Switch RemoteWindowProxy to use v8::Context::NewRemoteContext.

third_party/WebKit/Source/bindings/core/v8/LocalWindowProxy.cpp

 /*
  * Copyright (C) 2008, 2009, 2011 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 18 matching lines @@
  */
 
 #include "bindings/core/v8/LocalWindowProxy.h"
 
 #include "bindings/core/v8/ConditionalFeatures.h"
 #include "bindings/core/v8/DOMWrapperWorld.h"
 #include "bindings/core/v8/ScriptController.h"
 #include "bindings/core/v8/ToV8.h"
 #include "bindings/core/v8/V8Binding.h"
 #include "bindings/core/v8/V8DOMActivityLogger.h"
+#include "bindings/core/v8/V8GCForContextDispose.h"
 #include "bindings/core/v8/V8HTMLDocument.h"
 #include "bindings/core/v8/V8HiddenValue.h"
 #include "bindings/core/v8/V8Initializer.h"
+#include "bindings/core/v8/V8PagePopupControllerBinding.h"
 #include "bindings/core/v8/V8PrivateProperty.h"
 #include "bindings/core/v8/V8Window.h"
 #include "core/dom/Modulator.h"
 #include "core/frame/LocalFrame.h"
 #include "core/frame/csp/ContentSecurityPolicy.h"
 #include "core/html/DocumentNameCollection.h"
 #include "core/html/HTMLIFrameElement.h"
 #include "core/inspector/MainThreadDebugger.h"
 #include "core/loader/FrameLoader.h"
 #include "core/loader/FrameLoaderClient.h"
 #include "core/origin_trials/OriginTrialContext.h"
 #include "platform/Histogram.h"
 #include "platform/RuntimeEnabledFeatures.h"
 #include "platform/ScriptForbiddenScope.h"
 #include "platform/heap/Handle.h"
 #include "platform/instrumentation/tracing/TraceEvent.h"
 #include "platform/weborigin/SecurityOrigin.h"
+#include "v8/include/v8.h"
 #include "wtf/Assertions.h"
-#include <v8.h>
 
 namespace blink {
 
 void LocalWindowProxy::disposeContext(GlobalDetachmentBehavior behavior) {
   if (m_lifecycle != Lifecycle::ContextInitialized)
     return;
 
   ScriptState::Scope scope(m_scriptState.get());
   v8::Local<v8::Context> context = m_scriptState->context();
   // The embedder could run arbitrary code in response to the
   // willReleaseScriptContext callback, so all disposing should happen after
   // it returns.
   frame()->loader().client()->willReleaseScriptContext(context,
                                                        m_world->worldId());
   MainThreadDebugger::instance()->contextWillBeDestroyed(m_scriptState.get());
 
-  WindowProxy::disposeContext(behavior);
+  if (behavior == DetachGlobal) {
+    v8::Local<v8::Context> context = m_scriptState->context();
+    // Clean up state on the global proxy, which will be reused.
+    if (!m_globalProxy.isEmpty()) {
+      // TODO(yukishiino): This DCHECK failed on Canary (M57) and Dev (M56).
+      // We need to figure out why m_globalProxy != context->Global().
+      DCHECK(m_globalProxy == context->Global());
+      DCHECK_EQ(toScriptWrappable(context->Global()),
+                toScriptWrappable(
+                    context->Global()->GetPrototype().As<v8::Object>()));
+      m_globalProxy.get().SetWrapperClassId(0);
+    }
+    V8DOMWrapper::clearNativeInfo(isolate(), context->Global());
+    m_scriptState->detachGlobalObject();
+
+#if DCHECK_IS_ON()
+    didDetachGlobalProxy();
+#endif
+  }
+
+  m_scriptState->disposePerContextData();
+
+  // It's likely that disposing the context has created a lot of
+  // garbage. Notify V8 about this so it'll have a chance of cleaning
+  // it up when idle.
+  V8GCForContextDispose::instance().notifyContextDisposed(
+      frame()->isMainFrame());
+
+  DCHECK(m_lifecycle == Lifecycle::ContextInitialized);
+  m_lifecycle = Lifecycle::ContextDetached;
 }
 
 void LocalWindowProxy::initialize() {
   TRACE_EVENT1("v8", "LocalWindowProxy::initialize", "isMainWindow",
                frame()->isMainFrame());
   SCOPED_BLINK_UMA_HISTOGRAM_TIMER(
       frame()->isMainFrame() ? "Blink.Binding.InitializeMainWindowProxy"
                              : "Blink.Binding.InitializeNonMainWindowProxy");
 
   ScriptForbiddenScope::AllowUserAgentScript allowScript;
@@ skipping 35 matching lines @@
   // If conditional features for window have been queued before the V8 context
   // was ready, then inject them into the context now
   if (m_world->isMainWorld()) {
     installConditionalFeaturesOnWindow(m_scriptState.get());
   }
 
   if (m_world->isMainWorld())
     frame()->loader().dispatchDidClearWindowObjectInMainWorld();
 }
 
+void LocalWindowProxy::setupWindowPrototypeChain() {
+  // Associate the window wrapper object and its prototype chain with the
+  // corresponding native DOMWindow object.
+  // The full structure of the global object's prototype chain is as follows:
+  //
+  // global proxy object [1]
+  //   -- has prototype --> global object (window wrapper object) [2]
+  //   -- has prototype --> Window.prototype
+  //   -- has prototype --> WindowProperties [3]
+  //   -- has prototype --> EventTarget.prototype
+  //   -- has prototype --> Object.prototype
+  //   -- has prototype --> null
+  //
+  // [1] Global proxy object is as known as "outer global object".  It's an
+  //   empty object and remains after navigation.  When navigated, points to
+  //   a different global object as the prototype object.
+  // [2] Global object is as known as "inner global object" or "window wrapper
+  //   object".  The prototype chain between global proxy object and global
+  //   object is NOT observable from user JavaScript code.  All other
+  //   prototype chains are observable.  Global proxy object and global object
+  //   together appear to be the same single JavaScript object.  See also:
+  //     https://wiki.mozilla.org/Gecko:SplitWindow
+  //   global object (= window wrapper object) provides most of Window's DOM
+  //   attributes and operations.  Also global variables defined by user
+  //   JavaScript are placed on this object.  When navigated, a new global
+  //   object is created together with a new v8::Context, but the global proxy
+  //   object doesn't change.
+  // [3] WindowProperties is a named properties object of Window interface.
+
+  LocalDOMWindow* window = frame()->domWindow();
+  const WrapperTypeInfo* wrapperTypeInfo = window->wrapperTypeInfo();
+  v8::Local<v8::Context> context = m_scriptState->context();
+
+  // The global proxy object.  Note this is not the global object.
+  v8::Local<v8::Object> globalProxy = context->Global();
+  CHECK(m_globalProxy == globalProxy);
+  V8DOMWrapper::setNativeInfo(isolate(), globalProxy, wrapperTypeInfo, window);
+  // Mark the handle to be traced by Oilpan, since the global proxy has a
+  // reference to the DOMWindow.
+  m_globalProxy.get().SetWrapperClassId(wrapperTypeInfo->wrapperClassId);
+
+#if DCHECK_IS_ON()
+  didAttachGlobalProxy();
+#endif
+
+  // The global object, aka window wrapper object.
+  v8::Local<v8::Object> windowWrapper =
+      globalProxy->GetPrototype().As<v8::Object>();
+  V8DOMWrapper::setNativeInfo(isolate(), windowWrapper, wrapperTypeInfo,
+                              window);
+
+  // The prototype object of Window interface.
+  v8::Local<v8::Object> windowPrototype =
+      windowWrapper->GetPrototype().As<v8::Object>();
+  CHECK(!windowPrototype.IsEmpty());
+  V8DOMWrapper::setNativeInfo(isolate(), windowPrototype, wrapperTypeInfo,
+                              window);
+
+  // The named properties object of Window interface.
+  v8::Local<v8::Object> windowProperties =
+      windowPrototype->GetPrototype().As<v8::Object>();
+  CHECK(!windowProperties.IsEmpty());
+  V8DOMWrapper::setNativeInfo(isolate(), windowProperties, wrapperTypeInfo,
+                              window);
+
+  // TODO(keishi): Remove installPagePopupController and implement
+  // PagePopupController in another way.
+  V8PagePopupControllerBinding::installPagePopupController(context,
+                                                           windowWrapper);
+}
+
 void LocalWindowProxy::createContext() {
   // Create a new v8::Context with the window object as the global object
   // (aka the inner global).  Reuse the global proxy object (aka the outer
   // global) if it already exists.  See the comments in
   // setupWindowPrototypeChain for the structure of the prototype chain of
   // the global object.
   v8::Local<v8::ObjectTemplate> globalTemplate =
       V8Window::domTemplate(isolate(), *m_world)->InstanceTemplate();
   CHECK(!globalTemplate.IsEmpty());
 
@@ skipping 211 matching lines @@
 
   setSecurityToken(origin);
 }
 
 LocalWindowProxy::LocalWindowProxy(v8::Isolate* isolate,
                                    LocalFrame& frame,
                                    RefPtr<DOMWrapperWorld> world)
     : WindowProxy(isolate, frame, std::move(world)) {}
 
 }  // namespace blink