Issue 378743002: Navigation transitions: Place transition page in same process as destination page.

Issue 378743002: Navigation transitions: Place transition page in same process as destination page. (Closed)

Created:
6 years, 5 months ago by shatch

Modified:
6 years, 4 months ago

Reviewers:
Charlie Reis, jam, David Trainor- moved to gerrit, nasko

CC:
chromium-reviews, darin-cc_chromium.org, nasko+codewatch_chromium.org, jam, creis+watch_chromium.org, miu+watch_chromium.org

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Navigation transitions: Place transition page in same process as destination page. Per creis' request, place the transition page in the same process as the destination page. This is done to avoid the overhead of potentially spawning an extra new renderer for the transition. The idea behind this was to put the transition page into the same render process as the incoming page. Approach so far was to instantiate a new WebContents in the embedder via a new function createNativeWebContentsWithSharedSiteInstance(source_content_view_core), passing the SiteInstance of the incoming page. The transition ContentViewCore can then be navigated to a blank page and the serialized markup is added to the page. Since the transition and incoming pages share the same SiteInstance, they will be placed in the same process. Design doc: https://docs.google.com/a/chromium.org/document/d/17jg1RRL3RI969cLwbKBIcoGDsPwqaEdBxafGNYGwiY4/edit# Implementation details: https://docs.google.com/a/chromium.org/document/d/1kREPtFJaeLoDKwrfmrYTD7DHCdxX1RzFBga2gNY8lyE/edit#heading=h.bng2kpmyvxq5 BUG=370696 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=287192

Patch Set 1 : #

Total comments: 4

Patch Set 2 : Changes from review. #

Patch Set 3 : Share SiteInstance with new ContentViewCore. #

Patch Set 4 : Added tests + refactor. #

Total comments: 6

Patch Set 5 : Changes from review. #

Patch Set 6 : Ran git cl format. #

Total comments: 4

Patch Set 7 : Changes from review. #

Patch Set 8 : Fix clang build. #

Created: 6 years, 4 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+96 lines, -12 lines)			Patch
M	chrome/android/java/src/org/chromium/chrome/browser/ContentViewUtil.java	View	1 2	3 chunks	+13 lines, -0 lines	0 comments	Download
M	chrome/browser/android/content_view_util.cc	View	1 2 3 4 5 6	2 chunks	+19 lines, -0 lines	0 comments	Download
M	content/browser/site_instance_impl.cc	View	1 2 3 4 5 6	2 chunks	+17 lines, -9 lines	0 comments	Download
M	content/browser/site_instance_impl_unittest.cc	View	1 2 3 4 5 6 7	2 chunks	+11 lines, -0 lines	0 comments	Download
M	content/browser/transition_browsertest.cc	View	1 2 3 4 5 6 7	3 chunks	+32 lines, -2 lines	0 comments	Download
M	content/public/browser/site_instance.h	View	1 2 3 4 5	1 chunk	+4 lines, -1 line	0 comments	Download

Messages

Total messages: 28 (0 generated)

Expand Messages | Collapse Messages

shatch

Do you mind taking a look at this since you 2 reviewed the changes to ...

6 years, 5 months ago (2014-07-08 21:10:36 UTC) #1

jam

I looked through this and didn't see any issues popping up, although Nasko is more ...

6 years, 5 months ago (2014-07-14 23:14:21 UTC) #2

shatch

Thanks for taking a look, I've updated the cl description as requested. Also added creis ...

6 years, 5 months ago (2014-07-21 17:47:11 UTC) #3

Charlie Reis

On 2014/07/21 17:47:11, shatch wrote: > Thanks for taking a look, I've updated the cl ...

6 years, 5 months ago (2014-07-22 21:14:17 UTC) #4

Charlie Reis

Thanks for looking to into the process sharing! Your implementation doc was especially helpful. As ...

6 years, 5 months ago (2014-07-23 17:32:48 UTC) #5

Thanks for looking to into the process sharing!  Your implementation doc was
especially helpful.  As we discussed, I think it would be nice for transition
pages to end up in the same process as the destination page, without affecting
our normal process model decision for the destination page.

I have some high level questions and concerns before getting into code review
comments, though, partly because I've been out on leave and missed the earlier
implementation stages.

1) What classes are you using to render the transition page?  Does it go into
its own WebContents, RenderViewHost, and/or RenderFrameHost?  And does this
happen after we've created the SiteInstance for the destination page?  Also, is
the transition page itself something like a data URL?

2) I'm concerned about using a URL as a lookup key for a process ID, because
it's not unique.  It would be easy to have two different tabs open to foo.com in
different processes (because they're in different BrowsingInstances), each of
which starts a transition navigation.  The two separate instances of the URL
would collide in the map.  (For more context, see
http://www.chromium.org/developers/design-documents/process-models.)

3) Adding new schemes tends to have risky security implications.  For example,
an attacker might try to navigate to a URL with the new transition scheme to get
it to load in an existing process, etc.  It would be best to avoid this if we
can, which we might be able to do when solving (2).

4) I think I read that this behavior was gated behind a flag, right?  It seems
like we should check for that flag when modifying things like
GetExistingProcessHost, since those changes can have security implications in
normal browsing.

Your answer to (1) might help me brainstorm some alternatives if we need them. 
For example, we might be able to put the transition page in the very same
SiteInstance as the destination page, without changing things like
GetExistingProcessHost.

shatch

On 2014/07/23 17:32:48, Charlie Reis wrote: > Thanks for looking to into the process sharing! ...

6 years, 5 months ago (2014-07-23 19:07:06 UTC) #6

On 2014/07/23 17:32:48, Charlie Reis wrote:
> Thanks for looking to into the process sharing!  Your implementation doc was
> especially helpful.  As we discussed, I think it would be nice for transition
> pages to end up in the same process as the destination page, without affecting
> our normal process model decision for the destination page.
> 
> I have some high level questions and concerns before getting into code review
> comments, though, partly because I've been out on leave and missed the earlier
> implementation stages.
> 

Welcome back :)

> 1) What classes are you using to render the transition page?  Does it go into
> its own WebContents, RenderViewHost, and/or RenderFrameHost?  And does this
> happen after we've created the SiteInstance for the destination page?  Also,
is
> the transition page itself something like a data URL?
> 

Right now the transition page gets its own ContentViewCore. I believe we've
created the SiteInstance for the destination page at this point. We create the
transition page's ContentViewCore when the TransitionPageHelper receives
didStartProvisionalLoad, although we don't actually navigate it until we reach
CrossSiteResourceHandler::OnResponseStarted.

The transition page itself is just a blank page that we load the serialized
markup into. The transition elements from the outgoing page are serialized and
the markup is sent to the TransitionPageHelper, which 

https://codereview.chromium.org/316053007/ loads the serialized markup.

> 2) I'm concerned about using a URL as a lookup key for a process ID, because
> it's not unique.  It would be easy to have two different tabs open to
http://foo.com in
> different processes (because they're in different BrowsingInstances), each of
> which starts a transition navigation.  The two separate instances of the URL
> would collide in the map.  (For more context, see
> http://www.chromium.org/developers/design-documents/process-models.)
> 

We don't actually use the URL as the lookup key. A new unique "transition url"
is generated per navigation transition, and passed down to the
TransitionPageHelper in the embedder. That unique url is passed back when we
call loadUrl as the virtual_url_for_transition, and the RFHM checks for that in
GetSiteInstanceForEntry.

Hopefully that means, in the situation you described, the 2 separate tabs
wouldn't collide in the map.

> 3) Adding new schemes tends to have risky security implications.  For example,
> an attacker might try to navigate to a URL with the new transition scheme to
get
> it to load in an existing process, etc.  It would be best to avoid this if we
> can, which we might be able to do when solving (2).
> 

That makes sense. Is it still as risky with the explanation to (2) above? I
guess that, during a transition, you could try to navigate directly to a
transition url? ie. transition://unique_url if you knew it or guessed it.

> 4) I think I read that this behavior was gated behind a flag, right?  It seems
> like we should check for that flag when modifying things like
> GetExistingProcessHost, since those changes can have security implications in
> normal browsing.
> 

Yep we gate it behind the experimental features flag in blink. I can add a check
for that.

> Your answer to (1) might help me brainstorm some alternatives if we need them.

> For example, we might be able to put the transition page in the very same
> SiteInstance as the destination page, without changing things like
> GetExistingProcessHost.

Charlie Reis

On 2014/07/23 19:07:06, shatch wrote: > On 2014/07/23 17:32:48, Charlie Reis wrote: > > Thanks ...

6 years, 5 months ago (2014-07-23 22:02:28 UTC) #7

On 2014/07/23 19:07:06, shatch wrote:
> On 2014/07/23 17:32:48, Charlie Reis wrote:
> > Thanks for looking to into the process sharing!  Your implementation doc was
> > especially helpful.  As we discussed, I think it would be nice for
transition
> > pages to end up in the same process as the destination page, without
affecting
> > our normal process model decision for the destination page.
> > 
> > I have some high level questions and concerns before getting into code
review
> > comments, though, partly because I've been out on leave and missed the
earlier
> > implementation stages.
> > 
> 
> Welcome back :)
> 
> > 1) What classes are you using to render the transition page?  Does it go
into
> > its own WebContents, RenderViewHost, and/or RenderFrameHost?  And does this
> > happen after we've created the SiteInstance for the destination page?  Also,
> is
> > the transition page itself something like a data URL?
> > 
> 
> Right now the transition page gets its own ContentViewCore.

Oh.  Isn't that an Android class?  Is this feature Android-only?

> I believe we've
> created the SiteInstance for the destination page at this point.

Is it possible to just use that SiteInstance for the new ContentViewCore?  It
shouldn't ever be a problem to load a blank page into the destination
SiteInstance, and that would save us from having to do any transition URLs /
maps / changes to GetExistingProcessHost.  We would automatically be in the same
process by being in the same SiteInstance.

> We create the
> transition page's ContentViewCore when the TransitionPageHelper receives
> didStartProvisionalLoad, although we don't actually navigate it until we reach
> CrossSiteResourceHandler::OnResponseStarted.
> 
> The transition page itself is just a blank page that we load the serialized
> markup into. The transition elements from the outgoing page are serialized and
> the markup is sent to the TransitionPageHelper, which 
> 
> https://codereview.chromium.org/316053007/ loads the serialized markup.
> 
> 
> > 2) I'm concerned about using a URL as a lookup key for a process ID, because
> > it's not unique.  It would be easy to have two different tabs open to
> http://foo.com in
> > different processes (because they're in different BrowsingInstances), each
of
> > which starts a transition navigation.  The two separate instances of the URL
> > would collide in the map.  (For more context, see
> > http://www.chromium.org/developers/design-documents/process-models.)
> > 
> 
> We don't actually use the URL as the lookup key. A new unique "transition url"
> is generated per navigation transition, and passed down to the
> TransitionPageHelper in the embedder. That unique url is passed back when we
> call loadUrl as the virtual_url_for_transition, and the RFHM checks for that
in
> GetSiteInstanceForEntry.
> 
> Hopefully that means, in the situation you described, the 2 separate tabs
> wouldn't collide in the map.
> 
> 
> > 3) Adding new schemes tends to have risky security implications.  For
example,
> > an attacker might try to navigate to a URL with the new transition scheme to
> get
> > it to load in an existing process, etc.  It would be best to avoid this if
we
> > can, which we might be able to do when solving (2).
> > 
> 
> That makes sense. Is it still as risky with the explanation to (2) above? I
> guess that, during a transition, you could try to navigate directly to a
> transition url? ie. transition://unique_url if you knew it or guessed it.
> 
> 
> > 4) I think I read that this behavior was gated behind a flag, right?  It
seems
> > like we should check for that flag when modifying things like
> > GetExistingProcessHost, since those changes can have security implications
in
> > normal browsing.
> > 
> 
> Yep we gate it behind the experimental features flag in blink. I can add a
check
> for that.
> 
> 
> > Your answer to (1) might help me brainstorm some alternatives if we need
them.
> 
> > For example, we might be able to put the transition page in the very same
> > SiteInstance as the destination page, without changing things like
> > GetExistingProcessHost.

shatch

On 2014/07/23 22:02:28, Charlie Reis wrote: > On 2014/07/23 19:07:06, shatch wrote: > > On ...

6 years, 5 months ago (2014-07-23 22:12:14 UTC) #8

On 2014/07/23 22:02:28, Charlie Reis wrote:
> On 2014/07/23 19:07:06, shatch wrote:
> > On 2014/07/23 17:32:48, Charlie Reis wrote:
> > > Thanks for looking to into the process sharing!  Your implementation doc
was
> > > especially helpful.  As we discussed, I think it would be nice for
> transition
> > > pages to end up in the same process as the destination page, without
> affecting
> > > our normal process model decision for the destination page.
> > > 
> > > I have some high level questions and concerns before getting into code
> review
> > > comments, though, partly because I've been out on leave and missed the
> earlier
> > > implementation stages.
> > > 
> > 
> > Welcome back :)
> > 
> > > 1) What classes are you using to render the transition page?  Does it go
> into
> > > its own WebContents, RenderViewHost, and/or RenderFrameHost?  And does
this
> > > happen after we've created the SiteInstance for the destination page? 
Also,
> > is
> > > the transition page itself something like a data URL?
> > > 
> > 
> > Right now the transition page gets its own ContentViewCore.
> 
> Oh.  Isn't that an Android class?  Is this feature Android-only?
> 

Yeah, at the moment it's android only.


> > I believe we've
> > created the SiteInstance for the destination page at this point.
> 
> Is it possible to just use that SiteInstance for the new ContentViewCore?  It
> shouldn't ever be a problem to load a blank page into the destination
> SiteInstance, and that would save us from having to do any transition URLs /
> maps / changes to GetExistingProcessHost.  We would automatically be in the
same
> process by being in the same SiteInstance.
> 

Ah I didn't know that, I'll give that a try and get back to you.


> > We create the
> > transition page's ContentViewCore when the TransitionPageHelper receives
> > didStartProvisionalLoad, although we don't actually navigate it until we
reach
> > CrossSiteResourceHandler::OnResponseStarted.
> > 
> > The transition page itself is just a blank page that we load the serialized
> > markup into. The transition elements from the outgoing page are serialized
and
> > the markup is sent to the TransitionPageHelper, which 
> > 
> > https://codereview.chromium.org/316053007/ loads the serialized markup.
> > 
> > 
> > > 2) I'm concerned about using a URL as a lookup key for a process ID,
because
> > > it's not unique.  It would be easy to have two different tabs open to
> > http://foo.com in
> > > different processes (because they're in different BrowsingInstances), each
> of
> > > which starts a transition navigation.  The two separate instances of the
URL
> > > would collide in the map.  (For more context, see
> > > http://www.chromium.org/developers/design-documents/process-models.)
> > > 
> > 
> > We don't actually use the URL as the lookup key. A new unique "transition
url"
> > is generated per navigation transition, and passed down to the
> > TransitionPageHelper in the embedder. That unique url is passed back when we
> > call loadUrl as the virtual_url_for_transition, and the RFHM checks for that
> in
> > GetSiteInstanceForEntry.
> > 
> > Hopefully that means, in the situation you described, the 2 separate tabs
> > wouldn't collide in the map.
> > 
> > 
> > > 3) Adding new schemes tends to have risky security implications.  For
> example,
> > > an attacker might try to navigate to a URL with the new transition scheme
to
> > get
> > > it to load in an existing process, etc.  It would be best to avoid this if
> we
> > > can, which we might be able to do when solving (2).
> > > 
> > 
> > That makes sense. Is it still as risky with the explanation to (2) above? I
> > guess that, during a transition, you could try to navigate directly to a
> > transition url? ie. transition://unique_url if you knew it or guessed it.
> > 
> > 
> > > 4) I think I read that this behavior was gated behind a flag, right?  It
> seems
> > > like we should check for that flag when modifying things like
> > > GetExistingProcessHost, since those changes can have security implications
> in
> > > normal browsing.
> > > 
> > 
> > Yep we gate it behind the experimental features flag in blink. I can add a
> check
> > for that.
> > 
> > 
> > > Your answer to (1) might help me brainstorm some alternatives if we need
> them.
> > 
> > > For example, we might be able to put the transition page in the very same
> > > SiteInstance as the destination page, without changing things like
> > > GetExistingProcessHost.

shatch

On 2014/07/23 22:12:14, shatch wrote: > On 2014/07/23 22:02:28, Charlie Reis wrote: > > On ...

6 years, 5 months ago (2014-07-24 18:39:11 UTC) #9

On 2014/07/23 22:12:14, shatch wrote:
> On 2014/07/23 22:02:28, Charlie Reis wrote:
> > On 2014/07/23 19:07:06, shatch wrote:
> > > On 2014/07/23 17:32:48, Charlie Reis wrote:
> > > > Thanks for looking to into the process sharing!  Your implementation doc
> was
> > > > especially helpful.  As we discussed, I think it would be nice for
> > transition
> > > > pages to end up in the same process as the destination page, without
> > affecting
> > > > our normal process model decision for the destination page.
> > > > 
> > > > I have some high level questions and concerns before getting into code
> > review
> > > > comments, though, partly because I've been out on leave and missed the
> > earlier
> > > > implementation stages.
> > > > 
> > > 
> > > Welcome back :)
> > > 
> > > > 1) What classes are you using to render the transition page?  Does it go
> > into
> > > > its own WebContents, RenderViewHost, and/or RenderFrameHost?  And does
> this
> > > > happen after we've created the SiteInstance for the destination page? 
> Also,
> > > is
> > > > the transition page itself something like a data URL?
> > > > 
> > > 
> > > Right now the transition page gets its own ContentViewCore.
> > 
> > Oh.  Isn't that an Android class?  Is this feature Android-only?
> > 
> 
> Yeah, at the moment it's android only.
> 
> 
> > > I believe we've
> > > created the SiteInstance for the destination page at this point.
> > 
> > Is it possible to just use that SiteInstance for the new ContentViewCore? 
It
> > shouldn't ever be a problem to load a blank page into the destination
> > SiteInstance, and that would save us from having to do any transition URLs /
> > maps / changes to GetExistingProcessHost.  We would automatically be in the
> same
> > process by being in the same SiteInstance.
> > 
> 
> Ah I didn't know that, I'll give that a try and get back to you.
> 

So I gave sharing the SiteInstance between the transition and incoming pages.
What I do is instantiate a new WebContents in the embedder with
createNativeWebContentsWithSharedSiteInstance(source_content_view_core), then
navigate that ContentViewCore to about:blank before adding the serialized
markup.

Once I navigate the new ContentViewCore, it passes through
RenderFrameHostManager::GetSiteInstanceForEntry, which generates a new
SiteInstance and then a new RenderProcessHostImpl via
SiteInstanceImpl::GetProcess(). Based on your comment above, I'm assuming I
should be able to reuse the SiteInstance if I'm just navigating to a blank page?
So I added a check after the SiteInstanceImpl::IsSameSite() check in
RFHM::GetSiteInstanceForEntry() to see if the destination url was just
about:blank, and if so, use the current SiteInstance. Not sure if that's legit
or not, so I've uploaded it for you to take look. If this all seems ok, I'll go
ahead and add tests, revise the CL description, and the implementation docs.


> 
> > > We create the
> > > transition page's ContentViewCore when the TransitionPageHelper receives
> > > didStartProvisionalLoad, although we don't actually navigate it until we
> reach
> > > CrossSiteResourceHandler::OnResponseStarted.
> > > 
> > > The transition page itself is just a blank page that we load the
serialized
> > > markup into. The transition elements from the outgoing page are serialized
> and
> > > the markup is sent to the TransitionPageHelper, which 
> > > 
> > > https://codereview.chromium.org/316053007/ loads the serialized markup.
> > > 
> > > 
> > > > 2) I'm concerned about using a URL as a lookup key for a process ID,
> because
> > > > it's not unique.  It would be easy to have two different tabs open to
> > > http://foo.com in
> > > > different processes (because they're in different BrowsingInstances),
each
> > of
> > > > which starts a transition navigation.  The two separate instances of the
> URL
> > > > would collide in the map.  (For more context, see
> > > > http://www.chromium.org/developers/design-documents/process-models.)
> > > > 
> > > 
> > > We don't actually use the URL as the lookup key. A new unique "transition
> url"
> > > is generated per navigation transition, and passed down to the
> > > TransitionPageHelper in the embedder. That unique url is passed back when
we
> > > call loadUrl as the virtual_url_for_transition, and the RFHM checks for
that
> > in
> > > GetSiteInstanceForEntry.
> > > 
> > > Hopefully that means, in the situation you described, the 2 separate tabs
> > > wouldn't collide in the map.
> > > 
> > > 
> > > > 3) Adding new schemes tends to have risky security implications.  For
> > example,
> > > > an attacker might try to navigate to a URL with the new transition
scheme
> to
> > > get
> > > > it to load in an existing process, etc.  It would be best to avoid this
if
> > we
> > > > can, which we might be able to do when solving (2).
> > > > 
> > > 
> > > That makes sense. Is it still as risky with the explanation to (2) above?
I
> > > guess that, during a transition, you could try to navigate directly to a
> > > transition url? ie. transition://unique_url if you knew it or guessed it.
> > > 
> > > 
> > > > 4) I think I read that this behavior was gated behind a flag, right?  It
> > seems
> > > > like we should check for that flag when modifying things like
> > > > GetExistingProcessHost, since those changes can have security
implications
> > in
> > > > normal browsing.
> > > > 
> > > 
> > > Yep we gate it behind the experimental features flag in blink. I can add a
> > check
> > > for that.
> > > 
> > > 
> > > > Your answer to (1) might help me brainstorm some alternatives if we need
> > them.
> > > 
> > > > For example, we might be able to put the transition page in the very
same
> > > > SiteInstance as the destination page, without changing things like
> > > > GetExistingProcessHost.

Charlie Reis

On 2014/07/24 18:39:11, shatch wrote: > On 2014/07/23 22:12:14, shatch wrote: > > On 2014/07/23 ...

6 years, 5 months ago (2014-07-24 19:59:25 UTC) #10

On 2014/07/24 18:39:11, shatch wrote:
> On 2014/07/23 22:12:14, shatch wrote:
> > On 2014/07/23 22:02:28, Charlie Reis wrote:
> > > On 2014/07/23 19:07:06, shatch wrote:
> > > > On 2014/07/23 17:32:48, Charlie Reis wrote:
> > > > > Thanks for looking to into the process sharing!  Your implementation
doc
> > was
> > > > > especially helpful.  As we discussed, I think it would be nice for
> > > transition
> > > > > pages to end up in the same process as the destination page, without
> > > affecting
> > > > > our normal process model decision for the destination page.
> > > > > 
> > > > > I have some high level questions and concerns before getting into code
> > > review
> > > > > comments, though, partly because I've been out on leave and missed the
> > > earlier
> > > > > implementation stages.
> > > > > 
> > > > 
> > > > Welcome back :)
> > > > 
> > > > > 1) What classes are you using to render the transition page?  Does it
go
> > > into
> > > > > its own WebContents, RenderViewHost, and/or RenderFrameHost?  And does
> > this
> > > > > happen after we've created the SiteInstance for the destination page? 
> > Also,
> > > > is
> > > > > the transition page itself something like a data URL?
> > > > > 
> > > > 
> > > > Right now the transition page gets its own ContentViewCore.
> > > 
> > > Oh.  Isn't that an Android class?  Is this feature Android-only?
> > > 
> > 
> > Yeah, at the moment it's android only.
> > 
> > 
> > > > I believe we've
> > > > created the SiteInstance for the destination page at this point.
> > > 
> > > Is it possible to just use that SiteInstance for the new ContentViewCore? 
> It
> > > shouldn't ever be a problem to load a blank page into the destination
> > > SiteInstance, and that would save us from having to do any transition URLs
/
> > > maps / changes to GetExistingProcessHost.  We would automatically be in
the
> > same
> > > process by being in the same SiteInstance.
> > > 
> > 
> > Ah I didn't know that, I'll give that a try and get back to you.
> > 
> 
> So I gave sharing the SiteInstance between the transition and incoming pages.
> What I do is instantiate a new WebContents in the embedder with
> createNativeWebContentsWithSharedSiteInstance(source_content_view_core), then
> navigate that ContentViewCore to about:blank before adding the serialized
> markup.
> 
> Once I navigate the new ContentViewCore, it passes through
> RenderFrameHostManager::GetSiteInstanceForEntry, which generates a new
> SiteInstance and then a new RenderProcessHostImpl via
> SiteInstanceImpl::GetProcess(). Based on your comment above, I'm assuming I
> should be able to reuse the SiteInstance if I'm just navigating to a blank
page?
> So I added a check after the SiteInstanceImpl::IsSameSite() check in
> RFHM::GetSiteInstanceForEntry() to see if the destination url was just
> about:blank, and if so, use the current SiteInstance. Not sure if that's legit
> or not, so I've uploaded it for you to take look. If this all seems ok, I'll
go
> ahead and add tests, revise the CL description, and the implementation docs.

I'm thinking about it, and I think that might be fine.  Kind of the same
reasoning as reusing an about:blank SiteInstance for a real site when a blank
page is the only thing that has been in there, and it's consistent with a page
using window.open("about:blank") and having script access to it.

It might make sense to make that change in SiteInstanceImpl::IsSameWebSite (near
the IsRendererDebugURL checks), but that's a smaller issue for the review. 
Unless Nasko can think of issues I'm missing, I'd suggest proceeding with that
route.

shatch

On 2014/07/24 19:59:25, Charlie Reis wrote: > On 2014/07/24 18:39:11, shatch wrote: > > On ...

6 years, 5 months ago (2014-07-24 22:34:39 UTC) #11

On 2014/07/24 19:59:25, Charlie Reis wrote:
> On 2014/07/24 18:39:11, shatch wrote:
> > On 2014/07/23 22:12:14, shatch wrote:
> > > On 2014/07/23 22:02:28, Charlie Reis wrote:
> > > > On 2014/07/23 19:07:06, shatch wrote:
> > > > > On 2014/07/23 17:32:48, Charlie Reis wrote:
> > > > > > Thanks for looking to into the process sharing!  Your implementation
> doc
> > > was
> > > > > > especially helpful.  As we discussed, I think it would be nice for
> > > > transition
> > > > > > pages to end up in the same process as the destination page, without
> > > > affecting
> > > > > > our normal process model decision for the destination page.
> > > > > > 
> > > > > > I have some high level questions and concerns before getting into
code
> > > > review
> > > > > > comments, though, partly because I've been out on leave and missed
the
> > > > earlier
> > > > > > implementation stages.
> > > > > > 
> > > > > 
> > > > > Welcome back :)
> > > > > 
> > > > > > 1) What classes are you using to render the transition page?  Does
it
> go
> > > > into
> > > > > > its own WebContents, RenderViewHost, and/or RenderFrameHost?  And
does
> > > this
> > > > > > happen after we've created the SiteInstance for the destination
page? 
> > > Also,
> > > > > is
> > > > > > the transition page itself something like a data URL?
> > > > > > 
> > > > > 
> > > > > Right now the transition page gets its own ContentViewCore.
> > > > 
> > > > Oh.  Isn't that an Android class?  Is this feature Android-only?
> > > > 
> > > 
> > > Yeah, at the moment it's android only.
> > > 
> > > 
> > > > > I believe we've
> > > > > created the SiteInstance for the destination page at this point.
> > > > 
> > > > Is it possible to just use that SiteInstance for the new
ContentViewCore? 
> > It
> > > > shouldn't ever be a problem to load a blank page into the destination
> > > > SiteInstance, and that would save us from having to do any transition
URLs
> /
> > > > maps / changes to GetExistingProcessHost.  We would automatically be in
> the
> > > same
> > > > process by being in the same SiteInstance.
> > > > 
> > > 
> > > Ah I didn't know that, I'll give that a try and get back to you.
> > > 
> > 
> > So I gave sharing the SiteInstance between the transition and incoming
pages.
> > What I do is instantiate a new WebContents in the embedder with
> > createNativeWebContentsWithSharedSiteInstance(source_content_view_core),
then
> > navigate that ContentViewCore to about:blank before adding the serialized
> > markup.
> > 
> > Once I navigate the new ContentViewCore, it passes through
> > RenderFrameHostManager::GetSiteInstanceForEntry, which generates a new
> > SiteInstance and then a new RenderProcessHostImpl via
> > SiteInstanceImpl::GetProcess(). Based on your comment above, I'm assuming I
> > should be able to reuse the SiteInstance if I'm just navigating to a blank
> page?
> > So I added a check after the SiteInstanceImpl::IsSameSite() check in
> > RFHM::GetSiteInstanceForEntry() to see if the destination url was just
> > about:blank, and if so, use the current SiteInstance. Not sure if that's
legit
> > or not, so I've uploaded it for you to take look. If this all seems ok, I'll
> go
> > ahead and add tests, revise the CL description, and the implementation docs.
> 
> I'm thinking about it, and I think that might be fine.  Kind of the same
> reasoning as reusing an about:blank SiteInstance for a real site when a blank
> page is the only thing that has been in there, and it's consistent with a page
> using window.open("about:blank") and having script access to it.
> 
> It might make sense to make that change in SiteInstanceImpl::IsSameWebSite
(near
> the IsRendererDebugURL checks), but that's a smaller issue for the review. 
> Unless Nasko can think of issues I'm missing, I'd suggest proceeding with that
> route.

Awesome, went ahead and moved the check inside SiteInstance::IsSameWebSite,
added some tests, and revised the CL description. ptal

Charlie Reis

Cool. One issue to update below. One question before you make that change, though-- do ...

6 years, 5 months ago (2014-07-25 17:31:22 UTC) #12

Cool.  One issue to update below.

One question before you make that change, though-- do we actually need to
explicitly navigate the new ContentViewCore to about:blank?  It does start with
a blank page, which you might be able to add your serialized markup to.  If so,
maybe it's possible to skip the change to IsSameWebSite entirely.

https://codereview.chromium.org/378743002/diff/200001/content/browser/site_in...
File content/browser/site_instance_impl.cc (right):

https://codereview.chromium.org/378743002/diff/200001/content/browser/site_in...
content/browser/site_instance_impl.cc:264: // If either url is just a blank
page, we treat them as part of the same site.
Ah, we don't actually want this for navigating from about:blank to a normal URL,
since it's possible for one website to inject content into an about:blank popup
(via JavaScript) and then navigate it elsewhere.  It's only ok when going from a
normal URL to about:blank.

I still think this change makes sense for src -> dest, so perhaps we should
change the names of url1 and url2 to src_url and dest_url (here and in the .h
file), and add a mention of this behavior in the declaration comment in
site_instance.h.

https://codereview.chromium.org/378743002/diff/200001/content/browser/site_in...
File content/browser/site_instance_impl_unittest.cc (right):

https://codereview.chromium.org/378743002/diff/200001/content/browser/site_in...
content/browser/site_instance_impl_unittest.cc:392: // Blank pages should be
considered same site for anything.
Great.  Let's update this to show that it's for blank destination URLs only,
though.

https://codereview.chromium.org/378743002/diff/200001/content/browser/transit...
File content/browser/transition_browsertest.cc (right):

https://codereview.chromium.org/378743002/diff/200001/content/browser/transit...
content/browser/transition_browsertest.cc:145: ASSERT_EQ(outgoing_process_id,
transition_process_id);
nit: Use EXPECT_* for things we're testing (so that the test continues to run
and might print multiple EXPECT failures) and save ASSERT_* for test
preconditions (e.g., the embedded_test_server init above).

shatch

On 2014/07/25 17:31:22, Charlie Reis wrote: > Cool. One issue to update below. > > ...

6 years, 5 months ago (2014-07-25 18:42:01 UTC) #13

On 2014/07/25 17:31:22, Charlie Reis wrote:
> Cool.  One issue to update below.
> 
> One question before you make that change, though-- do we actually need to
> explicitly navigate the new ContentViewCore to about:blank?  It does start
with
> a blank page, which you might be able to add your serialized markup to.  If
so,
> maybe it's possible to skip the change to IsSameWebSite entirely.
> 

Holding off the rest of changes for now.

It's my understanding that the navigation is what creates the RenderFrameImpl?
Poking around a bit, it looks like that's created when we hit
RenderFrameHostManager::Navigate(), specifically the calls to
WebContentsImpl::CreateRenderViewForRenderManager() from
RenderFrameHostManager::Navigate() and RenderFrameHostManager::InitRenderView().
Tried with and without the initial navigation to about:blank, and without the
navigation, I couldn't see the RenderFrameImpl being created.

>
https://codereview.chromium.org/378743002/diff/200001/content/browser/site_in...
> File content/browser/site_instance_impl.cc (right):
> 
>
https://codereview.chromium.org/378743002/diff/200001/content/browser/site_in...
> content/browser/site_instance_impl.cc:264: // If either url is just a blank
> page, we treat them as part of the same site.
> Ah, we don't actually want this for navigating from about:blank to a normal
URL,
> since it's possible for one website to inject content into an about:blank
popup
> (via JavaScript) and then navigate it elsewhere.  It's only ok when going from
a
> normal URL to about:blank.
> 
> I still think this change makes sense for src -> dest, so perhaps we should
> change the names of url1 and url2 to src_url and dest_url (here and in the .h
> file), and add a mention of this behavior in the declaration comment in
> site_instance.h.
> 
>
https://codereview.chromium.org/378743002/diff/200001/content/browser/site_in...
> File content/browser/site_instance_impl_unittest.cc (right):
> 
>
https://codereview.chromium.org/378743002/diff/200001/content/browser/site_in...
> content/browser/site_instance_impl_unittest.cc:392: // Blank pages should be
> considered same site for anything.
> Great.  Let's update this to show that it's for blank destination URLs only,
> though.
> 
>
https://codereview.chromium.org/378743002/diff/200001/content/browser/transit...
> File content/browser/transition_browsertest.cc (right):
> 
>
https://codereview.chromium.org/378743002/diff/200001/content/browser/transit...
> content/browser/transition_browsertest.cc:145: ASSERT_EQ(outgoing_process_id,
> transition_process_id);
> nit: Use EXPECT_* for things we're testing (so that the test continues to run
> and might print multiple EXPECT failures) and save ASSERT_* for test
> preconditions (e.g., the embedded_test_server init above).

Charlie Reis

On 2014/07/25 18:42:01, shatch wrote: > On 2014/07/25 17:31:22, Charlie Reis wrote: > > Cool. ...

6 years, 5 months ago (2014-07-25 18:45:13 UTC) #14

shatch

New snapshot uploaded, ptal https://codereview.chromium.org/378743002/diff/200001/content/browser/site_instance_impl.cc File content/browser/site_instance_impl.cc (right): https://codereview.chromium.org/378743002/diff/200001/content/browser/site_instance_impl.cc#newcode264 content/browser/site_instance_impl.cc:264: // If either url is ...

6 years, 5 months ago (2014-07-25 20:57:06 UTC) #15

New snapshot uploaded, ptal

https://codereview.chromium.org/378743002/diff/200001/content/browser/site_in...
File content/browser/site_instance_impl.cc (right):

https://codereview.chromium.org/378743002/diff/200001/content/browser/site_in...
content/browser/site_instance_impl.cc:264: // If either url is just a blank
page, we treat them as part of the same site.
On 2014/07/25 17:31:22, Charlie Reis wrote:
> Ah, we don't actually want this for navigating from about:blank to a normal
URL,
> since it's possible for one website to inject content into an about:blank
popup
> (via JavaScript) and then navigate it elsewhere.  It's only ok when going from
a
> normal URL to about:blank.
> 
> I still think this change makes sense for src -> dest, so perhaps we should
> change the names of url1 and url2 to src_url and dest_url (here and in the .h
> file), and add a mention of this behavior in the declaration comment in
> site_instance.h.

Done.

https://codereview.chromium.org/378743002/diff/200001/content/browser/site_in...
File content/browser/site_instance_impl_unittest.cc (right):

https://codereview.chromium.org/378743002/diff/200001/content/browser/site_in...
content/browser/site_instance_impl_unittest.cc:392: // Blank pages should be
considered same site for anything.
On 2014/07/25 17:31:22, Charlie Reis wrote:
> Great.  Let's update this to show that it's for blank destination URLs only,
> though.

Done.

https://codereview.chromium.org/378743002/diff/200001/content/browser/transit...
File content/browser/transition_browsertest.cc (right):

https://codereview.chromium.org/378743002/diff/200001/content/browser/transit...
content/browser/transition_browsertest.cc:145: ASSERT_EQ(outgoing_process_id,
transition_process_id);
On 2014/07/25 17:31:22, Charlie Reis wrote:
> nit: Use EXPECT_* for things we're testing (so that the test continues to run
> and might print multiple EXPECT failures) and save ASSERT_* for test
> preconditions (e.g., the embedded_test_server init above).

Done.

shatch

Hi David, looking for an owner for: chrome/android/ chrome/browser/android/ ptal

6 years, 5 months ago (2014-07-25 21:09:05 UTC) #17

shatch

On 2014/07/25 21:09:05, shatch wrote: > Hi David, looking for an owner for: > > ...

6 years, 4 months ago (2014-07-30 14:25:34 UTC) #18

David Trainor- moved to gerrit

nits but lgtm. https://codereview.chromium.org/378743002/diff/240001/chrome/browser/android/content_view_util.cc File chrome/browser/android/content_view_util.cc (right): https://codereview.chromium.org/378743002/diff/240001/chrome/browser/android/content_view_util.cc#newcode30 chrome/browser/android/content_view_util.cc:30: Profile* profile = g_browser_process->profile_manager()->GetLastUsedProfile(); Not sure, ...

6 years, 4 months ago (2014-07-31 00:48:48 UTC) #19

shatch

https://codereview.chromium.org/378743002/diff/240001/chrome/browser/android/content_view_util.cc File chrome/browser/android/content_view_util.cc (right): https://codereview.chromium.org/378743002/diff/240001/chrome/browser/android/content_view_util.cc#newcode30 chrome/browser/android/content_view_util.cc:30: Profile* profile = g_browser_process->profile_manager()->GetLastUsedProfile(); On 2014/07/31 00:48:47, David Trainor ...

6 years, 4 months ago (2014-07-31 18:41:34 UTC) #20