Chromium Code Reviews Chromium Code Reviews
Issue 2713623002:
v8binding: Makes ToV8(window) work without a frame. (Closed)
| Index: third_party/WebKit/Source/core/frame/DOMWindow.h |
| diff --git a/third_party/WebKit/Source/core/frame/DOMWindow.h b/third_party/WebKit/Source/core/frame/DOMWindow.h |
| index 8099170901faa6df18ec4a66e4db9290d6d6c181..ec56e4224e8791e42442675a40b2848efa3fccff 100644 |
| --- a/third_party/WebKit/Source/core/frame/DOMWindow.h |
| +++ b/third_party/WebKit/Source/core/frame/DOMWindow.h |
| @@ -18,10 +18,11 @@ namespace blink { |
| class Document; |
| class InputDeviceCapabilitiesConstants; |
| -class Location; |
| class LocalDOMWindow; |
| +class Location; |
| class MessageEvent; |
| class SerializedScriptValue; |
| +class WindowProxyManager; |
| class CORE_EXPORT DOMWindow : public EventTargetWithInlineData, |
| public DOMWindowBase64 { |
| @@ -108,6 +109,8 @@ class CORE_EXPORT DOMWindow : public EventTargetWithInlineData, |
| bool isSecureContext() const; |
| + v8::Local<v8::Object> globalProxy(DOMWrapperWorld&); |
| + |
| InputDeviceCapabilitiesConstants* getInputDeviceCapabilities(); |
| protected: |
| @@ -121,6 +124,34 @@ class CORE_EXPORT DOMWindow : public EventTargetWithInlineData, |
| private: |
| Member<Frame> m_frame; |
| + // Unlike |m_frame|, |m_windowProxyManager| is available even after the |
| + // window's frame gets detached from the DOM, until the end of the lifetime |
| + // of this object. |
|
haraken
2017/04/06 17:25:27
I don't fully understand why DOMWindow needs to ho
dcheng
2017/04/07 06:23:12
Right now it does, but maybe it shouldn't. Accordi
Yuki
2017/04/07 08:40:19
My understanding is that we agreed that we need to
|
| + // |
| + // Note that |m_windowProxyManager| is always available despite of WeakMember |
| + // because this window object is unreachable when |m_windowProxyManager| gets |
| + // collected. |
| + // - |m_windowProxyManager| is unreachable. |
| + // - All WindowProxies in |m_windowProxyManager| are unreachable. |
| + // - One of the WindowProxies is the WindowProxy for this window object, and |
| + // it's unreachable. |
| + // - So, this window object is unreachable, too. |
| + // Thus, if this window object is reachable, |m_windowProxyManager| is still |
| + // available. |
|
dcheng
2017/04/07 18:48:48
Thinking about this more, I wonder if this is guar
Yuki
2017/04/10 09:43:32
You're right. Let me change the approach overall.
|
| + // |
| + // The reason why we cannot make |m_windowProxyManager| non-weak Member is |
| + // because WindowProxy has |m_globalProxy| as a ScopedPersistent. We need |
|
haraken
2017/04/06 17:25:27
Can we break the cycle by replacing the ScopedPers
Yuki
2017/04/07 08:40:19
I don't fully understand this point and I'm nore s
haraken
2017/04/07 10:08:58
Ah, makes sense.
However, I don't fully understan
Yuki
2017/04/07 10:30:44
We have another case: iframe is detacehd from the
|
| + // the following steps in order to collect the window object. |
| + // 1. Blink GC collects |m_windowProxyManager| and its WindowProxies. |
| + // 2. WindowProxy's |m_globalProxy| (v8::Persistent) is destroyed. |
| + // Note that |m_globalProxy| had a strong reference to the global proxy. |
| + // 3. V8 GC collects the global proxy, global object, and context. |
| + // Note that the global proxy and global object had strong references to |
| + // this DOMWindow object. |
| + // 4. Blink GC collects this window object. |
| + // Non-weak Member makes a cycle between Blink GC and V8 GC and currently |
| + // the two GC systems cannot detect it as collectable. |
| + const WeakMember<WindowProxyManager> m_windowProxyManager; |
| Member<InputDeviceCapabilitiesConstants> m_inputCapabilities; |
| mutable Member<Location> m_location; |
