Fix type confusion in libpac

From the upstream patch
(https://chromium.googlesource.com/v8/v8/+/ea55b873f2ed8336604540a532cbd460eeb66430%5E%21/#F0):

"""
Don't generate elements kind transitions from stable maps.

IC system does its best to properly mark stable transition source maps
as unstable (see https://chromium-review.googlesource.com/483442)
however an already recorded map can be deprecated later and the
optimizing compiler may try to generate an elements kind transition
from the updated version of deprecated map which can "become" stable
again.
"""

Bug: 117607414

Test: /data/nativetest/proxy_resolver_v8_unittest/proxy_resolver_v8_unittest

Test: gts-tradefed run gts --test \
  com.google.android.gts.devicepolicy.DeviceOwnerTest#testProxyPacProxyTest \
  --module GtsGmscoreHostTestCases

Test: PoC from bug report

Merged-In: I2e02d994f107e64e4f465b4d8a02d4159a95240e

Change-Id: I12c501bffd190e20d4a45a4256a403c5343350eb
(cherry picked from commit 97832faf9d62ce9d6ca0639eacac0a930e51df8a)
2 files changed
tree: d203d4f727f2610f7071ec39b2e8d9d0ac8f8a7d
  1. .clang-format
  2. .gitignore
  3. .gn
  4. .landmines
  5. .ycm_extra_conf.py
  6. AUTHORS
  7. Android.base.mk
  8. Android.d8.mk
  9. Android.libv8.mk
  10. Android.mk
  11. Android.mkpeephole.mk
  12. Android.platform.mk
  13. Android.sampler.mk
  14. Android.v8.mk
  15. Android.v8common.mk
  16. Android.v8gen.mk
  17. BUILD.gn
  18. CODE_OF_CONDUCT.md
  19. ChangeLog
  20. DEPS
  21. LICENSE
  22. LICENSE.fdlibm
  23. LICENSE.strongtalk
  24. LICENSE.v8
  25. LICENSE.valgrind
  26. MODULE_LICENSE_BSD
  27. Makefile
  28. Makefile.android
  29. NOTICE
  30. OWNERS
  31. PRESUBMIT.py
  32. README.md
  33. V8_MERGE_REVISION
  34. WATCHLISTS
  35. base/
  36. benchmarks/
  37. build_overrides/
  38. codereview.settings
  39. docs/
  40. genmakefiles.py
  41. gni/
  42. gypfiles/
  43. include/
  44. infra/
  45. merge.py
  46. samples/
  47. snapshot_toolchain.gni
  48. src/
  49. testing/
  50. tools/
README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://github.com/v8/v8/wiki

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned on the V8 wiki.