Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(180)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 649683007: Drop CreateChildFrame messages when swapping out. (Closed)

Created:
6 years, 2 months ago by nasko
Modified:
6 years, 2 months ago
Reviewers:
Charlie Reis
CC:
chromium-reviews, darin-cc_chromium.org, nasko+codewatch_chromium.org, jam, creis+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@2171
Project:
chromium
Visibility:
Public.

Description

Drop CreateChildFrame messages when swapping out. There is a race condition in the current state of the code where in cross-process navigation we swap the existing RenderFrameHost with a new RenderFrameHost. If the existing host sends an IPC message to create a new child frame, it arrives on the IO thread, allocates a routing id based of the existing process (p1) and does a PostTask to the UI thread. If there is a CommitPending event either executing on the UI thread or in the task queue before the task posted from the IO thread, it will end up putting the existing RenderFrameHost in swapped out state (or waiting for swapped out). When the task to create a child frame is executed after that, it creates a new RenderFrameHost, but it uses the "current" process (p2), which is different than the process that sent the message (p1). This manifests sometimes as adding duplicate routing ids to RenderProcessHost and is in general really bad bug. BUG=415059, 423691, 381990 Review URL: https://codereview.chromium.org/642813007 Cr-Commit-Position: refs/heads/master@{#299939} (cherry picked from commit dcdb02fab210ec5f7b8b560075ce96d0f48f344c) Conflicts: content/browser/frame_host/navigator_impl_unittest.cc R=creis@chromium.org Committed: https://chromium.googlesource.com/chromium/src/+/a6a21983b1a29ad11d30782c66d95facca65ab55

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+125 lines, -20 lines) Patch
M content/browser/frame_host/frame_tree.h View 1 chunk +1 line, -0 lines 0 comments Download
M content/browser/frame_host/frame_tree.cc View 2 chunks +9 lines, -1 line 0 comments Download
M content/browser/frame_host/frame_tree_node.h View 1 chunk +3 lines, -1 line 0 comments Download
M content/browser/frame_host/frame_tree_node.cc View 1 chunk +4 lines, -0 lines 0 comments Download
M content/browser/frame_host/frame_tree_unittest.cc View 5 chunks +34 lines, -16 lines 0 comments Download
M content/browser/frame_host/render_frame_host_impl.cc View 1 chunk +10 lines, -1 line 0 comments Download
M content/browser/frame_host/render_frame_host_manager_unittest.cc View 3 chunks +64 lines, -1 line 0 comments Download

Messages

Total messages: 5 (1 generated)
nasko
Hey Charlie, This is a merge of the duplicate routing ID fix into M39 branch. ...
6 years, 2 months ago (2014-10-20 17:38:55 UTC) #2
Charlie Reis
LGTM
6 years, 2 months ago (2014-10-20 18:26:47 UTC) #3
nasko
Committed patchset #1 (id:1) manually as a6a21983b1a29ad11d30782c66d95facca65ab55 (presubmit successful).
6 years, 2 months ago (2014-10-20 18:32:24 UTC) #4
nasko
6 years, 2 months ago (2014-10-20 21:00:57 UTC) #5
Message was sent while issue was closed. 
A revert of this CL (patchset #1 id:1) has been created in
https://codereview.chromium.org/663183003/ by nasko@chromium.org.

The reason for reverting is: It broke compile since this CL relies on
https://crrev.com/cce56cd951f6685a0120db63418aa7e6d3df28f2 and it isn't in this
branch..

Powered by Google App Engine
This is Rietveld 408576698