Suspecting: https://chromium.googlesource.com/chromium/src/+/526f714c9ae172c3b16581b7e11eb035fd14274e

[2698/2699] ImportantFileWriterTest.CallbackRunsOnWriterThread (113 ms)
[ RUN      ] FileProxyTest.CreateOrOpen_AbandonedCreate
==================
WARNING: ThreadSanitizer: data race (pid=25888)
  Read of size 8 at 0x7b0400000658 by thread T1:
    #0 IsValid base/memory/weak_ptr.h:135:14 (base_unittests+0xf1d67c)
    #1 is_valid base/memory/weak_ptr.h:163 (base_unittests+0xf1d67c)
    #2 get base/memory/weak_ptr.h:274 (base_unittests+0xf1d67c)
    #3 operator bool base/memory/weak_ptr.h:293 (base_unittests+0xf1d67c)
    #4 is_end base/observer_list.h:117 (base_unittests+0xf1d67c)
    #5 operator== base/observer_list.h:211 (base_unittests+0xf1d67c)
    #6 operator!= base/observer_list.h:220 (base_unittests+0xf1d67c)
    #7 base::MessageLoop::RunTask(base::PendingTask*) base/message_loop/message_loop.cc:423 (base_unittests+0xf1d67c)
    #8 base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) base/message_loop/message_loop.cc:433:5 (base_unittests+0xf1dcbb)
    #9 base::MessageLoop::DoWork() base/message_loop/message_loop.cc:540:13 (base_unittests+0xf1e15b)
    #10 base::MessagePumpDefault::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_default.cc:33:31 (base_unittests+0xf21aa1)
    #11 Run base/message_loop/message_loop.cc:369:10 (base_unittests+0xf1cb27)
    #12 non-virtual thunk to base::MessageLoop::Run() base/message_loop/message_loop.cc (base_unittests+0xf1cb27)
    #13 base::RunLoop::Run() base/run_loop.cc:111:14 (base_unittests+0xf56fab)
    #14 base::Thread::Run(base::RunLoop*) base/threading/thread.cc:255:13 (base_unittests+0xfa0b59)
    #15 base::Thread::ThreadMain() base/threading/thread.cc:338:3 (base_unittests+0xfa0e1e)
    #16 base::(anonymous namespace)::ThreadFunc(void*) base/threading/platform_thread_posix.cc:71:13 (base_unittests+0xf9577d)

  Previous write of size 8 at 0x7b0400000658 by main thread:
    #0 Invalidate base/memory/weak_ptr.h:120:17 (base_unittests+0xf1ab59)
    #1 base::internal::WeakReferenceOwner::Invalidate() base/memory/weak_ptr.cc:70 (base_unittests+0xf1ab59)
    #2 ~WeakReferenceOwner base/memory/weak_ptr.cc:58:3 (base_unittests+0xf1b09a)
    #3 base::internal::WeakPtrFactoryBase::~WeakPtrFactoryBase() base/memory/weak_ptr.cc:87 (base_unittests+0xf1b09a)
    #4 base::RunLoop::~RunLoop() base/run_loop.cc:92:1 (base_unittests+0xf56f0a)
    #5 base::FileProxyTest_CreateOrOpen_AbandonedCreate_Test::TestBody() base/files/file_proxy_unittest.cc:155:3 (base_unittests+0x6ef59c)
    #6 HandleExceptionsInMethodIfSupported<testing::Test, void> third_party/googletest/src/googletest/src/gtest.cc:2455:12 (base_unittests+0xeb3e6d)
    #7 testing::Test::Run() third_party/googletest/src/googletest/src/gtest.cc:2471 (base_unittests+0xeb3e6d)
    #8 testing::TestInfo::Run() third_party/googletest/src/googletest/src/gtest.cc:2653:11 (base_unittests+0xeb4bed)
    #9 testing::TestCase::Run() third_party/googletest/src/googletest/src/gtest.cc:2771:28 (base_unittests+0xeb5426)
    #10 testing::internal::UnitTestImpl::RunAllTests() third_party/googletest/src/googletest/src/gtest.cc:4648:43 (base_unittests+0xebe326)
    #11 HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> third_party/googletest/src/googletest/src/gtest.cc:2455:12 (base_unittests+0xebdd24)
    #12 testing::UnitTest::Run() third_party/googletest/src/googletest/src/gtest.cc:4256 (base_unittests+0xebdd24)
    #13 RUN_ALL_TESTS third_party/googletest/src/googletest/include/gtest/gtest.h:2237:46 (base_unittests+0x100b3d5)
    #14 base::TestSuite::Run() base/test/test_suite.cc:271 (base_unittests+0x100b3d5)
    #15 Invoke<base::TestSuite *> base/bind_internal.h:209:12 (base_unittests+0xffab25)
    #16 MakeItSo<int (base::TestSuite::*const &)(), base::TestSuite *> base/bind_internal.h:275 (base_unittests+0xffab25)
    #17 RunImpl<int (base::TestSuite::*const &)(), const std::__1::tuple<base::internal::UnretainedWrapper<base::TestSuite> > &, 0> base/bind_internal.h:351 (base_unittests+0xffab25)
    #18 base::internal::Invoker<base::internal::BindState<int (base::TestSuite::*)(), base::internal::UnretainedWrapper<base::TestSuite> >, int ()>::Run(base::internal::BindStateBase*) base/bind_internal.h:329 (base_unittests+0xffab25)
    #19 Run base/callback.h:80:12 (base_unittests+0x1019de5)
    #20 base::(anonymous namespace)::LaunchUnitTestsInternal(base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, int, int, bool, base::Callback<void (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) base/test/launcher/unit_test_launcher.cc:216 (base_unittests+0x1019de5)
    #21 base::LaunchUnitTests(int, char**, base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) base/test/launcher/unit_test_launcher.cc:458:10 (base_unittests+0x1019c6a)
    #22 main base/test/run_all_base_unittests.cc:22:10 (base_unittests+0xffaa80)

  Location is heap block of size 16 at 0x7b0400000650 allocated by main thread:
    #0 operator new(unsigned long) <null> (base_unittests+0x540322)
    #1 NullFlag base/memory/weak_ptr.cc:34:30 (base_unittests+0xf1aa37)
    #2 base::internal::WeakReferenceOwner::WeakReferenceOwner() base/memory/weak_ptr.cc:55 (base_unittests+0xf1aa37)
    #3 SupportsWeakPtr base/memory/weak_ptr.h:382:3 (base_unittests+0xf56b0d)
    #4 ObserverListBase base/observer_list.h:147 (base_unittests+0xf56b0d)
    #5 ObserverList base/observer_list.h:330 (base_unittests+0xf56b0d)
    #6 base::RunLoop::Delegate::Delegate() base/run_loop.cc:36 (base_unittests+0xf56b0d)
    #7 base::MessageLoop::MessageLoop(base::MessageLoop::Type, base::Callback<std::__1::unique_ptr<base::MessagePump, std::__1::default_delete<base::MessagePump> > (), (base::internal::CopyMode)0, (base::internal::RepeatMode)0>) base/message_loop/message_loop.cc:302:14 (base_unittests+0xf1b1fe)
    #8 base::MessageLoop::MessageLoop(base::MessageLoop::Type) base/message_loop/message_loop.cc:86:7 (base_unittests+0xf1b194)
    #9 MessageLoopForIO base/message_loop/message_loop.h:551:24 (base_unittests+0x6f73df)
    #10 base::FileProxyTest::FileProxyTest() base/files/file_proxy_unittest.cc:28 (base_unittests+0x6f73df)
    #11 FileProxyTest_CreateOrOpen_AbandonedCreate_Test base/files/file_proxy_unittest.cc:147:1 (base_unittests+0x6f7654)
    #12 testing::internal::TestFactoryImpl<base::FileProxyTest_CreateOrOpen_AbandonedCreate_Test>::CreateTest() third_party/googletest/src/googletest/include/gtest/internal/gtest-internal.h:484 (base_unittests+0x6f7654)
    #13 HandleExceptionsInMethodIfSupported<testing::internal::TestFactoryBase, testing::Test *> third_party/googletest/src/googletest/src/gtest.cc:2455:12 (base_unittests+0xeb4b4a)
    #14 testing::TestInfo::Run() third_party/googletest/src/googletest/src/gtest.cc:2644 (base_unittests+0xeb4b4a)
    #15 testing::TestCase::Run() third_party/googletest/src/googletest/src/gtest.cc:2771:28 (base_unittests+0xeb5426)
    #16 testing::internal::UnitTestImpl::RunAllTests() third_party/googletest/src/googletest/src/gtest.cc:4648:43 (base_unittests+0xebe326)
    #17 HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> third_party/googletest/src/googletest/src/gtest.cc:2455:12 (base_unittests+0xebdd24)
    #18 testing::UnitTest::Run() third_party/googletest/src/googletest/src/gtest.cc:4256 (base_unittests+0xebdd24)
    #19 RUN_ALL_TESTS third_party/googletest/src/googletest/include/gtest/gtest.h:2237:46 (base_unittests+0x100b3d5)
    #20 base::TestSuite::Run() base/test/test_suite.cc:271 (base_unittests+0x100b3d5)
    #21 Invoke<base::TestSuite *> base/bind_internal.h:209:12 (base_unittests+0xffab25)
    #22 MakeItSo<int (base::TestSuite::*const &)(), base::TestSuite *> base/bind_internal.h:275 (base_unittests+0xffab25)
    #23 RunImpl<int (base::TestSuite::*const &)(), const std::__1::tuple<base::internal::UnretainedWrapper<base::TestSuite> > &, 0> base/bind_internal.h:351 (base_unittests+0xffab25)
    #24 base::internal::Invoker<base::internal::BindState<int (base::TestSuite::*)(), base::internal::UnretainedWrapper<base::TestSuite> >, int ()>::Run(base::internal::BindStateBase*) base/bind_internal.h:329 (base_unittests+0xffab25)
    #25 Run base/callback.h:80:12 (base_unittests+0x1019de5)
    #26 base::(anonymous namespace)::LaunchUnitTestsInternal(base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, int, int, bool, base::Callback<void (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) base/test/launcher/unit_test_launcher.cc:216 (base_unittests+0x1019de5)
    #27 base::LaunchUnitTests(int, char**, base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) base/test/launcher/unit_test_launcher.cc:458:10 (base_unittests+0x1019c6a)
    #28 main base/test/run_all_base_unittests.cc:22:10 (base_unittests+0xffaa80)

  Thread T1 'FileProxyTestFileThread' (tid=25890, running) created by main thread at:
    #0 pthread_create <null> (base_unittests+0x4dbdd3)
    #1 base::(anonymous namespace)::CreateThread(unsigned long, bool, base::PlatformThread::Delegate*, base::PlatformThreadHandle*, base::ThreadPriority) base/threading/platform_thread_posix.cc:110:13 (base_unittests+0xf95277)
    #2 base::PlatformThread::CreateWithPriority(unsigned long, base::PlatformThread::Delegate*, base::PlatformThreadHandle*, base::ThreadPriority) base/threading/platform_thread_posix.cc:193:10 (base_unittests+0xf95175)
    #3 base::Thread::StartWithOptions(base::Thread::Options const&) base/threading/thread.cc:112:15 (base_unittests+0xfa0528)
    #4 base::Thread::Start() base/threading/thread.cc:75:10 (base_unittests+0xfa034b)
    #5 base::FileProxyTest::SetUp() base/files/file_proxy_unittest.cc:36:5 (base_unittests+0x6f672b)
    #6 HandleExceptionsInMethodIfSupported<testing::Test, void> third_party/googletest/src/googletest/src/gtest.cc:2455:12 (base_unittests+0xeb3d76)
    #7 testing::Test::Run() third_party/googletest/src/googletest/src/gtest.cc:2467 (base_unittests+0xeb3d76)
    #8 testing::TestInfo::Run() third_party/googletest/src/googletest/src/gtest.cc:2653:11 (base_unittests+0xeb4bed)
    #9 testing::TestCase::Run() third_party/googletest/src/googletest/src/gtest.cc:2771:28 (base_unittests+0xeb5426)
    #10 testing::internal::UnitTestImpl::RunAllTests() third_party/googletest/src/googletest/src/gtest.cc:4648:43 (base_unittests+0xebe326)
    #11 HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> third_party/googletest/src/googletest/src/gtest.cc:2455:12 (base_unittests+0xebdd24)
    #12 testing::UnitTest::Run() third_party/googletest/src/googletest/src/gtest.cc:4256 (base_unittests+0xebdd24)
    #13 RUN_ALL_TESTS third_party/googletest/src/googletest/include/gtest/gtest.h:2237:46 (base_unittests+0x100b3d5)
    #14 base::TestSuite::Run() base/test/test_suite.cc:271 (base_unittests+0x100b3d5)
    #15 Invoke<base::TestSuite *> base/bind_internal.h:209:12 (base_unittests+0xffab25)
    #16 MakeItSo<int (base::TestSuite::*const &)(), base::TestSuite *> base/bind_internal.h:275 (base_unittests+0xffab25)
    #17 RunImpl<int (base::TestSuite::*const &)(), const std::__1::tuple<base::internal::UnretainedWrapper<base::TestSuite> > &, 0> base/bind_internal.h:351 (base_unittests+0xffab25)
    #18 base::internal::Invoker<base::internal::BindState<int (base::TestSuite::*)(), base::internal::UnretainedWrapper<base::TestSuite> >, int ()>::Run(base::internal::BindStateBase*) base/bind_internal.h:329 (base_unittests+0xffab25)
    #19 Run base/callback.h:80:12 (base_unittests+0x1019de5)
    #20 base::(anonymous namespace)::LaunchUnitTestsInternal(base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, int, int, bool, base::Callback<void (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) base/test/launcher/unit_test_launcher.cc:216 (base_unittests+0x1019de5)
    #21 base::LaunchUnitTests(int, char**, base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) base/test/launcher/unit_test_launcher.cc:458:10 (base_unittests+0x1019c6a)
    #22 main base/test/run_all_base_unittests.cc:22:10 (base_unittests+0xffaa80)

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/24046fd36c1a132243a7ffd279f59734f947d223

commit 24046fd36c1a132243a7ffd279f59734f947d223
Author: hans <hans@chromium.org>
Date: Thu Jun 29 22:07:42 2017

Revert of Make base::WeakPtr::Get() fast (patchset #10 id:180001 of https://codereview.chromium.org/2963623002/ )

Reason for revert:
This seems to have broken Cronet tests and Linux TSan. See bugs.

Original issue's description:
> Make base::WeakPtr::Get() fast
>
> It was previously calling WeakReference::is_valid() which was an out-of-line
> method. That means code like
>
>   if (my_weak_ptr)
>     my_weak_ptr->foo();
>
> would do two calls to is_valid(), plus tests and branching.
>
> The is_valid() method showed up as one of the most frequently called non-inline
> functions during browser start-up on Windows (about 1M calls).
>
> is_valid() was also inefficient because it had to do a null-pointer check on
> flag_, as well as checking if the flag was marked valid.
>
> This patch removes the null-pointer check by using a sentinel object instead of
> a nullptr. And instead of storing a bool in the flag, it stores a pointer-sized
> bitmask 0 or ~0, so it can be AND'ed with the pointer value and conveniently
> setting EFLAGS so that the code above just becomes a few loads, AND, branch,
> and call. (The size of Flag is unchanged; it grows into the padding only.)
>
> This is expected to reduce the binary size by ~48KB on Android, and increase it
> by 79KB on x64 Linux -- something that's paid for by the split-out refactorings
> to WeakPtr and WeakPtrFactory.
>
> Exposing the SequenceChecker calls in inline functions caused the
> MessageLoopTestType*.Nesting test to overflow on Win64 dcheck release builds,
> which is why this patch also lowers the recursion depth there.
>
> BUG= 728324 
>
> Review-Url: https://codereview.chromium.org/2963623002
> Cr-Commit-Position: refs/heads/master@{#483427}
> Committed: https://chromium.googlesource.com/chromium/src/+/526f714c9ae172c3b16581b7e11eb035fd14274e

TBR=thakis@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= 728324 , 738167 , 738183 , 738193 

Review-Url: https://codereview.chromium.org/2966633002
Cr-Commit-Position: refs/heads/master@{#483509}

[modify] https://crrev.com/24046fd36c1a132243a7ffd279f59734f947d223/base/memory/weak_ptr.cc
[modify] https://crrev.com/24046fd36c1a132243a7ffd279f59734f947d223/base/memory/weak_ptr.h
[modify] https://crrev.com/24046fd36c1a132243a7ffd279f59734f947d223/base/message_loop/message_loop_test.cc

The revert should resolve the build breakage.

And I think I see what the fix is too. I'm pretty sure the race is benign: one thread has written 0 to NullFlag's is_valid_ and TSan complains there is no synchronization before another thread reads is_valid_, but it should have been zero all the time.

Anyway, I think the fix is to make WeakReferenceOwner::Invalidate() not call Invalidate on the NullFlag.

Thanks for the revert, bot is green now.

Of note, it doesn't matter what the value was or was not.  The compiler is free to OVERWRITE memory locations with temporary values so long as the correct value gets written in the end.  Since the value is always correct from the point-of-view of the current thread, it's still valid code.  Only synchronization guarantees correctness between threads.

Simple solution: Make it std::atomic<int> and use .load and .store with std::memory_order_relaxed.

Good point. I think my fix mentioned in #5 is simpler though; there's no need to write to this field again after it's been initialized.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3856eab55bb241fb054a878d9922e65e7b5b0931

commit 3856eab55bb241fb054a878d9922e65e7b5b0931
Author: hans <hans@chromium.org>
Date: Mon Jul 17 12:03:22 2017

Make base::WeakPtr::Get() fast

It was previous calling the out-of-line method WeakReference::is_valid().
That means that code like

  if (my_weak_ptr)
    my_weak_ptr->foo();

would do two calls to is_valid(), plus tests and branching.

The is_valid() method showed up as one of the most frequently called non-inline
functions during browser start-up on Windows (about 1M calls).

is_valid() was also inefficient in itself, because it had to do a null-check
flag_, as well as checking if the flag was marked valid.

This patch removes the null-pointer check by using a sentinel Flag object instead of
a nullptr. And instead of storing a bool in the Flag, it stores a pointer-sized
bitmask 0 or ~0, so it can be AND'ed with the pointer value and conveniently
setting EFLAGS so that the code above just becomes a few loads, AND, branch,
and call. (The size of Flag is unchanged; it grows into the padding only.)

This is expected to reduce the binary size by ~48KB on Android, and increase it
by 79KB on x64 Linux -- something that's paid for by the split-out refactorings
to WeakPtr and WeakPtrFactory.

Exposing the SequenceChecker calls in inline functions caused the
MessageLoopTestType*.Nesting test to overflow on Win64 dcheck release builds,
which is why this patch also lowers the recursion depth there.

BUG= 728324 , 738183 , 738193 
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.android:android_cronet_tester

Review-Url: https://codereview.chromium.org/2963623002
Cr-Commit-Position: refs/heads/master@{#487048}

[modify] https://crrev.com/3856eab55bb241fb054a878d9922e65e7b5b0931/base/memory/weak_ptr.cc
[modify] https://crrev.com/3856eab55bb241fb054a878d9922e65e7b5b0931/base/memory/weak_ptr.h
[modify] https://crrev.com/3856eab55bb241fb054a878d9922e65e7b5b0931/base/message_loop/message_loop_test.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4cfa301cda2ab84a496f3c13a5e3fa2f8de94fca

commit 4cfa301cda2ab84a496f3c13a5e3fa2f8de94fca
Author: Hans Wennborg <hans@chromium.org>
Date: Tue Aug 08 03:33:38 2017

Revert "Make base::WeakPtr::Get() fast"

This reverts commit 71f161e3bd95827876f67c656168f936d88a6e3a and
3856eab55bb241fb054a878d9922e65e7b5b0931.

Reason for revert:
I'm backing out the WeakPtr changes. While the new code was objectively
better, it didn't show on any perf bots, regressed size on Linux quite a
bit because the new code was smaller and thus inlined more often, and
seems to have introduced a new crasher on Android. To summarize: it seems
it's not worth it.  The WeakPtr revert will be done in two patches. The
first part is in https://chromium-review.googlesource.com/c/604087
This second part should be merged to M61.

Original change's description:
> Make base::WeakPtr::Get() fast
>
> It was previous calling the out-of-line method WeakReference::is_valid().
> That means that code like
>
>   if (my_weak_ptr)
>     my_weak_ptr->foo();
>
> would do two calls to is_valid(), plus tests and branching.
>
> The is_valid() method showed up as one of the most frequently called non-inline
> functions during browser start-up on Windows (about 1M calls).
>
> is_valid() was also inefficient in itself, because it had to do a null-check
> flag_, as well as checking if the flag was marked valid.
>
> This patch removes the null-pointer check by using a sentinel Flag object instead of
> a nullptr. And instead of storing a bool in the Flag, it stores a pointer-sized
> bitmask 0 or ~0, so it can be AND'ed with the pointer value and conveniently
> setting EFLAGS so that the code above just becomes a few loads, AND, branch,
> and call. (The size of Flag is unchanged; it grows into the padding only.)
>
> This is expected to reduce the binary size by ~48KB on Android, and increase it
> by 79KB on x64 Linux -- something that's paid for by the split-out refactorings
> to WeakPtr and WeakPtrFactory.
>
> Exposing the SequenceChecker calls in inline functions caused the
> MessageLoopTestType*.Nesting test to overflow on Win64 dcheck release builds,
> which is why this patch also lowers the recursion depth there.
>
> BUG= 728324 , 738183 , 738193 
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.android:android_cronet_tester
>
> Review-Url: https://codereview.chromium.org/2963623002
> Cr-Commit-Position: refs/heads/master@{#487048}

BUG=748495, 748075 , 744747 

Change-Id: Id85da06115ab9453267ade4d6f8efcfd1b26220c
Reviewed-on: https://chromium-review.googlesource.com/604088
Commit-Queue: Hans Wennborg <hans@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#492520}
[modify] https://crrev.com/4cfa301cda2ab84a496f3c13a5e3fa2f8de94fca/base/memory/weak_ptr.cc
[modify] https://crrev.com/4cfa301cda2ab84a496f3c13a5e3fa2f8de94fca/base/memory/weak_ptr.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f393cc0504d4da327d541a054c404aa422470c1c

commit f393cc0504d4da327d541a054c404aa422470c1c
Author: Hans Wennborg <hans@chromium.org>
Date: Thu Aug 10 15:45:38 2017

Revert "Make base::WeakPtr::Get() fast"

This reverts commit 71f161e3bd95827876f67c656168f936d88a6e3a and
3856eab55bb241fb054a878d9922e65e7b5b0931.

Reason for revert:
I'm backing out the WeakPtr changes. While the new code was objectively
better, it didn't show on any perf bots, regressed size on Linux quite a
bit because the new code was smaller and thus inlined more often, and
seems to have introduced a new crasher on Android. To summarize: it seems
it's not worth it.  The WeakPtr revert will be done in two patches. The
first part is in https://chromium-review.googlesource.com/c/604087
This second part should be merged to M61.

Original change's description:
> Make base::WeakPtr::Get() fast
>
> It was previous calling the out-of-line method WeakReference::is_valid().
> That means that code like
>
>   if (my_weak_ptr)
>     my_weak_ptr->foo();
>
> would do two calls to is_valid(), plus tests and branching.
>
> The is_valid() method showed up as one of the most frequently called non-inline
> functions during browser start-up on Windows (about 1M calls).
>
> is_valid() was also inefficient in itself, because it had to do a null-check
> flag_, as well as checking if the flag was marked valid.
>
> This patch removes the null-pointer check by using a sentinel Flag object instead of
> a nullptr. And instead of storing a bool in the Flag, it stores a pointer-sized
> bitmask 0 or ~0, so it can be AND'ed with the pointer value and conveniently
> setting EFLAGS so that the code above just becomes a few loads, AND, branch,
> and call. (The size of Flag is unchanged; it grows into the padding only.)
>
> This is expected to reduce the binary size by ~48KB on Android, and increase it
> by 79KB on x64 Linux -- something that's paid for by the split-out refactorings
> to WeakPtr and WeakPtrFactory.
>
> Exposing the SequenceChecker calls in inline functions caused the
> MessageLoopTestType*.Nesting test to overflow on Win64 dcheck release builds,
> which is why this patch also lowers the recursion depth there.
>
> BUG= 728324 , 738183 , 738193 
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.android:android_cronet_tester
>
> Review-Url: https://codereview.chromium.org/2963623002
> Cr-Commit-Position: refs/heads/master@{#487048}

BUG=748495, 748075 , 744747 
TBR=hans@chromium.org

(cherry picked from commit 4cfa301cda2ab84a496f3c13a5e3fa2f8de94fca)

Change-Id: Id85da06115ab9453267ade4d6f8efcfd1b26220c
Reviewed-on: https://chromium-review.googlesource.com/604088
Commit-Queue: Hans Wennborg <hans@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#492520}
Reviewed-on: https://chromium-review.googlesource.com/610446
Reviewed-by: Hans Wennborg <hans@chromium.org>
Cr-Commit-Position: refs/branch-heads/3163@{#432}
Cr-Branched-From: ff259bab28b35d242e10186cd63af7ed404fae0d-refs/heads/master@{#488528}
[modify] https://crrev.com/f393cc0504d4da327d541a054c404aa422470c1c/base/memory/weak_ptr.cc
[modify] https://crrev.com/f393cc0504d4da327d541a054c404aa422470c1c/base/memory/weak_ptr.h