BASELINE: Update Chromium to 85.0.4183.14085-based

Change-Id: Iaa42f4680837c57725b1344f108c0196741f6057
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

5 files changed, 139 insertions, 17 deletions

diff --git a/chromium/v8/src/handles/global-handles.cc b/chromium/v8/src/handles/global-handles.cc
index e6dbd6ad450..4404b0b6379 100644
--- a/chromium/v8/src/handles/global-handles.cc
+++ b/chromium/v8/src/handles/global-handles.cc
@@ -575,7 +575,7 @@ class GlobalHandles::Node final : public NodeBase<GlobalHandles::Node> {
 
   void PostGarbageCollectionProcessing(Isolate* isolate) {
     // This method invokes a finalizer. Updating the method name would require
-    // adjusting CFI blacklist as weak_callback_ is invoked on the wrong type.
+    // adjusting CFI blocklist as weak_callback_ is invoked on the wrong type.
     CHECK(IsPendingFinalizer());
     set_state(NEAR_DEATH);
     // Check that we are not passing a finalized external string to
diff --git a/chromium/v8/src/handles/handles-inl.h b/chromium/v8/src/handles/handles-inl.h
index c8b4b4556bc..b16044871c4 100644
--- a/chromium/v8/src/handles/handles-inl.h
+++ b/chromium/v8/src/handles/handles-inl.h
@@ -6,6 +6,7 @@
 #define V8_HANDLES_HANDLES_INL_H_
 
 #include "src/execution/isolate.h"
+#include "src/execution/local-isolate-wrapper.h"
 #include "src/execution/off-thread-isolate.h"
 #include "src/handles/handles.h"
 #include "src/handles/local-handles-inl.h"
@@ -66,19 +67,11 @@ V8_INLINE Handle<T> handle(T object, LocalHeap* local_heap) {
   return Handle<T>(object, local_heap);
 }
 
-// Convenience overloads for when we already have a Handle, but want
-// either a Handle or an Handle.
 template <typename T>
-V8_INLINE Handle<T> handle(Handle<T> handle, Isolate* isolate) {
-  return handle;
-}
-template <typename T>
-V8_INLINE Handle<T> handle(Handle<T> handle, OffThreadIsolate* isolate) {
-  return Handle<T>(*handle);
-}
-template <typename T>
-V8_INLINE Handle<T> handle(Handle<T> handle, LocalHeap* local_heap) {
-  return Handle<T>(*handle, local_heap);
+V8_INLINE Handle<T> handle(T object, LocalIsolateWrapper local_isolate) {
+  return local_isolate.is_off_thread()
+             ? handle(object, local_isolate.off_thread())
+             : handle(object, local_isolate.main_thread());
 }
 
 template <typename T>
diff --git a/chromium/v8/src/handles/handles.h b/chromium/v8/src/handles/handles.h
index aa9e522c0e6..a6a83dcca2d 100644
--- a/chromium/v8/src/handles/handles.h
+++ b/chromium/v8/src/handles/handles.h
@@ -199,6 +199,15 @@ class HandleScope {
   explicit inline HandleScope(Isolate* isolate);
   inline HandleScope(HandleScope&& other) V8_NOEXCEPT;
 
+  // Allow placement new.
+  void* operator new(size_t size, void* storage) {
+    return ::operator new(size, storage);
+  }
+
+  // Prevent heap allocation or illegal handle scopes.
+  void* operator new(size_t size) = delete;
+  void operator delete(void* size_t) = delete;
+
   inline ~HandleScope();
 
   inline HandleScope& operator=(HandleScope&& other) V8_NOEXCEPT;
@@ -234,10 +243,6 @@ class HandleScope {
   static const int kCheckHandleThreshold = 30 * 1024;
 
  private:
-  // Prevent heap allocation or illegal handle scopes.
-  void* operator new(size_t size);
-  void operator delete(void* size_t);
-
   Isolate* isolate_;
   Address* prev_next_;
   Address* prev_limit_;
diff --git a/chromium/v8/src/handles/off-thread-transfer-handle-storage-inl.h b/chromium/v8/src/handles/off-thread-transfer-handle-storage-inl.h
new file mode 100644
index 00000000000..8a0682d9c76
--- /dev/null
+++ b/chromium/v8/src/handles/off-thread-transfer-handle-storage-inl.h
@@ -0,0 +1,77 @@
+// Copyright 2020 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef V8_HANDLES_OFF_THREAD_TRANSFER_HANDLE_STORAGE_INL_H_
+#define V8_HANDLES_OFF_THREAD_TRANSFER_HANDLE_STORAGE_INL_H_
+
+#include "src/handles/handles-inl.h"
+#include "src/handles/off-thread-transfer-handle-storage.h"
+
+namespace v8 {
+namespace internal {
+
+OffThreadTransferHandleStorage::OffThreadTransferHandleStorage(
+    Address* off_thread_handle_location,
+    std::unique_ptr<OffThreadTransferHandleStorage> next)
+    : handle_location_(off_thread_handle_location),
+      next_(std::move(next)),
+      state_(kOffThreadHandle) {
+  CheckValid();
+}
+
+void OffThreadTransferHandleStorage::ConvertFromOffThreadHandleOnFinish() {
+  CheckValid();
+  DCHECK_EQ(state_, kOffThreadHandle);
+  raw_obj_ptr_ = *handle_location_;
+  state_ = kRawObject;
+  CheckValid();
+}
+
+void OffThreadTransferHandleStorage::ConvertToHandleOnPublish(
+    Isolate* isolate, DisallowHeapAllocation* no_gc) {
+  CheckValid();
+  DCHECK_EQ(state_, kRawObject);
+  handle_location_ = handle(Object(raw_obj_ptr_), isolate).location();
+  state_ = kHandle;
+  CheckValid();
+}
+
+Address* OffThreadTransferHandleStorage::handle_location() const {
+  CheckValid();
+  DCHECK_EQ(state_, kHandle);
+  return handle_location_;
+}
+
+void OffThreadTransferHandleStorage::CheckValid() const {
+#ifdef DEBUG
+  Object obj;
+
+  switch (state_) {
+    case kHandle:
+    case kOffThreadHandle:
+      DCHECK_NOT_NULL(handle_location_);
+      obj = Object(*handle_location_);
+      break;
+    case kRawObject:
+      obj = Object(raw_obj_ptr_);
+      break;
+  }
+
+  // Smis are always fine.
+  if (obj.IsSmi()) return;
+
+  // The main-thread handle should not be in off-thread space, and vice verse.
+  // Raw object pointers can point to the main-thread heap during Publish, so
+  // we don't check that.
+  DCHECK_IMPLIES(state_ == kOffThreadHandle,
+                 Heap::InOffThreadSpace(HeapObject::cast(obj)));
+  DCHECK_IMPLIES(state_ == kHandle,
+                 !Heap::InOffThreadSpace(HeapObject::cast(obj)));
+#endif
+}
+
+}  // namespace internal
+}  // namespace v8
+
+#endif  // V8_HANDLES_OFF_THREAD_TRANSFER_HANDLE_STORAGE_INL_H_
diff --git a/chromium/v8/src/handles/off-thread-transfer-handle-storage.h b/chromium/v8/src/handles/off-thread-transfer-handle-storage.h
new file mode 100644
index 00000000000..608ad69693d
--- /dev/null
+++ b/chromium/v8/src/handles/off-thread-transfer-handle-storage.h
@@ -0,0 +1,47 @@
+// Copyright 2020 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef V8_HANDLES_OFF_THREAD_TRANSFER_HANDLE_STORAGE_H_
+#define V8_HANDLES_OFF_THREAD_TRANSFER_HANDLE_STORAGE_H_
+
+#include "src/common/assert-scope.h"
+#include "src/handles/handles.h"
+
+namespace v8 {
+namespace internal {
+
+class OffThreadTransferHandleStorage {
+ public:
+  enum State { kOffThreadHandle, kRawObject, kHandle };
+
+  inline explicit OffThreadTransferHandleStorage(
+      Address* off_thread_handle_location,
+      std::unique_ptr<OffThreadTransferHandleStorage> next);
+
+  inline void ConvertFromOffThreadHandleOnFinish();
+
+  inline void ConvertToHandleOnPublish(Isolate* isolate,
+                                       DisallowHeapAllocation* no_gc);
+
+  inline Address* handle_location() const;
+
+  OffThreadTransferHandleStorage* next() { return next_.get(); }
+
+  State state() const { return state_; }
+
+ private:
+  inline void CheckValid() const;
+
+  union {
+    Address* handle_location_;
+    Address raw_obj_ptr_;
+  };
+  std::unique_ptr<OffThreadTransferHandleStorage> next_;
+  State state_;
+};
+
+}  // namespace internal
+}  // namespace v8
+
+#endif  // V8_HANDLES_OFF_THREAD_TRANSFER_HANDLE_STORAGE_H_