Revert of Move ThreadableLoader to Oilpan heap (2/3)

third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp

 /*
  * Copyright (C) 2011, 2012 Google Inc. All rights reserved.
  * Copyright (C) 2013, Intel Corporation
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
@@ skipping 108 matching lines @@
 
 // Max number of CORS redirects handled in DocumentThreadableLoader.
 // Same number as net/url_request/url_request.cc, and
 // same number as https://fetch.spec.whatwg.org/#concept-http-fetch, Step 4.
 // FIXME: currently the number of redirects is counted and limited here and in
 // net/url_request/url_request.cc separately.
 static const int kMaxCORSRedirects = 20;
 
 void DocumentThreadableLoader::loadResourceSynchronously(Document& document, const ResourceRequest& request, ThreadableLoaderClient& client, const ThreadableLoaderOptions& options, const ResourceLoaderOptions& resourceLoaderOptions)
 {
-    (new DocumentThreadableLoader(document, &client, LoadSynchronously, options, resourceLoaderOptions))->start(request);
+    // The loader will be deleted as soon as this function exits.
+    std::unique_ptr<DocumentThreadableLoader> loader = wrapUnique(new DocumentThreadableLoader(document, &client, LoadSynchronously, options, resourceLoaderOptions));
+    loader->start(request);
 }
 
-DocumentThreadableLoader* DocumentThreadableLoader::create(Document& document, ThreadableLoaderClient* client, const ThreadableLoaderOptions& options, const ResourceLoaderOptions& resourceLoaderOptions)
+std::unique_ptr<DocumentThreadableLoader> DocumentThreadableLoader::create(Document& document, ThreadableLoaderClient* client, const ThreadableLoaderOptions& options, const ResourceLoaderOptions& resourceLoaderOptions)
 {
-    return new DocumentThreadableLoader(document, client, LoadAsynchronously, options, resourceLoaderOptions);
+    return wrapUnique(new DocumentThreadableLoader(document, client, LoadAsynchronously, options, resourceLoaderOptions));
 }
 
 DocumentThreadableLoader::DocumentThreadableLoader(Document& document, ThreadableLoaderClient* client, BlockingBehavior blockingBehavior, const ThreadableLoaderOptions& options, const ResourceLoaderOptions& resourceLoaderOptions)
     : m_client(client)
     , m_document(&document)
     , m_options(options)
     , m_resourceLoaderOptions(resourceLoaderOptions)
     , m_forceDoNotAllowStoredCredentials(false)
     , m_securityOrigin(m_resourceLoaderOptions.securityOrigin)
     , m_sameOriginRequest(false)
@@ skipping 18 matching lines @@
 
     m_sameOriginRequest = getSecurityOrigin()->canRequestNoSuborigin(request.url());
     m_requestContext = request.requestContext();
     m_redirectMode = request.fetchRedirectMode();
 
     if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == DenyCrossOriginRequests) {
         InspectorInstrumentation::documentThreadableLoaderFailedToStartLoadingForClient(m_document, m_client);
         ThreadableLoaderClient* client = m_client;
         clear();
         client->didFail(ResourceError(errorDomainBlinkInternal, 0, request.url().getString(), "Cross origin requests are not supported."));
+        // |this| may be dead here.
         return;
     }
 
     m_requestStartedSeconds = monotonicallyIncreasingTime();
 
     // Save any CORS simple headers on the request here. If this request redirects cross-origin, we cancel the old request
     // create a new one, and copy these headers.
     const HTTPHeaderMap& headerMap = request.httpHeaderFields();
     for (const auto& header : headerMap) {
         if (FetchUtils::isSimpleHeader(header.key, header.value)) {
@@ skipping 60 matching lines @@
             // m_fallbackRequestForServiceWorker is used when a regular controlling
             // service worker doesn't handle a cross origin request. When this happens
             // we still want to give foreign fetch a chance to handle the request, so
             // only skip the controlling service worker for the fallback request.
             // This is currently safe because of http://crbug.com/604084 the
             // wasFallbackRequiredByServiceWorker flag is never set when foreign fetch
             // handled a request.
             m_fallbackRequestForServiceWorker.setSkipServiceWorker(WebURLRequest::SkipServiceWorker::Controlling);
         }
         loadRequest(newRequest, m_resourceLoaderOptions);
+        // |this| may be dead here.
         return;
     }
 
     dispatchInitialRequest(newRequest);
+    // |this| may be dead here in async mode.
 }
 
 void DocumentThreadableLoader::dispatchInitialRequest(const ResourceRequest& request)
 {
     if (!request.isExternalRequest() && (m_sameOriginRequest || m_options.crossOriginRequestPolicy == AllowCrossOriginRequests)) {
         loadRequest(request, m_resourceLoaderOptions);
+        // |this| may be dead here in async mode.
         return;
     }
 
     ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl || request.isExternalRequest());
 
     makeCrossOriginAccessRequest(request);
+    // |this| may be dead here in async mode.
 }
 
 void DocumentThreadableLoader::makeCrossOriginAccessRequest(const ResourceRequest& request)
 {
     ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl || request.isExternalRequest());
     ASSERT(m_client);
     ASSERT(!resource());
 
     // Cross-origin requests are only allowed certain registered schemes.
     // We would catch this when checking response headers later, but there
     // is no reason to send a request, preflighted or not, that's guaranteed
     // to be denied.
     if (!SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(request.url().protocol())) {
         InspectorInstrumentation::documentThreadableLoaderFailedToStartLoadingForClient(m_document, m_client);
         ThreadableLoaderClient* client = m_client;
         clear();
         client->didFailAccessControlCheck(ResourceError(errorDomainBlinkInternal, 0, request.url().getString(), "Cross origin requests are only supported for protocol schemes: " + SchemeRegistry::listOfCORSEnabledURLSchemes() + "."));
+        // |this| may be dead here in async mode.
         return;
     }
 
     // Non-secure origins may not make "external requests": https://mikewest.github.io/cors-rfc1918/#integration-fetch
     if (!document().isSecureContext() && request.isExternalRequest()) {
         ThreadableLoaderClient* client = m_client;
         clear();
         client->didFailAccessControlCheck(ResourceError(errorDomainBlinkInternal, 0, request.url().getString(), "Requests to internal network resources are not allowed from non-secure contexts (see https://goo.gl/Y0ZkNV). This is an experimental restriction which is part of 'https://mikewest.github.io/cors-rfc1918/'."));
+        // |this| may be dead here in async mode.
         return;
     }
 
     ResourceRequest crossOriginRequest(request);
     ResourceLoaderOptions crossOriginOptions(m_resourceLoaderOptions);
 
     // We use isSimpleOrForbiddenRequest() here since |request| may have been
     // modified in the process of loading (not from the user's input). For
     // example, referrer. We need to accept them. For security, we must reject
     // forbidden headers/methods at the point we accept user's input. Not here.
     if (!request.isExternalRequest() && ((m_options.preflightPolicy == ConsiderPreflight && FetchUtils::isSimpleOrForbiddenRequest(request.httpMethod(), request.httpHeaderFields())) || m_options.preflightPolicy == PreventPreflight)) {
         updateRequestForAccessControl(crossOriginRequest, getSecurityOrigin(), effectiveAllowCredentials());
         // We update the credentials mode according to effectiveAllowCredentials() here for backward compatibility. But this is not correct.
         // FIXME: We should set it in the caller of DocumentThreadableLoader.
         crossOriginRequest.setFetchCredentialsMode(effectiveAllowCredentials() == AllowStoredCredentials ? WebURLRequest::FetchCredentialsModeInclude : WebURLRequest::FetchCredentialsModeOmit);
         if (m_didRedirect) {
             crossOriginRequest.setHTTPReferrer(SecurityPolicy::generateReferrer(m_referrerAfterRedirect.referrerPolicy, crossOriginRequest.url(), m_referrerAfterRedirect.referrer));
         }
         loadRequest(crossOriginRequest, crossOriginOptions);
+        // |this| may be dead here in async mode.
     } else {
         m_crossOriginNonSimpleRequest = true;
         // Do not set the Origin header for preflight requests.
         updateRequestForAccessControl(crossOriginRequest, 0, effectiveAllowCredentials());
         // We update the credentials mode according to effectiveAllowCredentials() here for backward compatibility. But this is not correct.
         // FIXME: We should set it in the caller of DocumentThreadableLoader.
         crossOriginRequest.setFetchCredentialsMode(effectiveAllowCredentials() == AllowStoredCredentials ? WebURLRequest::FetchCredentialsModeInclude : WebURLRequest::FetchCredentialsModeOmit);
         m_actualRequest = crossOriginRequest;
         m_actualOptions = crossOriginOptions;
 
         if (m_didRedirect) {
             m_actualRequest.setHTTPReferrer(SecurityPolicy::generateReferrer(m_referrerAfterRedirect.referrerPolicy, m_actualRequest.url(), m_referrerAfterRedirect.referrer));
         }
 
         bool shouldForcePreflight = request.isExternalRequest() || InspectorInstrumentation::shouldForceCORSPreflight(m_document);
         bool canSkipPreflight = CrossOriginPreflightResultCache::shared().canSkipPreflight(getSecurityOrigin()->toString(), m_actualRequest.url(), effectiveAllowCredentials(), m_actualRequest.httpMethod(), m_actualRequest.httpHeaderFields());
         if (canSkipPreflight && !shouldForcePreflight) {
             loadActualRequest();
+            // |this| may be dead here in async mode.
         } else {
             ResourceRequest preflightRequest = createAccessControlPreflightRequest(m_actualRequest, getSecurityOrigin());
             // Create a ResourceLoaderOptions for preflight.
             ResourceLoaderOptions preflightOptions = m_actualOptions;
             preflightOptions.allowCredentials = DoNotAllowStoredCredentials;
             loadRequest(preflightRequest, preflightOptions);
+            // |this| may be dead here in async mode.
         }
     }
 }
 
 DocumentThreadableLoader::~DocumentThreadableLoader()
 {
     CHECK(!m_client);
     DCHECK(!m_resource);
 }
 
@@ skipping 19 matching lines @@
         double elapsedTime = monotonicallyIncreasingTime() - m_requestStartedSeconds;
         double nextFire = timeoutMilliseconds / 1000.0;
         double resolvedTime = std::max(nextFire - elapsedTime, 0.0);
         m_timeoutTimer.startOneShot(resolvedTime, BLINK_FROM_HERE);
     }
 }
 
 void DocumentThreadableLoader::cancel()
 {
     cancelWithError(ResourceError());
+    // |this| may be dead here.
 }
 
 void DocumentThreadableLoader::cancelWithError(const ResourceError& error)
 {
     // Cancel can re-enter and m_resource might be null here as a result.
     if (!m_client || !resource()) {
         clear();
         return;
     }
 
     ResourceError errorForCallback = error;
     if (errorForCallback.isNull()) {
         // FIXME: This error is sent to the client in didFail(), so it should not be an internal one. Use FrameLoaderClient::cancelledError() instead.
         errorForCallback = ResourceError(errorDomainBlinkInternal, 0, resource()->url().getString(), "Load cancelled");
         errorForCallback.setIsCancellation(true);
     }
 
     ThreadableLoaderClient* client = m_client;
     clear();
     client->didFail(errorForCallback);
+    // |this| may be dead here in async mode.
 }
 
 void DocumentThreadableLoader::setDefersLoading(bool value)
 {
     if (resource())
         resource()->setDefersLoading(value);
 }
 
 void DocumentThreadableLoader::clear()
 {
@@ skipping 12 matching lines @@
 void DocumentThreadableLoader::redirectReceived(Resource* resource, ResourceRequest& request, const ResourceResponse& redirectResponse)
 {
     ASSERT(m_client);
     ASSERT_UNUSED(resource, resource == this->resource());
     ASSERT(m_async);
 
     if (!m_actualRequest.isNull()) {
         reportResponseReceived(resource->identifier(), redirectResponse);
 
         handlePreflightFailure(redirectResponse.url().getString(), "Response for preflight is invalid (redirect)");
+        // |this| may be dead here.
 
         request = ResourceRequest();
 
         return;
     }
 
     if (m_redirectMode == WebURLRequest::FetchRedirectModeManual) {
         // Keep |this| alive even if the client release a reference in
         // responseReceived().
         WeakPtr<DocumentThreadableLoader> self(m_weakFactory.createWeakPtr());
@@ skipping 22 matching lines @@
 
         request = ResourceRequest();
 
         return;
     }
 
     if (m_redirectMode == WebURLRequest::FetchRedirectModeError) {
         ThreadableLoaderClient* client = m_client;
         clear();
         client->didFailRedirectCheck();
+        // |this| may be dead here.
 
         request = ResourceRequest();
 
         return;
     }
 
     // Allow same origin requests to continue after allowing clients to audit the redirect.
     if (isAllowedRedirect(request.url())) {
         if (m_client->isDocumentThreadableLoaderClient())
             static_cast<DocumentThreadableLoaderClient*>(m_client)->willFollowRedirect(request, redirectResponse);
         return;
     }
 
     if (m_corsRedirectLimit <= 0) {
         ThreadableLoaderClient* client = m_client;
         clear();
         client->didFailRedirectCheck();
+        // |this| may be dead here.
+
         request = ResourceRequest();
+
         return;
     }
 
     --m_corsRedirectLimit;
 
     InspectorInstrumentation::didReceiveCORSRedirectResponse(document().frame(), resource->identifier(), document().frame()->loader().documentLoader(), redirectResponse, resource);
 
     bool allowRedirect = false;
     String accessControlErrorDescription;
 
     if (m_crossOriginNonSimpleRequest) {
         // Non-simple cross origin requests (both preflight and actual one) are
         // not allowed to follow redirect.
         accessControlErrorDescription = "Redirect from '" + redirectResponse.url().getString()+ "' to '" + request.url().getString() + "' has been blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect.";
     } else if (!CrossOriginAccessControl::isLegalRedirectLocation(request.url(), accessControlErrorDescription)) {
         accessControlErrorDescription = "Redirect from '" + redirectResponse.url().getString() + "' has been blocked by CORS policy: " + accessControlErrorDescription;
     } else if (!m_sameOriginRequest && !passesAccessControlCheck(redirectResponse, effectiveAllowCredentials(), getSecurityOrigin(), accessControlErrorDescription, m_requestContext)) {
         // The redirect response must pass the access control check if the
         // original request was not same-origin.
         accessControlErrorDescription = "Redirect from '" + redirectResponse.url().getString()+ "' to '" + request.url().getString() + "' has been blocked by CORS policy: " + accessControlErrorDescription;
     } else {
         allowRedirect = true;
     }
 
     if (!allowRedirect) {
         ThreadableLoaderClient* client = m_client;
         clear();
         client->didFailAccessControlCheck(ResourceError(errorDomainBlinkInternal, 0, redirectResponse.url().getString(), accessControlErrorDescription));
+        // |this| may be dead here.
+
         request = ResourceRequest();
+
         return;
     }
 
     // FIXME: consider combining this with CORS redirect handling performed by
     // CrossOriginAccessControl::handleRedirect().
     clearResource();
 
     // If the original request wasn't same-origin, then if the request URL origin is not same origin with the original URL origin,
     // set the source origin to a globally unique identifier. (If the original request was same-origin, the origin of the new request
     // should be the original URL origin.)
@@ skipping 25 matching lines @@
     makeCrossOriginAccessRequest(request);
     // |this| may be dead here.
 }
 
 void DocumentThreadableLoader::redirectBlocked()
 {
     // Tells the client that a redirect was received but not followed (for an unknown reason).
     ThreadableLoaderClient* client = m_client;
     clear();
     client->didFailRedirectCheck();
+    // |this| may be dead here
 }
 
 void DocumentThreadableLoader::dataSent(Resource* resource, unsigned long long bytesSent, unsigned long long totalBytesToBeSent)
 {
     ASSERT(m_client);
     ASSERT_UNUSED(resource, resource == this->resource());
     ASSERT(m_async);
 
     m_client->didSendData(bytesSent, totalBytesToBeSent);
+    // |this| may be dead here.
 }
 
 void DocumentThreadableLoader::dataDownloaded(Resource* resource, int dataLength)
 {
     ASSERT(m_client);
     ASSERT_UNUSED(resource, resource == this->resource());
     ASSERT(m_actualRequest.isNull());
     ASSERT(m_async);
 
     m_client->didDownloadData(dataLength);
+    // |this| may be dead here.
 }
 
 void DocumentThreadableLoader::didReceiveResourceTiming(Resource* resource, const ResourceTimingInfo& info)
 {
     ASSERT(m_client);
     ASSERT_UNUSED(resource, resource == this->resource());
     ASSERT(m_async);
 
     m_client->didReceiveResourceTiming(info);
+    // |this| may be dead here.
 }
 
 void DocumentThreadableLoader::responseReceived(Resource* resource, const ResourceResponse& response, std::unique_ptr<WebDataConsumerHandle> handle)
 {
     ASSERT_UNUSED(resource, resource == this->resource());
     ASSERT(m_async);
 
     if (handle)
         m_isUsingDataConsumerHandle = true;
 
     handleResponse(resource->identifier(), response, std::move(handle));
+    // |this| may be dead here.
 }
 
 void DocumentThreadableLoader::handlePreflightResponse(const ResourceResponse& response)
 {
     String accessControlErrorDescription;
 
     if (!passesAccessControlCheck(response, effectiveAllowCredentials(), getSecurityOrigin(), accessControlErrorDescription, m_requestContext)) {
         handlePreflightFailure(response.url().getString(), "Response to preflight request doesn't pass access control check: " + accessControlErrorDescription);
+        // |this| may be dead here in async mode.
         return;
     }
 
     if (!passesPreflightStatusCheck(response, accessControlErrorDescription)) {
         handlePreflightFailure(response.url().getString(), accessControlErrorDescription);
+        // |this| may be dead here in async mode.
         return;
     }
 
     if (m_actualRequest.isExternalRequest() && !passesExternalPreflightCheck(response, accessControlErrorDescription)) {
         handlePreflightFailure(response.url().getString(), accessControlErrorDescription);
+        // |this| may be dead here in async mode.
         return;
     }
 
     std::unique_ptr<CrossOriginPreflightResultCacheItem> preflightResult = wrapUnique(new CrossOriginPreflightResultCacheItem(effectiveAllowCredentials()));
     if (!preflightResult->parse(response, accessControlErrorDescription)
         || !preflightResult->allowsCrossOriginMethod(m_actualRequest.httpMethod(), accessControlErrorDescription)
         || !preflightResult->allowsCrossOriginHeaders(m_actualRequest.httpHeaderFields(), accessControlErrorDescription)) {
         handlePreflightFailure(response.url().getString(), accessControlErrorDescription);
+        // |this| may be dead here in async mode.
         return;
     }
 
     CrossOriginPreflightResultCache::shared().appendEntry(getSecurityOrigin()->toString(), m_actualRequest.url(), std::move(preflightResult));
 }
 
 void DocumentThreadableLoader::reportResponseReceived(unsigned long identifier, const ResourceResponse& response)
 {
     LocalFrame* frame = document().frame();
     // We are seeing crashes caused by nullptr (crbug.com/578849). But the frame
     // must be set here. TODO(horo): Find the root cause of the unset frame.
     ASSERT(frame);
     if (!frame)
         return;
     DocumentLoader* loader = frame->loader().documentLoader();
     TRACE_EVENT_INSTANT1("devtools.timeline", "ResourceReceiveResponse", TRACE_EVENT_SCOPE_THREAD, "data", InspectorReceiveResponseEvent::data(identifier, frame, response));
     InspectorInstrumentation::didReceiveResourceResponse(frame, identifier, loader, response, resource());
     frame->console().reportResourceResponseReceived(loader, identifier, response);
 }
 
 void DocumentThreadableLoader::handleResponse(unsigned long identifier, const ResourceResponse& response, std::unique_ptr<WebDataConsumerHandle> handle)
 {
     ASSERT(m_client);
 
     if (!m_actualRequest.isNull()) {
         reportResponseReceived(identifier, response);
         handlePreflightResponse(response);
+        // |this| may be dead here in async mode.
         return;
     }
 
     if (response.wasFetchedViaServiceWorker()) {
         if (response.wasFallbackRequiredByServiceWorker()) {
             // At this point we must have m_fallbackRequestForServiceWorker.
             // (For SharedWorker the request won't be CORS or CORS-with-preflight,
             // therefore fallback-to-network is handled in the browser process
             // when the ServiceWorker does not call respondWith().)
             ASSERT(!m_fallbackRequestForServiceWorker.isNull());
             reportResponseReceived(identifier, response);
             loadFallbackRequestForServiceWorker();
+            // |this| may be dead here in async mode.
             return;
         }
         m_fallbackRequestForServiceWorker = ResourceRequest();
         m_client->didReceiveResponse(identifier, response, std::move(handle));
         return;
     }
 
     // Even if the request met the conditions to get handled by a Service Worker
     // in the constructor of this class (and therefore
     // |m_fallbackRequestForServiceWorker| is set), the Service Worker may skip
     // processing the request. Only if the request is same origin, the skipped
     // response may come here (wasFetchedViaServiceWorker() returns false) since
     // such a request doesn't have to go through the CORS algorithm by calling
     // loadFallbackRequestForServiceWorker().
     // FIXME: We should use |m_sameOriginRequest| when we will support
     // Suborigins (crbug.com/336894) for Service Worker.
     ASSERT(m_fallbackRequestForServiceWorker.isNull() || getSecurityOrigin()->canRequest(m_fallbackRequestForServiceWorker.url()));
     m_fallbackRequestForServiceWorker = ResourceRequest();
 
     if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) {
         String accessControlErrorDescription;
         if (!passesAccessControlCheck(response, effectiveAllowCredentials(), getSecurityOrigin(), accessControlErrorDescription, m_requestContext)) {
             reportResponseReceived(identifier, response);
 
             ThreadableLoaderClient* client = m_client;
             clear();
             client->didFailAccessControlCheck(ResourceError(errorDomainBlinkInternal, 0, response.url().getString(), accessControlErrorDescription));
+            // |this| may be dead here.
             return;
         }
     }
 
     m_client->didReceiveResponse(identifier, response, std::move(handle));
 }
 
 void DocumentThreadableLoader::setSerializedCachedMetadata(Resource*, const char* data, size_t size)
 {
     if (!m_actualRequest.isNull())
         return;
     m_client->didReceiveCachedMetadata(data, size);
+    // |this| may be dead here.
 }
 
 void DocumentThreadableLoader::dataReceived(Resource* resource, const char* data, size_t dataLength)
 {
     ASSERT_UNUSED(resource, resource == this->resource());
     ASSERT(m_async);
 
     if (m_isUsingDataConsumerHandle)
         return;
 
     // TODO(junov): Fix the ThreadableLoader ecosystem to use size_t.
     // Until then, we use safeCast to trap potential overflows.
     handleReceivedData(data, safeCast<unsigned>(dataLength));
+    // |this| may be dead here.
 }
 
 void DocumentThreadableLoader::handleReceivedData(const char* data, size_t dataLength)
 {
     ASSERT(m_client);
 
     // Preflight data should be invisible to clients.
     if (!m_actualRequest.isNull())
         return;
 
     ASSERT(m_fallbackRequestForServiceWorker.isNull());
 
     m_client->didReceiveData(data, dataLength);
+    // |this| may be dead here in async mode.
 }
 
 void DocumentThreadableLoader::notifyFinished(Resource* resource)
 {
     ASSERT(m_client);
     ASSERT(resource == this->resource());
     ASSERT(m_async);
 
     if (resource->errorOccurred()) {
         handleError(resource->resourceError());
+        // |this| may be dead here.
     } else {
         handleSuccessfulFinish(resource->identifier(), resource->loadFinishTime());
+        // |this| may be dead here.
     }
 }
 
 void DocumentThreadableLoader::handleSuccessfulFinish(unsigned long identifier, double finishTime)
 {
     ASSERT(m_fallbackRequestForServiceWorker.isNull());
 
     if (!m_actualRequest.isNull()) {
         // FIXME: Timeout should be applied to whole fetch, not for each of
         // preflight and actual request.
         m_timeoutTimer.stop();
         ASSERT(!m_sameOriginRequest);
         ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl);
         loadActualRequest();
+        // |this| may be dead here in async mode.
         return;
     }
 
     ThreadableLoaderClient* client = m_client;
     // Protect the resource in |didFinishLoading| in order not to release the
     // downloaded file.
-    Persistent<Resource> protect = resource();
+    Persistent<Resource> resource = m_resource;
     clear();
     client->didFinishLoading(identifier, finishTime);
+    // |this| may be dead here in async mode.
 }
 
 void DocumentThreadableLoader::didTimeout(TimerBase* timer)
 {
     ASSERT_UNUSED(timer, timer == &m_timeoutTimer);
 
     // Using values from net/base/net_error_list.h ERR_TIMED_OUT,
     // Same as existing FIXME above - this error should be coming from FrameLoaderClient to be identifiable.
     static const int timeoutError = -7;
     ResourceError error("net", timeoutError, resource()->url(), String());
     error.setIsTimeout(true);
     cancelWithError(error);
+    // |this| may be dead here.
 }
 
 void DocumentThreadableLoader::loadFallbackRequestForServiceWorker()
 {
     clearResource();
     ResourceRequest fallbackRequest(m_fallbackRequestForServiceWorker);
     m_fallbackRequestForServiceWorker = ResourceRequest();
     dispatchInitialRequest(fallbackRequest);
+    // |this| may be dead here in async mode.
 }
 
 void DocumentThreadableLoader::loadActualRequest()
 {
     ResourceRequest actualRequest = m_actualRequest;
     ResourceLoaderOptions actualOptions = m_actualOptions;
     m_actualRequest = ResourceRequest();
     m_actualOptions = ResourceLoaderOptions();
 
     actualRequest.setHTTPOrigin(getSecurityOrigin());
 
     clearResource();
 
     // Explicitly set the SkipServiceWorker flag here. Even if the page was not
     // controlled by a SW when the preflight request was sent, a new SW may be
     // controlling the page now by calling clients.claim(). We should not send
     // the actual request to the SW. https://crbug.com/604583
     actualRequest.setSkipServiceWorker(WebURLRequest::SkipServiceWorker::All);
 
     loadRequest(actualRequest, actualOptions);
+    // |this| may be dead here in async mode.
 }
 
 void DocumentThreadableLoader::handlePreflightFailure(const String& url, const String& errorDescription)
 {
     ResourceError error(errorDomainBlinkInternal, 0, url, errorDescription);
 
     // Prevent handleSuccessfulFinish() from bypassing access check.
     m_actualRequest = ResourceRequest();
 
     ThreadableLoaderClient* client = m_client;
     clear();
     client->didFailAccessControlCheck(error);
+    // |this| may be dead here in async mode.
 }
 
 void DocumentThreadableLoader::handleError(const ResourceError& error)
 {
     // Copy the ResourceError instance to make it sure that the passed
     // ResourceError is alive during didFail() even when the Resource is
     // destructed during didFail().
     ResourceError copiedError = error;
 
     ThreadableLoaderClient* client = m_client;
     clear();
     client->didFail(copiedError);
+    // |this| may be dead here.
 }
 
 void DocumentThreadableLoader::loadRequest(const ResourceRequest& request, ResourceLoaderOptions resourceLoaderOptions)
 {
     // Any credential should have been removed from the cross-site requests.
     const KURL& requestURL = request.url();
     ASSERT(m_sameOriginRequest || requestURL.user().isEmpty());
     ASSERT(m_sameOriginRequest || requestURL.pass().isEmpty());
 
     // Update resourceLoaderOptions with enforced values.
@@ skipping 15 matching lines @@
         WeakPtr<DocumentThreadableLoader> self(m_weakFactory.createWeakPtr());
 
         if (request.requestContext() == WebURLRequest::RequestContextVideo || request.requestContext() == WebURLRequest::RequestContextAudio)
             setResource(RawResource::fetchMedia(newRequest, document().fetcher()));
         else if (request.requestContext() == WebURLRequest::RequestContextManifest)
             setResource(RawResource::fetchManifest(newRequest, document().fetcher()));
         else
             setResource(RawResource::fetch(newRequest, document().fetcher()));
 
         // setResource() might call notifyFinished() synchronously, and thus
+        // clear() might be called and |this| may be dead here.
         if (!self)
             return;
 
         if (!resource()) {
             InspectorInstrumentation::documentThreadableLoaderFailedToStartLoadingForClient(m_document, m_client);
             ThreadableLoaderClient* client = m_client;
             clear();
             // setResource() might call notifyFinished() and thus clear()
             // synchronously, and in such cases ThreadableLoaderClient is
             // already notified and |client| is null.
             if (!client)
                 return;
             client->didFail(ResourceError(errorDomainBlinkInternal, 0, requestURL.getString(), "Failed to start loading."));
+            // |this| may be dead here.
             return;
         }
 
         if (resource()->loader()) {
             unsigned long identifier = resource()->identifier();
             InspectorInstrumentation::documentThreadableLoaderStartedLoadingForClient(m_document, identifier, m_client);
         } else {
             InspectorInstrumentation::documentThreadableLoaderFailedToStartLoadingForClient(m_document, m_client);
         }
         return;
@@ skipping 74 matching lines @@
 {
     return m_securityOrigin ? m_securityOrigin.get() : document().getSecurityOrigin();
 }
 
 Document& DocumentThreadableLoader::document() const
 {
     ASSERT(m_document);
     return *m_document;
 }
 
-DEFINE_TRACE(DocumentThreadableLoader)
-{
-    visitor->trace(m_resource);
-    visitor->trace(m_document);
-    ThreadableLoader::trace(visitor);
-}
-
 } // namespace blink