Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(249)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 7696016: Remove the window script object tear-down special-case. (Closed)

Created:
9 years, 4 months ago by Wez
Modified:
9 years, 3 months ago
Reviewers:
ananta, jam
CC:
chromium-reviews, joi+watch-content_chromium.org, darin-cc_chromium.org, jam
Visibility:
Public.

Description

Remove the detach-but-don't-release special-case for the window script object. - Why remove the special case? WebKit's script controllers have a special-case for the window script object, which deallocates it regardless of reference-count, on the assumption that by the time the relevant call (clearScriptObjects) is made, no callers can remain which hold references to it - this prevents it from lingering indfinitely if the plugin forgets to release it. WebPluginDelegateProxy has a special-case for handling the window script object, which tries to cope with the case where clearScriptObjects has been called before the plugin is destroyed (which should never happen), by avoiding trying to release the window script object, and instead relying on WebKit deallocating it. This workaround doesn't actually work; if WebKit is behaving then the object exists at plugin teardown time, and it's safe for code to touch it. If it doesn't exist any more, then we may still touch it if the plugin tries to script the window, or to release the reference. Even if neither of those occur, the stub for the object may release it when the last plugin instance's channel is torn-down, before the workaround can be hit. We still need to explicitly tear-down the window script object's stub if the plugin failed to release it, so that it won't linger and end up being released after WebKit has already deallocated it. Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=99869

Patch Set 1 : " #

Patch Set 2 : Reinstate call to DeleteSoon. #

Patch Set 3 : Rebase. #

Patch Set 4 : Rebase. #

Patch Set 5 : Rebase. #

Patch Set 6 : Rebase #

Unified diffs Side-by-side diffs Delta from patch set Stats (+16 lines, -18 lines) Patch
M content/plugin/npobject_stub.h View 1 3 1 chunk +5 lines, -7 lines 0 comments Download
M content/plugin/npobject_stub.cc View 1 2 3 3 chunks +4 lines, -5 lines 0 comments Download
M content/renderer/webplugin_delegate_proxy.cc View 1 2 3 4 5 1 chunk +7 lines, -6 lines 0 comments Download

Messages

Total messages: 3 (0 generated)
Wez
As discussed.
9 years, 4 months ago (2011-08-21 00:20:40 UTC) #1
jam
lgtm but please add a longer description, i.e. even what you wrote in the email, ...
9 years, 4 months ago (2011-08-22 17:36:33 UTC) #2
Wez
9 years, 3 months ago (2011-08-31 20:41:33 UTC) #3 
On 2011/08/22 17:36:33, John Abd-El-Malek wrote:
> lgtm
> 
> but please add a longer description, i.e. even what you wrote in the email, in
> the change description. that way when someone is looking through the commit
> history, they can understand why this was changed.
> 
> also, no need for empty BUG= and TEST=. bug= is to associate a change with a
> bug. if there's no bug, there's nothing to associate. TEST= is manual test
> instructions to the test team. if there's nothing you need to tell them, no
need
> for this line

FYI, it _is_ necessary to detach the window script object stub before returning
from PluginDestroyed, again to work-around the WebKit deallocate work-around, so
all this CL now does is get rid of the detach-but-don't-release special-case.

Powered by Google App Engine
This is Rietveld 408576698