Bug 185737

Summary: Avoid keeping the frame alive when ref'ing a WindowProxy
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: BindingsAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, commit-queue, dbates, esprehn+autocc, ews-watchlist, ggaren, kangil.han, sam, simon.fraser, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
WIP patch
none
WIP patch
none
WIP Patch
none
WIP Patch
none
WIP Patch
none
Patch
none
Patch
none
Archive of layout-test-results from ews202 for win-future none

Chris Dumez
Reported 2018-05-17 10:47:27 PDT
Avoid keeping the frame alive when ref'ing a WindowProxy.
Attachments
WIP patch (15.21 KB, patch)
2018-05-17 10:49 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
WIP patch (15.25 KB, patch)
2018-05-17 10:55 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
WIP Patch (15.78 KB, patch)
2018-05-17 11:08 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
WIP Patch (15.92 KB, patch)
2018-05-17 11:44 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
WIP Patch (17.40 KB, patch)
2018-05-17 12:00 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (22.35 KB, patch)
2018-05-17 13:33 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (22.42 KB, patch)
2018-05-17 14:44 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews202 for win-future (12.84 MB, application/zip)
2018-05-18 10:15 PDT, EWS Watchlist 		no flags
Details
Show Obsolete (6) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2018-05-17 10:49:33 PDT
Created attachment 340598 [details] WIP patch
Chris Dumez
Comment 2 2018-05-17 10:50:27 PDT
<rdar://problem/40004666>
Chris Dumez
Comment 3 2018-05-17 10:55:13 PDT
Created attachment 340600 [details] WIP patch
Chris Dumez
Comment 4 2018-05-17 11:08:47 PDT
Created attachment 340607 [details] WIP Patch
Chris Dumez
Comment 5 2018-05-17 11:44:23 PDT
Created attachment 340612 [details] WIP Patch
EWS Watchlist
Comment 6 2018-05-17 11:46:46 PDT
Attachment 340612 [details] did not pass style-queue: ERROR: Source/WebCore/page/AbstractFrame.h:29: Alphabetical sorting problem. [build/include_order] [4] Total errors found: 1 in 11 files If any of these errors are false positives, please file a bug against check-webkit-style.
Chris Dumez
Comment 7 2018-05-17 12:00:11 PDT
Created attachment 340619 [details] WIP Patch
Chris Dumez
Comment 8 2018-05-17 13:33:09 PDT
Created attachment 340631 [details] Patch
Chris Dumez
Comment 9 2018-05-17 14:44:34 PDT
Created attachment 340647 [details] Patch
Sam Weinig
Comment 10 2018-05-17 21:57:58 PDT
Comment on attachment 340647 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=340647&action=review > Source/WebCore/ChangeLog:15 > + It is important to not extend the lifetime of the Frame because we want script > + to stop running when the Page gets destroyed. I don't understand this. What does extending the lifetime of the Frame have to do with stopping script from running when a Page gets destroyed?
Chris Dumez
Comment 11 2018-05-18 07:13:29 PDT
(In reply to Sam Weinig from comment #10) > Comment on attachment 340647 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=340647&action=review > > > Source/WebCore/ChangeLog:15 > > + It is important to not extend the lifetime of the Frame because we want script > > + to stop running when the Page gets destroyed. > > I don't understand this. What does extending the lifetime of the Frame have > to do with stopping script from running when a Page gets destroyed? To fire events you need a global object. If the frame is gone then you have no way to get a global object.
Chris Dumez
Comment 12 2018-05-18 08:51:01 PDT
(In reply to Chris Dumez from comment #11) > (In reply to Sam Weinig from comment #10) > > Comment on attachment 340647 [details] > > Patch > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=340647&action=review > > > > > Source/WebCore/ChangeLog:15 > > > + It is important to not extend the lifetime of the Frame because we want script > > > + to stop running when the Page gets destroyed. > > > > I don't understand this. What does extending the lifetime of the Frame have > > to do with stopping script from running when a Page gets destroyed? > > To fire events you need a global object. If the frame is gone then you have > no way to get a global object. In particular, in JSEventListener::handleEvent(ScriptExecutionContext&, Event&): JSDOMGlobalObject* globalObject = toJSDOMGlobalObject(scriptExecutionContext, m_isolatedWorld); if (!globalObject) return; with toJSDOMGlobalObject() implemented as: JSDOMGlobalObject* toJSDOMGlobalObject(ScriptExecutionContext& context, DOMWrapperWorld& world) { if (is<Document>(context)) return toJSDOMWindow(downcast<Document>(context).frame(), world); if (is<WorkerGlobalScope>(context)) return downcast<WorkerGlobalScope>(context).script()->workerGlobalScopeWrapper(); ASSERT_NOT_REACHED(); return nullptr; } and toJSDOMWindow() returning nullptr when the frame is null: inline JSDOMWindow* toJSDOMWindow(Frame* frame, DOMWrapperWorld& world) { return frame ? toJSDOMWindow(*frame, world) : nullptr; }
Chris Dumez
Comment 13 2018-05-18 08:53:12 PDT
(In reply to Chris Dumez from comment #12) > (In reply to Chris Dumez from comment #11) > > (In reply to Sam Weinig from comment #10) > > > Comment on attachment 340647 [details] > > > Patch > > > > > > View in context: > > > https://bugs.webkit.org/attachment.cgi?id=340647&action=review > > > > > > > Source/WebCore/ChangeLog:15 > > > > + It is important to not extend the lifetime of the Frame because we want script > > > > + to stop running when the Page gets destroyed. > > > > > > I don't understand this. What does extending the lifetime of the Frame have > > > to do with stopping script from running when a Page gets destroyed? > > > > To fire events you need a global object. If the frame is gone then you have > > no way to get a global object. > > In particular, in JSEventListener::handleEvent(ScriptExecutionContext&, > Event&): > JSDOMGlobalObject* globalObject = > toJSDOMGlobalObject(scriptExecutionContext, m_isolatedWorld); > if (!globalObject) > return; > > with toJSDOMGlobalObject() implemented as: > JSDOMGlobalObject* toJSDOMGlobalObject(ScriptExecutionContext& context, > DOMWrapperWorld& world) > { > if (is<Document>(context)) > return toJSDOMWindow(downcast<Document>(context).frame(), world); > > if (is<WorkerGlobalScope>(context)) > return > downcast<WorkerGlobalScope>(context).script()->workerGlobalScopeWrapper(); > > ASSERT_NOT_REACHED(); > return nullptr; > } > > and toJSDOMWindow() returning nullptr when the frame is null: > inline JSDOMWindow* toJSDOMWindow(Frame* frame, DOMWrapperWorld& world) { > return frame ? toJSDOMWindow(*frame, world) : nullptr; } Also, if the Frame is gone, then the ScriptController is gone, so no executeScript() / evaluate() / ...
EWS Watchlist
Comment 14 2018-05-18 10:15:38 PDT
Comment on attachment 340647 [details] Patch Attachment 340647 [details] did not pass win-ews (win): Output: http://webkit-queues.webkit.org/results/7722627 New failing tests: http/tests/preload/onload_event.html
EWS Watchlist
Comment 15 2018-05-18 10:15:50 PDT
Created attachment 340707 [details] Archive of layout-test-results from ews202 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews202 Port: win-future Platform: CYGWIN_NT-6.1-2.9.0-0.318-5-3-x86_64-64bit
WebKit Commit Bot
Comment 16 2018-05-18 10:34:25 PDT
Comment on attachment 340647 [details] Patch Clearing flags on attachment: 340647 Committed r231963: <https://trac.webkit.org/changeset/231963>
WebKit Commit Bot
Comment 17 2018-05-18 10:34:27 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.