Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2628133002:
When a proxy is detached, immediately delete its associated provisional frame. (Closed)
|
Created:
3 years, 11 months ago by alexmos Modified:
3 years, 11 months ago Reviewers:
Charlie Reis CC:
chromium-reviews, nasko+codewatch_chromium.org, mlamouri+watch-content_chromium.org, jam, darin-cc_chromium.org, creis+watch_chromium.org, site-isolation-reviews_chromium.org Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
DescriptionWhen a proxy is detached, immediately delete the associated provisional frame.
This provides an alternate, more robust fix for race conditions in
issues 526304 and 568676, avoiding early returns in OnNavigate and
didCommitProvisionalLoad when a provisional frame's proxy is detached.
Instead, the RenderFrameProxy now tracks a provisional frame that
would replace it if it commits, and cleans it up immediately if it
gets detached. Likewise, if the provisional frame is destroyed before
commit (e.g., if the pending navigation is canceled), it unassigns
itself as the proxy's provisional frame.
RenderFrameProxy previously maintained frame_routing_id_, which is
currently unused, so the new provisional_frame_routing_id_ replaces
it.
BUG=487872, 526304, 568676, 660622
Review-Url: https://codereview.chromium.org/2628133002
Cr-Commit-Position: refs/heads/master@{#445515}
Committed: https://chromium.googlesource.com/chromium/src/+/f076d91e660f7289f0ee4bbda0cd1f89563760f3
Patch Set 1 #Patch Set 2 : Tweaks #Patch Set 3 : Remove (hopefully unnecessary) null check #
Total comments: 10
Patch Set 4 : Rebase #Patch Set 5 : Charlie's nit #
Messages
Total messages: 32 (27 generated)
The CQ bit was checked by alexmos@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: chromeos_daisy_chromium_compile_only_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromeos_daisy_...) linux_chromium_chromeos_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by alexmos@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
Description was changed from ========== When a proxy is detached, immediately delete its associated provisional frame. BUG= ========== to ========== When a proxy is detached, immediately delete its associated provisional frame. This gives an alternate, more robust fix for race conditions in issues 526304 and 568676, avoiding early returns in OnNavigate and didCommitProvisionalLoad when a provisional frame's proxy is detached. BUG=487872,526304,568676,660622 ==========
The CQ bit was checked by alexmos@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Description was changed from ========== When a proxy is detached, immediately delete its associated provisional frame. This gives an alternate, more robust fix for race conditions in issues 526304 and 568676, avoiding early returns in OnNavigate and didCommitProvisionalLoad when a provisional frame's proxy is detached. BUG=487872,526304,568676,660622 ========== to ========== When a proxy is detached, immediately delete the associated provisional frame. This provides an alternate, more robust fix for race conditions in issues 526304 and 568676, avoiding early returns in OnNavigate and didCommitProvisionalLoad when a provisional frame's proxy is detached. Instead, the RenderFrameProxy now tracks a provisional frame that would replace it if it commits, and cleans it up immediately if it gets detached. Likewise, if the provisional frame is destroyed before commit (e.g., if the pending navigation is canceled), it unassigns itself as the proxy's provisional frame. RenderFrameProxy previously maintained frame_routing_id_, which is currently unused, so the new provisional_frame_routing_id_ replaces it. BUG=487872,526304,568676,660622 ==========
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
The CQ bit was checked by alexmos@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
alexmos@chromium.org changed reviewers: + creis@chromium.org
Hey Charlie, this is the followup we discussed in https://codereview.chromium.org/2619123002. Let me know what you think, especially whether the new CHECKs make sense. https://codereview.chromium.org/2628133002/diff/40001/content/browser/site_pe... File content/browser/site_per_process_browsertest.cc (right): https://codereview.chromium.org/2628133002/diff/40001/content/browser/site_pe... content/browser/site_per_process_browsertest.cc:6225: IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, NavigateAboutBlankAndDetach) { This test was disabled in https://crbug.com/660622, but it's passing for me locally, so I don't know if something fixed it since then. I'd like to try and re-enable it here since it also tackles the same case of removing the proxy in a remote-to-local navigation. I made it a little more robust by waiting for the subframe to be deleted, rather than for its navigation to succeed, which might have caused some raciness (not sure). We can take another look at it if it starts failing again. https://codereview.chromium.org/2628133002/diff/40001/content/renderer/render... File content/renderer/render_frame_impl.cc (right): https://codereview.chromium.org/2628133002/diff/40001/content/renderer/render... content/renderer/render_frame_impl.cc:1001: if (!proxy) This one is still necessary: if the proxy was detached after the provisional frame's FrameMsg_CreateFrame was sent but before it arrived, we still need to abort the frame creation. https://codereview.chromium.org/2628133002/diff/40001/content/renderer/render... File content/renderer/render_frame_proxy.h (right): https://codereview.chromium.org/2628133002/diff/40001/content/renderer/render... content/renderer/render_frame_proxy.h:188: int provisional_frame_routing_id_; frame_routing_id_ was unused, so I just took it out in favor of provisional_frame_routing_id_. https://codereview.chromium.org/2628133002/diff/40001/content/renderer/render... File content/renderer/render_view_browsertest.cc (left): https://codereview.chromium.org/2628133002/diff/40001/content/renderer/render... content/renderer/render_view_browsertest.cc:893: provisional_frame->Navigate(common_params, StartNavigationParams(), I didn't find a way to test this Navigate() call anymore, given that the frame is gone, so I just repurposed the test to check that the frame was deleted. (The only thing we could still test would be to see if OnNavigate would be dropped for a non-existent frame, but I don't know if that's possible to do in a RenderViewTest)
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
Thanks, and sorry for the delay! LGTM. https://codereview.chromium.org/2628133002/diff/40001/content/browser/site_pe... File content/browser/site_per_process_browsertest.cc (right): https://codereview.chromium.org/2628133002/diff/40001/content/browser/site_pe... content/browser/site_per_process_browsertest.cc:6225: IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, NavigateAboutBlankAndDetach) { On 2017/01/13 02:26:54, alexmos wrote: > This test was disabled in https://crbug.com/660622, but it's passing for me > locally, so I don't know if something fixed it since then. I'd like to try and > re-enable it here since it also tackles the same case of removing the proxy in a > remote-to-local navigation. I made it a little more robust by waiting for the > subframe to be deleted, rather than for its navigation to succeed, which might > have caused some raciness (not sure). We can take another look at it if it > starts failing again. Acknowledged. https://codereview.chromium.org/2628133002/diff/40001/content/renderer/render... File content/renderer/render_frame_impl.cc (right): https://codereview.chromium.org/2628133002/diff/40001/content/renderer/render... content/renderer/render_frame_impl.cc:1001: if (!proxy) On 2017/01/13 02:26:54, alexmos wrote: > This one is still necessary: if the proxy was detached after the provisional > frame's FrameMsg_CreateFrame was sent but before it arrived, we still need to > abort the frame creation. Yes, since this is a static method. Agreed. https://codereview.chromium.org/2628133002/diff/40001/content/renderer/render... content/renderer/render_frame_impl.cc:3139: CHECK_EQ(proxy->provisional_frame_routing_id(), routing_id_); I'm ok with these checks-- I agree with the reasoning. nit: routing_id_ seems like the expected value to me, so maybe swap the order of the parameters to CHECK_EQ? https://codereview.chromium.org/2628133002/diff/40001/content/renderer/render... File content/renderer/render_frame_proxy.h (right): https://codereview.chromium.org/2628133002/diff/40001/content/renderer/render... content/renderer/render_frame_proxy.h:188: int provisional_frame_routing_id_; On 2017/01/13 02:26:54, alexmos wrote: > frame_routing_id_ was unused, so I just took it out in favor of > provisional_frame_routing_id_. Acknowledged. https://codereview.chromium.org/2628133002/diff/40001/content/renderer/render... File content/renderer/render_view_browsertest.cc (left): https://codereview.chromium.org/2628133002/diff/40001/content/renderer/render... content/renderer/render_view_browsertest.cc:893: provisional_frame->Navigate(common_params, StartNavigationParams(), On 2017/01/13 02:26:54, alexmos wrote: > I didn't find a way to test this Navigate() call anymore, given that the frame > is gone, so I just repurposed the test to check that the frame was deleted. > (The only thing we could still test would be to see if OnNavigate would be > dropped for a non-existent frame, but I don't know if that's possible to do in a > RenderViewTest) Acknowledged.
The CQ bit was checked by alexmos@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
Thanks, I'm going to land this now that we've branched. https://codereview.chromium.org/2628133002/diff/40001/content/renderer/render... File content/renderer/render_frame_impl.cc (right): https://codereview.chromium.org/2628133002/diff/40001/content/renderer/render... content/renderer/render_frame_impl.cc:3139: CHECK_EQ(proxy->provisional_frame_routing_id(), routing_id_); On 2017/01/18 00:18:41, Charlie Reis wrote: > I'm ok with these checks-- I agree with the reasoning. > > nit: routing_id_ seems like the expected value to me, so maybe swap the order of > the parameters to CHECK_EQ? Done.
The CQ bit was checked by alexmos@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from creis@chromium.org Link to the patchset: https://codereview.chromium.org/2628133002/#ps80001 (title: "Charlie's nit")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
CQ is committing da patch.
Bot data: {"patchset_id": 80001, "attempt_start_ts": 1485210083880150,
"parent_rev": "2ec369bd8d2542a0e163c2b5efe647a54ef69ae6", "commit_rev":
"f076d91e660f7289f0ee4bbda0cd1f89563760f3"}
Message was sent while issue was closed.
Description was changed from ========== When a proxy is detached, immediately delete the associated provisional frame. This provides an alternate, more robust fix for race conditions in issues 526304 and 568676, avoiding early returns in OnNavigate and didCommitProvisionalLoad when a provisional frame's proxy is detached. Instead, the RenderFrameProxy now tracks a provisional frame that would replace it if it commits, and cleans it up immediately if it gets detached. Likewise, if the provisional frame is destroyed before commit (e.g., if the pending navigation is canceled), it unassigns itself as the proxy's provisional frame. RenderFrameProxy previously maintained frame_routing_id_, which is currently unused, so the new provisional_frame_routing_id_ replaces it. BUG=487872,526304,568676,660622 ========== to ========== When a proxy is detached, immediately delete the associated provisional frame. This provides an alternate, more robust fix for race conditions in issues 526304 and 568676, avoiding early returns in OnNavigate and didCommitProvisionalLoad when a provisional frame's proxy is detached. Instead, the RenderFrameProxy now tracks a provisional frame that would replace it if it commits, and cleans it up immediately if it gets detached. Likewise, if the provisional frame is destroyed before commit (e.g., if the pending navigation is canceled), it unassigns itself as the proxy's provisional frame. RenderFrameProxy previously maintained frame_routing_id_, which is currently unused, so the new provisional_frame_routing_id_ replaces it. BUG=487872,526304,568676,660622 Review-Url: https://codereview.chromium.org/2628133002 Cr-Commit-Position: refs/heads/master@{#445515} Committed: https://chromium.googlesource.com/chromium/src/+/f076d91e660f7289f0ee4bbda0cd... ==========
Message was sent while issue was closed.
Committed patchset #5 (id:80001) as https://chromium.googlesource.com/chromium/src/+/f076d91e660f7289f0ee4bbda0cd... |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
