| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/files/file_path.h" | 5 #include "base/files/file_path.h" |
| 6 #include "base/strings/utf_string_conversions.h" | 6 #include "base/strings/utf_string_conversions.h" |
| 7 #include "content/browser/frame_host/cross_site_transferring_request.h" | 7 #include "content/browser/frame_host/cross_site_transferring_request.h" |
| 8 #include "content/browser/frame_host/navigation_controller_impl.h" | 8 #include "content/browser/frame_host/navigation_controller_impl.h" |
| 9 #include "content/browser/frame_host/navigation_entry_impl.h" | 9 #include "content/browser/frame_host/navigation_entry_impl.h" |
| 10 #include "content/browser/frame_host/navigator.h" | 10 #include "content/browser/frame_host/navigator.h" |
| (...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 118 | 118 |
| 119 private: | 119 private: |
| 120 int process_id_; | 120 int process_id_; |
| 121 int routing_id_; | 121 int routing_id_; |
| 122 bool deleted_; | 122 bool deleted_; |
| 123 | 123 |
| 124 DISALLOW_COPY_AND_ASSIGN(RenderViewHostDeletedObserver); | 124 DISALLOW_COPY_AND_ASSIGN(RenderViewHostDeletedObserver); |
| 125 }; | 125 }; |
| 126 | 126 |
| 127 | 127 |
| 128 // This observer keeps track of the last deleted RenderViewHost to avoid |
| 129 // accessing it and causing use-after-free condition. |
| 130 class RenderFrameHostDeletedObserver : public WebContentsObserver { |
| 131 public: |
| 132 RenderFrameHostDeletedObserver(RenderFrameHost* rfh) |
| 133 : WebContentsObserver(WebContents::FromRenderFrameHost(rfh)), |
| 134 process_id_(rfh->GetProcess()->GetID()), |
| 135 routing_id_(rfh->GetRoutingID()), |
| 136 deleted_(false) { |
| 137 } |
| 138 |
| 139 virtual void RenderFrameDeleted(RenderFrameHost* render_frame_host) OVERRIDE { |
| 140 if (render_frame_host->GetProcess()->GetID() == process_id_ && |
| 141 render_frame_host->GetRoutingID() == routing_id_) { |
| 142 deleted_ = true; |
| 143 } |
| 144 } |
| 145 |
| 146 bool deleted() { |
| 147 return deleted_; |
| 148 } |
| 149 |
| 150 private: |
| 151 int process_id_; |
| 152 int routing_id_; |
| 153 bool deleted_; |
| 154 |
| 155 DISALLOW_COPY_AND_ASSIGN(RenderFrameHostDeletedObserver); |
| 156 }; |
| 157 |
| 158 |
| 128 // This observer is used to check whether IPC messages are being filtered for | 159 // This observer is used to check whether IPC messages are being filtered for |
| 129 // swapped out RenderFrameHost objects. It observes the plugin crash and favicon | 160 // swapped out RenderFrameHost objects. It observes the plugin crash and favicon |
| 130 // update events, which the FilterMessagesWhileSwappedOut test simulates being | 161 // update events, which the FilterMessagesWhileSwappedOut test simulates being |
| 131 // sent. The test is successful if the event is not observed. | 162 // sent. The test is successful if the event is not observed. |
| 132 // See http://crbug.com/351815 | 163 // See http://crbug.com/351815 |
| 133 class PluginFaviconMessageObserver : public WebContentsObserver { | 164 class PluginFaviconMessageObserver : public WebContentsObserver { |
| 134 public: | 165 public: |
| 135 PluginFaviconMessageObserver(WebContents* web_contents) | 166 PluginFaviconMessageObserver(WebContents* web_contents) |
| 136 : WebContentsObserver(web_contents), | 167 : WebContentsObserver(web_contents), |
| 137 plugin_crashed_(false), | 168 plugin_crashed_(false), |
| (...skipping 1620 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1758 EXPECT_EQ(RenderViewHostImpl::STATE_PENDING_SWAP_OUT, rvh1->rvh_state()); | 1789 EXPECT_EQ(RenderViewHostImpl::STATE_PENDING_SWAP_OUT, rvh1->rvh_state()); |
| 1759 | 1790 |
| 1760 // Simulate the swap out ack. | 1791 // Simulate the swap out ack. |
| 1761 rvh1->OnSwappedOut(false); | 1792 rvh1->OnSwappedOut(false); |
| 1762 | 1793 |
| 1763 // rvh1 should be swapped out. | 1794 // rvh1 should be swapped out. |
| 1764 EXPECT_FALSE(rvh_deleted_observer.deleted()); | 1795 EXPECT_FALSE(rvh_deleted_observer.deleted()); |
| 1765 EXPECT_TRUE(rvh1->IsSwappedOut()); | 1796 EXPECT_TRUE(rvh1->IsSwappedOut()); |
| 1766 } | 1797 } |
| 1767 | 1798 |
| 1799 // Test that a RenderFrameHost is properly deleted or swapped out when a |
| 1800 // cross-site navigation is cancelled. |
| 1801 TEST_F(RenderFrameHostManagerTest, |
| 1802 CancelPendingProperlyDeletesOrSwaps) { |
| 1803 const GURL kUrl1("http://www.google.com/"); |
| 1804 const GURL kUrl2("http://www.chromium.org/"); |
| 1805 RenderFrameHostImpl* pending_rfh = NULL; |
| 1806 base::TimeTicks now = base::TimeTicks::Now(); |
| 1807 |
| 1808 // Navigate to the first page. |
| 1809 contents()->NavigateAndCommit(kUrl1); |
| 1810 TestRenderViewHost* rvh1 = test_rvh(); |
| 1811 EXPECT_EQ(RenderViewHostImpl::STATE_DEFAULT, rvh1->rvh_state()); |
| 1812 |
| 1813 // Navigate to a new site, starting a cross-site navigation. |
| 1814 controller().LoadURL(kUrl2, Referrer(), PAGE_TRANSITION_LINK, std::string()); |
| 1815 { |
| 1816 pending_rfh = contents()->GetFrameTree()->root()->render_manager() |
| 1817 ->pending_frame_host(); |
| 1818 RenderFrameHostDeletedObserver rvh_deleted_observer(pending_rfh); |
| 1819 |
| 1820 // Cancel the navigation by simulating a declined beforeunload dialog. |
| 1821 main_test_rfh()->OnMessageReceived( |
| 1822 FrameHostMsg_BeforeUnload_ACK(0, false, now, now)); |
| 1823 EXPECT_FALSE(contents()->cross_navigation_pending()); |
| 1824 |
| 1825 // Since the pending RFH is the only one for the new SiteInstance, it should |
| 1826 // be deleted. |
| 1827 EXPECT_TRUE(rvh_deleted_observer.deleted()); |
| 1828 } |
| 1829 |
| 1830 // Start another cross-site navigation. |
| 1831 controller().LoadURL(kUrl2, Referrer(), PAGE_TRANSITION_LINK, std::string()); |
| 1832 { |
| 1833 pending_rfh = contents()->GetFrameTree()->root()->render_manager() |
| 1834 ->pending_frame_host(); |
| 1835 RenderFrameHostDeletedObserver rvh_deleted_observer(pending_rfh); |
| 1836 |
| 1837 // Increment the number of active views in the new SiteInstance, which will |
| 1838 // cause the pending RFH to be swapped out instead of deleted. |
| 1839 static_cast<SiteInstanceImpl*>( |
| 1840 pending_rfh->GetSiteInstance())->increment_active_view_count(); |
| 1841 |
| 1842 main_test_rfh()->OnMessageReceived( |
| 1843 FrameHostMsg_BeforeUnload_ACK(0, false, now, now)); |
| 1844 EXPECT_FALSE(contents()->cross_navigation_pending()); |
| 1845 EXPECT_FALSE(rvh_deleted_observer.deleted()); |
| 1846 } |
| 1847 } |
| 1848 |
| 1768 } // namespace content | 1849 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 217163007:
Introduce RenderFrameProxyHost object and use it in RFHM. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src