Issue 2043753002: Declarative resource hints go through mojo IPC to //content

Created:
4 years, 6 months ago by Charlie Harrison

Modified:
3 years, 6 months ago

Reviewers:
kinuko, jochen (gone - plz use gerrit), Yoav Weiss, Marijn Kruisselbrink, yzshen1

CC:
Aaron Boodman, abarth-chromium, ben+mojo_chromium.org, blink-reviews, blink-reviews-api_chromium.org, blink-reviews-html_chromium.org, cbentzel+watch_chromium.org, chromium-reviews, creis+watch_chromium.org, darin (slow to review), darin-cc_chromium.org, dglazkov+blink, gavinp+prerender_chromium.org, gavinp+loader_chromium.org, jam, Nate Chapin, kinuko+watch, loading-reviews_chromium.org, nasko+codewatch_chromium.org, qsr+mojo_chromium.org, tyoshino+watch_chromium.org, viettrungluu+watch_chromium.org, Yoav Weiss, yzshen+watch_chromium.org, horo

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Declarative resource hints go through mojo IPC to //content This patch adds a mojo IPC route for preconnects / preresolves that are declared by site authors (i.e. not speculative). Speculative hints (anchor tag scanning, mouse hovering) still go through traditional IPC, and will be ported to this sytem (using a delegate system) in a follow up patch. BUG=610750, 565719

Patch Set 1 #

Patch Set 2 : remove platform dependency from KURL.typemap #

Patch Set 3 : #

Total comments: 6

Patch Set 4 : mek@ review #

Patch Set 5 #

Total comments: 19

Patch Set 6 : kinuko@ + yzshen@ reviews, also big refactor for mojo in Platform #

Patch Set 7 : Move PlatformMojoMock into platform/testing #

Patch Set 8 : Use unique_ptr to avoid memory leaks in unit tests #

Total comments: 27

Patch Set 9 : Don't kill NetworkHints yet #

Patch Set 10 : Update comment and get rid of the platform mock #

Total comments: 8

Patch Set 11 : kinuko@ review: comments and remove PlatformMojoMock.h from gypi #

Total comments: 2

Patch Set 12 : remove gmocking + add another browser test #

Total comments: 1

Created: 4 years, 6 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+361 lines, -65 lines)			Patch
M	chrome/browser/net/predictor_browsertest.cc	View		3 chunks	+3 lines, -25 lines	0 comments	Download
M	chrome/browser/renderer_host/chrome_render_message_filter.cc	View		2 chunks	+0 lines, -17 lines	0 comments	Download
D	chrome/test/data/predictor/dns_prefetch.html	View		1 chunk	+0 lines, -2 lines	0 comments	Download
M	content/browser/DEPS	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+1 line, -0 lines	0 comments	Download
A	content/browser/loader/resource_hints_browsertest.cc	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+89 lines, -0 lines	0 comments	Download
A	content/browser/loader/resource_hints_handler_impl.h	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+50 lines, -0 lines	0 comments	Download
A	content/browser/loader/resource_hints_handler_impl.cc	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+56 lines, -0 lines	0 comments	Download
M	content/browser/loader/resource_hints_impl.cc	View		3 chunks	+13 lines, -1 line	0 comments	Download
M	content/browser/renderer_host/render_process_host_impl.cc	View	1 2 3 4 5 6 7 8 9 10 11	2 chunks	+4 lines, -0 lines	0 comments	Download
M	content/content_browser.gypi	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+2 lines, -0 lines	0 comments	Download
M	content/content_tests.gypi	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+1 line, -0 lines	0 comments	Download
A +	content/test/data/resource_hints/dns_prefetch.html	View		0 chunks	+-1 lines, --1 lines	0 comments	Download
A	content/test/data/resource_hints/dns_prefetch_many.html	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+4 lines, -0 lines	0 comments	Download
M	third_party/WebKit/Source/core/html/HTMLAnchorElement.cpp	View	1 2 3 4 5 6 7 8	1 chunk	+1 line, -1 line	0 comments	Download
M	third_party/WebKit/Source/core/html/parser/HTMLResourcePreloaderTest.cpp	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+3 lines, -1 line	0 comments	Download
M	third_party/WebKit/Source/core/loader/FrameLoader.cpp	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+0 lines, -1 line	0 comments	Download
M	third_party/WebKit/Source/core/loader/LinkLoader.cpp	View	1 6 7 8	1 chunk	+1 line, -1 line	0 comments	Download
M	third_party/WebKit/Source/core/loader/LinkLoaderTest.cpp	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+1 line, -1 line	0 comments	Download
M	third_party/WebKit/Source/core/loader/NetworkHintsInterface.h	View	1 2 3 4 5 6 7 8	1 chunk	+3 lines, -3 lines	0 comments	Download
M	third_party/WebKit/Source/core/page/ChromeClient.cpp	View	1 2 3 4 5 6 7 8	1 chunk	+1 line, -1 line	0 comments	Download
M	third_party/WebKit/Source/platform/BUILD.gn	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+1 line, -0 lines	0 comments	Download
A	third_party/WebKit/Source/platform/PlatformMojoServices.h	View	1 2 3 4 5 6 7 8	1 chunk	+24 lines, -0 lines	0 comments	Download
A	third_party/WebKit/Source/platform/PlatformMojoServices.cpp	View	1 2 3 4 5 6 7 8	1 chunk	+25 lines, -0 lines	1 comment	Download
M	third_party/WebKit/Source/platform/blink_platform.gyp	View	1 2 3 4	1 chunk	+1 line, -0 lines	0 comments	Download
M	third_party/WebKit/Source/platform/blink_platform.gypi	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+2 lines, -0 lines	0 comments	Download
M	third_party/WebKit/Source/platform/exported/Platform.cpp	View	1 2 3 4 5 6 7 8 9 10 11	4 chunks	+11 lines, -0 lines	0 comments	Download
M	third_party/WebKit/Source/platform/mojo/KURL.typemap	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+6 lines, -2 lines	0 comments	Download
M	third_party/WebKit/Source/platform/mojo/SecurityOrigin.typemap	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+8 lines, -3 lines	0 comments	Download
M	third_party/WebKit/Source/platform/network/NetworkHints.h	View	1 2 3 4 5 6 7 8	1 chunk	+2 lines, -1 line	0 comments	Download
M	third_party/WebKit/Source/platform/network/NetworkHints.cpp	View	1 2 3 4 5 6 7 8	1 chunk	+9 lines, -5 lines	0 comments	Download
M	third_party/WebKit/public/BUILD.gn	View	1 2 3 4 5 6 7 8	1 chunk	+2 lines, -0 lines	0 comments	Download
M	third_party/WebKit/public/blink.gyp	View	1 2 3 4 5 6 7 8	3 chunks	+5 lines, -0 lines	0 comments	Download
M	third_party/WebKit/public/platform/Platform.h	View	1 2 3 4 5 6 7 8 9 10 11	4 chunks	+7 lines, -1 line	0 comments	Download
A	third_party/WebKit/public/platform/resource_hints.mojom	View	1 2 3 4 5 6 7 8 9 10	1 chunk	+26 lines, -0 lines	0 comments	Download

Messages

Total messages: 70 (10 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

Charlie Harrison

yzshen@, do you mind taking a look at this? I've refactored a bit since we ...

4 years, 6 months ago (2016-06-06 14:45:12 UTC) #2

Charlie Harrison

yzshen@, do you mind taking a look at this? I've refactored a bit since we ...

4 years, 6 months ago (2016-06-06 14:45:29 UTC) #4

Charlie Harrison

On 2016/06/06 14:45:29, csharrison wrote: > yzshen@, do you mind taking a look at this? ...

4 years, 6 months ago (2016-06-06 14:50:49 UTC) #5

yzshen1

On 2016/06/06 14:45:12, csharrison wrote: > yzshen@, do you mind taking a look at this? ...

4 years, 6 months ago (2016-06-06 21:12:07 UTC) #8

Charlie Harrison

On 2016/06/06 21:12:07, yzshen1 wrote: > On 2016/06/06 14:45:12, csharrison wrote: > > yzshen@, do ...

4 years, 6 months ago (2016-06-06 21:30:53 UTC) #9

Marijn Kruisselbrink

On 2016/06/06 at 21:30:53, csharrison wrote: > On 2016/06/06 21:12:07, yzshen1 wrote: > > On ...

4 years, 6 months ago (2016-06-06 21:36:34 UTC) #10

On 2016/06/06 at 21:30:53, csharrison wrote:
> On 2016/06/06 21:12:07, yzshen1 wrote:
> > On 2016/06/06 14:45:12, csharrison wrote:
> > > yzshen@, do you mind taking a look at this?
> > > 
> > > I've refactored a bit since we last spoke, and now the mojo client is in
> > > platform/.
> > I am not sure we have had a conversation about this particular work. Are you
> > sending this review to the right person? (Maybe I have totally lost track of
> > things? :))
> > 
> > > It seems like platform cannot reference mojom files yet, and adding a
> > > dependency to component("platform") with
> > > "third_party/WebKit/public:mojo_bindings" doesn't seem to work.
> > 
> > What is the problem that you see?
> 
> I see the exact same compile errors (i.e. undefined reference to
blink::mojom::blink::ResourceHintsDispatcherHostProxy::ResourceHintsDispatcherHostProxy...)
> 
> If I also add a dependency on "mojo_bindings_blink" (which I can't see the
definition for, for some reason), then I get a cyclic dependency:
> ERROR Dependency cycle:
>   //third_party/WebKit/Source/platform:platform ->
>   //third_party/WebKit/public:mojo_bindings_blink ->
>   //third_party/WebKit/public:mojo_bindings_blink_cpp_sources ->
>   //url/mojo:url_mojom_gurl_blink_cpp_sources ->
>   //third_party/WebKit/Source/platform:platform
> 
> I only tried this because that's what "modules" uses for dependencies (i.e.
mojo_bindings and mojo_bindings_blink).

Ah, fun... That sounds like (part of) the problem might be that I put the blink
typemaps for urls and origins in platform/, which currently means that any mojo
binding using urls ends up depending on platform (via the "deps" in
src/third_party/WebKit/Source/platform/mojo/KURL.typemap). I'm afraid I don't
have any helpful suggestions on what to do about this. Not sure which dependency
is "wrong" or how our build system (and in particular all the magic around GN
rules for mojo bindings) is supposed to work in these cases...

Charlie Harrison

On 2016/06/06 21:36:34, Marijn Kruisselbrink wrote: > On 2016/06/06 at 21:30:53, csharrison wrote: > > ...

4 years, 6 months ago (2016-06-06 21:50:12 UTC) #11

On 2016/06/06 21:36:34, Marijn Kruisselbrink wrote:
> On 2016/06/06 at 21:30:53, csharrison wrote:
> > On 2016/06/06 21:12:07, yzshen1 wrote:
> > > On 2016/06/06 14:45:12, csharrison wrote:
> > > > yzshen@, do you mind taking a look at this?
> > > > 
> > > > I've refactored a bit since we last spoke, and now the mojo client is in
> > > > platform/.
> > > I am not sure we have had a conversation about this particular work. Are
you
> > > sending this review to the right person? (Maybe I have totally lost track
of
> > > things? :))
> > > 
> > > > It seems like platform cannot reference mojom files yet, and adding a
> > > > dependency to component("platform") with
> > > > "third_party/WebKit/public:mojo_bindings" doesn't seem to work.
> > > 
> > > What is the problem that you see?
> > 
> > I see the exact same compile errors (i.e. undefined reference to
>
blink::mojom::blink::ResourceHintsDispatcherHostProxy::ResourceHintsDispatcherHostProxy...)
> > 
> > If I also add a dependency on "mojo_bindings_blink" (which I can't see the
> definition for, for some reason), then I get a cyclic dependency:
> > ERROR Dependency cycle:
> >   //third_party/WebKit/Source/platform:platform ->
> >   //third_party/WebKit/public:mojo_bindings_blink ->
> >   //third_party/WebKit/public:mojo_bindings_blink_cpp_sources ->
> >   //url/mojo:url_mojom_gurl_blink_cpp_sources ->
> >   //third_party/WebKit/Source/platform:platform
> > 
> > I only tried this because that's what "modules" uses for dependencies (i.e.
> mojo_bindings and mojo_bindings_blink).
> 
> Ah, fun... That sounds like (part of) the problem might be that I put the
blink
> typemaps for urls and origins in platform/, which currently means that any
mojo
> binding using urls ends up depending on platform (via the "deps" in
> src/third_party/WebKit/Source/platform/mojo/KURL.typemap). I'm afraid I don't
> have any helpful suggestions on what to do about this. Not sure which
dependency
> is "wrong" or how our build system (and in particular all the magic around GN
> rules for mojo bindings) is supposed to work in these cases...

Hm thanks for chiming in, mek@. Yeah this seems like it's probably the
fundamental problem.

In general, it seems like this should be possible, so I'd like to find a way to
do this without resorting to workarounds (I had a compileable version with the
mojo client in core but this is cleaner).

Is there a build expert who can help out on this?

yzshen1

On 2016/06/06 21:36:34, Marijn Kruisselbrink wrote: > On 2016/06/06 at 21:30:53, csharrison wrote: > > ...

4 years, 6 months ago (2016-06-06 22:12:37 UTC) #12

On 2016/06/06 21:36:34, Marijn Kruisselbrink wrote:
> On 2016/06/06 at 21:30:53, csharrison wrote:
> > On 2016/06/06 21:12:07, yzshen1 wrote:
> > > On 2016/06/06 14:45:12, csharrison wrote:
> > > > yzshen@, do you mind taking a look at this?
> > > > 
> > > > I've refactored a bit since we last spoke, and now the mojo client is in
> > > > platform/.
> > > I am not sure we have had a conversation about this particular work. Are
you
> > > sending this review to the right person? (Maybe I have totally lost track
of
> > > things? :))
> > > 
> > > > It seems like platform cannot reference mojom files yet, and adding a
> > > > dependency to component("platform") with
> > > > "third_party/WebKit/public:mojo_bindings" doesn't seem to work.
> > > 
> > > What is the problem that you see?
> > 
> > I see the exact same compile errors (i.e. undefined reference to
>
blink::mojom::blink::ResourceHintsDispatcherHostProxy::ResourceHintsDispatcherHostProxy...)
> > 
> > If I also add a dependency on "mojo_bindings_blink" (which I can't see the
> definition for, for some reason), then I get a cyclic dependency:
> > ERROR Dependency cycle:
> >   //third_party/WebKit/Source/platform:platform ->
> >   //third_party/WebKit/public:mojo_bindings_blink ->
> >   //third_party/WebKit/public:mojo_bindings_blink_cpp_sources ->
> >   //url/mojo:url_mojom_gurl_blink_cpp_sources ->
> >   //third_party/WebKit/Source/platform:platform
> > 
> > I only tried this because that's what "modules" uses for dependencies (i.e.
> mojo_bindings and mojo_bindings_blink).
> 
> Ah, fun... That sounds like (part of) the problem might be that I put the
blink
> typemaps for urls and origins in platform/, which currently means that any
mojo
> binding using urls ends up depending on platform (via the "deps" in
> src/third_party/WebKit/Source/platform/mojo/KURL.typemap). I'm afraid I don't
> have any helpful suggestions on what to do about this. Not sure which
dependency
> is "wrong" or how our build system (and in particular all the magic around GN
> rules for mojo bindings) is supposed to work in these cases...

Right. That seems to be the problem.

Some ideas that may work:
- remove the "platform" dependency from KURL.typemap and replace it with
something smaller: maybe just necessary GN config targets, and code that uses
generated bindings referring to KURL will need to explicitly depend on
"platform"; or
- put the user in a target separate from "platform".

WDYT?

Charlie Harrison

On 2016/06/06 22:12:37, yzshen1 wrote: > On 2016/06/06 21:36:34, Marijn Kruisselbrink wrote: > > On ...

4 years, 6 months ago (2016-06-07 20:15:49 UTC) #13

On 2016/06/06 22:12:37, yzshen1 wrote:
> On 2016/06/06 21:36:34, Marijn Kruisselbrink wrote:
> > On 2016/06/06 at 21:30:53, csharrison wrote:
> > > On 2016/06/06 21:12:07, yzshen1 wrote:
> > > > On 2016/06/06 14:45:12, csharrison wrote:
> > > > > yzshen@, do you mind taking a look at this?
> > > > > 
> > > > > I've refactored a bit since we last spoke, and now the mojo client is
in
> > > > > platform/.
> > > > I am not sure we have had a conversation about this particular work. Are
> you
> > > > sending this review to the right person? (Maybe I have totally lost
track
> of
> > > > things? :))
> > > > 
> > > > > It seems like platform cannot reference mojom files yet, and adding a
> > > > > dependency to component("platform") with
> > > > > "third_party/WebKit/public:mojo_bindings" doesn't seem to work.
> > > > 
> > > > What is the problem that you see?
> > > 
> > > I see the exact same compile errors (i.e. undefined reference to
> >
>
blink::mojom::blink::ResourceHintsDispatcherHostProxy::ResourceHintsDispatcherHostProxy...)
> > > 
> > > If I also add a dependency on "mojo_bindings_blink" (which I can't see the
> > definition for, for some reason), then I get a cyclic dependency:
> > > ERROR Dependency cycle:
> > >   //third_party/WebKit/Source/platform:platform ->
> > >   //third_party/WebKit/public:mojo_bindings_blink ->
> > >   //third_party/WebKit/public:mojo_bindings_blink_cpp_sources ->
> > >   //url/mojo:url_mojom_gurl_blink_cpp_sources ->
> > >   //third_party/WebKit/Source/platform:platform
> > > 
> > > I only tried this because that's what "modules" uses for dependencies
(i.e.
> > mojo_bindings and mojo_bindings_blink).
> > 
> > Ah, fun... That sounds like (part of) the problem might be that I put the
> blink
> > typemaps for urls and origins in platform/, which currently means that any
> mojo
> > binding using urls ends up depending on platform (via the "deps" in
> > src/third_party/WebKit/Source/platform/mojo/KURL.typemap). I'm afraid I
don't
> > have any helpful suggestions on what to do about this. Not sure which
> dependency
> > is "wrong" or how our build system (and in particular all the magic around
GN
> > rules for mojo bindings) is supposed to work in these cases...
> 
> Right. That seems to be the problem.
> 
> Some ideas that may work:
> - remove the "platform" dependency from KURL.typemap and replace it with
> something smaller: maybe just necessary GN config targets, and code that uses
> generated bindings referring to KURL will need to explicitly depend on
> "platform"; or
> - put the user in a target separate from "platform".
> 
> WDYT?

I've removed the "platform" dependency from KURL.typemap and gn builds are
looking good. I think we still need something to get GYP builds running but I
can't seem to figure it out. I've added dependencies on
public/blink.gyp:mojo_bindings as well as the KURL typemap.

Marijn Kruisselbrink

https://codereview.chromium.org/2043753002/diff/40001/third_party/WebKit/Source/platform/BUILD.gn File third_party/WebKit/Source/platform/BUILD.gn (right): https://codereview.chromium.org/2043753002/diff/40001/third_party/WebKit/Source/platform/BUILD.gn#newcode368 third_party/WebKit/Source/platform/BUILD.gn:368: "//third_party/WebKit/public:mojo_bindings", Why are you depending on the non-blink mojo ...

4 years, 6 months ago (2016-06-07 20:22:25 UTC) #15

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/2043753002/80001

4 years, 6 months ago (2016-06-08 04:43:00 UTC) #17

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: linux_chromium_chromeos_compile_dbg_ng on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_chromeos_compile_dbg_ng/builds/212856)

4 years, 6 months ago (2016-06-08 05:26:15 UTC) #19

Charlie Harrison

Thanks a lot mek@ for the help. Looks like everything is good now except chromeos ...

4 years, 6 months ago (2016-06-08 12:28:20 UTC) #20

yzshen1

https://codereview.chromium.org/2043753002/diff/80001/content/browser/loader/resource_hints_controller.cc File content/browser/loader/resource_hints_controller.cc (right): https://codereview.chromium.org/2043753002/diff/80001/content/browser/loader/resource_hints_controller.cc#newcode25 content/browser/loader/resource_hints_controller.cc:25: mojo::InterfaceRequest<blink::mojom::ResourceHintsDispatcherHost> request) { nit: in case you don't know, ...

4 years, 6 months ago (2016-06-08 17:40:54 UTC) #21

kinuko

https://codereview.chromium.org/2043753002/diff/80001/content/browser/loader/resource_hints_controller.cc File content/browser/loader/resource_hints_controller.cc (right): https://codereview.chromium.org/2043753002/diff/80001/content/browser/loader/resource_hints_controller.cc#newcode54 content/browser/loader/resource_hints_controller.cc:54: delete this; On 2016/06/08 17:40:53, yzshen1 wrote: > Please ...

4 years, 6 months ago (2016-06-09 07:09:19 UTC) #22

Charlie Harrison

Thanks for the reviews. Refactored the code so that all the calls go through Platform ...

4 years, 6 months ago (2016-06-10 14:20:00 UTC) #23

Thanks for the reviews. Refactored the code so that all the calls go through
Platform directly, which holds a PlatformMojoInterface for adding new mojo
handles / logic.

I kept the calls to preconnect/preresolve in Platform for ease of testing, where
creating a mock Platform is trivial and simplifies the unit tests a lot.

https://codereview.chromium.org/2043753002/diff/80001/content/browser/loader/...
File content/browser/loader/resource_hints_controller.cc (right):

https://codereview.chromium.org/2043753002/diff/80001/content/browser/loader/...
content/browser/loader/resource_hints_controller.cc:25:
mojo::InterfaceRequest<blink::mojom::ResourceHintsDispatcherHost> request) {
On 2016/06/08 at 17:40:53, yzshen1 wrote:
> nit: in case you don't know, you can use a shorter name
blink::mojom::ResourceHintsDispatcherHostRequest

Thank you :) done.

https://codereview.chromium.org/2043753002/diff/80001/content/browser/loader/...
content/browser/loader/resource_hints_controller.cc:30:
render_process_host->GetBrowserContext()->GetResourceContext(),
On 2016/06/08 at 17:40:53, yzshen1 wrote:
> Is it guaranteed that resource context outlives this post task and also the
resulted controller?

I'm unsure. What are the semantics of the channel's lifetime? The
ResourceContext will be destroyed when the IO thread is terminated
(~ProfileIOData, specifically). I chatted with mmenke@ who told me that
ProfileIOData will be deleted after WebContents/RenderFrame. If the strong
binding deletes us at that time I think we're good.

https://codereview.chromium.org/2043753002/diff/80001/content/browser/loader/...
content/browser/loader/resource_hints_controller.cc:54: delete this;
On 2016/06/09 at 07:09:19, kinuko wrote:
> On 2016/06/08 17:40:53, yzshen1 wrote:
> > Please take a look at strong_binding.h.
> > 
> > It does this for you.
> 
> Yeah we shouldn't need this.

Done. Thanks for the pointer.

https://codereview.chromium.org/2043753002/diff/80001/third_party/WebKit/Sour...
File third_party/WebKit/Source/platform/network/NetworkHints.cpp (right):

https://codereview.chromium.org/2043753002/diff/80001/third_party/WebKit/Sour...
third_party/WebKit/Source/platform/network/NetworkHints.cpp:54:
DEFINE_STATIC_LOCAL(ResourceHintsDispatcher, dispatcher, ());
On 2016/06/09 at 07:09:19, kinuko wrote:
> For platform-level mojo calls I'm still not fully sure if we should just keep
adding these as static (I imagine we'll have more)... I think we could possibly
think about gathering these in a single place, e.g. within Platform.

Good idea. This will make testing simpler too (I think we can use MockPlatform
instead of mocking NetworkHintsInterface).

https://codereview.chromium.org/2043753002/diff/80001/third_party/WebKit/Sour...
third_party/WebKit/Source/platform/network/NetworkHints.cpp:71:
DCHECK(!m_host.is_bound());
On 2016/06/08 at 17:40:53, yzshen1 wrote:
> nit: this DCHECK is not very useful because default constructed InterfacePtr
is always not bound.

Done.

https://codereview.chromium.org/2043753002/diff/80001/third_party/WebKit/Sour...
File third_party/WebKit/Source/platform/network/NetworkHints.h (right):

https://codereview.chromium.org/2043753002/diff/80001/third_party/WebKit/Sour...
third_party/WebKit/Source/platform/network/NetworkHints.h:45: class
ResourceHintsDispatcher {
On 2016/06/08 at 17:40:53, yzshen1 wrote:
> It seems this class can be hidden in an anonymous namespace in
NetworkHints.cpp?

Done.

https://codereview.chromium.org/2043753002/diff/80001/third_party/WebKit/publ...
File third_party/WebKit/public/platform/resource_hints.mojom (right):

https://codereview.chromium.org/2043753002/diff/80001/third_party/WebKit/publ...
third_party/WebKit/public/platform/resource_hints.mojom:13: interface
ResourceHintsDispatcherHost {
On 2016/06/09 at 07:09:19, kinuko wrote:
> On 2016/06/08 17:40:54, yzshen1 wrote:
> > Naming: I don't know details about this feature, does it make sense to call
it
> > something like ResourceHintsHandler/Reporter/etc? (consider this as an
optional
> > comment.)
> > 
> > Also, the methods could be Preconnect and Preresolve.
> 
> +1

Done. Changed to ResourceHintsHandler. I used the "Dispatcher/DispatcherHost" to
align with some other renderer <=> browser naming schemes, but Handler is
simpler.

https://codereview.chromium.org/2043753002/diff/80001/third_party/WebKit/publ...
third_party/WebKit/public/platform/resource_hints.mojom:14:
DispatchPreconnect(url.mojom.Url url, bool credentials_flag, uint8
num_connections);
On 2016/06/08 at 17:40:54, yzshen1 wrote:
> nit: 80 char line length

Done.

yzshen1

LGTM (for the way of using Mojo stuff; I don't know much about the resource ...

4 years, 6 months ago (2016-06-10 15:45:43 UTC) #24

Yoav Weiss

I'm probably not fully understanding the new tests, but at first glance it seems like ...

4 years, 6 months ago (2016-06-13 08:26:08 UTC) #26

Charlie Harrison

https://codereview.chromium.org/2043753002/diff/140001/third_party/WebKit/Source/core/html/parser/HTMLResourcePreloaderTest.cpp File third_party/WebKit/Source/core/html/parser/HTMLResourcePreloaderTest.cpp (right): https://codereview.chromium.org/2043753002/diff/140001/third_party/WebKit/Source/core/html/parser/HTMLResourcePreloaderTest.cpp#newcode54 third_party/WebKit/Source/core/html/parser/HTMLResourcePreloaderTest.cpp:54: preloader->preload(std::move(preloadRequest)); On 2016/06/13 at 08:26:08, Yoav Weiss wrote: > ...

4 years, 6 months ago (2016-06-14 19:28:45 UTC) #27

kinuko

https://codereview.chromium.org/2043753002/diff/140001/content/browser/loader/resource_hints_controller.h File content/browser/loader/resource_hints_controller.h (right): https://codereview.chromium.org/2043753002/diff/140001/content/browser/loader/resource_hints_controller.h#newcode20 content/browser/loader/resource_hints_controller.h:20: class ResourceHintsController : public blink::mojom::ResourceHintsHandler { nit: the most ...

4 years, 6 months ago (2016-06-16 05:39:59 UTC) #28

Charlie Harrison

Haven't uploaded the new PS until we come to agreement about NetworkHints.h / NetworkHintsInterface. If ...

4 years, 6 months ago (2016-06-16 11:00:20 UTC) #29

kinuko

https://codereview.chromium.org/2043753002/diff/140001/third_party/WebKit/Source/platform/network/NetworkHints.h File third_party/WebKit/Source/platform/network/NetworkHints.h (left): https://codereview.chromium.org/2043753002/diff/140001/third_party/WebKit/Source/platform/network/NetworkHints.h#oldcode38 third_party/WebKit/Source/platform/network/NetworkHints.h:38: PLATFORM_EXPORT void preconnect(const KURL&, const CrossOriginAttributeValue); On 2016/06/16 11:00:19, ...

4 years, 6 months ago (2016-06-16 13:04:50 UTC) #30

Charlie Harrison

4 years, 6 months ago (2016-06-16 14:41:20 UTC) #31

Charlie Harrison

Ok. I did my best to revert back to using all the NetworkHints infrastructure to ...

4 years, 6 months ago (2016-06-16 21:31:22 UTC) #32

kinuko

lgtm As you write we could probably cleanup the interfaces / glue code further, but ...

4 years, 6 months ago (2016-06-17 04:30:25 UTC) #33

Charlie Harrison

mmenke@, feel free to punt this if you're busy. The ResourceContext won't outlive the IO ...

4 years, 6 months ago (2016-06-17 06:43:11 UTC) #35

mmenke

https://codereview.chromium.org/2043753002/diff/200001/content/browser/loader/resource_hints_browsertest.cc File content/browser/loader/resource_hints_browsertest.cc (right): https://codereview.chromium.org/2043753002/diff/200001/content/browser/loader/resource_hints_browsertest.cc#newcode50 content/browser/loader/resource_hints_browsertest.cc:50: EXPECT_CALL(*mock_host_resolver_proc_, Resolve("chromium.org", _, _, _, _)) I'd recommend against ...

4 years, 6 months ago (2016-06-17 20:05:36 UTC) #36

Charlie Harrison

4 years, 6 months ago (2016-06-19 11:01:57 UTC) #37

kinuko

On 2016/06/19 11:01:57, csharrison wrote: > https://codereview.chromium.org/2043753002/diff/200001/content/browser/loader/resource_hints_browsertest.cc > File content/browser/loader/resource_hints_browsertest.cc (right): > > https://codereview.chromium.org/2043753002/diff/200001/content/browser/loader/resource_hints_browsertest.cc#newcode50 > ...

4 years, 6 months ago (2016-06-20 00:04:42 UTC) #38

Charlie Harrison

On 2016/06/20 00:04:42, kinuko wrote: > On 2016/06/19 11:01:57, csharrison wrote: > > > https://codereview.chromium.org/2043753002/diff/200001/content/browser/loader/resource_hints_browsertest.cc ...

4 years, 6 months ago (2016-06-20 01:35:44 UTC) #39

Charlie Harrison

Ok I removed the Gmock stuff in favor of a vector / helper methods. Thanks ...

4 years, 6 months ago (2016-06-20 17:27:34 UTC) #40

Charlie Harrison

+jochen@ for chrome_render_message_filter.cc. Feel free to look at other stuff if you want too :)

4 years, 6 months ago (2016-06-21 23:45:45 UTC) #42

mmenke

No need to wait for me to weigh in on this one, just to be ...

4 years, 6 months ago (2016-06-22 15:52:43 UTC) #44

Charlie Harrison

I chatted with mmenke@ offline about the lifetime issues I brought up earlier. Unfortunately, MessageLoop ...

4 years, 6 months ago (2016-06-22 18:11:47 UTC) #45

mmenke

On 2016/06/22 18:11:47, csharrison wrote: > I chatted with mmenke@ offline about the lifetime issues ...

4 years, 6 months ago (2016-06-22 18:39:01 UTC) #46

Charlie Harrison

On 2016/06/22 18:39:01, mmenke wrote: > On 2016/06/22 18:11:47, csharrison wrote: > > I chatted ...

4 years, 6 months ago (2016-06-22 19:12:44 UTC) #47

kinuko

one more nit.. https://codereview.chromium.org/2043753002/diff/220001/third_party/WebKit/Source/platform/PlatformMojoServices.cpp File third_party/WebKit/Source/platform/PlatformMojoServices.cpp (right): https://codereview.chromium.org/2043753002/diff/220001/third_party/WebKit/Source/platform/PlatformMojoServices.cpp#newcode17 third_party/WebKit/Source/platform/PlatformMojoServices.cpp:17: { Platform methods are exposed to ...

4 years, 6 months ago (2016-06-23 15:38:07 UTC) #48

yzshen1

On 2016/06/22 18:39:01, mmenke wrote: > On 2016/06/22 18:11:47, csharrison wrote: > > I chatted ...

4 years, 6 months ago (2016-06-23 16:19:38 UTC) #49

mmenke

On 2016/06/23 16:19:38, yzshen1 wrote: > On 2016/06/22 18:39:01, mmenke wrote: > > On 2016/06/22 ...

4 years, 6 months ago (2016-06-23 16:30:15 UTC) #50

Charlie Harrison

On 2016/06/23 16:19:38, yzshen1 wrote: > On 2016/06/22 18:39:01, mmenke wrote: > > On 2016/06/22 ...

4 years, 6 months ago (2016-06-23 16:32:55 UTC) #51

yzshen1

On Thu, Jun 23, 2016 at 9:30 AM, <mmenke@chromium.org> wrote: > On 2016/06/23 16:19:38, yzshen1 ...

4 years, 6 months ago (2016-06-23 18:14:37 UTC) #52

On Thu, Jun 23, 2016 at 9:30 AM, <mmenke@chromium.org> wrote:

> On 2016/06/23 16:19:38, yzshen1 wrote:
> > On 2016/06/22 18:39:01, mmenke wrote:
> > > On 2016/06/22 18:11:47, csharrison wrote:
> > > > I chatted with mmenke@ offline about the lifetime issues I brought
> up
> > earlier.
> > > >
> > > > Unfortunately, MessageLoop is destructed after ProfileIOData, so
> there's a
> > > > chance we could use-after-free here.
> > > >
> > > > yzshen@, is there a weaker guarantee here that the code is safe
> (i.e.
> maybe
> > > the
> > > > Handler object won't be killed, but its methods won't be called
> after some
> > > point
> > > > X)?
> >
> > Can we get some kind of notification from ProfileIOData or
> ResourceContext
> when
> > it is destroyed?
> >
> > > >
> > > > Alternatively, we're okay if we can prove that the renderer
> disconnects
> > before
> > > > the IO thread is destroyed.
> >
> > We probably shouldn't rely on renderer's behavior because (1) they are
> not
> > trusted (2) disconnect is notified asynchronously.
>
> True, but it seems like tearing down an RDH really should prevent us from
> getting renderer messages
>

Sorry I probably wasn't clear: I meant we shouldn't rely on the renderer
process to disconnect the mojo interface before the browser IO thread is
destroyed.
If you was suggesting that using RVH destruction as signal to disconnect
the mojo interface from the browser side, then I think it is fine.



> - I suspect most things don't expect to be receiving
> messages from a zombie process, except perhaps UMA data.
>
> > > Note that all RenderViewHosts should have been destroyed by the time
> the
> > > ProfileIOData is torn down, but I'd guess that's not enough to ensure
> Mojo
> for
> > > those processes is dead, and if we're getting mojo commands from
> non-renderer
> > > processes, or even the same process...That's still wouldn't be enough
> for
> any
> > > guarantees.
>
>
>
> https://codereview.chromium.org/2043753002/
>

-- 
You received this message because you are subscribed to the Google Groups "Blink
Reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-reviews+unsubscribe@chromium.org.

yzshen1

On Thu, Jun 23, 2016 at 9:30 AM, <mmenke@chromium.org> wrote: > On 2016/06/23 16:19:38, yzshen1 ...

4 years, 6 months ago (2016-06-23 18:14:37 UTC) #53

On Thu, Jun 23, 2016 at 9:30 AM, <mmenke@chromium.org> wrote:

> On 2016/06/23 16:19:38, yzshen1 wrote:
> > On 2016/06/22 18:39:01, mmenke wrote:
> > > On 2016/06/22 18:11:47, csharrison wrote:
> > > > I chatted with mmenke@ offline about the lifetime issues I brought
> up
> > earlier.
> > > >
> > > > Unfortunately, MessageLoop is destructed after ProfileIOData, so
> there's a
> > > > chance we could use-after-free here.
> > > >
> > > > yzshen@, is there a weaker guarantee here that the code is safe
> (i.e.
> maybe
> > > the
> > > > Handler object won't be killed, but its methods won't be called
> after some
> > > point
> > > > X)?
> >
> > Can we get some kind of notification from ProfileIOData or
> ResourceContext
> when
> > it is destroyed?
> >
> > > >
> > > > Alternatively, we're okay if we can prove that the renderer
> disconnects
> > before
> > > > the IO thread is destroyed.
> >
> > We probably shouldn't rely on renderer's behavior because (1) they are
> not
> > trusted (2) disconnect is notified asynchronously.
>
> True, but it seems like tearing down an RDH really should prevent us from
> getting renderer messages
>

Sorry I probably wasn't clear: I meant we shouldn't rely on the renderer
process to disconnect the mojo interface before the browser IO thread is
destroyed.
If you was suggesting that using RVH destruction as signal to disconnect
the mojo interface from the browser side, then I think it is fine.



> - I suspect most things don't expect to be receiving
> messages from a zombie process, except perhaps UMA data.
>
> > > Note that all RenderViewHosts should have been destroyed by the time
> the
> > > ProfileIOData is torn down, but I'd guess that's not enough to ensure
> Mojo
> for
> > > those processes is dead, and if we're getting mojo commands from
> non-renderer
> > > processes, or even the same process...That's still wouldn't be enough
> for
> any
> > > guarantees.
>
>
>
> https://codereview.chromium.org/2043753002/
>

-- 
You received this message because you are subscribed to the Google Groups
"Chromium-reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

kinuko

On 2016/06/23 16:32:55, csharrison wrote: > On 2016/06/23 16:19:38, yzshen1 wrote: > > On 2016/06/22 ...

4 years, 6 months ago (2016-06-24 05:36:24 UTC) #54

On 2016/06/23 16:32:55, csharrison wrote:
> On 2016/06/23 16:19:38, yzshen1 wrote:
> > On 2016/06/22 18:39:01, mmenke wrote:
> > > On 2016/06/22 18:11:47, csharrison wrote:
> > > > I chatted with mmenke@ offline about the lifetime issues I brought up
> > earlier.
> > > > 
> > > > Unfortunately, MessageLoop is destructed after ProfileIOData, so there's
a
> > > > chance we could use-after-free here.
> > > > 
> > > > yzshen@, is there a weaker guarantee here that the code is safe (i.e.
> maybe
> > > the
> > > > Handler object won't be killed, but its methods won't be called after
some
> > > point
> > > > X)?
> > 
> > Can we get some kind of notification from ProfileIOData or ResourceContext
> when
> > it is destroyed?
> I'll be a little tricky. ProfileIOData could probably send a notification
> somewhere, but it is a //chrome object and this code is //content. We could
> 1. Add methods to ResourceContext to safely scope bindings. ResourceContext
can
> properly destroy them when it is destroyed.

We've been having several ResourceContext u-a-f issues in other //content
modules too (regardless of mojo usage), one idea that has been proposed several
times was to let ResourceContext support WeakPtr semantics, while this has never
been implemented because 1. general skepticism / code health concern around
WeakPtr usage, and 2. such unsafe access happens mostly during browser shutdown
sequence, which is usually not really exploitable (and many other things could
happen during shutdown) so the risk is considered relatively lower priority...
given that I don't feel the lifetime issue needs to be a blocker of this change,
while it'd be really nice that we have clearer lifetime guarantees with mojo.

> 2. Add general mojo functionality to destroy bindings when ProfileIOData goes
> away

> There's other ideas mmenke@ and I had, but none really feel that great.
Talking
> to him, it seems like other IO thread objects have similar lifetime issues
with
> mojo. It would be great if we could come up with a general strategy here that
> could be used elsewhere.
> > 
> > > > 
> > > > Alternatively, we're okay if we can prove that the renderer disconnects
> > before
> > > > the IO thread is destroyed.
> > 
> > We probably shouldn't rely on renderer's behavior because (1) they are not
> > trusted (2) disconnect is notified asynchronously.
> Noted, yeah these are both good points.
> > 
> > > 
> > > Note that all RenderViewHosts should have been destroyed by the time the
> > > ProfileIOData is torn down, but I'd guess that's not enough to ensure Mojo
> for
> > > those processes is dead, and if we're getting mojo commands from
> non-renderer
> > > processes, or even the same process...That's still wouldn't be enough for
> any
> > > guarantees.

Charlie Harrison

On 2016/06/24 05:36:24, kinuko wrote: > On 2016/06/23 16:32:55, csharrison wrote: > > On 2016/06/23 ...

4 years, 5 months ago (2016-06-24 12:31:01 UTC) #55

On 2016/06/24 05:36:24, kinuko wrote:
> On 2016/06/23 16:32:55, csharrison wrote:
> > On 2016/06/23 16:19:38, yzshen1 wrote:
> > > On 2016/06/22 18:39:01, mmenke wrote:
> > > > On 2016/06/22 18:11:47, csharrison wrote:
> > > > > I chatted with mmenke@ offline about the lifetime issues I brought up
> > > earlier.
> > > > > 
> > > > > Unfortunately, MessageLoop is destructed after ProfileIOData, so
there's
> a
> > > > > chance we could use-after-free here.
> > > > > 
> > > > > yzshen@, is there a weaker guarantee here that the code is safe (i.e.
> > maybe
> > > > the
> > > > > Handler object won't be killed, but its methods won't be called after
> some
> > > > point
> > > > > X)?
> > > 
> > > Can we get some kind of notification from ProfileIOData or ResourceContext
> > when
> > > it is destroyed?
> > I'll be a little tricky. ProfileIOData could probably send a notification
> > somewhere, but it is a //chrome object and this code is //content. We could
> > 1. Add methods to ResourceContext to safely scope bindings. ResourceContext
> can
> > properly destroy them when it is destroyed.
> 
> We've been having several ResourceContext u-a-f issues in other //content
> modules too (regardless of mojo usage), one idea that has been proposed
several
> times was to let ResourceContext support WeakPtr semantics, while this has
never
> been implemented because 1. general skepticism / code health concern around
> WeakPtr usage, and 2. such unsafe access happens mostly during browser
shutdown
> sequence, which is usually not really exploitable (and many other things could
> happen during shutdown) so the risk is considered relatively lower priority...
> given that I don't feel the lifetime issue needs to be a blocker of this
change,
> while it'd be really nice that we have clearer lifetime guarantees with mojo.
Thanks for the additional context. Is there a crbug out for the ResourceContext
lifetime issues already? Otherwise let's make one.

mmenke@, how does landing this as-is sound to you?
> 
> > 2. Add general mojo functionality to destroy bindings when ProfileIOData
goes
> > away
> 
> > There's other ideas mmenke@ and I had, but none really feel that great.
> Talking
> > to him, it seems like other IO thread objects have similar lifetime issues
> with
> > mojo. It would be great if we could come up with a general strategy here
that
> > could be used elsewhere.
> > > 
> > > > > 
> > > > > Alternatively, we're okay if we can prove that the renderer
disconnects
> > > before
> > > > > the IO thread is destroyed.
> > > 
> > > We probably shouldn't rely on renderer's behavior because (1) they are not
> > > trusted (2) disconnect is notified asynchronously.
> > Noted, yeah these are both good points.
> > > 
> > > > 
> > > > Note that all RenderViewHosts should have been destroyed by the time the
> > > > ProfileIOData is torn down, but I'd guess that's not enough to ensure
Mojo
> > for
> > > > those processes is dead, and if we're getting mojo commands from
> > non-renderer
> > > > processes, or even the same process...That's still wouldn't be enough
for
> > any
> > > > guarantees.

mmenke

On 2016/06/24 12:31:01, csharrison wrote: > On 2016/06/24 05:36:24, kinuko wrote: > > On 2016/06/23 ...

4 years, 5 months ago (2016-06-24 12:36:40 UTC) #56

On 2016/06/24 12:31:01, csharrison wrote:
> On 2016/06/24 05:36:24, kinuko wrote:
> > On 2016/06/23 16:32:55, csharrison wrote:
> > > On 2016/06/23 16:19:38, yzshen1 wrote:
> > > > On 2016/06/22 18:39:01, mmenke wrote:
> > > > > On 2016/06/22 18:11:47, csharrison wrote:
> > > > > > I chatted with mmenke@ offline about the lifetime issues I brought
up
> > > > earlier.
> > > > > > 
> > > > > > Unfortunately, MessageLoop is destructed after ProfileIOData, so
> there's
> > a
> > > > > > chance we could use-after-free here.
> > > > > > 
> > > > > > yzshen@, is there a weaker guarantee here that the code is safe
(i.e.
> > > maybe
> > > > > the
> > > > > > Handler object won't be killed, but its methods won't be called
after
> > some
> > > > > point
> > > > > > X)?
> > > > 
> > > > Can we get some kind of notification from ProfileIOData or
ResourceContext
> > > when
> > > > it is destroyed?
> > > I'll be a little tricky. ProfileIOData could probably send a notification
> > > somewhere, but it is a //chrome object and this code is //content. We
could
> > > 1. Add methods to ResourceContext to safely scope bindings.
ResourceContext
> > can
> > > properly destroy them when it is destroyed.
> > 
> > We've been having several ResourceContext u-a-f issues in other //content
> > modules too (regardless of mojo usage), one idea that has been proposed
> several
> > times was to let ResourceContext support WeakPtr semantics, while this has
> never
> > been implemented because 1. general skepticism / code health concern around
> > WeakPtr usage, and 2. such unsafe access happens mostly during browser
> shutdown
> > sequence, which is usually not really exploitable (and many other things
could
> > happen during shutdown) so the risk is considered relatively lower
priority...
> > given that I don't feel the lifetime issue needs to be a blocker of this
> change,
> > while it'd be really nice that we have clearer lifetime guarantees with
mojo.
> Thanks for the additional context. Is there a crbug out for the
ResourceContext
> lifetime issues already? Otherwise let's make one.
> 
> mmenke@, how does landing this as-is sound to you?

I haven't really looked at this CL, but it's worth noting this isn't only an
issue during shutdown:  It's also a problem when closing the last incognito
window.

I'm not a fan of landing known crashy code, even if we have a clear way forward.
 In this case, I don't think we even have that.

mmenke

On 2016/06/24 12:36:40, mmenke wrote: > On 2016/06/24 12:31:01, csharrison wrote: > > On 2016/06/24 ...

4 years, 5 months ago (2016-06-24 12:37:12 UTC) #57

On 2016/06/24 12:36:40, mmenke wrote:
> On 2016/06/24 12:31:01, csharrison wrote:
> > On 2016/06/24 05:36:24, kinuko wrote:
> > > On 2016/06/23 16:32:55, csharrison wrote:
> > > > On 2016/06/23 16:19:38, yzshen1 wrote:
> > > > > On 2016/06/22 18:39:01, mmenke wrote:
> > > > > > On 2016/06/22 18:11:47, csharrison wrote:
> > > > > > > I chatted with mmenke@ offline about the lifetime issues I brought
> up
> > > > > earlier.
> > > > > > > 
> > > > > > > Unfortunately, MessageLoop is destructed after ProfileIOData, so
> > there's
> > > a
> > > > > > > chance we could use-after-free here.
> > > > > > > 
> > > > > > > yzshen@, is there a weaker guarantee here that the code is safe
> (i.e.
> > > > maybe
> > > > > > the
> > > > > > > Handler object won't be killed, but its methods won't be called
> after
> > > some
> > > > > > point
> > > > > > > X)?
> > > > > 
> > > > > Can we get some kind of notification from ProfileIOData or
> ResourceContext
> > > > when
> > > > > it is destroyed?
> > > > I'll be a little tricky. ProfileIOData could probably send a
notification
> > > > somewhere, but it is a //chrome object and this code is //content. We
> could
> > > > 1. Add methods to ResourceContext to safely scope bindings.
> ResourceContext
> > > can
> > > > properly destroy them when it is destroyed.
> > > 
> > > We've been having several ResourceContext u-a-f issues in other //content
> > > modules too (regardless of mojo usage), one idea that has been proposed
> > several
> > > times was to let ResourceContext support WeakPtr semantics, while this has
> > never
> > > been implemented because 1. general skepticism / code health concern
around
> > > WeakPtr usage, and 2. such unsafe access happens mostly during browser
> > shutdown
> > > sequence, which is usually not really exploitable (and many other things
> could
> > > happen during shutdown) so the risk is considered relatively lower
> priority...
> > > given that I don't feel the lifetime issue needs to be a blocker of this
> > change,
> > > while it'd be really nice that we have clearer lifetime guarantees with
> mojo.
> > Thanks for the additional context. Is there a crbug out for the
> ResourceContext
> > lifetime issues already? Otherwise let's make one.
> > 
> > mmenke@, how does landing this as-is sound to you?
> 
> I haven't really looked at this CL, but it's worth noting this isn't only an
> issue during shutdown:  It's also a problem when closing the last incognito
> window.

That's assuming the object is per-profile, and not a global of some sort.

> 
> I'm not a fan of landing known crashy code, even if we have a clear way
forward.
>  In this case, I don't think we even have that.

mmenke

On 2016/06/24 12:37:12, mmenke wrote: > On 2016/06/24 12:36:40, mmenke wrote: > > On 2016/06/24 ...

4 years, 5 months ago (2016-06-24 12:38:20 UTC) #58

On 2016/06/24 12:37:12, mmenke wrote:
> On 2016/06/24 12:36:40, mmenke wrote:
> > On 2016/06/24 12:31:01, csharrison wrote:
> > > On 2016/06/24 05:36:24, kinuko wrote:
> > > > On 2016/06/23 16:32:55, csharrison wrote:
> > > > > On 2016/06/23 16:19:38, yzshen1 wrote:
> > > > > > On 2016/06/22 18:39:01, mmenke wrote:
> > > > > > > On 2016/06/22 18:11:47, csharrison wrote:
> > > > > > > > I chatted with mmenke@ offline about the lifetime issues I
brought
> > up
> > > > > > earlier.
> > > > > > > > 
> > > > > > > > Unfortunately, MessageLoop is destructed after ProfileIOData, so
> > > there's
> > > > a
> > > > > > > > chance we could use-after-free here.
> > > > > > > > 
> > > > > > > > yzshen@, is there a weaker guarantee here that the code is safe
> > (i.e.
> > > > > maybe
> > > > > > > the
> > > > > > > > Handler object won't be killed, but its methods won't be called
> > after
> > > > some
> > > > > > > point
> > > > > > > > X)?
> > > > > > 
> > > > > > Can we get some kind of notification from ProfileIOData or
> > ResourceContext
> > > > > when
> > > > > > it is destroyed?
> > > > > I'll be a little tricky. ProfileIOData could probably send a
> notification
> > > > > somewhere, but it is a //chrome object and this code is //content. We
> > could
> > > > > 1. Add methods to ResourceContext to safely scope bindings.
> > ResourceContext
> > > > can
> > > > > properly destroy them when it is destroyed.
> > > > 
> > > > We've been having several ResourceContext u-a-f issues in other
//content
> > > > modules too (regardless of mojo usage), one idea that has been proposed
> > > several
> > > > times was to let ResourceContext support WeakPtr semantics, while this
has
> > > never
> > > > been implemented because 1. general skepticism / code health concern
> around
> > > > WeakPtr usage, and 2. such unsafe access happens mostly during browser
> > > shutdown
> > > > sequence, which is usually not really exploitable (and many other things
> > could
> > > > happen during shutdown) so the risk is considered relatively lower
> > priority...
> > > > given that I don't feel the lifetime issue needs to be a blocker of this
> > > change,
> > > > while it'd be really nice that we have clearer lifetime guarantees with
> > mojo.
> > > Thanks for the additional context. Is there a crbug out for the
> > ResourceContext
> > > lifetime issues already? Otherwise let's make one.
> > > 
> > > mmenke@, how does landing this as-is sound to you?
> > 
> > I haven't really looked at this CL, but it's worth noting this isn't only an
> > issue during shutdown:  It's also a problem when closing the last incognito
> > window.
> 
> That's assuming the object is per-profile, and not a global of some sort.

Oops...doesn't matter, I guess - the issue is the RC goes away, not the mojo
thingy.  So Incognito is an issue, etiher way.

> 
> > 
> > I'm not a fan of landing known crashy code, even if we have a clear way
> forward.
> >  In this case, I don't think we even have that.

Charlie Harrison

Yes, mmenke@ is right. For incognito mode we have to rely on the connection to ...

4 years, 5 months ago (2016-06-24 13:20:16 UTC) #59

mmenke

On 2016/06/24 13:20:16, csharrison wrote: > Yes, mmenke@ is right. For incognito mode we have ...

4 years, 5 months ago (2016-06-24 14:18:15 UTC) #60

kinuko

On 2016/06/24 14:18:15, mmenke wrote: > On 2016/06/24 13:20:16, csharrison wrote: > > Yes, mmenke@ ...

4 years, 5 months ago (2016-06-27 04:29:40 UTC) #61

On 2016/06/24 14:18:15, mmenke wrote:
> On 2016/06/24 13:20:16, csharrison wrote:
> > Yes, mmenke@ is right. For incognito mode we have to rely on the connection
to
> > the renderer closing before profile destruction.
> > 
> > kinuko@, I wouldn't be surprised if the other consumers of ResourceContext
> might
> > also be burned by this incognito problem. i.e. we have a subset of
> > ResourceContext's that go away before browser shutdown.

Well yes, incognito could be an issue, I should have mentioned that too.

And reg: relevang crbugs: here're some (and there're a lot many that have either
been fixed by a local bandaid or wontfix'ed):
crbug.com/91398 crbug.com/243840 crbug.com/411736 crbug.com/529896

We should fix this problem, yes, while I didn't feel like we want this change to
be totally blocked until we figure out this entire lifetime problem. (I wanted
to have the blink::Platform related change landed so I might have phrased things
in a bit too optimistic way)

> > In that case, do we want to move forward w/ WeakPtr semantics, or were there
> > other plans to solve this general problem?
> 
> Having everything use a WeakPtr for this really doesn't seem like a great
idea. 
> I'm not sufficiently familiar with the relevant content/ architecture to
suggest
> a better one, but think we should do some more thinking about it before
rushing
> ahead with that approach.

I'm not supporting that we should be rushing ahead ahead with WeakPtr solution
either, while I'm not fully convinced by an argument like WeakPtr is a plain bad
solution for this type of problem-- but there could be other options too.

Hm... ok we could probably at least make sure we try to reset / cut down mojo
handlers in profile shutdown sequence as much as we do today with RVH -> RPH
before landing this, while we can continue to look for a better longer term
solution reg: ResourceContext lifetime and ProfileIO shutdown sequence
separately. Does that sound sane / am I reading your concern correctly?

Charlie Harrison

On 2016/06/27 at 04:29:40, kinuko wrote: > On 2016/06/24 14:18:15, mmenke wrote: > > On ...

4 years, 5 months ago (2016-06-27 13:11:52 UTC) #62

On 2016/06/27 at 04:29:40, kinuko wrote:
> On 2016/06/24 14:18:15, mmenke wrote:
> > On 2016/06/24 13:20:16, csharrison wrote:
> > > Yes, mmenke@ is right. For incognito mode we have to rely on the
connection to
> > > the renderer closing before profile destruction.
> > > 
> > > kinuko@, I wouldn't be surprised if the other consumers of ResourceContext
> > might
> > > also be burned by this incognito problem. i.e. we have a subset of
> > > ResourceContext's that go away before browser shutdown.
> 
> Well yes, incognito could be an issue, I should have mentioned that too.
> 
> And reg: relevang crbugs: here're some (and there're a lot many that have
either been fixed by a local bandaid or wontfix'ed):
> crbug.com/91398 crbug.com/243840 crbug.com/411736 crbug.com/529896
Thanks for the links!
> 
> We should fix this problem, yes, while I didn't feel like we want this change
to be totally blocked until we figure out this entire lifetime problem. (I
wanted to have the blink::Platform related change landed so I might have phrased
things in a bit too optimistic way)
I agree. I would be happy with a bandaid fix if we can find one :)
> 
> > > In that case, do we want to move forward w/ WeakPtr semantics, or were
there
> > > other plans to solve this general problem?
> > 
> > Having everything use a WeakPtr for this really doesn't seem like a great
idea. 
> > I'm not sufficiently familiar with the relevant content/ architecture to
suggest
> > a better one, but think we should do some more thinking about it before
rushing
> > ahead with that approach.
> 
> I'm not supporting that we should be rushing ahead ahead with WeakPtr solution
either, while I'm not fully convinced by an argument like WeakPtr is a plain bad
solution for this type of problem-- but there could be other options too.
> 
> Hm... ok we could probably at least make sure we try to reset / cut down mojo
handlers in profile shutdown sequence as much as we do today with RVH -> RPH
before landing this, while we can continue to look for a better longer term
solution reg: ResourceContext lifetime and ProfileIO shutdown sequence
separately. Does that sound sane / am I reading your concern correctly?
Resetting mojo handlers in profile shutdown SGTM if we can figure out a good way
to accomplish it. I'm a little nervous that some interfaces will expect to live
longer and we'll introduce bugs if we close connections wholesale though.
yzshen@, thoughts?

yzshen1

On 2016/06/27 13:11:52, csharrison wrote: > On 2016/06/27 at 04:29:40, kinuko wrote: > > On ...

4 years, 5 months ago (2016-06-28 20:40:27 UTC) #63

On 2016/06/27 13:11:52, csharrison wrote:
> On 2016/06/27 at 04:29:40, kinuko wrote:
> > On 2016/06/24 14:18:15, mmenke wrote:
> > > On 2016/06/24 13:20:16, csharrison wrote:
> > > > Yes, mmenke@ is right. For incognito mode we have to rely on the
> connection to
> > > > the renderer closing before profile destruction.
> > > > 
> > > > kinuko@, I wouldn't be surprised if the other consumers of
ResourceContext
> > > might
> > > > also be burned by this incognito problem. i.e. we have a subset of
> > > > ResourceContext's that go away before browser shutdown.
> > 
> > Well yes, incognito could be an issue, I should have mentioned that too.
> > 
> > And reg: relevang crbugs: here're some (and there're a lot many that have
> either been fixed by a local bandaid or wontfix'ed):
> > crbug.com/91398 crbug.com/243840 crbug.com/411736 crbug.com/529896
> Thanks for the links!
> > 
> > We should fix this problem, yes, while I didn't feel like we want this
change
> to be totally blocked until we figure out this entire lifetime problem. (I
> wanted to have the blink::Platform related change landed so I might have
phrased
> things in a bit too optimistic way)
> I agree. I would be happy with a bandaid fix if we can find one :)
> > 
> > > > In that case, do we want to move forward w/ WeakPtr semantics, or were
> there
> > > > other plans to solve this general problem?
> > > 
> > > Having everything use a WeakPtr for this really doesn't seem like a great
> idea. 
> > > I'm not sufficiently familiar with the relevant content/ architecture to
> suggest
> > > a better one, but think we should do some more thinking about it before
> rushing
> > > ahead with that approach.
> > 
> > I'm not supporting that we should be rushing ahead ahead with WeakPtr
solution
> either, while I'm not fully convinced by an argument like WeakPtr is a plain
bad
> solution for this type of problem-- but there could be other options too.
> > 
> > Hm... ok we could probably at least make sure we try to reset / cut down
mojo
> handlers in profile shutdown sequence as much as we do today with RVH -> RPH
> before landing this, while we can continue to look for a better longer term
> solution reg: ResourceContext lifetime and ProfileIO shutdown sequence
> separately. Does that sound sane / am I reading your concern correctly?
> Resetting mojo handlers in profile shutdown SGTM if we can figure out a good
way
> to accomplish it. I'm a little nervous that some interfaces will expect to
live
> longer and we'll introduce bugs if we close connections wholesale though.
> yzshen@, thoughts?

I am not sure I have understood the idea yet: what do you mean by closing
connections wholesale? Would you please explain a little more? Do you mean
terminating all message pipes at the mojo system layer? That basically means we
tearing down entire IPC support before destructing ProfileIO. I don't know for
sure, but that probably won't work well.

It seems to me we still have to have some kind of destruction observer allowing
users of ProfileData to observe its destruction and do whatever cleanup they
want.

mmenke

On 2016/06/28 20:40:27, yzshen1 wrote: > On 2016/06/27 13:11:52, csharrison wrote: > > On 2016/06/27 ...

4 years, 5 months ago (2016-06-28 20:46:14 UTC) #64

On 2016/06/28 20:40:27, yzshen1 wrote:
> On 2016/06/27 13:11:52, csharrison wrote:
> > On 2016/06/27 at 04:29:40, kinuko wrote:
> > > On 2016/06/24 14:18:15, mmenke wrote:
> > > > On 2016/06/24 13:20:16, csharrison wrote:
> > > > > Yes, mmenke@ is right. For incognito mode we have to rely on the
> > connection to
> > > > > the renderer closing before profile destruction.
> > > > > 
> > > > > kinuko@, I wouldn't be surprised if the other consumers of
> ResourceContext
> > > > might
> > > > > also be burned by this incognito problem. i.e. we have a subset of
> > > > > ResourceContext's that go away before browser shutdown.
> > > 
> > > Well yes, incognito could be an issue, I should have mentioned that too.
> > > 
> > > And reg: relevang crbugs: here're some (and there're a lot many that have
> > either been fixed by a local bandaid or wontfix'ed):
> > > crbug.com/91398 crbug.com/243840 crbug.com/411736 crbug.com/529896
> > Thanks for the links!
> > > 
> > > We should fix this problem, yes, while I didn't feel like we want this
> change
> > to be totally blocked until we figure out this entire lifetime problem. (I
> > wanted to have the blink::Platform related change landed so I might have
> phrased
> > things in a bit too optimistic way)
> > I agree. I would be happy with a bandaid fix if we can find one :)
> > > 
> > > > > In that case, do we want to move forward w/ WeakPtr semantics, or were
> > there
> > > > > other plans to solve this general problem?
> > > > 
> > > > Having everything use a WeakPtr for this really doesn't seem like a
great
> > idea. 
> > > > I'm not sufficiently familiar with the relevant content/ architecture to
> > suggest
> > > > a better one, but think we should do some more thinking about it before
> > rushing
> > > > ahead with that approach.
> > > 
> > > I'm not supporting that we should be rushing ahead ahead with WeakPtr
> solution
> > either, while I'm not fully convinced by an argument like WeakPtr is a plain
> bad
> > solution for this type of problem-- but there could be other options too.
> > > 
> > > Hm... ok we could probably at least make sure we try to reset / cut down
> mojo
> > handlers in profile shutdown sequence as much as we do today with RVH -> RPH
> > before landing this, while we can continue to look for a better longer term
> > solution reg: ResourceContext lifetime and ProfileIO shutdown sequence
> > separately. Does that sound sane / am I reading your concern correctly?
> > Resetting mojo handlers in profile shutdown SGTM if we can figure out a good
> way
> > to accomplish it. I'm a little nervous that some interfaces will expect to
> live
> > longer and we'll introduce bugs if we close connections wholesale though.
> > yzshen@, thoughts?
> 
> I am not sure I have understood the idea yet: what do you mean by closing
> connections wholesale? Would you please explain a little more? Do you mean
> terminating all message pipes at the mojo system layer? That basically means
we
> tearing down entire IPC support before destructing ProfileIO. I don't know for
> sure, but that probably won't work well.
> 
> It seems to me we still have to have some kind of destruction observer
allowing
> users of ProfileData to observe its destruction and do whatever cleanup they
> want.

Note that this isn't an observer of ProfileData.  This is a content class, and
doesn't even know about the class.  The chrome/content divide seems to be what
makes this a pain to do.  If everything were on one side of the divide, this
could just be owned by ProfileIOData, and browser/loader code could just get the
pointer from ProfileIOData directly.

Charlie Harrison

On 2016/06/28 at 20:40:27, yzshen wrote: > On 2016/06/27 13:11:52, csharrison wrote: > > On ...

4 years, 5 months ago (2016-06-28 20:47:30 UTC) #65

On 2016/06/28 at 20:40:27, yzshen wrote:
> On 2016/06/27 13:11:52, csharrison wrote:
> > On 2016/06/27 at 04:29:40, kinuko wrote:
> > > On 2016/06/24 14:18:15, mmenke wrote:
> > > > On 2016/06/24 13:20:16, csharrison wrote:
> > > > > Yes, mmenke@ is right. For incognito mode we have to rely on the
> > connection to
> > > > > the renderer closing before profile destruction.
> > > > > 
> > > > > kinuko@, I wouldn't be surprised if the other consumers of
ResourceContext
> > > > might
> > > > > also be burned by this incognito problem. i.e. we have a subset of
> > > > > ResourceContext's that go away before browser shutdown.
> > > 
> > > Well yes, incognito could be an issue, I should have mentioned that too.
> > > 
> > > And reg: relevang crbugs: here're some (and there're a lot many that have
> > either been fixed by a local bandaid or wontfix'ed):
> > > crbug.com/91398 crbug.com/243840 crbug.com/411736 crbug.com/529896
> > Thanks for the links!
> > > 
> > > We should fix this problem, yes, while I didn't feel like we want this
change
> > to be totally blocked until we figure out this entire lifetime problem. (I
> > wanted to have the blink::Platform related change landed so I might have
phrased
> > things in a bit too optimistic way)
> > I agree. I would be happy with a bandaid fix if we can find one :)
> > > 
> > > > > In that case, do we want to move forward w/ WeakPtr semantics, or were
> > there
> > > > > other plans to solve this general problem?
> > > > 
> > > > Having everything use a WeakPtr for this really doesn't seem like a
great
> > idea. 
> > > > I'm not sufficiently familiar with the relevant content/ architecture to
> > suggest
> > > > a better one, but think we should do some more thinking about it before
> > rushing
> > > > ahead with that approach.
> > > 
> > > I'm not supporting that we should be rushing ahead ahead with WeakPtr
solution
> > either, while I'm not fully convinced by an argument like WeakPtr is a plain
bad
> > solution for this type of problem-- but there could be other options too.
> > > 
> > > Hm... ok we could probably at least make sure we try to reset / cut down
mojo
> > handlers in profile shutdown sequence as much as we do today with RVH -> RPH
> > before landing this, while we can continue to look for a better longer term
> > solution reg: ResourceContext lifetime and ProfileIO shutdown sequence
> > separately. Does that sound sane / am I reading your concern correctly?
> > Resetting mojo handlers in profile shutdown SGTM if we can figure out a good
way
> > to accomplish it. I'm a little nervous that some interfaces will expect to
live
> > longer and we'll introduce bugs if we close connections wholesale though.
> > yzshen@, thoughts?
> 
> I am not sure I have understood the idea yet: what do you mean by closing
connections wholesale? Would you please explain a little more? Do you mean
terminating all message pipes at the mojo system layer? That basically means we
tearing down entire IPC support before destructing ProfileIO. I don't know for
sure, but that probably won't work well.
> 
> It seems to me we still have to have some kind of destruction observer
allowing users of ProfileData to observe its destruction and do whatever cleanup
they want.

I think kinuko@ and I were thinking of something more specific to mojo than a
general destruction observer of ProfileIOData. I'm not quite sure what it would
look like, as obviously terminating all message pipes could not work. Maybe
there could be a service registry for profile scoped pipes? 

I think your proposal of a ProfileIO destruction observer (in //content) would
solve the shutdown cleanup described by kinuko@ in #61.

yzshen1

On 2016/06/28 20:47:30, csharrison wrote: > On 2016/06/28 at 20:40:27, yzshen wrote: > > On ...

4 years, 5 months ago (2016-06-30 16:22:56 UTC) #66

On 2016/06/28 20:47:30, csharrison wrote:
> On 2016/06/28 at 20:40:27, yzshen wrote:
> > On 2016/06/27 13:11:52, csharrison wrote:
> > > On 2016/06/27 at 04:29:40, kinuko wrote:
> > > > On 2016/06/24 14:18:15, mmenke wrote:
> > > > > On 2016/06/24 13:20:16, csharrison wrote:
> > > > > > Yes, mmenke@ is right. For incognito mode we have to rely on the
> > > connection to
> > > > > > the renderer closing before profile destruction.
> > > > > > 
> > > > > > kinuko@, I wouldn't be surprised if the other consumers of
> ResourceContext
> > > > > might
> > > > > > also be burned by this incognito problem. i.e. we have a subset of
> > > > > > ResourceContext's that go away before browser shutdown.
> > > > 
> > > > Well yes, incognito could be an issue, I should have mentioned that too.
> > > > 
> > > > And reg: relevang crbugs: here're some (and there're a lot many that
have
> > > either been fixed by a local bandaid or wontfix'ed):
> > > > crbug.com/91398 crbug.com/243840 crbug.com/411736 crbug.com/529896
> > > Thanks for the links!
> > > > 
> > > > We should fix this problem, yes, while I didn't feel like we want this
> change
> > > to be totally blocked until we figure out this entire lifetime problem. (I
> > > wanted to have the blink::Platform related change landed so I might have
> phrased
> > > things in a bit too optimistic way)
> > > I agree. I would be happy with a bandaid fix if we can find one :)
> > > > 
> > > > > > In that case, do we want to move forward w/ WeakPtr semantics, or
were
> > > there
> > > > > > other plans to solve this general problem?
> > > > > 
> > > > > Having everything use a WeakPtr for this really doesn't seem like a
> great
> > > idea. 
> > > > > I'm not sufficiently familiar with the relevant content/ architecture
to
> > > suggest
> > > > > a better one, but think we should do some more thinking about it
before
> > > rushing
> > > > > ahead with that approach.
> > > > 
> > > > I'm not supporting that we should be rushing ahead ahead with WeakPtr
> solution
> > > either, while I'm not fully convinced by an argument like WeakPtr is a
plain
> bad
> > > solution for this type of problem-- but there could be other options too.
> > > > 
> > > > Hm... ok we could probably at least make sure we try to reset / cut down
> mojo
> > > handlers in profile shutdown sequence as much as we do today with RVH ->
RPH
> > > before landing this, while we can continue to look for a better longer
term
> > > solution reg: ResourceContext lifetime and ProfileIO shutdown sequence
> > > separately. Does that sound sane / am I reading your concern correctly?
> > > Resetting mojo handlers in profile shutdown SGTM if we can figure out a
good
> way
> > > to accomplish it. I'm a little nervous that some interfaces will expect to
> live
> > > longer and we'll introduce bugs if we close connections wholesale though.
> > > yzshen@, thoughts?
> > 
> > I am not sure I have understood the idea yet: what do you mean by closing
> connections wholesale? Would you please explain a little more? Do you mean
> terminating all message pipes at the mojo system layer? That basically means
we
> tearing down entire IPC support before destructing ProfileIO. I don't know for
> sure, but that probably won't work well.
> > 
> > It seems to me we still have to have some kind of destruction observer
> allowing users of ProfileData to observe its destruction and do whatever
cleanup
> they want.

> I think kinuko@ and I were thinking of something more specific to mojo than a
> general destruction observer of ProfileIOData. I'm not quite sure what it
would
> look like, as obviously terminating all message pipes could not work. Maybe
> there could be a service registry for profile scoped pipes? 

Interfaces (i.e., message pipes) established by a service registry are not owned
by the registry. Moreover, new interfaces can be created and passed by
interfaces, they don't have to be established via any service registry. So I
think this direction probably won't work. :/

> 
> I think your proposal of a ProfileIO destruction observer (in //content) would
> solve the shutdown cleanup described by kinuko@ in #61.

> Note that this isn't an observer of ProfileData.  This is a content class, and
> doesn't even know about the class.  The chrome/content divide seems to be what
> makes this a pain to do.  If everything were on one side of the divide, this
> could just be owned by ProfileIOData, and browser/loader code could just get
the
> pointer from ProfileIOData directly.

Acknowledged. I don't think I know this code well enough to give specific/useful
suggestions. :) I just guess we may be able to find a reasonable way to expose
that to the content side.

kinuko

On 2016/06/30 16:22:56, yzshen1 wrote: > On 2016/06/28 20:47:30, csharrison wrote: > > On 2016/06/28 ...

4 years, 5 months ago (2016-07-01 01:50:08 UTC) #67

On 2016/06/30 16:22:56, yzshen1 wrote:
> On 2016/06/28 20:47:30, csharrison wrote:
> > On 2016/06/28 at 20:40:27, yzshen wrote:
> > > On 2016/06/27 13:11:52, csharrison wrote:
> > > > On 2016/06/27 at 04:29:40, kinuko wrote:
> > > > > On 2016/06/24 14:18:15, mmenke wrote:
> > > > > > On 2016/06/24 13:20:16, csharrison wrote:
> > > > > > > Yes, mmenke@ is right. For incognito mode we have to rely on the
> > > > connection to
> > > > > > > the renderer closing before profile destruction.
> > > > > > > 
> > > > > > > kinuko@, I wouldn't be surprised if the other consumers of
> > ResourceContext
> > > > > > might
> > > > > > > also be burned by this incognito problem. i.e. we have a subset of
> > > > > > > ResourceContext's that go away before browser shutdown.
> > > > > 
> > > > > Well yes, incognito could be an issue, I should have mentioned that
too.
> > > > > 
> > > > > And reg: relevang crbugs: here're some (and there're a lot many that
> have
> > > > either been fixed by a local bandaid or wontfix'ed):
> > > > > crbug.com/91398 crbug.com/243840 crbug.com/411736 crbug.com/529896
> > > > Thanks for the links!
> > > > > 
> > > > > We should fix this problem, yes, while I didn't feel like we want this
> > change
> > > > to be totally blocked until we figure out this entire lifetime problem.
(I
> > > > wanted to have the blink::Platform related change landed so I might have
> > phrased
> > > > things in a bit too optimistic way)
> > > > I agree. I would be happy with a bandaid fix if we can find one :)
> > > > > 
> > > > > > > In that case, do we want to move forward w/ WeakPtr semantics, or
> were
> > > > there
> > > > > > > other plans to solve this general problem?
> > > > > > 
> > > > > > Having everything use a WeakPtr for this really doesn't seem like a
> > great
> > > > idea. 
> > > > > > I'm not sufficiently familiar with the relevant content/
architecture
> to
> > > > suggest
> > > > > > a better one, but think we should do some more thinking about it
> before
> > > > rushing
> > > > > > ahead with that approach.
> > > > > 
> > > > > I'm not supporting that we should be rushing ahead ahead with WeakPtr
> > solution
> > > > either, while I'm not fully convinced by an argument like WeakPtr is a
> plain
> > bad
> > > > solution for this type of problem-- but there could be other options
too.
> > > > > 
> > > > > Hm... ok we could probably at least make sure we try to reset / cut
down
> > mojo
> > > > handlers in profile shutdown sequence as much as we do today with RVH ->
> RPH
> > > > before landing this, while we can continue to look for a better longer
> term
> > > > solution reg: ResourceContext lifetime and ProfileIO shutdown sequence
> > > > separately. Does that sound sane / am I reading your concern correctly?
> > > > Resetting mojo handlers in profile shutdown SGTM if we can figure out a
> good
> > way
> > > > to accomplish it. I'm a little nervous that some interfaces will expect
to
> > live
> > > > longer and we'll introduce bugs if we close connections wholesale
though.
> > > > yzshen@, thoughts?
> > > 
> > > I am not sure I have understood the idea yet: what do you mean by closing
> > connections wholesale? Would you please explain a little more? Do you mean
> > terminating all message pipes at the mojo system layer? That basically means
> we
> > tearing down entire IPC support before destructing ProfileIO. I don't know
for
> > sure, but that probably won't work well.
> > > 
> > > It seems to me we still have to have some kind of destruction observer
> > allowing users of ProfileData to observe its destruction and do whatever
> cleanup
> > they want.
> 
> > I think kinuko@ and I were thinking of something more specific to mojo than
a
> > general destruction observer of ProfileIOData. I'm not quite sure what it
> would
> > look like, as obviously terminating all message pipes could not work. Maybe
> > there could be a service registry for profile scoped pipes? 
> 
> Interfaces (i.e., message pipes) established by a service registry are not
owned
> by the registry. Moreover, new interfaces can be created and passed by
> interfaces, they don't have to be established via any service registry. So I
> think this direction probably won't work. :/
> 
> > 
> > I think your proposal of a ProfileIO destruction observer (in //content)
would
> > solve the shutdown cleanup described by kinuko@ in #61.
> 
> > Note that this isn't an observer of ProfileData.  This is a content class,
and
> > doesn't even know about the class.  The chrome/content divide seems to be
what
> > makes this a pain to do.  If everything were on one side of the divide, this
> > could just be owned by ProfileIOData, and browser/loader code could just get
> the
> > pointer from ProfileIOData directly.
> 
> Acknowledged. I don't think I know this code well enough to give
specific/useful
> suggestions. :) I just guess we may be able to find a reasonable way to expose
> that to the content side.

(I want to study the code around this a little closer during no-meeting weeks, I
want to have a better view about how new IPC code should be plumbed in general
but haven't had time to do that)

Charlie Harrison

Thanks, everyone for being patient and helping out with this :)

4 years, 5 months ago (2016-07-01 12:06:28 UTC) #68

mmenke

3 years, 6 months ago (2017-06-12 15:11:01 UTC) #69

On 2016/07/01 12:06:28, Charlie Harrison wrote:
> Thanks, everyone for being patient and helping out with this :)

Removing myself from this CL.  Feel free to add me back if you pick it up again.

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages