Revert of Move beforeunload hang timer duties to its own timer.

content/browser/frame_host/render_frame_host_impl.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/frame_host/render_frame_host_impl.h"
 
 #include <algorithm>
 #include <utility>
 
 #include "base/bind.h"
@@ skipping 358 matching lines @@
       enabled_bindings_ = parent_->GetEnabledBindings();
 
     // New child frames should inherit the nav_entry_id of their parent.
     set_nav_entry_id(
         frame_tree_node_->parent()->current_frame_host()->nav_entry_id());
   }
 
   SetUpMojoIfNeeded();
   swapout_event_monitor_timeout_.reset(new TimeoutMonitor(base::Bind(
       &RenderFrameHostImpl::OnSwappedOut, weak_ptr_factory_.GetWeakPtr())));
-  beforeunload_timeout_.reset(
-      new TimeoutMonitor(base::Bind(&RenderFrameHostImpl::BeforeUnloadTimeout,
-                                    weak_ptr_factory_.GetWeakPtr())));
 
   if (widget_routing_id != MSG_ROUTING_NONE) {
     // TODO(avi): Once RenderViewHostImpl has-a RenderWidgetHostImpl, the main
     // render frame should probably start owning the RenderWidgetHostImpl,
     // so this logic checking for an already existing RWHI should be removed.
     // https://crbug.com/545684
     render_widget_host_ =
         RenderWidgetHostImpl::FromID(GetProcess()->GetID(), widget_routing_id);
     if (!render_widget_host_) {
       DCHECK(frame_tree_node->parent());
@@ skipping 1085 matching lines @@
         (receive_before_unload_ack_time - send_before_unload_start_time_) -
         (renderer_before_unload_end_time - renderer_before_unload_start_time);
     UMA_HISTOGRAM_TIMES("Navigation.OnBeforeUnloadOverheadTime",
                         on_before_unload_overhead_time);
 
     frame_tree_node_->navigator()->LogBeforeUnloadTime(
         renderer_before_unload_start_time, renderer_before_unload_end_time);
   }
   // Resets beforeunload waiting state.
   is_waiting_for_beforeunload_ack_ = false;
-  beforeunload_timeout_->Stop();
+  render_view_host_->GetWidget()->decrement_in_flight_event_count();
+  render_view_host_->GetWidget()->StopHangMonitorTimeout();
   send_before_unload_start_time_ = base::TimeTicks();
 
   // PlzNavigate: if the ACK is for a navigation, send it to the Navigator to
   // have the current navigation stop/proceed. Otherwise, send it to the
   // RenderFrameHostManager which handles closing.
   if (IsBrowserSideNavigationEnabled() && unload_ack_is_for_navigation_) {
     // TODO(clamy): see if before_unload_end_time should be transmitted to the
     // Navigator.
     frame_tree_node_->navigator()->OnBeforeUnloadACK(
         frame_tree_node_, proceed);
@@ skipping 201 matching lines @@
 }
 
 void RenderFrameHostImpl::OnRunBeforeUnloadConfirm(
     const GURL& frame_url,
     bool is_reload,
     IPC::Message* reply_msg) {
   // While a JS beforeunload dialog is showing, tabs in the same process
   // shouldn't process input events.
   GetProcess()->SetIgnoreInputEvents(true);
   render_view_host_->GetWidget()->StopHangMonitorTimeout();
-
-  // The beforeunload dialog for this frame may have been triggered by a
-  // browser-side request to this frame or a frame up in the frame hierarchy.
-  // Stop any timers that are waiting.
-  for (RenderFrameHostImpl* frame = this; frame; frame = frame->GetParent())
-    frame->beforeunload_timeout_->Stop();
-
   delegate_->RunBeforeUnloadConfirm(this, is_reload, reply_msg);
 }
 
 void RenderFrameHostImpl::OnRunFileChooser(const FileChooserParams& params) {
   // Do not allow messages with absolute paths in them as this can permit a
   // renderer to coerce the browser to perform I/O on a renderer controlled
   // path.
   if (params.default_file_name != params.default_file_name.BaseName()) {
     bad_message::ReceivedBadMessage(GetProcess(),
                                     bad_message::RFH_FILE_CHOOSER_PATH);
@@ skipping 696 matching lines @@
 }
 
 void RenderFrameHostImpl::ResetWaitingState() {
   DCHECK(is_active());
 
   // Whenever we reset the RFH state, we should not be waiting for beforeunload
   // or close acks.  We clear them here to be safe, since they can cause
   // navigations to be ignored in OnDidCommitProvisionalLoad.
   if (is_waiting_for_beforeunload_ack_) {
     is_waiting_for_beforeunload_ack_ = false;
-    beforeunload_timeout_->Stop();
+    render_view_host_->GetWidget()->decrement_in_flight_event_count();
+    render_view_host_->GetWidget()->StopHangMonitorTimeout();
   }
   send_before_unload_start_time_ = base::TimeTicks();
   render_view_host_->is_waiting_for_close_ack_ = false;
 }
 
 bool RenderFrameHostImpl::CanCommitOrigin(
     const url::Origin& origin,
     const GURL& url) {
   // If the --disable-web-security flag is specified, all bets are off and the
   // renderer process can send any origin it wishes.
@@ skipping 125 matching lines @@
     // Start the hang monitor in case the renderer hangs in the beforeunload
     // handler.
     is_waiting_for_beforeunload_ack_ = true;
     unload_ack_is_for_navigation_ = for_navigation;
     if (render_view_host_->GetDelegate()->IsJavaScriptDialogShowing()) {
       // If there is a JavaScript dialog up, don't bother sending the renderer
       // the unload event because it is known unresponsive, waiting for the
       // reply from the dialog.
       SimulateBeforeUnloadAck();
     } else {
-      beforeunload_timeout_->Start(
-          TimeDelta::FromMilliseconds(RenderViewHostImpl::kUnloadTimeoutMS));
+      // Increment the in-flight event count, to ensure that input events won't
+      // cancel the timeout timer.
+      render_view_host_->GetWidget()->increment_in_flight_event_count();
+      render_view_host_->GetWidget()->StartHangMonitorTimeout(
+          TimeDelta::FromMilliseconds(RenderViewHostImpl::kUnloadTimeoutMS),
+          blink::WebInputEvent::Undefined);
       send_before_unload_start_time_ = base::TimeTicks::Now();
       Send(new FrameMsg_BeforeUnload(routing_id_, is_reload));
     }
   }
 }
 
 void RenderFrameHostImpl::SimulateBeforeUnloadAck() {
   DCHECK(is_waiting_for_beforeunload_ack_);
   base::TimeTicks approx_renderer_start_time = send_before_unload_start_time_;
   OnBeforeUnloadACK(true, approx_renderer_start_time, base::TimeTicks::Now());
@@ skipping 44 matching lines @@
 void RenderFrameHostImpl::DeleteSurroundingTextInCodePoints(int before,
                                                             int after) {
   Send(new InputMsg_DeleteSurroundingTextInCodePoints(routing_id_, before,
                                                       after));
 }
 
 void RenderFrameHostImpl::JavaScriptDialogClosed(
     IPC::Message* reply_msg,
     bool success,
     const base::string16& user_input,
+    bool is_before_unload_dialog,
     bool dialog_was_suppressed) {
   GetProcess()->SetIgnoreInputEvents(false);
 
+  // If we are executing as part of beforeunload event handling, we don't
+  // want to use the regular hung_renderer_delay_ms_ if the user has agreed to
+  // leave the current page. In this case, use the regular timeout value used
+  // during the beforeunload handling.
+  if (is_before_unload_dialog) {
+    render_view_host_->GetWidget()->StartHangMonitorTimeout(
+        success
+            ? TimeDelta::FromMilliseconds(RenderViewHostImpl::kUnloadTimeoutMS)
+            : render_view_host_->GetWidget()->hung_renderer_delay(),
+        blink::WebInputEvent::Undefined);
+  }
+
   SendJavaScriptDialogReply(reply_msg, success, user_input);
 
-  // If executing as part of beforeunload event handling, there may have been
-  // timers stopped in this frame or a frame up in the frame hierarchy. Restart
-  // any timers that were stopped in OnRunBeforeUnloadConfirm().
-  for (RenderFrameHostImpl* frame = this; frame; frame = frame->GetParent()) {
-    if (frame->is_waiting_for_beforeunload_ack_) {
-      // If we are waiting for a beforeunload ack and the user has suppressed
-      // messages, kill the tab immediately. A page that's spamming is
-      // presumably malicious, so there's no point in continuing to run its
-      // script and dragging out the process.
-      if (dialog_was_suppressed) {
-        frame->SimulateBeforeUnloadAck();
-      } else {
-        frame->beforeunload_timeout_->Start(
-            TimeDelta::FromMilliseconds(RenderViewHostImpl::kUnloadTimeoutMS));
-      }
-    }
+  // If we are waiting for a beforeunload ack and the user has suppressed
+  // messages, kill the tab immediately; a page that's spamming alerts in
+  // onbeforeunload is presumably malicious, so there's no point in continuing
+  // to run its script and dragging out the process. This must be done after
+  // sending the reply since RenderView can't close correctly while waiting for
+  // a response.
+  if (is_before_unload_dialog && dialog_was_suppressed) {
+    render_view_host_->GetWidget()->delegate()->RendererUnresponsive(
+        render_view_host_->GetWidget());
   }
 }
 
 void RenderFrameHostImpl::SendJavaScriptDialogReply(
     IPC::Message* reply_msg,
     bool success,
     const base::string16& user_input) {
   FrameHostMsg_RunJavaScriptDialog::WriteReplyParams(reply_msg, success,
                                                      user_input);
   Send(reply_msg);
@@ skipping 806 matching lines @@
 
   // There is no pending NavigationEntry in these cases, so pass 0 as the
   // pending_nav_entry_id. If the previous handle was a prematurely aborted
   // navigation loaded via LoadDataWithBaseURL, propagate the entry id.
   return NavigationHandleImpl::Create(
       params.url, params.redirects, frame_tree_node_, is_renderer_initiated,
       params.was_within_same_page, base::TimeTicks::Now(),
       entry_id_for_data_nav, false);  // started_from_context_menu
 }
 
-void RenderFrameHostImpl::BeforeUnloadTimeout() {
-  if (render_view_host_->GetDelegate()->ShouldIgnoreUnresponsiveRenderer())
-    return;
-
-  SimulateBeforeUnloadAck();
-}
-
 #if defined(OS_ANDROID)
 base::android::ScopedJavaLocalRef<jobject>
 RenderFrameHostImpl::GetJavaRenderFrameHost() {
   RenderFrameHostAndroid* render_frame_host_android =
       static_cast<RenderFrameHostAndroid*>(
           GetUserData(kRenderFrameHostAndroidKey));
   if (!render_frame_host_android) {
     render_frame_host_android = new RenderFrameHostAndroid(this);
     SetUserData(kRenderFrameHostAndroidKey, render_frame_host_android);
   }
   return render_frame_host_android->GetJavaObject();
 }
 #endif
 
 }  // namespace content