Bug 1102195 Part 1: Update Chromium sandbox code to commit df7cc6c04725630dd4460f29d858a77507343b24. r=aklotz, r=jld
authorBob Owen <bobowencode@gmail.com>
Wed, 11 Feb 2015 08:22:02 +0000
changeset 228642 38d12afdc7b15e8499a4951f8e7cd0495c600c92
parent 228605 0ebc9ae84e41d2eb6d21f0670a433605ac017dce
child 228643 efa7518e43b0912889a6722d3f2abc91092af601
push id28267
push userryanvm@gmail.com
push dateWed, 11 Feb 2015 21:28:56 +0000
treeherdermozilla-central@650863f6987b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersaklotz, jld
bugs1102195
milestone38.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1102195 Part 1: Update Chromium sandbox code to commit df7cc6c04725630dd4460f29d858a77507343b24. r=aklotz, r=jld
security/sandbox/chromium-shim/base/logging.cpp
security/sandbox/chromium-shim/base/threading/thread_local_storage.h
security/sandbox/chromium/base/atomic_ref_count.h
security/sandbox/chromium/base/atomicops.h
security/sandbox/chromium/base/atomicops_internals_arm_gcc.h
security/sandbox/chromium/base/atomicops_internals_portable.h
security/sandbox/chromium/base/atomicops_internals_tsan.h
security/sandbox/chromium/base/atomicops_internals_x86_gcc.h
security/sandbox/chromium/base/base_paths_win.h
security/sandbox/chromium/base/base_switches.cc
security/sandbox/chromium/base/base_switches.h
security/sandbox/chromium/base/basictypes.h
security/sandbox/chromium/base/bind_helpers.h
security/sandbox/chromium/base/bind_internal_win.h
security/sandbox/chromium/base/callback_internal.cc
security/sandbox/chromium/base/callback_internal.h
security/sandbox/chromium/base/compiler_specific.h
security/sandbox/chromium/base/containers/hash_tables.h
security/sandbox/chromium/base/cpu.cc
security/sandbox/chromium/base/cpu.h
security/sandbox/chromium/base/file_descriptor_posix.h
security/sandbox/chromium/base/file_util.h
security/sandbox/chromium/base/file_util_win.cc
security/sandbox/chromium/base/files/file_path.h
security/sandbox/chromium/base/guid.h
security/sandbox/chromium/base/hash.cc
security/sandbox/chromium/base/hash.h
security/sandbox/chromium/base/lazy_instance.cc
security/sandbox/chromium/base/lazy_instance.h
security/sandbox/chromium/base/location.cc
security/sandbox/chromium/base/logging.h
security/sandbox/chromium/base/macros.h
security/sandbox/chromium/base/memory/ref_counted.h
security/sandbox/chromium/base/memory/scoped_ptr.h
security/sandbox/chromium/base/memory/weak_ptr.h
security/sandbox/chromium/base/move.h
security/sandbox/chromium/base/numerics/safe_conversions.h
security/sandbox/chromium/base/numerics/safe_conversions_impl.h
security/sandbox/chromium/base/os_compat_android.h
security/sandbox/chromium/base/posix/eintr_wrapper.h
security/sandbox/chromium/base/safe_strerror_posix.cc
security/sandbox/chromium/base/safe_strerror_posix.h
security/sandbox/chromium/base/sequenced_task_runner.h
security/sandbox/chromium/base/sequenced_task_runner_helpers.h
security/sandbox/chromium/base/single_thread_task_runner.h
security/sandbox/chromium/base/strings/string16.cc
security/sandbox/chromium/base/strings/string_number_conversions.cc
security/sandbox/chromium/base/strings/string_piece.h
security/sandbox/chromium/base/strings/string_util.cc
security/sandbox/chromium/base/strings/string_util.h
security/sandbox/chromium/base/strings/string_util_posix.h
security/sandbox/chromium/base/strings/stringprintf.h
security/sandbox/chromium/base/strings/utf_string_conversion_utils.cc
security/sandbox/chromium/base/strings/utf_string_conversions.cc
security/sandbox/chromium/base/synchronization/condition_variable.h
security/sandbox/chromium/base/synchronization/condition_variable_posix.cc
security/sandbox/chromium/base/synchronization/lock_impl_posix.cc
security/sandbox/chromium/base/synchronization/waitable_event.h
security/sandbox/chromium/base/synchronization/waitable_event_posix.cc
security/sandbox/chromium/base/template_util.h
security/sandbox/chromium/base/third_party/dmg_fp/dtoa.cc
security/sandbox/chromium/base/third_party/dmg_fp/g_fmt.cc
security/sandbox/chromium/base/third_party/superfasthash/LICENSE
security/sandbox/chromium/base/third_party/superfasthash/README.chromium
security/sandbox/chromium/base/third_party/superfasthash/superfasthash.c
security/sandbox/chromium/base/threading/platform_thread_linux.cc
security/sandbox/chromium/base/threading/platform_thread_posix.cc
security/sandbox/chromium/base/threading/platform_thread_win.cc
security/sandbox/chromium/base/threading/sequenced_worker_pool.h
security/sandbox/chromium/base/threading/thread_collision_warner.h
security/sandbox/chromium/base/threading/thread_local_posix.cc
security/sandbox/chromium/base/threading/thread_local_storage.h
security/sandbox/chromium/base/threading/thread_restrictions.h
security/sandbox/chromium/base/time/time.cc
security/sandbox/chromium/base/time/time.h
security/sandbox/chromium/base/time/time_posix.cc
security/sandbox/chromium/base/time/time_win.cc
security/sandbox/chromium/base/values.h
security/sandbox/chromium/base/win/pe_image.cc
security/sandbox/chromium/base/win/pe_image.h
security/sandbox/chromium/base/win/scoped_handle.cc
security/sandbox/chromium/base/win/scoped_handle.h
security/sandbox/chromium/build/build_config.h
security/sandbox/chromium/sandbox/linux/bpf_dsl/bpf_dsl.cc
security/sandbox/chromium/sandbox/linux/bpf_dsl/bpf_dsl.h
security/sandbox/chromium/sandbox/linux/bpf_dsl/bpf_dsl_forward.h
security/sandbox/chromium/sandbox/linux/bpf_dsl/bpf_dsl_impl.h
security/sandbox/chromium/sandbox/linux/bpf_dsl/cons.h
security/sandbox/chromium/sandbox/linux/bpf_dsl/dump_bpf.cc
security/sandbox/chromium/sandbox/linux/bpf_dsl/dump_bpf.h
security/sandbox/chromium/sandbox/linux/bpf_dsl/policy.cc
security/sandbox/chromium/sandbox/linux/bpf_dsl/policy.h
security/sandbox/chromium/sandbox/linux/bpf_dsl/policy_compiler.cc
security/sandbox/chromium/sandbox/linux/bpf_dsl/policy_compiler.h
security/sandbox/chromium/sandbox/linux/bpf_dsl/trap_registry.h
security/sandbox/chromium/sandbox/linux/seccomp-bpf/bpf_tester_compatibility_delegate.h
security/sandbox/chromium/sandbox/linux/seccomp-bpf/bpf_tests.h
security/sandbox/chromium/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc
security/sandbox/chromium/sandbox/linux/seccomp-bpf/codegen.cc
security/sandbox/chromium/sandbox/linux/seccomp-bpf/codegen.h
security/sandbox/chromium/sandbox/linux/seccomp-bpf/codegen_unittest.cc
security/sandbox/chromium/sandbox/linux/seccomp-bpf/demo.cc
security/sandbox/chromium/sandbox/linux/seccomp-bpf/die.cc
security/sandbox/chromium/sandbox/linux/seccomp-bpf/die.h
security/sandbox/chromium/sandbox/linux/seccomp-bpf/errorcode.cc
security/sandbox/chromium/sandbox/linux/seccomp-bpf/errorcode.h
security/sandbox/chromium/sandbox/linux/seccomp-bpf/errorcode_unittest.cc
security/sandbox/chromium/sandbox/linux/seccomp-bpf/instruction.h
security/sandbox/chromium/sandbox/linux/seccomp-bpf/linux_seccomp.h
security/sandbox/chromium/sandbox/linux/seccomp-bpf/sandbox_bpf.cc
security/sandbox/chromium/sandbox/linux/seccomp-bpf/sandbox_bpf.h
security/sandbox/chromium/sandbox/linux/seccomp-bpf/sandbox_bpf_compatibility_policy.h
security/sandbox/chromium/sandbox/linux/seccomp-bpf/sandbox_bpf_policy.cc
security/sandbox/chromium/sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h
security/sandbox/chromium/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc
security/sandbox/chromium/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h
security/sandbox/chromium/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
security/sandbox/chromium/sandbox/linux/seccomp-bpf/syscall.cc
security/sandbox/chromium/sandbox/linux/seccomp-bpf/syscall.h
security/sandbox/chromium/sandbox/linux/seccomp-bpf/syscall_iterator.cc
security/sandbox/chromium/sandbox/linux/seccomp-bpf/syscall_iterator.h
security/sandbox/chromium/sandbox/linux/seccomp-bpf/syscall_iterator_unittest.cc
security/sandbox/chromium/sandbox/linux/seccomp-bpf/syscall_unittest.cc
security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc
security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.h
security/sandbox/chromium/sandbox/linux/seccomp-bpf/verifier.cc
security/sandbox/chromium/sandbox/linux/seccomp-bpf/verifier.h
security/sandbox/chromium/sandbox/linux/services/android_futex.h
security/sandbox/chromium/sandbox/linux/services/android_ucontext.h
security/sandbox/chromium/sandbox/linux/services/arm_linux_syscalls.h
security/sandbox/chromium/sandbox/linux/services/linux_syscalls.h
security/sandbox/chromium/sandbox/linux/services/x86_32_linux_syscalls.h
security/sandbox/chromium/sandbox/linux/services/x86_64_linux_syscalls.h
security/sandbox/chromium/sandbox/win/src/broker_services.cc
security/sandbox/chromium/sandbox/win/src/broker_services.h
security/sandbox/chromium/sandbox/win/src/crosscall_client.h
security/sandbox/chromium/sandbox/win/src/crosscall_params.h
security/sandbox/chromium/sandbox/win/src/crosscall_server.cc
security/sandbox/chromium/sandbox/win/src/eat_resolver.cc
security/sandbox/chromium/sandbox/win/src/file_policy_test.cc
security/sandbox/chromium/sandbox/win/src/filesystem_dispatcher.cc
security/sandbox/chromium/sandbox/win/src/filesystem_dispatcher.h
security/sandbox/chromium/sandbox/win/src/filesystem_interception.cc
security/sandbox/chromium/sandbox/win/src/filesystem_policy.cc
security/sandbox/chromium/sandbox/win/src/filesystem_policy.h
security/sandbox/chromium/sandbox/win/src/handle_closer.cc
security/sandbox/chromium/sandbox/win/src/handle_closer.h
security/sandbox/chromium/sandbox/win/src/handle_closer_test.cc
security/sandbox/chromium/sandbox/win/src/handle_dispatcher.cc
security/sandbox/chromium/sandbox/win/src/handle_dispatcher.h
security/sandbox/chromium/sandbox/win/src/handle_inheritance_test.cc
security/sandbox/chromium/sandbox/win/src/handle_interception.cc
security/sandbox/chromium/sandbox/win/src/handle_policy.cc
security/sandbox/chromium/sandbox/win/src/handle_policy_test.cc
security/sandbox/chromium/sandbox/win/src/handle_table.cc
security/sandbox/chromium/sandbox/win/src/internal_types.h
security/sandbox/chromium/sandbox/win/src/ipc_unittest.cc
security/sandbox/chromium/sandbox/win/src/named_pipe_dispatcher.cc
security/sandbox/chromium/sandbox/win/src/named_pipe_dispatcher.h
security/sandbox/chromium/sandbox/win/src/named_pipe_interception.cc
security/sandbox/chromium/sandbox/win/src/policy_engine_opcodes.cc
security/sandbox/chromium/sandbox/win/src/policy_engine_opcodes.h
security/sandbox/chromium/sandbox/win/src/policy_engine_params.h
security/sandbox/chromium/sandbox/win/src/policy_engine_unittest.cc
security/sandbox/chromium/sandbox/win/src/policy_low_level.cc
security/sandbox/chromium/sandbox/win/src/policy_low_level.h
security/sandbox/chromium/sandbox/win/src/policy_low_level_unittest.cc
security/sandbox/chromium/sandbox/win/src/policy_opcodes_unittest.cc
security/sandbox/chromium/sandbox/win/src/policy_target_test.cc
security/sandbox/chromium/sandbox/win/src/process_mitigations.cc
security/sandbox/chromium/sandbox/win/src/process_mitigations_test.cc
security/sandbox/chromium/sandbox/win/src/process_policy_test.cc
security/sandbox/chromium/sandbox/win/src/process_thread_dispatcher.cc
security/sandbox/chromium/sandbox/win/src/process_thread_dispatcher.h
security/sandbox/chromium/sandbox/win/src/process_thread_interception.cc
security/sandbox/chromium/sandbox/win/src/process_thread_policy.cc
security/sandbox/chromium/sandbox/win/src/registry_dispatcher.cc
security/sandbox/chromium/sandbox/win/src/registry_dispatcher.h
security/sandbox/chromium/sandbox/win/src/registry_interception.cc
security/sandbox/chromium/sandbox/win/src/registry_policy.cc
security/sandbox/chromium/sandbox/win/src/resolver_32.cc
security/sandbox/chromium/sandbox/win/src/resolver_64.cc
security/sandbox/chromium/sandbox/win/src/sandbox_nt_types.h
security/sandbox/chromium/sandbox/win/src/sandbox_nt_util.cc
security/sandbox/chromium/sandbox/win/src/sandbox_policy_base.cc
security/sandbox/chromium/sandbox/win/src/sandbox_policy_base.h
security/sandbox/chromium/sandbox/win/src/service_resolver_64.cc
security/sandbox/chromium/sandbox/win/src/sharedmem_ipc_server.cc
security/sandbox/chromium/sandbox/win/src/sync_dispatcher.cc
security/sandbox/chromium/sandbox/win/src/sync_dispatcher.h
security/sandbox/chromium/sandbox/win/src/sync_interception.cc
security/sandbox/chromium/sandbox/win/src/sync_policy.cc
security/sandbox/chromium/sandbox/win/src/sync_policy_test.cc
security/sandbox/chromium/sandbox/win/src/target_process.cc
security/sandbox/chromium/sandbox/win/src/window.cc
security/sandbox/linux/SandboxAssembler.cpp
security/sandbox/linux/moz.build
security/sandbox/modifications-to-chromium-to-reapply-after-upstream-merge.txt
security/sandbox/moz-chromium-commit-status.txt
security/sandbox/objs.mozbuild
--- a/security/sandbox/chromium-shim/base/logging.cpp
+++ b/security/sandbox/chromium-shim/base/logging.cpp
@@ -37,30 +37,27 @@ int min_log_level = 0;
 int GetMinLogLevel() {
   return min_log_level;
 }
 
 int GetVlogLevelHelper(const char* file, size_t N) {
   return 0;
 }
 
-// MSVC doesn't like complex extern templates and DLLs.
-#if !defined(COMPILER_MSVC)
 // Explicit instantiations for commonly used comparisons.
 template std::string* MakeCheckOpString<int, int>(
     const int&, const int&, const char* names);
 template std::string* MakeCheckOpString<unsigned long, unsigned long>(
     const unsigned long&, const unsigned long&, const char* names);
 template std::string* MakeCheckOpString<unsigned long, unsigned int>(
     const unsigned long&, const unsigned int&, const char* names);
 template std::string* MakeCheckOpString<unsigned int, unsigned long>(
     const unsigned int&, const unsigned long&, const char* names);
 template std::string* MakeCheckOpString<std::string, std::string>(
     const std::string&, const std::string&, const char* name);
-#endif
 
 #if defined(OS_WIN)
 LogMessage::SaveLastError::SaveLastError() : last_error_(::GetLastError()) {
 }
 
 LogMessage::SaveLastError::~SaveLastError() {
   ::SetLastError(last_error_);
 }
@@ -100,16 +97,27 @@ Win32ErrorLogMessage::Win32ErrorLogMessa
                                            LogSeverity severity,
                                            SystemErrorCode err)
     : err_(err),
       log_message_(file, line, severity) {
 }
 
 Win32ErrorLogMessage::~Win32ErrorLogMessage() {
 }
+#elif defined(OS_POSIX)
+ErrnoLogMessage::ErrnoLogMessage(const char* file,
+                                 int line,
+                                 LogSeverity severity,
+                                 SystemErrorCode err)
+    : err_(err),
+      log_message_(file, line, severity) {
+}
+
+ErrnoLogMessage::~ErrnoLogMessage() {
+}
 #endif  // OS_WIN
 
 void RawLog(int level, const char* message) {
 }
 
 } // namespace logging
 
 #if defined(OS_WIN)
deleted file mode 100644
--- a/security/sandbox/chromium-shim/base/threading/thread_local_storage.h
+++ /dev/null
@@ -1,10 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-// Blank header file as thread_local.h includes a file that should only be
-// included on Android.
-// Chromium issue 431339 raised.
-// https://code.google.com/p/chromium/issues/detail?id=431339
--- a/security/sandbox/chromium/base/atomic_ref_count.h
+++ b/security/sandbox/chromium/base/atomic_ref_count.h
@@ -7,17 +7,16 @@
 //
 // The implementation includes annotations to avoid some false positives
 // when using data race detection tools.
 
 #ifndef BASE_ATOMIC_REF_COUNT_H_
 #define BASE_ATOMIC_REF_COUNT_H_
 
 #include "base/atomicops.h"
-#include "base/third_party/dynamic_annotations/dynamic_annotations.h"
 
 namespace base {
 
 typedef subtle::Atomic32 AtomicRefCount;
 
 // Increment a reference count by "increment", which must exceed 0.
 inline void AtomicRefCountIncN(volatile AtomicRefCount *ptr,
                                AtomicRefCount increment) {
@@ -25,21 +24,17 @@ inline void AtomicRefCountIncN(volatile 
 }
 
 // Decrement a reference count by "decrement", which must exceed 0,
 // and return whether the result is non-zero.
 // Insert barriers to ensure that state written before the reference count
 // became zero will be visible to a thread that has just made the count zero.
 inline bool AtomicRefCountDecN(volatile AtomicRefCount *ptr,
                                AtomicRefCount decrement) {
-  ANNOTATE_HAPPENS_BEFORE(ptr);
   bool res = (subtle::Barrier_AtomicIncrement(ptr, -decrement) != 0);
-  if (!res) {
-    ANNOTATE_HAPPENS_AFTER(ptr);
-  }
   return res;
 }
 
 // Increment a reference count by 1.
 inline void AtomicRefCountInc(volatile AtomicRefCount *ptr) {
   base::AtomicRefCountIncN(ptr, 1);
 }
 
@@ -53,28 +48,22 @@ inline bool AtomicRefCountDec(volatile A
 // Return whether the reference count is one.  If the reference count is used
 // in the conventional way, a refrerence count of 1 implies that the current
 // thread owns the reference and no other thread shares it.  This call performs
 // the test for a reference count of one, and performs the memory barrier
 // needed for the owning thread to act on the object, knowing that it has
 // exclusive access to the object.
 inline bool AtomicRefCountIsOne(volatile AtomicRefCount *ptr) {
   bool res = (subtle::Acquire_Load(ptr) == 1);
-  if (res) {
-    ANNOTATE_HAPPENS_AFTER(ptr);
-  }
   return res;
 }
 
 // Return whether the reference count is zero.  With conventional object
 // referencing counting, the object will be destroyed, so the reference count
 // should never be zero.  Hence this is generally used for a debug check.
 inline bool AtomicRefCountIsZero(volatile AtomicRefCount *ptr) {
   bool res = (subtle::Acquire_Load(ptr) == 0);
-  if (res) {
-    ANNOTATE_HAPPENS_AFTER(ptr);
-  }
   return res;
 }
 
 }  // namespace base
 
 #endif  // BASE_ATOMIC_REF_COUNT_H_
--- a/security/sandbox/chromium/base/atomicops.h
+++ b/security/sandbox/chromium/base/atomicops.h
@@ -23,18 +23,21 @@
 //   NoBarrier_Load()
 // Although there are currently no compiler enforcement, you are encouraged
 // to use these.
 //
 
 #ifndef BASE_ATOMICOPS_H_
 #define BASE_ATOMICOPS_H_
 
+#include <cassert>  // Small C++ header which defines implementation specific
+                    // macros used to identify the STL implementation.
 #include <stdint.h>
 
+#include "base/base_export.h"
 #include "build/build_config.h"
 
 #if defined(OS_WIN) && defined(ARCH_CPU_64_BITS)
 // windows.h #defines this (only on x64). This causes problems because the
 // public API also uses MemoryBarrier at the public name for this fence. So, on
 // X64, undef it, and call its documented
 // (http://msdn.microsoft.com/en-us/library/windows/desktop/ms684208.aspx)
 // implementation directly.
@@ -132,36 +135,75 @@ void Release_Store(volatile Atomic64* pt
 Atomic64 NoBarrier_Load(volatile const Atomic64* ptr);
 Atomic64 Acquire_Load(volatile const Atomic64* ptr);
 Atomic64 Release_Load(volatile const Atomic64* ptr);
 #endif  // ARCH_CPU_64_BITS
 
 }  // namespace subtle
 }  // namespace base
 
-// Include our platform specific implementation.
-#if defined(THREAD_SANITIZER)
-#include "base/atomicops_internals_tsan.h"
-#elif defined(OS_WIN) && defined(COMPILER_MSVC) && defined(ARCH_CPU_X86_FAMILY)
-#include "base/atomicops_internals_x86_msvc.h"
-#elif defined(OS_MACOSX)
-#include "base/atomicops_internals_mac.h"
-#elif defined(OS_NACL)
-#include "base/atomicops_internals_gcc.h"
-#elif defined(COMPILER_GCC) && defined(ARCH_CPU_ARMEL)
-#include "base/atomicops_internals_arm_gcc.h"
-#elif defined(COMPILER_GCC) && defined(ARCH_CPU_ARM64)
-#include "base/atomicops_internals_arm64_gcc.h"
-#elif defined(COMPILER_GCC) && defined(ARCH_CPU_X86_FAMILY)
-#include "base/atomicops_internals_x86_gcc.h"
-#elif defined(COMPILER_GCC) && defined(ARCH_CPU_MIPS_FAMILY)
-#include "base/atomicops_internals_mips_gcc.h"
-#else
-#error "Atomic operations are not supported on your platform"
+// The following x86 CPU features are used in atomicops_internals_x86_gcc.h, but
+// this file is duplicated inside of Chrome: protobuf and tcmalloc rely on the
+// struct being present at link time. Some parts of Chrome can currently use the
+// portable interface whereas others still use GCC one. The include guards are
+// the same as in atomicops_internals_x86_gcc.cc.
+#if defined(__i386__) || defined(__x86_64__)
+// This struct is not part of the public API of this module; clients may not
+// use it.  (However, it's exported via BASE_EXPORT because clients implicitly
+// do use it at link time by inlining these functions.)
+// Features of this x86.  Values may not be correct before main() is run,
+// but are set conservatively.
+struct AtomicOps_x86CPUFeatureStruct {
+  bool has_amd_lock_mb_bug; // Processor has AMD memory-barrier bug; do lfence
+                            // after acquire compare-and-swap.
+  // The following fields are unused by Chrome's base implementation but are
+  // still used by copies of the same code in other parts of the code base. This
+  // causes an ODR violation, and the other code is likely reading invalid
+  // memory.
+  // TODO(jfb) Delete these fields once the rest of the Chrome code base doesn't
+  //           depend on them.
+  bool has_sse2;            // Processor has SSE2.
+  bool has_cmpxchg16b;      // Processor supports cmpxchg16b instruction.
+};
+BASE_EXPORT extern struct AtomicOps_x86CPUFeatureStruct
+    AtomicOps_Internalx86CPUFeatures;
 #endif
 
+// Try to use a portable implementation based on C++11 atomics.
+//
+// Some toolchains support C++11 language features without supporting library
+// features (recent compiler, older STL). Whitelist libstdc++ and libc++ that we
+// know will have <atomic> when compiling C++11.
+#if ((__cplusplus >= 201103L) &&                            \
+     ((defined(__GLIBCXX__) && (__GLIBCXX__ > 20110216)) || \
+      (defined(_LIBCPP_VERSION) && (_LIBCPP_STD_VER >= 11))))
+#  include "base/atomicops_internals_portable.h"
+#else  // Otherwise use a platform specific implementation.
+#  if defined(THREAD_SANITIZER)
+#    error "Thread sanitizer must use the portable atomic operations"
+#  elif (defined(OS_WIN) && defined(COMPILER_MSVC) && \
+         defined(ARCH_CPU_X86_FAMILY))
+#    include "base/atomicops_internals_x86_msvc.h"
+#  elif defined(OS_MACOSX)
+#    include "base/atomicops_internals_mac.h"
+#  elif defined(OS_NACL)
+#    include "base/atomicops_internals_gcc.h"
+#  elif defined(COMPILER_GCC) && defined(ARCH_CPU_ARMEL)
+#    include "base/atomicops_internals_arm_gcc.h"
+#  elif defined(COMPILER_GCC) && defined(ARCH_CPU_ARM64)
+#    include "base/atomicops_internals_arm64_gcc.h"
+#  elif defined(COMPILER_GCC) && defined(ARCH_CPU_X86_FAMILY)
+#    include "base/atomicops_internals_x86_gcc.h"
+#  elif (defined(COMPILER_GCC) && \
+         (defined(ARCH_CPU_MIPS_FAMILY) || defined(ARCH_CPU_MIPS64_FAMILY)))
+#    include "base/atomicops_internals_mips_gcc.h"
+#  else
+#    error "Atomic operations are not supported on your platform"
+#  endif
+#endif   // Portable / non-portable includes.
+
 // On some platforms we need additional declarations to make
 // AtomicWord compatible with our other Atomic* types.
 #if defined(OS_MACOSX) || defined(OS_OPENBSD)
 #include "base/atomicops_internals_atomicword_compat.h"
 #endif
 
 #endif  // BASE_ATOMICOPS_H_
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/atomicops_internals_arm_gcc.h
@@ -0,0 +1,294 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// This file is an internal atomic implementation, use base/atomicops.h instead.
+//
+// LinuxKernelCmpxchg and Barrier_AtomicIncrement are from Google Gears.
+
+#ifndef BASE_ATOMICOPS_INTERNALS_ARM_GCC_H_
+#define BASE_ATOMICOPS_INTERNALS_ARM_GCC_H_
+
+#if defined(OS_QNX)
+#include <sys/cpuinline.h>
+#endif
+
+namespace base {
+namespace subtle {
+
+// Memory barriers on ARM are funky, but the kernel is here to help:
+//
+// * ARMv5 didn't support SMP, there is no memory barrier instruction at
+//   all on this architecture, or when targeting its machine code.
+//
+// * Some ARMv6 CPUs support SMP. A full memory barrier can be produced by
+//   writing a random value to a very specific coprocessor register.
+//
+// * On ARMv7, the "dmb" instruction is used to perform a full memory
+//   barrier (though writing to the co-processor will still work).
+//   However, on single core devices (e.g. Nexus One, or Nexus S),
+//   this instruction will take up to 200 ns, which is huge, even though
+//   it's completely un-needed on these devices.
+//
+// * There is no easy way to determine at runtime if the device is
+//   single or multi-core. However, the kernel provides a useful helper
+//   function at a fixed memory address (0xffff0fa0), which will always
+//   perform a memory barrier in the most efficient way. I.e. on single
+//   core devices, this is an empty function that exits immediately.
+//   On multi-core devices, it implements a full memory barrier.
+//
+// * This source could be compiled to ARMv5 machine code that runs on a
+//   multi-core ARMv6 or ARMv7 device. In this case, memory barriers
+//   are needed for correct execution. Always call the kernel helper, even
+//   when targeting ARMv5TE.
+//
+
+inline void MemoryBarrier() {
+#if defined(OS_LINUX) || defined(OS_ANDROID)
+  // Note: This is a function call, which is also an implicit compiler barrier.
+  typedef void (*KernelMemoryBarrierFunc)();
+  ((KernelMemoryBarrierFunc)0xffff0fa0)();
+#elif defined(OS_QNX)
+  __cpu_membarrier();
+#else
+#error MemoryBarrier() is not implemented on this platform.
+#endif
+}
+
+// An ARM toolchain would only define one of these depending on which
+// variant of the target architecture is being used. This tests against
+// any known ARMv6 or ARMv7 variant, where it is possible to directly
+// use ldrex/strex instructions to implement fast atomic operations.
+#if defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \
+    defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__) || \
+    defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || \
+    defined(__ARM_ARCH_6K__) || defined(__ARM_ARCH_6Z__) || \
+    defined(__ARM_ARCH_6ZK__) || defined(__ARM_ARCH_6T2__)
+
+inline Atomic32 NoBarrier_CompareAndSwap(volatile Atomic32* ptr,
+                                         Atomic32 old_value,
+                                         Atomic32 new_value) {
+  Atomic32 prev_value;
+  int reloop;
+  do {
+    // The following is equivalent to:
+    //
+    //   prev_value = LDREX(ptr)
+    //   reloop = 0
+    //   if (prev_value != old_value)
+    //      reloop = STREX(ptr, new_value)
+    __asm__ __volatile__("    ldrex %0, [%3]\n"
+                         "    mov %1, #0\n"
+                         "    cmp %0, %4\n"
+#ifdef __thumb2__
+                         "    it eq\n"
+#endif
+                         "    strexeq %1, %5, [%3]\n"
+                         : "=&r"(prev_value), "=&r"(reloop), "+m"(*ptr)
+                         : "r"(ptr), "r"(old_value), "r"(new_value)
+                         : "cc", "memory");
+  } while (reloop != 0);
+  return prev_value;
+}
+
+inline Atomic32 Acquire_CompareAndSwap(volatile Atomic32* ptr,
+                                       Atomic32 old_value,
+                                       Atomic32 new_value) {
+  Atomic32 result = NoBarrier_CompareAndSwap(ptr, old_value, new_value);
+  MemoryBarrier();
+  return result;
+}
+
+inline Atomic32 Release_CompareAndSwap(volatile Atomic32* ptr,
+                                       Atomic32 old_value,
+                                       Atomic32 new_value) {
+  MemoryBarrier();
+  return NoBarrier_CompareAndSwap(ptr, old_value, new_value);
+}
+
+inline Atomic32 NoBarrier_AtomicIncrement(volatile Atomic32* ptr,
+                                          Atomic32 increment) {
+  Atomic32 value;
+  int reloop;
+  do {
+    // Equivalent to:
+    //
+    //  value = LDREX(ptr)
+    //  value += increment
+    //  reloop = STREX(ptr, value)
+    //
+    __asm__ __volatile__("    ldrex %0, [%3]\n"
+                         "    add %0, %0, %4\n"
+                         "    strex %1, %0, [%3]\n"
+                         : "=&r"(value), "=&r"(reloop), "+m"(*ptr)
+                         : "r"(ptr), "r"(increment)
+                         : "cc", "memory");
+  } while (reloop);
+  return value;
+}
+
+inline Atomic32 Barrier_AtomicIncrement(volatile Atomic32* ptr,
+                                        Atomic32 increment) {
+  // TODO(digit): Investigate if it's possible to implement this with
+  // a single MemoryBarrier() operation between the LDREX and STREX.
+  // See http://crbug.com/246514
+  MemoryBarrier();
+  Atomic32 result = NoBarrier_AtomicIncrement(ptr, increment);
+  MemoryBarrier();
+  return result;
+}
+
+inline Atomic32 NoBarrier_AtomicExchange(volatile Atomic32* ptr,
+                                         Atomic32 new_value) {
+  Atomic32 old_value;
+  int reloop;
+  do {
+    // old_value = LDREX(ptr)
+    // reloop = STREX(ptr, new_value)
+    __asm__ __volatile__("   ldrex %0, [%3]\n"
+                         "   strex %1, %4, [%3]\n"
+                         : "=&r"(old_value), "=&r"(reloop), "+m"(*ptr)
+                         : "r"(ptr), "r"(new_value)
+                         : "cc", "memory");
+  } while (reloop != 0);
+  return old_value;
+}
+
+// This tests against any known ARMv5 variant.
+#elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) || \
+      defined(__ARM_ARCH_5TE__) || defined(__ARM_ARCH_5TEJ__)
+
+// The kernel also provides a helper function to perform an atomic
+// compare-and-swap operation at the hard-wired address 0xffff0fc0.
+// On ARMv5, this is implemented by a special code path that the kernel
+// detects and treats specially when thread pre-emption happens.
+// On ARMv6 and higher, it uses LDREX/STREX instructions instead.
+//
+// Note that this always perform a full memory barrier, there is no
+// need to add calls MemoryBarrier() before or after it. It also
+// returns 0 on success, and 1 on exit.
+//
+// Available and reliable since Linux 2.6.24. Both Android and ChromeOS
+// use newer kernel revisions, so this should not be a concern.
+namespace {
+
+inline int LinuxKernelCmpxchg(Atomic32 old_value,
+                              Atomic32 new_value,
+                              volatile Atomic32* ptr) {
+  typedef int (*KernelCmpxchgFunc)(Atomic32, Atomic32, volatile Atomic32*);
+  return ((KernelCmpxchgFunc)0xffff0fc0)(old_value, new_value, ptr);
+}
+
+}  // namespace
+
+inline Atomic32 NoBarrier_CompareAndSwap(volatile Atomic32* ptr,
+                                         Atomic32 old_value,
+                                         Atomic32 new_value) {
+  Atomic32 prev_value;
+  for (;;) {
+    prev_value = *ptr;
+    if (prev_value != old_value)
+      return prev_value;
+    if (!LinuxKernelCmpxchg(old_value, new_value, ptr))
+      return old_value;
+  }
+}
+
+inline Atomic32 NoBarrier_AtomicExchange(volatile Atomic32* ptr,
+                                         Atomic32 new_value) {
+  Atomic32 old_value;
+  do {
+    old_value = *ptr;
+  } while (LinuxKernelCmpxchg(old_value, new_value, ptr));
+  return old_value;
+}
+
+inline Atomic32 NoBarrier_AtomicIncrement(volatile Atomic32* ptr,
+                                          Atomic32 increment) {
+  return Barrier_AtomicIncrement(ptr, increment);
+}
+
+inline Atomic32 Barrier_AtomicIncrement(volatile Atomic32* ptr,
+                                        Atomic32 increment) {
+  for (;;) {
+    // Atomic exchange the old value with an incremented one.
+    Atomic32 old_value = *ptr;
+    Atomic32 new_value = old_value + increment;
+    if (!LinuxKernelCmpxchg(old_value, new_value, ptr)) {
+      // The exchange took place as expected.
+      return new_value;
+    }
+    // Otherwise, *ptr changed mid-loop and we need to retry.
+  }
+}
+
+inline Atomic32 Acquire_CompareAndSwap(volatile Atomic32* ptr,
+                                       Atomic32 old_value,
+                                       Atomic32 new_value) {
+  Atomic32 prev_value;
+  for (;;) {
+    prev_value = *ptr;
+    if (prev_value != old_value) {
+      // Always ensure acquire semantics.
+      MemoryBarrier();
+      return prev_value;
+    }
+    if (!LinuxKernelCmpxchg(old_value, new_value, ptr))
+      return old_value;
+  }
+}
+
+inline Atomic32 Release_CompareAndSwap(volatile Atomic32* ptr,
+                                       Atomic32 old_value,
+                                       Atomic32 new_value) {
+  // This could be implemented as:
+  //    MemoryBarrier();
+  //    return NoBarrier_CompareAndSwap();
+  //
+  // But would use 3 barriers per succesful CAS. To save performance,
+  // use Acquire_CompareAndSwap(). Its implementation guarantees that:
+  // - A succesful swap uses only 2 barriers (in the kernel helper).
+  // - An early return due to (prev_value != old_value) performs
+  //   a memory barrier with no store, which is equivalent to the
+  //   generic implementation above.
+  return Acquire_CompareAndSwap(ptr, old_value, new_value);
+}
+
+#else
+#  error "Your CPU's ARM architecture is not supported yet"
+#endif
+
+// NOTE: Atomicity of the following load and store operations is only
+// guaranteed in case of 32-bit alignement of |ptr| values.
+
+inline void NoBarrier_Store(volatile Atomic32* ptr, Atomic32 value) {
+  *ptr = value;
+}
+
+inline void Acquire_Store(volatile Atomic32* ptr, Atomic32 value) {
+  *ptr = value;
+  MemoryBarrier();
+}
+
+inline void Release_Store(volatile Atomic32* ptr, Atomic32 value) {
+  MemoryBarrier();
+  *ptr = value;
+}
+
+inline Atomic32 NoBarrier_Load(volatile const Atomic32* ptr) { return *ptr; }
+
+inline Atomic32 Acquire_Load(volatile const Atomic32* ptr) {
+  Atomic32 value = *ptr;
+  MemoryBarrier();
+  return value;
+}
+
+inline Atomic32 Release_Load(volatile const Atomic32* ptr) {
+  MemoryBarrier();
+  return *ptr;
+}
+
+}  // namespace base::subtle
+}  // namespace base
+
+#endif  // BASE_ATOMICOPS_INTERNALS_ARM_GCC_H_
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/atomicops_internals_portable.h
@@ -0,0 +1,227 @@
+// Copyright (c) 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// This file is an internal atomic implementation, use atomicops.h instead.
+//
+// This implementation uses C++11 atomics' member functions. The code base is
+// currently written assuming atomicity revolves around accesses instead of
+// C++11's memory locations. The burden is on the programmer to ensure that all
+// memory locations accessed atomically are never accessed non-atomically (tsan
+// should help with this).
+//
+// TODO(jfb) Modify the atomicops.h API and user code to declare atomic
+//           locations as truly atomic. See the static_assert below.
+//
+// Of note in this implementation:
+//  * All NoBarrier variants are implemented as relaxed.
+//  * All Barrier variants are implemented as sequentially-consistent.
+//  * Compare exchange's failure ordering is always the same as the success one
+//    (except for release, which fails as relaxed): using a weaker ordering is
+//    only valid under certain uses of compare exchange.
+//  * Acquire store doesn't exist in the C11 memory model, it is instead
+//    implemented as a relaxed store followed by a sequentially consistent
+//    fence.
+//  * Release load doesn't exist in the C11 memory model, it is instead
+//    implemented as sequentially consistent fence followed by a relaxed load.
+//  * Atomic increment is expected to return the post-incremented value, whereas
+//    C11 fetch add returns the previous value. The implementation therefore
+//    needs to increment twice (which the compiler should be able to detect and
+//    optimize).
+
+#ifndef BASE_ATOMICOPS_INTERNALS_PORTABLE_H_
+#define BASE_ATOMICOPS_INTERNALS_PORTABLE_H_
+
+#include <atomic>
+
+namespace base {
+namespace subtle {
+
+// This implementation is transitional and maintains the original API for
+// atomicops.h. This requires casting memory locations to the atomic types, and
+// assumes that the API and the C++11 implementation are layout-compatible,
+// which isn't true for all implementations or hardware platforms. The static
+// assertion should detect this issue, were it to fire then this header
+// shouldn't be used.
+//
+// TODO(jfb) If this header manages to stay committed then the API should be
+//           modified, and all call sites updated.
+typedef volatile std::atomic<Atomic32>* AtomicLocation32;
+static_assert(sizeof(*(AtomicLocation32) nullptr) == sizeof(Atomic32),
+              "incompatible 32-bit atomic layout");
+
+inline void MemoryBarrier() {
+#if defined(__GLIBCXX__)
+  // Work around libstdc++ bug 51038 where atomic_thread_fence was declared but
+  // not defined, leading to the linker complaining about undefined references.
+  __atomic_thread_fence(std::memory_order_seq_cst);
+#else
+  std::atomic_thread_fence(std::memory_order_seq_cst);
+#endif
+}
+
+inline Atomic32 NoBarrier_CompareAndSwap(volatile Atomic32* ptr,
+                                         Atomic32 old_value,
+                                         Atomic32 new_value) {
+  ((AtomicLocation32)ptr)
+      ->compare_exchange_strong(old_value,
+                                new_value,
+                                std::memory_order_relaxed,
+                                std::memory_order_relaxed);
+  return old_value;
+}
+
+inline Atomic32 NoBarrier_AtomicExchange(volatile Atomic32* ptr,
+                                         Atomic32 new_value) {
+  return ((AtomicLocation32)ptr)
+      ->exchange(new_value, std::memory_order_relaxed);
+}
+
+inline Atomic32 NoBarrier_AtomicIncrement(volatile Atomic32* ptr,
+                                          Atomic32 increment) {
+  return increment +
+         ((AtomicLocation32)ptr)
+             ->fetch_add(increment, std::memory_order_relaxed);
+}
+
+inline Atomic32 Barrier_AtomicIncrement(volatile Atomic32* ptr,
+                                        Atomic32 increment) {
+  return increment + ((AtomicLocation32)ptr)->fetch_add(increment);
+}
+
+inline Atomic32 Acquire_CompareAndSwap(volatile Atomic32* ptr,
+                                       Atomic32 old_value,
+                                       Atomic32 new_value) {
+  ((AtomicLocation32)ptr)
+      ->compare_exchange_strong(old_value,
+                                new_value,
+                                std::memory_order_acquire,
+                                std::memory_order_acquire);
+  return old_value;
+}
+
+inline Atomic32 Release_CompareAndSwap(volatile Atomic32* ptr,
+                                       Atomic32 old_value,
+                                       Atomic32 new_value) {
+  ((AtomicLocation32)ptr)
+      ->compare_exchange_strong(old_value,
+                                new_value,
+                                std::memory_order_release,
+                                std::memory_order_relaxed);
+  return old_value;
+}
+
+inline void NoBarrier_Store(volatile Atomic32* ptr, Atomic32 value) {
+  ((AtomicLocation32)ptr)->store(value, std::memory_order_relaxed);
+}
+
+inline void Acquire_Store(volatile Atomic32* ptr, Atomic32 value) {
+  ((AtomicLocation32)ptr)->store(value, std::memory_order_relaxed);
+  MemoryBarrier();
+}
+
+inline void Release_Store(volatile Atomic32* ptr, Atomic32 value) {
+  ((AtomicLocation32)ptr)->store(value, std::memory_order_release);
+}
+
+inline Atomic32 NoBarrier_Load(volatile const Atomic32* ptr) {
+  return ((AtomicLocation32)ptr)->load(std::memory_order_relaxed);
+}
+
+inline Atomic32 Acquire_Load(volatile const Atomic32* ptr) {
+  return ((AtomicLocation32)ptr)->load(std::memory_order_acquire);
+}
+
+inline Atomic32 Release_Load(volatile const Atomic32* ptr) {
+  MemoryBarrier();
+  return ((AtomicLocation32)ptr)->load(std::memory_order_relaxed);
+}
+
+#if defined(ARCH_CPU_64_BITS)
+
+typedef volatile std::atomic<Atomic64>* AtomicLocation64;
+static_assert(sizeof(*(AtomicLocation64) nullptr) == sizeof(Atomic64),
+              "incompatible 64-bit atomic layout");
+
+inline Atomic64 NoBarrier_CompareAndSwap(volatile Atomic64* ptr,
+                                         Atomic64 old_value,
+                                         Atomic64 new_value) {
+  ((AtomicLocation64)ptr)
+      ->compare_exchange_strong(old_value,
+                                new_value,
+                                std::memory_order_relaxed,
+                                std::memory_order_relaxed);
+  return old_value;
+}
+
+inline Atomic64 NoBarrier_AtomicExchange(volatile Atomic64* ptr,
+                                         Atomic64 new_value) {
+  return ((AtomicLocation64)ptr)
+      ->exchange(new_value, std::memory_order_relaxed);
+}
+
+inline Atomic64 NoBarrier_AtomicIncrement(volatile Atomic64* ptr,
+                                          Atomic64 increment) {
+  return increment +
+         ((AtomicLocation64)ptr)
+             ->fetch_add(increment, std::memory_order_relaxed);
+}
+
+inline Atomic64 Barrier_AtomicIncrement(volatile Atomic64* ptr,
+                                        Atomic64 increment) {
+  return increment + ((AtomicLocation64)ptr)->fetch_add(increment);
+}
+
+inline Atomic64 Acquire_CompareAndSwap(volatile Atomic64* ptr,
+                                       Atomic64 old_value,
+                                       Atomic64 new_value) {
+  ((AtomicLocation64)ptr)
+      ->compare_exchange_strong(old_value,
+                                new_value,
+                                std::memory_order_acquire,
+                                std::memory_order_acquire);
+  return old_value;
+}
+
+inline Atomic64 Release_CompareAndSwap(volatile Atomic64* ptr,
+                                       Atomic64 old_value,
+                                       Atomic64 new_value) {
+  ((AtomicLocation64)ptr)
+      ->compare_exchange_strong(old_value,
+                                new_value,
+                                std::memory_order_release,
+                                std::memory_order_relaxed);
+  return old_value;
+}
+
+inline void NoBarrier_Store(volatile Atomic64* ptr, Atomic64 value) {
+  ((AtomicLocation64)ptr)->store(value, std::memory_order_relaxed);
+}
+
+inline void Acquire_Store(volatile Atomic64* ptr, Atomic64 value) {
+  ((AtomicLocation64)ptr)->store(value, std::memory_order_relaxed);
+  MemoryBarrier();
+}
+
+inline void Release_Store(volatile Atomic64* ptr, Atomic64 value) {
+  ((AtomicLocation64)ptr)->store(value, std::memory_order_release);
+}
+
+inline Atomic64 NoBarrier_Load(volatile const Atomic64* ptr) {
+  return ((AtomicLocation64)ptr)->load(std::memory_order_relaxed);
+}
+
+inline Atomic64 Acquire_Load(volatile const Atomic64* ptr) {
+  return ((AtomicLocation64)ptr)->load(std::memory_order_acquire);
+}
+
+inline Atomic64 Release_Load(volatile const Atomic64* ptr) {
+  MemoryBarrier();
+  return ((AtomicLocation64)ptr)->load(std::memory_order_relaxed);
+}
+
+#endif  // defined(ARCH_CPU_64_BITS)
+}
+}  // namespace base::subtle
+
+#endif  // BASE_ATOMICOPS_INTERNALS_PORTABLE_H_
deleted file mode 100644
--- a/security/sandbox/chromium/base/atomicops_internals_tsan.h
+++ /dev/null
@@ -1,186 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// This file is an internal atomic implementation for compiler-based
-// ThreadSanitizer. Use base/atomicops.h instead.
-
-#ifndef BASE_ATOMICOPS_INTERNALS_TSAN_H_
-#define BASE_ATOMICOPS_INTERNALS_TSAN_H_
-
-#include <sanitizer/tsan_interface_atomic.h>
-
-namespace base {
-namespace subtle {
-
-inline Atomic32 NoBarrier_CompareAndSwap(volatile Atomic32* ptr,
-                                         Atomic32 old_value,
-                                         Atomic32 new_value) {
-  Atomic32 cmp = old_value;
-  __tsan_atomic32_compare_exchange_strong(ptr, &cmp, new_value,
-      __tsan_memory_order_relaxed, __tsan_memory_order_relaxed);
-  return cmp;
-}
-
-inline Atomic32 NoBarrier_AtomicExchange(volatile Atomic32* ptr,
-                                         Atomic32 new_value) {
-  return __tsan_atomic32_exchange(ptr, new_value,
-      __tsan_memory_order_relaxed);
-}
-
-inline Atomic32 Acquire_AtomicExchange(volatile Atomic32* ptr,
-                                       Atomic32 new_value) {
-  return __tsan_atomic32_exchange(ptr, new_value,
-      __tsan_memory_order_acquire);
-}
-
-inline Atomic32 Release_AtomicExchange(volatile Atomic32* ptr,
-                                       Atomic32 new_value) {
-  return __tsan_atomic32_exchange(ptr, new_value,
-      __tsan_memory_order_release);
-}
-
-inline Atomic32 NoBarrier_AtomicIncrement(volatile Atomic32* ptr,
-                                          Atomic32 increment) {
-  return increment + __tsan_atomic32_fetch_add(ptr, increment,
-      __tsan_memory_order_relaxed);
-}
-
-inline Atomic32 Barrier_AtomicIncrement(volatile Atomic32* ptr,
-                                        Atomic32 increment) {
-  return increment + __tsan_atomic32_fetch_add(ptr, increment,
-      __tsan_memory_order_acq_rel);
-}
-
-inline Atomic32 Acquire_CompareAndSwap(volatile Atomic32* ptr,
-                                       Atomic32 old_value,
-                                       Atomic32 new_value) {
-  Atomic32 cmp = old_value;
-  __tsan_atomic32_compare_exchange_strong(ptr, &cmp, new_value,
-      __tsan_memory_order_acquire, __tsan_memory_order_acquire);
-  return cmp;
-}
-
-inline Atomic32 Release_CompareAndSwap(volatile Atomic32* ptr,
-                                       Atomic32 old_value,
-                                       Atomic32 new_value) {
-  Atomic32 cmp = old_value;
-  __tsan_atomic32_compare_exchange_strong(ptr, &cmp, new_value,
-      __tsan_memory_order_release, __tsan_memory_order_relaxed);
-  return cmp;
-}
-
-inline void NoBarrier_Store(volatile Atomic32* ptr, Atomic32 value) {
-  __tsan_atomic32_store(ptr, value, __tsan_memory_order_relaxed);
-}
-
-inline void Acquire_Store(volatile Atomic32* ptr, Atomic32 value) {
-  __tsan_atomic32_store(ptr, value, __tsan_memory_order_relaxed);
-  __tsan_atomic_thread_fence(__tsan_memory_order_seq_cst);
-}
-
-inline void Release_Store(volatile Atomic32* ptr, Atomic32 value) {
-  __tsan_atomic32_store(ptr, value, __tsan_memory_order_release);
-}
-
-inline Atomic32 NoBarrier_Load(volatile const Atomic32* ptr) {
-  return __tsan_atomic32_load(ptr, __tsan_memory_order_relaxed);
-}
-
-inline Atomic32 Acquire_Load(volatile const Atomic32* ptr) {
-  return __tsan_atomic32_load(ptr, __tsan_memory_order_acquire);
-}
-
-inline Atomic32 Release_Load(volatile const Atomic32* ptr) {
-  __tsan_atomic_thread_fence(__tsan_memory_order_seq_cst);
-  return __tsan_atomic32_load(ptr, __tsan_memory_order_relaxed);
-}
-
-inline Atomic64 NoBarrier_CompareAndSwap(volatile Atomic64* ptr,
-                                         Atomic64 old_value,
-                                         Atomic64 new_value) {
-  Atomic64 cmp = old_value;
-  __tsan_atomic64_compare_exchange_strong(ptr, &cmp, new_value,
-      __tsan_memory_order_relaxed, __tsan_memory_order_relaxed);
-  return cmp;
-}
-
-inline Atomic64 NoBarrier_AtomicExchange(volatile Atomic64* ptr,
-                                         Atomic64 new_value) {
-  return __tsan_atomic64_exchange(ptr, new_value, __tsan_memory_order_relaxed);
-}
-
-inline Atomic64 Acquire_AtomicExchange(volatile Atomic64* ptr,
-                                       Atomic64 new_value) {
-  return __tsan_atomic64_exchange(ptr, new_value, __tsan_memory_order_acquire);
-}
-
-inline Atomic64 Release_AtomicExchange(volatile Atomic64* ptr,
-                                       Atomic64 new_value) {
-  return __tsan_atomic64_exchange(ptr, new_value, __tsan_memory_order_release);
-}
-
-inline Atomic64 NoBarrier_AtomicIncrement(volatile Atomic64* ptr,
-                                          Atomic64 increment) {
-  return increment + __tsan_atomic64_fetch_add(ptr, increment,
-      __tsan_memory_order_relaxed);
-}
-
-inline Atomic64 Barrier_AtomicIncrement(volatile Atomic64* ptr,
-                                        Atomic64 increment) {
-  return increment + __tsan_atomic64_fetch_add(ptr, increment,
-      __tsan_memory_order_acq_rel);
-}
-
-inline void NoBarrier_Store(volatile Atomic64* ptr, Atomic64 value) {
-  __tsan_atomic64_store(ptr, value, __tsan_memory_order_relaxed);
-}
-
-inline void Acquire_Store(volatile Atomic64* ptr, Atomic64 value) {
-  __tsan_atomic64_store(ptr, value, __tsan_memory_order_relaxed);
-  __tsan_atomic_thread_fence(__tsan_memory_order_seq_cst);
-}
-
-inline void Release_Store(volatile Atomic64* ptr, Atomic64 value) {
-  __tsan_atomic64_store(ptr, value, __tsan_memory_order_release);
-}
-
-inline Atomic64 NoBarrier_Load(volatile const Atomic64* ptr) {
-  return __tsan_atomic64_load(ptr, __tsan_memory_order_relaxed);
-}
-
-inline Atomic64 Acquire_Load(volatile const Atomic64* ptr) {
-  return __tsan_atomic64_load(ptr, __tsan_memory_order_acquire);
-}
-
-inline Atomic64 Release_Load(volatile const Atomic64* ptr) {
-  __tsan_atomic_thread_fence(__tsan_memory_order_seq_cst);
-  return __tsan_atomic64_load(ptr, __tsan_memory_order_relaxed);
-}
-
-inline Atomic64 Acquire_CompareAndSwap(volatile Atomic64* ptr,
-                                       Atomic64 old_value,
-                                       Atomic64 new_value) {
-  Atomic64 cmp = old_value;
-  __tsan_atomic64_compare_exchange_strong(ptr, &cmp, new_value,
-      __tsan_memory_order_acquire, __tsan_memory_order_acquire);
-  return cmp;
-}
-
-inline Atomic64 Release_CompareAndSwap(volatile Atomic64* ptr,
-                                       Atomic64 old_value,
-                                       Atomic64 new_value) {
-  Atomic64 cmp = old_value;
-  __tsan_atomic64_compare_exchange_strong(ptr, &cmp, new_value,
-      __tsan_memory_order_release, __tsan_memory_order_relaxed);
-  return cmp;
-}
-
-inline void MemoryBarrier() {
-  __tsan_atomic_thread_fence(__tsan_memory_order_seq_cst);
-}
-
-}  // namespace base::subtle
-}  // namespace base
-
-#endif  // BASE_ATOMICOPS_INTERNALS_TSAN_H_
--- a/security/sandbox/chromium/base/atomicops_internals_x86_gcc.h
+++ b/security/sandbox/chromium/base/atomicops_internals_x86_gcc.h
@@ -2,30 +2,16 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file is an internal atomic implementation, use base/atomicops.h instead.
 
 #ifndef BASE_ATOMICOPS_INTERNALS_X86_GCC_H_
 #define BASE_ATOMICOPS_INTERNALS_X86_GCC_H_
 
-#include "base/base_export.h"
-
-// This struct is not part of the public API of this module; clients may not
-// use it.  (However, it's exported via BASE_EXPORT because clients implicitly
-// do use it at link time by inlining these functions.)
-// Features of this x86.  Values may not be correct before main() is run,
-// but are set conservatively.
-struct AtomicOps_x86CPUFeatureStruct {
-  bool has_amd_lock_mb_bug; // Processor has AMD memory-barrier bug; do lfence
-                            // after acquire compare-and-swap.
-};
-BASE_EXPORT extern struct AtomicOps_x86CPUFeatureStruct
-    AtomicOps_Internalx86CPUFeatures;
-
 #define ATOMICOPS_COMPILER_BARRIER() __asm__ __volatile__("" : : : "memory")
 
 namespace base {
 namespace subtle {
 
 // 32-bit low-level operations on any platform.
 
 inline Atomic32 NoBarrier_CompareAndSwap(volatile Atomic32* ptr,
--- a/security/sandbox/chromium/base/base_paths_win.h
+++ b/security/sandbox/chromium/base/base_paths_win.h
@@ -20,30 +20,27 @@ enum {
   DIR_PROGRAM_FILESX86,   // Usually c:\program files or c:\program files (x86)
 
   DIR_IE_INTERNET_CACHE,  // Temporary Internet Files directory.
   DIR_COMMON_START_MENU,  // Usually "C:\Documents and Settings\All Users\
                           // Start Menu\Programs"
   DIR_START_MENU,         // Usually "C:\Documents and Settings\<user>\
                           // Start Menu\Programs"
   DIR_APP_DATA,           // Application Data directory under the user profile.
-  DIR_LOCAL_APP_DATA_LOW, // Local AppData directory for low integrity level.
   DIR_LOCAL_APP_DATA,     // "Local Settings\Application Data" directory under
                           // the user profile.
   DIR_COMMON_APP_DATA,    // W2K, XP, W2K3: "C:\Documents and Settings\
                           // All Users\Application Data".
                           // Vista, W2K8 and above: "C:\ProgramData".
   DIR_APP_SHORTCUTS,      // Where tiles on the start screen are stored, only
                           // for Windows 8. Maps to "Local\AppData\Microsoft\
                           // Windows\Application Shortcuts\".
   DIR_COMMON_DESKTOP,     // Directory for the common desktop (visible
                           // on all user's Desktop).
   DIR_USER_QUICK_LAUNCH,  // Directory for the quick launch shortcuts.
-  DIR_DEFAULT_USER_QUICK_LAUNCH,  // Directory for the quick launch shortcuts
-                                  // of the Default user.
   DIR_TASKBAR_PINS,       // Directory for the shortcuts pinned to taskbar via
                           // base::win::TaskbarPinShortcutLink().
   DIR_WINDOWS_FONTS,      // Usually C:\Windows\Fonts.
 
   PATH_WIN_END
 };
 
 }  // namespace base
--- a/security/sandbox/chromium/base/base_switches.cc
+++ b/security/sandbox/chromium/base/base_switches.cc
@@ -45,16 +45,24 @@ const char kV[]                         
 const char kVModule[]                       = "vmodule";
 
 // Will wait for 60 seconds for a debugger to come to attach to the process.
 const char kWaitForDebugger[]               = "wait-for-debugger";
 
 // Sends a pretty-printed version of tracing info to the console.
 const char kTraceToConsole[]                = "trace-to-console";
 
+// Sends trace events from these categories to a file.
+// --trace-to-file on its own sends to default categories.
+const char kTraceToFile[]                   = "trace-to-file";
+
+// Specifies the file name for --trace-to-file. If unspecified, it will
+// go to a default file name.
+const char kTraceToFileName[]               = "trace-to-file-name";
+
 // Configure whether chrome://profiler will contain timing information. This
 // option is enabled by default. A value of "0" will disable profiler timing,
 // while all other values will enable it.
 const char kProfilerTiming[]                = "profiler-timing";
 // Value of the --profiler-timing flag that will disable timing information for
 // chrome://profiler.
 const char kProfilerTimingDisabledValue[]   = "0";
 
--- a/security/sandbox/chromium/base/base_switches.h
+++ b/security/sandbox/chromium/base/base_switches.h
@@ -15,16 +15,18 @@ extern const char kDisableBreakpad[];
 extern const char kEnableCrashReporter[];
 extern const char kFullMemoryCrashReport[];
 extern const char kLowEndDeviceMode[];
 extern const char kNoErrorDialogs[];
 extern const char kProfilerTiming[];
 extern const char kProfilerTimingDisabledValue[];
 extern const char kTestChildProcess[];
 extern const char kTraceToConsole[];
+extern const char kTraceToFile[];
+extern const char kTraceToFileName[];
 extern const char kV[];
 extern const char kVModule[];
 extern const char kWaitForDebugger[];
 
 #if defined(OS_POSIX)
 extern const char kEnableCrashReporterForTesting[];
 #endif
 
--- a/security/sandbox/chromium/base/basictypes.h
+++ b/security/sandbox/chromium/base/basictypes.h
@@ -17,34 +17,21 @@
 
 #include "base/macros.h"
 #include "base/port.h"  // Types that only need exist on certain systems.
 
 // DEPRECATED: Please use (u)int{8,16,32,64}_t instead (and include <stdint.h>).
 typedef int8_t int8;
 typedef uint8_t uint8;
 typedef int16_t int16;
+typedef uint16_t uint16;
 typedef int32_t int32;
-typedef uint16_t uint16;
 typedef uint32_t uint32;
-
-// TODO(vtl): Figure what's up with the 64-bit types. Can we just define them as
-// |int64_t|/|uint64_t|?
-// The NSPR system headers define 64-bit as |long| when possible, except on
-// Mac OS X.  In order to not have typedef mismatches, we do the same on LP64.
-//
-// On Mac OS X, |long long| is used for 64-bit types for compatibility with
-// <inttypes.h> format macros even in the LP64 model.
-#if defined(__LP64__) && !defined(OS_MACOSX) && !defined(OS_OPENBSD)
-typedef long int64;
-typedef unsigned long uint64;
-#else
-typedef long long int64;
-typedef unsigned long long uint64;
-#endif
+typedef int64_t int64;
+typedef uint64_t uint64;
 
 // DEPRECATED: Please use std::numeric_limits (from <limits>) instead.
 const uint8  kuint8max  =  0xFF;
 const uint16 kuint16max =  0xFFFF;
 const uint32 kuint32max =  0xFFFFFFFF;
 const uint64 kuint64max =  0xFFFFFFFFFFFFFFFFULL;
 const  int8  kint8min   = -0x7F - 1;
 const  int8  kint8max   =  0x7F;
--- a/security/sandbox/chromium/base/bind_helpers.h
+++ b/security/sandbox/chromium/base/bind_helpers.h
@@ -246,17 +246,17 @@ class SupportsAddRefAndRelease {
 
   template <typename C>
   static No& Check(Helper<&C::AddRef>*);
 
   template <typename >
   static Yes& Check(...);
 
  public:
-  static const bool value = sizeof(Check<Base>(0)) == sizeof(Yes);
+  enum { value = sizeof(Check<Base>(0)) == sizeof(Yes) };
 };
 
 // Helpers to assert that arguments of a recounted type are bound with a
 // scoped_refptr.
 template <bool IsClasstype, typename T>
 struct UnsafeBindtoRefCountedArgHelper : false_type {
 };
 
@@ -281,17 +281,17 @@ class HasIsMethodTag {
 
   template <typename U>
   static Yes& Check(typename U::IsMethod*);
 
   template <typename U>
   static No& Check(...);
 
  public:
-  static const bool value = sizeof(Check<T>(0)) == sizeof(Yes);
+  enum { value = sizeof(Check<T>(0)) == sizeof(Yes) };
 };
 
 template <typename T>
 class UnretainedWrapper {
  public:
   explicit UnretainedWrapper(T* o) : ptr_(o) {}
   T* get() const { return ptr_; }
  private:
--- a/security/sandbox/chromium/base/bind_internal_win.h
+++ b/security/sandbox/chromium/base/bind_internal_win.h
@@ -1,13 +1,8 @@
-// This file was GENERATED by command:
-//     pump.py bind_internal_win.h.pump
-// DO NOT EDIT BY HAND!!!
-
-
 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // Specializations of RunnableAdapter<> for Windows specific calling
 // conventions.  Please see base/bind_internal.h for more info.
 
 #ifndef BASE_BIND_INTERNAL_WIN_H_
@@ -19,350 +14,50 @@
 #if !defined(ARCH_CPU_X86_64)
 
 namespace base {
 namespace internal {
 
 template <typename Functor>
 class RunnableAdapter;
 
-// __stdcall Function: Arity 0.
-template <typename R>
-class RunnableAdapter<R(__stdcall *)()> {
- public:
-  typedef R (RunType)();
-
-  explicit RunnableAdapter(R(__stdcall *function)())
-      : function_(function) {
-  }
-
-  R Run() {
-    return function_();
-  }
-
- private:
-  R (__stdcall *function_)();
-};
-
-// __fastcall Function: Arity 0.
-template <typename R>
-class RunnableAdapter<R(__fastcall *)()> {
+// __stdcall Function.
+template <typename R, typename... Args>
+class RunnableAdapter<R(__stdcall *)(Args...)> {
  public:
-  typedef R (RunType)();
-
-  explicit RunnableAdapter(R(__fastcall *function)())
-      : function_(function) {
-  }
-
-  R Run() {
-    return function_();
-  }
-
- private:
-  R (__fastcall *function_)();
-};
-
-// __stdcall Function: Arity 1.
-template <typename R, typename A1>
-class RunnableAdapter<R(__stdcall *)(A1)> {
- public:
-  typedef R (RunType)(A1);
-
-  explicit RunnableAdapter(R(__stdcall *function)(A1))
-      : function_(function) {
-  }
-
-  R Run(typename CallbackParamTraits<A1>::ForwardType a1) {
-    return function_(a1);
-  }
-
- private:
-  R (__stdcall *function_)(A1);
-};
-
-// __fastcall Function: Arity 1.
-template <typename R, typename A1>
-class RunnableAdapter<R(__fastcall *)(A1)> {
- public:
-  typedef R (RunType)(A1);
-
-  explicit RunnableAdapter(R(__fastcall *function)(A1))
-      : function_(function) {
-  }
-
-  R Run(typename CallbackParamTraits<A1>::ForwardType a1) {
-    return function_(a1);
-  }
-
- private:
-  R (__fastcall *function_)(A1);
-};
-
-// __stdcall Function: Arity 2.
-template <typename R, typename A1, typename A2>
-class RunnableAdapter<R(__stdcall *)(A1, A2)> {
- public:
-  typedef R (RunType)(A1, A2);
+  typedef R (RunType)(Args...);
 
-  explicit RunnableAdapter(R(__stdcall *function)(A1, A2))
-      : function_(function) {
-  }
-
-  R Run(typename CallbackParamTraits<A1>::ForwardType a1,
-      typename CallbackParamTraits<A2>::ForwardType a2) {
-    return function_(a1, a2);
-  }
-
- private:
-  R (__stdcall *function_)(A1, A2);
-};
-
-// __fastcall Function: Arity 2.
-template <typename R, typename A1, typename A2>
-class RunnableAdapter<R(__fastcall *)(A1, A2)> {
- public:
-  typedef R (RunType)(A1, A2);
-
-  explicit RunnableAdapter(R(__fastcall *function)(A1, A2))
-      : function_(function) {
-  }
-
-  R Run(typename CallbackParamTraits<A1>::ForwardType a1,
-      typename CallbackParamTraits<A2>::ForwardType a2) {
-    return function_(a1, a2);
-  }
-
- private:
-  R (__fastcall *function_)(A1, A2);
-};
-
-// __stdcall Function: Arity 3.
-template <typename R, typename A1, typename A2, typename A3>
-class RunnableAdapter<R(__stdcall *)(A1, A2, A3)> {
- public:
-  typedef R (RunType)(A1, A2, A3);
-
-  explicit RunnableAdapter(R(__stdcall *function)(A1, A2, A3))
-      : function_(function) {
-  }
-
-  R Run(typename CallbackParamTraits<A1>::ForwardType a1,
-      typename CallbackParamTraits<A2>::ForwardType a2,
-      typename CallbackParamTraits<A3>::ForwardType a3) {
-    return function_(a1, a2, a3);
-  }
-
- private:
-  R (__stdcall *function_)(A1, A2, A3);
-};
-
-// __fastcall Function: Arity 3.
-template <typename R, typename A1, typename A2, typename A3>
-class RunnableAdapter<R(__fastcall *)(A1, A2, A3)> {
- public:
-  typedef R (RunType)(A1, A2, A3);
-
-  explicit RunnableAdapter(R(__fastcall *function)(A1, A2, A3))
-      : function_(function) {
-  }
-
-  R Run(typename CallbackParamTraits<A1>::ForwardType a1,
-      typename CallbackParamTraits<A2>::ForwardType a2,
-      typename CallbackParamTraits<A3>::ForwardType a3) {
-    return function_(a1, a2, a3);
-  }
-
- private:
-  R (__fastcall *function_)(A1, A2, A3);
-};
-
-// __stdcall Function: Arity 4.
-template <typename R, typename A1, typename A2, typename A3, typename A4>
-class RunnableAdapter<R(__stdcall *)(A1, A2, A3, A4)> {
- public:
-  typedef R (RunType)(A1, A2, A3, A4);
-
-  explicit RunnableAdapter(R(__stdcall *function)(A1, A2, A3, A4))
+  explicit RunnableAdapter(R(__stdcall *function)(Args...))
       : function_(function) {
   }
 
-  R Run(typename CallbackParamTraits<A1>::ForwardType a1,
-      typename CallbackParamTraits<A2>::ForwardType a2,
-      typename CallbackParamTraits<A3>::ForwardType a3,
-      typename CallbackParamTraits<A4>::ForwardType a4) {
-    return function_(a1, a2, a3, a4);
-  }
-
- private:
-  R (__stdcall *function_)(A1, A2, A3, A4);
-};
-
-// __fastcall Function: Arity 4.
-template <typename R, typename A1, typename A2, typename A3, typename A4>
-class RunnableAdapter<R(__fastcall *)(A1, A2, A3, A4)> {
- public:
-  typedef R (RunType)(A1, A2, A3, A4);
-
-  explicit RunnableAdapter(R(__fastcall *function)(A1, A2, A3, A4))
-      : function_(function) {
-  }
-
-  R Run(typename CallbackParamTraits<A1>::ForwardType a1,
-      typename CallbackParamTraits<A2>::ForwardType a2,
-      typename CallbackParamTraits<A3>::ForwardType a3,
-      typename CallbackParamTraits<A4>::ForwardType a4) {
-    return function_(a1, a2, a3, a4);
-  }
-
- private:
-  R (__fastcall *function_)(A1, A2, A3, A4);
-};
-
-// __stdcall Function: Arity 5.
-template <typename R, typename A1, typename A2, typename A3, typename A4,
-    typename A5>
-class RunnableAdapter<R(__stdcall *)(A1, A2, A3, A4, A5)> {
- public:
-  typedef R (RunType)(A1, A2, A3, A4, A5);
-
-  explicit RunnableAdapter(R(__stdcall *function)(A1, A2, A3, A4, A5))
-      : function_(function) {
-  }
-
-  R Run(typename CallbackParamTraits<A1>::ForwardType a1,
-      typename CallbackParamTraits<A2>::ForwardType a2,
-      typename CallbackParamTraits<A3>::ForwardType a3,
-      typename CallbackParamTraits<A4>::ForwardType a4,
-      typename CallbackParamTraits<A5>::ForwardType a5) {
-    return function_(a1, a2, a3, a4, a5);
-  }
-
- private:
-  R (__stdcall *function_)(A1, A2, A3, A4, A5);
-};
-
-// __fastcall Function: Arity 5.
-template <typename R, typename A1, typename A2, typename A3, typename A4,
-    typename A5>
-class RunnableAdapter<R(__fastcall *)(A1, A2, A3, A4, A5)> {
- public:
-  typedef R (RunType)(A1, A2, A3, A4, A5);
-
-  explicit RunnableAdapter(R(__fastcall *function)(A1, A2, A3, A4, A5))
-      : function_(function) {
-  }
-
-  R Run(typename CallbackParamTraits<A1>::ForwardType a1,
-      typename CallbackParamTraits<A2>::ForwardType a2,
-      typename CallbackParamTraits<A3>::ForwardType a3,
-      typename CallbackParamTraits<A4>::ForwardType a4,
-      typename CallbackParamTraits<A5>::ForwardType a5) {
-    return function_(a1, a2, a3, a4, a5);
+  R Run(typename CallbackParamTraits<Args>::ForwardType... args) {
+    return function_(args...);
   }
 
  private:
-  R (__fastcall *function_)(A1, A2, A3, A4, A5);
+  R (__stdcall *function_)(Args...);
 };
 
-// __stdcall Function: Arity 6.
-template <typename R, typename A1, typename A2, typename A3, typename A4,
-    typename A5, typename A6>
-class RunnableAdapter<R(__stdcall *)(A1, A2, A3, A4, A5, A6)> {
+// __fastcall Function.
+template <typename R, typename... Args>
+class RunnableAdapter<R(__fastcall *)(Args...)> {
  public:
-  typedef R (RunType)(A1, A2, A3, A4, A5, A6);
+  typedef R (RunType)(Args...);
 
-  explicit RunnableAdapter(R(__stdcall *function)(A1, A2, A3, A4, A5, A6))
+  explicit RunnableAdapter(R(__fastcall *function)(Args...))
       : function_(function) {
   }
 
-  R Run(typename CallbackParamTraits<A1>::ForwardType a1,
-      typename CallbackParamTraits<A2>::ForwardType a2,
-      typename CallbackParamTraits<A3>::ForwardType a3,
-      typename CallbackParamTraits<A4>::ForwardType a4,
-      typename CallbackParamTraits<A5>::ForwardType a5,
-      typename CallbackParamTraits<A6>::ForwardType a6) {
-    return function_(a1, a2, a3, a4, a5, a6);
-  }
-
- private:
-  R (__stdcall *function_)(A1, A2, A3, A4, A5, A6);
-};
-
-// __fastcall Function: Arity 6.
-template <typename R, typename A1, typename A2, typename A3, typename A4,
-    typename A5, typename A6>
-class RunnableAdapter<R(__fastcall *)(A1, A2, A3, A4, A5, A6)> {
- public:
-  typedef R (RunType)(A1, A2, A3, A4, A5, A6);
-
-  explicit RunnableAdapter(R(__fastcall *function)(A1, A2, A3, A4, A5, A6))
-      : function_(function) {
-  }
-
-  R Run(typename CallbackParamTraits<A1>::ForwardType a1,
-      typename CallbackParamTraits<A2>::ForwardType a2,
-      typename CallbackParamTraits<A3>::ForwardType a3,
-      typename CallbackParamTraits<A4>::ForwardType a4,
-      typename CallbackParamTraits<A5>::ForwardType a5,
-      typename CallbackParamTraits<A6>::ForwardType a6) {
-    return function_(a1, a2, a3, a4, a5, a6);
+  R Run(typename CallbackParamTraits<Args>::ForwardType... args) {
+    return function_(args...);
   }
 
  private:
-  R (__fastcall *function_)(A1, A2, A3, A4, A5, A6);
-};
-
-// __stdcall Function: Arity 7.
-template <typename R, typename A1, typename A2, typename A3, typename A4,
-    typename A5, typename A6, typename A7>
-class RunnableAdapter<R(__stdcall *)(A1, A2, A3, A4, A5, A6, A7)> {
- public:
-  typedef R (RunType)(A1, A2, A3, A4, A5, A6, A7);
-
-  explicit RunnableAdapter(R(__stdcall *function)(A1, A2, A3, A4, A5, A6, A7))
-      : function_(function) {
-  }
-
-  R Run(typename CallbackParamTraits<A1>::ForwardType a1,
-      typename CallbackParamTraits<A2>::ForwardType a2,
-      typename CallbackParamTraits<A3>::ForwardType a3,
-      typename CallbackParamTraits<A4>::ForwardType a4,
-      typename CallbackParamTraits<A5>::ForwardType a5,
-      typename CallbackParamTraits<A6>::ForwardType a6,
-      typename CallbackParamTraits<A7>::ForwardType a7) {
-    return function_(a1, a2, a3, a4, a5, a6, a7);
-  }
-
- private:
-  R (__stdcall *function_)(A1, A2, A3, A4, A5, A6, A7);
-};
-
-// __fastcall Function: Arity 7.
-template <typename R, typename A1, typename A2, typename A3, typename A4,
-    typename A5, typename A6, typename A7>
-class RunnableAdapter<R(__fastcall *)(A1, A2, A3, A4, A5, A6, A7)> {
- public:
-  typedef R (RunType)(A1, A2, A3, A4, A5, A6, A7);
-
-  explicit RunnableAdapter(R(__fastcall *function)(A1, A2, A3, A4, A5, A6, A7))
-      : function_(function) {
-  }
-
-  R Run(typename CallbackParamTraits<A1>::ForwardType a1,
-      typename CallbackParamTraits<A2>::ForwardType a2,
-      typename CallbackParamTraits<A3>::ForwardType a3,
-      typename CallbackParamTraits<A4>::ForwardType a4,
-      typename CallbackParamTraits<A5>::ForwardType a5,
-      typename CallbackParamTraits<A6>::ForwardType a6,
-      typename CallbackParamTraits<A7>::ForwardType a7) {
-    return function_(a1, a2, a3, a4, a5, a6, a7);
-  }
-
- private:
-  R (__fastcall *function_)(A1, A2, A3, A4, A5, A6, A7);
+  R (__fastcall *function_)(Args...);
 };
 
 }  // namespace internal
 }  // namespace base
 
 #endif  // !defined(ARCH_CPU_X86_64)
 
 #endif  // BASE_BIND_INTERNAL_WIN_H_
--- a/security/sandbox/chromium/base/callback_internal.cc
+++ b/security/sandbox/chromium/base/callback_internal.cc
@@ -4,20 +4,16 @@
 
 #include "base/callback_internal.h"
 
 #include "base/logging.h"
 
 namespace base {
 namespace internal {
 
-bool CallbackBase::is_null() const {
-  return bind_state_.get() == NULL;
-}
-
 void CallbackBase::Reset() {
   polymorphic_invoke_ = NULL;
   // NULL the bind_state_ last, since it may be holding the last ref to whatever
   // object owns us, and we may be deleted after that.
   bind_state_ = NULL;
 }
 
 bool CallbackBase::Equals(const CallbackBase& other) const {
--- a/security/sandbox/chromium/base/callback_internal.h
+++ b/security/sandbox/chromium/base/callback_internal.h
@@ -32,17 +32,17 @@ class BindStateBase : public RefCountedT
   virtual ~BindStateBase() {}
 };
 
 // Holds the Callback methods that don't require specialization to reduce
 // template bloat.
 class BASE_EXPORT CallbackBase {
  public:
   // Returns true if Callback is null (doesn't refer to anything).
-  bool is_null() const;
+  bool is_null() const { return bind_state_.get() == NULL; }
 
   // Returns the Callback into an uninitialized state.
   void Reset();
 
  protected:
   // In C++, it is safe to cast function pointers to function pointers of
   // another type. It is not okay to use void*. We create a InvokeFuncStorage
   // that that can store our function pointer, and then cast it back to
@@ -72,17 +72,17 @@ class BASE_EXPORT CallbackBase {
 // destructive way.
 template <typename T> struct IsMoveOnlyType {
   template <typename U>
   static YesType Test(const typename U::MoveOnlyTypeForCPP03*);
 
   template <typename U>
   static NoType Test(...);
 
-  static const bool value = sizeof(Test<T>(0)) == sizeof(YesType) &&
+  static const bool value = sizeof((Test<T>(0))) == sizeof(YesType) &&
                             !is_const<T>::value;
 };
 
 // This is a typetraits object that's used to take an argument type, and
 // extract a suitable type for storing and forwarding arguments.
 //
 // In particular, it strips off references, and converts arrays to
 // pointers for storage; and it avoids accidentally trying to create a
--- a/security/sandbox/chromium/base/compiler_specific.h
+++ b/security/sandbox/chromium/base/compiler_specific.h
@@ -89,21 +89,27 @@
 #else
 #define STATIC_CONST_MEMBER_DEFINITION
 #endif
 
 // Annotate a variable indicating it's ok if the variable is not used.
 // (Typically used to silence a compiler warning when the assignment
 // is important for some other reason.)
 // Use like:
-//   int x ALLOW_UNUSED = ...;
+//   int x = ...;
+//   ALLOW_UNUSED_LOCAL(x);
+#define ALLOW_UNUSED_LOCAL(x) false ? (void)x : (void)0
+
+// Annotate a typedef or function indicating it's ok if it's not used.
+// Use like:
+//   typedef Foo Bar ALLOW_UNUSED_TYPE;
 #if defined(COMPILER_GCC)
-#define ALLOW_UNUSED __attribute__((unused))
+#define ALLOW_UNUSED_TYPE __attribute__((unused))
 #else
-#define ALLOW_UNUSED
+#define ALLOW_UNUSED_TYPE
 #endif
 
 // Annotate a function indicating it should not be inlined.
 // Use like:
 //   NOINLINE void DoStuff() { ... }
 #if defined(COMPILER_GCC)
 #define NOINLINE __attribute__((noinline))
 #elif defined(COMPILER_MSVC)
@@ -128,50 +134,16 @@
 // Use like:
 //   ALIGNOF(int32)  // this would be 4
 #if defined(COMPILER_MSVC)
 #define ALIGNOF(type) (sizeof(type) - sizeof(type) + __alignof(type))
 #elif defined(COMPILER_GCC)
 #define ALIGNOF(type) __alignof__(type)
 #endif
 
-// Annotate a virtual method indicating it must be overriding a virtual
-// method in the parent class.
-// Use like:
-//   virtual void foo() OVERRIDE;
-#if defined(COMPILER_MSVC)
-#define OVERRIDE override
-#elif defined(__clang__)
-#define OVERRIDE override
-#elif defined(COMPILER_GCC) && __cplusplus >= 201103 && \
-      (__GNUC__ * 10000 + __GNUC_MINOR__ * 100) >= 40700
-// GCC 4.7 supports explicit virtual overrides when C++11 support is enabled.
-#define OVERRIDE override
-#else
-#define OVERRIDE
-#endif
-
-// Annotate a virtual method indicating that subclasses must not override it,
-// or annotate a class to indicate that it cannot be subclassed.
-// Use like:
-//   virtual void foo() FINAL;
-//   class B FINAL : public A {};
-#if defined(__clang__)
-#define FINAL final
-#elif defined(COMPILER_MSVC)
-// TODO(jered): Change this to "final" when chromium no longer uses MSVC 2010.
-#define FINAL sealed
-#elif defined(COMPILER_GCC) && __cplusplus >= 201103 && \
-      (__GNUC__ * 10000 + __GNUC_MINOR__ * 100) >= 40700
-// GCC 4.7 supports explicit virtual overrides when C++11 support is enabled.
-#define FINAL final
-#else
-#define FINAL
-#endif
-
 // Annotate a function indicating the caller must examine the return value.
 // Use like:
 //   int foo() WARN_UNUSED_RESULT;
 // To explicitly ignore a result, see |ignore_result()| in <base/basictypes.h>.
 #if defined(COMPILER_GCC)
 #define WARN_UNUSED_RESULT __attribute__((warn_unused_result))
 #else
 #define WARN_UNUSED_RESULT
--- a/security/sandbox/chromium/base/containers/hash_tables.h
+++ b/security/sandbox/chromium/base/containers/hash_tables.h
@@ -23,57 +23,72 @@
 
 #include <utility>
 
 #include "base/basictypes.h"
 #include "base/strings/string16.h"
 #include "build/build_config.h"
 
 #if defined(COMPILER_MSVC)
+#include <unordered_map>
+#include <unordered_set>
 
-#pragma push_macro("_SILENCE_STDEXT_HASH_DEPRECATION_WARNINGS")
-#define _SILENCE_STDEXT_HASH_DEPRECATION_WARNINGS
-#include <hash_map>
-#include <hash_set>
-#pragma pop_macro("_SILENCE_STDEXT_HASH_DEPRECATION_WARNINGS")
-
-#define BASE_HASH_NAMESPACE stdext
+#define BASE_HASH_NAMESPACE std
 
 #elif defined(COMPILER_GCC)
-#if defined(OS_ANDROID)
-#define BASE_HASH_NAMESPACE std
-#else
-#define BASE_HASH_NAMESPACE __gnu_cxx
-#endif
+
+#define BASE_HASH_NAMESPACE base_hash
 
 // This is a hack to disable the gcc 4.4 warning about hash_map and hash_set
 // being deprecated.  We can get rid of this when we upgrade to VS2008 and we
 // can use <tr1/unordered_map> and <tr1/unordered_set>.
 #ifdef __DEPRECATED
 #define CHROME_OLD__DEPRECATED __DEPRECATED
 #undef __DEPRECATED
 #endif
 
 #if defined(OS_ANDROID)
 #include <hash_map>
 #include <hash_set>
+#define BASE_HASH_IMPL_NAMESPACE std
 #else
 #include <ext/hash_map>
 #include <ext/hash_set>
+#define BASE_HASH_IMPL_NAMESPACE __gnu_cxx
 #endif
 
 #include <string>
 
 #ifdef CHROME_OLD__DEPRECATED
 #define __DEPRECATED CHROME_OLD__DEPRECATED
 #undef CHROME_OLD__DEPRECATED
 #endif
 
 namespace BASE_HASH_NAMESPACE {
 
+// The pre-standard hash behaves like C++11's std::hash, except around pointers.
+// const char* is specialized to hash the C string and hash functions for
+// general T* are missing. Define a BASE_HASH_NAMESPACE::hash which aligns with
+// the C++11 behavior.
+
+template<typename T>
+struct hash {
+  std::size_t operator()(const T& value) const {
+    return BASE_HASH_IMPL_NAMESPACE::hash<T>()(value);
+  }
+};
+
+template<typename T>
+struct hash<T*> {
+  std::size_t operator()(T* value) const {
+    return BASE_HASH_IMPL_NAMESPACE::hash<uintptr_t>()(
+        reinterpret_cast<uintptr_t>(value));
+  }
+};
+
 #if !defined(OS_ANDROID)
 // The GNU C++ library provides identity hash functions for many integral types,
 // but not for |long long|.  This hash function will truncate if |size_t| is
 // narrower than |long long|.  This is probably good enough for what we will
 // use it for.
 
 #define DEFINE_TRIVIAL_HASH(integral_type) \
     template<> \
@@ -113,20 +128,77 @@ DEFINE_STRING_HASH(base::string16);
 
 }  // namespace BASE_HASH_NAMESPACE
 
 #else  // COMPILER
 #error define BASE_HASH_NAMESPACE for your compiler
 #endif  // COMPILER
 
 namespace base {
-using BASE_HASH_NAMESPACE::hash_map;
-using BASE_HASH_NAMESPACE::hash_multimap;
-using BASE_HASH_NAMESPACE::hash_multiset;
-using BASE_HASH_NAMESPACE::hash_set;
+
+// On MSVC, use the C++11 containers.
+#if defined(COMPILER_MSVC)
+
+template<class Key, class T,
+         class Hash = std::hash<Key>,
+         class Pred = std::equal_to<Key>,
+         class Alloc = std::allocator<std::pair<const Key, T>>>
+using hash_map = std::unordered_map<Key, T, Hash, Pred, Alloc>;
+
+template<class Key, class T,
+         class Hash = std::hash<Key>,
+         class Pred = std::equal_to<Key>,
+         class Alloc = std::allocator<std::pair<const Key, T>>>
+using hash_multimap = std::unordered_multimap<Key, T, Hash, Pred, Alloc>;
+
+template<class Key,
+         class Hash = std::hash<Key>,
+         class Pred = std::equal_to<Key>,
+         class Alloc = std::allocator<Key>>
+using hash_multiset = std::unordered_multiset<Key, Hash, Pred, Alloc>;
+
+template<class Key,
+         class Hash = std::hash<Key>,
+         class Pred = std::equal_to<Key>,
+         class Alloc = std::allocator<Key>>
+using hash_set = std::unordered_set<Key, Hash, Pred, Alloc>;
+
+#else  // !COMPILER_MSVC
+
+// Otherwise, use the pre-standard ones, but override the default hash to match
+// C++11.
+template<class Key, class T,
+         class Hash = BASE_HASH_NAMESPACE::hash<Key>,
+         class Pred = std::equal_to<Key>,
+         class Alloc = std::allocator<std::pair<const Key, T>>>
+using hash_map = BASE_HASH_IMPL_NAMESPACE::hash_map<Key, T, Hash, Pred, Alloc>;
+
+template<class Key, class T,
+         class Hash = BASE_HASH_NAMESPACE::hash<Key>,
+         class Pred = std::equal_to<Key>,
+         class Alloc = std::allocator<std::pair<const Key, T>>>
+using hash_multimap =
+    BASE_HASH_IMPL_NAMESPACE::hash_multimap<Key, T, Hash, Pred, Alloc>;
+
+template<class Key,
+         class Hash = BASE_HASH_NAMESPACE::hash<Key>,
+         class Pred = std::equal_to<Key>,
+         class Alloc = std::allocator<Key>>
+using hash_multiset =
+    BASE_HASH_IMPL_NAMESPACE::hash_multiset<Key, Hash, Pred, Alloc>;
+
+template<class Key,
+         class Hash = BASE_HASH_NAMESPACE::hash<Key>,
+         class Pred = std::equal_to<Key>,
+         class Alloc = std::allocator<Key>>
+using hash_set = BASE_HASH_IMPL_NAMESPACE::hash_set<Key, Hash, Pred, Alloc>;
+
+#undef BASE_HASH_IMPL_NAMESPACE
+
+#endif  // COMPILER_MSVC
 
 // Implement hashing for pairs of at-most 32 bit integer values.
 // When size_t is 32 bits, we turn the 64-bit hash code into 32 bits by using
 // multiply-add hashing. This algorithm, as described in
 // Theorem 4.3.3 of the thesis "Über die Komplexität der Multiplikation in
 // eingeschränkten Branchingprogrammmodellen" by Woelfel, is:
 //
 //   h32(x32, y32) = (h64(x32, y32) * rand_odd64 + rand16 * 2^16) % 2^64 / 2^32
@@ -236,33 +308,21 @@ DEFINE_64BIT_PAIR_HASH(uint64, uint64);
 #undef DEFINE_64BIT_PAIR_HASH
 }  // namespace base
 
 namespace BASE_HASH_NAMESPACE {
 
 // Implement methods for hashing a pair of integers, so they can be used as
 // keys in STL containers.
 
-#if defined(COMPILER_MSVC)
-
-template<typename Type1, typename Type2>
-inline std::size_t hash_value(const std::pair<Type1, Type2>& value) {
-  return base::HashPair(value.first, value.second);
-}
-
-#elif defined(COMPILER_GCC)
 template<typename Type1, typename Type2>
 struct hash<std::pair<Type1, Type2> > {
   std::size_t operator()(std::pair<Type1, Type2> value) const {
     return base::HashPair(value.first, value.second);
   }
 };
 
-#else
-#error define hash<std::pair<Type1, Type2> > for your compiler
-#endif  // COMPILER
-
 }
 
 #undef DEFINE_PAIR_HASH_FUNCTION_START
 #undef DEFINE_PAIR_HASH_FUNCTION_END
 
 #endif  // BASE_CONTAINERS_HASH_TABLES_H_
--- a/security/sandbox/chromium/base/cpu.cc
+++ b/security/sandbox/chromium/base/cpu.cc
@@ -1,23 +1,25 @@
 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/cpu.h"
 
+#include <stdlib.h>
 #include <string.h>
 
 #include <algorithm>
 
 #include "base/basictypes.h"
+#include "base/strings/string_piece.h"
 #include "build/build_config.h"
 
 #if defined(ARCH_CPU_ARM_FAMILY) && (defined(OS_ANDROID) || defined(OS_LINUX))
-#include "base/file_util.h"
+#include "base/files/file_util.h"
 #include "base/lazy_instance.h"
 #endif
 
 #if defined(ARCH_CPU_X86_FAMILY)
 #if defined(_MSC_VER)
 #include <intrin.h>
 #include <immintrin.h>  // For _xgetbv()
 #endif
@@ -39,33 +41,24 @@ CPU::CPU()
     has_sse3_(false),
     has_ssse3_(false),
     has_sse41_(false),
     has_sse42_(false),
     has_avx_(false),
     has_avx_hardware_(false),
     has_aesni_(false),
     has_non_stop_time_stamp_counter_(false),
+    has_broken_neon_(false),
     cpu_vendor_("unknown") {
   Initialize();
 }
 
 namespace {
 
 #if defined(ARCH_CPU_X86_FAMILY)
-#if defined(_MSC_VER) && (_MSC_FULL_VER < 160040219)
-// Prior to VS2010 SP1, _xgetbv is not defined in immintrin.h, so we need to
-// define our own version using the assembly operation.
-// By using __fastcall we ensure that xcr is already in register ecx for xgetbv
-// and xgetbv populates the correct registers (eax edx) for our return value.
-uint64_t __fastcall _xgetbv(uint32_t xcr) {
-  __asm xgetbv;
-}
-#endif
-
 #ifndef _MSC_VER
 
 #if defined(__pic__) && defined(__i386__)
 
 void __cpuid(int cpu_info[4], int info_type) {
   __asm__ volatile (
     "mov %%ebx, %%edi\n"
     "cpuid\n"
@@ -95,62 +88,109 @@ uint64 _xgetbv(uint32 xcr) {
   __asm__ volatile ("xgetbv" : "=a" (eax), "=d" (edx) : "c" (xcr));
   return (static_cast<uint64>(edx) << 32) | eax;
 }
 
 #endif  // !_MSC_VER
 #endif  // ARCH_CPU_X86_FAMILY
 
 #if defined(ARCH_CPU_ARM_FAMILY) && (defined(OS_ANDROID) || defined(OS_LINUX))
+class LazyCpuInfoValue {
+ public:
+  LazyCpuInfoValue() : has_broken_neon_(false) {
+    // This function finds the value from /proc/cpuinfo under the key "model
+    // name" or "Processor". "model name" is used in Linux 3.8 and later (3.7
+    // and later for arm64) and is shown once per CPU. "Processor" is used in
+    // earler versions and is shown only once at the top of /proc/cpuinfo
+    // regardless of the number CPUs.
+    const char kModelNamePrefix[] = "model name\t: ";
+    const char kProcessorPrefix[] = "Processor\t: ";
 
-// Returns the string found in /proc/cpuinfo under the key "model name" or
-// "Processor". "model name" is used in Linux 3.8 and later (3.7 and later for
-// arm64) and is shown once per CPU. "Processor" is used in earler versions and
-// is shown only once at the top of /proc/cpuinfo regardless of the number CPUs.
-std::string ParseCpuInfo() {
-  const char kModelNamePrefix[] = "model name\t: ";
-  const char kProcessorPrefix[] = "Processor\t: ";
-  std::string contents;
-  ReadFileToString(FilePath("/proc/cpuinfo"), &contents);
-  DCHECK(!contents.empty());
-  std::string cpu_brand;
-  if (!contents.empty()) {
+    // This function also calculates whether we believe that this CPU has a
+    // broken NEON unit based on these fields from cpuinfo:
+    unsigned implementer = 0, architecture = 0, variant = 0, part = 0,
+             revision = 0;
+    const struct {
+      const char key[17];
+      unsigned *result;
+    } kUnsignedValues[] = {
+      {"CPU implementer", &implementer},
+      {"CPU architecture", &architecture},
+      {"CPU variant", &variant},
+      {"CPU part", &part},
+      {"CPU revision", &revision},
+    };
+
+    std::string contents;
+    ReadFileToString(FilePath("/proc/cpuinfo"), &contents);
+    DCHECK(!contents.empty());
+    if (contents.empty()) {
+      return;
+    }
+
     std::istringstream iss(contents);
     std::string line;
     while (std::getline(iss, line)) {
-      if (line.compare(0, strlen(kModelNamePrefix), kModelNamePrefix) == 0) {
-        cpu_brand.assign(line.substr(strlen(kModelNamePrefix)));
-        break;
+      if (brand_.empty() &&
+          (line.compare(0, strlen(kModelNamePrefix), kModelNamePrefix) == 0 ||
+           line.compare(0, strlen(kProcessorPrefix), kProcessorPrefix) == 0)) {
+        brand_.assign(line.substr(strlen(kModelNamePrefix)));
       }
-      if (line.compare(0, strlen(kProcessorPrefix), kProcessorPrefix) == 0) {
-        cpu_brand.assign(line.substr(strlen(kProcessorPrefix)));
-        break;
+
+      for (size_t i = 0; i < arraysize(kUnsignedValues); i++) {
+        const char *key = kUnsignedValues[i].key;
+        const size_t len = strlen(key);
+
+        if (line.compare(0, len, key) == 0 &&
+            line.size() >= len + 1 &&
+            (line[len] == '\t' || line[len] == ' ' || line[len] == ':')) {
+          size_t colon_pos = line.find(':', len);
+          if (colon_pos == std::string::npos) {
+            continue;
+          }
+
+          const StringPiece line_sp(line);
+          StringPiece value_sp = line_sp.substr(colon_pos + 1);
+          while (!value_sp.empty() &&
+                 (value_sp[0] == ' ' || value_sp[0] == '\t')) {
+            value_sp = value_sp.substr(1);
+          }
+
+          // The string may have leading "0x" or not, so we use strtoul to
+          // handle that.
+          char *endptr;
+          std::string value(value_sp.as_string());
+          unsigned long int result = strtoul(value.c_str(), &endptr, 0);
+          if (*endptr == 0 && result <= UINT_MAX) {
+            *kUnsignedValues[i].result = result;
+          }
+        }
       }
     }
-  }
-  return cpu_brand;
-}
 
-class LazyCpuInfoValue {
- public:
-  LazyCpuInfoValue() : value_(ParseCpuInfo()) {}
-  const std::string& value() { return value_; }
+    has_broken_neon_ =
+      implementer == 0x51 &&
+      architecture == 7 &&
+      variant == 1 &&
+      part == 0x4d &&
+      revision == 0;
+  }
+
+  const std::string& brand() const { return brand_; }
+  bool has_broken_neon() const { return has_broken_neon_; }
 
  private:
-  const std::string value_;
+  std::string brand_;
+  bool has_broken_neon_;
   DISALLOW_COPY_AND_ASSIGN(LazyCpuInfoValue);
 };
 
-base::LazyInstance<LazyCpuInfoValue> g_lazy_cpu_brand =
+base::LazyInstance<LazyCpuInfoValue>::Leaky g_lazy_cpuinfo =
     LAZY_INSTANCE_INITIALIZER;
 
-const std::string& CpuBrandInfo() {
-  return g_lazy_cpu_brand.Get().value();
-}
-
 #endif  // defined(ARCH_CPU_ARM_FAMILY) && (defined(OS_ANDROID) ||
         // defined(OS_LINUX))
 
 }  // anonymous namespace
 
 void CPU::Initialize() {
 #if defined(ARCH_CPU_X86_FAMILY)
   int cpu_info[4] = {-1};
@@ -224,17 +264,18 @@ void CPU::Initialize() {
   }
 
   const int parameter_containing_non_stop_time_stamp_counter = 0x80000007;
   if (max_parameter >= parameter_containing_non_stop_time_stamp_counter) {
     __cpuid(cpu_info, parameter_containing_non_stop_time_stamp_counter);
     has_non_stop_time_stamp_counter_ = (cpu_info[3] & (1 << 8)) != 0;
   }
 #elif defined(ARCH_CPU_ARM_FAMILY) && (defined(OS_ANDROID) || defined(OS_LINUX))
-  cpu_brand_.assign(CpuBrandInfo());
+  cpu_brand_.assign(g_lazy_cpuinfo.Get().brand());
+  has_broken_neon_ = g_lazy_cpuinfo.Get().has_broken_neon();
 #endif
 }
 
 CPU::IntelMicroArchitecture CPU::GetIntelMicroArchitecture() const {
   if (has_avx()) return AVX;
   if (has_sse42()) return SSE42;
   if (has_sse41()) return SSE41;
   if (has_ssse3()) return SSSE3;
--- a/security/sandbox/chromium/base/cpu.h
+++ b/security/sandbox/chromium/base/cpu.h
@@ -51,16 +51,21 @@ class BASE_EXPORT CPU {
   // operating system support needed to actually call AVX instuctions.
   // Note: you should never need to call this function. It was added in order
   // to workaround a bug in NSS but |has_avx()| is what you want.
   bool has_avx_hardware() const { return has_avx_hardware_; }
   bool has_aesni() const { return has_aesni_; }
   bool has_non_stop_time_stamp_counter() const {
     return has_non_stop_time_stamp_counter_;
   }
+  // has_broken_neon is only valid on ARM chips. If true, it indicates that we
+  // believe that the NEON unit on the current CPU is flawed and cannot execute
+  // some code. See https://code.google.com/p/chromium/issues/detail?id=341598
+  bool has_broken_neon() const { return has_broken_neon_; }
+
   IntelMicroArchitecture GetIntelMicroArchitecture() const;
   const std::string& cpu_brand() const { return cpu_brand_; }
 
  private:
   // Query the processor for CPUID information.
   void Initialize();
 
   int signature_;  // raw form of type, family, model, and stepping
@@ -76,15 +81,16 @@ class BASE_EXPORT CPU {
   bool has_sse3_;
   bool has_ssse3_;
   bool has_sse41_;
   bool has_sse42_;
   bool has_avx_;
   bool has_avx_hardware_;
   bool has_aesni_;
   bool has_non_stop_time_stamp_counter_;
+  bool has_broken_neon_;
   std::string cpu_vendor_;
   std::string cpu_brand_;
 };
 
 }  // namespace base
 
 #endif  // BASE_CPU_H_
--- a/security/sandbox/chromium/base/file_descriptor_posix.h
+++ b/security/sandbox/chromium/base/file_descriptor_posix.h
@@ -1,16 +1,17 @@
 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef BASE_FILE_DESCRIPTOR_POSIX_H_
 #define BASE_FILE_DESCRIPTOR_POSIX_H_
 
 #include "base/files/file.h"
+#include "base/files/scoped_file.h"
 
 namespace base {
 
 // -----------------------------------------------------------------------------
 // We introduct a special structure for file descriptors in order that we are
 // able to use template specialisation to special-case their handling.
 //
 // WARNING: (Chromium only) There are subtleties to consider if serialising
@@ -19,16 +20,17 @@ namespace base {
 // -----------------------------------------------------------------------------
 struct FileDescriptor {
   FileDescriptor() : fd(-1), auto_close(false) {}
 
   FileDescriptor(int ifd, bool iauto_close) : fd(ifd), auto_close(iauto_close) {
   }
 
   FileDescriptor(File file) : fd(file.TakePlatformFile()), auto_close(true) {}
+  explicit FileDescriptor(ScopedFD fd) : fd(fd.release()), auto_close(true) {}
 
   bool operator==(const FileDescriptor& other) const {
     return (fd == other.fd && auto_close == other.auto_close);
   }
 
   bool operator!=(const FileDescriptor& other) const {
     return !operator==(other);
   }
deleted file mode 100644
--- a/security/sandbox/chromium/base/file_util.h
+++ /dev/null
@@ -1,459 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// This file contains utility functions for dealing with the local
-// filesystem.
-
-#ifndef BASE_FILE_UTIL_H_
-#define BASE_FILE_UTIL_H_
-
-#include "build/build_config.h"
-
-#if defined(OS_WIN)
-#include <windows.h>
-#elif defined(OS_POSIX)
-#include <sys/stat.h>
-#include <unistd.h>
-#endif
-
-#include <stdio.h>
-
-#include <set>
-#include <string>
-#include <vector>
-
-#include "base/base_export.h"
-#include "base/basictypes.h"
-#include "base/files/file.h"
-#include "base/files/file_path.h"
-#include "base/memory/scoped_ptr.h"
-#include "base/strings/string16.h"
-
-#if defined(OS_POSIX)
-#include "base/file_descriptor_posix.h"
-#include "base/logging.h"
-#include "base/posix/eintr_wrapper.h"
-#endif
-
-namespace base {
-
-class Time;
-
-//-----------------------------------------------------------------------------
-// Functions that involve filesystem access or modification:
-
-// Returns an absolute version of a relative path. Returns an empty path on
-// error. On POSIX, this function fails if the path does not exist. This
-// function can result in I/O so it can be slow.
-BASE_EXPORT FilePath MakeAbsoluteFilePath(const FilePath& input);
-
-// Returns the total number of bytes used by all the files under |root_path|.
-// If the path does not exist the function returns 0.
-//
-// This function is implemented using the FileEnumerator class so it is not
-// particularly speedy in any platform.
-BASE_EXPORT int64 ComputeDirectorySize(const FilePath& root_path);
-
-// Deletes the given path, whether it's a file or a directory.
-// If it's a directory, it's perfectly happy to delete all of the
-// directory's contents.  Passing true to recursive deletes
-// subdirectories and their contents as well.
-// Returns true if successful, false otherwise. It is considered successful
-// to attempt to delete a file that does not exist.
-//
-// In posix environment and if |path| is a symbolic link, this deletes only
-// the symlink. (even if the symlink points to a non-existent file)
-//
-// WARNING: USING THIS WITH recursive==true IS EQUIVALENT
-//          TO "rm -rf", SO USE WITH CAUTION.
-BASE_EXPORT bool DeleteFile(const FilePath& path, bool recursive);
-
-#if defined(OS_WIN)
-// Schedules to delete the given path, whether it's a file or a directory, until
-// the operating system is restarted.
-// Note:
-// 1) The file/directory to be deleted should exist in a temp folder.
-// 2) The directory to be deleted must be empty.
-BASE_EXPORT bool DeleteFileAfterReboot(const FilePath& path);
-#endif
-
-// Moves the given path, whether it's a file or a directory.
-// If a simple rename is not possible, such as in the case where the paths are
-// on different volumes, this will attempt to copy and delete. Returns
-// true for success.
-// This function fails if either path contains traversal components ('..').
-BASE_EXPORT bool Move(const FilePath& from_path, const FilePath& to_path);
-
-// Renames file |from_path| to |to_path|. Both paths must be on the same
-// volume, or the function will fail. Destination file will be created
-// if it doesn't exist. Prefer this function over Move when dealing with
-// temporary files. On Windows it preserves attributes of the target file.
-// Returns true on success, leaving *error unchanged.
-// Returns false on failure and sets *error appropriately, if it is non-NULL.
-BASE_EXPORT bool ReplaceFile(const FilePath& from_path,
-                             const FilePath& to_path,
-                             File::Error* error);
-
-// Copies a single file. Use CopyDirectory to copy directories.
-// This function fails if either path contains traversal components ('..').
-//
-// This function keeps the metadata on Windows. The read only bit on Windows is
-// not kept.
-BASE_EXPORT bool CopyFile(const FilePath& from_path, const FilePath& to_path);
-
-// Copies the given path, and optionally all subdirectories and their contents
-// as well.
-//
-// If there are files existing under to_path, always overwrite. Returns true
-// if successful, false otherwise. Wildcards on the names are not supported.
-//
-// This function calls into CopyFile() so the same behavior w.r.t. metadata
-// applies.
-//
-// If you only need to copy a file use CopyFile, it's faster.
-BASE_EXPORT bool CopyDirectory(const FilePath& from_path,
-                               const FilePath& to_path,
-                               bool recursive);
-
-// Returns true if the given path exists on the local filesystem,
-// false otherwise.
-BASE_EXPORT bool PathExists(const FilePath& path);
-
-// Returns true if the given path is writable by the user, false otherwise.
-BASE_EXPORT bool PathIsWritable(const FilePath& path);
-
-// Returns true if the given path exists and is a directory, false otherwise.
-BASE_EXPORT bool DirectoryExists(const FilePath& path);
-
-// Returns true if the contents of the two files given are equal, false
-// otherwise.  If either file can't be read, returns false.
-BASE_EXPORT bool ContentsEqual(const FilePath& filename1,
-                               const FilePath& filename2);
-
-// Returns true if the contents of the two text files given are equal, false
-// otherwise.  This routine treats "\r\n" and "\n" as equivalent.
-BASE_EXPORT bool TextContentsEqual(const FilePath& filename1,
-                                   const FilePath& filename2);
-
-// Reads the file at |path| into |contents| and returns true on success and
-// false on error.  For security reasons, a |path| containing path traversal
-// components ('..') is treated as a read error and |contents| is set to empty.
-// In case of I/O error, |contents| holds the data that could be read from the
-// file before the error occurred.
-// |contents| may be NULL, in which case this function is useful for its side
-// effect of priming the disk cache (could be used for unit tests).
-BASE_EXPORT bool ReadFileToString(const FilePath& path, std::string* contents);
-
-// Reads the file at |path| into |contents| and returns true on success and
-// false on error.  For security reasons, a |path| containing path traversal
-// components ('..') is treated as a read error and |contents| is set to empty.
-// In case of I/O error, |contents| holds the data that could be read from the
-// file before the error occurred.  When the file size exceeds |max_size|, the
-// function returns false with |contents| holding the file truncated to
-// |max_size|.
-// |contents| may be NULL, in which case this function is useful for its side
-// effect of priming the disk cache (could be used for unit tests).
-BASE_EXPORT bool ReadFileToString(const FilePath& path,
-                                  std::string* contents,
-                                  size_t max_size);
-
-#if defined(OS_POSIX)
-
-// Read exactly |bytes| bytes from file descriptor |fd|, storing the result
-// in |buffer|. This function is protected against EINTR and partial reads.
-// Returns true iff |bytes| bytes have been successfully read from |fd|.
-BASE_EXPORT bool ReadFromFD(int fd, char* buffer, size_t bytes);
-
-// Creates a symbolic link at |symlink| pointing to |target|.  Returns
-// false on failure.
-BASE_EXPORT bool CreateSymbolicLink(const FilePath& target,
-                                    const FilePath& symlink);
-
-// Reads the given |symlink| and returns where it points to in |target|.
-// Returns false upon failure.
-BASE_EXPORT bool ReadSymbolicLink(const FilePath& symlink, FilePath* target);
-
-// Bits and masks of the file permission.
-enum FilePermissionBits {
-  FILE_PERMISSION_MASK              = S_IRWXU | S_IRWXG | S_IRWXO,
-  FILE_PERMISSION_USER_MASK         = S_IRWXU,
-  FILE_PERMISSION_GROUP_MASK        = S_IRWXG,
-  FILE_PERMISSION_OTHERS_MASK       = S_IRWXO,
-
-  FILE_PERMISSION_READ_BY_USER      = S_IRUSR,
-  FILE_PERMISSION_WRITE_BY_USER     = S_IWUSR,
-  FILE_PERMISSION_EXECUTE_BY_USER   = S_IXUSR,
-  FILE_PERMISSION_READ_BY_GROUP     = S_IRGRP,
-  FILE_PERMISSION_WRITE_BY_GROUP    = S_IWGRP,
-  FILE_PERMISSION_EXECUTE_BY_GROUP  = S_IXGRP,
-  FILE_PERMISSION_READ_BY_OTHERS    = S_IROTH,
-  FILE_PERMISSION_WRITE_BY_OTHERS   = S_IWOTH,
-  FILE_PERMISSION_EXECUTE_BY_OTHERS = S_IXOTH,
-};
-
-// Reads the permission of the given |path|, storing the file permission
-// bits in |mode|. If |path| is symbolic link, |mode| is the permission of
-// a file which the symlink points to.
-BASE_EXPORT bool GetPosixFilePermissions(const FilePath& path, int* mode);
-// Sets the permission of the given |path|. If |path| is symbolic link, sets
-// the permission of a file which the symlink points to.
-BASE_EXPORT bool SetPosixFilePermissions(const FilePath& path, int mode);
-
-#endif  // OS_POSIX
-
-// Returns true if the given directory is empty
-BASE_EXPORT bool IsDirectoryEmpty(const FilePath& dir_path);
-
-// Get the temporary directory provided by the system.
-//
-// WARNING: In general, you should use CreateTemporaryFile variants below
-// instead of this function. Those variants will ensure that the proper
-// permissions are set so that other users on the system can't edit them while
-// they're open (which can lead to security issues).
-BASE_EXPORT bool GetTempDir(FilePath* path);
-
-// Get the home directory. This is more complicated than just getenv("HOME")
-// as it knows to fall back on getpwent() etc.
-//
-// You should not generally call this directly. Instead use DIR_HOME with the
-// path service which will use this function but cache the value.
-// Path service may also override DIR_HOME.
-BASE_EXPORT FilePath GetHomeDir();
-
-// Creates a temporary file. The full path is placed in |path|, and the
-// function returns true if was successful in creating the file. The file will
-// be empty and all handles closed after this function returns.
-BASE_EXPORT bool CreateTemporaryFile(FilePath* path);
-
-// Same as CreateTemporaryFile but the file is created in |dir|.
-BASE_EXPORT bool CreateTemporaryFileInDir(const FilePath& dir,
-                                          FilePath* temp_file);
-
-// Create and open a temporary file.  File is opened for read/write.
-// The full path is placed in |path|.
-// Returns a handle to the opened file or NULL if an error occurred.
-BASE_EXPORT FILE* CreateAndOpenTemporaryFile(FilePath* path);
-
-// Similar to CreateAndOpenTemporaryFile, but the file is created in |dir|.
-BASE_EXPORT FILE* CreateAndOpenTemporaryFileInDir(const FilePath& dir,
-                                                  FilePath* path);
-
-// Create a new directory. If prefix is provided, the new directory name is in
-// the format of prefixyyyy.
-// NOTE: prefix is ignored in the POSIX implementation.
-// If success, return true and output the full path of the directory created.
-BASE_EXPORT bool CreateNewTempDirectory(const FilePath::StringType& prefix,
-                                        FilePath* new_temp_path);
-
-// Create a directory within another directory.
-// Extra characters will be appended to |prefix| to ensure that the
-// new directory does not have the same name as an existing directory.
-BASE_EXPORT bool CreateTemporaryDirInDir(const FilePath& base_dir,
-                                         const FilePath::StringType& prefix,
-                                         FilePath* new_dir);
-
-// Creates a directory, as well as creating any parent directories, if they
-// don't exist. Returns 'true' on successful creation, or if the directory
-// already exists.  The directory is only readable by the current user.
-// Returns true on success, leaving *error unchanged.
-// Returns false on failure and sets *error appropriately, if it is non-NULL.
-BASE_EXPORT bool CreateDirectoryAndGetError(const FilePath& full_path,
-                                            File::Error* error);
-
-// Backward-compatible convenience method for the above.
-BASE_EXPORT bool CreateDirectory(const FilePath& full_path);
-
-// Returns the file size. Returns true on success.
-BASE_EXPORT bool GetFileSize(const FilePath& file_path, int64* file_size);
-
-// Sets |real_path| to |path| with symbolic links and junctions expanded.
-// On windows, make sure the path starts with a lettered drive.
-// |path| must reference a file.  Function will fail if |path| points to
-// a directory or to a nonexistent path.  On windows, this function will
-// fail if |path| is a junction or symlink that points to an empty file,
-// or if |real_path| would be longer than MAX_PATH characters.
-BASE_EXPORT bool NormalizeFilePath(const FilePath& path, FilePath* real_path);
-
-#if defined(OS_WIN)
-
-// Given a path in NT native form ("\Device\HarddiskVolumeXX\..."),
-// return in |drive_letter_path| the equivalent path that starts with
-// a drive letter ("C:\...").  Return false if no such path exists.
-BASE_EXPORT bool DevicePathToDriveLetterPath(const FilePath& device_path,
-                                             FilePath* drive_letter_path);
-
-// Given an existing file in |path|, set |real_path| to the path
-// in native NT format, of the form "\Device\HarddiskVolumeXX\..".
-// Returns false if the path can not be found. Empty files cannot
-// be resolved with this function.
-BASE_EXPORT bool NormalizeToNativeFilePath(const FilePath& path,
-                                           FilePath* nt_path);
-#endif
-
-// This function will return if the given file is a symlink or not.
-BASE_EXPORT bool IsLink(const FilePath& file_path);
-
-// Returns information about the given file path.
-BASE_EXPORT bool GetFileInfo(const FilePath& file_path, File::Info* info);
-
-// Sets the time of the last access and the time of the last modification.
-BASE_EXPORT bool TouchFile(const FilePath& path,
-                           const Time& last_accessed,
-                           const Time& last_modified);
-
-// Wrapper for fopen-like calls. Returns non-NULL FILE* on success.
-BASE_EXPORT FILE* OpenFile(const FilePath& filename, const char* mode);
-
-// Closes file opened by OpenFile. Returns true on success.
-BASE_EXPORT bool CloseFile(FILE* file);
-
-// Associates a standard FILE stream with an existing File. Note that this
-// functions take ownership of the existing File.
-BASE_EXPORT FILE* FileToFILE(File file, const char* mode);
-
-// Truncates an open file to end at the location of the current file pointer.
-// This is a cross-platform analog to Windows' SetEndOfFile() function.
-BASE_EXPORT bool TruncateFile(FILE* file);
-
-// Reads at most the given number of bytes from the file into the buffer.
-// Returns the number of read bytes, or -1 on error.
-BASE_EXPORT int ReadFile(const FilePath& filename, char* data, int max_size);
-
-// Writes the given buffer into the file, overwriting any data that was
-// previously there.  Returns the number of bytes written, or -1 on error.
-BASE_EXPORT int WriteFile(const FilePath& filename, const char* data,
-                          int size);
-
-#if defined(OS_POSIX)
-// Append the data to |fd|. Does not close |fd| when done.
-BASE_EXPORT int WriteFileDescriptor(const int fd, const char* data, int size);
-#endif
-
-// Append the given buffer into the file. Returns the number of bytes written,
-// or -1 on error.
-BASE_EXPORT int AppendToFile(const FilePath& filename,
-                             const char* data, int size);
-
-// Gets the current working directory for the process.
-BASE_EXPORT bool GetCurrentDirectory(FilePath* path);
-
-// Sets the current working directory for the process.
-BASE_EXPORT bool SetCurrentDirectory(const FilePath& path);
-
-// Attempts to find a number that can be appended to the |path| to make it
-// unique. If |path| does not exist, 0 is returned.  If it fails to find such
-// a number, -1 is returned. If |suffix| is not empty, also checks the
-// existence of it with the given suffix.
-BASE_EXPORT int GetUniquePathNumber(const FilePath& path,
-                                    const FilePath::StringType& suffix);
-
-#if defined(OS_POSIX)
-// Test that |path| can only be changed by a given user and members of
-// a given set of groups.
-// Specifically, test that all parts of |path| under (and including) |base|:
-// * Exist.
-// * Are owned by a specific user.
-// * Are not writable by all users.
-// * Are owned by a member of a given set of groups, or are not writable by
-//   their group.
-// * Are not symbolic links.
-// This is useful for checking that a config file is administrator-controlled.
-// |base| must contain |path|.
-BASE_EXPORT bool VerifyPathControlledByUser(const base::FilePath& base,
-                                            const base::FilePath& path,
-                                            uid_t owner_uid,
-                                            const std::set<gid_t>& group_gids);
-#endif  // defined(OS_POSIX)
-
-#if defined(OS_MACOSX) && !defined(OS_IOS)
-// Is |path| writable only by a user with administrator privileges?
-// This function uses Mac OS conventions.  The super user is assumed to have
-// uid 0, and the administrator group is assumed to be named "admin".
-// Testing that |path|, and every parent directory including the root of
-// the filesystem, are owned by the superuser, controlled by the group
-// "admin", are not writable by all users, and contain no symbolic links.
-// Will return false if |path| does not exist.
-BASE_EXPORT bool VerifyPathControlledByAdmin(const base::FilePath& path);
-#endif  // defined(OS_MACOSX) && !defined(OS_IOS)
-
-// Returns the maximum length of path component on the volume containing
-// the directory |path|, in the number of FilePath::CharType, or -1 on failure.
-BASE_EXPORT int GetMaximumPathComponentLength(const base::FilePath& path);
-
-#if defined(OS_LINUX)
-// Broad categories of file systems as returned by statfs() on Linux.
-enum FileSystemType {
-  FILE_SYSTEM_UNKNOWN,  // statfs failed.
-  FILE_SYSTEM_0,        // statfs.f_type == 0 means unknown, may indicate AFS.
-  FILE_SYSTEM_ORDINARY,       // on-disk filesystem like ext2
-  FILE_SYSTEM_NFS,
-  FILE_SYSTEM_SMB,
-  FILE_SYSTEM_CODA,
-  FILE_SYSTEM_MEMORY,         // in-memory file system
-  FILE_SYSTEM_CGROUP,         // cgroup control.
-  FILE_SYSTEM_OTHER,          // any other value.
-  FILE_SYSTEM_TYPE_COUNT
-};
-
-// Attempts determine the FileSystemType for |path|.
-// Returns false if |path| doesn't exist.
-BASE_EXPORT bool GetFileSystemType(const FilePath& path, FileSystemType* type);
-#endif
-
-#if defined(OS_POSIX)
-// Get a temporary directory for shared memory files. The directory may depend
-// on whether the destination is intended for executable files, which in turn
-// depends on how /dev/shmem was mounted. As a result, you must supply whether
-// you intend to create executable shmem segments so this function can find
-// an appropriate location.
-BASE_EXPORT bool GetShmemTempDir(bool executable, FilePath* path);
-#endif
-
-}  // namespace base
-
-// -----------------------------------------------------------------------------
-
-namespace file_util {
-
-// Functor for |ScopedFILE| (below).
-struct ScopedFILEClose {
-  inline void operator()(FILE* x) const {
-    if (x)
-      fclose(x);
-  }
-};
-
-// Automatically closes |FILE*|s.
-typedef scoped_ptr<FILE, ScopedFILEClose> ScopedFILE;
-
-}  // namespace file_util
-
-// Internal --------------------------------------------------------------------
-
-namespace base {
-namespace internal {
-
-// Same as Move but allows paths with traversal components.
-// Use only with extreme care.
-BASE_EXPORT bool MoveUnsafe(const FilePath& from_path,
-                            const FilePath& to_path);
-
-// Same as CopyFile but allows paths with traversal components.
-// Use only with extreme care.
-BASE_EXPORT bool CopyFileUnsafe(const FilePath& from_path,
-                                const FilePath& to_path);
-
-#if defined(OS_WIN)
-// Copy from_path to to_path recursively and then delete from_path recursively.
-// Returns true if all operations succeed.
-// This function simulates Move(), but unlike Move() it works across volumes.
-// This function is not transactional.
-BASE_EXPORT bool CopyAndDeleteDirectory(const FilePath& from_path,
-                                        const FilePath& to_path);
-#endif  // defined(OS_WIN)
-
-}  // namespace internal
-}  // namespace base
-
-#endif  // BASE_FILE_UTIL_H_
deleted file mode 100644
--- a/security/sandbox/chromium/base/file_util_win.cc
+++ /dev/null
@@ -1,810 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "base/file_util.h"
-
-#include <windows.h>
-#include <io.h>
-#include <psapi.h>
-#include <shellapi.h>
-#include <shlobj.h>
-#include <time.h>
-
-#include <algorithm>
-#include <limits>
-#include <string>
-
-#include "base/files/file_enumerator.h"
-#include "base/files/file_path.h"
-#include "base/logging.h"
-#include "base/metrics/histogram.h"
-#include "base/process/process_handle.h"
-#include "base/rand_util.h"
-#include "base/strings/string_number_conversions.h"
-#include "base/strings/string_util.h"
-#include "base/strings/utf_string_conversions.h"
-#include "base/threading/thread_restrictions.h"
-#include "base/time/time.h"
-#include "base/win/scoped_handle.h"
-#include "base/win/windows_version.h"
-
-namespace base {
-
-namespace {
-
-const DWORD kFileShareAll =
-    FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE;
-
-}  // namespace
-
-FilePath MakeAbsoluteFilePath(const FilePath& input) {
-  ThreadRestrictions::AssertIOAllowed();
-  wchar_t file_path[MAX_PATH];
-  if (!_wfullpath(file_path, input.value().c_str(), MAX_PATH))
-    return FilePath();
-  return FilePath(file_path);
-}
-
-bool DeleteFile(const FilePath& path, bool recursive) {
-  ThreadRestrictions::AssertIOAllowed();
-
-  if (path.value().length() >= MAX_PATH)
-    return false;
-
-  // On XP SHFileOperation will return ERROR_ACCESS_DENIED instead of
-  // ERROR_FILE_NOT_FOUND, so just shortcut this here.
-  if (path.empty())
-    return true;
-
-  if (!recursive) {
-    // If not recursing, then first check to see if |path| is a directory.
-    // If it is, then remove it with RemoveDirectory.
-    File::Info file_info;
-    if (GetFileInfo(path, &file_info) && file_info.is_directory)
-      return RemoveDirectory(path.value().c_str()) != 0;
-
-    // Otherwise, it's a file, wildcard or non-existant. Try DeleteFile first
-    // because it should be faster. If DeleteFile fails, then we fall through
-    // to SHFileOperation, which will do the right thing.
-    if (::DeleteFile(path.value().c_str()) != 0)
-      return true;
-  }
-
-  // SHFILEOPSTRUCT wants the path to be terminated with two NULLs,
-  // so we have to use wcscpy because wcscpy_s writes non-NULLs
-  // into the rest of the buffer.
-  wchar_t double_terminated_path[MAX_PATH + 1] = {0};
-#pragma warning(suppress:4996)  // don't complain about wcscpy deprecation
-  wcscpy(double_terminated_path, path.value().c_str());
-
-  SHFILEOPSTRUCT file_operation = {0};
-  file_operation.wFunc = FO_DELETE;
-  file_operation.pFrom = double_terminated_path;
-  file_operation.fFlags = FOF_NOERRORUI | FOF_SILENT | FOF_NOCONFIRMATION;
-  if (!recursive)
-    file_operation.fFlags |= FOF_NORECURSION | FOF_FILESONLY;
-  int err = SHFileOperation(&file_operation);
-
-  // Since we're passing flags to the operation telling it to be silent,
-  // it's possible for the operation to be aborted/cancelled without err
-  // being set (although MSDN doesn't give any scenarios for how this can
-  // happen).  See MSDN for SHFileOperation and SHFILEOPTSTRUCT.
-  if (file_operation.fAnyOperationsAborted)
-    return false;
-
-  // Some versions of Windows return ERROR_FILE_NOT_FOUND (0x2) when deleting
-  // an empty directory and some return 0x402 when they should be returning
-  // ERROR_FILE_NOT_FOUND. MSDN says Vista and up won't return 0x402.  Windows 7
-  // can return DE_INVALIDFILES (0x7C) for nonexistent directories.
-  return (err == 0 || err == ERROR_FILE_NOT_FOUND || err == 0x402 ||
-          err == 0x7C);
-}
-
-bool DeleteFileAfterReboot(const FilePath& path) {
-  ThreadRestrictions::AssertIOAllowed();
-
-  if (path.value().length() >= MAX_PATH)
-    return false;
-
-  return MoveFileEx(path.value().c_str(), NULL,
-                    MOVEFILE_DELAY_UNTIL_REBOOT |
-                        MOVEFILE_REPLACE_EXISTING) != FALSE;
-}
-
-bool ReplaceFile(const FilePath& from_path,
-                 const FilePath& to_path,
-                 File::Error* error) {
-  ThreadRestrictions::AssertIOAllowed();
-  // Try a simple move first.  It will only succeed when |to_path| doesn't
-  // already exist.
-  if (::MoveFile(from_path.value().c_str(), to_path.value().c_str()))
-    return true;
-  // Try the full-blown replace if the move fails, as ReplaceFile will only
-  // succeed when |to_path| does exist. When writing to a network share, we may
-  // not be able to change the ACLs. Ignore ACL errors then
-  // (REPLACEFILE_IGNORE_MERGE_ERRORS).
-  if (::ReplaceFile(to_path.value().c_str(), from_path.value().c_str(), NULL,
-                    REPLACEFILE_IGNORE_MERGE_ERRORS, NULL, NULL)) {
-    return true;
-  }
-  if (error)
-    *error = File::OSErrorToFileError(GetLastError());
-  return false;
-}
-
-bool CopyDirectory(const FilePath& from_path, const FilePath& to_path,
-                   bool recursive) {
-  // NOTE(maruel): Previous version of this function used to call
-  // SHFileOperation().  This used to copy the file attributes and extended
-  // attributes, OLE structured storage, NTFS file system alternate data
-  // streams, SECURITY_DESCRIPTOR. In practice, this is not what we want, we
-  // want the containing directory to propagate its SECURITY_DESCRIPTOR.
-  ThreadRestrictions::AssertIOAllowed();
-
-  // NOTE: I suspect we could support longer paths, but that would involve
-  // analyzing all our usage of files.
-  if (from_path.value().length() >= MAX_PATH ||
-      to_path.value().length() >= MAX_PATH) {
-    return false;
-  }
-
-  // This function does not properly handle destinations within the source.
-  FilePath real_to_path = to_path;
-  if (PathExists(real_to_path)) {
-    real_to_path = MakeAbsoluteFilePath(real_to_path);
-    if (real_to_path.empty())
-      return false;
-  } else {
-    real_to_path = MakeAbsoluteFilePath(real_to_path.DirName());
-    if (real_to_path.empty())
-      return false;
-  }
-  FilePath real_from_path = MakeAbsoluteFilePath(from_path);
-  if (real_from_path.empty())
-    return false;
-  if (real_to_path.value().size() >= real_from_path.value().size() &&
-      real_to_path.value().compare(0, real_from_path.value().size(),
-                                   real_from_path.value()) == 0) {
-    return false;
-  }
-
-  int traverse_type = FileEnumerator::FILES;
-  if (recursive)
-    traverse_type |= FileEnumerator::DIRECTORIES;
-  FileEnumerator traversal(from_path, recursive, traverse_type);
-
-  if (!PathExists(from_path)) {
-    DLOG(ERROR) << "CopyDirectory() couldn't stat source directory: "
-                << from_path.value().c_str();
-    return false;
-  }
-  // TODO(maruel): This is not necessary anymore.
-  DCHECK(recursive || DirectoryExists(from_path));
-
-  FilePath current = from_path;
-  bool from_is_dir = DirectoryExists(from_path);
-  bool success = true;
-  FilePath from_path_base = from_path;
-  if (recursive && DirectoryExists(to_path)) {
-    // If the destination already exists and is a directory, then the
-    // top level of source needs to be copied.
-    from_path_base = from_path.DirName();
-  }
-
-  while (success && !current.empty()) {
-    // current is the source path, including from_path, so append
-    // the suffix after from_path to to_path to create the target_path.
-    FilePath target_path(to_path);
-    if (from_path_base != current) {
-      if (!from_path_base.AppendRelativePath(current, &target_path)) {
-        success = false;
-        break;
-      }
-    }
-
-    if (from_is_dir) {
-      if (!DirectoryExists(target_path) &&
-          !::CreateDirectory(target_path.value().c_str(), NULL)) {
-        DLOG(ERROR) << "CopyDirectory() couldn't create directory: "
-                    << target_path.value().c_str();
-        success = false;
-      }
-    } else if (!internal::CopyFileUnsafe(current, target_path)) {
-      DLOG(ERROR) << "CopyDirectory() couldn't create file: "
-                  << target_path.value().c_str();
-      success = false;
-    }
-
-    current = traversal.Next();
-    if (!current.empty())
-      from_is_dir = traversal.GetInfo().IsDirectory();
-  }
-
-  return success;
-}
-
-bool PathExists(const FilePath& path) {
-  ThreadRestrictions::AssertIOAllowed();
-  return (GetFileAttributes(path.value().c_str()) != INVALID_FILE_ATTRIBUTES);
-}
-
-bool PathIsWritable(const FilePath& path) {
-  ThreadRestrictions::AssertIOAllowed();
-  HANDLE dir =
-      CreateFile(path.value().c_str(), FILE_ADD_FILE, kFileShareAll,
-                 NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);
-
-  if (dir == INVALID_HANDLE_VALUE)
-    return false;
-
-  CloseHandle(dir);
-  return true;
-}
-
-bool DirectoryExists(const FilePath& path) {
-  ThreadRestrictions::AssertIOAllowed();
-  DWORD fileattr = GetFileAttributes(path.value().c_str());
-  if (fileattr != INVALID_FILE_ATTRIBUTES)
-    return (fileattr & FILE_ATTRIBUTE_DIRECTORY) != 0;
-  return false;
-}
-
-bool GetTempDir(FilePath* path) {
-  wchar_t temp_path[MAX_PATH + 1];
-  DWORD path_len = ::GetTempPath(MAX_PATH, temp_path);
-  if (path_len >= MAX_PATH || path_len <= 0)
-    return false;
-  // TODO(evanm): the old behavior of this function was to always strip the
-  // trailing slash.  We duplicate this here, but it shouldn't be necessary
-  // when everyone is using the appropriate FilePath APIs.
-  *path = FilePath(temp_path).StripTrailingSeparators();
-  return true;
-}
-
-FilePath GetHomeDir() {
-  char16 result[MAX_PATH];
-  if (SUCCEEDED(SHGetFolderPath(NULL, CSIDL_PROFILE, NULL, SHGFP_TYPE_CURRENT,
-                                result)) &&
-      result[0]) {
-    return FilePath(result);
-  }
-
-  // Fall back to the temporary directory on failure.
-  FilePath temp;
-  if (GetTempDir(&temp))
-    return temp;
-
-  // Last resort.
-  return FilePath(L"C:\\");
-}
-
-bool CreateTemporaryFile(FilePath* path) {
-  ThreadRestrictions::AssertIOAllowed();
-
-  FilePath temp_file;
-
-  if (!GetTempDir(path))
-    return false;
-
-  if (CreateTemporaryFileInDir(*path, &temp_file)) {
-    *path = temp_file;
-    return true;
-  }
-
-  return false;
-}
-
-// On POSIX we have semantics to create and open a temporary file
-// atomically.
-// TODO(jrg): is there equivalent call to use on Windows instead of
-// going 2-step?
-FILE* CreateAndOpenTemporaryFileInDir(const FilePath& dir, FilePath* path) {
-  ThreadRestrictions::AssertIOAllowed();
-  if (!CreateTemporaryFileInDir(dir, path)) {
-    return NULL;
-  }
-  // Open file in binary mode, to avoid problems with fwrite. On Windows
-  // it replaces \n's with \r\n's, which may surprise you.
-  // Reference: http://msdn.microsoft.com/en-us/library/h9t88zwz(VS.71).aspx
-  return OpenFile(*path, "wb+");
-}
-
-bool CreateTemporaryFileInDir(const FilePath& dir, FilePath* temp_file) {
-  ThreadRestrictions::AssertIOAllowed();
-
-  wchar_t temp_name[MAX_PATH + 1];
-
-  if (!GetTempFileName(dir.value().c_str(), L"", 0, temp_name)) {
-    DPLOG(WARNING) << "Failed to get temporary file name in "
-                   << UTF16ToUTF8(dir.value());
-    return false;
-  }
-
-  wchar_t long_temp_name[MAX_PATH + 1];
-  DWORD long_name_len = GetLongPathName(temp_name, long_temp_name, MAX_PATH);
-  if (long_name_len > MAX_PATH || long_name_len == 0) {
-    // GetLongPathName() failed, but we still have a temporary file.
-    *temp_file = FilePath(temp_name);
-    return true;
-  }
-
-  FilePath::StringType long_temp_name_str;
-  long_temp_name_str.assign(long_temp_name, long_name_len);
-  *temp_file = FilePath(long_temp_name_str);
-  return true;
-}
-
-bool CreateTemporaryDirInDir(const FilePath& base_dir,
-                             const FilePath::StringType& prefix,
-                             FilePath* new_dir) {
-  ThreadRestrictions::AssertIOAllowed();
-
-  FilePath path_to_create;
-
-  for (int count = 0; count < 50; ++count) {
-    // Try create a new temporary directory with random generated name. If
-    // the one exists, keep trying another path name until we reach some limit.
-    string16 new_dir_name;
-    new_dir_name.assign(prefix);
-    new_dir_name.append(IntToString16(GetCurrentProcId()));
-    new_dir_name.push_back('_');
-    new_dir_name.append(IntToString16(RandInt(0, kint16max)));
-
-    path_to_create = base_dir.Append(new_dir_name);
-    if (::CreateDirectory(path_to_create.value().c_str(), NULL)) {
-      *new_dir = path_to_create;
-      return true;
-    }
-  }
-
-  return false;
-}
-
-bool CreateNewTempDirectory(const FilePath::StringType& prefix,
-                            FilePath* new_temp_path) {
-  ThreadRestrictions::AssertIOAllowed();
-
-  FilePath system_temp_dir;
-  if (!GetTempDir(&system_temp_dir))
-    return false;
-
-  return CreateTemporaryDirInDir(system_temp_dir, prefix, new_temp_path);
-}
-
-bool CreateDirectoryAndGetError(const FilePath& full_path,
-                                File::Error* error) {
-  ThreadRestrictions::AssertIOAllowed();
-
-  // If the path exists, we've succeeded if it's a directory, failed otherwise.
-  const wchar_t* full_path_str = full_path.value().c_str();
-  DWORD fileattr = ::GetFileAttributes(full_path_str);
-  if (fileattr != INVALID_FILE_ATTRIBUTES) {
-    if ((fileattr & FILE_ATTRIBUTE_DIRECTORY) != 0) {
-      DVLOG(1) << "CreateDirectory(" << full_path_str << "), "
-               << "directory already exists.";
-      return true;
-    }
-    DLOG(WARNING) << "CreateDirectory(" << full_path_str << "), "
-                  << "conflicts with existing file.";
-    if (error) {
-      *error = File::FILE_ERROR_NOT_A_DIRECTORY;
-    }
-    return false;
-  }
-
-  // Invariant:  Path does not exist as file or directory.
-
-  // Attempt to create the parent recursively.  This will immediately return
-  // true if it already exists, otherwise will create all required parent
-  // directories starting with the highest-level missing parent.
-  FilePath parent_path(full_path.DirName());
-  if (parent_path.value() == full_path.value()) {
-    if (error) {
-      *error = File::FILE_ERROR_NOT_FOUND;
-    }
-    return false;
-  }
-  if (!CreateDirectoryAndGetError(parent_path, error)) {
-    DLOG(WARNING) << "Failed to create one of the parent directories.";
-    if (error) {
-      DCHECK(*error != File::FILE_OK);
-    }
-    return false;
-  }
-
-  if (!::CreateDirectory(full_path_str, NULL)) {
-    DWORD error_code = ::GetLastError();
-    if (error_code == ERROR_ALREADY_EXISTS && DirectoryExists(full_path)) {
-      // This error code ERROR_ALREADY_EXISTS doesn't indicate whether we
-      // were racing with someone creating the same directory, or a file
-      // with the same path.  If DirectoryExists() returns true, we lost the
-      // race to create the same directory.
-      return true;
-    } else {
-      if (error)
-        *error = File::OSErrorToFileError(error_code);
-      DLOG(WARNING) << "Failed to create directory " << full_path_str
-                    << ", last error is " << error_code << ".";
-      return false;
-    }
-  } else {
-    return true;
-  }
-}
-
-bool NormalizeFilePath(const FilePath& path, FilePath* real_path) {
-  ThreadRestrictions::AssertIOAllowed();
-  FilePath mapped_file;
-  if (!NormalizeToNativeFilePath(path, &mapped_file))
-    return false;
-  // NormalizeToNativeFilePath() will return a path that starts with
-  // "\Device\Harddisk...".  Helper DevicePathToDriveLetterPath()
-  // will find a drive letter which maps to the path's device, so
-  // that we return a path starting with a drive letter.
-  return DevicePathToDriveLetterPath(mapped_file, real_path);
-}
-
-bool DevicePathToDriveLetterPath(const FilePath& nt_device_path,
-                                 FilePath* out_drive_letter_path) {
-  ThreadRestrictions::AssertIOAllowed();
-
-  // Get the mapping of drive letters to device paths.
-  const int kDriveMappingSize = 1024;
-  wchar_t drive_mapping[kDriveMappingSize] = {'\0'};
-  if (!::GetLogicalDriveStrings(kDriveMappingSize - 1, drive_mapping)) {
-    DLOG(ERROR) << "Failed to get drive mapping.";
-    return false;
-  }
-
-  // The drive mapping is a sequence of null terminated strings.
-  // The last string is empty.
-  wchar_t* drive_map_ptr = drive_mapping;
-  wchar_t device_path_as_string[MAX_PATH];
-  wchar_t drive[] = L" :";
-
-  // For each string in the drive mapping, get the junction that links
-  // to it.  If that junction is a prefix of |device_path|, then we
-  // know that |drive| is the real path prefix.
-  while (*drive_map_ptr) {
-    drive[0] = drive_map_ptr[0];  // Copy the drive letter.
-
-    if (QueryDosDevice(drive, device_path_as_string, MAX_PATH)) {
-      FilePath device_path(device_path_as_string);
-      if (device_path == nt_device_path ||
-          device_path.IsParent(nt_device_path)) {
-        *out_drive_letter_path = FilePath(drive +
-            nt_device_path.value().substr(wcslen(device_path_as_string)));
-        return true;
-      }
-    }
-    // Move to the next drive letter string, which starts one
-    // increment after the '\0' that terminates the current string.
-    while (*drive_map_ptr++);
-  }
-
-  // No drive matched.  The path does not start with a device junction
-  // that is mounted as a drive letter.  This means there is no drive
-  // letter path to the volume that holds |device_path|, so fail.
-  return false;
-}
-
-bool NormalizeToNativeFilePath(const FilePath& path, FilePath* nt_path) {
-  ThreadRestrictions::AssertIOAllowed();
-  // In Vista, GetFinalPathNameByHandle() would give us the real path
-  // from a file handle.  If we ever deprecate XP, consider changing the
-  // code below to a call to GetFinalPathNameByHandle().  The method this
-  // function uses is explained in the following msdn article:
-  // http://msdn.microsoft.com/en-us/library/aa366789(VS.85).aspx
-  base::win::ScopedHandle file_handle(
-      ::CreateFile(path.value().c_str(),
-                   GENERIC_READ,
-                   kFileShareAll,
-                   NULL,
-                   OPEN_EXISTING,
-                   FILE_ATTRIBUTE_NORMAL,
-                   NULL));
-  if (!file_handle)
-    return false;
-
-  // Create a file mapping object.  Can't easily use MemoryMappedFile, because
-  // we only map the first byte, and need direct access to the handle. You can
-  // not map an empty file, this call fails in that case.
-  base::win::ScopedHandle file_map_handle(
-      ::CreateFileMapping(file_handle.Get(),
-                          NULL,
-                          PAGE_READONLY,
-                          0,
-                          1,  // Just one byte.  No need to look at the data.
-                          NULL));
-  if (!file_map_handle)
-    return false;
-
-  // Use a view of the file to get the path to the file.
-  void* file_view = MapViewOfFile(file_map_handle.Get(),
-                                  FILE_MAP_READ, 0, 0, 1);
-  if (!file_view)
-    return false;
-
-  // The expansion of |path| into a full path may make it longer.
-  // GetMappedFileName() will fail if the result is longer than MAX_PATH.
-  // Pad a bit to be safe.  If kMaxPathLength is ever changed to be less
-  // than MAX_PATH, it would be nessisary to test that GetMappedFileName()
-  // not return kMaxPathLength.  This would mean that only part of the
-  // path fit in |mapped_file_path|.
-  const int kMaxPathLength = MAX_PATH + 10;
-  wchar_t mapped_file_path[kMaxPathLength];
-  bool success = false;
-  HANDLE cp = GetCurrentProcess();
-  if (::GetMappedFileNameW(cp, file_view, mapped_file_path, kMaxPathLength)) {
-    *nt_path = FilePath(mapped_file_path);
-    success = true;
-  }
-  ::UnmapViewOfFile(file_view);
-  return success;
-}
-
-// TODO(rkc): Work out if we want to handle NTFS junctions here or not, handle
-// them if we do decide to.
-bool IsLink(const FilePath& file_path) {
-  return false;
-}
-
-bool GetFileInfo(const FilePath& file_path, File::Info* results) {
-  ThreadRestrictions::AssertIOAllowed();
-
-  WIN32_FILE_ATTRIBUTE_DATA attr;
-  if (!GetFileAttributesEx(file_path.value().c_str(),
-                           GetFileExInfoStandard, &attr)) {
-    return false;
-  }
-
-  ULARGE_INTEGER size;
-  size.HighPart = attr.nFileSizeHigh;
-  size.LowPart = attr.nFileSizeLow;
-  results->size = size.QuadPart;
-
-  results->is_directory =
-      (attr.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) != 0;
-  results->last_modified = Time::FromFileTime(attr.ftLastWriteTime);
-  results->last_accessed = Time::FromFileTime(attr.ftLastAccessTime);
-  results->creation_time = Time::FromFileTime(attr.ftCreationTime);
-
-  return true;
-}
-
-FILE* OpenFile(const FilePath& filename, const char* mode) {
-  ThreadRestrictions::AssertIOAllowed();
-  std::wstring w_mode = ASCIIToWide(std::string(mode));
-  return _wfsopen(filename.value().c_str(), w_mode.c_str(), _SH_DENYNO);
-}
-
-FILE* FileToFILE(File file, const char* mode) {
-  if (!file.IsValid())
-    return NULL;
-  int fd =
-      _open_osfhandle(reinterpret_cast<intptr_t>(file.GetPlatformFile()), 0);
-  if (fd < 0)
-    return NULL;
-  file.TakePlatformFile();
-  FILE* stream = _fdopen(fd, mode);
-  if (!stream)
-    _close(fd);
-  return stream;
-}
-
-int ReadFile(const FilePath& filename, char* data, int max_size) {
-  ThreadRestrictions::AssertIOAllowed();
-  base::win::ScopedHandle file(CreateFile(filename.value().c_str(),
-                                          GENERIC_READ,
-                                          FILE_SHARE_READ | FILE_SHARE_WRITE,
-                                          NULL,
-                                          OPEN_EXISTING,
-                                          FILE_FLAG_SEQUENTIAL_SCAN,
-                                          NULL));
-  if (!file)
-    return -1;
-
-  DWORD read;
-  if (::ReadFile(file, data, max_size, &read, NULL))
-    return read;
-
-  return -1;
-}
-
-int WriteFile(const FilePath& filename, const char* data, int size) {
-  ThreadRestrictions::AssertIOAllowed();
-  base::win::ScopedHandle file(CreateFile(filename.value().c_str(),
-                                          GENERIC_WRITE,
-                                          0,
-                                          NULL,
-                                          CREATE_ALWAYS,
-                                          0,
-                                          NULL));
-  if (!file) {
-    DPLOG(WARNING) << "CreateFile failed for path "
-                   << UTF16ToUTF8(filename.value());
-    return -1;
-  }
-
-  DWORD written;
-  BOOL result = ::WriteFile(file, data, size, &written, NULL);
-  if (result && static_cast<int>(written) == size)
-    return written;
-
-  if (!result) {
-    // WriteFile failed.
-    DPLOG(WARNING) << "writing file " << UTF16ToUTF8(filename.value())
-                   << " failed";
-  } else {
-    // Didn't write all the bytes.
-    DLOG(WARNING) << "wrote" << written << " bytes to "
-                  << UTF16ToUTF8(filename.value()) << " expected " << size;
-  }
-  return -1;
-}
-
-int AppendToFile(const FilePath& filename, const char* data, int size) {
-  ThreadRestrictions::AssertIOAllowed();
-  base::win::ScopedHandle file(CreateFile(filename.value().c_str(),
-                                          FILE_APPEND_DATA,
-                                          0,
-                                          NULL,
-                                          OPEN_EXISTING,
-                                          0,
-                                          NULL));
-  if (!file) {
-    DPLOG(WARNING) << "CreateFile failed for path "
-                   << UTF16ToUTF8(filename.value());
-    return -1;
-  }
-
-  DWORD written;
-  BOOL result = ::WriteFile(file, data, size, &written, NULL);
-  if (result && static_cast<int>(written) == size)
-    return written;
-
-  if (!result) {
-    // WriteFile failed.
-    DPLOG(WARNING) << "writing file " << UTF16ToUTF8(filename.value())
-                   << " failed";
-  } else {
-    // Didn't write all the bytes.
-    DLOG(WARNING) << "wrote" << written << " bytes to "
-                  << UTF16ToUTF8(filename.value()) << " expected " << size;
-  }
-  return -1;
-}
-
-// Gets the current working directory for the process.
-bool GetCurrentDirectory(FilePath* dir) {
-  ThreadRestrictions::AssertIOAllowed();
-
-  wchar_t system_buffer[MAX_PATH];
-  system_buffer[0] = 0;
-  DWORD len = ::GetCurrentDirectory(MAX_PATH, system_buffer);
-  if (len == 0 || len > MAX_PATH)
-    return false;
-  // TODO(evanm): the old behavior of this function was to always strip the
-  // trailing slash.  We duplicate this here, but it shouldn't be necessary
-  // when everyone is using the appropriate FilePath APIs.
-  std::wstring dir_str(system_buffer);
-  *dir = FilePath(dir_str).StripTrailingSeparators();
-  return true;
-}
-
-// Sets the current working directory for the process.
-bool SetCurrentDirectory(const FilePath& directory) {
-  ThreadRestrictions::AssertIOAllowed();
-  BOOL ret = ::SetCurrentDirectory(directory.value().c_str());
-  return ret != 0;
-}
-
-int GetMaximumPathComponentLength(const FilePath& path) {
-  ThreadRestrictions::AssertIOAllowed();
-
-  wchar_t volume_path[MAX_PATH];
-  if (!GetVolumePathNameW(path.NormalizePathSeparators().value().c_str(),
-                          volume_path,
-                          arraysize(volume_path))) {
-    return -1;
-  }
-
-  DWORD max_length = 0;
-  if (!GetVolumeInformationW(volume_path, NULL, 0, NULL, &max_length, NULL,
-                             NULL, 0)) {
-    return -1;
-  }
-
-  // Length of |path| with path separator appended.
-  size_t prefix = path.StripTrailingSeparators().value().size() + 1;
-  // The whole path string must be shorter than MAX_PATH. That is, it must be
-  // prefix + component_length < MAX_PATH (or equivalently, <= MAX_PATH - 1).
-  int whole_path_limit = std::max(0, MAX_PATH - 1 - static_cast<int>(prefix));
-  return std::min(whole_path_limit, static_cast<int>(max_length));
-}
-
-// -----------------------------------------------------------------------------
-
-namespace internal {
-
-bool MoveUnsafe(const FilePath& from_path, const FilePath& to_path) {
-  ThreadRestrictions::AssertIOAllowed();
-
-  // NOTE: I suspect we could support longer paths, but that would involve
-  // analyzing all our usage of files.
-  if (from_path.value().length() >= MAX_PATH ||
-      to_path.value().length() >= MAX_PATH) {
-    return false;
-  }
-  if (MoveFileEx(from_path.value().c_str(), to_path.value().c_str(),
-                 MOVEFILE_COPY_ALLOWED | MOVEFILE_REPLACE_EXISTING) != 0)
-    return true;
-
-  // Keep the last error value from MoveFileEx around in case the below
-  // fails.
-  bool ret = false;
-  DWORD last_error = ::GetLastError();
-
-  if (DirectoryExists(from_path)) {
-    // MoveFileEx fails if moving directory across volumes. We will simulate
-    // the move by using Copy and Delete. Ideally we could check whether
-    // from_path and to_path are indeed in different volumes.
-    ret = internal::CopyAndDeleteDirectory(from_path, to_path);
-  }
-
-  if (!ret) {
-    // Leave a clue about what went wrong so that it can be (at least) picked
-    // up by a PLOG entry.
-    ::SetLastError(last_error);
-  }
-
-  return ret;
-}
-
-bool CopyFileUnsafe(const FilePath& from_path, const FilePath& to_path) {
-  ThreadRestrictions::AssertIOAllowed();
-
-  // NOTE: I suspect we could support longer paths, but that would involve
-  // analyzing all our usage of files.
-  if (from_path.value().length() >= MAX_PATH ||
-      to_path.value().length() >= MAX_PATH) {
-    return false;
-  }
-
-  // Unlike the posix implementation that copies the file manually and discards
-  // the ACL bits, CopyFile() copies the complete SECURITY_DESCRIPTOR and access
-  // bits, which is usually not what we want. We can't do much about the
-  // SECURITY_DESCRIPTOR but at least remove the read only bit.
-  const wchar_t* dest = to_path.value().c_str();
-  if (!::CopyFile(from_path.value().c_str(), dest, false)) {
-    // Copy failed.
-    return false;
-  }
-  DWORD attrs = GetFileAttributes(dest);
-  if (attrs == INVALID_FILE_ATTRIBUTES) {
-    return false;
-  }
-  if (attrs & FILE_ATTRIBUTE_READONLY) {
-    SetFileAttributes(dest, attrs & ~FILE_ATTRIBUTE_READONLY);
-  }
-  return true;
-}
-
-bool CopyAndDeleteDirectory(const FilePath& from_path,
-                            const FilePath& to_path) {
-  ThreadRestrictions::AssertIOAllowed();
-  if (CopyDirectory(from_path, to_path, true)) {
-    if (DeleteFile(from_path, true))
-      return true;
-
-    // Like Move, this function is not transactional, so we just
-    // leave the copied bits behind if deleting from_path fails.
-    // If to_path exists previously then we have already overwritten
-    // it by now, we don't get better off by deleting the new bits.
-  }
-  return false;
-}
-
-}  // namespace internal
-}  // namespace base
--- a/security/sandbox/chromium/base/files/file_path.h
+++ b/security/sandbox/chromium/base/files/file_path.h
@@ -102,17 +102,16 @@
 #ifndef BASE_FILES_FILE_PATH_H_
 #define BASE_FILES_FILE_PATH_H_
 
 #include <stddef.h>
 #include <string>
 #include <vector>
 
 #include "base/base_export.h"
-#include "base/compiler_specific.h"
 #include "base/containers/hash_tables.h"
 #include "base/strings/string16.h"
 #include "base/strings/string_piece.h"  // For implicit conversions.
 #include "build/build_config.h"
 
 // Windows-style drive letter support and pathname separator characters can be
 // enabled and disabled independently, to aid testing.  These #defines are
 // here so that the same setting can be used in both the implementation and
@@ -448,28 +447,19 @@ BASE_EXPORT extern void PrintTo(const ba
 #define FILE_PATH_LITERAL(x) L ## x
 #define PRFilePath "ls"
 #define PRFilePathLiteral L"%ls"
 #endif  // OS_WIN
 
 // Provide a hash function so that hash_sets and maps can contain FilePath
 // objects.
 namespace BASE_HASH_NAMESPACE {
-#if defined(COMPILER_GCC)
 
 template<>
 struct hash<base::FilePath> {
   size_t operator()(const base::FilePath& f) const {
     return hash<base::FilePath::StringType>()(f.value());
   }
 };
 
-#elif defined(COMPILER_MSVC)
-
-inline size_t hash_value(const base::FilePath& f) {
-  return hash_value(f.value());
-}
-
-#endif  // COMPILER
-
 }  // namespace BASE_HASH_NAMESPACE
 
 #endif  // BASE_FILES_FILE_PATH_H_
--- a/security/sandbox/chromium/base/guid.h
+++ b/security/sandbox/chromium/base/guid.h
@@ -10,17 +10,17 @@
 #include "base/base_export.h"
 #include "base/basictypes.h"
 #include "build/build_config.h"
 
 namespace base {
 
 // Generate a 128-bit random GUID of the form: "%08X-%04X-%04X-%04X-%012llX".
 // If GUID generation fails an empty string is returned.
-// The POSIX implementation uses psuedo random number generation to create
+// The POSIX implementation uses pseudo random number generation to create
 // the GUID.  The Windows implementation uses system services.
 BASE_EXPORT std::string GenerateGUID();
 
 // Returns true if the input string conforms to the GUID format.
 BASE_EXPORT bool IsValidGUID(const std::string& guid);
 
 #if defined(OS_POSIX)
 // For unit testing purposes only.  Do not use outside of tests.
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/hash.cc
@@ -0,0 +1,18 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/hash.h"
+
+// Definition in base/third_party/superfasthash/superfasthash.c. (Third-party
+// code did not come with its own header file, so declaring the function here.)
+// Note: This algorithm is also in Blink under Source/wtf/StringHasher.h.
+extern "C" uint32_t SuperFastHash(const char* data, int len);
+
+namespace base {
+
+uint32 SuperFastHash(const char* data, int len) {
+  return ::SuperFastHash(data, len);
+}
+
+}  // namespace base
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/hash.h
@@ -0,0 +1,38 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef BASE_HASH_H_
+#define BASE_HASH_H_
+
+#include <limits>
+#include <string>
+
+#include "base/base_export.h"
+#include "base/basictypes.h"
+#include "base/logging.h"
+
+namespace base {
+
+// WARNING: This hash function should not be used for any cryptographic purpose.
+BASE_EXPORT uint32 SuperFastHash(const char* data, int len);
+
+// Computes a hash of a memory buffer |data| of a given |length|.
+// WARNING: This hash function should not be used for any cryptographic purpose.
+inline uint32 Hash(const char* data, size_t length) {
+  if (length > static_cast<size_t>(std::numeric_limits<int>::max())) {
+    NOTREACHED();
+    return 0;
+  }
+  return SuperFastHash(data, static_cast<int>(length));
+}
+
+// Computes a hash of a string |str|.
+// WARNING: This hash function should not be used for any cryptographic purpose.
+inline uint32 Hash(const std::string& str) {
+  return Hash(str.data(), str.size());
+}
+
+}  // namespace base
+
+#endif  // BASE_HASH_H_
--- a/security/sandbox/chromium/base/lazy_instance.cc
+++ b/security/sandbox/chromium/base/lazy_instance.cc
@@ -3,17 +3,16 @@
 // found in the LICENSE file.
 
 #include "base/lazy_instance.h"
 
 #include "base/at_exit.h"
 #include "base/atomicops.h"
 #include "base/basictypes.h"
 #include "base/threading/platform_thread.h"
-#include "base/third_party/dynamic_annotations/dynamic_annotations.h"
 
 namespace base {
 namespace internal {
 
 // TODO(joth): This function could be shared with Singleton, in place of its
 // WaitForInstance() call.
 bool NeedsLazyInstance(subtle::AtomicWord* state) {
   // Try to create the instance, if we're the first, will go from 0 to
@@ -37,19 +36,16 @@ bool NeedsLazyInstance(subtle::AtomicWor
   // Someone else created the instance.
   return false;
 }
 
 void CompleteLazyInstance(subtle::AtomicWord* state,
                           subtle::AtomicWord new_instance,
                           void* lazy_instance,
                           void (*dtor)(void*)) {
-  // See the comment to the corresponding HAPPENS_AFTER in Pointer().
-  ANNOTATE_HAPPENS_BEFORE(state);
-
   // Instance is created, go from CREATING to CREATED.
   // Releases visibility over private_buf_ to readers. Pairing Acquire_Load's
   // are in NeedsInstance() and Pointer().
   subtle::Release_Store(state, new_instance);
 
   // Make sure that the lazily instantiated object will get destroyed at exit.
   if (dtor)
     AtExitManager::RegisterCallback(dtor, lazy_instance);
--- a/security/sandbox/chromium/base/lazy_instance.h
+++ b/security/sandbox/chromium/base/lazy_instance.h
@@ -38,17 +38,16 @@
 #include <new>  // For placement new.
 
 #include "base/atomicops.h"
 #include "base/base_export.h"
 #include "base/basictypes.h"
 #include "base/debug/leak_annotations.h"
 #include "base/logging.h"
 #include "base/memory/aligned_memory.h"
-#include "base/third_party/dynamic_annotations/dynamic_annotations.h"
 #include "base/threading/thread_restrictions.h"
 
 // LazyInstance uses its own struct initializer-list style static
 // initialization, as base's LINKER_INITIALIZED requires a constructor and on
 // some compilers (notably gcc 4.4) this still ends up needing runtime
 // initialization.
 #define LAZY_INSTANCE_INITIALIZER {0}
 
@@ -161,23 +160,16 @@ class LazyInstance {
     if (!(value & kLazyInstanceCreatedMask) &&
         internal::NeedsLazyInstance(&private_instance_)) {
       // Create the instance in the space provided by |private_buf_|.
       value = reinterpret_cast<subtle::AtomicWord>(
           Traits::New(private_buf_.void_data()));
       internal::CompleteLazyInstance(&private_instance_, value, this,
                                      Traits::kRegisterOnExit ? OnExit : NULL);
     }
-
-    // This annotation helps race detectors recognize correct lock-less
-    // synchronization between different threads calling Pointer().
-    // We suggest dynamic race detection tool that "Traits::New" above
-    // and CompleteLazyInstance(...) happens before "return instance()" below.
-    // See the corresponding HAPPENS_BEFORE in CompleteLazyInstance(...).
-    ANNOTATE_HAPPENS_AFTER(&private_instance_);
     return instance();
   }
 
   bool operator==(Type* p) {
     switch (subtle::NoBarrier_Load(&private_instance_)) {
       case 0:
         return p == NULL;
       case internal::kLazyInstanceStateCreating:
--- a/security/sandbox/chromium/base/location.cc
+++ b/security/sandbox/chromium/base/location.cc
@@ -1,19 +1,16 @@
 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "build/build_config.h"
 
 #if defined(COMPILER_MSVC)
-// MSDN says to #include <intrin.h>, but that breaks the VS2005 build.
-extern "C" {
-  void* _ReturnAddress();
-}
+#include <intrin.h>
 #endif
 
 #include "base/location.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/stringprintf.h"
 
 namespace tracked_objects {
 
--- a/security/sandbox/chromium/base/logging.h
+++ b/security/sandbox/chromium/base/logging.h
@@ -445,24 +445,46 @@ const LogSeverity LOG_0 = LOG_ERROR;
   !(condition) ? ::base::debug::BreakDebugger() : EAT_STREAM_PARAMETERS
 
 #define PCHECK(condition) CHECK(condition)
 
 #define CHECK_OP(name, op, val1, val2) CHECK((val1) op (val2))
 
 #else
 
+#if defined(_PREFAST_) && defined(OS_WIN)
+// Use __analysis_assume to tell the VC++ static analysis engine that
+// assert conditions are true, to suppress warnings.  The LAZY_STREAM
+// parameter doesn't reference 'condition' in /analyze builds because
+// this evaluation confuses /analyze. The !! before condition is because
+// __analysis_assume gets confused on some conditions:
+// http://randomascii.wordpress.com/2011/09/13/analyze-for-visual-studio-the-ugly-part-5/
+
+#define CHECK(condition)                \
+  __analysis_assume(!!(condition)),     \
+  LAZY_STREAM(LOG_STREAM(FATAL), false) \
+  << "Check failed: " #condition ". "
+
+#define PCHECK(condition)                \
+  __analysis_assume(!!(condition)),      \
+  LAZY_STREAM(PLOG_STREAM(FATAL), false) \
+  << "Check failed: " #condition ". "
+
+#else  // _PREFAST_
+
 #define CHECK(condition)                       \
   LAZY_STREAM(LOG_STREAM(FATAL), !(condition)) \
   << "Check failed: " #condition ". "
 
-#define PCHECK(condition) \
+#define PCHECK(condition)                       \
   LAZY_STREAM(PLOG_STREAM(FATAL), !(condition)) \
   << "Check failed: " #condition ". "
 
+#endif  // _PREFAST_
+
 // Helper macro for binary operators.
 // Don't use this macro directly in your code, use CHECK_EQ et al below.
 //
 // TODO(akalin): Rewrite this so that constructs like if (...)
 // CHECK_EQ(...) else { ... } work properly.
 #define CHECK_OP(name, op, val1, val2)                          \
   if (std::string* _result =                                    \
       logging::Check##name##Impl((val1), (val2),                \
@@ -478,35 +500,32 @@ const LogSeverity LOG_0 = LOG_ERROR;
 template<class t1, class t2>
 std::string* MakeCheckOpString(const t1& v1, const t2& v2, const char* names) {
   std::ostringstream ss;
   ss << names << " (" << v1 << " vs. " << v2 << ")";
   std::string* msg = new std::string(ss.str());
   return msg;
 }
 
-// MSVC doesn't like complex extern templates and DLLs.
-#if !defined(COMPILER_MSVC)
 // Commonly used instantiations of MakeCheckOpString<>. Explicitly instantiated
 // in logging.cc.
 extern template BASE_EXPORT std::string* MakeCheckOpString<int, int>(
     const int&, const int&, const char* names);
 extern template BASE_EXPORT
 std::string* MakeCheckOpString<unsigned long, unsigned long>(
     const unsigned long&, const unsigned long&, const char* names);
 extern template BASE_EXPORT
 std::string* MakeCheckOpString<unsigned long, unsigned int>(
     const unsigned long&, const unsigned int&, const char* names);
 extern template BASE_EXPORT
 std::string* MakeCheckOpString<unsigned int, unsigned long>(
     const unsigned int&, const unsigned long&, const char* names);
 extern template BASE_EXPORT
 std::string* MakeCheckOpString<std::string, std::string>(
     const std::string&, const std::string&, const char* name);
-#endif
 
 // Helper functions for CHECK_OP macro.
 // The (int, int) specialization works around the issue that the compiler
 // will not instantiate the template version of the function on values of
 // unnamed enum type - see comment below.
 #define DEFINE_CHECK_OP_IMPL(name, op) \
   template <class t1, class t2> \
   inline std::string* Check##name##Impl(const t1& v1, const t2& v2, \
@@ -527,16 +546,17 @@ DEFINE_CHECK_OP_IMPL(GT, > )
 #undef DEFINE_CHECK_OP_IMPL
 
 #define CHECK_EQ(val1, val2) CHECK_OP(EQ, ==, val1, val2)
 #define CHECK_NE(val1, val2) CHECK_OP(NE, !=, val1, val2)
 #define CHECK_LE(val1, val2) CHECK_OP(LE, <=, val1, val2)
 #define CHECK_LT(val1, val2) CHECK_OP(LT, < , val1, val2)
 #define CHECK_GE(val1, val2) CHECK_OP(GE, >=, val1, val2)
 #define CHECK_GT(val1, val2) CHECK_OP(GT, > , val1, val2)
+#define CHECK_IMPLIES(val1, val2) CHECK(!(val1) || (val2))
 
 #if defined(NDEBUG)
 #define ENABLE_DLOG 0
 #else
 #define ENABLE_DLOG 1
 #endif
 
 #if defined(NDEBUG) && !defined(DCHECK_ALWAYS_ON)
@@ -613,24 +633,41 @@ const LogSeverity LOG_DCHECK = LOG_INFO;
 
 #endif  // DCHECK_IS_ON
 
 // DCHECK et al. make sure to reference |condition| regardless of
 // whether DCHECKs are enabled; this is so that we don't get unused
 // variable warnings if the only use of a variable is in a DCHECK.
 // This behavior is different from DLOG_IF et al.
 
-#define DCHECK(condition)                                         \
-  LAZY_STREAM(LOG_STREAM(DCHECK), DCHECK_IS_ON && !(condition))   \
+#if defined(_PREFAST_) && defined(OS_WIN)
+// See comments on the previous use of __analysis_assume.
+
+#define DCHECK(condition)                                               \
+  __analysis_assume(!!(condition)),                                     \
+  LAZY_STREAM(LOG_STREAM(DCHECK), false)                                \
   << "Check failed: " #condition ". "
 
-#define DPCHECK(condition)                                        \
-  LAZY_STREAM(PLOG_STREAM(DCHECK), DCHECK_IS_ON && !(condition))  \
+#define DPCHECK(condition)                                              \
+  __analysis_assume(!!(condition)),                                     \
+  LAZY_STREAM(PLOG_STREAM(DCHECK), false)                               \
   << "Check failed: " #condition ". "
 
+#else  // _PREFAST_
+
+#define DCHECK(condition)                                               \
+  LAZY_STREAM(LOG_STREAM(DCHECK), DCHECK_IS_ON ? !(condition) : false)  \
+  << "Check failed: " #condition ". "
+
+#define DPCHECK(condition)                                              \
+  LAZY_STREAM(PLOG_STREAM(DCHECK), DCHECK_IS_ON ? !(condition) : false) \
+  << "Check failed: " #condition ". "
+
+#endif  // _PREFAST_
+
 // Helper macro for binary operators.
 // Don't use this macro directly in your code, use DCHECK_EQ et al below.
 #define DCHECK_OP(name, op, val1, val2)                         \
   if (DCHECK_IS_ON)                                             \
     if (std::string* _result =                                  \
         logging::Check##name##Impl((val1), (val2),              \
                                    #val1 " " #op " " #val2))    \
       logging::LogMessage(                                      \
@@ -657,18 +694,19 @@ const LogSeverity LOG_DCHECK = LOG_INFO;
 // type of the desired pointer.
 
 #define DCHECK_EQ(val1, val2) DCHECK_OP(EQ, ==, val1, val2)
 #define DCHECK_NE(val1, val2) DCHECK_OP(NE, !=, val1, val2)
 #define DCHECK_LE(val1, val2) DCHECK_OP(LE, <=, val1, val2)
 #define DCHECK_LT(val1, val2) DCHECK_OP(LT, < , val1, val2)
 #define DCHECK_GE(val1, val2) DCHECK_OP(GE, >=, val1, val2)
 #define DCHECK_GT(val1, val2) DCHECK_OP(GT, > , val1, val2)
+#define DCHECK_IMPLIES(val1, val2) DCHECK(!(val1) || (val2))
 
-#if defined(NDEBUG) && defined(OS_CHROMEOS)
+#if !DCHECK_IS_ON && defined(OS_CHROMEOS)
 #define NOTREACHED() LOG(ERROR) << "NOTREACHED() hit in " << \
     __FUNCTION__ << ". "
 #else
 #define NOTREACHED() DCHECK(false)
 #endif
 
 // Redefine the standard assert to use our nice log files
 #undef assert
--- a/security/sandbox/chromium/base/macros.h
+++ b/security/sandbox/chromium/base/macros.h
@@ -45,22 +45,16 @@
 #define DISALLOW_IMPLICIT_CONSTRUCTORS(TypeName) \
   TypeName();                                    \
   DISALLOW_COPY_AND_ASSIGN(TypeName)
 
 // The arraysize(arr) macro returns the # of elements in an array arr.
 // The expression is a compile-time constant, and therefore can be
 // used in defining new arrays, for example.  If you use arraysize on
 // a pointer by mistake, you will get a compile-time error.
-//
-// One caveat is that arraysize() doesn't accept any array of an
-// anonymous type or a type defined inside a function.  In these rare
-// cases, you have to use the unsafe ARRAYSIZE_UNSAFE() macro below.  This is
-// due to a limitation in C++'s template system.  The limitation might
-// eventually be removed, but it hasn't happened yet.
 
 // This template function declaration is used in defining arraysize.
 // Note that the function doesn't need an implementation, as we only
 // use its type.
 template <typename T, size_t N>
 char (&ArraySizeHelper(T (&array)[N]))[N];
 
 // That gcc wants both of these prototypes seems mysterious. VC, for
@@ -68,57 +62,16 @@ char (&ArraySizeHelper(T (&array)[N]))[N
 // template overloads: the final frontier.
 #ifndef _MSC_VER
 template <typename T, size_t N>
 char (&ArraySizeHelper(const T (&array)[N]))[N];
 #endif
 
 #define arraysize(array) (sizeof(ArraySizeHelper(array)))
 
-// ARRAYSIZE_UNSAFE performs essentially the same calculation as arraysize,
-// but can be used on anonymous types or types defined inside
-// functions.  It's less safe than arraysize as it accepts some
-// (although not all) pointers.  Therefore, you should use arraysize
-// whenever possible.
-//
-// The expression ARRAYSIZE_UNSAFE(a) is a compile-time constant of type
-// size_t.
-//
-// ARRAYSIZE_UNSAFE catches a few type errors.  If you see a compiler error
-//
-//   "warning: division by zero in ..."
-//
-// when using ARRAYSIZE_UNSAFE, you are (wrongfully) giving it a pointer.
-// You should only use ARRAYSIZE_UNSAFE on statically allocated arrays.
-//
-// The following comments are on the implementation details, and can
-// be ignored by the users.
-//
-// ARRAYSIZE_UNSAFE(arr) works by inspecting sizeof(arr) (the # of bytes in
-// the array) and sizeof(*(arr)) (the # of bytes in one array
-// element).  If the former is divisible by the latter, perhaps arr is
-// indeed an array, in which case the division result is the # of
-// elements in the array.  Otherwise, arr cannot possibly be an array,
-// and we generate a compiler error to prevent the code from
-// compiling.
-//
-// Since the size of bool is implementation-defined, we need to cast
-// !(sizeof(a) & sizeof(*(a))) to size_t in order to ensure the final
-// result has type size_t.
-//
-// This macro is not perfect as it wrongfully accepts certain
-// pointers, namely where the pointer size is divisible by the pointee
-// size.  Since all our code has to go through a 32-bit compiler,
-// where a pointer is 4 bytes, this means all pointers to a type whose
-// size is 3 or greater than 4 will be (righteously) rejected.
-
-#define ARRAYSIZE_UNSAFE(a) \
-  ((sizeof(a) / sizeof(*(a))) / \
-   static_cast<size_t>(!(sizeof(a) % sizeof(*(a)))))
-
 
 // Use implicit_cast as a safe version of static_cast or const_cast
 // for upcasting in the type hierarchy (i.e. casting a pointer to Foo
 // to a pointer to SuperclassOfFoo or casting a pointer to Foo to
 // a const pointer to Foo).
 // When you use implicit_cast, the compiler checks that the cast is safe.
 // Such explicit implicit_casts are necessary in surprisingly many
 // situations where C++ demands an exact type match instead of an
@@ -136,86 +89,30 @@ template<typename To, typename From>
 inline To implicit_cast(From const &f) {
   return f;
 }
 
 // The COMPILE_ASSERT macro can be used to verify that a compile time
 // expression is true. For example, you could use it to verify the
 // size of a static array:
 //
-//   COMPILE_ASSERT(ARRAYSIZE_UNSAFE(content_type_names) == CONTENT_NUM_TYPES,
+//   COMPILE_ASSERT(arraysize(content_type_names) == CONTENT_NUM_TYPES,
 //                  content_type_names_incorrect_size);
 //
 // or to make sure a struct is smaller than a certain size:
 //
 //   COMPILE_ASSERT(sizeof(foo) < 128, foo_too_large);
 //
 // The second argument to the macro is the name of the variable. If
 // the expression is false, most compilers will issue a warning/error
 // containing the name of the variable.
 
 #undef COMPILE_ASSERT
-
-#if __cplusplus >= 201103L
-
-// Under C++11, just use static_assert.
 #define COMPILE_ASSERT(expr, msg) static_assert(expr, #msg)
 
-#else
-
-template <bool>
-struct CompileAssert {
-};
-
-#define COMPILE_ASSERT(expr, msg) \
-  typedef CompileAssert<(bool(expr))> msg[bool(expr) ? 1 : -1] ALLOW_UNUSED
-
-// Implementation details of COMPILE_ASSERT:
-//
-// - COMPILE_ASSERT works by defining an array type that has -1
-//   elements (and thus is invalid) when the expression is false.
-//
-// - The simpler definition
-//
-//     #define COMPILE_ASSERT(expr, msg) typedef char msg[(expr) ? 1 : -1]
-//
-//   does not work, as gcc supports variable-length arrays whose sizes
-//   are determined at run-time (this is gcc's extension and not part
-//   of the C++ standard).  As a result, gcc fails to reject the
-//   following code with the simple definition:
-//
-//     int foo;
-//     COMPILE_ASSERT(foo, msg); // not supposed to compile as foo is
-//                               // not a compile-time constant.
-//
-// - By using the type CompileAssert<(bool(expr))>, we ensures that
-//   expr is a compile-time constant.  (Template arguments must be
-//   determined at compile-time.)
-//
-// - The outer parentheses in CompileAssert<(bool(expr))> are necessary
-//   to work around a bug in gcc 3.4.4 and 4.0.1.  If we had written
-//
-//     CompileAssert<bool(expr)>
-//
-//   instead, these compilers will refuse to compile
-//
-//     COMPILE_ASSERT(5 > 0, some_message);
-//
-//   (They seem to think the ">" in "5 > 0" marks the end of the
-//   template argument list.)
-//
-// - The array size is (bool(expr) ? 1 : -1), instead of simply
-//
-//     ((expr) ? 1 : -1).
-//
-//   This is to avoid running into a bug in MS VC 7.1, which
-//   causes ((0.0) ? 1 : -1) to incorrectly evaluate to 1.
-
-#endif
-
 // bit_cast<Dest,Source> is a template function that implements the
 // equivalent of "*reinterpret_cast<Dest*>(&source)".  We need this in
 // very low-level functions like the protobuf library and fast math
 // support.
 //
 //   float f = 3.14159265358979;
 //   int i = bit_cast<int32>(f);
 //   // i = 0x40490fdb
--- a/security/sandbox/chromium/base/memory/ref_counted.h
+++ b/security/sandbox/chromium/base/memory/ref_counted.h
@@ -1,24 +1,31 @@
 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef BASE_MEMORY_REF_COUNTED_H_
 #define BASE_MEMORY_REF_COUNTED_H_
 
 #include <cassert>
+#include <iosfwd>
 
 #include "base/atomic_ref_count.h"
 #include "base/base_export.h"
 #include "base/compiler_specific.h"
 #ifndef NDEBUG
 #include "base/logging.h"
 #endif
 #include "base/threading/thread_collision_warner.h"
+#include "build/build_config.h"
+#include "mozilla/Attributes.h"
+
+#if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_IOS) || defined(OS_ANDROID)
+#define DISABLE_SCOPED_REFPTR_CONVERSION_OPERATOR
+#endif
 
 namespace base {
 
 namespace subtle {
 
 class BASE_EXPORT RefCountedBase {
  public:
   bool HasOneRef() const { return ref_count_ == 1; }
@@ -196,17 +203,17 @@ class RefCountedThreadSafe : public subt
 // A thread-safe wrapper for some piece of data so we can place other
 // things in scoped_refptrs<>.
 //
 template<typename T>
 class RefCountedData
     : public base::RefCountedThreadSafe< base::RefCountedData<T> > {
  public:
   RefCountedData() : data() {}
-  RefCountedData(const T& in_value) : data(in_value) {}
+  MOZ_IMPLICIT RefCountedData(const T& in_value) : data(in_value) {}
 
   T data;
 
  private:
   friend class base::RefCountedThreadSafe<base::RefCountedData<T> >;
   ~RefCountedData() {}
 };
 
@@ -263,56 +270,63 @@ class RefCountedData
 template <class T>
 class scoped_refptr {
  public:
   typedef T element_type;
 
   scoped_refptr() : ptr_(NULL) {
   }
 
-  scoped_refptr(T* p) : ptr_(p) {
+  MOZ_IMPLICIT scoped_refptr(T* p) : ptr_(p) {
     if (ptr_)
-      ptr_->AddRef();
+      AddRef(ptr_);
   }
 
   scoped_refptr(const scoped_refptr<T>& r) : ptr_(r.ptr_) {
     if (ptr_)
-      ptr_->AddRef();
+      AddRef(ptr_);
   }
 
   template <typename U>
   scoped_refptr(const scoped_refptr<U>& r) : ptr_(r.get()) {
     if (ptr_)
-      ptr_->AddRef();
+      AddRef(ptr_);
   }
 
   ~scoped_refptr() {
     if (ptr_)
-      ptr_->Release();
+      Release(ptr_);
   }
 
   T* get() const { return ptr_; }
 
+#if !defined(DISABLE_SCOPED_REFPTR_CONVERSION_OPERATOR)
   // Allow scoped_refptr<C> to be used in boolean expression
   // and comparison operations.
   operator T*() const { return ptr_; }
+#endif
+
+  T& operator*() const {
+    assert(ptr_ != NULL);
+    return *ptr_;
+  }
 
   T* operator->() const {
     assert(ptr_ != NULL);
     return ptr_;
   }
 
   scoped_refptr<T>& operator=(T* p) {
     // AddRef first so that self assignment should work
     if (p)
-      p->AddRef();
+      AddRef(p);
     T* old_ptr = ptr_;
     ptr_ = p;
     if (old_ptr)
-      old_ptr->Release();
+      Release(old_ptr);
     return *this;
   }
 
   scoped_refptr<T>& operator=(const scoped_refptr<T>& r) {
     return *this = r.ptr_;
   }
 
   template <typename U>
@@ -325,20 +339,83 @@ class scoped_refptr {
     ptr_ = *pp;
     *pp = p;
   }
 
   void swap(scoped_refptr<T>& r) {
     swap(&r.ptr_);
   }
 
+#if defined(DISABLE_SCOPED_REFPTR_CONVERSION_OPERATOR)
+  template <typename U>
+  bool operator==(const scoped_refptr<U>& rhs) const {
+    return ptr_ == rhs.get();
+  }
+
+  template <typename U>
+  bool operator!=(const scoped_refptr<U>& rhs) const {
+    return !operator==(rhs);
+  }
+
+  template <typename U>
+  bool operator<(const scoped_refptr<U>& rhs) const {
+    return ptr_ < rhs.get();
+  }
+#endif
+
  protected:
   T* ptr_;
+
+ private:
+  // Non-inline helpers to allow:
+  //     class Opaque;
+  //     extern template class scoped_refptr<Opaque>;
+  // Otherwise the compiler will complain that Opaque is an incomplete type.
+  static void AddRef(T* ptr);
+  static void Release(T* ptr);
 };
 
+template <typename T>
+void scoped_refptr<T>::AddRef(T* ptr) {
+  ptr->AddRef();
+}
+
+template <typename T>
+void scoped_refptr<T>::Release(T* ptr) {
+  ptr->Release();
+}
+
 // Handy utility for creating a scoped_refptr<T> out of a T* explicitly without
 // having to retype all the template arguments
 template <typename T>
 scoped_refptr<T> make_scoped_refptr(T* t) {
   return scoped_refptr<T>(t);
 }
 
+#if defined(DISABLE_SCOPED_REFPTR_CONVERSION_OPERATOR)
+// Temporary operator overloads to facilitate the transition...
+template <typename T, typename U>
+bool operator==(const scoped_refptr<T>& lhs, const U* rhs) {
+  return lhs.get() == rhs;
+}
+
+template <typename T, typename U>
+bool operator==(const T* lhs, const scoped_refptr<U>& rhs) {
+  return lhs == rhs.get();
+}
+
+template <typename T, typename U>
+bool operator!=(const scoped_refptr<T>& lhs, const U* rhs) {
+  return !operator==(lhs, rhs);
+}
+
+template <typename T, typename U>
+bool operator!=(const T* lhs, const scoped_refptr<U>& rhs) {
+  return !operator==(lhs, rhs);
+}
+
+template <typename T>
+std::ostream& operator<<(std::ostream& out, const scoped_refptr<T>& p) {
+  return out << p.get();
+}
+#endif  // defined(DISABLE_SCOPED_REFPTR_CONVERSION_OPERATOR)
+
 #endif  // BASE_MEMORY_REF_COUNTED_H_
--- a/security/sandbox/chromium/base/memory/scoped_ptr.h
+++ b/security/sandbox/chromium/base/memory/scoped_ptr.h
@@ -53,41 +53,31 @@
 //     return arg.Pass();
 //   }
 //
 //   {
 //     scoped_ptr<Foo> ptr(new Foo("yay"));  // ptr manages Foo("yay").
 //     TakesOwnership(ptr.Pass());           // ptr no longer owns Foo("yay").
 //     scoped_ptr<Foo> ptr2 = CreateFoo();   // ptr2 owns the return Foo.
 //     scoped_ptr<Foo> ptr3 =                // ptr3 now owns what was in ptr2.
-//         PassThru(ptr2.Pass());            // ptr2 is correspondingly NULL.
+//         PassThru(ptr2.Pass());            // ptr2 is correspondingly nullptr.
 //   }
 //
 // Notice that if you do not call Pass() when returning from PassThru(), or
 // when invoking TakesOwnership(), the code will not compile because scopers
 // are not copyable; they only implement move semantics which require calling
 // the Pass() function to signify a destructive transfer of state. CreateFoo()
 // is different though because we are constructing a temporary on the return
 // line and thus can avoid needing to call Pass().
 //
 // Pass() properly handles upcast in initialization, i.e. you can use a
 // scoped_ptr<Child> to initialize a scoped_ptr<Parent>:
 //
 //   scoped_ptr<Foo> foo(new Foo());
 //   scoped_ptr<FooParent> parent(foo.Pass());
-//
-// PassAs<>() should be used to upcast return value in return statement:
-//
-//   scoped_ptr<Foo> CreateFoo() {
-//     scoped_ptr<FooChild> result(new FooChild());
-//     return result.PassAs<Foo>();
-//   }
-//
-// Note that PassAs<>() is implemented only for scoped_ptr<T>, but not for
-// scoped_ptr<T[]>. This is because casting array pointers may not be safe.
 
 #ifndef BASE_MEMORY_SCOPED_PTR_H_
 #define BASE_MEMORY_SCOPED_PTR_H_
 
 // This is an implementation designed to match the anticipated future TR2
 // implementation of the scoped_ptr class.
 
 #include <assert.h>
@@ -179,22 +169,33 @@ namespace internal {
 template <typename T> struct IsNotRefCounted {
   enum {
     value = !base::is_convertible<T*, base::subtle::RefCountedBase*>::value &&
         !base::is_convertible<T*, base::subtle::RefCountedThreadSafeBase*>::
             value
   };
 };
 
+template <typename T>
+struct ShouldAbortOnSelfReset {
+  template <typename U>
+  static NoType Test(const typename U::AllowSelfReset*);
+
+  template <typename U>
+  static YesType Test(...);
+
+  static const bool value = sizeof(Test<T>(0)) == sizeof(YesType);
+};
+
 // Minimal implementation of the core logic of scoped_ptr, suitable for
 // reuse in both scoped_ptr and its specializations.
 template <class T, class D>
 class scoped_ptr_impl {
  public:
-  explicit scoped_ptr_impl(T* p) : data_(p) { }
+  explicit scoped_ptr_impl(T* p) : data_(p) {}
 
   // Initializer for deleters that have data parameters.
   scoped_ptr_impl(T* p, const D& d) : data_(p, d) {}
 
   // Templated constructor that destructively takes the value from another
   // scoped_ptr_impl.
   template <typename U, typename V>
   scoped_ptr_impl(scoped_ptr_impl<U, V>* other)
@@ -209,45 +210,45 @@ class scoped_ptr_impl {
   void TakeState(scoped_ptr_impl<U, V>* other) {
     // See comment in templated constructor above regarding lack of support
     // for move-only deleters.
     reset(other->release());
     get_deleter() = other->get_deleter();
   }
 
   ~scoped_ptr_impl() {
-    if (data_.ptr != NULL) {
+    if (data_.ptr != nullptr) {
       // Not using get_deleter() saves one function call in non-optimized
       // builds.
       static_cast<D&>(data_)(data_.ptr);
     }
   }
 
   void reset(T* p) {
-    // This is a self-reset, which is no longer allowed: http://crbug.com/162971
-    if (p != NULL && p == data_.ptr)
-      abort();
+    // This is a self-reset, which is no longer allowed for default deleters:
+    // https://crbug.com/162971
+    assert(!ShouldAbortOnSelfReset<D>::value || p == nullptr || p != data_.ptr);
 
     // Note that running data_.ptr = p can lead to undefined behavior if
     // get_deleter()(get()) deletes this. In order to prevent this, reset()
     // should update the stored pointer before deleting its old value.
     //
     // However, changing reset() to use that behavior may cause current code to
     // break in unexpected ways. If the destruction of the owned object
     // dereferences the scoped_ptr when it is destroyed by a call to reset(),
     // then it will incorrectly dispatch calls to |p| rather than the original
     // value of |data_.ptr|.
     //
-    // During the transition period, set the stored pointer to NULL while
+    // During the transition period, set the stored pointer to nullptr while
     // deleting the object. Eventually, this safety check will be removed to
     // prevent the scenario initially described from occuring and
     // http://crbug.com/176091 can be closed.
     T* old = data_.ptr;
-    data_.ptr = NULL;
-    if (old != NULL)
+    data_.ptr = nullptr;
+    if (old != nullptr)
       static_cast<D&>(data_)(old);
     data_.ptr = p;
   }
 
   T* get() const { return data_.ptr; }
 
   D& get_deleter() { return data_; }
   const D& get_deleter() const { return data_; }
@@ -258,17 +259,17 @@ class scoped_ptr_impl {
     // any more-specific overloads can be used, if available.
     using std::swap;
     swap(static_cast<D&>(data_), static_cast<D&>(p2.data_));
     swap(data_.ptr, p2.data_.ptr);
   }
 
   T* release() {
     T* old_ptr = data_.ptr;
-    data_.ptr = NULL;
+    data_.ptr = nullptr;
     return old_ptr;
   }
 
  private:
   // Needed to allow type-converting constructor.
   template <typename U, typename V> friend class scoped_ptr_impl;
 
   // Use the empty base class optimization to allow us to have a D
@@ -288,97 +289,105 @@ class scoped_ptr_impl {
 
 }  // namespace internal
 
 }  // namespace base
 
 // A scoped_ptr<T> is like a T*, except that the destructor of scoped_ptr<T>
 // automatically deletes the pointer it holds (if any).
 // That is, scoped_ptr<T> owns the T object that it points to.
-// Like a T*, a scoped_ptr<T> may hold either NULL or a pointer to a T object.
-// Also like T*, scoped_ptr<T> is thread-compatible, and once you
+// Like a T*, a scoped_ptr<T> may hold either nullptr or a pointer to a T
+// object. Also like T*, scoped_ptr<T> is thread-compatible, and once you
 // dereference it, you get the thread safety guarantees of T.
 //
 // The size of scoped_ptr is small. On most compilers, when using the
 // DefaultDeleter, sizeof(scoped_ptr<T>) == sizeof(T*). Custom deleters will
 // increase the size proportional to whatever state they need to have. See
 // comments inside scoped_ptr_impl<> for details.
 //
 // Current implementation targets having a strict subset of  C++11's
 // unique_ptr<> features. Known deficiencies include not supporting move-only
 // deleteres, function pointers as deleters, and deleters with reference
 // types.
 template <class T, class D = base::DefaultDeleter<T> >
 class scoped_ptr {
-  MOVE_ONLY_TYPE_FOR_CPP_03(scoped_ptr, RValue)
+  MOVE_ONLY_TYPE_WITH_MOVE_CONSTRUCTOR_FOR_CPP_03(scoped_ptr)
 
   COMPILE_ASSERT(base::internal::IsNotRefCounted<T>::value,
                  T_is_refcounted_type_and_needs_scoped_refptr);
 
  public:
   // The element and deleter types.
   typedef T element_type;
   typedef D deleter_type;
 
-  // Constructor.  Defaults to initializing with NULL.
-  scoped_ptr() : impl_(NULL) { }
+  // Constructor.  Defaults to initializing with nullptr.
+  scoped_ptr() : impl_(nullptr) {}
 
   // Constructor.  Takes ownership of p.
-  explicit scoped_ptr(element_type* p) : impl_(p) { }
+  explicit scoped_ptr(element_type* p) : impl_(p) {}
 
   // Constructor.  Allows initialization of a stateful deleter.
-  scoped_ptr(element_type* p, const D& d) : impl_(p, d) { }
+  scoped_ptr(element_type* p, const D& d) : impl_(p, d) {}
+
+  // Constructor.  Allows construction from a nullptr.
+  scoped_ptr(decltype(nullptr)) : impl_(nullptr) {}
 
   // Constructor.  Allows construction from a scoped_ptr rvalue for a
   // convertible type and deleter.
   //
   // IMPLEMENTATION NOTE: C++11 unique_ptr<> keeps this constructor distinct
   // from the normal move constructor. By C++11 20.7.1.2.1.21, this constructor
   // has different post-conditions if D is a reference type. Since this
   // implementation does not support deleters with reference type,
   // we do not need a separate move constructor allowing us to avoid one
   // use of SFINAE. You only need to care about this if you modify the
   // implementation of scoped_ptr.
   template <typename U, typename V>
-  scoped_ptr(scoped_ptr<U, V> other) : impl_(&other.impl_) {
+  scoped_ptr(scoped_ptr<U, V>&& other)
+      : impl_(&other.impl_) {
     COMPILE_ASSERT(!base::is_array<U>::value, U_cannot_be_an_array);
   }
 
-  // Constructor.  Move constructor for C++03 move emulation of this type.
-  scoped_ptr(RValue rvalue) : impl_(&rvalue.object->impl_) { }
-
   // operator=.  Allows assignment from a scoped_ptr rvalue for a convertible
   // type and deleter.
   //
   // IMPLEMENTATION NOTE: C++11 unique_ptr<> keeps this operator= distinct from
   // the normal move assignment operator. By C++11 20.7.1.2.3.4, this templated
   // form has different requirements on for move-only Deleters. Since this
   // implementation does not support move-only Deleters, we do not need a
   // separate move assignment operator allowing us to avoid one use of SFINAE.
   // You only need to care about this if you modify the implementation of
   // scoped_ptr.
   template <typename U, typename V>
-  scoped_ptr& operator=(scoped_ptr<U, V> rhs) {
+  scoped_ptr& operator=(scoped_ptr<U, V>&& rhs) {
     COMPILE_ASSERT(!base::is_array<U>::value, U_cannot_be_an_array);
     impl_.TakeState(&rhs.impl_);
     return *this;
   }
 
+  // operator=.  Allows assignment from a nullptr. Deletes the currently owned
+  // object, if any.
+  scoped_ptr& operator=(decltype(nullptr)) {
+    reset();
+    return *this;
+  }
+
   // Reset.  Deletes the currently owned object, if any.
   // Then takes ownership of a new object, if given.
-  void reset(element_type* p = NULL) { impl_.reset(p); }
+  void reset(element_type* p = nullptr) { impl_.reset(p); }
 
   // Accessors to get the owned object.
   // operator* and operator-> will assert() if there is no current object.
   element_type& operator*() const {
-    assert(impl_.get() != NULL);
+    assert(impl_.get() != nullptr);
     return *impl_.get();
   }
   element_type* operator->() const  {
-    assert(impl_.get() != NULL);
+    assert(impl_.get() != nullptr);
     return impl_.get();
   }
   element_type* get() const { return impl_.get(); }
 
   // Access to the deleter.
   deleter_type& get_deleter() { return impl_.get_deleter(); }
   const deleter_type& get_deleter() const { return impl_.get_deleter(); }
 
@@ -389,49 +398,39 @@ class scoped_ptr {
   // are declared explicitly, as otherwise "scoped_ptr1 ==
   // scoped_ptr2" will compile but do the wrong thing (i.e., convert
   // to Testable and then do the comparison).
  private:
   typedef base::internal::scoped_ptr_impl<element_type, deleter_type>
       scoped_ptr::*Testable;
 
  public:
-  operator Testable() const { return impl_.get() ? &scoped_ptr::impl_ : NULL; }
+  operator Testable() const {
+    return impl_.get() ? &scoped_ptr::impl_ : nullptr;
+  }
 
   // Comparison operators.
   // These return whether two scoped_ptr refer to the same object, not just to
   // two different but equal objects.
   bool operator==(const element_type* p) const { return impl_.get() == p; }
   bool operator!=(const element_type* p) const { return impl_.get() != p; }
 
   // Swap two scoped pointers.
   void swap(scoped_ptr& p2) {
     impl_.swap(p2.impl_);
   }
 
   // Release a pointer.
-  // The return value is the current pointer held by this object.
-  // If this object holds a NULL pointer, the return value is NULL.
-  // After this operation, this object will hold a NULL pointer,
-  // and will not own the object any more.
+  // The return value is the current pointer held by this object. If this object
+  // holds a nullptr, the return value is nullptr. After this operation, this
+  // object will hold a nullptr, and will not own the object any more.
   element_type* release() WARN_UNUSED_RESULT {
     return impl_.release();
   }
 
-  // C++98 doesn't support functions templates with default parameters which
-  // makes it hard to write a PassAs() that understands converting the deleter
-  // while preserving simple calling semantics.
-  //
-  // Until there is a use case for PassAs() with custom deleters, just ignore
-  // the custom deleter.
-  template <typename PassAsType>
-  scoped_ptr<PassAsType> PassAs() {
-    return scoped_ptr<PassAsType>(Pass());
-  }
-
  private:
   // Needed to reach into |impl_| in the constructor.
   template <typename U, typename V> friend class scoped_ptr;
   base::internal::scoped_ptr_impl<element_type, deleter_type> impl_;
 
   // Forbidden for API compatibility with std::unique_ptr.
   explicit scoped_ptr(int disallow_construction_from_null);
 
@@ -440,93 +439,101 @@ class scoped_ptr {
   // because you should never have the same object owned by two different
   // scoped_ptrs.
   template <class U> bool operator==(scoped_ptr<U> const& p2) const;
   template <class U> bool operator!=(scoped_ptr<U> const& p2) const;
 };
 
 template <class T, class D>
 class scoped_ptr<T[], D> {
-  MOVE_ONLY_TYPE_FOR_CPP_03(scoped_ptr, RValue)
+  MOVE_ONLY_TYPE_WITH_MOVE_CONSTRUCTOR_FOR_CPP_03(scoped_ptr)
 
  public:
   // The element and deleter types.
   typedef T element_type;
   typedef D deleter_type;
 
-  // Constructor.  Defaults to initializing with NULL.
-  scoped_ptr() : impl_(NULL) { }
+  // Constructor.  Defaults to initializing with nullptr.
+  scoped_ptr() : impl_(nullptr) {}
 
   // Constructor. Stores the given array. Note that the argument's type
   // must exactly match T*. In particular:
   // - it cannot be a pointer to a type derived from T, because it is
   //   inherently unsafe in the general case to access an array through a
   //   pointer whose dynamic type does not match its static type (eg., if
   //   T and the derived types had different sizes access would be
   //   incorrectly calculated). Deletion is also always undefined
   //   (C++98 [expr.delete]p3). If you're doing this, fix your code.
-  // - it cannot be NULL, because NULL is an integral expression, not a
-  //   pointer to T. Use the no-argument version instead of explicitly
-  //   passing NULL.
   // - it cannot be const-qualified differently from T per unique_ptr spec
   //   (http://cplusplus.github.com/LWG/lwg-active.html#2118). Users wanting
   //   to work around this may use implicit_cast<const T*>().
   //   However, because of the first bullet in this comment, users MUST
   //   NOT use implicit_cast<Base*>() to upcast the static type of the array.
-  explicit scoped_ptr(element_type* array) : impl_(array) { }
+  explicit scoped_ptr(element_type* array) : impl_(array) {}
+
+  // Constructor.  Allows construction from a nullptr.
+  scoped_ptr(decltype(nullptr)) : impl_(nullptr) {}
+
+  // Constructor.  Allows construction from a scoped_ptr rvalue.
+  scoped_ptr(scoped_ptr&& other) : impl_(&other.impl_) {}
 
-  // Constructor.  Move constructor for C++03 move emulation of this type.
-  scoped_ptr(RValue rvalue) : impl_(&rvalue.object->impl_) { }
+  // operator=.  Allows assignment from a scoped_ptr rvalue.
+  scoped_ptr& operator=(scoped_ptr&& rhs) {
+    impl_.TakeState(&rhs.impl_);
+    return *this;
+  }
 
-  // operator=.  Move operator= for C++03 move emulation of this type.
-  scoped_ptr& operator=(RValue rhs) {
-    impl_.TakeState(&rhs.object->impl_);
+  // operator=.  Allows assignment from a nullptr. Deletes the currently owned
+  // array, if any.
+  scoped_ptr& operator=(decltype(nullptr)) {
+    reset();
     return *this;
   }
 
   // Reset.  Deletes the currently owned array, if any.
   // Then takes ownership of a new object, if given.
-  void reset(element_type* array = NULL) { impl_.reset(array); }
+  void reset(element_type* array = nullptr) { impl_.reset(array); }
 
   // Accessors to get the owned array.
   element_type& operator[](size_t i) const {
-    assert(impl_.get() != NULL);
+    assert(impl_.get() != nullptr);
     return impl_.get()[i];
   }
   element_type* get() const { return impl_.get(); }
 
   // Access to the deleter.
   deleter_type& get_deleter() { return impl_.get_deleter(); }
   const deleter_type& get_deleter() const { return impl_.get_deleter(); }
 
   // Allow scoped_ptr<element_type> to be used in boolean expressions, but not
   // implicitly convertible to a real bool (which is dangerous).
  private:
   typedef base::internal::scoped_ptr_impl<element_type, deleter_type>
       scoped_ptr::*Testable;
 
  public:
-  operator Testable() const { return impl_.get() ? &scoped_ptr::impl_ : NULL; }
+  operator Testable() const {
+    return impl_.get() ? &scoped_ptr::impl_ : nullptr;
+  }
 
   // Comparison operators.
   // These return whether two scoped_ptr refer to the same object, not just to
   // two different but equal objects.
   bool operator==(element_type* array) const { return impl_.get() == array; }
   bool operator!=(element_type* array) const { return impl_.get() != array; }
 
   // Swap two scoped pointers.
   void swap(scoped_ptr& p2) {
     impl_.swap(p2.impl_);
   }
 
   // Release a pointer.
-  // The return value is the current pointer held by this object.
-  // If this object holds a NULL pointer, the return value is NULL.
-  // After this operation, this object will hold a NULL pointer,
-  // and will not own the object any more.
+  // The return value is the current pointer held by this object. If this object
+  // holds a nullptr, the return value is nullptr. After this operation, this
+  // object will hold a nullptr, and will not own the object any more.
   element_type* release() WARN_UNUSED_RESULT {
     return impl_.release();
   }
 
  private:
   // Force element_type to be a complete type.
   enum { type_must_be_complete = sizeof(element_type) };
 
--- a/security/sandbox/chromium/base/memory/weak_ptr.h
+++ b/security/sandbox/chromium/base/memory/weak_ptr.h
@@ -43,27 +43,28 @@
 //
 // With this implementation a caller may use SpawnWorker() to dispatch multiple
 // Workers and subsequently delete the Controller, without waiting for all
 // Workers to have completed.
 
 // ------------------------- IMPORTANT: Thread-safety -------------------------
 
 // Weak pointers may be passed safely between threads, but must always be
-// dereferenced and invalidated on the same thread otherwise checking the
-// pointer would be racey.
+// dereferenced and invalidated on the same SequencedTaskRunner otherwise
+// checking the pointer would be racey.
 //
 // To ensure correct use, the first time a WeakPtr issued by a WeakPtrFactory
 // is dereferenced, the factory and its WeakPtrs become bound to the calling
-// thread, and cannot be dereferenced or invalidated on any other thread. Bound
-// WeakPtrs can still be handed off to other threads, e.g. to use to post tasks
-// back to object on the bound thread.
+// thread or current SequencedWorkerPool token, and cannot be dereferenced or
+// invalidated on any other task runner. Bound WeakPtrs can still be handed
+// off to other task runners, e.g. to use to post tasks back to object on the
+// bound sequence.
 //
-// Invalidating the factory's WeakPtrs un-binds it from the thread, allowing it
-// to be passed for a different thread to use or delete it.
+// Invalidating the factory's WeakPtrs un-binds it from the sequence, allowing
+// it to be passed for a different sequence to use or delete it.
 
 #ifndef BASE_MEMORY_WEAK_PTR_H_
 #define BASE_MEMORY_WEAK_PTR_H_
 
 #include "base/basictypes.h"
 #include "base/base_export.h"
 #include "base/logging.h"
 #include "base/memory/ref_counted.h"
@@ -76,18 +77,18 @@ template <typename T> class SupportsWeak
 template <typename T> class WeakPtr;
 
 namespace internal {
 // These classes are part of the WeakPtr implementation.
 // DO NOT USE THESE CLASSES DIRECTLY YOURSELF.
 
 class BASE_EXPORT WeakReference {
  public:
-  // Although Flag is bound to a specific thread, it may be deleted from another
-  // via base::WeakPtr::~WeakPtr().
+  // Although Flag is bound to a specific SequencedTaskRunner, it may be
+  // deleted from another via base::WeakPtr::~WeakPtr().
   class BASE_EXPORT Flag : public RefCountedThreadSafe<Flag> {
    public:
     Flag();
 
     void Invalidate();
     bool IsValid() const;
 
    private:
--- a/security/sandbox/chromium/base/move.h
+++ b/security/sandbox/chromium/base/move.h
@@ -1,12 +1,14 @@
 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "base/compiler_specific.h"
+
 #ifndef BASE_MOVE_H_
 #define BASE_MOVE_H_
 
 // Macro with the boilerplate that makes a type move-only in C++03.
 //
 // USAGE
 //
 // This macro should be used instead of DISALLOW_COPY_AND_ASSIGN to create
@@ -206,13 +208,22 @@
   struct rvalue_type { \
     explicit rvalue_type(type* object) : object(object) {} \
     type* object; \
   }; \
   type(type&); \
   void operator=(type&); \
  public: \
   operator rvalue_type() { return rvalue_type(this); } \
-  type Pass() { return type(rvalue_type(this)); } \
+  type Pass() WARN_UNUSED_RESULT { return type(rvalue_type(this)); } \
+  typedef void MoveOnlyTypeForCPP03; \
+ private:
+
+#define MOVE_ONLY_TYPE_WITH_MOVE_CONSTRUCTOR_FOR_CPP_03(type) \
+ private: \
+  type(type&); \
+  void operator=(type&); \
+ public: \
+  type&& Pass() WARN_UNUSED_RESULT { return static_cast<type&&>(*this); } \
   typedef void MoveOnlyTypeForCPP03; \
  private:
 
 #endif  // BASE_MOVE_H_
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/numerics/safe_conversions.h
@@ -0,0 +1,64 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef BASE_SAFE_CONVERSIONS_H_
+#define BASE_SAFE_CONVERSIONS_H_
+
+#include <limits>
+
+#include "base/logging.h"
+#include "base/numerics/safe_conversions_impl.h"
+
+namespace base {
+
+// Convenience function that returns true if the supplied value is in range
+// for the destination type.
+template <typename Dst, typename Src>
+inline bool IsValueInRangeForNumericType(Src value) {
+  return internal::DstRangeRelationToSrcRange<Dst>(value) ==
+         internal::RANGE_VALID;
+}
+
+// checked_cast<> is analogous to static_cast<> for numeric types,
+// except that it CHECKs that the specified numeric conversion will not
+// overflow or underflow. NaN source will always trigger a CHECK.
+template <typename Dst, typename Src>
+inline Dst checked_cast(Src value) {
+  CHECK(IsValueInRangeForNumericType<Dst>(value));
+  return static_cast<Dst>(value);
+}
+
+// saturated_cast<> is analogous to static_cast<> for numeric types, except
+// that the specified numeric conversion will saturate rather than overflow or
+// underflow. NaN assignment to an integral will trigger a CHECK condition.
+template <typename Dst, typename Src>
+inline Dst saturated_cast(Src value) {
+  // Optimization for floating point values, which already saturate.
+  if (std::numeric_limits<Dst>::is_iec559)
+    return static_cast<Dst>(value);
+
+  switch (internal::DstRangeRelationToSrcRange<Dst>(value)) {
+    case internal::RANGE_VALID:
+      return static_cast<Dst>(value);
+
+    case internal::RANGE_UNDERFLOW:
+      return std::numeric_limits<Dst>::min();
+
+    case internal::RANGE_OVERFLOW:
+      return std::numeric_limits<Dst>::max();
+
+    // Should fail only on attempting to assign NaN to a saturated integer.
+    case internal::RANGE_INVALID:
+      CHECK(false);
+      return std::numeric_limits<Dst>::max();
+  }
+
+  NOTREACHED();
+  return static_cast<Dst>(value);
+}
+
+}  // namespace base
+
+#endif  // BASE_SAFE_CONVERSIONS_H_
+
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/numerics/safe_conversions_impl.h
@@ -0,0 +1,216 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef BASE_SAFE_CONVERSIONS_IMPL_H_
+#define BASE_SAFE_CONVERSIONS_IMPL_H_
+
+#include <limits>
+
+#include "base/template_util.h"
+
+namespace base {
+namespace internal {
+
+// The std library doesn't provide a binary max_exponent for integers, however
+// we can compute one by adding one to the number of non-sign bits. This allows
+// for accurate range comparisons between floating point and integer types.
+template <typename NumericType>
+struct MaxExponent {
+  static const int value = std::numeric_limits<NumericType>::is_iec559
+                               ? std::numeric_limits<NumericType>::max_exponent
+                               : (sizeof(NumericType) * 8 + 1 -
+                                  std::numeric_limits<NumericType>::is_signed);
+};
+
+enum IntegerRepresentation {
+  INTEGER_REPRESENTATION_UNSIGNED,
+  INTEGER_REPRESENTATION_SIGNED
+};
+
+// A range for a given nunmeric Src type is contained for a given numeric Dst
+// type if both numeric_limits<Src>::max() <= numeric_limits<Dst>::max() and
+// numeric_limits<Src>::min() >= numeric_limits<Dst>::min() are true.
+// We implement this as template specializations rather than simple static
+// comparisons to ensure type correctness in our comparisons.
+enum NumericRangeRepresentation {
+  NUMERIC_RANGE_NOT_CONTAINED,
+  NUMERIC_RANGE_CONTAINED
+};
+
+// Helper templates to statically determine if our destination type can contain
+// maximum and minimum values represented by the source type.
+
+template <
+    typename Dst,
+    typename Src,
+    IntegerRepresentation DstSign = std::numeric_limits<Dst>::is_signed
+                                            ? INTEGER_REPRESENTATION_SIGNED
+                                            : INTEGER_REPRESENTATION_UNSIGNED,
+    IntegerRepresentation SrcSign =
+        std::numeric_limits<Src>::is_signed
+            ? INTEGER_REPRESENTATION_SIGNED
+            : INTEGER_REPRESENTATION_UNSIGNED >
+struct StaticDstRangeRelationToSrcRange;
+
+// Same sign: Dst is guaranteed to contain Src only if its range is equal or
+// larger.
+template <typename Dst, typename Src, IntegerRepresentation Sign>
+struct StaticDstRangeRelationToSrcRange<Dst, Src, Sign, Sign> {
+  static const NumericRangeRepresentation value =
+      MaxExponent<Dst>::value >= MaxExponent<Src>::value
+          ? NUMERIC_RANGE_CONTAINED
+          : NUMERIC_RANGE_NOT_CONTAINED;
+};
+
+// Unsigned to signed: Dst is guaranteed to contain source only if its range is
+// larger.
+template <typename Dst, typename Src>
+struct StaticDstRangeRelationToSrcRange<Dst,
+                                        Src,
+                                        INTEGER_REPRESENTATION_SIGNED,
+                                        INTEGER_REPRESENTATION_UNSIGNED> {
+  static const NumericRangeRepresentation value =
+      MaxExponent<Dst>::value > MaxExponent<Src>::value
+          ? NUMERIC_RANGE_CONTAINED
+          : NUMERIC_RANGE_NOT_CONTAINED;
+};
+
+// Signed to unsigned: Dst cannot be statically determined to contain Src.
+template <typename Dst, typename Src>
+struct StaticDstRangeRelationToSrcRange<Dst,
+                                        Src,
+                                        INTEGER_REPRESENTATION_UNSIGNED,
+                                        INTEGER_REPRESENTATION_SIGNED> {
+  static const NumericRangeRepresentation value = NUMERIC_RANGE_NOT_CONTAINED;
+};
+
+enum RangeConstraint {
+  RANGE_VALID = 0x0,  // Value can be represented by the destination type.
+  RANGE_UNDERFLOW = 0x1,  // Value would overflow.
+  RANGE_OVERFLOW = 0x2,  // Value would underflow.
+  RANGE_INVALID = RANGE_UNDERFLOW | RANGE_OVERFLOW  // Invalid (i.e. NaN).
+};
+
+// Helper function for coercing an int back to a RangeContraint.
+inline RangeConstraint GetRangeConstraint(int integer_range_constraint) {
+  DCHECK(integer_range_constraint >= RANGE_VALID &&
+         integer_range_constraint <= RANGE_INVALID);
+  return static_cast<RangeConstraint>(integer_range_constraint);
+}
+
+// This function creates a RangeConstraint from an upper and lower bound
+// check by taking advantage of the fact that only NaN can be out of range in
+// both directions at once.
+inline RangeConstraint GetRangeConstraint(bool is_in_upper_bound,
+                                   bool is_in_lower_bound) {
+  return GetRangeConstraint((is_in_upper_bound ? 0 : RANGE_OVERFLOW) |
+                            (is_in_lower_bound ? 0 : RANGE_UNDERFLOW));
+}
+
+template <
+    typename Dst,
+    typename Src,
+    IntegerRepresentation DstSign = std::numeric_limits<Dst>::is_signed
+                                            ? INTEGER_REPRESENTATION_SIGNED
+                                            : INTEGER_REPRESENTATION_UNSIGNED,
+    IntegerRepresentation SrcSign = std::numeric_limits<Src>::is_signed
+                                            ? INTEGER_REPRESENTATION_SIGNED
+                                            : INTEGER_REPRESENTATION_UNSIGNED,
+    NumericRangeRepresentation DstRange =
+        StaticDstRangeRelationToSrcRange<Dst, Src>::value >
+struct DstRangeRelationToSrcRangeImpl;
+
+// The following templates are for ranges that must be verified at runtime. We
+// split it into checks based on signedness to avoid confusing casts and
+// compiler warnings on signed an unsigned comparisons.
+
+// Dst range is statically determined to contain Src: Nothing to check.
+template <typename Dst,
+          typename Src,
+          IntegerRepresentation DstSign,
+          IntegerRepresentation SrcSign>
+struct DstRangeRelationToSrcRangeImpl<Dst,
+                                      Src,
+                                      DstSign,
+                                      SrcSign,
+                                      NUMERIC_RANGE_CONTAINED> {
+  static RangeConstraint Check(Src value) { return RANGE_VALID; }
+};
+
+// Signed to signed narrowing: Both the upper and lower boundaries may be
+// exceeded.
+template <typename Dst, typename Src>
+struct DstRangeRelationToSrcRangeImpl<Dst,
+                                      Src,
+                                      INTEGER_REPRESENTATION_SIGNED,
+                                      INTEGER_REPRESENTATION_SIGNED,
+                                      NUMERIC_RANGE_NOT_CONTAINED> {
+  static RangeConstraint Check(Src value) {
+    return std::numeric_limits<Dst>::is_iec559
+               ? GetRangeConstraint(value <= std::numeric_limits<Dst>::max(),
+                                    value >= -std::numeric_limits<Dst>::max())
+               : GetRangeConstraint(value <= std::numeric_limits<Dst>::max(),
+                                    value >= std::numeric_limits<Dst>::min());
+  }
+};
+
+// Unsigned to unsigned narrowing: Only the upper boundary can be exceeded.
+template <typename Dst, typename Src>
+struct DstRangeRelationToSrcRangeImpl<Dst,
+                                      Src,
+                                      INTEGER_REPRESENTATION_UNSIGNED,
+                                      INTEGER_REPRESENTATION_UNSIGNED,
+                                      NUMERIC_RANGE_NOT_CONTAINED> {
+  static RangeConstraint Check(Src value) {
+    return GetRangeConstraint(value <= std::numeric_limits<Dst>::max(), true);
+  }
+};
+
+// Unsigned to signed: The upper boundary may be exceeded.
+template <typename Dst, typename Src>
+struct DstRangeRelationToSrcRangeImpl<Dst,
+                                      Src,
+                                      INTEGER_REPRESENTATION_SIGNED,
+                                      INTEGER_REPRESENTATION_UNSIGNED,
+                                      NUMERIC_RANGE_NOT_CONTAINED> {
+  static RangeConstraint Check(Src value) {
+    return sizeof(Dst) > sizeof(Src)
+               ? RANGE_VALID
+               : GetRangeConstraint(
+                     value <= static_cast<Src>(std::numeric_limits<Dst>::max()),
+                     true);
+  }
+};
+
+// Signed to unsigned: The upper boundary may be exceeded for a narrower Dst,
+// and any negative value exceeds the lower boundary.
+template <typename Dst, typename Src>
+struct DstRangeRelationToSrcRangeImpl<Dst,
+                                      Src,
+                                      INTEGER_REPRESENTATION_UNSIGNED,
+                                      INTEGER_REPRESENTATION_SIGNED,
+                                      NUMERIC_RANGE_NOT_CONTAINED> {
+  static RangeConstraint Check(Src value) {
+    return (MaxExponent<Dst>::value >= MaxExponent<Src>::value)
+               ? GetRangeConstraint(true, value >= static_cast<Src>(0))
+               : GetRangeConstraint(
+                     value <= static_cast<Src>(std::numeric_limits<Dst>::max()),
+                     value >= static_cast<Src>(0));
+  }
+};
+
+template <typename Dst, typename Src>
+inline RangeConstraint DstRangeRelationToSrcRange(Src value) {
+  static_assert(std::numeric_limits<Src>::is_specialized,
+                "Argument must be numeric.");
+  static_assert(std::numeric_limits<Dst>::is_specialized,
+                "Result must be numeric.");
+  return DstRangeRelationToSrcRangeImpl<Dst, Src>::Check(value);
+}
+
+}  // namespace internal
+}  // namespace base
+
+#endif  // BASE_SAFE_CONVERSIONS_IMPL_H_
+
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/os_compat_android.h
@@ -0,0 +1,28 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef BASE_OS_COMPAT_ANDROID_H_
+#define BASE_OS_COMPAT_ANDROID_H_
+
+#include <fcntl.h>
+#include <sys/types.h>
+#include <utime.h>
+
+// Not implemented in Bionic.
+extern "C" int futimes(int fd, const struct timeval tv[2]);
+
+// Not exposed or implemented in Bionic.
+extern "C" char* mkdtemp(char* path);
+
+// Android has no timegm().
+extern "C" time_t timegm(struct tm* const t);
+
+// The lockf() function is not available on Android; we translate to flock().
+#define F_LOCK LOCK_EX
+#define F_ULOCK LOCK_UN
+inline int lockf(int fd, int cmd, off_t ignored_len) {
+  return flock(fd, cmd);
+}
+
+#endif  // BASE_OS_COMPAT_ANDROID_H_
--- a/security/sandbox/chromium/base/posix/eintr_wrapper.h
+++ b/security/sandbox/chromium/base/posix/eintr_wrapper.h
@@ -20,39 +20,39 @@
 
 #if defined(OS_POSIX)
 
 #include <errno.h>
 
 #if defined(NDEBUG)
 
 #define HANDLE_EINTR(x) ({ \
-  typeof(x) eintr_wrapper_result; \
+  decltype(x) eintr_wrapper_result; \
   do { \
     eintr_wrapper_result = (x); \
   } while (eintr_wrapper_result == -1 && errno == EINTR); \
   eintr_wrapper_result; \
 })
 
 #else
 
 #define HANDLE_EINTR(x) ({ \
   int eintr_wrapper_counter = 0; \
-  typeof(x) eintr_wrapper_result; \
+  decltype(x) eintr_wrapper_result; \
   do { \
     eintr_wrapper_result = (x); \
   } while (eintr_wrapper_result == -1 && errno == EINTR && \
            eintr_wrapper_counter++ < 100); \
   eintr_wrapper_result; \
 })
 
 #endif  // NDEBUG
 
 #define IGNORE_EINTR(x) ({ \
-  typeof(x) eintr_wrapper_result; \
+  decltype(x) eintr_wrapper_result; \
   do { \
     eintr_wrapper_result = (x); \
     if (eintr_wrapper_result == -1 && errno == EINTR) { \
       eintr_wrapper_result = 0; \
     } \
   } while (0); \
   eintr_wrapper_result; \
 })
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/safe_strerror_posix.cc
@@ -0,0 +1,119 @@
+// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#if defined(__ANDROID__)
+// Post-L versions of bionic define the GNU-specific strerror_r if _GNU_SOURCE
+// is defined, but the symbol is renamed to __gnu_strerror_r which only exists
+// on those later versions. To preserve ABI compatibility with older versions,
+// undefine _GNU_SOURCE and use the POSIX version.
+#undef _GNU_SOURCE
+#endif
+
+#include "build/build_config.h"
+#include "base/safe_strerror_posix.h"
+
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+
+#define USE_HISTORICAL_STRERRO_R (defined(__GLIBC__) || defined(OS_NACL))
+
+#if USE_HISTORICAL_STRERRO_R && defined(__GNUC__)
+// GCC will complain about the unused second wrap function unless we tell it
+// that we meant for them to be potentially unused, which is exactly what this
+// attribute is for.
+#define POSSIBLY_UNUSED __attribute__((unused))
+#else
+#define POSSIBLY_UNUSED
+#endif
+
+#if USE_HISTORICAL_STRERRO_R
+// glibc has two strerror_r functions: a historical GNU-specific one that
+// returns type char *, and a POSIX.1-2001 compliant one available since 2.3.4
+// that returns int. This wraps the GNU-specific one.
+static void POSSIBLY_UNUSED wrap_posix_strerror_r(
+    char *(*strerror_r_ptr)(int, char *, size_t),
+    int err,
+    char *buf,
+    size_t len) {
+  // GNU version.
+  char *rc = (*strerror_r_ptr)(err, buf, len);
+  if (rc != buf) {
+    // glibc did not use buf and returned a static string instead. Copy it
+    // into buf.
+    buf[0] = '\0';
+    strncat(buf, rc, len - 1);
+  }
+  // The GNU version never fails. Unknown errors get an "unknown error" message.
+  // The result is always null terminated.
+}
+#endif  // USE_HISTORICAL_STRERRO_R
+
+// Wrapper for strerror_r functions that implement the POSIX interface. POSIX
+// does not define the behaviour for some of the edge cases, so we wrap it to
+// guarantee that they are handled. This is compiled on all POSIX platforms, but
+// it will only be used on Linux if the POSIX strerror_r implementation is
+// being used (see below).
+static void POSSIBLY_UNUSED wrap_posix_strerror_r(
+    int (*strerror_r_ptr)(int, char *, size_t),
+    int err,
+    char *buf,
+    size_t len) {
+  int old_errno = errno;
+  // Have to cast since otherwise we get an error if this is the GNU version
+  // (but in such a scenario this function is never called). Sadly we can't use
+  // C++-style casts because the appropriate one is reinterpret_cast but it's
+  // considered illegal to reinterpret_cast a type to itself, so we get an
+  // error in the opposite case.
+  int result = (*strerror_r_ptr)(err, buf, len);
+  if (result == 0) {
+    // POSIX is vague about whether the string will be terminated, although
+    // it indirectly implies that typically ERANGE will be returned, instead
+    // of truncating the string. We play it safe by always terminating the
+    // string explicitly.
+    buf[len - 1] = '\0';
+  } else {
+    // Error. POSIX is vague about whether the return value is itself a system
+    // error code or something else. On Linux currently it is -1 and errno is
+    // set. On BSD-derived systems it is a system error and errno is unchanged.
+    // We try and detect which case it is so as to put as much useful info as
+    // we can into our message.
+    int strerror_error;  // The error encountered in strerror
+    int new_errno = errno;
+    if (new_errno != old_errno) {
+      // errno was changed, so probably the return value is just -1 or something
+      // else that doesn't provide any info, and errno is the error.
+      strerror_error = new_errno;
+    } else {
+      // Either the error from strerror_r was the same as the previous value, or
+      // errno wasn't used. Assume the latter.
+      strerror_error = result;
+    }
+    // snprintf truncates and always null-terminates.
+    snprintf(buf,
+             len,
+             "Error %d while retrieving error %d",
+             strerror_error,
+             err);
+  }
+  errno = old_errno;
+}
+
+void safe_strerror_r(int err, char *buf, size_t len) {
+  if (buf == NULL || len <= 0) {
+    return;
+  }
+  // If using glibc (i.e., Linux), the compiler will automatically select the
+  // appropriate overloaded function based on the function type of strerror_r.
+  // The other one will be elided from the translation unit since both are
+  // static.
+  wrap_posix_strerror_r(&strerror_r, err, buf, len);
+}
+
+std::string safe_strerror(int err) {
+  const int buffer_size = 256;
+  char buf[buffer_size];
+  safe_strerror_r(err, buf, sizeof(buf));
+  return std::string(buf);
+}
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/safe_strerror_posix.h
@@ -0,0 +1,38 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef BASE_SAFE_STRERROR_POSIX_H_
+#define BASE_SAFE_STRERROR_POSIX_H_
+
+#include <string>
+
+#include "base/base_export.h"
+
+// BEFORE using anything from this file, first look at PLOG and friends in
+// logging.h and use them instead if applicable.
+//
+// This file declares safe, portable alternatives to the POSIX strerror()
+// function. strerror() is inherently unsafe in multi-threaded apps and should
+// never be used. Doing so can cause crashes. Additionally, the thread-safe
+// alternative strerror_r varies in semantics across platforms. Use these
+// functions instead.
+
+// Thread-safe strerror function with dependable semantics that never fails.
+// It will write the string form of error "err" to buffer buf of length len.
+// If there is an error calling the OS's strerror_r() function then a message to
+// that effect will be printed into buf, truncating if necessary. The final
+// result is always null-terminated. The value of errno is never changed.
+//
+// Use this instead of strerror_r().
+BASE_EXPORT void safe_strerror_r(int err, char *buf, size_t len);
+
+// Calls safe_strerror_r with a buffer of suitable size and returns the result
+// in a C++ string.
+//
+// Use this instead of strerror(). Note though that safe_strerror_r will be
+// more robust in the case of heap corruption errors, since it doesn't need to
+// allocate a string.
+BASE_EXPORT std::string safe_strerror(int err);
+
+#endif  // BASE_SAFE_STRERROR_POSIX_H_
--- a/security/sandbox/chromium/base/sequenced_task_runner.h
+++ b/security/sandbox/chromium/base/sequenced_task_runner.h
@@ -134,17 +134,17 @@ class BASE_EXPORT SequencedTaskRunner : 
   bool ReleaseSoon(const tracked_objects::Location& from_here,
                    T* object) {
     return
         subtle::ReleaseHelperInternal<T, bool>::ReleaseViaSequencedTaskRunner(
             this, from_here, object);
   }
 
  protected:
-  virtual ~SequencedTaskRunner() {}
+  ~SequencedTaskRunner() override {}
 
  private:
   template <class T, class R> friend class subtle::DeleteHelperInternal;
   template <class T, class R> friend class subtle::ReleaseHelperInternal;
 
   bool DeleteSoonInternal(const tracked_objects::Location& from_here,
                           void(*deleter)(const void*),
                           const void* object);
--- a/security/sandbox/chromium/base/sequenced_task_runner_helpers.h
+++ b/security/sandbox/chromium/base/sequenced_task_runner_helpers.h
@@ -1,16 +1,17 @@
 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef BASE_SEQUENCED_TASK_RUNNER_HELPERS_H_
 #define BASE_SEQUENCED_TASK_RUNNER_HELPERS_H_
 
 #include "base/basictypes.h"
+#include "base/debug/alias.h"
 
 // TODO(akalin): Investigate whether it's possible to just have
 // SequencedTaskRunner use these helpers (instead of MessageLoop).
 // Then we can just move these to sequenced_task_runner.h.
 
 namespace tracked_objects {
 class Location;
 }
--- a/security/sandbox/chromium/base/single_thread_task_runner.h
+++ b/security/sandbox/chromium/base/single_thread_task_runner.h
@@ -24,14 +24,14 @@ namespace base {
 class BASE_EXPORT SingleThreadTaskRunner : public SequencedTaskRunner {
  public:
   // A more explicit alias to RunsTasksOnCurrentThread().
   bool BelongsToCurrentThread() const {
     return RunsTasksOnCurrentThread();
   }
 
  protected:
-  virtual ~SingleThreadTaskRunner() {}
+  ~SingleThreadTaskRunner() override {}
 };
 
 }  // namespace base
 
 #endif  // BASE_SINGLE_THREAD_TASK_RUNNER_H_
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/strings/string16.cc
@@ -0,0 +1,82 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/strings/string16.h"
+
+#if defined(WCHAR_T_IS_UTF16)
+
+#error This file should not be used on 2-byte wchar_t systems
+// If this winds up being needed on 2-byte wchar_t systems, either the
+// definitions below can be used, or the host system's wide character
+// functions like wmemcmp can be wrapped.
+
+#elif defined(WCHAR_T_IS_UTF32)
+
+#include <ostream>
+
+#include "base/strings/utf_string_conversions.h"
+
+namespace base {
+
+int c16memcmp(const char16* s1, const char16* s2, size_t n) {
+  // We cannot call memcmp because that changes the semantics.
+  while (n-- > 0) {
+    if (*s1 != *s2) {
+      // We cannot use (*s1 - *s2) because char16 is unsigned.
+      return ((*s1 < *s2) ? -1 : 1);
+    }
+    ++s1;
+    ++s2;
+  }
+  return 0;
+}
+
+size_t c16len(const char16* s) {
+  const char16 *s_orig = s;
+  while (*s) {
+    ++s;
+  }
+  return s - s_orig;
+}
+
+const char16* c16memchr(const char16* s, char16 c, size_t n) {
+  while (n-- > 0) {
+    if (*s == c) {
+      return s;
+    }
+    ++s;
+  }
+  return 0;
+}
+
+char16* c16memmove(char16* s1, const char16* s2, size_t n) {
+  return static_cast<char16*>(memmove(s1, s2, n * sizeof(char16)));
+}
+
+char16* c16memcpy(char16* s1, const char16* s2, size_t n) {
+  return static_cast<char16*>(memcpy(s1, s2, n * sizeof(char16)));
+}
+
+char16* c16memset(char16* s, char16 c, size_t n) {
+  char16 *s_orig = s;
+  while (n-- > 0) {
+    *s = c;
+    ++s;
+  }
+  return s_orig;
+}
+
+std::ostream& operator<<(std::ostream& out, const string16& str) {
+  return out << UTF16ToUTF8(str);
+}
+
+void PrintTo(const string16& str, std::ostream* out) {
+  *out << str;
+}
+
+}  // namespace base
+
+template class std::basic_string<base::char16, base::string16_char_traits>;
+
+#endif  // WCHAR_T_IS_UTF32
--- a/security/sandbox/chromium/base/strings/string_number_conversions.cc
+++ b/security/sandbox/chromium/base/strings/string_number_conversions.cc
@@ -98,17 +98,17 @@ struct IntToStringT {
 template<typename CHAR, int BASE, bool BASE_LTE_10> class BaseCharToDigit {
 };
 
 // Faster specialization for bases <= 10
 template<typename CHAR, int BASE> class BaseCharToDigit<CHAR, BASE, true> {
  public:
   static bool Convert(CHAR c, uint8* digit) {
     if (c >= '0' && c < '0' + BASE) {
-      *digit = c - '0';
+      *digit = static_cast<uint8>(c - '0');
       return true;
     }
     return false;
   }
 };
 
 // Specialization for bases where 10 < base <= 36
 template<typename CHAR, int BASE> class BaseCharToDigit<CHAR, BASE, false> {
--- a/security/sandbox/chromium/base/strings/string_piece.h
+++ b/security/sandbox/chromium/base/strings/string_piece.h
@@ -32,16 +32,17 @@
 
 #include <iosfwd>
 #include <string>
 
 #include "base/base_export.h"
 #include "base/basictypes.h"
 #include "base/containers/hash_tables.h"
 #include "base/strings/string16.h"
+#include "mozilla/Attributes.h"
 
 namespace base {
 
 template <typename STRING_TYPE> class BasicStringPiece;
 typedef BasicStringPiece<std::string> StringPiece;
 typedef BasicStringPiece<string16> StringPiece16;
 
 // internal --------------------------------------------------------------------
@@ -173,20 +174,20 @@ template <typename STRING_TYPE> class Ba
 
   static const size_type npos;
 
  public:
   // We provide non-explicit singleton constructors so users can pass
   // in a "const char*" or a "string" wherever a "StringPiece" is
   // expected (likewise for char16, string16, StringPiece16).
   BasicStringPiece() : ptr_(NULL), length_(0) {}
-  BasicStringPiece(const value_type* str)
+  MOZ_IMPLICIT BasicStringPiece(const value_type* str)
       : ptr_(str),
         length_((str == NULL) ? 0 : STRING_TYPE::traits_type::length(str)) {}
-  BasicStringPiece(const STRING_TYPE& str)
+  MOZ_IMPLICIT BasicStringPiece(const STRING_TYPE& str)
       : ptr_(str.data()), length_(str.size()) {}
   BasicStringPiece(const value_type* offset, size_type len)
       : ptr_(offset), length_(len) {}
   BasicStringPiece(const typename STRING_TYPE::const_iterator& begin,
                     const typename STRING_TYPE::const_iterator& end)
       : ptr_((end > begin) ? &(*begin) : NULL),
         length_((end > begin) ? (size_type)(end - begin) : 0) {}
 
@@ -434,37 +435,25 @@ BASE_EXPORT std::ostream& operator<<(std
 #define HASH_STRING_PIECE(StringPieceType, string_piece)                \
   std::size_t result = 0;                                               \
   for (StringPieceType::const_iterator i = string_piece.begin();        \
        i != string_piece.end(); ++i)                                    \
     result = (result * 131) + *i;                                       \
   return result;                                                        \
 
 namespace BASE_HASH_NAMESPACE {
-#if defined(COMPILER_GCC)
 
 template<>
 struct hash<base::StringPiece> {
   std::size_t operator()(const base::StringPiece& sp) const {
     HASH_STRING_PIECE(base::StringPiece, sp);
   }
 };
 template<>
 struct hash<base::StringPiece16> {
   std::size_t operator()(const base::StringPiece16& sp16) const {
     HASH_STRING_PIECE(base::StringPiece16, sp16);
   }
 };
 
-#elif defined(COMPILER_MSVC)
-
-inline size_t hash_value(const base::StringPiece& sp) {
-  HASH_STRING_PIECE(base::StringPiece, sp);
-}
-inline size_t hash_value(const base::StringPiece16& sp16) {
-  HASH_STRING_PIECE(base::StringPiece16, sp16);
-}
-
-#endif  // COMPILER
-
 }  // namespace BASE_HASH_NAMESPACE
 
 #endif  // BASE_STRINGS_STRING_PIECE_H_
--- a/security/sandbox/chromium/base/strings/string_util.cc
+++ b/security/sandbox/chromium/base/strings/string_util.cc
@@ -59,16 +59,52 @@ struct ReplacementOffset {
   size_t offset;
 };
 
 static bool CompareParameter(const ReplacementOffset& elem1,
                              const ReplacementOffset& elem2) {
   return elem1.parameter < elem2.parameter;
 }
 
+// Assuming that a pointer is the size of a "machine word", then
+// uintptr_t is an integer type that is also a machine word.
+typedef uintptr_t MachineWord;
+const uintptr_t kMachineWordAlignmentMask = sizeof(MachineWord) - 1;
+
+inline bool IsAlignedToMachineWord(const void* pointer) {
+  return !(reinterpret_cast<MachineWord>(pointer) & kMachineWordAlignmentMask);
+}
+
+template<typename T> inline T* AlignToMachineWord(T* pointer) {
+  return reinterpret_cast<T*>(reinterpret_cast<MachineWord>(pointer) &
+                              ~kMachineWordAlignmentMask);
+}
+
+template<size_t size, typename CharacterType> struct NonASCIIMask;
+template<> struct NonASCIIMask<4, base::char16> {
+    static inline uint32_t value() { return 0xFF80FF80U; }
+};
+template<> struct NonASCIIMask<4, char> {
+    static inline uint32_t value() { return 0x80808080U; }
+};
+template<> struct NonASCIIMask<8, base::char16> {
+    static inline uint64_t value() { return 0xFF80FF80FF80FF80ULL; }
+};
+template<> struct NonASCIIMask<8, char> {
+    static inline uint64_t value() { return 0x8080808080808080ULL; }
+};
+#if defined(WCHAR_T_IS_UTF32)
+template<> struct NonASCIIMask<4, wchar_t> {
+    static inline uint32_t value() { return 0xFFFFFF80U; }
+};
+template<> struct NonASCIIMask<8, wchar_t> {
+    static inline uint64_t value() { return 0xFFFFFF80FFFFFF80ULL; }
+};
+#endif  // WCHAR_T_IS_UTF32
+
 }  // namespace
 
 namespace base {
 
 bool IsWprintfFormatPortable(const wchar_t* format) {
   for (const wchar_t* position = format; *position != '\0'; ++position) {
     if (*position == '%') {
       bool in_specification = true;
@@ -317,34 +353,64 @@ bool ContainsOnlyChars(const StringPiece
   return input.find_first_not_of(characters) == StringPiece::npos;
 }
 
 bool ContainsOnlyChars(const StringPiece16& input,
                        const StringPiece16& characters) {
   return input.find_first_not_of(characters) == StringPiece16::npos;
 }
 
-template<class STR>
-static bool DoIsStringASCII(const STR& str) {
-  for (size_t i = 0; i < str.length(); i++) {
-    typename ToUnsigned<typename STR::value_type>::Unsigned c = str[i];
-    if (c > 0x7F)
-      return false;
+template <class Char>
+inline bool DoIsStringASCII(const Char* characters, size_t length) {
+  MachineWord all_char_bits = 0;
+  const Char* end = characters + length;
+
+  // Prologue: align the input.
+  while (!IsAlignedToMachineWord(characters) && characters != end) {
+    all_char_bits |= *characters;
+    ++characters;
   }
-  return true;
+
+  // Compare the values of CPU word size.
+  const Char* word_end = AlignToMachineWord(end);
+  const size_t loop_increment = sizeof(MachineWord) / sizeof(Char);
+  while (characters < word_end) {
+    all_char_bits |= *(reinterpret_cast<const MachineWord*>(characters));
+    characters += loop_increment;
+  }
+
+  // Process the remaining bytes.
+  while (characters != end) {
+    all_char_bits |= *characters;
+    ++characters;
+  }
+
+  MachineWord non_ascii_bit_mask =
+      NonASCIIMask<sizeof(MachineWord), Char>::value();
+  return !(all_char_bits & non_ascii_bit_mask);
 }
 
 bool IsStringASCII(const StringPiece& str) {
-  return DoIsStringASCII(str);
+  return DoIsStringASCII(str.data(), str.length());
+}
+
+bool IsStringASCII(const StringPiece16& str) {
+  return DoIsStringASCII(str.data(), str.length());
 }
 
 bool IsStringASCII(const string16& str) {
-  return DoIsStringASCII(str);
+  return DoIsStringASCII(str.data(), str.length());
 }
 
+#if defined(WCHAR_T_IS_UTF32)
+bool IsStringASCII(const std::wstring& str) {
+  return DoIsStringASCII(str.data(), str.length());
+}
+#endif
+
 bool IsStringUTF8(const std::string& str) {
   const char *src = str.data();
   int32 src_len = static_cast<int32>(str.length());
   int32 char_index = 0;
 
   while (char_index < src_len) {
     int32 code_point;
     CBU8_NEXT(src, char_index, src_len, code_point);
--- a/security/sandbox/chromium/base/strings/string_util.h
+++ b/security/sandbox/chromium/base/strings/string_util.h
@@ -240,46 +240,55 @@ BASE_EXPORT bool ContainsOnlyChars(const
 // representation looks like a UTF-8 string (the second case).
 //
 // Note that IsStringUTF8 checks not only if the input is structurally
 // valid but also if it doesn't contain any non-character codepoint
 // (e.g. U+FFFE). It's done on purpose because all the existing callers want
 // to have the maximum 'discriminating' power from other encodings. If
 // there's a use case for just checking the structural validity, we have to
 // add a new function for that.
+//
+// IsStringASCII assumes the input is likely all ASCII, and does not leave early
+// if it is not the case.
 BASE_EXPORT bool IsStringUTF8(const std::string& str);
 BASE_EXPORT bool IsStringASCII(const StringPiece& str);
+BASE_EXPORT bool IsStringASCII(const StringPiece16& str);
+// A convenience adaptor for WebStrings, as they don't convert into
+// StringPieces directly.
 BASE_EXPORT bool IsStringASCII(const string16& str);
+#if defined(WCHAR_T_IS_UTF32)
+BASE_EXPORT bool IsStringASCII(const std::wstring& str);
+#endif
+
+// Converts the elements of the given string.  This version uses a pointer to
+// clearly differentiate it from the non-pointer variant.
+template <class str> inline void StringToLowerASCII(str* s) {
+  for (typename str::iterator i = s->begin(); i != s->end(); ++i)
+    *i = ToLowerASCII(*i);
+}
+
+template <class str> inline str StringToLowerASCII(const str& s) {
+  // for std::string and std::wstring
+  str output(s);
+  StringToLowerASCII(&output);
+  return output;
+}
 
 }  // namespace base
 
 #if defined(OS_WIN)
 #include "base/strings/string_util_win.h"
 #elif defined(OS_POSIX)
 #include "base/strings/string_util_posix.h"
 #else
 #error Define string operations appropriately for your platform
 #endif
 
 // Converts the elements of the given string.  This version uses a pointer to
 // clearly differentiate it from the non-pointer variant.
-template <class str> inline void StringToLowerASCII(str* s) {
-  for (typename str::iterator i = s->begin(); i != s->end(); ++i)
-    *i = base::ToLowerASCII(*i);
-}
-
-template <class str> inline str StringToLowerASCII(const str& s) {
-  // for std::string and std::wstring
-  str output(s);
-  StringToLowerASCII(&output);
-  return output;
-}
-
-// Converts the elements of the given string.  This version uses a pointer to
-// clearly differentiate it from the non-pointer variant.
 template <class str> inline void StringToUpperASCII(str* s) {
   for (typename str::iterator i = s->begin(); i != s->end(); ++i)
     *i = base::ToUpperASCII(*i);
 }
 
 template <class str> inline str StringToUpperASCII(const str& s) {
   // for std::string and std::wstring
   str output(s);
@@ -347,24 +356,24 @@ inline bool IsAsciiDigit(Char c) {
 template <typename Char>
 inline bool IsHexDigit(Char c) {
   return (c >= '0' && c <= '9') ||
          (c >= 'A' && c <= 'F') ||
          (c >= 'a' && c <= 'f');
 }
 
 template <typename Char>
-inline Char HexDigitToInt(Char c) {
+inline char HexDigitToInt(Char c) {
   DCHECK(IsHexDigit(c));
   if (c >= '0' && c <= '9')
-    return c - '0';
+    return static_cast<char>(c - '0');
   if (c >= 'A' && c <= 'F')
-    return c - 'A' + 10;
+    return static_cast<char>(c - 'A' + 10);
   if (c >= 'a' && c <= 'f')
-    return c - 'a' + 10;
+    return static_cast<char>(c - 'a' + 10);
   return 0;
 }
 
 // Returns true if it's a whitespace character.
 inline bool IsWhitespace(wchar_t c) {
   return wcschr(base::kWhitespaceWide, c) != NULL;
 }
 
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/strings/string_util_posix.h
@@ -0,0 +1,52 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef BASE_STRINGS_STRING_UTIL_POSIX_H_
+#define BASE_STRINGS_STRING_UTIL_POSIX_H_
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <wchar.h>
+
+#include "base/logging.h"
+
+namespace base {
+
+// Chromium code style is to not use malloc'd strings; this is only for use
+// for interaction with APIs that require it.
+inline char* strdup(const char* str) {
+  return ::strdup(str);
+}
+
+inline int strcasecmp(const char* string1, const char* string2) {
+  return ::strcasecmp(string1, string2);
+}
+
+inline int strncasecmp(const char* string1, const char* string2, size_t count) {
+  return ::strncasecmp(string1, string2, count);
+}
+
+inline int vsnprintf(char* buffer, size_t size,
+                     const char* format, va_list arguments) {
+  return ::vsnprintf(buffer, size, format, arguments);
+}
+
+inline int strncmp16(const char16* s1, const char16* s2, size_t count) {
+#if defined(WCHAR_T_IS_UTF16)
+  return ::wcsncmp(s1, s2, count);
+#elif defined(WCHAR_T_IS_UTF32)
+  return c16memcmp(s1, s2, count);
+#endif
+}
+
+inline int vswprintf(wchar_t* buffer, size_t size,
+                     const wchar_t* format, va_list arguments) {
+  DCHECK(IsWprintfFormatPortable(format));
+  return ::vswprintf(buffer, size, format, arguments);
+}
+
+}  // namespace base
+
+#endif  // BASE_STRINGS_STRING_UTIL_POSIX_H_
--- a/security/sandbox/chromium/base/strings/stringprintf.h
+++ b/security/sandbox/chromium/base/strings/stringprintf.h
@@ -11,26 +11,26 @@
 
 #include "base/base_export.h"
 #include "base/compiler_specific.h"
 
 namespace base {
 
 // Return a C++ string given printf-like input.
 BASE_EXPORT std::string StringPrintf(const char* format, ...)
-    PRINTF_FORMAT(1, 2);
+    PRINTF_FORMAT(1, 2) WARN_UNUSED_RESULT;
 // OS_ANDROID's libc does not support wchar_t, so several overloads are omitted.
 #if !defined(OS_ANDROID)
 BASE_EXPORT std::wstring StringPrintf(const wchar_t* format, ...)
-    WPRINTF_FORMAT(1, 2);
+    WPRINTF_FORMAT(1, 2) WARN_UNUSED_RESULT;
 #endif
 
 // Return a C++ string given vprintf-like input.
 BASE_EXPORT std::string StringPrintV(const char* format, va_list ap)
-    PRINTF_FORMAT(1, 0);
+    PRINTF_FORMAT(1, 0) WARN_UNUSED_RESULT;
 
 // Store result into a supplied string and return it.
 BASE_EXPORT const std::string& SStringPrintf(std::string* dst,
                                              const char* format, ...)
     PRINTF_FORMAT(2, 3);
 #if !defined(OS_ANDROID)
 BASE_EXPORT const std::wstring& SStringPrintf(std::wstring* dst,
                                               const wchar_t* format, ...)
--- a/security/sandbox/chromium/base/strings/utf_string_conversion_utils.cc
+++ b/security/sandbox/chromium/base/strings/utf_string_conversion_utils.cc
@@ -66,17 +66,17 @@ bool ReadUnicodeCharacter(const wchar_t*
 }
 #endif  // defined(WCHAR_T_IS_UTF32)
 
 // WriteUnicodeCharacter -------------------------------------------------------
 
 size_t WriteUnicodeCharacter(uint32 code_point, std::string* output) {
   if (code_point <= 0x7f) {
     // Fast path the common case of one byte.
-    output->push_back(code_point);
+    output->push_back(static_cast<char>(code_point));
     return 1;
   }
 
 
   // CBU8_APPEND_UNSAFE can append up to 4 bytes.
   size_t char_offset = output->length();
   size_t original_char_offset = char_offset;
   output->resize(char_offset + CBU8_MAX_LENGTH);
--- a/security/sandbox/chromium/base/strings/utf_string_conversions.cc
+++ b/security/sandbox/chromium/base/strings/utf_string_conversions.cc
@@ -38,36 +38,54 @@ bool ConvertUnicode(const SRC_CHAR* src,
   return success;
 }
 
 }  // namespace
 
 // UTF-8 <-> Wide --------------------------------------------------------------
 
 bool WideToUTF8(const wchar_t* src, size_t src_len, std::string* output) {
-  PrepareForUTF8Output(src, src_len, output);
-  return ConvertUnicode(src, src_len, output);
+  if (IsStringASCII(std::wstring(src, src_len))) {
+    output->assign(src, src + src_len);
+    return true;
+  } else {
+    PrepareForUTF8Output(src, src_len, output);
+    return ConvertUnicode(src, src_len, output);
+  }
 }
 
 std::string WideToUTF8(const std::wstring& wide) {
+  if (IsStringASCII(wide)) {
+    return std::string(wide.data(), wide.data() + wide.length());
+  }
+
   std::string ret;
-  // Ignore the success flag of this call, it will do the best it can for
-  // invalid input, which is what we want here.
-  WideToUTF8(wide.data(), wide.length(), &ret);
+  PrepareForUTF8Output(wide.data(), wide.length(), &ret);
+  ConvertUnicode(wide.data(), wide.length(), &ret);
   return ret;
 }
 
 bool UTF8ToWide(const char* src, size_t src_len, std::wstring* output) {
-  PrepareForUTF16Or32Output(src, src_len, output);
-  return ConvertUnicode(src, src_len, output);
+  if (IsStringASCII(StringPiece(src, src_len))) {
+    output->assign(src, src + src_len);
+    return true;
+  } else {
+    PrepareForUTF16Or32Output(src, src_len, output);
+    return ConvertUnicode(src, src_len, output);
+  }
 }
 
 std::wstring UTF8ToWide(const StringPiece& utf8) {
+  if (IsStringASCII(utf8)) {
+    return std::wstring(utf8.begin(), utf8.end());
+  }
+
   std::wstring ret;
-  UTF8ToWide(utf8.data(), utf8.length(), &ret);
+  PrepareForUTF16Or32Output(utf8.data(), utf8.length(), &ret);
+  ConvertUnicode(utf8.data(), utf8.length(), &ret);
   return ret;
 }
 
 // UTF-16 <-> Wide -------------------------------------------------------------
 
 #if defined(WCHAR_T_IS_UTF16)
 
 // When wide == UTF-16, then conversions are a NOP.
@@ -121,34 +139,53 @@ std::wstring UTF16ToWide(const string16&
 
 #endif  // defined(WCHAR_T_IS_UTF32)
 
 // UTF16 <-> UTF8 --------------------------------------------------------------
 
 #if defined(WCHAR_T_IS_UTF32)
 
 bool UTF8ToUTF16(const char* src, size_t src_len, string16* output) {
-  PrepareForUTF16Or32Output(src, src_len, output);
-  return ConvertUnicode(src, src_len, output);
+  if (IsStringASCII(StringPiece(src, src_len))) {
+    output->assign(src, src + src_len);
+    return true;
+  } else {
+    PrepareForUTF16Or32Output(src, src_len, output);
+    return ConvertUnicode(src, src_len, output);
+  }
 }
 
 string16 UTF8ToUTF16(const StringPiece& utf8) {
+  if (IsStringASCII(utf8)) {
+    return string16(utf8.begin(), utf8.end());
+  }
+
   string16 ret;
+  PrepareForUTF16Or32Output(utf8.data(), utf8.length(), &ret);
   // Ignore the success flag of this call, it will do the best it can for
   // invalid input, which is what we want here.
-  UTF8ToUTF16(utf8.data(), utf8.length(), &ret);
+  ConvertUnicode(utf8.data(), utf8.length(), &ret);
   return ret;
 }
 
 bool UTF16ToUTF8(const char16* src, size_t src_len, std::string* output) {
-  PrepareForUTF8Output(src, src_len, output);
-  return ConvertUnicode(src, src_len, output);
+  if (IsStringASCII(StringPiece16(src, src_len))) {
+    output->assign(src, src + src_len);
+    return true;
+  } else {
+    PrepareForUTF8Output(src, src_len, output);
+    return ConvertUnicode(src, src_len, output);
+  }
 }
 
 std::string UTF16ToUTF8(const string16& utf16) {
+  if (IsStringASCII(utf16)) {
+    return std::string(utf16.begin(), utf16.end());
+  }
+
   std::string ret;
   // Ignore the success flag of this call, it will do the best it can for
   // invalid input, which is what we want here.
   UTF16ToUTF8(utf16.data(), utf16.length(), &ret);
   return ret;
 }
 
 #elif defined(WCHAR_T_IS_UTF16)
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/synchronization/condition_variable.h
@@ -0,0 +1,118 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// ConditionVariable wraps pthreads condition variable synchronization or, on
+// Windows, simulates it.  This functionality is very helpful for having
+// several threads wait for an event, as is common with a thread pool managed
+// by a master.  The meaning of such an event in the (worker) thread pool
+// scenario is that additional tasks are now available for processing.  It is
+// used in Chrome in the DNS prefetching system to notify worker threads that
+// a queue now has items (tasks) which need to be tended to.  A related use
+// would have a pool manager waiting on a ConditionVariable, waiting for a
+// thread in the pool to announce (signal) that there is now more room in a
+// (bounded size) communications queue for the manager to deposit tasks, or,
+// as a second example, that the queue of tasks is completely empty and all
+// workers are waiting.
+//
+// USAGE NOTE 1: spurious signal events are possible with this and
+// most implementations of condition variables.  As a result, be
+// *sure* to retest your condition before proceeding.  The following
+// is a good example of doing this correctly:
+//
+// while (!work_to_be_done()) Wait(...);
+//
+// In contrast do NOT do the following:
+//
+// if (!work_to_be_done()) Wait(...);  // Don't do this.
+//
+// Especially avoid the above if you are relying on some other thread only
+// issuing a signal up *if* there is work-to-do.  There can/will
+// be spurious signals.  Recheck state on waiting thread before
+// assuming the signal was intentional. Caveat caller ;-).
+//
+// USAGE NOTE 2: Broadcast() frees up all waiting threads at once,
+// which leads to contention for the locks they all held when they
+// called Wait().  This results in POOR performance.  A much better
+// approach to getting a lot of threads out of Wait() is to have each
+// thread (upon exiting Wait()) call Signal() to free up another
+// Wait'ing thread.  Look at condition_variable_unittest.cc for
+// both examples.
+//
+// Broadcast() can be used nicely during teardown, as it gets the job
+// done, and leaves no sleeping threads... and performance is less
+// critical at that point.
+//
+// The semantics of Broadcast() are carefully crafted so that *all*
+// threads that were waiting when the request was made will indeed
+// get signaled.  Some implementations mess up, and don't signal them
+// all, while others allow the wait to be effectively turned off (for
+// a while while waiting threads come around).  This implementation
+// appears correct, as it will not "lose" any signals, and will guarantee
+// that all threads get signaled by Broadcast().
+//
+// This implementation offers support for "performance" in its selection of
+// which thread to revive.  Performance, in direct contrast with "fairness,"
+// assures that the thread that most recently began to Wait() is selected by
+// Signal to revive.  Fairness would (if publicly supported) assure that the
+// thread that has Wait()ed the longest is selected. The default policy
+// may improve performance, as the selected thread may have a greater chance of
+// having some of its stack data in various CPU caches.
+//
+// For a discussion of the many very subtle implementation details, see the FAQ
+// at the end of condition_variable_win.cc.
+
+#ifndef BASE_SYNCHRONIZATION_CONDITION_VARIABLE_H_
+#define BASE_SYNCHRONIZATION_CONDITION_VARIABLE_H_
+
+#include "build/build_config.h"
+
+#if defined(OS_POSIX)
+#include <pthread.h>
+#endif
+
+#include "base/base_export.h"
+#include "base/basictypes.h"
+#include "base/synchronization/lock.h"
+
+namespace base {
+
+class ConditionVarImpl;
+class TimeDelta;
+
+class BASE_EXPORT ConditionVariable {
+ public:
+  // Construct a cv for use with ONLY one user lock.
+  explicit ConditionVariable(Lock* user_lock);
+
+  ~ConditionVariable();
+
+  // Wait() releases the caller's critical section atomically as it starts to
+  // sleep, and the reacquires it when it is signaled.
+  void Wait();
+  void TimedWait(const TimeDelta& max_time);
+
+  // Broadcast() revives all waiting threads.
+  void Broadcast();
+  // Signal() revives one waiting thread.
+  void Signal();
+
+ private:
+
+#if defined(OS_WIN)
+  ConditionVarImpl* impl_;
+#elif defined(OS_POSIX)
+  pthread_cond_t condition_;
+  pthread_mutex_t* user_mutex_;
+#if !defined(NDEBUG) || defined(DCHECK_ALWAYS_ON)
+  base::Lock* user_lock_;     // Needed to adjust shadow lock state on wait.
+#endif
+
+#endif
+
+  DISALLOW_COPY_AND_ASSIGN(ConditionVariable);
+};
+
+}  // namespace base
+
+#endif  // BASE_SYNCHRONIZATION_CONDITION_VARIABLE_H_
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/synchronization/condition_variable_posix.cc
@@ -0,0 +1,122 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/synchronization/condition_variable.h"
+
+#include <errno.h>
+#include <sys/time.h>
+
+#include "base/logging.h"
+#include "base/synchronization/lock.h"
+#include "base/threading/thread_restrictions.h"
+#include "base/time/time.h"
+
+namespace base {
+
+ConditionVariable::ConditionVariable(Lock* user_lock)
+    : user_mutex_(user_lock->lock_.native_handle())
+#if !defined(NDEBUG) || defined(DCHECK_ALWAYS_ON)
+    , user_lock_(user_lock)
+#endif
+{
+  int rv = 0;
+  // http://crbug.com/293736
+  // NaCl doesn't support monotonic clock based absolute deadlines.
+  // On older Android platform versions, it's supported through the
+  // non-standard pthread_cond_timedwait_monotonic_np. Newer platform
+  // versions have pthread_condattr_setclock.
+  // Mac can use relative time deadlines.
+#if !defined(OS_MACOSX) && !defined(OS_NACL) && \
+      !(defined(OS_ANDROID) && defined(HAVE_PTHREAD_COND_TIMEDWAIT_MONOTONIC))
+  pthread_condattr_t attrs;
+  rv = pthread_condattr_init(&attrs);
+  DCHECK_EQ(0, rv);
+  pthread_condattr_setclock(&attrs, CLOCK_MONOTONIC);
+  rv = pthread_cond_init(&condition_, &attrs);
+  pthread_condattr_destroy(&attrs);
+#else
+  rv = pthread_cond_init(&condition_, NULL);
+#endif
+  DCHECK_EQ(0, rv);
+}
+
+ConditionVariable::~ConditionVariable() {
+  int rv = pthread_cond_destroy(&condition_);
+  DCHECK_EQ(0, rv);
+}
+
+void ConditionVariable::Wait() {
+  base::ThreadRestrictions::AssertWaitAllowed();
+#if !defined(NDEBUG) || defined(DCHECK_ALWAYS_ON)
+  user_lock_->CheckHeldAndUnmark();
+#endif
+  int rv = pthread_cond_wait(&condition_, user_mutex_);
+  DCHECK_EQ(0, rv);
+#if !defined(NDEBUG) || defined(DCHECK_ALWAYS_ON)
+  user_lock_->CheckUnheldAndMark();
+#endif
+}
+
+void ConditionVariable::TimedWait(const TimeDelta& max_time) {
+  base::ThreadRestrictions::AssertWaitAllowed();
+  int64 usecs = max_time.InMicroseconds();
+  struct timespec relative_time;
+  relative_time.tv_sec = usecs / Time::kMicrosecondsPerSecond;
+  relative_time.tv_nsec =
+      (usecs % Time::kMicrosecondsPerSecond) * Time::kNanosecondsPerMicrosecond;
+
+#if !defined(NDEBUG) || defined(DCHECK_ALWAYS_ON)
+  user_lock_->CheckHeldAndUnmark();
+#endif
+
+#if defined(OS_MACOSX)
+  int rv = pthread_cond_timedwait_relative_np(
+      &condition_, user_mutex_, &relative_time);
+#else
+  // The timeout argument to pthread_cond_timedwait is in absolute time.
+  struct timespec absolute_time;
+#if defined(OS_NACL)
+  // See comment in constructor for why this is different in NaCl.
+  struct timeval now;
+  gettimeofday(&now, NULL);
+  absolute_time.tv_sec = now.tv_sec;
+  absolute_time.tv_nsec = now.tv_usec * Time::kNanosecondsPerMicrosecond;
+#else
+  struct timespec now;
+  clock_gettime(CLOCK_MONOTONIC, &now);
+  absolute_time.tv_sec = now.tv_sec;
+  absolute_time.tv_nsec = now.tv_nsec;
+#endif
+
+  absolute_time.tv_sec += relative_time.tv_sec;
+  absolute_time.tv_nsec += relative_time.tv_nsec;
+  absolute_time.tv_sec += absolute_time.tv_nsec / Time::kNanosecondsPerSecond;
+  absolute_time.tv_nsec %= Time::kNanosecondsPerSecond;
+  DCHECK_GE(absolute_time.tv_sec, now.tv_sec);  // Overflow paranoia
+
+#if defined(OS_ANDROID) && defined(HAVE_PTHREAD_COND_TIMEDWAIT_MONOTONIC)
+  int rv = pthread_cond_timedwait_monotonic_np(
+      &condition_, user_mutex_, &absolute_time);
+#else
+  int rv = pthread_cond_timedwait(&condition_, user_mutex_, &absolute_time);
+#endif  // OS_ANDROID && HAVE_PTHREAD_COND_TIMEDWAIT_MONOTONIC
+#endif  // OS_MACOSX
+
+  DCHECK(rv == 0 || rv == ETIMEDOUT);
+#if !defined(NDEBUG) || defined(DCHECK_ALWAYS_ON)
+  user_lock_->CheckUnheldAndMark();
+#endif
+}
+
+void ConditionVariable::Broadcast() {
+  int rv = pthread_cond_broadcast(&condition_);
+  DCHECK_EQ(0, rv);
+}
+
+void ConditionVariable::Signal() {
+  int rv = pthread_cond_signal(&condition_);
+  DCHECK_EQ(0, rv);
+}
+
+}  // namespace base
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/synchronization/lock_impl_posix.cc
@@ -0,0 +1,55 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/synchronization/lock_impl.h"
+
+#include <errno.h>
+#include <string.h>
+
+#include "base/logging.h"
+
+namespace base {
+namespace internal {
+
+LockImpl::LockImpl() {
+#ifndef NDEBUG
+  // In debug, setup attributes for lock error checking.
+  pthread_mutexattr_t mta;
+  int rv = pthread_mutexattr_init(&mta);
+  DCHECK_EQ(rv, 0) << ". " << strerror(rv);
+  rv = pthread_mutexattr_settype(&mta, PTHREAD_MUTEX_ERRORCHECK);
+  DCHECK_EQ(rv, 0) << ". " << strerror(rv);
+  rv = pthread_mutex_init(&native_handle_, &mta);
+  DCHECK_EQ(rv, 0) << ". " << strerror(rv);
+  rv = pthread_mutexattr_destroy(&mta);
+  DCHECK_EQ(rv, 0) << ". " << strerror(rv);
+#else
+  // In release, go with the default lock attributes.
+  pthread_mutex_init(&native_handle_, NULL);
+#endif
+}
+
+LockImpl::~LockImpl() {
+  int rv = pthread_mutex_destroy(&native_handle_);
+  DCHECK_EQ(rv, 0) << ". " << strerror(rv);
+}
+
+bool LockImpl::Try() {
+  int rv = pthread_mutex_trylock(&native_handle_);
+  DCHECK(rv == 0 || rv == EBUSY) << ". " << strerror(rv);
+  return rv == 0;
+}
+
+void LockImpl::Lock() {
+  int rv = pthread_mutex_lock(&native_handle_);
+  DCHECK_EQ(rv, 0) << ". " << strerror(rv);
+}
+
+void LockImpl::Unlock() {
+  int rv = pthread_mutex_unlock(&native_handle_);
+  DCHECK_EQ(rv, 0) << ". " << strerror(rv);
+}
+
+}  // namespace internal
+}  // namespace base
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/synchronization/waitable_event.h
@@ -0,0 +1,193 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef BASE_SYNCHRONIZATION_WAITABLE_EVENT_H_
+#define BASE_SYNCHRONIZATION_WAITABLE_EVENT_H_
+
+#include "base/base_export.h"
+#include "base/basictypes.h"
+
+#if defined(OS_WIN)
+#include "base/win/scoped_handle.h"
+#endif
+
+#if defined(OS_POSIX)
+#include <list>
+#include <utility>
+#include "base/memory/ref_counted.h"
+#include "base/synchronization/lock.h"
+#endif
+
+namespace base {
+
+// This replaces INFINITE from Win32
+static const int kNoTimeout = -1;
+
+class TimeDelta;
+
+// A WaitableEvent can be a useful thread synchronization tool when you want to
+// allow one thread to wait for another thread to finish some work. For
+// non-Windows systems, this can only be used from within a single address
+// space.
+//
+// Use a WaitableEvent when you would otherwise use a Lock+ConditionVariable to
+// protect a simple boolean value.  However, if you find yourself using a
+// WaitableEvent in conjunction with a Lock to wait for a more complex state
+// change (e.g., for an item to be added to a queue), then you should probably
+// be using a ConditionVariable instead of a WaitableEvent.
+//
+// NOTE: On Windows, this class provides a subset of the functionality afforded
+// by a Windows event object.  This is intentional.  If you are writing Windows
+// specific code and you need other features of a Windows event, then you might
+// be better off just using an Windows event directly.
+class BASE_EXPORT WaitableEvent {
+ public:
+  // If manual_reset is true, then to set the event state to non-signaled, a
+  // consumer must call the Reset method.  If this parameter is false, then the
+  // system automatically resets the event state to non-signaled after a single
+  // waiting thread has been released.
+  WaitableEvent(bool manual_reset, bool initially_signaled);
+
+#if defined(OS_WIN)
+  // Create a WaitableEvent from an Event HANDLE which has already been
+  // created. This objects takes ownership of the HANDLE and will close it when
+  // deleted.
+  // TODO(rvargas): Pass ScopedHandle instead (and on Release).
+  explicit WaitableEvent(HANDLE event_handle);
+
+  // Releases ownership of the handle from this object.
+  HANDLE Release();
+#endif
+
+  ~WaitableEvent();
+
+  // Put the event in the un-signaled state.
+  void Reset();
+
+  // Put the event in the signaled state.  Causing any thread blocked on Wait
+  // to be woken up.
+  void Signal();
+
+  // Returns true if the event is in the signaled state, else false.  If this
+  // is not a manual reset event, then this test will cause a reset.
+  bool IsSignaled();
+
+  // Wait indefinitely for the event to be signaled. Wait's return "happens
+  // after" |Signal| has completed. This means that it's safe for a
+  // WaitableEvent to synchronise its own destruction, like this:
+  //
+  //   WaitableEvent *e = new WaitableEvent;
+  //   SendToOtherThread(e);
+  //   e->Wait();
+  //   delete e;
+  void Wait();
+
+  // Wait up until max_time has passed for the event to be signaled.  Returns
+  // true if the event was signaled.  If this method returns false, then it
+  // does not necessarily mean that max_time was exceeded.
+  //
+  // TimedWait can synchronise its own destruction like |Wait|.
+  bool TimedWait(const TimeDelta& max_time);
+
+#if defined(OS_WIN)
+  HANDLE handle() const { return handle_.Get(); }
+#endif
+
+  // Wait, synchronously, on multiple events.
+  //   waitables: an array of WaitableEvent pointers
+  //   count: the number of elements in @waitables
+  //
+  // returns: the index of a WaitableEvent which has been signaled.
+  //
+  // You MUST NOT delete any of the WaitableEvent objects while this wait is
+  // happening, however WaitMany's return "happens after" the |Signal| call
+  // that caused it has completed, like |Wait|.
+  static size_t WaitMany(WaitableEvent** waitables, size_t count);
+
+  // For asynchronous waiting, see WaitableEventWatcher
+
+  // This is a private helper class. It's here because it's used by friends of
+  // this class (such as WaitableEventWatcher) to be able to enqueue elements
+  // of the wait-list
+  class Waiter {
+   public:
+    // Signal the waiter to wake up.
+    //
+    // Consider the case of a Waiter which is in multiple WaitableEvent's
+    // wait-lists. Each WaitableEvent is automatic-reset and two of them are
+    // signaled at the same time. Now, each will wake only the first waiter in
+    // the wake-list before resetting. However, if those two waiters happen to
+    // be the same object (as can happen if another thread didn't have a chance
+    // to dequeue the waiter from the other wait-list in time), two auto-resets
+    // will have happened, but only one waiter has been signaled!
+    //
+    // Because of this, a Waiter may "reject" a wake by returning false. In
+    // this case, the auto-reset WaitableEvent shouldn't act as if anything has
+    // been notified.
+    virtual bool Fire(WaitableEvent* signaling_event) = 0;
+
+    // Waiters may implement this in order to provide an extra condition for
+    // two Waiters to be considered equal. In WaitableEvent::Dequeue, if the
+    // pointers match then this function is called as a final check. See the
+    // comments in ~Handle for why.
+    virtual bool Compare(void* tag) = 0;
+
+   protected:
+    virtual ~Waiter() {}
+  };
+
+ private:
+  friend class WaitableEventWatcher;
+
+#if defined(OS_WIN)
+  win::ScopedHandle handle_;
+#else
+  // On Windows, one can close a HANDLE which is currently being waited on. The
+  // MSDN documentation says that the resulting behaviour is 'undefined', but
+  // it doesn't crash. However, if we were to include the following members
+  // directly then, on POSIX, one couldn't use WaitableEventWatcher to watch an
+  // event which gets deleted. This mismatch has bitten us several times now,
+  // so we have a kernel of the WaitableEvent, which is reference counted.
+  // WaitableEventWatchers may then take a reference and thus match the Windows
+  // behaviour.
+  struct WaitableEventKernel :
+      public RefCountedThreadSafe<WaitableEventKernel> {
+   public:
+    WaitableEventKernel(bool manual_reset, bool initially_signaled);
+
+    bool Dequeue(Waiter* waiter, void* tag);
+
+    base::Lock lock_;
+    const bool manual_reset_;
+    bool signaled_;
+    std::list<Waiter*> waiters_;
+
+   private:
+    friend class RefCountedThreadSafe<WaitableEventKernel>;
+    ~WaitableEventKernel();
+  };
+
+  typedef std::pair<WaitableEvent*, size_t> WaiterAndIndex;
+
+  // When dealing with arrays of WaitableEvent*, we want to sort by the address
+  // of the WaitableEvent in order to have a globally consistent locking order.
+  // In that case we keep them, in sorted order, in an array of pairs where the
+  // second element is the index of the WaitableEvent in the original,
+  // unsorted, array.
+  static size_t EnqueueMany(WaiterAndIndex* waitables,
+                            size_t count, Waiter* waiter);
+
+  bool SignalAll();
+  bool SignalOne();
+  void Enqueue(Waiter* waiter);
+
+  scoped_refptr<WaitableEventKernel> kernel_;
+#endif
+
+  DISALLOW_COPY_AND_ASSIGN(WaitableEvent);
+};
+
+}  // namespace base
+
+#endif  // BASE_SYNCHRONIZATION_WAITABLE_EVENT_H_
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/synchronization/waitable_event_posix.cc
@@ -0,0 +1,415 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <algorithm>
+#include <vector>
+
+#include "base/logging.h"
+#include "base/synchronization/waitable_event.h"
+#include "base/synchronization/condition_variable.h"
+#include "base/synchronization/lock.h"
+#include "base/threading/thread_restrictions.h"
+
+// -----------------------------------------------------------------------------
+// A WaitableEvent on POSIX is implemented as a wait-list. Currently we don't
+// support cross-process events (where one process can signal an event which
+// others are waiting on). Because of this, we can avoid having one thread per
+// listener in several cases.
+//
+// The WaitableEvent maintains a list of waiters, protected by a lock. Each
+// waiter is either an async wait, in which case we have a Task and the
+// MessageLoop to run it on, or a blocking wait, in which case we have the
+// condition variable to signal.
+//
+// Waiting involves grabbing the lock and adding oneself to the wait list. Async
+// waits can be canceled, which means grabbing the lock and removing oneself
+// from the list.
+//
+// Waiting on multiple events is handled by adding a single, synchronous wait to
+// the wait-list of many events. An event passes a pointer to itself when
+// firing a waiter and so we can store that pointer to find out which event
+// triggered.
+// -----------------------------------------------------------------------------
+
+namespace base {
+
+// -----------------------------------------------------------------------------
+// This is just an abstract base class for waking the two types of waiters
+// -----------------------------------------------------------------------------
+WaitableEvent::WaitableEvent(bool manual_reset, bool initially_signaled)
+    : kernel_(new WaitableEventKernel(manual_reset, initially_signaled)) {
+}
+
+WaitableEvent::~WaitableEvent() {
+}
+
+void WaitableEvent::Reset() {
+  base::AutoLock locked(kernel_->lock_);
+  kernel_->signaled_ = false;
+}
+
+void WaitableEvent::Signal() {
+  base::AutoLock locked(kernel_->lock_);
+
+  if (kernel_->signaled_)
+    return;
+
+  if (kernel_->manual_reset_) {
+    SignalAll();
+    kernel_->signaled_ = true;
+  } else {
+    // In the case of auto reset, if no waiters were woken, we remain
+    // signaled.
+    if (!SignalOne())
+      kernel_->signaled_ = true;
+  }
+}
+
+bool WaitableEvent::IsSignaled() {
+  base::AutoLock locked(kernel_->lock_);
+
+  const bool result = kernel_->signaled_;
+  if (result && !kernel_->manual_reset_)
+    kernel_->signaled_ = false;
+  return result;
+}
+
+// -----------------------------------------------------------------------------
+// Synchronous waits
+
+// -----------------------------------------------------------------------------
+// This is a synchronous waiter. The thread is waiting on the given condition
+// variable and the fired flag in this object.
+// -----------------------------------------------------------------------------
+class SyncWaiter : public WaitableEvent::Waiter {
+ public:
+  SyncWaiter()
+      : fired_(false),
+        signaling_event_(NULL),
+        lock_(),
+        cv_(&lock_) {
+  }
+
+  bool Fire(WaitableEvent* signaling_event) override {
+    base::AutoLock locked(lock_);
+
+    if (fired_)
+      return false;
+
+    fired_ = true;
+    signaling_event_ = signaling_event;
+
+    cv_.Broadcast();
+
+    // Unlike AsyncWaiter objects, SyncWaiter objects are stack-allocated on
+    // the blocking thread's stack.  There is no |delete this;| in Fire.  The
+    // SyncWaiter object is destroyed when it goes out of scope.
+
+    return true;
+  }
+
+  WaitableEvent* signaling_event() const {
+    return signaling_event_;
+  }
+
+  // ---------------------------------------------------------------------------
+  // These waiters are always stack allocated and don't delete themselves. Thus
+  // there's no problem and the ABA tag is the same as the object pointer.
+  // ---------------------------------------------------------------------------
+  bool Compare(void* tag) override { return this == tag; }
+
+  // ---------------------------------------------------------------------------
+  // Called with lock held.
+  // ---------------------------------------------------------------------------
+  bool fired() const {
+    return fired_;
+  }
+
+  // ---------------------------------------------------------------------------
+  // During a TimedWait, we need a way to make sure that an auto-reset
+  // WaitableEvent doesn't think that this event has been signaled between
+  // unlocking it and removing it from the wait-list. Called with lock held.
+  // ---------------------------------------------------------------------------
+  void Disable() {
+    fired_ = true;
+  }
+
+  base::Lock* lock() {
+    return &lock_;
+  }
+
+  base::ConditionVariable* cv() {
+    return &cv_;
+  }
+
+ private:
+  bool fired_;
+  WaitableEvent* signaling_event_;  // The WaitableEvent which woke us
+  base::Lock lock_;
+  base::ConditionVariable cv_;
+};
+
+void WaitableEvent::Wait() {
+  bool result = TimedWait(TimeDelta::FromSeconds(-1));
+  DCHECK(result) << "TimedWait() should never fail with infinite timeout";
+}
+
+bool WaitableEvent::TimedWait(const TimeDelta& max_time) {
+  base::ThreadRestrictions::AssertWaitAllowed();
+  const TimeTicks end_time(TimeTicks::Now() + max_time);
+  const bool finite_time = max_time.ToInternalValue() >= 0;
+
+  kernel_->lock_.Acquire();
+  if (kernel_->signaled_) {
+    if (!kernel_->manual_reset_) {
+      // In this case we were signaled when we had no waiters. Now that
+      // someone has waited upon us, we can automatically reset.
+      kernel_->signaled_ = false;
+    }
+
+    kernel_->lock_.Release();
+    return true;
+  }
+
+  SyncWaiter sw;
+  sw.lock()->Acquire();
+
+  Enqueue(&sw);
+  kernel_->lock_.Release();
+  // We are violating locking order here by holding the SyncWaiter lock but not
+  // the WaitableEvent lock. However, this is safe because we don't lock @lock_
+  // again before unlocking it.
+
+  for (;;) {
+    const TimeTicks current_time(TimeTicks::Now());
+
+    if (sw.fired() || (finite_time && current_time >= end_time)) {
+      const bool return_value = sw.fired();
+
+      // We can't acquire @lock_ before releasing the SyncWaiter lock (because
+      // of locking order), however, in between the two a signal could be fired
+      // and @sw would accept it, however we will still return false, so the
+      // signal would be lost on an auto-reset WaitableEvent. Thus we call
+      // Disable which makes sw::Fire return false.
+      sw.Disable();
+      sw.lock()->Release();
+
+      // This is a bug that has been enshrined in the interface of
+      // WaitableEvent now: |Dequeue| is called even when |sw.fired()| is true,
+      // even though it'll always return false in that case. However, taking
+      // the lock ensures that |Signal| has completed before we return and
+      // means that a WaitableEvent can synchronise its own destruction.
+      kernel_->lock_.Acquire();
+      kernel_->Dequeue(&sw, &sw);
+      kernel_->lock_.Release();
+
+      return return_value;
+    }
+
+    if (finite_time) {
+      const TimeDelta max_wait(end_time - current_time);
+      sw.cv()->TimedWait(max_wait);
+    } else {
+      sw.cv()->Wait();
+    }
+  }
+}
+
+// -----------------------------------------------------------------------------
+// Synchronous waiting on multiple objects.
+
+static bool  // StrictWeakOrdering
+cmp_fst_addr(const std::pair<WaitableEvent*, unsigned> &a,
+             const std::pair<WaitableEvent*, unsigned> &b) {
+  return a.first < b.first;
+}
+
+// static
+size_t WaitableEvent::WaitMany(WaitableEvent** raw_waitables,
+                               size_t count) {
+  base::ThreadRestrictions::AssertWaitAllowed();
+  DCHECK(count) << "Cannot wait on no events";
+
+  // We need to acquire the locks in a globally consistent order. Thus we sort
+  // the array of waitables by address. We actually sort a pairs so that we can
+  // map back to the original index values later.
+  std::vector<std::pair<WaitableEvent*, size_t> > waitables;
+  waitables.reserve(count);
+  for (size_t i = 0; i < count; ++i)
+    waitables.push_back(std::make_pair(raw_waitables[i], i));
+
+  DCHECK_EQ(count, waitables.size());
+
+  sort(waitables.begin(), waitables.end(), cmp_fst_addr);
+
+  // The set of waitables must be distinct. Since we have just sorted by
+  // address, we can check this cheaply by comparing pairs of consecutive
+  // elements.
+  for (size_t i = 0; i < waitables.size() - 1; ++i) {
+    DCHECK(waitables[i].first != waitables[i+1].first);
+  }
+
+  SyncWaiter sw;
+
+  const size_t r = EnqueueMany(&waitables[0], count, &sw);
+  if (r) {
+    // One of the events is already signaled. The SyncWaiter has not been
+    // enqueued anywhere. EnqueueMany returns the count of remaining waitables
+    // when the signaled one was seen, so the index of the signaled event is
+    // @count - @r.
+    return waitables[count - r].second;
+  }
+
+  // At this point, we hold the locks on all the WaitableEvents and we have
+  // enqueued our waiter in them all.
+  sw.lock()->Acquire();
+    // Release the WaitableEvent locks in the reverse order
+    for (size_t i = 0; i < count; ++i) {
+      waitables[count - (1 + i)].first->kernel_->lock_.Release();
+    }
+
+    for (;;) {
+      if (sw.fired())
+        break;
+
+      sw.cv()->Wait();
+    }
+  sw.lock()->Release();
+
+  // The address of the WaitableEvent which fired is stored in the SyncWaiter.
+  WaitableEvent *const signaled_event = sw.signaling_event();
+  // This will store the index of the raw_waitables which fired.
+  size_t signaled_index = 0;
+
+  // Take the locks of each WaitableEvent in turn (except the signaled one) and
+  // remove our SyncWaiter from the wait-list
+  for (size_t i = 0; i < count; ++i) {
+    if (raw_waitables[i] != signaled_event) {
+      raw_waitables[i]->kernel_->lock_.Acquire();
+        // There's no possible ABA issue with the address of the SyncWaiter here
+        // because it lives on the stack. Thus the tag value is just the pointer
+        // value again.
+        raw_waitables[i]->kernel_->Dequeue(&sw, &sw);
+      raw_waitables[i]->kernel_->lock_.Release();
+    } else {
+      // By taking this lock here we ensure that |Signal| has completed by the
+      // time we return, because |Signal| holds this lock. This matches the
+      // behaviour of |Wait| and |TimedWait|.
+      raw_waitables[i]->kernel_->lock_.Acquire();
+      raw_waitables[i]->kernel_->lock_.Release();
+      signaled_index = i;
+    }
+  }
+
+  return signaled_index;
+}
+
+// -----------------------------------------------------------------------------
+// If return value == 0:
+//   The locks of the WaitableEvents have been taken in order and the Waiter has
+//   been enqueued in the wait-list of each. None of the WaitableEvents are
+//   currently signaled
+// else:
+//   None of the WaitableEvent locks are held. The Waiter has not been enqueued
+//   in any of them and the return value is the index of the first WaitableEvent
+//   which was signaled, from the end of the array.
+// -----------------------------------------------------------------------------
+// static
+size_t WaitableEvent::EnqueueMany
+    (std::pair<WaitableEvent*, size_t>* waitables,
+     size_t count, Waiter* waiter) {
+  if (!count)
+    return 0;
+
+  waitables[0].first->kernel_->lock_.Acquire();
+    if (waitables[0].first->kernel_->signaled_) {
+      if (!waitables[0].first->kernel_->manual_reset_)
+        waitables[0].first->kernel_->signaled_ = false;
+      waitables[0].first->kernel_->lock_.Release();
+      return count;
+    }
+
+    const size_t r = EnqueueMany(waitables + 1, count - 1, waiter);
+    if (r) {
+      waitables[0].first->kernel_->lock_.Release();
+    } else {
+      waitables[0].first->Enqueue(waiter);
+    }
+
+    return r;
+}
+
+// -----------------------------------------------------------------------------
+
+
+// -----------------------------------------------------------------------------
+// Private functions...
+
+WaitableEvent::WaitableEventKernel::WaitableEventKernel(bool manual_reset,
+                                                        bool initially_signaled)
+    : manual_reset_(manual_reset),
+      signaled_(initially_signaled) {
+}
+
+WaitableEvent::WaitableEventKernel::~WaitableEventKernel() {
+}
+
+// -----------------------------------------------------------------------------
+// Wake all waiting waiters. Called with lock held.
+// -----------------------------------------------------------------------------
+bool WaitableEvent::SignalAll() {
+  bool signaled_at_least_one = false;
+
+  for (std::list<Waiter*>::iterator
+       i = kernel_->waiters_.begin(); i != kernel_->waiters_.end(); ++i) {
+    if ((*i)->Fire(this))
+      signaled_at_least_one = true;
+  }
+
+  kernel_->waiters_.clear();
+  return signaled_at_least_one;
+}
+
+// ---------------------------------------------------------------------------
+// Try to wake a single waiter. Return true if one was woken. Called with lock
+// held.
+// ---------------------------------------------------------------------------
+bool WaitableEvent::SignalOne() {
+  for (;;) {
+    if (kernel_->waiters_.empty())
+      return false;
+
+    const bool r = (*kernel_->waiters_.begin())->Fire(this);
+    kernel_->waiters_.pop_front();
+    if (r)
+      return true;
+  }
+}
+
+// -----------------------------------------------------------------------------
+// Add a waiter to the list of those waiting. Called with lock held.
+// -----------------------------------------------------------------------------
+void WaitableEvent::Enqueue(Waiter* waiter) {
+  kernel_->waiters_.push_back(waiter);
+}
+
+// -----------------------------------------------------------------------------
+// Remove a waiter from the list of those waiting. Return true if the waiter was
+// actually removed. Called with lock held.
+// -----------------------------------------------------------------------------
+bool WaitableEvent::WaitableEventKernel::Dequeue(Waiter* waiter, void* tag) {
+  for (std::list<Waiter*>::iterator
+       i = waiters_.begin(); i != waiters_.end(); ++i) {
+    if (*i == waiter && (*i)->Compare(tag)) {
+      waiters_.erase(i);
+      return true;
+    }
+  }
+
+  return false;
+}
+
+// -----------------------------------------------------------------------------
+
+}  // namespace base
--- a/security/sandbox/chromium/base/template_util.h
+++ b/security/sandbox/chromium/base/template_util.h
@@ -23,47 +23,25 @@ struct integral_constant {
 template <class T, T v> const T integral_constant<T, v>::value;
 
 typedef integral_constant<bool, true> true_type;
 typedef integral_constant<bool, false> false_type;
 
 template <class T> struct is_pointer : false_type {};
 template <class T> struct is_pointer<T*> : true_type {};
 
-// Member function pointer detection up to four params. Add more as needed
-// below. This is built-in to C++ 11, and we can remove this when we switch.
+// Member function pointer detection. This is built-in to C++ 11's stdlib, and
+// we can remove this when we switch to it.
 template<typename T>
 struct is_member_function_pointer : false_type {};
 
-template <typename R, typename Z>
-struct is_member_function_pointer<R(Z::*)()> : true_type {};
-template <typename R, typename Z>
-struct is_member_function_pointer<R(Z::*)() const> : true_type {};
-
-template <typename R, typename Z, typename A>
-struct is_member_function_pointer<R(Z::*)(A)> : true_type {};
-template <typename R, typename Z, typename A>
-struct is_member_function_pointer<R(Z::*)(A) const> : true_type {};
-
-template <typename R, typename Z, typename A, typename B>
-struct is_member_function_pointer<R(Z::*)(A, B)> : true_type {};
-template <typename R, typename Z, typename A, typename B>
-struct is_member_function_pointer<R(Z::*)(A, B) const> : true_type {};
-
-template <typename R, typename Z, typename A, typename B, typename C>
-struct is_member_function_pointer<R(Z::*)(A, B, C)> : true_type {};
-template <typename R, typename Z, typename A, typename B, typename C>
-struct is_member_function_pointer<R(Z::*)(A, B, C) const> : true_type {};
-
-template <typename R, typename Z, typename A, typename B, typename C,
-          typename D>
-struct is_member_function_pointer<R(Z::*)(A, B, C, D)> : true_type {};
-template <typename R, typename Z, typename A, typename B, typename C,
-          typename D>
-struct is_member_function_pointer<R(Z::*)(A, B, C, D) const> : true_type {};
+template <typename R, typename Z, typename... A>
+struct is_member_function_pointer<R(Z::*)(A...)> : true_type {};
+template <typename R, typename Z, typename... A>
+struct is_member_function_pointer<R(Z::*)(A...) const> : true_type {};
 
 
 template <class T, class U> struct is_same : public false_type {};
 template <class T> struct is_same<T,T> : true_type {};
 
 template<class> struct is_array : public false_type {};
 template<class T, size_t n> struct is_array<T[n]> : public true_type {};
 template<class T> struct is_array<T[]> : public true_type {};
--- a/security/sandbox/chromium/base/third_party/dmg_fp/dtoa.cc
+++ b/security/sandbox/chromium/base/third_party/dmg_fp/dtoa.cc
@@ -647,17 +647,17 @@ multadd
 		while(++i < wds);
 	if (carry) {
 		if (wds >= b->maxwds) {
 			b1 = Balloc(b->k+1);
 			Bcopy(b1, b);
 			Bfree(b);
 			b = b1;
 			}
-		b->x[wds++] = carry;
+		b->x[wds++] = (ULong)carry;
 		b->wds = wds;
 		}
 	return b;
 	}
 
  static Bigint *
 s2b
 #ifdef KR_headers
@@ -842,17 +842,17 @@ mult
 			xc = xc0;
 			carry = 0;
 			do {
 				z = *x++ * (ULLong)y + *xc + carry;
 				carry = z >> 32;
 				*xc++ = z & FFFFFFFF;
 				}
 				while(x < xae);
-			*xc = carry;
+			*xc = (ULong)carry;
 			}
 		}
 #else
 #ifdef Pack_32
 	for(; xb < xbe; xb++, xc0++) {
 		if (y = *xb & 0xffff) {
 			x = xa;
 			xc = xc0;
@@ -1506,17 +1506,17 @@ static unsigned char hexdig[256];
 #ifdef KR_headers
 htinit(h, s, inc) unsigned char *h; unsigned char *s; int inc;
 #else
 htinit(unsigned char *h, unsigned char *s, int inc)
 #endif
 {
 	int i, j;
 	for(i = 0; (j = s[i]) !=0; i++)
-		h[j] = i + inc;
+		h[j] = (unsigned char)(i + inc);
 	}
 
  static void
 #ifdef KR_headers
 hexdig_init()
 #else
 hexdig_init(void)
 #endif
@@ -3298,17 +3298,17 @@ strtod
 				}
 			else
 				word0(&rv) += P*Exp_msk1;
 			}
 		else {
 #ifdef Avoid_Underflow
 			if (bc.scale && y <= 2*P*Exp_msk1) {
 				if (aadj <= 0x7fffffff) {
-					if ((z = aadj) <= 0)
+					if ((z = (ULong)aadj) <= 0)
 						z = 1;
 					aadj = z;
 					aadj1 = bc.dsign ? aadj : -aadj;
 					}
 				dval(&aadj2) = aadj1;
 				word0(&aadj2) += (2*P+1)*Exp_msk1 - y;
 				aadj1 = dval(&aadj2);
 				}
@@ -3854,19 +3854,19 @@ dtoa
 			}
 #ifndef No_leftright
 		if (leftright) {
 			/* Use Steele & White method of only
 			 * generating digits needed.
 			 */
 			dval(&eps) = 0.5/tens[ilim-1] - dval(&eps);
 			for(i = 0;;) {
-				L = dval(&u);
+				L = (long)dval(&u);
 				dval(&u) -= L;
-				*s++ = '0' + (int)L;
+				*s++ = '0' + (char)L;
 				if (dval(&u) < dval(&eps))
 					goto ret1;
 				if (1. - dval(&u) < dval(&eps))
 					goto bump_up;
 				if (++i >= ilim)
 					break;
 				dval(&eps) *= 10.;
 				dval(&u) *= 10.;
@@ -3875,17 +3875,17 @@ dtoa
 		else {
 #endif
 			/* Generate ilim digits, then fix them up. */
 			dval(&eps) *= tens[ilim-1];
 			for(i = 1;; i++, dval(&u) *= 10.) {
 				L = (Long)(dval(&u));
 				if (!(dval(&u) -= L))
 					ilim = i;
-				*s++ = '0' + (int)L;
+				*s++ = '0' + (char)L;
 				if (i == ilim) {
 					if (dval(&u) > 0.5 + dval(&eps))
 						goto bump_up;
 					else if (dval(&u) < 0.5 - dval(&eps)) {
 						while(*--s == '0') {}
 						s++;
 						goto ret1;
 						}
@@ -3918,17 +3918,17 @@ dtoa
 			dval(&u) -= L*ds;
 #ifdef Check_FLT_ROUNDS
 			/* If FLT_ROUNDS == 2, L will usually be high by 1 */
 			if (dval(&u) < 0) {
 				L--;
 				dval(&u) += ds;
 				}
 #endif
-			*s++ = '0' + (int)L;
+			*s++ = '0' + (char)L;
 			if (!dval(&u)) {
 #ifdef SET_INEXACT
 				inexact = 0;
 #endif
 				break;
 				}
 			if (i == ilim) {
 #ifdef Honor_FLT_ROUNDS
@@ -4096,17 +4096,17 @@ dtoa
 				if (dig == '9')
 					goto round_9_up;
 				if (j > 0)
 					dig++;
 #ifdef SET_INEXACT
 				else if (!b->x[0] && b->wds <= 1)
 					inexact = 0;
 #endif
-				*s++ = dig;
+				*s++ = (char)dig;
 				goto ret;
 				}
 #endif
 			if (j < 0 || (j == 0 && mode != 1
 #ifndef ROUND_BIASED
 							&& !(word1(&u) & 1)
 #endif
 					)) {
@@ -4126,50 +4126,51 @@ dtoa
 				if (j1 > 0) {
 					b = lshift(b, 1);
 					j1 = cmp(b, S);
 					if ((j1 > 0 || (j1 == 0 && dig & 1))
 					&& dig++ == '9')
 						goto round_9_up;
 					}
  accept_dig:
-				*s++ = dig;
+				*s++ = (char)dig;
 				goto ret;
 				}
 			if (j1 > 0) {
 #ifdef Honor_FLT_ROUNDS
 				if (!Rounding)
 					goto accept_dig;
 #endif
 				if (dig == '9') { /* possible if i == 1 */
  round_9_up:
 					*s++ = '9';
 					goto roundoff;
 					}
-				*s++ = dig + 1;
+				*s++ = (char)dig + 1;
 				goto ret;
 				}
 #ifdef Honor_FLT_ROUNDS
  keep_dig:
 #endif
-			*s++ = dig;
+			*s++ = (char)dig;
 			if (i == ilim)
 				break;
 			b = multadd(b, 10, 0);
 			if (mlo == mhi)
 				mlo = mhi = multadd(mhi, 10, 0);
 			else {
 				mlo = multadd(mlo, 10, 0);
 				mhi = multadd(mhi, 10, 0);
 				}
 			}
 		}
 	else
 		for(i = 1;; i++) {
-			*s++ = dig = quorem(b,S) + '0';
+			dig = quorem(b,S) + '0';
+			*s++ = (char)dig;
 			if (!b->x[0] && b->wds <= 1) {
 #ifdef SET_INEXACT
 				inexact = 0;
 #endif
 				goto ret;
 				}
 			if (i >= ilim)
 				break;
--- a/security/sandbox/chromium/base/third_party/dmg_fp/g_fmt.cc
+++ b/security/sandbox/chromium/base/third_party/dmg_fp/g_fmt.cc
@@ -62,17 +62,17 @@ g_fmt(register char *b, double x)
 			*b++ = '-';
 			decpt = -decpt;
 			}
 		else
 			*b++ = '+';
 		for(j = 2, k = 10; 10*k <= decpt; j++, k *= 10) {}
 		for(;;) {
 			i = decpt / k;
-			*b++ = i + '0';
+			*b++ = (char)i + '0';
 			if (--j <= 0)
 				break;
 			decpt -= i*k;
 			decpt *= 10;
 			}
 		*b = 0;
 		}
 	else if (decpt <= 0) {
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/third_party/superfasthash/LICENSE
@@ -0,0 +1,27 @@
+Paul Hsieh OLD BSD license
+
+Copyright (c) 2010, Paul Hsieh
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the above copyright notice, this
+  list of conditions and the following disclaimer in the documentation and/or
+  other materials provided with the distribution.
+* Neither my name, Paul Hsieh, nor the names of any other contributors to the
+  code use may not be used to endorse or promote products derived from this
+  software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/third_party/superfasthash/README.chromium
@@ -0,0 +1,29 @@
+Name: Paul Hsieh's SuperFastHash
+Short Name: SuperFastHash
+URL: http://www.azillionmonkeys.com/qed/hash.html
+Version: 0
+Date: 2012-02-21
+License: BSD
+License File: LICENSE
+Security Critical: yes
+
+Description:
+A fast string hashing algorithm.
+
+Local Modifications:
+- Added LICENSE.
+- Added license text as a comment to the top of superfasthash.c.
+- #include <stdint.h> instead of "pstdint.h".
+- #include <stdlib.h>.
+
+The license is a standard 3-clause BSD license with the following minor changes:
+
+"nor the names of its contributors may be used"
+is replaced with:
+"nor the names of any other contributors to the code use may not be used"
+
+and
+
+"IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE"
+is replaced with:
+"IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE"
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/third_party/superfasthash/superfasthash.c
@@ -0,0 +1,84 @@
+// Copyright (c) 2010, Paul Hsieh
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// * Redistributions of source code must retain the above copyright notice, this
+//   list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright notice,
+//   this list of conditions and the following disclaimer in the documentation
+//   and/or other materials provided with the distribution.
+// * Neither my name, Paul Hsieh, nor the names of any other contributors to the
+//   code use may not be used to endorse or promote products derived from this
+//   software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+// POSSIBILITY OF SUCH DAMAGE.
+
+#include <stdint.h>
+#include <stdlib.h>
+#undef get16bits
+#if (defined(__GNUC__) && defined(__i386__)) || defined(__WATCOMC__) \
+  || defined(_MSC_VER) || defined (__BORLANDC__) || defined (__TURBOC__)
+#define get16bits(d) (*((const uint16_t *) (d)))
+#endif
+
+#if !defined (get16bits)
+#define get16bits(d) ((((uint32_t)(((const uint8_t *)(d))[1])) << 8)\
+                       +(uint32_t)(((const uint8_t *)(d))[0]) )
+#endif
+
+uint32_t SuperFastHash (const char * data, int len) {
+uint32_t hash = len, tmp;
+int rem;
+
+    if (len <= 0 || data == NULL) return 0;
+
+    rem = len & 3;
+    len >>= 2;
+
+    /* Main loop */
+    for (;len > 0; len--) {
+        hash  += get16bits (data);
+        tmp    = (get16bits (data+2) << 11) ^ hash;
+        hash   = (hash << 16) ^ tmp;
+        data  += 2*sizeof (uint16_t);
+        hash  += hash >> 11;
+    }
+
+    /* Handle end cases */
+    switch (rem) {
+        case 3: hash += get16bits (data);
+                hash ^= hash << 16;
+                hash ^= ((signed char)data[sizeof (uint16_t)]) << 18;
+                hash += hash >> 11;
+                break;
+        case 2: hash += get16bits (data);
+                hash ^= hash << 11;
+                hash += hash >> 17;
+                break;
+        case 1: hash += (signed char)*data;
+                hash ^= hash << 10;
+                hash += hash >> 1;
+    }
+
+    /* Force "avalanching" of final 127 bits */
+    hash ^= hash << 3;
+    hash += hash >> 5;
+    hash ^= hash << 4;
+    hash += hash >> 17;
+    hash ^= hash << 25;
+    hash += hash >> 6;
+
+    return hash;
+}
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/threading/platform_thread_linux.cc
@@ -0,0 +1,119 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/threading/platform_thread.h"
+
+#include <errno.h>
+#include <sched.h>
+
+#include "base/lazy_instance.h"
+#include "base/logging.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/safe_strerror_posix.h"
+#include "base/threading/thread_id_name_manager.h"
+#include "base/threading/thread_restrictions.h"
+#include "base/tracked_objects.h"
+
+#if !defined(OS_NACL)
+#include <sys/prctl.h>
+#include <sys/resource.h>
+#include <sys/syscall.h>
+#include <sys/time.h>
+#include <unistd.h>
+#endif
+
+namespace base {
+
+namespace {
+
+int ThreadNiceValue(ThreadPriority priority) {
+  switch (priority) {
+    case kThreadPriority_RealtimeAudio:
+      return -10;
+    case kThreadPriority_Background:
+      return 10;
+    case kThreadPriority_Normal:
+      return 0;
+    case kThreadPriority_Display:
+      return -6;
+    default:
+      NOTREACHED() << "Unknown priority.";
+      return 0;
+  }
+}
+
+}  // namespace
+
+// static
+void PlatformThread::SetName(const char* name) {
+  ThreadIdNameManager::GetInstance()->SetName(CurrentId(), name);
+  tracked_objects::ThreadData::InitializeThreadContext(name);
+
+#if !defined(OS_NACL)
+  // On linux we can get the thread names to show up in the debugger by setting
+  // the process name for the LWP.  We don't want to do this for the main
+  // thread because that would rename the process, causing tools like killall
+  // to stop working.
+  if (PlatformThread::CurrentId() == getpid())
+    return;
+
+  // http://0pointer.de/blog/projects/name-your-threads.html
+  // Set the name for the LWP (which gets truncated to 15 characters).
+  // Note that glibc also has a 'pthread_setname_np' api, but it may not be
+  // available everywhere and it's only benefit over using prctl directly is
+  // that it can set the name of threads other than the current thread.
+  int err = prctl(PR_SET_NAME, name);
+  // We expect EPERM failures in sandboxed processes, just ignore those.
+  if (err < 0 && errno != EPERM)
+    DPLOG(ERROR) << "prctl(PR_SET_NAME)";
+#endif  //  !defined(OS_NACL)
+}
+
+// static
+void PlatformThread::SetThreadPriority(PlatformThreadHandle handle,
+                                       ThreadPriority priority) {
+#if !defined(OS_NACL)
+  if (priority == kThreadPriority_RealtimeAudio) {
+    const struct sched_param kRealTimePrio = {8};
+    if (pthread_setschedparam(pthread_self(), SCHED_RR, &kRealTimePrio) == 0) {
+      // Got real time priority, no need to set nice level.
+      return;
+    }
+  }
+
+  // setpriority(2) should change the whole thread group's (i.e. process)
+  // priority. however, on linux it will only change the target thread's
+  // priority. see the bugs section in
+  // http://man7.org/linux/man-pages/man2/getpriority.2.html.
+  // we prefer using 0 rather than the current thread id since they are
+  // equivalent but it makes sandboxing easier (https://crbug.com/399473).
+  DCHECK_NE(handle.id_, kInvalidThreadId);
+  const int kNiceSetting = ThreadNiceValue(priority);
+  const PlatformThreadId current_id = PlatformThread::CurrentId();
+  if (setpriority(PRIO_PROCESS,
+                  handle.id_ == current_id ? 0 : handle.id_,
+                  kNiceSetting)) {
+    DVPLOG(1) << "Failed to set nice value of thread (" << handle.id_ << ") to "
+              << kNiceSetting;
+  }
+#endif  //  !defined(OS_NACL)
+}
+
+void InitThreading() {}
+
+void InitOnThread() {}
+
+void TerminateOnThread() {}
+
+size_t GetDefaultThreadStackSize(const pthread_attr_t& attributes) {
+#if !defined(THREAD_SANITIZER)
+  return 0;
+#else
+  // ThreadSanitizer bloats the stack heavily. Evidence has been that the
+  // default stack size isn't enough for some browser tests.
+  return 2 * (1 << 23);  // 2 times 8192K (the default stack size on Linux).
+#endif
+}
+
+}  // namespace base
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/threading/platform_thread_posix.cc
@@ -0,0 +1,238 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/threading/platform_thread.h"
+
+#include <errno.h>
+#include <sched.h>
+
+#include "base/lazy_instance.h"
+#include "base/logging.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/safe_strerror_posix.h"
+#include "base/synchronization/waitable_event.h"
+#include "base/threading/thread_id_name_manager.h"
+#include "base/threading/thread_restrictions.h"
+#include "base/tracked_objects.h"
+
+#if defined(OS_MACOSX)
+#include <sys/resource.h>
+#include <algorithm>
+#endif
+
+#if defined(OS_LINUX)
+#include <sys/prctl.h>
+#include <sys/resource.h>
+#include <sys/syscall.h>
+#include <sys/time.h>
+#include <unistd.h>
+#endif
+
+namespace base {
+
+void InitThreading();
+void InitOnThread();
+void TerminateOnThread();
+size_t GetDefaultThreadStackSize(const pthread_attr_t& attributes);
+
+namespace {
+
+struct ThreadParams {
+  ThreadParams()
+      : delegate(NULL),
+        joinable(false),
+        priority(kThreadPriority_Normal),
+        handle(NULL),
+        handle_set(false, false) {
+  }
+
+  PlatformThread::Delegate* delegate;
+  bool joinable;
+  ThreadPriority priority;
+  PlatformThreadHandle* handle;
+  WaitableEvent handle_set;
+};
+
+void* ThreadFunc(void* params) {
+  base::InitOnThread();
+  ThreadParams* thread_params = static_cast<ThreadParams*>(params);
+
+  PlatformThread::Delegate* delegate = thread_params->delegate;
+  if (!thread_params->joinable)
+    base::ThreadRestrictions::SetSingletonAllowed(false);
+
+  if (thread_params->priority != kThreadPriority_Normal) {
+    PlatformThread::SetThreadPriority(PlatformThread::CurrentHandle(),
+                                      thread_params->priority);
+  }
+
+  // Stash the id in the handle so the calling thread has a complete
+  // handle, and unblock the parent thread.
+  *(thread_params->handle) = PlatformThreadHandle(pthread_self(),
+                                                  PlatformThread::CurrentId());
+  thread_params->handle_set.Signal();
+
+  ThreadIdNameManager::GetInstance()->RegisterThread(
+      PlatformThread::CurrentHandle().platform_handle(),
+      PlatformThread::CurrentId());
+
+  delegate->ThreadMain();
+
+  ThreadIdNameManager::GetInstance()->RemoveName(
+      PlatformThread::CurrentHandle().platform_handle(),
+      PlatformThread::CurrentId());
+
+  base::TerminateOnThread();
+  return NULL;
+}
+
+bool CreateThread(size_t stack_size, bool joinable,
+                  PlatformThread::Delegate* delegate,
+                  PlatformThreadHandle* thread_handle,
+                  ThreadPriority priority) {
+  base::InitThreading();
+
+  bool success = false;
+  pthread_attr_t attributes;
+  pthread_attr_init(&attributes);
+
+  // Pthreads are joinable by default, so only specify the detached
+  // attribute if the thread should be non-joinable.
+  if (!joinable) {
+    pthread_attr_setdetachstate(&attributes, PTHREAD_CREATE_DETACHED);
+  }
+
+  // Get a better default if available.
+  if (stack_size == 0)
+    stack_size = base::GetDefaultThreadStackSize(attributes);
+
+  if (stack_size > 0)
+    pthread_attr_setstacksize(&attributes, stack_size);
+
+  ThreadParams params;
+  params.delegate = delegate;
+  params.joinable = joinable;
+  params.priority = priority;
+  params.handle = thread_handle;
+
+  pthread_t handle;
+  int err = pthread_create(&handle,
+                           &attributes,
+                           ThreadFunc,
+                           &params);
+  success = !err;
+  if (!success) {
+    // Value of |handle| is undefined if pthread_create fails.
+    handle = 0;
+    errno = err;
+    PLOG(ERROR) << "pthread_create";
+  }
+
+  pthread_attr_destroy(&attributes);
+
+  // Don't let this call complete until the thread id
+  // is set in the handle.
+  if (success)
+    params.handle_set.Wait();
+  CHECK_EQ(handle, thread_handle->platform_handle());
+
+  return success;
+}
+
+}  // namespace
+
+// static
+PlatformThreadId PlatformThread::CurrentId() {
+  // Pthreads doesn't have the concept of a thread ID, so we have to reach down
+  // into the kernel.
+#if defined(OS_MACOSX)
+  return pthread_mach_thread_np(pthread_self());
+#elif defined(OS_LINUX)
+  return syscall(__NR_gettid);
+#elif defined(OS_ANDROID)
+  return gettid();
+#elif defined(OS_SOLARIS) || defined(OS_QNX)
+  return pthread_self();
+#elif defined(OS_NACL) && defined(__GLIBC__)
+  return pthread_self();
+#elif defined(OS_NACL) && !defined(__GLIBC__)
+  // Pointers are 32-bits in NaCl.
+  return reinterpret_cast<int32>(pthread_self());
+#elif defined(OS_POSIX)
+  return reinterpret_cast<int64>(pthread_self());
+#endif
+}
+
+// static
+PlatformThreadRef PlatformThread::CurrentRef() {
+  return PlatformThreadRef(pthread_self());
+}
+
+// static
+PlatformThreadHandle PlatformThread::CurrentHandle() {
+  return PlatformThreadHandle(pthread_self(), CurrentId());
+}
+
+// static
+void PlatformThread::YieldCurrentThread() {
+  sched_yield();
+}
+
+// static
+void PlatformThread::Sleep(TimeDelta duration) {
+  struct timespec sleep_time, remaining;
+
+  // Break the duration into seconds and nanoseconds.
+  // NOTE: TimeDelta's microseconds are int64s while timespec's
+  // nanoseconds are longs, so this unpacking must prevent overflow.
+  sleep_time.tv_sec = duration.InSeconds();
+  duration -= TimeDelta::FromSeconds(sleep_time.tv_sec);
+  sleep_time.tv_nsec = duration.InMicroseconds() * 1000;  // nanoseconds
+
+  while (nanosleep(&sleep_time, &remaining) == -1 && errno == EINTR)
+    sleep_time = remaining;
+}
+
+// static
+const char* PlatformThread::GetName() {
+  return ThreadIdNameManager::GetInstance()->GetName(CurrentId());
+}
+
+// static
+bool PlatformThread::Create(size_t stack_size, Delegate* delegate,
+                            PlatformThreadHandle* thread_handle) {
+  base::ThreadRestrictions::ScopedAllowWait allow_wait;
+  return CreateThread(stack_size, true /* joinable thread */,
+                      delegate, thread_handle, kThreadPriority_Normal);
+}
+
+// static
+bool PlatformThread::CreateWithPriority(size_t stack_size, Delegate* delegate,
+                                        PlatformThreadHandle* thread_handle,
+                                        ThreadPriority priority) {
+  base::ThreadRestrictions::ScopedAllowWait allow_wait;
+  return CreateThread(stack_size, true,  // joinable thread
+                      delegate, thread_handle, priority);
+}
+
+// static
+bool PlatformThread::CreateNonJoinable(size_t stack_size, Delegate* delegate) {
+  PlatformThreadHandle unused;
+
+  base::ThreadRestrictions::ScopedAllowWait allow_wait;
+  bool result = CreateThread(stack_size, false /* non-joinable thread */,
+                             delegate, &unused, kThreadPriority_Normal);
+  return result;
+}
+
+// static
+void PlatformThread::Join(PlatformThreadHandle thread_handle) {
+  // Joining another thread may block the current thread for a long time, since
+  // the thread referred to by |thread_handle| may still be running long-lived /
+  // blocking tasks.
+  base::ThreadRestrictions::AssertIOAllowed();
+  CHECK_EQ(0, pthread_join(thread_handle.handle_, NULL));
+}
+
+}  // namespace base
--- a/security/sandbox/chromium/base/threading/platform_thread_win.cc
+++ b/security/sandbox/chromium/base/threading/platform_thread_win.cc
@@ -145,19 +145,18 @@ void PlatformThread::YieldCurrentThread(
   ::Sleep(0);
 }
 
 // static
 void PlatformThread::Sleep(TimeDelta duration) {
   // When measured with a high resolution clock, Sleep() sometimes returns much
   // too early. We may need to call it repeatedly to get the desired duration.
   TimeTicks end = TimeTicks::Now() + duration;
-  TimeTicks now;
-  while ((now = TimeTicks::Now()) < end)
-    ::Sleep((end - now).InMillisecondsRoundedUp());
+  for (TimeTicks now = TimeTicks::Now(); now < end; now = TimeTicks::Now())
+    ::Sleep(static_cast<DWORD>((end - now).InMillisecondsRoundedUp()));
 }
 
 // static
 void PlatformThread::SetName(const char* name) {
   ThreadIdNameManager::GetInstance()->SetName(CurrentId(), name);
 
   // On Windows only, we don't need to tell the profiler about the "BrokerEvent"
   // thread, as it exists only in the chrome.exe image, and never spawns or runs
--- a/security/sandbox/chromium/base/threading/sequenced_worker_pool.h
+++ b/security/sandbox/chromium/base/threading/sequenced_worker_pool.h
@@ -285,20 +285,20 @@ class BASE_EXPORT SequencedWorkerPool : 
   // behavior.
   bool PostSequencedWorkerTaskWithShutdownBehavior(
       SequenceToken sequence_token,
       const tracked_objects::Location& from_here,
       const Closure& task,
       WorkerShutdown shutdown_behavior);
 
   // TaskRunner implementation. Forwards to PostDelayedWorkerTask().
-  virtual bool PostDelayedTask(const tracked_objects::Location& from_here,
-                               const Closure& task,
-                               TimeDelta delay) OVERRIDE;
-  virtual bool RunsTasksOnCurrentThread() const OVERRIDE;
+  bool PostDelayedTask(const tracked_objects::Location& from_here,
+                       const Closure& task,
+                       TimeDelta delay) override;
+  bool RunsTasksOnCurrentThread() const override;
 
   // Returns true if the current thread is processing a task with the given
   // sequence_token.
   bool IsRunningSequenceOnCurrentThread(SequenceToken sequence_token) const;
 
   // Blocks until all pending tasks are complete. This should only be called in
   // unit tests when you want to validate something that should have happened.
   // This will not flush delayed tasks; delayed tasks get deleted.
@@ -331,19 +331,19 @@ class BASE_EXPORT SequencedWorkerPool : 
 
   // Check if Shutdown was called for given threading pool. This method is used
   // for aborting time consuming operation to avoid blocking shutdown.
   //
   // Can be called from any thread.
   bool IsShutdownInProgress();
 
  protected:
-  virtual ~SequencedWorkerPool();
+  ~SequencedWorkerPool() override;
 
-  virtual void OnDestruct() const OVERRIDE;
+  void OnDestruct() const override;
 
  private:
   friend class RefCountedThreadSafe<SequencedWorkerPool>;
   friend class DeleteHelper<SequencedWorkerPool>;
 
   class Inner;
   class Worker;
 
--- a/security/sandbox/chromium/base/threading/thread_collision_warner.h
+++ b/security/sandbox/chromium/base/threading/thread_collision_warner.h
@@ -133,18 +133,18 @@ namespace base {
 // used. During the unit tests is used another class that doesn't "DCHECK"
 // in case of collision (check thread_collision_warner_unittests.cc)
 struct BASE_EXPORT AsserterBase {
   virtual ~AsserterBase() {}
   virtual void warn() = 0;
 };
 
 struct BASE_EXPORT DCheckAsserter : public AsserterBase {
-  virtual ~DCheckAsserter() {}
-  virtual void warn() OVERRIDE;
+  ~DCheckAsserter() override {}
+  void warn() override;
 };
 
 class BASE_EXPORT ThreadCollisionWarner {
  public:
   // The parameter asserter is there only for test purpose
   explicit ThreadCollisionWarner(AsserterBase* asserter = new DCheckAsserter())
       : valid_thread_id_(0),
         counter_(0),
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/threading/thread_local_posix.cc
@@ -0,0 +1,42 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/threading/thread_local.h"
+
+#include <pthread.h>
+
+#include "base/logging.h"
+
+#if !defined(OS_ANDROID)
+
+namespace base {
+namespace internal {
+
+// static
+void ThreadLocalPlatform::AllocateSlot(SlotType* slot) {
+  int error = pthread_key_create(slot, NULL);
+  CHECK_EQ(error, 0);
+}
+
+// static
+void ThreadLocalPlatform::FreeSlot(SlotType slot) {
+  int error = pthread_key_delete(slot);
+  DCHECK_EQ(0, error);
+}
+
+// static
+void* ThreadLocalPlatform::GetValueFromSlot(SlotType slot) {
+  return pthread_getspecific(slot);
+}
+
+// static
+void ThreadLocalPlatform::SetValueInSlot(SlotType slot, void* value) {
+  int error = pthread_setspecific(slot, value);
+  DCHECK_EQ(error, 0);
+}
+
+}  // namespace internal
+}  // namespace base
+
+#endif  // !defined(OS_ANDROID)
new file mode 100644
--- /dev/null
+++ b/security/sandbox/chromium/base/threading/thread_local_storage.h
@@ -0,0 +1,144 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef BASE_THREADING_THREAD_LOCAL_STORAGE_H_
+#define BASE_THREADING_THREAD_LOCAL_STORAGE_H_
+
+#include "base/base_export.h"
+#include "base/basictypes.h"
+
+#if defined(OS_WIN)
+#include <windows.h>
+#elif defined(OS_POSIX)
+#include <pthread.h>
+#endif
+
+namespace base {
+
+namespace internal {
+
+// WARNING: You should *NOT* be using this class directly.
+// PlatformThreadLocalStorage is low-level abstraction to the OS's TLS
+// interface, you should instead be using ThreadLocalStorage::StaticSlot/Slot.
+class BASE_EXPORT PlatformThreadLocalStorage {
+ public:
+
+#if defined(OS_WIN)
+  typedef unsigned long TLSKey;
+  enum { TLS_KEY_OUT_OF_INDEXES = TLS_OUT_OF_INDEXES };
+#elif defined(OS_POSIX)
+  typedef pthread_key_t TLSKey;
+  // The following is a "reserved key" which is used in our generic Chromium
+  // ThreadLocalStorage implementation.  We expect that an OS will not return
+  // such a key, but if it is returned (i.e., the OS tries to allocate it) we
+  // will just request another key.
+  enum { TLS_KEY_OUT_OF_INDEXES = 0x7FFFFFFF };
+#endif
+
+  // The following methods need to be supported on each OS platform, so that
+  // the Chromium ThreadLocalStore functionality can be constructed.
+  // Chromium will use these methods to acquire a single OS slot, and then use
+  // that to support a much larger number of Chromium slots (independent of the
+  // OS restrictions).
+  // The following returns true if it successfully is able to return an OS
+  // key in |key|.
+  static bool AllocTLS(TLSKey* key);
+  // Note: FreeTLS() doesn't have to be called, it is fine with this leak, OS
+  // might not reuse released slot, you might just reset the TLS value with
+  // SetTLSValue().
+  static void FreeTLS(TLSKey key);
+  static void SetTLSValue(TLSKey key, void* value);
+  static void* GetTLSValue(TLSKey key);
+
+  // Each platform (OS implementation) is required to call this method on each
+  // terminating thread when the thread is about to terminate.  This method
+  // will then call all registered destructors for slots in Chromium
+  // ThreadLocalStorage, until there are no slot values remaining as having
+  // been set on this thread.
+  // Destructors may end up being called multiple times on a terminating
+  // thread, as other destructors may re-set slots that were previously
+  // destroyed.
+#if defined(OS_WIN)
+  // Since Windows which doesn't support TLS destructor, the implementation
+  // should use GetTLSValue() to retrieve the value of TLS slot.
+  static void OnThreadExit();
+#elif defined(OS_POSIX)
+  // |Value| is the data stored in TLS slot, The implementation can't use
+  // GetTLSValue() to retrieve the value of slot as it has already been reset
+  // in Posix.
+  static void OnThreadExit(void* value);
+#endif
+};
+
+}  // namespace internal
+
+// Wrapper for thread local storage.  This class doesn't do much except provide
+// an API for portability.
+class BASE_EXPORT ThreadLocalStorage {
+ public:
+
+  // Prototype for the TLS destructor function, which can be optionally used to
+  // cleanup thread local storage on thread exit.  'value' is the data that is
+  // stored in thread local storage.
+  typedef void (*TLSDestructorFunc)(void* value);
+
+  // StaticSlot uses its own struct initializer-list style static
+  // initialization, as base's LINKER_INITIALIZED requires a constructor and on
+  // some compilers (notably gcc 4.4) this still ends up needing runtime
+  // initialization.
+  #define TLS_INITIALIZER {0}
+
+  // A key representing one value stored in TLS.
+  // Initialize like
+  //   ThreadLocalStorage::StaticSlot my_slot = TLS_INITIALIZER;
+  // If you're not using a static variable, use the convenience class
+  // ThreadLocalStorage::Slot (below) instead.
+  struct BASE_EXPORT StaticSlot {
+    // Set up the TLS slot.  Called by the constructor.
+    // 'destructor' is a pointer to a function to perform per-thread cleanup of
+    // this object.  If set to NULL, no cleanup is done for this TLS slot.
+    // Returns false on error.
+    bool Initialize(TLSDestructorFunc destructor);
+
+    // Free a previously allocated TLS 'slot'.
+    // If a destructor was set for this slot, removes
+    // the destructor so that remaining threads exiting
+    // will not free data.
+    void Free();
+
+    // Get the thread-local value stored in slot 'slot'.
+    // Values are guaranteed to initially be zero.
+    void* Get() const;
+
+    // Set the thread-local value stored in slot 'slot' to
+    // value 'value'.
+    void Set(void* value);
+
+    bool initialized() const { return initialized_; }
+
+    // The internals of this struct should be considered private.
+    bool initialized_;
+    int slot_;
+  };
+
+  // A convenience wrapper around StaticSlot with a constructor. Can be used
+  // as a member variable.
+  class BASE_EXPORT Slot : public StaticSlot {
+   public:
+    // Calls StaticSlot::Initialize().
+    explicit Slot(TLSDestructorFunc destructor = NULL);
+
+   private:
+    using StaticSlot::initialized_;
+    using StaticSlot::slot_;
+
+    DISALLOW_COPY_AND_ASSIGN(Slot);
+  };
+
+  DISALLOW_COPY_AND_ASSIGN(ThreadLocalStorage);
+};
+
+}  // namespace base
+
+#endif  // BASE_THREADING_THREAD_LOCAL_STORAGE_H_
--- a/security/sandbox/chromium/base/threading/thread_restrictions.h
+++ b/security/sandbox/chromium/base/threading/thread_restrictions.h
@@ -10,70 +10,57 @@
 
 // See comment at top of thread_checker.h
 #if (!defined(NDEBUG) || defined(DCHECK_ALWAYS_ON))
 #define ENABLE_THREAD_RESTRICTIONS 1
 #else
 #define ENABLE_THREAD_RESTRICTIONS 0
 #endif
 
-class AcceleratedPresenter;
 class BrowserProcessImpl;
 class HistogramSynchronizer;
-class MetricsService;
 class NativeBackendKWallet;
 class ScopedAllowWaitForLegacyWebViewApi;
-class TestingAutomationProvider;
 
-namespace browser_sync {
-class NonFrontendDataTypeController;
-class UIModelWorker;
-}
 namespace cc {
 class CompletionEvent;
 }
 namespace chromeos {
-class AudioMixerAlsa;
 class BlockingMethodCaller;
 namespace system {
 class StatisticsProviderImpl;
 }
 }
 namespace chrome_browser_net {
 class Predictor;
 }
 namespace content {
 class BrowserGpuChannelHostFactory;
+class BrowserGpuMemoryBufferManager;
 class BrowserShutdownProfileDumper;
 class BrowserTestBase;
-class GLHelper;
 class GpuChannelHost;
 class NestedMessagePumpAndroid;
 class RenderWidgetResizeHelper;
 class ScopedAllowWaitForAndroidLayoutTests;
 class TextInputClientMac;
 }
 namespace dbus {
 class Bus;
 }
 namespace disk_cache {
 class BackendImpl;
 class InFlightIO;
 }
-namespace media {
-class AudioOutputController;
-}
 namespace mojo {
 namespace common {
 class WatcherThreadManager;
 }
 }
 namespace net {
-class FileStreamPosix;
-class FileStreamWin;
 namespace internal {
 class AddressTrackerLinux;
 }
 }
 
 namespace remoting {
 class AutoThread;
 }
@@ -184,51 +171,43 @@ class BASE_EXPORT ThreadRestrictions {
   // BEGIN ALLOWED USAGE.
   friend class content::BrowserShutdownProfileDumper;
   friend class content::BrowserTestBase;
   friend class content::NestedMessagePumpAndroid;
   friend class content::RenderWidgetResizeHelper;
   friend class content::ScopedAllowWaitForAndroidLayoutTests;
   friend class ::HistogramSynchronizer;
   friend class ::ScopedAllowWaitForLegacyWebViewApi;
-  friend class ::TestingAutomationProvider;
   friend class cc::CompletionEvent;
   friend class mojo::common::WatcherThreadManager;
   friend class remoting::AutoThread;
   friend class MessagePumpDefault;
   friend class SequencedWorkerPool;
   friend class SimpleThread;
   friend class Thread;
   friend class ThreadTestHelper;
   friend class PlatformThread;
   friend class android::JavaHandlerThread;
 
   // END ALLOWED USAGE.
   // BEGIN USAGE THAT NEEDS TO BE FIXED.
-  friend class ::chromeos::AudioMixerAlsa;        // http://crbug.com/125206
   friend class ::chromeos::BlockingMethodCaller;  // http://crbug.com/125360
   friend class ::chromeos::system::StatisticsProviderImpl;  // http://crbug.com/125385
-  friend class browser_sync::NonFrontendDataTypeController;  // http://crbug.com/19757
-  friend class browser_sync::UIModelWorker;       // http://crbug.com/19757
   friend class chrome_browser_net::Predictor;     // http://crbug.com/78451
   friend class
       content::BrowserGpuChannelHostFactory;      // http://crbug.com/125248
-  friend class content::GLHelper;                 // http://crbug.com/125415
+  friend class
+      content::BrowserGpuMemoryBufferManager;     // http://crbug.com/420368
   friend class content::GpuChannelHost;           // http://crbug.com/125264
   friend class content::TextInputClientMac;       // http://crbug.com/121917
   friend class dbus::Bus;                         // http://crbug.com/125222
   friend class disk_cache::BackendImpl;           // http://crbug.com/74623
   friend class disk_cache::InFlightIO;            // http://crbug.com/74623
-  friend class media::AudioOutputController;      // http://crbug.com/120973
-  friend class net::FileStreamPosix;              // http://crbug.com/115067
-  friend class net::FileStreamWin;                // http://crbug.com/115067
   friend class net::internal::AddressTrackerLinux;  // http://crbug.com/125097
-  friend class ::AcceleratedPresenter;            // http://crbug.com/125391
   friend class ::BrowserProcessImpl;              // http://crbug.com/125207
-  friend class ::MetricsService;                  // http://crbug.com/124954
   friend class ::NativeBackendKWallet;            // http://crbug.com/125331
   // END USAGE THAT NEEDS TO BE FIXED.
 
 #if ENABLE_THREAD_RESTRICTIONS
   static bool SetWaitAllowed(bool allowed);
 #else
   static bool SetWaitAllowed(bool allowed) { return true; }
 #endif
--- a/security/sandbox/chromium/base/time/time.cc
+++ b/security/sandbox/chromium/base/time/time.cc
@@ -1,20 +1,23 @@
 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/time/time.h"
 
+#include <ios>
 #include <limits>
 #include <ostream>
+#include <sstream>
 
 #include "base/float_util.h"
 #include "base/lazy_instance.h"
 #include "base/logging.h"
+#include "base/strings/stringprintf.h"
 #include "base/third_party/nspr/prtime.h"
 
 namespace base {
 
 // TimeDelta ------------------------------------------------------------------
 
 // static
 TimeDelta TimeDelta::Max() {
@@ -89,16 +92,20 @@ int64 TimeDelta::InMillisecondsRoundedUp
 int64 TimeDelta::InMicroseconds() const {
   if (is_max()) {
     // Preserve max to prevent overflow.
     return std::numeric_limits<int64>::max();
   }
   return delta_;
 }
 
+std::ostream& operator<<(std::ostream& os, TimeDelta time_delta) {
+  return os << time_delta.InSecondsF() << "s";
+}