task_runner, + std::unique_ptr demuxer); + // WebSurfaceLayerBridgeObserver implementation. void OnWebLayerUpdated() override; void RegisterContentsLayer(blink::WebLayer* web_layer) override; diff -Nru chromium-browser-64.0.3282.140/media/filters/chunk_demuxer_unittest.cc chromium-browser-64.0.3282.167/media/filters/chunk_demuxer_unittest.cc --- chromium-browser-64.0.3282.140/media/filters/chunk_demuxer_unittest.cc 2018-02-02 01:25:48.000000000 +0000 +++ chromium-browser-64.0.3282.167/media/filters/chunk_demuxer_unittest.cc 2018-02-14 02:04:28.000000000 +0000 @@ -6,20 +6,22 @@ #include #include + #include +#include #include #include "base/bind.h" #include "base/bind_helpers.h" #include "base/command_line.h" #include "base/macros.h" -#include "base/message_loop/message_loop.h" #include "base/run_loop.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_split.h" #include "base/strings/string_util.h" #include "base/synchronization/waitable_event.h" #include "base/test/scoped_feature_list.h" +#include "base/test/scoped_task_environment.h" #include "media/base/audio_decoder_config.h" #include "media/base/decoder_buffer.h" #include "media/base/decrypt_config.h" @@ -1335,9 +1337,10 @@ return true; } + base::test::ScopedTaskEnvironment scoped_task_environment_; + StrictMock media_log_; - base::MessageLoop message_loop_; MockDemuxerHost host_; std::unique_ptr demuxer_; Binary files /tmp/tmpmF3dFb/dmmf4ohOcj/chromium-browser-64.0.3282.140/third_party/icu/android/icudtl.dat and /tmp/tmpmF3dFb/FaqvjXkwXH/chromium-browser-64.0.3282.167/third_party/icu/android/icudtl.dat differ Binary files /tmp/tmpmF3dFb/dmmf4ohOcj/chromium-browser-64.0.3282.140/third_party/icu/cast/icudtl.dat and /tmp/tmpmF3dFb/FaqvjXkwXH/chromium-browser-64.0.3282.167/third_party/icu/cast/icudtl.dat differ Binary files /tmp/tmpmF3dFb/dmmf4ohOcj/chromium-browser-64.0.3282.140/third_party/icu/common/icudtb.dat and /tmp/tmpmF3dFb/FaqvjXkwXH/chromium-browser-64.0.3282.167/third_party/icu/common/icudtb.dat differ Binary files /tmp/tmpmF3dFb/dmmf4ohOcj/chromium-browser-64.0.3282.140/third_party/icu/common/icudtl.dat and /tmp/tmpmF3dFb/FaqvjXkwXH/chromium-browser-64.0.3282.167/third_party/icu/common/icudtl.dat differ Binary files /tmp/tmpmF3dFb/dmmf4ohOcj/chromium-browser-64.0.3282.140/third_party/icu/ios/icudtl.dat and /tmp/tmpmF3dFb/FaqvjXkwXH/chromium-browser-64.0.3282.167/third_party/icu/ios/icudtl.dat differ diff -Nru chromium-browser-64.0.3282.140/third_party/icu/README.chromium chromium-browser-64.0.3282.167/third_party/icu/README.chromium --- chromium-browser-64.0.3282.140/third_party/icu/README.chromium 2018-02-02 01:27:16.000000000 +0000 +++ chromium-browser-64.0.3282.167/third_party/icu/README.chromium 2018-02-14 02:05:58.000000000 +0000 @@ -228,9 +228,9 @@ windowsZones.txt zoneinfo64.txt - As of Oct 23, 2017, the latest version is 2017c and the above files + As of Feb 5, 2018, the latest version is 2018c and the above files are available at - http://source.icu-project.org/repos/icu/data/trunk/tzdata/icunew/2017c/44/ + http://source.icu-project.org/repos/icu/data/trunk/tzdata/icunew/2018c/44/ 4. Build-related changes diff -Nru chromium-browser-64.0.3282.140/third_party/icu/source/data/misc/metaZones.txt chromium-browser-64.0.3282.167/third_party/icu/source/data/misc/metaZones.txt --- chromium-browser-64.0.3282.140/third_party/icu/source/data/misc/metaZones.txt 2018-02-02 01:27:17.000000000 +0000 +++ chromium-browser-64.0.3282.167/third_party/icu/source/data/misc/metaZones.txt 2018-02-14 02:05:59.000000000 +0000 @@ -344,7 +344,6 @@ SH{"Atlantic/St_Helena"} SL{"Africa/Freetown"} SN{"Africa/Dakar"} - ST{"Africa/Sao_Tome"} TG{"Africa/Lome"} } Galapagos{ @@ -1030,6 +1029,13 @@ "Africa:Sao_Tome"{ { "GMT", + "1970-01-01 00:00", + "2018-01-01 01:00", + } + { + "Africa_Western", + "2018-01-01 01:00", + "9999-12-31 23:59", } } "Africa:Tripoli"{ diff -Nru chromium-browser-64.0.3282.140/third_party/icu/source/data/misc/windowsZones.txt chromium-browser-64.0.3282.167/third_party/icu/source/data/misc/windowsZones.txt --- chromium-browser-64.0.3282.140/third_party/icu/source/data/misc/windowsZones.txt 2018-02-02 01:27:17.000000000 +0000 +++ chromium-browser-64.0.3282.167/third_party/icu/source/data/misc/windowsZones.txt 2018-02-14 02:05:59.000000000 +0000 @@ -316,7 +316,6 @@ SH{"Atlantic/St_Helena"} SL{"Africa/Freetown"} SN{"Africa/Dakar"} - ST{"Africa/Sao_Tome"} TG{"Africa/Lome"} } "Haiti Standard Time"{ @@ -744,6 +743,7 @@ GQ{"Africa/Malabo"} NE{"Africa/Niamey"} NG{"Africa/Lagos"} + ST{"Africa/Sao_Tome"} TD{"Africa/Ndjamena"} TN{"Africa/Tunis"} ZZ{"Etc/GMT-1"} diff -Nru chromium-browser-64.0.3282.140/third_party/icu/source/data/misc/zoneinfo64.txt chromium-browser-64.0.3282.167/third_party/icu/source/data/misc/zoneinfo64.txt --- chromium-browser-64.0.3282.140/third_party/icu/source/data/misc/zoneinfo64.txt 2018-02-02 01:27:17.000000000 +0000 +++ chromium-browser-64.0.3282.167/third_party/icu/source/data/misc/zoneinfo64.txt 2018-02-14 02:05:59.000000000 +0000 @@ -3,9 +3,9 @@ // License & terms of use: http://www.unicode.org/copyright.html#License //--------------------------------------------------------- // Build tool: tz2icu -// Build date: Tue Oct 24 17:35:27 2017 +// Build date: Tue Jan 23 20:51:55 2018 // tz database: ftp://ftp.iana.org/tz/ -// tz version: 2017c +// tz version: 2018c // ICU version: 60.1 //--------------------------------------------------------- // >> !!! >> THIS IS A MACHINE-GENERATED FILE << !!! << @@ -13,7 +13,7 @@ //--------------------------------------------------------- zoneinfo64:table(nofallback) { - TZVersion { "2017c" } + TZVersion { "2018c" } Zones:array { /* ACT */ :int { 354 } //Z#0 /* AET */ :int { 366 } //Z#1 @@ -24,7 +24,7 @@ trans:intvector { -1830383032 } typeOffsets:intvector { -968, 0, 0, 0 } typeMap:bin { "01" } - links:intvector { 5, 11, 13, 21, 22, 27, 38, 51, 52, 54, 55, 346 } + links:intvector { 5, 11, 13, 21, 22, 27, 38, 51, 52, 55, 346 } } //Z#5 /* Africa/Accra */ :table { trans:intvector { -1640995148, -1556841600, -1546388400, -1525305600, -1514852400, -1493769600, -1483316400, -1462233600, -1451780400, -1430611200, -1420158000, -1399075200, -1388622000, -1367539200, -1357086000, -1336003200, -1325550000, -1304380800, -1293927600, -1272844800, -1262391600, -1241308800, -1230855600, -1209772800, -1199319600, -1178150400, -1167697200, -1146614400, -1136161200, -1115078400, -1104625200, -1083542400, -1073089200, -1051920000, -1041466800, -1020384000, -1009930800, -988848000, -978394800, -957312000, -946858800, -925689600, -915236400, -894153600, -883700400, -862617600, -852164400 } @@ -154,7 +154,12 @@ /* Africa/Nouakchott */ :int { 5 } //Z#51 /* Africa/Ouagadougou */ :int { 5 } //Z#52 /* Africa/Porto-Novo */ :int { 36 } //Z#53 - /* Africa/Sao_Tome */ :int { 5 } //Z#54 + /* Africa/Sao_Tome */ :table { + transPre32:intvector { -1, 1581055280 } + trans:intvector { -1830381795, 1514768400 } + typeOffsets:intvector { 1616, 0, -2205, 0, 0, 0, 3600, 0 } + typeMap:bin { "010203" } + } //Z#54 /* Africa/Timbuktu */ :int { 5 } //Z#55 /* Africa/Tripoli */ :table { trans:intvector { -1577926364, -574902000, -568087200, -512175600, -504928800, -449888400, -441856800, -347158800, 378684000, 386463600, 402271200, 417999600, 433807200, 449622000, 465429600, 481590000, 496965600, 512953200, 528674400, 544230000, 560037600, 575852400, 591660000, 607388400, 623196000, 641775600, 844034400, 860108400, 875916000, 1352505600, 1364515200, 1382659200 } @@ -358,8 +363,8 @@ finalYear:int { 2008 } } //Z#91 /* America/Campo_Grande */ :table { - trans:intvector { -1767212492, -1206954000, -1191358800, -1175371200, -1159822800, -633816000, -622065600, -602280000, -591829200, -570744000, -560206800, -539121600, -531349200, -191361600, -184194000, -155160000, -150066000, -128894400, -121122000, -99950400, -89586000, -68414400, -57963600, 499752000, 511239600, 530596800, 540270000, 562132800, 571201200, 592977600, 602046000, 624427200, 634705200, 656481600, 666759600, 687931200, 697604400, 719985600, 728449200, 750830400, 761713200, 782280000, 793162800, 813729600, 824007600, 844574400, 856062000, 876110400, 888721200, 908078400, 919566000, 938923200, 951620400, 970977600, 982465200, 1003032000, 1013914800, 1036296000, 1045364400, 1066536000, 1076814000, 1099368000, 1108868400, 1129435200, 1140318000, 1162699200, 1172372400, 1192334400, 1203217200, 1224388800, 1234666800, 1255838400, 1266721200, 1287288000, 1298170800, 1318737600, 1330225200, 1350792000, 1361070000, 1382241600, 1392519600, 1413691200, 1424574000, 1445140800, 1456023600, 1476590400, 1487473200, 1508040000, 1518922800, 1540094400, 1550372400, 1571544000, 1581822000, 1602993600, 1613876400, 1634443200, 1645326000, 1665892800, 1677380400, 1697342400, 1708225200, 1729396800, 1739674800, 1760846400, 1771729200, 1792296000, 1803178800, 1823745600, 1834628400, 1855195200, 1866078000, 1887249600, 1897527600, 1918699200, 1928977200, 1950148800, 1960426800, 1981598400, 1992481200, 2013048000, 2024535600, 2044497600, 2055380400, 2076552000, 2086830000, 2108001600, 2118884400, 2139451200 } - transPost32:intvector { 0, -2144633296, 0, -2124066496 } + trans:intvector { -1767212492, -1206954000, -1191358800, -1175371200, -1159822800, -633816000, -622065600, -602280000, -591829200, -570744000, -560206800, -539121600, -531349200, -191361600, -184194000, -155160000, -150066000, -128894400, -121122000, -99950400, -89586000, -68414400, -57963600, 499752000, 511239600, 530596800, 540270000, 562132800, 571201200, 592977600, 602046000, 624427200, 634705200, 656481600, 666759600, 687931200, 697604400, 719985600, 728449200, 750830400, 761713200, 782280000, 793162800, 813729600, 824007600, 844574400, 856062000, 876110400, 888721200, 908078400, 919566000, 938923200, 951620400, 970977600, 982465200, 1003032000, 1013914800, 1036296000, 1045364400, 1066536000, 1076814000, 1099368000, 1108868400, 1129435200, 1140318000, 1162699200, 1172372400, 1192334400, 1203217200, 1224388800, 1234666800, 1255838400, 1266721200, 1287288000, 1298170800, 1318737600, 1330225200, 1350792000, 1361070000, 1382241600, 1392519600, 1413691200, 1424574000, 1445140800, 1456023600, 1476590400, 1487473200, 1508040000, 1518922800, 1541304000, 1550372400, 1572753600, 1581822000, 1604203200, 1613876400, 1636257600, 1645326000, 1667707200, 1677380400, 1699156800, 1708225200, 1730606400, 1739674800, 1762056000, 1771729200, 1793505600, 1803178800, 1825560000, 1834628400, 1857009600, 1866078000, 1888459200, 1897527600, 1919908800, 1928977200, 1951358400, 1960426800, 1983412800, 1992481200, 2014862400, 2024535600, 2046312000, 2055380400, 2077761600, 2086830000, 2109211200, 2118884400, 2140660800 } + transPost32:intvector { 0, -2144633296, 0, -2122252096 } typeOffsets:intvector { -13108, 0, -14400, 0, -14400, 3600 } typeMap:bin { "01020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102" } finalRule { "Brazil" } @@ -416,8 +421,8 @@ typeMap:bin { "020102" } } //Z#103 /* America/Cuiaba */ :table { - trans:intvector { -1767212140, -1206954000, -1191358800, -1175371200, -1159822800, -633816000, -622065600, -602280000, -591829200, -570744000, -560206800, -539121600, -531349200, -191361600, -184194000, -155160000, -150066000, -128894400, -121122000, -99950400, -89586000, -68414400, -57963600, 499752000, 511239600, 530596800, 540270000, 562132800, 571201200, 592977600, 602046000, 624427200, 634705200, 656481600, 666759600, 687931200, 697604400, 719985600, 728449200, 750830400, 761713200, 782280000, 793162800, 813729600, 824007600, 844574400, 856062000, 876110400, 888721200, 908078400, 919566000, 938923200, 951620400, 970977600, 982465200, 1003032000, 1013914800, 1036296000, 1045364400, 1099368000, 1108868400, 1129435200, 1140318000, 1162699200, 1172372400, 1192334400, 1203217200, 1224388800, 1234666800, 1255838400, 1266721200, 1287288000, 1298170800, 1318737600, 1330225200, 1350792000, 1361070000, 1382241600, 1392519600, 1413691200, 1424574000, 1445140800, 1456023600, 1476590400, 1487473200, 1508040000, 1518922800, 1540094400, 1550372400, 1571544000, 1581822000, 1602993600, 1613876400, 1634443200, 1645326000, 1665892800, 1677380400, 1697342400, 1708225200, 1729396800, 1739674800, 1760846400, 1771729200, 1792296000, 1803178800, 1823745600, 1834628400, 1855195200, 1866078000, 1887249600, 1897527600, 1918699200, 1928977200, 1950148800, 1960426800, 1981598400, 1992481200, 2013048000, 2024535600, 2044497600, 2055380400, 2076552000, 2086830000, 2108001600, 2118884400, 2139451200 } - transPost32:intvector { 0, -2144633296, 0, -2124066496 } + trans:intvector { -1767212140, -1206954000, -1191358800, -1175371200, -1159822800, -633816000, -622065600, -602280000, -591829200, -570744000, -560206800, -539121600, -531349200, -191361600, -184194000, -155160000, -150066000, -128894400, -121122000, -99950400, -89586000, -68414400, -57963600, 499752000, 511239600, 530596800, 540270000, 562132800, 571201200, 592977600, 602046000, 624427200, 634705200, 656481600, 666759600, 687931200, 697604400, 719985600, 728449200, 750830400, 761713200, 782280000, 793162800, 813729600, 824007600, 844574400, 856062000, 876110400, 888721200, 908078400, 919566000, 938923200, 951620400, 970977600, 982465200, 1003032000, 1013914800, 1036296000, 1045364400, 1099368000, 1108868400, 1129435200, 1140318000, 1162699200, 1172372400, 1192334400, 1203217200, 1224388800, 1234666800, 1255838400, 1266721200, 1287288000, 1298170800, 1318737600, 1330225200, 1350792000, 1361070000, 1382241600, 1392519600, 1413691200, 1424574000, 1445140800, 1456023600, 1476590400, 1487473200, 1508040000, 1518922800, 1541304000, 1550372400, 1572753600, 1581822000, 1604203200, 1613876400, 1636257600, 1645326000, 1667707200, 1677380400, 1699156800, 1708225200, 1730606400, 1739674800, 1762056000, 1771729200, 1793505600, 1803178800, 1825560000, 1834628400, 1857009600, 1866078000, 1888459200, 1897527600, 1919908800, 1928977200, 1951358400, 1960426800, 1983412800, 1992481200, 2014862400, 2024535600, 2046312000, 2055380400, 2077761600, 2086830000, 2109211200, 2118884400, 2140660800 } + transPost32:intvector { 0, -2144633296, 0, -2122252096 } typeOffsets:intvector { -13460, 0, -14400, 0, -14400, 3600 } typeMap:bin { "0102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102" } finalRule { "Brazil" } @@ -1040,8 +1045,8 @@ typeMap:bin { "0401030102010201020102010201050105" } } //Z#201 /* America/Sao_Paulo */ :table { - trans:intvector { -1767214412, -1206957600, -1191362400, -1175374800, -1159826400, -633819600, -622069200, -602283600, -591832800, -570747600, -560210400, -539125200, -531352800, -195426000, -184197600, -155163600, -150069600, -128898000, -121125600, -99954000, -89589600, -68418000, -57967200, 499748400, 511236000, 530593200, 540266400, 562129200, 571197600, 592974000, 602042400, 624423600, 634701600, 656478000, 666756000, 687927600, 697600800, 719982000, 728445600, 750826800, 761709600, 782276400, 793159200, 813726000, 824004000, 844570800, 856058400, 876106800, 888717600, 908074800, 919562400, 938919600, 951616800, 970974000, 982461600, 1003028400, 1013911200, 1036292400, 1045360800, 1066532400, 1076810400, 1099364400, 1108864800, 1129431600, 1140314400, 1162695600, 1172368800, 1192330800, 1203213600, 1224385200, 1234663200, 1255834800, 1266717600, 1287284400, 1298167200, 1318734000, 1330221600, 1350788400, 1361066400, 1382238000, 1392516000, 1413687600, 1424570400, 1445137200, 1456020000, 1476586800, 1487469600, 1508036400, 1518919200, 1540090800, 1550368800, 1571540400, 1581818400, 1602990000, 1613872800, 1634439600, 1645322400, 1665889200, 1677376800, 1697338800, 1708221600, 1729393200, 1739671200, 1760842800, 1771725600, 1792292400, 1803175200, 1823742000, 1834624800, 1855191600, 1866074400, 1887246000, 1897524000, 1918695600, 1928973600, 1950145200, 1960423200, 1981594800, 1992477600, 2013044400, 2024532000, 2044494000, 2055376800, 2076548400, 2086826400, 2107998000, 2118880800, 2139447600 } - transPost32:intvector { 0, -2144636896, 0, -2124070096 } + trans:intvector { -1767214412, -1206957600, -1191362400, -1175374800, -1159826400, -633819600, -622069200, -602283600, -591832800, -570747600, -560210400, -539125200, -531352800, -195426000, -184197600, -155163600, -150069600, -128898000, -121125600, -99954000, -89589600, -68418000, -57967200, 499748400, 511236000, 530593200, 540266400, 562129200, 571197600, 592974000, 602042400, 624423600, 634701600, 656478000, 666756000, 687927600, 697600800, 719982000, 728445600, 750826800, 761709600, 782276400, 793159200, 813726000, 824004000, 844570800, 856058400, 876106800, 888717600, 908074800, 919562400, 938919600, 951616800, 970974000, 982461600, 1003028400, 1013911200, 1036292400, 1045360800, 1066532400, 1076810400, 1099364400, 1108864800, 1129431600, 1140314400, 1162695600, 1172368800, 1192330800, 1203213600, 1224385200, 1234663200, 1255834800, 1266717600, 1287284400, 1298167200, 1318734000, 1330221600, 1350788400, 1361066400, 1382238000, 1392516000, 1413687600, 1424570400, 1445137200, 1456020000, 1476586800, 1487469600, 1508036400, 1518919200, 1541300400, 1550368800, 1572750000, 1581818400, 1604199600, 1613872800, 1636254000, 1645322400, 1667703600, 1677376800, 1699153200, 1708221600, 1730602800, 1739671200, 1762052400, 1771725600, 1793502000, 1803175200, 1825556400, 1834624800, 1857006000, 1866074400, 1888455600, 1897524000, 1919905200, 1928973600, 1951354800, 1960423200, 1983409200, 1992477600, 2014858800, 2024532000, 2046308400, 2055376800, 2077758000, 2086826400, 2109207600, 2118880800, 2140657200 } + transPost32:intvector { 0, -2144636896, 0, -2122255696 } typeOffsets:intvector { -11188, 0, -10800, 0, -10800, 3600 } typeMap:bin { "01020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102010201020102" } finalRule { "Brazil" } @@ -1645,7 +1650,7 @@ } //Z#322 /* Asia/Tokyo */ :table { transPre32:intvector { -1, 1707254896 } - trans:intvector { -683794800, -672393600, -654764400, -640944000, -620290800, -609494400, -588841200, -578044800 } + trans:intvector { -683802000, -672314400, -654771600, -640864800, -620298000, -609415200, -588848400, -577965600 } typeOffsets:intvector { 33539, 0, 32400, 0, 32400, 3600 } typeMap:bin { "010201020102010201" } links:intvector { 323, 527, 529 } @@ -3083,7 +3088,7 @@ 9, 1, -1, 7200, 1, 3, 1, -1, 7200, 1, 3600 } //_#3 Brazil:intvector { - 9, 15, -1, 0, 0, 1, 15, -1, 0, 0, 3600 + 10, 1, -1, 0, 0, 1, 15, -1, 0, 0, 3600 } //_#4 C-Eur:intvector { 2, -31, -1, 7200, 1, 9, -31, -1, 7200, 1, 3600 diff -Nru chromium-browser-64.0.3282.140/third_party/WebKit/Source/core/exported/WebViewImpl.cpp chromium-browser-64.0.3282.167/third_party/WebKit/Source/core/exported/WebViewImpl.cpp --- chromium-browser-64.0.3282.140/third_party/WebKit/Source/core/exported/WebViewImpl.cpp 2018-02-02 01:26:17.000000000 +0000 +++ chromium-browser-64.0.3282.167/third_party/WebKit/Source/core/exported/WebViewImpl.cpp 2018-02-14 02:04:55.000000000 +0000 @@ -3250,12 +3250,6 @@ return local_frame ? local_frame->GetInputMethodController() : nullptr; } -void WebViewImpl::RequestDecode(const PaintImage& image, - WTF::Function callback) { - layer_tree_view_->RequestDecode(image, - ConvertToBaseCallback(std::move(callback))); -} - Color WebViewImpl::BaseBackgroundColor() const { return base_background_color_override_enabled_ ? base_background_color_override_ diff -Nru chromium-browser-64.0.3282.140/third_party/WebKit/Source/core/exported/WebViewImpl.h chromium-browser-64.0.3282.167/third_party/WebKit/Source/core/exported/WebViewImpl.h --- chromium-browser-64.0.3282.140/third_party/WebKit/Source/core/exported/WebViewImpl.h 2018-02-02 01:26:18.000000000 +0000 +++ chromium-browser-64.0.3282.167/third_party/WebKit/Source/core/exported/WebViewImpl.h 2018-02-14 02:04:55.000000000 +0000 @@ -471,8 +471,6 @@ last_hidden_page_popup_ = page_popup; } - void RequestDecode(const PaintImage&, WTF::Function callback); - private: void SetPageScaleFactorAndLocation(float, const FloatPoint&); void PropagateZoomFactorToLocalFrameRoots(Frame*, float); diff -Nru chromium-browser-64.0.3282.140/third_party/WebKit/Source/core/frame/WebFrameWidgetBase.cpp chromium-browser-64.0.3282.167/third_party/WebKit/Source/core/frame/WebFrameWidgetBase.cpp --- chromium-browser-64.0.3282.140/third_party/WebKit/Source/core/frame/WebFrameWidgetBase.cpp 2018-02-02 01:26:18.000000000 +0000 +++ chromium-browser-64.0.3282.167/third_party/WebKit/Source/core/frame/WebFrameWidgetBase.cpp 2018-02-14 02:04:55.000000000 +0000 @@ -273,7 +273,14 @@ void WebFrameWidgetBase::RequestDecode(const PaintImage& image, WTF::Function callback) { - View()->RequestDecode(image, std::move(callback)); + // If we have a LayerTreeView, propagate the request, otherwise fail it since + // otherwise it would remain in a unresolved and unrejected state. + if (WebLayerTreeView* layer_tree_view = GetLayerTreeView()) { + layer_tree_view->RequestDecode(image, + ConvertToBaseCallback(std::move(callback))); + } else { + std::move(callback).Run(false); + } } void WebFrameWidgetBase::Trace(blink::Visitor* visitor) { diff -Nru chromium-browser-64.0.3282.140/third_party/WebKit/Source/core/html/HTMLCanvasElement.cpp chromium-browser-64.0.3282.167/third_party/WebKit/Source/core/html/HTMLCanvasElement.cpp --- chromium-browser-64.0.3282.140/third_party/WebKit/Source/core/html/HTMLCanvasElement.cpp 2018-02-02 01:26:18.000000000 +0000 +++ chromium-browser-64.0.3282.167/third_party/WebKit/Source/core/html/HTMLCanvasElement.cpp 2018-02-14 02:04:55.000000000 +0000 @@ -461,6 +461,7 @@ WTF::WrapUnique(new RecordingImageBufferSurface( Size(), RecordingImageBufferSurface::kAllowFallback, ColorParams())); if (image_buffer_) { + surface->SetCanvasResourceHost(this); image_buffer_->SetSurface(std::move(surface)); UpdateMemoryUsage(); } @@ -1328,6 +1329,7 @@ std::unique_ptr surface = CreateAcceleratedImageBufferSurface(&msaa_sample_count); if (surface) { + surface->SetCanvasResourceHost(this); GetOrCreateImageBuffer()->SetSurface(std::move(surface)); UpdateMemoryUsage(); SetNeedsCompositingUpdate(); diff -Nru chromium-browser-64.0.3282.140/third_party/WebKit/Source/core/paint/PaintPropertyTreeBuilder.cpp chromium-browser-64.0.3282.167/third_party/WebKit/Source/core/paint/PaintPropertyTreeBuilder.cpp --- chromium-browser-64.0.3282.140/third_party/WebKit/Source/core/paint/PaintPropertyTreeBuilder.cpp 2018-02-02 01:26:18.000000000 +0000 +++ chromium-browser-64.0.3282.167/third_party/WebKit/Source/core/paint/PaintPropertyTreeBuilder.cpp 2018-02-14 02:04:56.000000000 +0000 @@ -949,7 +949,8 @@ const LayoutObject* paint_offset_root = context.current.paint_offset_root; PaintLayer* painting_layer = paint_offset_root->PaintingLayer(); LayoutPoint result = child->VisualOffsetFromAncestor(painting_layer); - if (!paint_offset_root->HasLayer()) { + if (!paint_offset_root->HasLayer() || + ToLayoutBoxModelObject(paint_offset_root)->Layer() != painting_layer) { result.Move(-paint_offset_root->OffsetFromAncestorContainer( &painting_layer->GetLayoutObject())); } diff -Nru chromium-browser-64.0.3282.140/third_party/WebKit/Source/platform/graphics/CanvasResourceProvider.cpp chromium-browser-64.0.3282.167/third_party/WebKit/Source/platform/graphics/CanvasResourceProvider.cpp --- chromium-browser-64.0.3282.140/third_party/WebKit/Source/platform/graphics/CanvasResourceProvider.cpp 2018-02-02 01:26:20.000000000 +0000 +++ chromium-browser-64.0.3282.167/third_party/WebKit/Source/platform/graphics/CanvasResourceProvider.cpp 2018-02-14 02:04:58.000000000 +0000 @@ -10,6 +10,7 @@ #include "gpu/GLES2/gl2extchromium.h" #include "gpu/command_buffer/common/capabilities.h" #include "gpu/command_buffer/common/gpu_memory_buffer_support.h" +#include "platform/graphics/AcceleratedStaticBitmapImage.h" #include "platform/graphics/CanvasResource.h" #include "platform/graphics/StaticBitmapImage.h" #include "platform/graphics/gpu/SharedGpuContext.h" @@ -100,6 +101,14 @@ ->ContextProvider() ->GetCapabilities() .disable_2d_canvas_copy_on_write) { + // A readback operation may alter the texture parameters, which may affect + // the compositor's behavior. Therefore, we must trigger copy-on-write + // even though we are not technically writing to the texture, only to its + // parameters. + // If this issue with readback affecting state is ever fixed, then we'll + // have to do this instead of triggering a copy-on-write: + // static_cast(image.get()) + // ->RetainOriginalSkImageForCopyOnWrite(); GetSkSurface()->notifyContentWillChange( SkSurface::kRetain_ContentChangeMode); } @@ -372,16 +381,8 @@ scoped_refptr image = StaticBitmapImage::Create( GetSkSurface()->makeImageSnapshot(), ContextProviderWrapper()); if (IsAccelerated()) { - // A readback operation may alter the texture parameters, which may affect - // the compositor's behavior. Therefore, we must trigger copy-on-write - // even though we are not technically writing to the texture, only to its - // parameters. - // If this issue with readback affecting stat is ever fixed, then we'll - // have to do this instead of triggering a copy-on-write: - // static_cast(image.get()) - // ->RetainOriginalSkImageForCopyOnWrite(); - GetSkSurface()->notifyContentWillChange( - SkSurface::kRetain_ContentChangeMode); + static_cast(image.get()) + ->RetainOriginalSkImageForCopyOnWrite(); } return image; } diff -Nru chromium-browser-64.0.3282.140/third_party/WebKit/Source/platform/graphics/Image.cpp chromium-browser-64.0.3282.167/third_party/WebKit/Source/platform/graphics/Image.cpp --- chromium-browser-64.0.3282.140/third_party/WebKit/Source/platform/graphics/Image.cpp 2018-02-02 01:26:20.000000000 +0000 +++ chromium-browser-64.0.3282.167/third_party/WebKit/Source/platform/graphics/Image.cpp 2018-02-14 02:04:58.000000000 +0000 @@ -128,6 +128,9 @@ const FloatSize& scaled_tile_size, SkBlendMode op, const FloatSize& repeat_spacing) { + if (scaled_tile_size.IsEmpty()) + return; + FloatSize intrinsic_tile_size(Size()); if (HasRelativeSize()) { intrinsic_tile_size.SetWidth(scaled_tile_size.Width()); diff -Nru chromium-browser-64.0.3282.140/third_party/WebKit/Source/platform/runtime_enabled_features.json5 chromium-browser-64.0.3282.167/third_party/WebKit/Source/platform/runtime_enabled_features.json5 --- chromium-browser-64.0.3282.140/third_party/WebKit/Source/platform/runtime_enabled_features.json5 2018-02-02 01:26:20.000000000 +0000 +++ chromium-browser-64.0.3282.167/third_party/WebKit/Source/platform/runtime_enabled_features.json5 2018-02-14 02:04:58.000000000 +0000 @@ -391,18 +391,21 @@ }, { name: "FeaturePolicyAutoplayFeature", - status: "experimental" + status: "experimental", + depends_on: ["FeaturePolicy"] }, { name: "FeaturePolicyExperimentalFeatures", }, { name: "FeaturePolicyForPermissions", - status: "stable" + status: "stable", + depends_on: ["FeaturePolicy"] }, { name: "FeaturePolicyJavaScriptInterface", - status: "experimental" + status: "experimental", + depends_on: ["FeaturePolicy"] }, { name: "FetchRequestCache", diff -Nru chromium-browser-64.0.3282.140/tools/metrics/histograms/histograms.xml chromium-browser-64.0.3282.167/tools/metrics/histograms/histograms.xml --- chromium-browser-64.0.3282.140/tools/metrics/histograms/histograms.xml 2018-02-02 01:26:28.000000000 +0000 +++ chromium-browser-64.0.3282.167/tools/metrics/histograms/histograms.xml 2018-02-14 02:05:05.000000000 +0000 @@ -34124,6 +34124,14 @@ + + wolenetz@chromium.org +

+ Amount of time taken to destroy one ChunkDemuxer object, not including + initial background task scheduling delay. +

+ + wolenetz@chromium.org

diff -Nru chromium-browser-64.0.3282.140/ui/gfx/test/ui_cocoa_test_helper.h chromium-browser-64.0.3282.167/ui/gfx/test/ui_cocoa_test_helper.h --- chromium-browser-64.0.3282.140/ui/gfx/test/ui_cocoa_test_helper.h 2018-02-02 01:26:32.000000000 +0000 +++ chromium-browser-64.0.3282.167/ui/gfx/test/ui_cocoa_test_helper.h 2018-02-14 02:05:07.000000000 +0000 @@ -23,6 +23,12 @@ BOOL useDefaultConstraints_; } +// Value to return for -isOnActiveSpace. Posts +// NSWorkspaceActiveSpaceDidChangeNotification when set. +@property(nonatomic) BOOL pretendIsOnActiveSpace; + +#include "ui/gfx/test/ui_cocoa_test_helper.h" + // Init a borderless non-deferred window with a backing store. - (id)initWithContentRect:(NSRect)contentRect; diff -Nru chromium-browser-64.0.3282.140/ui/gfx/test/ui_cocoa_test_helper.mm chromium-browser-64.0.3282.167/ui/gfx/test/ui_cocoa_test_helper.mm --- chromium-browser-64.0.3282.140/ui/gfx/test/ui_cocoa_test_helper.mm 2018-02-02 01:26:32.000000000 +0000 +++ chromium-browser-64.0.3282.167/ui/gfx/test/ui_cocoa_test_helper.mm 2018-02-14 02:05:07.000000000 +0000 @@ -31,6 +31,8 @@ @implementation CocoaTestHelperWindow +@synthesize pretendIsOnActiveSpace = pretendIsOnActiveSpace_; + - (id)initWithContentRect:(NSRect)contentRect { self = [super initWithContentRect:contentRect styleMask:NSBorderlessWindowMask @@ -38,6 +40,7 @@ defer:NO]; if (self) { useDefaultConstraints_ = YES; + pretendIsOnActiveSpace_ = YES; } return self; } @@ -66,6 +69,17 @@ pretendIsKeyWindow_ = flag; } +- (BOOL)isOnActiveSpace { + return pretendIsOnActiveSpace_; +} + +- (void)setPretendIsOnActiveSpace:(BOOL)pretendIsOnActiveSpace { + pretendIsOnActiveSpace_ = pretendIsOnActiveSpace; + [[NSWorkspace sharedWorkspace].notificationCenter + postNotificationName:NSWorkspaceActiveSpaceDidChangeNotification + object:[NSWorkspace sharedWorkspace]]; +} + - (void)setUseDefaultConstraints:(BOOL)useDefaultConstraints { useDefaultConstraints_ = useDefaultConstraints; } diff -Nru chromium-browser-64.0.3282.140/v8/gypfiles/gyp_v8 chromium-browser-64.0.3282.167/v8/gypfiles/gyp_v8 --- chromium-browser-64.0.3282.140/v8/gypfiles/gyp_v8 2018-02-02 01:27:21.000000000 +0000 +++ chromium-browser-64.0.3282.167/v8/gypfiles/gyp_v8 2018-02-14 02:06:03.000000000 +0000 @@ -108,19 +108,14 @@ if __name__ == '__main__': args = sys.argv[1:] - gyp_chromium_no_action = os.environ.get('GYP_CHROMIUM_NO_ACTION') - if gyp_chromium_no_action == '1': - print 'Skipping gyp_v8 due to GYP_CHROMIUM_NO_ACTION env var.' + gyp_chromium_no_action = os.environ.get('GYP_CHROMIUM_NO_ACTION', '1') + if gyp_chromium_no_action != '0': + print 'GYP is now disabled by default.\n' + print 'If you really want to run this, set the environment variable ' + print 'GYP_CHROMIUM_NO_ACTION=0.' sys.exit(0) running_as_hook = '--running-as-hook' - if running_as_hook in args and gyp_chromium_no_action != '0': - print 'GYP is now disabled by default in runhooks.\n' - print 'If you really want to run this, either run ' - print '`python gypfiles/gyp_v8` explicitly by hand ' - print 'or set the environment variable GYP_CHROMIUM_NO_ACTION=0.' - sys.exit(0) - if running_as_hook in args: args.remove(running_as_hook) diff -Nru chromium-browser-64.0.3282.140/v8/include/v8-version.h chromium-browser-64.0.3282.167/v8/include/v8-version.h --- chromium-browser-64.0.3282.140/v8/include/v8-version.h 2018-02-02 01:27:21.000000000 +0000 +++ chromium-browser-64.0.3282.167/v8/include/v8-version.h 2018-02-14 02:06:03.000000000 +0000 @@ -11,7 +11,7 @@ #define V8_MAJOR_VERSION 6 #define V8_MINOR_VERSION 4 #define V8_BUILD_NUMBER 388 -#define V8_PATCH_LEVEL 41 +#define V8_PATCH_LEVEL 45 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) diff -Nru chromium-browser-64.0.3282.140/v8/src/frames.cc chromium-browser-64.0.3282.167/v8/src/frames.cc --- chromium-browser-64.0.3282.140/v8/src/frames.cc 2018-02-02 01:27:21.000000000 +0000 +++ chromium-browser-64.0.3282.167/v8/src/frames.cc 2018-02-14 02:06:03.000000000 +0000 @@ -1013,6 +1013,15 @@ return JSFunction::cast(function_slot_object()); } +Object* JavaScriptFrame::unchecked_function() const { + // During deoptimization of an optimized function, we may have yet to + // materialize some closures on the stack. The arguments marker object + // marks this case. + DCHECK(function_slot_object()->IsJSFunction() || + isolate()->heap()->arguments_marker() == function_slot_object()); + return function_slot_object(); +} + Object* JavaScriptFrame::receiver() const { return GetParameter(-1); } Object* JavaScriptFrame::context() const { diff -Nru chromium-browser-64.0.3282.140/v8/src/frames.h chromium-browser-64.0.3282.167/v8/src/frames.h --- chromium-browser-64.0.3282.140/v8/src/frames.h 2018-02-02 01:27:21.000000000 +0000 +++ chromium-browser-64.0.3282.167/v8/src/frames.h 2018-02-14 02:06:03.000000000 +0000 @@ -684,6 +684,7 @@ // Accessors. virtual JSFunction* function() const; + Object* unchecked_function() const; Object* receiver() const override; Object* context() const override; Script* script() const override; diff -Nru chromium-browser-64.0.3282.140/v8/src/objects.cc chromium-browser-64.0.3282.167/v8/src/objects.cc --- chromium-browser-64.0.3282.140/v8/src/objects.cc 2018-02-02 01:27:21.000000000 +0000 +++ chromium-browser-64.0.3282.167/v8/src/objects.cc 2018-02-14 02:06:03.000000000 +0000 @@ -13014,14 +13014,19 @@ constructor_initial_map->UnusedPropertyFields(); int instance_size; int in_object_properties; - CalculateInstanceSizeForDerivedClass(function, instance_type, - embedder_fields, &instance_size, - &in_object_properties); + bool success = CalculateInstanceSizeForDerivedClass( + function, instance_type, embedder_fields, &instance_size, + &in_object_properties); int unused_property_fields = in_object_properties - pre_allocated; - Handle map = - Map::CopyInitialMap(constructor_initial_map, instance_size, - in_object_properties, unused_property_fields); + + Handle map; + if (success) { + map = Map::CopyInitialMap(constructor_initial_map, instance_size, + in_object_properties, unused_property_fields); + } else { + map = Map::CopyInitialMap(constructor_initial_map); + } map->set_new_target_is_base(false); JSFunction::SetInitialMap(function, map, prototype); @@ -13726,12 +13731,14 @@ requested_embedder_fields; } -void JSFunction::CalculateInstanceSizeForDerivedClass( +// static +bool JSFunction::CalculateInstanceSizeForDerivedClass( Handle function, InstanceType instance_type, int requested_embedder_fields, int* instance_size, int* in_object_properties) { Isolate* isolate = function->GetIsolate(); int expected_nof_properties = 0; + bool result = true; for (PrototypeIterator iter(isolate, function, kStartAtReceiver); !iter.IsAtEnd(); iter.Advance()) { Handle current = @@ -13745,6 +13752,11 @@ Compiler::Compile(func, Compiler::CLEAR_EXCEPTION)) { DCHECK(shared->is_compiled()); expected_nof_properties += shared->expected_nof_properties(); + } else if (!shared->is_compiled()) { + // In case there was a compilation error for the constructor we will + // throw an error during instantiation. Hence we directly return 0; + result = false; + break; } if (!IsDerivedConstructor(shared->kind())) { break; @@ -13753,6 +13765,7 @@ CalculateInstanceSizeHelper(instance_type, true, requested_embedder_fields, expected_nof_properties, instance_size, in_object_properties); + return result; } diff -Nru chromium-browser-64.0.3282.140/v8/src/objects.h chromium-browser-64.0.3282.167/v8/src/objects.h --- chromium-browser-64.0.3282.140/v8/src/objects.h 2018-02-02 01:27:21.000000000 +0000 +++ chromium-browser-64.0.3282.167/v8/src/objects.h 2018-02-14 02:06:03.000000000 +0000 @@ -4082,7 +4082,7 @@ DECL_CAST(JSFunction) // Calculate the instance size and in-object properties count. - static void CalculateInstanceSizeForDerivedClass( + static bool CalculateInstanceSizeForDerivedClass( Handle function, InstanceType instance_type, int requested_embedder_fields, int* instance_size, int* in_object_properties); diff -Nru chromium-browser-64.0.3282.140/v8/src/objects-inl.h chromium-browser-64.0.3282.167/v8/src/objects-inl.h --- chromium-browser-64.0.3282.140/v8/src/objects-inl.h 2018-02-02 01:27:21.000000000 +0000 +++ chromium-browser-64.0.3282.167/v8/src/objects-inl.h 2018-02-14 02:06:03.000000000 +0000 @@ -2231,7 +2231,8 @@ void Map::SetNumberOfOwnDescriptors(int number) { - DCHECK(number <= instance_descriptors()->number_of_descriptors()); + CHECK_LE(static_cast(number), + static_cast(kMaxNumberOfDescriptors)); set_bit_field3(NumberOfOwnDescriptorsBits::update(bit_field3(), number)); } @@ -2239,8 +2240,9 @@ void Map::SetEnumLength(int length) { if (length != kInvalidEnumCacheSentinel) { - DCHECK_GE(length, 0); - DCHECK(length <= NumberOfOwnDescriptors()); + DCHECK_LE(length, NumberOfOwnDescriptors()); + CHECK_LE(static_cast(length), + static_cast(kMaxNumberOfDescriptors)); } set_bit_field3(EnumLengthBits::update(bit_field3(), length)); } @@ -3002,9 +3004,9 @@ } void Map::set_instance_size(int value) { - DCHECK_EQ(0, value & (kPointerSize - 1)); + CHECK_EQ(0, value & (kPointerSize - 1)); value >>= kPointerSizeLog2; - DCHECK(0 <= value && value < 256); + CHECK_LT(static_cast(value), 256); set_instance_size_in_words(value); } @@ -3015,8 +3017,7 @@ void Map::set_inobject_properties_start_or_constructor_function_index( int value) { - DCHECK_LE(0, value); - DCHECK_LT(value, 256); + CHECK_LT(static_cast(value), 256); RELAXED_WRITE_BYTE_FIELD( this, kInObjectPropertiesStartOrConstructorFunctionIndexOffset, static_cast(value)); @@ -3028,7 +3029,7 @@ } void Map::SetInObjectPropertiesStartInWords(int value) { - DCHECK(IsJSObjectMap()); + CHECK(IsJSObjectMap()); set_inobject_properties_start_or_constructor_function_index(value); } @@ -3044,7 +3045,7 @@ void Map::SetConstructorFunctionIndex(int value) { - DCHECK(IsPrimitiveMap()); + CHECK(IsPrimitiveMap()); set_inobject_properties_start_or_constructor_function_index(value); } @@ -3153,8 +3154,7 @@ } void Map::set_used_or_unused_instance_size_in_words(int value) { - DCHECK_LE(0, value); - DCHECK_LE(value, 255); + CHECK_LE(static_cast(value), 255); WRITE_BYTE_FIELD(this, kUsedOrUnusedInstanceSizeInWordsOffset, static_cast(value)); } @@ -3172,12 +3172,12 @@ void Map::SetInObjectUnusedPropertyFields(int value) { STATIC_ASSERT(JSObject::kFieldsAdded == JSObject::kHeaderSize / kPointerSize); if (!IsJSObjectMap()) { - DCHECK_EQ(0, value); + CHECK_EQ(0, value); set_used_or_unused_instance_size_in_words(0); DCHECK_EQ(0, UnusedPropertyFields()); return; } - DCHECK_LE(0, value); + CHECK_LE(0, value); DCHECK_LE(value, GetInObjectProperties()); int used_inobject_properties = GetInObjectProperties() - value; set_used_or_unused_instance_size_in_words( @@ -3187,8 +3187,7 @@ void Map::SetOutOfObjectUnusedPropertyFields(int value) { STATIC_ASSERT(JSObject::kFieldsAdded == JSObject::kHeaderSize / kPointerSize); - DCHECK_LE(0, value); - DCHECK_LT(value, JSObject::kFieldsAdded); + CHECK_LT(static_cast(value), JSObject::kFieldsAdded); // For out of object properties "used_instance_size_in_words" byte encodes // the slack in the property array. set_used_or_unused_instance_size_in_words(value); @@ -3227,8 +3226,8 @@ if (unused_in_property_array < 0) { unused_in_property_array += JSObject::kFieldsAdded; } - DCHECK_GE(unused_in_property_array, 0); - DCHECK_LT(unused_in_property_array, JSObject::kFieldsAdded); + CHECK_LT(static_cast(unused_in_property_array), + JSObject::kFieldsAdded); set_used_or_unused_instance_size_in_words(unused_in_property_array); DCHECK_EQ(unused_in_property_array, UnusedPropertyFields()); } @@ -3358,7 +3357,7 @@ } void Map::set_elements_kind(ElementsKind elements_kind) { - DCHECK_LT(static_cast(elements_kind), kElementsKindCount); + CHECK_LT(static_cast(elements_kind), kElementsKindCount); DCHECK_LE(kElementsKindCount, 1 << Map::ElementsKindBits::kSize); set_bit_field2(Map::ElementsKindBits::update(bit_field2(), elements_kind)); DCHECK(this->elements_kind() == elements_kind); @@ -3700,7 +3699,7 @@ void Map::set_prototype_info(Object* value, WriteBarrierMode mode) { - DCHECK(is_prototype_map()); + CHECK(is_prototype_map()); WRITE_FIELD(this, Map::kTransitionsOrPrototypeInfoOffset, value); CONDITIONAL_WRITE_BARRIER( GetHeap(), this, Map::kTransitionsOrPrototypeInfoOffset, value, mode); @@ -3708,11 +3707,11 @@ void Map::SetBackPointer(Object* value, WriteBarrierMode mode) { - DCHECK(instance_type() >= FIRST_JS_RECEIVER_TYPE); - DCHECK(value->IsMap()); - DCHECK(GetBackPointer()->IsUndefined(GetIsolate())); - DCHECK(!value->IsMap() || - Map::cast(value)->GetConstructor() == constructor_or_backpointer()); + CHECK_GE(instance_type(), FIRST_JS_RECEIVER_TYPE); + CHECK(value->IsMap()); + CHECK(GetBackPointer()->IsUndefined(GetIsolate())); + CHECK_IMPLIES(value->IsMap(), Map::cast(value)->GetConstructor() == + constructor_or_backpointer()); set_constructor_or_backpointer(value, mode); } @@ -3743,7 +3742,7 @@ void Map::SetConstructor(Object* constructor, WriteBarrierMode mode) { // Never overwrite a back pointer with a constructor. - DCHECK(!constructor_or_backpointer()->IsMap()); + CHECK(!constructor_or_backpointer()->IsMap()); set_constructor_or_backpointer(constructor, mode); } diff -Nru chromium-browser-64.0.3282.140/v8/src/profiler/heap-snapshot-generator.cc chromium-browser-64.0.3282.167/v8/src/profiler/heap-snapshot-generator.cc --- chromium-browser-64.0.3282.140/v8/src/profiler/heap-snapshot-generator.cc 2018-02-02 01:27:21.000000000 +0000 +++ chromium-browser-64.0.3282.167/v8/src/profiler/heap-snapshot-generator.cc 2018-02-14 02:06:03.000000000 +0000 @@ -1113,8 +1113,6 @@ constructor_or_backpointer, Map::kConstructorOrBackPointerOffset); } else { - DCHECK(constructor_or_backpointer->IsJSFunction() || - constructor_or_backpointer->IsNull(map->GetIsolate())); SetInternalReference(map, entry, "constructor", constructor_or_backpointer, Map::kConstructorOrBackPointerOffset); } diff -Nru chromium-browser-64.0.3282.140/v8/src/profiler/sampling-heap-profiler.cc chromium-browser-64.0.3282.167/v8/src/profiler/sampling-heap-profiler.cc --- chromium-browser-64.0.3282.140/v8/src/profiler/sampling-heap-profiler.cc 2018-02-02 01:27:21.000000000 +0000 +++ chromium-browser-64.0.3282.167/v8/src/profiler/sampling-heap-profiler.cc 2018-02-14 02:06:03.000000000 +0000 @@ -157,12 +157,21 @@ std::vector stack; JavaScriptFrameIterator it(isolate_); int frames_captured = 0; + bool found_arguments_marker_frames = false; while (!it.done() && frames_captured < stack_depth_) { JavaScriptFrame* frame = it.frame(); - SharedFunctionInfo* shared = frame->function()->shared(); - stack.push_back(shared); - - frames_captured++; + // If we are materializing objects during deoptimization, inlined + // closures may not yet be materialized, and this includes the + // closure on the stack. Skip over any such frames (they'll be + // in the top frames of the stack). The allocations made in this + // sensitive moment belong to the formerly optimized frame anyway. + if (frame->unchecked_function()->IsJSFunction()) { + SharedFunctionInfo* shared = frame->function()->shared(); + stack.push_back(shared); + frames_captured++; + } else { + found_arguments_marker_frames = true; + } it.Advance(); } @@ -209,6 +218,12 @@ } node = node->FindOrAddChildNode(name, script_id, shared->start_position()); } + + if (found_arguments_marker_frames) { + node = + node->FindOrAddChildNode("(deopt)", v8::UnboundScript::kNoScriptId, 0); + } + return node; }