Issue 268543008: Cross-process iframe accessibility.

Issue 268543008: Cross-process iframe accessibility. (Closed)

Created:
6 years, 7 months ago by dmazzoni

Modified:
6 years, 3 months ago

Reviewers:
Charlie Reis, David Tseng, ncarter (slow), aboxhall, nasko

CC:
chromium-reviews, creis+watch_chromium.org, plundblad+watch_chromium.org, aboxhall+watch_chromium.org, nasko+codewatch_chromium.org, jam, yuzo+watch_chromium.org, darin-cc_chromium.org, dmazzoni+watch_chromium.org, dtseng+watch_chromium.org, site-isolation-reviews_chromium.org

Base URL:
svn://svn.chromium.org/chrome/trunk/src

Visibility:
Public.

More Reviews

Description

Cross-process iframe accessibility. This change completes the plumbing to join cross-process iframes into a single composed accessibility tree on platforms that implement native accessibility APIs (Windows, Mac, Android). Further work will be needed to update some accessibility API implementations to be multi-frame-aware. BUG=368298 Committed: https://crrev.com/387942c041da17ea6337bc0a81e96619e67e4ac4 Cr-Commit-Position: refs/heads/master@{#294118} Committed: https://crrev.com/0b5d2481a5dc4f3a1ed812b174a4da8dde1b64c2 Cr-Commit-Position: refs/heads/master@{#294210}

Patch Set 1 #

Total comments: 5

Patch Set 2 : Rewritten based on RFHI instead of RVHI #

Total comments: 38

Patch Set 3 : Address feedback #

Total comments: 18

Patch Set 4 : Rebase #

Patch Set 5 : Address more feedback #

Total comments: 11

Patch Set 6 : FindByRoutingID #

Total comments: 2

Patch Set 7 : Rebase #

Patch Set 8 : Fix compile error #

Total comments: 2

Patch Set 9 : Fix DumpAccessibilityTree iframe test #

Patch Set 10 : Better fix #

Patch Set 11 : Rebase #

Patch Set 12 : Rebase #

Patch Set 13 : WebFrame to WebLocalFrame #

Patch Set 14 : Rebase #

Patch Set 15 : Don't allow compromised renderer to crash the browser #

Patch Set 16 : Fix typo #

Patch Set 17 : Only run the test on Mac and Linux for now #

Total comments: 1

Patch Set 18 : Rebase #

Patch Set 19 : Rebase #

Patch Set 20 : Patch to re-land #

Patch Set 21 : Let's run the test only on Linux #

Patch Set 22 : Fix compile error #

Created: 6 years, 3 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+557 lines, -117 lines)			Patch
M	content/browser/accessibility/accessibility_tree_formatter.cc	View	1	1 chunk	+1 line, -1 line	0 comments	Download
M	content/browser/accessibility/browser_accessibility.h	View	1 2 3 4 5 6	3 chunks	+18 lines, -6 lines	0 comments	Download
M	content/browser/accessibility/browser_accessibility.cc	View	1 2 3 4 5 6 7 8 9	5 chunks	+30 lines, -2 lines	0 comments	Download
M	content/browser/accessibility/browser_accessibility_manager.h	View	1 2	7 chunks	+19 lines, -17 lines	0 comments	Download
M	content/browser/accessibility/browser_accessibility_manager.cc	View	1 2 3 4 5	4 chunks	+67 lines, -2 lines	0 comments	Download
M	content/browser/accessibility/browser_accessibility_manager_unittest.cc	View	1 2 3 4 5 6 7	1 chunk	+7 lines, -0 lines	0 comments	Download
A	content/browser/accessibility/site_per_process_accessibility_browsertest.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20	1 chunk	+146 lines, -0 lines	0 comments	Download
M	content/browser/frame_host/frame_tree.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14	3 chunks	+18 lines, -18 lines	0 comments	Download
M	content/browser/frame_host/render_frame_host_impl.h	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18	1 chunk	+3 lines, -0 lines	0 comments	Download
M	content/browser/frame_host/render_frame_host_impl.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18	4 chunks	+69 lines, -1 line	0 comments	Download
M	content/browser/frame_host/render_frame_proxy_host.h	View	1 2 3 4	2 chunks	+4 lines, -0 lines	0 comments	Download
M	content/browser/frame_host/render_frame_proxy_host.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15	4 chunks	+29 lines, -1 line	0 comments	Download
M	content/browser/frame_host/render_widget_host_view_child_frame.cc	View	1 2 3 4 5 6 7 8 9 10	2 chunks	+3 lines, -3 lines	0 comments	Download
A	content/browser/site_per_process_browsertest.h	View	1 2 3	1 chunk	+29 lines, -0 lines	0 comments	Download
M	content/browser/site_per_process_browsertest.cc	View	1 2 3 4 5 6 7 8 9 10	3 chunks	+36 lines, -38 lines	0 comments	Download
M	content/browser/web_contents/web_contents_impl.h	View	1	1 chunk	+2 lines, -0 lines	0 comments	Download
M	content/common/accessibility_messages.h	View	1 2	1 chunk	+7 lines, -0 lines	0 comments	Download
M	content/content_tests.gypi	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19	2 chunks	+2 lines, -0 lines	0 comments	Download
M	content/renderer/accessibility/blink_ax_tree_source.h	View	1 2	2 chunks	+8 lines, -0 lines	0 comments	Download
M	content/renderer/accessibility/blink_ax_tree_source.cc	View	1 2 3 4 5 6 7 8 9 10 11 12	6 chunks	+27 lines, -6 lines	0 comments	Download
M	content/renderer/accessibility/renderer_accessibility.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21	2 chunks	+3 lines, -8 lines	0 comments	Download
M	content/renderer/accessibility/renderer_accessibility_complete.cc	View	1 2 3 4 5 6 7 8 9 10	1 chunk	+2 lines, -0 lines	0 comments	Download
M	content/renderer/render_frame_impl.h	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19	1 chunk	+2 lines, -0 lines	0 comments	Download
M	content/renderer/render_frame_impl.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19	1 chunk	+5 lines, -0 lines	0 comments	Download
M	content/renderer/render_view_impl.h	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18	1 chunk	+0 lines, -2 lines	0 comments	Download
M	content/renderer/render_view_impl.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18	1 chunk	+0 lines, -5 lines	0 comments	Download
M	content/test/accessibility_browser_test_utils.h	View	1	2 chunks	+3 lines, -1 line	0 comments	Download
M	content/test/accessibility_browser_test_utils.cc	View	1	3 chunks	+17 lines, -6 lines	0 comments	Download

Messages

Total messages: 70 (10 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

dmazzoni

This change depends on: https://codereview.chromium.org/252253002/ creis: I think this is a good start, but I ...

6 years, 7 months ago (2014-05-02 06:24:27 UTC) #1

Charlie Reis

Cool! Thanks for working on this. I'm going to ask Nick to help with the ...

6 years, 7 months ago (2014-05-02 15:51:44 UTC) #2

dmazzoni

On Fri, May 2, 2014 at 8:51 AM, <creis@chromium.org> wrote: > Cool! Thanks for working ...

6 years, 7 months ago (2014-05-02 16:31:20 UTC) #3

Charlie Reis

On 2014/05/02 16:31:20, dmazzoni wrote: > On Fri, May 2, 2014 at 8:51 AM, <mailto:creis@chromium.org> ...

6 years, 7 months ago (2014-05-02 16:34:50 UTC) #4

On 2014/05/02 16:31:20, dmazzoni wrote:
> On Fri, May 2, 2014 at 8:51 AM, <mailto:creis@chromium.org> wrote:
> 
> > Cool!  Thanks for working on this.
> >
> > I'm going to ask Nick to help with the review, since he's been looking at
> > how to
> > make writing these tests easier for others.  He also may be able to help
> > with
> > the CrossProcessFrameConnector question, but we can loop in kenrb@ if
> > not.  One
> > possibility may be moving OnAccessibilityEvents from RenderViewHostImpl to
> > RenderFrameHostImpl.
> >
> 
> Does RenderFrameHostImpl have access to the RenderWidgetHostView? I could
> move all of the accessibility code to RenderFrameHostImpl if so.

Yes.  RenderFrameHostImpl is a friend class of RenderViewHostImpl for now, until
we move everything related (including the widget) over.  Moving it sounds good
to me.

> 
> Note that Nasko has recently landed an update to SitePerProcessBrowserTest
> > so
> > that StartAtDataURL isn't necessary anymore.  See the CrossSiteIframe
> > test; we
> > haven't updated the others yet.
> >
> 
> Yeah, I snapshotted it over a week ago. Do you think other
> features/components other than accessibility might want to do a site
> isolation browser test? I was thinking it might be nice to define a generic
> site isolation test with a clean public interface, making it easy for
> anyone to write a test of site isolation as easily as:
> 
> {
>   ... do pre-initialization ...
>   LoadChildFrameInSameProcess();
>   RenderViewHostImpl* main_frame = GetMainFrame();
>   RenderViewHostImpl* child_frame = GetChildFrame();
>   ... make note of some state ...
> 
>   LoadChildFrameInRemoteProcess();
>   main_frame = GetMainFrame();
>   child_frame = GetChildFrame();
>   ... assert that everything still works ...
> }
> 

Yes, this sort of setup will become common and it would be great to have some
simple helper functions for it.  I know Nick has been looking into that, so I'll
let him comment on their form.

ncarter (slow)

https://codereview.chromium.org/268543008/diff/1/content/browser/accessibility/frame_tree_accessibility_browsertest.cc File content/browser/accessibility/frame_tree_accessibility_browsertest.cc (right): https://codereview.chromium.org/268543008/diff/1/content/browser/accessibility/frame_tree_accessibility_browsertest.cc#newcode108 content/browser/accessibility/frame_tree_accessibility_browsertest.cc:108: bool NavigateIframeToURL(Shell* window, One OKR we have for this ...

6 years, 7 months ago (2014-05-02 19:10:01 UTC) #5

dmazzoni

Thanks for the feedback - I will get to the specific comments in this changelist ...

6 years, 7 months ago (2014-05-06 06:55:12 UTC) #6

nasko

On 2014/05/06 06:55:12, dmazzoni wrote: > Thanks for the feedback - I will get to ...

6 years, 7 months ago (2014-05-06 13:57:10 UTC) #7

On 2014/05/06 06:55:12, dmazzoni wrote:
> Thanks for the feedback - I will get to the specific comments in this
> changelist once I've finished restructuring things a bit.

Do you mind cc'ing me on that CL? I just want to lurk.

> I started a separate change to migrate all of the accessibility code from
> RenderWidgetHostImpl and RenderViewHostImpl to RenderFrameHostImpl, that
> seems like a good idea and a prereq to get frame tree accessibility right.
> One question - previously we'd set an accessibility mode for the widget,
> and that would persist across all frames and page navigations. Where's the
> right place to store this mode so that all new RenderFrameHostImpls within
> the same page are created with the same mode? I thought of storing it in
> WebContentsImpl via RenderFrameHostDelegate, but then InterstitialPageImpl
> also implements RenderFrameHostDelegate and I'm not sure what to do there.
> Maybe the root FrameTreeNode since that persists?

Anything that must persist across navigations and/or is top-level specific
should go to WebContentsImpl. Do we currently preserve accessibility settings
for interstitial pages? To me it seems logical for a tab to keep its settings as
you navigate, even on interstitials, and WebContents is the abstraction for
content in a tab.

> And a related question - what's the right way to call something on all
> RenderFrameHostImpls within a page?

WebContents::ForEachFrame should help you there.
 
> On Fri, May 2, 2014 at 9:34 AM, <mailto:creis@chromium.org> wrote:
> 
> > Does RenderFrameHostImpl have access to the RenderWidgetHostView? I could
> >>
> > move all of the accessibility code to RenderFrameHostImpl if so.
> >>
> >
> > Yes.  RenderFrameHostImpl is a friend class of RenderViewHostImpl for now,
> > until
> > we move everything related (including the widget) over.  Moving it sounds
> > good
> > to me.
> 
> 
> >
> 
> To unsubscribe from this group and stop receiving emails from it, send an
email
> to mailto:chromium-reviews+unsubscribe@chromium.org.

dmazzoni

On Tue, May 6, 2014 at 6:57 AM, <nasko@chromium.org> wrote: > On 2014/05/06 06:55:12, dmazzoni ...

6 years, 7 months ago (2014-05-06 14:13:51 UTC) #8

On Tue, May 6, 2014 at 6:57 AM, <nasko@chromium.org> wrote:

> On 2014/05/06 06:55:12, dmazzoni wrote:
>
>> Thanks for the feedback - I will get to the specific comments in this
>> changelist once I've finished restructuring things a bit.
>>
>
> Do you mind cc'ing me on that CL? I just want to lurk.

Sure, I'll upload it as soon as I get it to work. :)

>  I started a separate change to migrate all of the accessibility code from
>> RenderWidgetHostImpl and RenderViewHostImpl to RenderFrameHostImpl, that
>> seems like a good idea and a prereq to get frame tree accessibility right.
>> One question - previously we'd set an accessibility mode for the widget,
>> and that would persist across all frames and page navigations. Where's the
>> right place to store this mode so that all new RenderFrameHostImpls within
>> the same page are created with the same mode? I thought of storing it in
>> WebContentsImpl via RenderFrameHostDelegate, but then InterstitialPageImpl
>> also implements RenderFrameHostDelegate and I'm not sure what to do there.
>> Maybe the root FrameTreeNode since that persists?
>>
>
> Anything that must persist across navigations and/or is top-level specific
> should go to WebContentsImpl. Do we currently preserve accessibility
> settings
> for interstitial pages? To me it seems logical for a tab to keep its
> settings as
> you navigate, even on interstitials, and WebContents is the abstraction for
> content in a tab.

OK, I'll move the state to WebContentsImpl. What I don't understand is the
exact relationship between InterstitialPageImpl and WebContentsImpl, since
InterstitialPageImpl implements RenderFrameHostDelegate. If I use
RenderFrameHostDelegate as the way for a RenderFrameHostImpl to get the
state from WebContentsImpl, then what happens when it's showing an
interstitial page and InterstitialPageImpl implements the delegate? Is it
ok to just forward the request to the WebContentsImpl?

And a related question - what's the right way to call something on all
>> RenderFrameHostImpls within a page?
>>
>
> WebContents::ForEachFrame should help you there.

Perfect, makes sense.

- Dominic

To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

chromium-reviews

Hey Dominic, Sorry for the late reply, this email somehow slipped through the cracks : ...

6 years, 7 months ago (2014-05-08 16:30:58 UTC) #9

Hey Dominic,
Sorry for the late reply, this email somehow slipped through the cracks :
(. Comments inline.

On Tue, May 6, 2014 at 7:13 AM, Dominic Mazzoni <dmazzoni@chromium.org>wrote:

> On Tue, May 6, 2014 at 6:57 AM, <nasko@chromium.org> wrote:
>
>> On 2014/05/06 06:55:12, dmazzoni wrote:
>>
>>> Thanks for the feedback - I will get to the specific comments in this
>>> changelist once I've finished restructuring things a bit.
>>>
>>
>> Do you mind cc'ing me on that CL? I just want to lurk.
>
>
> Sure, I'll upload it as soon as I get it to work. :)
>
>
>>  I started a separate change to migrate all of the accessibility code
>>> from
>>> RenderWidgetHostImpl and RenderViewHostImpl to RenderFrameHostImpl, that
>>> seems like a good idea and a prereq to get frame tree accessibility
>>> right.
>>> One question - previously we'd set an accessibility mode for the widget,
>>> and that would persist across all frames and page navigations. Where's
>>> the
>>> right place to store this mode so that all new RenderFrameHostImpls
>>> within
>>> the same page are created with the same mode? I thought of storing it in
>>> WebContentsImpl via RenderFrameHostDelegate, but then
>>> InterstitialPageImpl
>>> also implements RenderFrameHostDelegate and I'm not sure what to do
>>> there.
>>> Maybe the root FrameTreeNode since that persists?
>>>
>>
>> Anything that must persist across navigations and/or is top-level specific
>> should go to WebContentsImpl. Do we currently preserve accessibility
>> settings
>> for interstitial pages? To me it seems logical for a tab to keep its
>> settings as
>> you navigate, even on interstitials, and WebContents is the abstraction
>> forSetIsLoading
>> content in a tab.
>
>
> OK, I'll move the state to WebContentsImpl. What I don't understand is the
> exact relationship between InterstitialPageImpl and WebContentsImpl, since
> InterstitialPageImpl implements RenderFrameHostDelegate. If I use
> RenderFrameHostDelegate as the way for a RenderFrameHostImpl to get the
> state from WebContentsImpl, then what happens when it's showing an
> interstitial page and InterstitialPageImpl implements the delegate? Is it
> ok to just forward the request to the WebContentsImpl?
>

InterstitialPageImpl can't talk directly to WebContentsImpl, it has to go
through the public interface. The interstitial is owned by the
RenderFrameHostManager, but it is attached going through
WebContentsImpl::AttachInterstitialPage. I think it is reasonable for
InterstitialPageImpl to have a method to receive the settings you are
interested in and then return them back from calls to
RenderFrameHostDelegate methods.


> And a related question - what's the right way to call something on all
>>> RenderFrameHostImpls within a page?
>>>
>>
>> WebContents::ForEachFrame should help you there.
>
>
> Perfect, makes sense.
>
> - Dominic
>
>

To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

nasko

Hey Dominic, Sorry for the late reply, this somehow slipped through the cracks : (. ...

6 years, 7 months ago (2014-05-08 16:32:54 UTC) #10

dmazzoni

On Thu, May 8, 2014 at 9:30 AM, Nasko Oskov <nasko@google.com> wrote: > InterstitialPageImpl can't ...

6 years, 7 months ago (2014-05-08 17:23:41 UTC) #11

chromium-reviews

On Thu, May 8, 2014 at 10:23 AM, Dominic Mazzoni <dmazzoni@chromium.org>wrote: > On Thu, May ...

6 years, 7 months ago (2014-05-08 17:50:50 UTC) #12

dmazzoni

On Thu, May 8, 2014 at 10:50 AM, Nasko Oskov <nasko@google.com> wrote: > WCI has ...

6 years, 7 months ago (2014-05-08 19:20:37 UTC) #13

chromium-reviews

This may be a stupid question, but is there a way to enumerate all WebContents? ...

6 years, 7 months ago (2014-05-09 16:46:48 UTC) #14

chromium-reviews

On Fri, May 9, 2014 at 9:46 AM, Dominic Mazzoni <dmazzoni@google.com> wrote: > This may ...

6 years, 7 months ago (2014-05-09 16:54:52 UTC) #15

On Fri, May 9, 2014 at 9:46 AM, Dominic Mazzoni <dmazzoni@google.com> wrote:

> This may be a stupid question, but is there a way to enumerate all
> WebContents?
>
There are no stupid questions. I don't know of any such way in the content/
layer.

> Previously we had code to enumerate every RWH and toggle the accessibility
> mode. If we move that state to the WebContents, we need an equivalent way
> to hit all of them.
>
> Are there any RWHs we'd miss if we enumerated all WCs and set the
> accessibility mode on each frame for each one?
>
> None of this really mattered before when for the most part there was one
> RWH per WC.
>
I'd like to hear if John or Charlie have other ideas or whether it makes
sense to have a way to iterate all WebContents.

Without changes to WC, you can still use your current iteration through
RWHs and use WebContents::FromRenderViewHost to get to its WebContents
(after checking that the RWH is RVH). It might meant that you call multiple
times on the same WC, but this can be easily avoided by creating a set of
WC while iterating RWHs and using the set to toggle accessibility.

>  On May 8, 2014 12:20 PM, "Dominic Mazzoni" <dmazzoni@chromium.org> wrote:
>
>> On Thu, May 8, 2014 at 10:50 AM, Nasko Oskov <nasko@google.com> wrote:
>>
>>> WCI has GetInterstitialPage() method that will give you the page if it
>>> is displaying.
>>>
>>>>
>>>> Is there any reason we couldn't have an InterstitialPageDelegate that
>>>> WebContentsImpl could implement, providing a direct solution?
>>>>
>>>
>>> They are technically peers, as they both embed the structures needed to
>>> display a page (frame tree, RFH, and such). The relationship there is not
>>> the best I think, but I don't have any cycles to do anything about it.
>>>
>>
>> Thanks, I think it all makes sense now.
>>
>>

To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

chromium-reviews

On Fri, May 9, 2014 at 9:54 AM, Nasko Oskov <nasko@google.com> wrote: > Without changes ...

6 years, 7 months ago (2014-05-09 18:20:23 UTC) #16

Charlie Reis

On Fri, May 9, 2014 at 11:20 AM, Dominic Mazzoni <dmazzoni@google.com>wrote: > On Fri, May ...

6 years, 7 months ago (2014-05-09 19:10:26 UTC) #17

jam

On Fri, May 9, 2014 at 12:10 PM, Charlie Reis <creis@chromium.org> wrote: > > On ...

6 years, 7 months ago (2014-05-09 22:15:18 UTC) #18

On Fri, May 9, 2014 at 12:10 PM, Charlie Reis <creis@chromium.org> wrote:

>
> On Fri, May 9, 2014 at 11:20 AM, Dominic Mazzoni <dmazzoni@google.com>wrote:
>
>> On Fri, May 9, 2014 at 9:54 AM, Nasko Oskov <nasko@google.com> wrote:
>>
>>> Without changes to WC, you can still use your current iteration through
>>> RWHs and use WebContents::FromRenderViewHost to get to its WebContents
>>> (after checking that the RWH is RVH). It might meant that you call multiple
>>> times on the same WC, but this can be easily avoided by creating a set of
>>> WC while iterating RWHs and using the set to toggle accessibility.
>>>
>>
>> Yes, I thought about doing this but it made me think I might be doing
>> something wrong.
>>
>> If there aren't any objections, I think I'd prefer to just write a helper
>> function to get all WebContents. I took a quick glance through the code to
>> see other uses of GetRenderWidgetHosts(), and I think there might be some
>> other cases where it might be preferable to iterate over WebContents
>> instead.
>>
>
> Seems reasonable to me, though we should get John's thoughts/approval.
>

The problem with having a method of getting all WebContents, or getting
notified when they're created, is that it leads to layering violations.
i.e. code in src\apps starts watching for WebContents that are created from
src\chrome. After seeing some of these layering violations, we removed the
global hooks to get notified when WCs are created (code was using it to
maintain a list).

If the accessibility code wants to enable a flag for all WC, where is this
code, in chrome or content? If in chrome, can it iterate across all the
tabs in all the browser objects?

GetRenderWidgetHosts allows layering violations for the same reason, so it
would be great to remove that.

>
>
>>
>> KeyboardController::NotifyKeyboardBoundsChanging seems to assume that
>> RWH->GetView()->GetNativeView will always return something, but that
>> wouldn't be true of a RWHVChildFrame, right?
>>
>
>> GuestInformation::GetAll seems to assume there's one WebContents per RWH,
>> it looks like it could end up running its callback on the same WC more than
>> once.
>>
>
> Yeah, that sounds problematic.  There used to be problems with
> GetRenderWidgetHosts() callers including swapped out widgets as well.
>
> Charlie
>
>
>>
>> - Dominic
>>
>>
>

To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

chromium-reviews

On Fri, May 9, 2014 at 3:15 PM, John Abd-El-Malek <jam@chromium.org> wrote: > If the ...

6 years, 7 months ago (2014-05-09 22:22:52 UTC) #19

jam

On Fri, May 9, 2014 at 3:22 PM, Dominic Mazzoni <dmazzoni@google.com> wrote: > On Fri, ...

6 years, 7 months ago (2014-05-09 22:25:19 UTC) #20

chromium-reviews

On Fri, May 9, 2014 at 3:25 PM, John Abd-El-Malek <jam@chromium.org> wrote: > Yep, sure ...

6 years, 7 months ago (2014-05-09 22:27:41 UTC) #21

chromium-reviews

OK, this change is almost ready - I need to rebase and fix a couple ...

6 years, 7 months ago (2014-05-12 15:27:47 UTC) #22

nasko

On Mon, May 12, 2014 at 8:27 AM, Dominic Mazzoni <dmazzoni@google.com>wrote: > OK, this change ...

6 years, 7 months ago (2014-05-12 17:25:29 UTC) #23

chromium-reviews

On Mon, May 12, 2014 at 10:25 AM, Nasko Oskov <nasko@chromium.org> wrote: > >> One ...

6 years, 7 months ago (2014-05-12 17:47:25 UTC) #24

nasko

On Mon, May 12, 2014 at 10:47 AM, Dominic Mazzoni <dmazzoni@google.com>wrote: > On Mon, May ...

6 years, 7 months ago (2014-05-12 17:56:05 UTC) #25

chromium-reviews

On Mon, May 12, 2014 at 10:56 AM, Nasko Oskov <nasko@chromium.org> wrote: > Okay, so ...

6 years, 7 months ago (2014-05-12 18:03:49 UTC) #26

dmazzoni

No, this is the next step, but it needs a lot of work because the ...

6 years, 4 months ago (2014-07-29 20:21:04 UTC) #28

dmazzoni

Thanks for your patience! This is ready for a fresh look. It depends on one ...

6 years, 4 months ago (2014-08-20 17:08:41 UTC) #29

Charlie Reis

Glad it's working now! I'm having a bit of trouble following how this works, though, ...

6 years, 4 months ago (2014-08-20 20:37:14 UTC) #30

dmazzoni

https://codereview.chromium.org/268543008/diff/20001/content/browser/accessibility/browser_accessibility.h File content/browser/accessibility/browser_accessibility.h (right): https://codereview.chromium.org/268543008/diff/20001/content/browser/accessibility/browser_accessibility.h#newcode34 content/browser/accessibility/browser_accessibility.h:34: // Class implementing the cross platform interface for the ...

6 years, 4 months ago (2014-08-20 20:57:18 UTC) #31

https://codereview.chromium.org/268543008/diff/20001/content/browser/accessib...
File content/browser/accessibility/browser_accessibility.h (right):

https://codereview.chromium.org/268543008/diff/20001/content/browser/accessib...
content/browser/accessibility/browser_accessibility.h:34: // Class implementing
the cross platform interface for the Browser-Renderer
On 2014/08/20 20:37:13, Charlie Reis wrote:
> Do we have a separate instance of this class for each FrameTreeNode?  I'm
> unclear why it would have a frame ID member, since this comment makes it sound
> like there's only one for the browser.

Sorry, I haven't updated that comment in years. There's an instance of this for
practically every element on the page. I'll be renaming this AXPlatformNode
soon, and BrowserAccessibilityManager -> AXPlatformTree.

https://codereview.chromium.org/268543008/diff/20001/content/browser/accessib...
content/browser/accessibility/browser_accessibility.h:248: // Identifies the
given frame id as the only child of this node, so
On 2014/08/20 20:37:13, Charlie Reis wrote:
> I don't follow why this would track a single child.  What if there were
> multiple?

This object would correspond to an actual <iframe> element on a page. It'd have
one child, the child frame.

https://codereview.chromium.org/268543008/diff/20001/content/browser/accessib...
content/browser/accessibility/browser_accessibility.h:252: void
SetChildFrameId(int64 child_frame_id);
On 2014/08/20 20:37:13, Charlie Reis wrote:
> nit: FrameId is ambiguous, between a RenderFrame routing ID and a
FrameTreeNode
> ID.  Can you clarify which one you mean, here and below?

Agreed, let me clarify.

https://codereview.chromium.org/268543008/diff/20001/content/browser/accessib...
File content/browser/accessibility/browser_accessibility_manager.h (right):

https://codereview.chromium.org/268543008/diff/20001/content/browser/accessib...
content/browser/accessibility/browser_accessibility_manager.h:260: // frame's
root object.
On 2014/08/20 20:37:13, Charlie Reis wrote:
> This comment is kind of hard to follow.  Maybe it would be clearer with an
> example?

Sure.

I'll work on the comment, but for purposes of your understanding the code
review:

Imagine frame P has an iframe element with node id 37, where that id is relative
to its frame.

The iframe's accessibility tree is this BrowserAccessibilityManager. This field
tells us the id - 37 - of the element that hosts this whole frame in the parent
frame.

This is needed so we can walk back up the tree. If the client requests the
parent of the root of this tree, we need to return the object id=37 from the
parent frame.

dmazzoni

On Wed, Aug 20, 2014 at 1:57 PM, <dmazzoni@chromium.org> wrote: > AXPlatformNode soon, and BrowserAccessibilityManager ...

6 years, 4 months ago (2014-08-20 21:04:10 UTC) #32

Charlie Reis

A few more comments as I start to follow it more. The main questions are ...

6 years, 4 months ago (2014-08-21 19:23:28 UTC) #33

dmazzoni

Thanks for the great feedback! https://codereview.chromium.org/268543008/diff/20001/content/browser/accessibility/browser_accessibility.cc File content/browser/accessibility/browser_accessibility.cc (right): https://codereview.chromium.org/268543008/diff/20001/content/browser/accessibility/browser_accessibility.cc#newcode98 content/browser/accessibility/browser_accessibility.cc:98: child_manager->SetNodeIdInParentFrame(GetId()); On 2014/08/21 19:23:27, ...

6 years, 4 months ago (2014-08-25 06:49:37 UTC) #34

Thanks for the great feedback!

https://codereview.chromium.org/268543008/diff/20001/content/browser/accessib...
File content/browser/accessibility/browser_accessibility.cc (right):

https://codereview.chromium.org/268543008/diff/20001/content/browser/accessib...
content/browser/accessibility/browser_accessibility.cc:98:
child_manager->SetNodeIdInParentFrame(GetId());
On 2014/08/21 19:23:27, Charlie Reis wrote:
> Seems odd to be doing a modification to the child_manager as part of a const
> GetFoo method.  Is there another place this could be set?

I agree this is ugly.

Maybe this is premature optimization. The child frame can just search the parent
frame for the matching node each time. If that search shows up in a code profile
in the future I can always optimize it to cache that id later.

I'll delete node_id_in_parent_frame completely for now.

https://codereview.chromium.org/268543008/diff/20001/content/browser/accessib...
File content/browser/accessibility/browser_accessibility.h (right):

https://codereview.chromium.org/268543008/diff/20001/content/browser/accessib...
content/browser/accessibility/browser_accessibility.h:34: // Class implementing
the cross platform interface for the Browser-Renderer
Comment updated a bit.

https://codereview.chromium.org/268543008/diff/20001/content/browser/accessib...
content/browser/accessibility/browser_accessibility.h:252: void
SetChildFrameId(int64 child_frame_id);
On 2014/08/20 20:57:17, dmazzoni wrote:
> On 2014/08/20 20:37:13, Charlie Reis wrote:
> > nit: FrameId is ambiguous, between a RenderFrame routing ID and a
> FrameTreeNode
> > ID.  Can you clarify which one you mean, here and below?
> 
> Agreed, let me clarify.

Done.

https://codereview.chromium.org/268543008/diff/20001/content/browser/accessib...
File content/browser/accessibility/browser_accessibility_manager.cc (right):

https://codereview.chromium.org/268543008/diff/20001/content/browser/accessib...
content/browser/accessibility/browser_accessibility_manager.cc:73:
node_id_in_parent_frame_(0),
On 2014/08/21 19:23:27, Charlie Reis wrote:
> Let's not use a magic number here, since it's easy to confuse this with the -1
> used elsewhere.

This is also gone now.

https://codereview.chromium.org/268543008/diff/20001/content/browser/accessib...
File content/browser/accessibility/browser_accessibility_manager.h (right):

https://codereview.chromium.org/268543008/diff/20001/content/browser/accessib...
content/browser/accessibility/browser_accessibility_manager.h:33: const int
kNoFrameId = -1;
On 2014/08/21 19:23:27, Charlie Reis wrote:
> This is a bit ambiguous for a content-wide constant.  Beyond clarifying frame
> routing ID vs FrameTreeNode ID vs node ID, we should probably add "Ax" in the
> name.

WIth the other changes, this is only needed in browser_accessibility.cc now.
Frame tree node ids start at 1, so maybe we don't need a constant at all? I can
just document that it's only valid if nonzero.

https://codereview.chromium.org/268543008/diff/20001/content/browser/accessib...
content/browser/accessibility/browser_accessibility_manager.h:260: // frame's
root object.
This is gone now.

https://codereview.chromium.org/268543008/diff/20001/content/browser/accessib...
File content/browser/accessibility/site_per_process_accessibility_browsertest.cc
(right):

https://codereview.chromium.org/268543008/diff/20001/content/browser/accessib...
content/browser/accessibility/site_per_process_accessibility_browsertest.cc:33:
// TODO(dmazzoni): share this with site_per_process_browsertest.cc
On 2014/08/21 19:23:27, Charlie Reis wrote:
> Can you subclass SitePerProcessBrowserTest, or is something like DEPS
preventing
> that?
> 
> We can abstract it out into useful test utilities if needed.

Done.

https://codereview.chromium.org/268543008/diff/20001/content/browser/accessib...
content/browser/accessibility/site_per_process_accessibility_browsertest.cc:119:
EXPECT_NE(shell()->web_contents()->GetRenderViewHost(), rvh);
On 2014/08/21 19:23:27, Charlie Reis wrote:
> Many of these checks are redundant with the CrossSiteIframe test.  We can just
> verify that the frame has a different SiteInstance and move on to the
> interesting accessibility checks.

Sounds good.

I deleted the ones that seemed the most redundant. Let me know if there's more
you think is unnecessary.

https://codereview.chromium.org/268543008/diff/20001/content/browser/frame_ho...
File content/browser/frame_host/render_frame_host_impl.cc (right):

https://codereview.chromium.org/268543008/diff/20001/content/browser/frame_ho...
content/browser/frame_host/render_frame_host_impl.cc:464: RenderFrameHostImpl*
render_frame_host = node->current_frame_host();
On 2014/08/21 19:23:27, Charlie Reis wrote:
> Should we be concerned if a process swap occurs in one of these frames and the
> current_frame_host is different than when we started?  (I'm not sure how
> asynchronous this traversal is, or if it all takes place on one pass through
the
> event loop.)
> 
> It might be fine (e.g., we just get the BAM for the most recent frame), but I
> want to be sure that doesn't break any assumptions.

We're using this safely; when BrowserAccessibilityManager calls any function on
BrowserAccessibilityDelegate, it basically only assumes that return value is
valid within that call stack, it never caches it.

I should probably formalize that contract. I'll add a comment to
BrowserAccessibilityDelegate now.

https://codereview.chromium.org/268543008/diff/20001/content/browser/frame_ho...
content/browser/frame_host/render_frame_host_impl.cc:970: // to notify out
BrowserAccessibilityManager of the frame tree node id of
On 2014/08/21 19:23:27, Charlie Reis wrote:
> nit: out -> our?

Done.

https://codereview.chromium.org/268543008/diff/20001/content/browser/frame_ho...
content/browser/frame_host/render_frame_host_impl.cc:972: std::map<int32,
int>::const_iterator iter;
On 2014/08/21 19:23:27, Charlie Reis wrote:
> Can we add a comment about this map being from node IDs to frame routing IDs,
> and whether it's purely RenderFrame IDs in the current process or also has
> RenderFrameProxy IDs?

Done. I think it should allow RenderFrameProxy IDs.

https://codereview.chromium.org/268543008/diff/20001/content/browser/frame_ho...
content/browser/frame_host/render_frame_host_impl.cc:982: GetProcess()->GetID(),
frame_routing_id);
On 2014/08/21 19:23:27, Charlie Reis wrote:
> How does this work for iframes that are already out of process?  Wouldn't they
> have RenderFrameProxies in the renderer process, such that the routing ID
would
> be a proxy and this would return NULL?
> 
> (I'm assuming that we're looping over a set of nodeID -> frameRoutingID pairs
> from a given renderer process, and I'm wondering what happens when that
process
> has RenderFrameProxies.)

Agreed, this should handle RenderFrameProxyHosts too. Done.

https://codereview.chromium.org/268543008/diff/20001/content/browser/frame_ho...
File content/browser/frame_host/render_frame_host_impl.h (right):

https://codereview.chromium.org/268543008/diff/20001/content/browser/frame_ho...
content/browser/frame_host/render_frame_host_impl.h:109: int64 frame_id)
OVERRIDE;
On 2014/08/21 19:23:27, Charlie Reis wrote:
> Should this be |frame_tree_node_id|?

Done.

https://codereview.chromium.org/268543008/diff/20001/content/common/accessibi...
File content/common/accessibility_messages.h (right):

https://codereview.chromium.org/268543008/diff/20001/content/common/accessibi...
content/common/accessibility_messages.h:60: // Mapping from node id to frame
routing id for an out-of-process iframe.
On 2014/08/21 19:23:27, Charlie Reis wrote:
> Are these frame routing IDs from RenderFrames or RenderFrameProxies?  (I would
> expect the latter for OOPIFs, since we won't have RenderFrames for them.)

Clarified.

I think it's useful to have both - you never know when a RenderFrame is going to
suddenly go out-of-process, and if we've already looked up the frame tree node
id on the browser side, we can work with it right away rather than waiting until
we get the notification of the RenderFrameProxy routing id.

https://codereview.chromium.org/268543008/diff/20001/content/renderer/accessi...
File content/renderer/accessibility/blink_ax_tree_source.cc (right):

https://codereview.chromium.org/268543008/diff/20001/content/renderer/accessi...
content/renderer/accessibility/blink_ax_tree_source.cc:462: RenderFrameImpl*
render_frame = RenderFrameImpl::FromWebFrame(frame);
On 2014/08/21 19:23:27, Charlie Reis wrote:
> Seems like this would return NULL if frame were a WebRemoteFrame.

Agreed. The test was passing only because we were converting the routing_id to a
frame_tree_node_id before the cross-site transition - once we have the
frame_tree_node_id we can follow the frame wherever it goes. We should handle
both cases here, though.

https://codereview.chromium.org/268543008/diff/20001/content/renderer/accessi...
File content/renderer/accessibility/blink_ax_tree_source.h (right):

https://codereview.chromium.org/268543008/diff/20001/content/renderer/accessi...
content/renderer/accessibility/blink_ax_tree_source.h:51: std::map<int32, int>*
frame_routing_ids_;
On 2014/08/21 19:23:27, Charlie Reis wrote:
> frame_routing_ids_ sounds like a list, without indicating that it's a map. 
> Maybe something like node_to_frame_map_?

Done.

Charlie Reis

This is looking much better! A few nits and comments below, but I think this ...

6 years, 4 months ago (2014-08-25 20:58:44 UTC) #35

nasko

Adding RenderFrameProxyHost::FromID is expected, we just didn't need it before, so totally fine with me. ...

6 years, 4 months ago (2014-08-25 21:23:30 UTC) #36

dmazzoni

Ready for another look. As soon as blink 180911 gets rolled I'll start a try ...

6 years, 3 months ago (2014-08-26 23:31:03 UTC) #37

Charlie Reis

Cool, thanks. I put in a little more thought about the places where we are ...

6 years, 3 months ago (2014-08-27 17:28:35 UTC) #38

Cool, thanks.

I put in a little more thought about the places where we are traversing or
searching the frame tree, since these are likely going to be used by many
features.  I made some suggestions below, but let me know if those prove to be
problematic.

Otherwise, I think we're about set.  Thanks for your work on this!

https://codereview.chromium.org/268543008/diff/40001/content/browser/frame_ho...
File content/browser/frame_host/render_frame_proxy_host.cc (right):

https://codereview.chromium.org/268543008/diff/40001/content/browser/frame_ho...
content/browser/frame_host/render_frame_proxy_host.cc:39:
g_routing_id_frame_proxy_map.Get().insert(std::make_pair(
On 2014/08/26 23:31:03, dmazzoni wrote:
> On 2014/08/25 21:23:29, nasko wrote:
> > nit: I like checking the return value of insert, just to make sure we don't
> have
> > any bugs creep up on us.
> 
> Is this what you had in mind?
> 
>   DCHECK(g_routing_id_frame_proxy_map.Get().insert(
>       std::make_pair(
>           RenderFrameProxyHostID(GetProcess()->GetID(), routing_id_),
>           this)).second);
> 

You'll need to store the return value and DCHECK(result.second), since the
bodies of DCHECKs get compiled out.  For example:
https://code.google.com/p/chromium/codesearch#chromium/src/content/browser/fr...

https://codereview.chromium.org/268543008/diff/80001/content/browser/accessib...
File content/browser/accessibility/browser_accessibility_manager.cc (right):

https://codereview.chromium.org/268543008/diff/80001/content/browser/accessib...
content/browser/accessibility/browser_accessibility_manager.cc:393: static
BrowserAccessibility* FindParentOfNode(
If this is a nonmember function, it should probably be at the top in an unnamed
namespace and doesn't need static, right?

https://codereview.chromium.org/268543008/diff/80001/content/browser/frame_ho...
File content/browser/frame_host/render_frame_host_impl.cc (right):

https://codereview.chromium.org/268543008/diff/80001/content/browser/frame_ho...
content/browser/frame_host/render_frame_host_impl.cc:470: FrameTreeNode* node =
frame_tree->FindByID(frame_tree_node_id);
This will probably do for now, but it would be nice to think about whether
there's a more elegant way to walk the FrameTree in parallel with the
accessibility tree.

At the moment, we're linearly searching the FrameTree every time we encounter an
OOPIF in the accessibility tree, making it O(n^2), where n is the number of
OOPIFs in the FrameTree.  (It's not O(n log n) because it's not a binary
search.)  We should be able to walk the two trees in parallel visiting each node
once, in O(n) time.

I'm not terribly concerned about this, given that n (and even the size of the
FrameTree including same-site frames) is likely to be very small.  Still, we
should come up with a better pattern for similar features to follow.

At the very least, I just noticed that we already have
FrameTree::GloballyFindByID with a global hash_map of frames.  That would give
us an O(1) lookup without even needing to go through this RFH's FrameTree.

https://codereview.chromium.org/268543008/diff/80001/content/browser/frame_ho...
content/browser/frame_host/render_frame_host_impl.cc:994: RenderFrameHostImpl*
child = RenderFrameHostImpl::FromID(
Here's another block that FrameTree should be providing: a way to look up a
FrameTreeNode given a process ID and routing ID, whether it's a RenderFrameHost
or a RenderFrameProxyHost.

In fact, we're already most of the way there.  FrameTree::FindByRoutingID has a
TODO to search the "swapped out RFHs" as well, which today means searching the
RenderFrameProxyHosts.  Can we update and use that, since we expect future
callers to need it as well?

(We can probably make that efficient using the two RFH/RFPH FromID methods and
then double-checking that the result actually belongs to the FrameTree in
question.)

https://codereview.chromium.org/268543008/diff/80001/content/browser/frame_ho...
File content/browser/frame_host/render_frame_proxy_host.cc (right):

https://codereview.chromium.org/268543008/diff/80001/content/browser/frame_ho...
content/browser/frame_host/render_frame_proxy_host.cc:49:
DCHECK(g_routing_id_frame_proxy_map.Get().insert(
This will get compiled out in release builds.

dmazzoni

https://codereview.chromium.org/268543008/diff/80001/content/browser/accessibility/browser_accessibility_manager.cc File content/browser/accessibility/browser_accessibility_manager.cc (right): https://codereview.chromium.org/268543008/diff/80001/content/browser/accessibility/browser_accessibility_manager.cc#newcode393 content/browser/accessibility/browser_accessibility_manager.cc:393: static BrowserAccessibility* FindParentOfNode( On 2014/08/27 17:28:34, Charlie Reis wrote: ...

6 years, 3 months ago (2014-08-28 05:40:14 UTC) #39

https://codereview.chromium.org/268543008/diff/80001/content/browser/accessib...
File content/browser/accessibility/browser_accessibility_manager.cc (right):

https://codereview.chromium.org/268543008/diff/80001/content/browser/accessib...
content/browser/accessibility/browser_accessibility_manager.cc:393: static
BrowserAccessibility* FindParentOfNode(
On 2014/08/27 17:28:34, Charlie Reis wrote:
> If this is a nonmember function, it should probably be at the top in an
unnamed
> namespace and doesn't need static, right?

Done.

https://codereview.chromium.org/268543008/diff/80001/content/browser/frame_ho...
File content/browser/frame_host/render_frame_host_impl.cc (right):

https://codereview.chromium.org/268543008/diff/80001/content/browser/frame_ho...
content/browser/frame_host/render_frame_host_impl.cc:470: FrameTreeNode* node =
frame_tree->FindByID(frame_tree_node_id);
On 2014/08/27 17:28:34, Charlie Reis wrote:
> This will probably do for now, but it would be nice to think about whether
> there's a more elegant way to walk the FrameTree in parallel with the
> accessibility tree.
> 
> At the moment, we're linearly searching the FrameTree every time we encounter
an
> OOPIF in the accessibility tree, making it O(n^2), where n is the number of
> OOPIFs in the FrameTree.  (It's not O(n log n) because it's not a binary
> search.)  We should be able to walk the two trees in parallel visiting each
node
> once, in O(n) time.

Oh, I never would have guessed that it wasn't storing that in a hash map. Is
there any reason not to just maintain a hash map from frame tree node id to
frame tree node, local to each frame tree?

> I'm not terribly concerned about this, given that n (and even the size of the
> FrameTree including same-site frames) is likely to be very small.  Still, we
> should come up with a better pattern for similar features to follow.
> 
> At the very least, I just noticed that we already have
> FrameTree::GloballyFindByID with a global hash_map of frames.  That would give
> us an O(1) lookup without even needing to go through this RFH's FrameTree.

Good thought.

I switched to using GloballyFindByID followed by a check that we got a node in
the same frame tree. That look better?

https://codereview.chromium.org/268543008/diff/80001/content/browser/frame_ho...
content/browser/frame_host/render_frame_host_impl.cc:994: RenderFrameHostImpl*
child = RenderFrameHostImpl::FromID(
On 2014/08/27 17:28:35, Charlie Reis wrote:
> Here's another block that FrameTree should be providing: a way to look up a
> FrameTreeNode given a process ID and routing ID, whether it's a
RenderFrameHost
> or a RenderFrameProxyHost.
> 
> In fact, we're already most of the way there.  FrameTree::FindByRoutingID has
a
> TODO to search the "swapped out RFHs" as well, which today means searching the
> RenderFrameProxyHosts.  Can we update and use that, since we expect future
> callers to need it as well?
> 
> (We can probably make that efficient using the two RFH/RFPH FromID methods and
> then double-checking that the result actually belongs to the FrameTree in
> question.)

Good idea! Is this what you had in mind?

https://codereview.chromium.org/268543008/diff/80001/content/browser/frame_ho...
File content/browser/frame_host/render_frame_proxy_host.cc (right):

https://codereview.chromium.org/268543008/diff/80001/content/browser/frame_ho...
content/browser/frame_host/render_frame_proxy_host.cc:49:
DCHECK(g_routing_id_frame_proxy_map.Get().insert(
On 2014/08/27 17:28:35, Charlie Reis wrote:
> This will get compiled out in release builds.

Ha! Good catch.

Think it should be a CHECK, or should I save the result and DCHECK it (ugly)?

Charlie Reis

Fantastic. LGTM with the comments below! https://codereview.chromium.org/268543008/diff/80001/content/browser/frame_host/render_frame_host_impl.cc File content/browser/frame_host/render_frame_host_impl.cc (right): https://codereview.chromium.org/268543008/diff/80001/content/browser/frame_host/render_frame_host_impl.cc#newcode470 content/browser/frame_host/render_frame_host_impl.cc:470: FrameTreeNode* node = ...

6 years, 3 months ago (2014-08-28 18:18:52 UTC) #40

Fantastic.  LGTM with the comments below!

https://codereview.chromium.org/268543008/diff/80001/content/browser/frame_ho...
File content/browser/frame_host/render_frame_host_impl.cc (right):

https://codereview.chromium.org/268543008/diff/80001/content/browser/frame_ho...
content/browser/frame_host/render_frame_host_impl.cc:470: FrameTreeNode* node =
frame_tree->FindByID(frame_tree_node_id);
On 2014/08/28 05:40:14, dmazzoni wrote:
> On 2014/08/27 17:28:34, Charlie Reis wrote:
> > This will probably do for now, but it would be nice to think about whether
> > there's a more elegant way to walk the FrameTree in parallel with the
> > accessibility tree.
> > 
> > At the moment, we're linearly searching the FrameTree every time we
encounter
> an
> > OOPIF in the accessibility tree, making it O(n^2), where n is the number of
> > OOPIFs in the FrameTree.  (It's not O(n log n) because it's not a binary
> > search.)  We should be able to walk the two trees in parallel visiting each
> node
> > once, in O(n) time.
> 
> Oh, I never would have guessed that it wasn't storing that in a hash map. Is
> there any reason not to just maintain a hash map from frame tree node id to
> frame tree node, local to each frame tree?

We were adding tree accessors as they were needed, and the use cases were mainly
traversals where the map wouldn't help much.  A more recent use case needed the
global lookup.

Now that we have the global map, we could probably change FrameTree::FindByID to
use it (returning null if the result is from a different tree).  No need to do
that in this CL unless you're feeling particularly proactive.

> 
> > I'm not terribly concerned about this, given that n (and even the size of
the
> > FrameTree including same-site frames) is likely to be very small.  Still, we
> > should come up with a better pattern for similar features to follow.
> > 
> > At the very least, I just noticed that we already have
> > FrameTree::GloballyFindByID with a global hash_map of frames.  That would
give
> > us an O(1) lookup without even needing to go through this RFH's FrameTree.
> 
> Good thought.
> 
> I switched to using GloballyFindByID followed by a check that we got a node in
> the same frame tree. That look better?

Yes, that's great.  The CHECK is fine if we never expect to pass in a value from
a different tree, but if an exploited renderer could confuse us, then we should
probably just return null.

https://codereview.chromium.org/268543008/diff/80001/content/browser/frame_ho...
content/browser/frame_host/render_frame_host_impl.cc:994: RenderFrameHostImpl*
child = RenderFrameHostImpl::FromID(
On 2014/08/28 05:40:14, dmazzoni wrote:
> On 2014/08/27 17:28:35, Charlie Reis wrote:
> > Here's another block that FrameTree should be providing: a way to look up a
> > FrameTreeNode given a process ID and routing ID, whether it's a
> RenderFrameHost
> > or a RenderFrameProxyHost.
> > 
> > In fact, we're already most of the way there.  FrameTree::FindByRoutingID
has
> a
> > TODO to search the "swapped out RFHs" as well, which today means searching
the
> > RenderFrameProxyHosts.  Can we update and use that, since we expect future
> > callers to need it as well?
> > 
> > (We can probably make that efficient using the two RFH/RFPH FromID methods
and
> > then double-checking that the result actually belongs to the FrameTree in
> > question.)
> 
> Good idea! Is this what you had in mind?

Perfect!

https://codereview.chromium.org/268543008/diff/80001/content/browser/frame_ho...
File content/browser/frame_host/render_frame_proxy_host.cc (right):

https://codereview.chromium.org/268543008/diff/80001/content/browser/frame_ho...
content/browser/frame_host/render_frame_proxy_host.cc:49:
DCHECK(g_routing_id_frame_proxy_map.Get().insert(
On 2014/08/28 05:40:14, dmazzoni wrote:
> On 2014/08/27 17:28:35, Charlie Reis wrote:
> > This will get compiled out in release builds.
> 
> Ha! Good catch.
> 
> Think it should be a CHECK, or should I save the result and DCHECK it (ugly)?

A CHECK is fine here.  We have a similar CHECK in RFHM::SwapOutOldPage where we
use a saved result, but we could skip the saved result there.

https://codereview.chromium.org/268543008/diff/100001/content/browser/frame_h...
File content/browser/frame_host/frame_tree.cc (right):

https://codereview.chromium.org/268543008/diff/100001/content/browser/frame_h...
content/browser/frame_host/frame_tree.cc:114: CHECK_EQ(this,
result->frame_tree());
Thinking this over, we may want to return NULL in this case instead of crashing,
since I think an exploited renderer process could send us a routing ID for the
wrong tab to cause the browser to crash.  Same below.

https://codereview.chromium.org/268543008/diff/140001/content/browser/frame_h...
File content/browser/frame_host/render_frame_proxy_host.cc (right):

https://codereview.chromium.org/268543008/diff/140001/content/browser/frame_h...
content/browser/frame_host/render_frame_proxy_host.cc:24: // The (process id,
routing id) pair that identifies one RenderFrame.
nit: RenderFrame -> RenderFrameProxy

dmazzoni

https://codereview.chromium.org/268543008/diff/100001/content/browser/frame_host/frame_tree.cc File content/browser/frame_host/frame_tree.cc (right): https://codereview.chromium.org/268543008/diff/100001/content/browser/frame_host/frame_tree.cc#newcode114 content/browser/frame_host/frame_tree.cc:114: CHECK_EQ(this, result->frame_tree()); On 2014/08/28 18:18:52, Charlie Reis (OOO until ...

6 years, 3 months ago (2014-09-05 06:16:21 UTC) #41

dmazzoni

https://codereview.chromium.org/268543008/diff/140001/content/browser/frame_host/render_frame_proxy_host.cc File content/browser/frame_host/render_frame_proxy_host.cc (right): https://codereview.chromium.org/268543008/diff/140001/content/browser/frame_host/render_frame_proxy_host.cc#newcode24 content/browser/frame_host/render_frame_proxy_host.cc:24: // The (process id, routing id) pair that identifies ...

6 years, 3 months ago (2014-09-05 06:18:19 UTC) #42

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/dmazzoni@chromium.org/268543008/320001

6 years, 3 months ago (2014-09-05 13:30:48 UTC) #44

commit-bot: I haz the power

Try jobs failed on following builders: chromium_presubmit on tryserver.chromium.linux (http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presubmit/builds/8985)

6 years, 3 months ago (2014-09-05 13:47:50 UTC) #46

nasko

LGTM with one nit https://codereview.chromium.org/268543008/diff/320001/content/browser/frame_host/render_frame_host_impl.cc File content/browser/frame_host/render_frame_host_impl.cc (right): https://codereview.chromium.org/268543008/diff/320001/content/browser/frame_host/render_frame_host_impl.cc#newcode1011 content/browser/frame_host/render_frame_host_impl.cc:1011: for (unsigned int i = ...

6 years, 3 months ago (2014-09-05 16:29:02 UTC) #47

dmazzoni

Argh, the underlying site-per-process stuff seems to be broken on trunk, but the test that ...

6 years, 3 months ago (2014-09-05 19:22:31 UTC) #48

nasko

I've landed https://codereview.chromium.org/543273002/, which should restore sanity to CrossSiteIframe test and yours (though I haven't ...

6 years, 3 months ago (2014-09-08 14:18:53 UTC) #49

dmazzoni

Thanks! Trying again now... On Mon, Sep 8, 2014 at 7:18 AM, Nasko Oskov <nasko@chromium.org> ...

6 years, 3 months ago (2014-09-08 15:08:21 UTC) #50

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/dmazzoni@chromium.org/268543008/340001

6 years, 3 months ago (2014-09-08 15:14:29 UTC) #52

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/dmazzoni@chromium.org/268543008/360001

6 years, 3 months ago (2014-09-09 22:06:10 UTC) #55

commit-bot: I haz the power

Exceeded time limit waiting for builds to trigger.

6 years, 3 months ago (2014-09-10 00:09:08 UTC) #57

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/dmazzoni@chromium.org/268543008/360001

6 years, 3 months ago (2014-09-10 05:36:36 UTC) #59

commit-bot: I haz the power

Committed patchset #19 (id:360001) as 5a9cdbdffd9e534f0945d0b160b6dfee4cdee4d2

6 years, 3 months ago (2014-09-10 06:11:01 UTC) #60

commit-bot: I haz the power

Patchset 19 (id:??) landed as https://crrev.com/387942c041da17ea6337bc0a81e96619e67e4ac4 Cr-Commit-Position: refs/heads/master@{#294118}

6 years, 3 months ago (2014-09-10 06:14:55 UTC) #61

dconnelly

A revert of this CL (patchset #19 id:360001) has been created in https://codereview.chromium.org/558943002/ by dconnelly@chromium.org. ...

6 years, 3 months ago (2014-09-10 07:42:43 UTC) #62

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/dmazzoni@chromium.org/268543008/400001

6 years, 3 months ago (2014-09-10 16:26:57 UTC) #64

commit-bot: I haz the power

Try jobs failed on following builders: linux_gpu on tryserver.chromium.gpu (http://build.chromium.org/p/tryserver.chromium.gpu/builders/linux_gpu/builds/65068) mac_gpu on tryserver.chromium.gpu (http://build.chromium.org/p/tryserver.chromium.gpu/builders/mac_gpu/builds/54089) win_gpu ...

6 years, 3 months ago (2014-09-10 16:37:36 UTC) #66

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/dmazzoni@chromium.org/268543008/420001

6 years, 3 months ago (2014-09-10 16:43:57 UTC) #68

commit-bot: I haz the power

Committed patchset #22 (id:420001) as a5434786bd3063082ce16e67ef3f1e9ce71cab19

6 years, 3 months ago (2014-09-10 19:48:41 UTC) #69

commit-bot: I haz the power

6 years, 3 months ago (2014-09-10 19:53:39 UTC) #70

Message was sent while issue was closed.

Patchset 22 (id:??) landed as
https://crrev.com/0b5d2481a5dc4f3a1ed812b174a4da8dde1b64c2
Cr-Commit-Position: refs/heads/master@{#294210}

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages