Fix an AppCache crash due to a dangling ResourceContext ptr.

- add GetAppCacheService() to the content::BrowserContext interface 
- no longer depend on ResourceContext to retrieve the AppCacheService reference in AppCacheDispatcherHost 

Also treat the FileSystemContext / FileSytemDispatcherHost in the same way.

BUG=95118
Review URL: http://codereview.chromium.org/7832012

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@99611 0039d316-1c4b-4281-b951-d872f2087c98

10 files changed, 76 insertions, 83 deletions

diff --git a/chrome/browser/profiles/profile.h b/chrome/browser/profiles/profile.h
index 357e5ca..a997f02 100644
--- a/chrome/browser/profiles/profile.h
+++ b/chrome/browser/profiles/profile.h
@@ -191,11 +191,9 @@ class Profile : public content::BrowserContext {
   // content::BrowserContext implementation ------------------------------------
 
   virtual FilePath GetPath() = 0;
-  virtual webkit_database::DatabaseTracker* GetDatabaseTracker() = 0;
   virtual SSLHostState* GetSSLHostState() = 0;
   virtual DownloadManager* GetDownloadManager() = 0;
   virtual bool HasCreatedDownloadManager() const = 0;
-  virtual quota::QuotaManager* GetQuotaManager() = 0;
   virtual net::URLRequestContextGetter* GetRequestContext() = 0;
   virtual net::URLRequestContextGetter* GetRequestContextForRenderProcess(
       int renderer_child_id) = 0;
@@ -203,8 +201,12 @@ class Profile : public content::BrowserContext {
   virtual const content::ResourceContext& GetResourceContext() = 0;
   virtual HostZoomMap* GetHostZoomMap() = 0;
   virtual GeolocationPermissionContext* GetGeolocationPermissionContext() = 0;
+  virtual quota::QuotaManager* GetQuotaManager() = 0;
+  virtual webkit_database::DatabaseTracker* GetDatabaseTracker() = 0;
   virtual WebKitContext* GetWebKitContext() = 0;
+  virtual ChromeAppCacheService* GetAppCacheService() = 0;
   virtual ChromeBlobStorageContext* GetBlobStorageContext() = 0;
+  virtual fileapi::FileSystemContext* GetFileSystemContext() = 0;
 
   // content::BrowserContext implementation ------------------------------------
 
@@ -230,9 +232,6 @@ class Profile : public content::BrowserContext {
   // profile is not incognito.
   virtual Profile* GetOriginalProfile() = 0;
 
-  // Returns a pointer to the ChromeAppCacheService instance for this profile.
-  virtual ChromeAppCacheService* GetAppCacheService() = 0;
-
   // Returns a pointer to the TopSites (thumbnail manager) instance
   // for this profile.
   virtual history::TopSites* GetTopSites() = 0;
@@ -352,11 +351,6 @@ class Profile : public content::BrowserContext {
   // Returns the PersonalDataManager associated with this profile.
   virtual PersonalDataManager* GetPersonalDataManager() = 0;
 
-  // Returns the FileSystemContext associated to this profile.  The context
-  // is lazily created the first time this method is called.  This is owned
-  // by the profile.
-  virtual fileapi::FileSystemContext* GetFileSystemContext() = 0;
-
   // Returns the request context used for extension-related requests.  This
   // is only used for a separate cookie store currently.
   virtual net::URLRequestContextGetter* GetRequestContextForExtensions() = 0;
diff --git a/content/browser/appcache/appcache_dispatcher_host.cc b/content/browser/appcache/appcache_dispatcher_host.cc
index b52d62e..3f2447a 100644
--- a/content/browser/appcache/appcache_dispatcher_host.cc
+++ b/content/browser/appcache/appcache_dispatcher_host.cc
@@ -6,28 +6,21 @@
 
 #include "base/callback.h"
 #include "content/browser/appcache/chrome_appcache_service.h"
-#include "content/browser/resource_context.h"
 #include "content/browser/user_metrics.h"
 #include "content/common/appcache_messages.h"
 
 AppCacheDispatcherHost::AppCacheDispatcherHost(
-    const content::ResourceContext* resource_context,
+    ChromeAppCacheService* appcache_service,
     int process_id)
-    : ALLOW_THIS_IN_INITIALIZER_LIST(frontend_proxy_(this)),
-      resource_context_(resource_context),
+    : appcache_service_(appcache_service),
+      ALLOW_THIS_IN_INITIALIZER_LIST(frontend_proxy_(this)),
       process_id_(process_id) {
-  DCHECK(resource_context_);
 }
 
 AppCacheDispatcherHost::~AppCacheDispatcherHost() {}
 
 void AppCacheDispatcherHost::OnChannelConnected(int32 peer_pid) {
   BrowserMessageFilter::OnChannelConnected(peer_pid);
-
-  // Get the AppCacheService (it can only be accessed from IO thread).
-  appcache_service_ = resource_context_->appcache_service();
-  resource_context_ = NULL;
-
   if (appcache_service_.get()) {
     backend_impl_.Initialize(
         appcache_service_.get(), &frontend_proxy_, process_id_);
diff --git a/content/browser/appcache/appcache_dispatcher_host.h b/content/browser/appcache/appcache_dispatcher_host.h
index ef5e891..a2fe1fc 100644
--- a/content/browser/appcache/appcache_dispatcher_host.h
+++ b/content/browser/appcache/appcache_dispatcher_host.h
@@ -17,9 +17,6 @@
 #include "webkit/appcache/appcache_backend_impl.h"
 
 class ChromeAppCacheService;
-namespace content {
-class ResourceContext;
-}  // namespace content
 
 // Handles appcache related messages sent to the main browser process from
 // its child processes. There is a distinct host for each child process.
@@ -27,7 +24,7 @@ class ResourceContext;
 // WorkerProcessHost create an instance and delegates calls to it.
 class AppCacheDispatcherHost : public BrowserMessageFilter {
  public:
-  AppCacheDispatcherHost(const content::ResourceContext* resource_context,
+  AppCacheDispatcherHost(ChromeAppCacheService* appcache_service,
                          int process_id);
   virtual ~AppCacheDispatcherHost();
 
@@ -62,18 +59,11 @@ class AppCacheDispatcherHost : public BrowserMessageFilter {
   void StartUpdateCallback(bool result, void* param);
   void SwapCacheCallback(bool result, void* param);
 
-  // This is only valid once Initialize() has been called.  This MUST be defined
-  // before backend_impl_ since the latter maintains a (non-refcounted) pointer
-  // to it.
-  scoped_refptr<ChromeAppCacheService> appcache_service_;
 
+  scoped_refptr<ChromeAppCacheService> appcache_service_;
   AppCacheFrontendProxy frontend_proxy_;
   appcache::AppCacheBackendImpl backend_impl_;
 
-  // Temporary until OnChannelConnected() can be called from the IO thread,
-  // which will extract the AppCacheService from the net::URLRequestContext.
-  const content::ResourceContext* resource_context_;
-
   scoped_ptr<appcache::GetStatusCallback> get_status_callback_;
   scoped_ptr<appcache::StartUpdateCallback> start_update_callback_;
   scoped_ptr<appcache::SwapCacheCallback> swap_cache_callback_;
diff --git a/content/browser/browser_context.h b/content/browser/browser_context.h
index 7c1fa70..15125ca 100644
--- a/content/browser/browser_context.h
+++ b/content/browser/browser_context.h
@@ -8,6 +8,10 @@
 
 #include "base/hash_tables.h"
 
+namespace fileapi {
+class FileSystemContext;
+}
+
 namespace net {
 class URLRequestContextGetter;
 }
@@ -20,6 +24,7 @@ namespace webkit_database {
 class DatabaseTracker;
 }
 
+class ChromeAppCacheService;
 class ChromeBlobStorageContext;
 class DownloadManager;
 class FilePath;
@@ -33,7 +38,7 @@ namespace content {
 class ResourceContext;
 
 // This class holds the context needed for a browsing session.
-
+// It lives on the UI thread.
 class BrowserContext {
  public:
   // Returns the path of the directory where this context's data is stored.
@@ -43,9 +48,6 @@ class BrowserContext {
   // This doesn't belong here; http://crbug.com/89628
   virtual bool IsOffTheRecord() = 0;
 
-  // Returns a pointer to the DatabaseTracker instance for this context.
-  virtual webkit_database::DatabaseTracker* GetDatabaseTracker() = 0;
-
   // Retrieves a pointer to the SSLHostState associated with this context.
   // The SSLHostState is lazily created the first time that this method is
   // called.
@@ -55,8 +57,6 @@ class BrowserContext {
   virtual DownloadManager* GetDownloadManager() = 0;
   virtual bool HasCreatedDownloadManager() const = 0;
 
-  virtual quota::QuotaManager* GetQuotaManager() = 0;
-
   // Returns the request context information associated with this context.  Call
   // this only on the UI thread, since it can send notifications that should
   // happen on the UI thread.
@@ -88,12 +88,14 @@ class BrowserContext {
   // This doesn't belong here; http://crbug.com/90737
   virtual bool DidLastSessionExitCleanly() = 0;
 
-  // Returns the WebKitContext assigned to this context.
+  // The following getters return references to various storage related
+  // contexts associated with this browser context.
+  virtual quota::QuotaManager* GetQuotaManager() = 0;
   virtual WebKitContext* GetWebKitContext() = 0;
-
-  // Returns a pointer to the ChromeBlobStorageContext instance for this
-  // context.
+  virtual webkit_database::DatabaseTracker* GetDatabaseTracker() = 0;
   virtual ChromeBlobStorageContext* GetBlobStorageContext() = 0;
+  virtual ChromeAppCacheService* GetAppCacheService() = 0;
+  virtual fileapi::FileSystemContext* GetFileSystemContext() = 0;
 };
 
 }  // namespace content
diff --git a/content/browser/file_system/file_system_dispatcher_host.cc b/content/browser/file_system/file_system_dispatcher_host.cc
index 8d886dc..f8eb431 100644
--- a/content/browser/file_system/file_system_dispatcher_host.cc
+++ b/content/browser/file_system/file_system_dispatcher_host.cc
@@ -11,11 +11,11 @@
 #include "base/platform_file.h"
 #include "base/threading/thread.h"
 #include "base/time.h"
-#include "content/browser/resource_context.h"
 #include "content/common/file_system_messages.h"
 #include "googleurl/src/gurl.h"
 #include "ipc/ipc_platform_file.h"
 #include "net/url_request/url_request_context.h"
+#include "net/url_request/url_request_context_getter.h"
 #include "webkit/fileapi/file_system_callback_dispatcher.h"
 #include "webkit/fileapi/file_system_context.h"
 #include "webkit/fileapi/file_system_operation.h"
@@ -94,21 +94,22 @@ class BrowserFileSystemCallbackDispatcher
 };
 
 FileSystemDispatcherHost::FileSystemDispatcherHost(
-    const content::ResourceContext* resource_context)
-    : context_(NULL),
-      resource_context_(resource_context),
+    net::URLRequestContextGetter* request_context_getter,
+    fileapi::FileSystemContext* file_system_context)
+    : context_(file_system_context),
+      request_context_getter_(request_context_getter),
       request_context_(NULL) {
-  DCHECK(resource_context_);
+  DCHECK(context_);
+  DCHECK(request_context_getter_);
 }
 
 FileSystemDispatcherHost::FileSystemDispatcherHost(
     net::URLRequestContext* request_context,
     fileapi::FileSystemContext* file_system_context)
     : context_(file_system_context),
-      resource_context_(NULL),
       request_context_(request_context) {
-  DCHECK(request_context_);
   DCHECK(context_);
+  DCHECK(request_context_);
 }
 
 FileSystemDispatcherHost::~FileSystemDispatcherHost() {
@@ -117,15 +118,12 @@ FileSystemDispatcherHost::~FileSystemDispatcherHost() {
 void FileSystemDispatcherHost::OnChannelConnected(int32 peer_pid) {
   BrowserMessageFilter::OnChannelConnected(peer_pid);
 
-  if (resource_context_) {
+  if (request_context_getter_.get()) {
     DCHECK(!request_context_);
-    request_context_ = resource_context_->request_context();
-    DCHECK(!context_);
-    context_ = resource_context_->file_system_context();
-    resource_context_ = NULL;
+    request_context_ = request_context_getter_->GetURLRequestContext();
+    request_context_getter_ = NULL;
+    DCHECK(request_context_);
   }
-  DCHECK(request_context_);
-  DCHECK(context_);
 }
 
 void FileSystemDispatcherHost::OverrideThreadForMessage(
@@ -215,6 +213,11 @@ void FileSystemDispatcherHost::OnWrite(
     const GURL& path,
     const GURL& blob_url,
     int64 offset) {
+  if (!request_context_) {
+    // We can't write w/o a request context, trying to do so will crash.
+    NOTREACHED();
+    return;
+  }
   GetNewOperation(request_id)->Write(
       request_context_, path, blob_url, offset);
 }
diff --git a/content/browser/file_system/file_system_dispatcher_host.h b/content/browser/file_system/file_system_dispatcher_host.h
index 3d64d40..07a16e0 100644
--- a/content/browser/file_system/file_system_dispatcher_host.h
+++ b/content/browser/file_system/file_system_dispatcher_host.h
@@ -21,10 +21,6 @@ namespace base {
 class Time;
 }
 
-namespace content {
-class ResourceContext;
-}
-
 namespace fileapi {
 class FileSystemContext;
 class FileSystemOperation;
@@ -32,16 +28,19 @@ class FileSystemOperation;
 
 namespace net {
 class URLRequestContext;
+class URLRequestContextGetter;
 }  // namespace net
 
 class FileSystemDispatcherHost : public BrowserMessageFilter {
  public:
-  // Used by the renderer.
-  explicit FileSystemDispatcherHost(
-      const content::ResourceContext* resource_context);
-  // Used by the worker, since it has the context handy already.
-  FileSystemDispatcherHost(net::URLRequestContext* request_context,
-                           fileapi::FileSystemContext* file_system_context);
+  // Used by the renderer process host on the UI thread.
+  FileSystemDispatcherHost(
+      net::URLRequestContextGetter* request_context_getter,
+      fileapi::FileSystemContext* file_system_context);
+  // Used by the worker process host on the IO thread.
+  FileSystemDispatcherHost(
+      net::URLRequestContext* request_context,
+      fileapi::FileSystemContext* file_system_context);
   virtual ~FileSystemDispatcherHost();
 
   // BrowserMessageFilter implementation.
@@ -99,9 +98,9 @@ class FileSystemDispatcherHost : public BrowserMessageFilter {
   typedef IDMap<fileapi::FileSystemOperation> OperationsMap;
   OperationsMap operations_;
 
-  // This holds the ResourceContext until Init() can be called from the
+  // The getter holds the context until Init() can be called from the
   // IO thread, which will extract the net::URLRequestContext from it.
-  const content::ResourceContext* resource_context_;
+  scoped_refptr<net::URLRequestContextGetter> request_context_getter_;
   net::URLRequestContext* request_context_;
 
   DISALLOW_COPY_AND_ASSIGN(FileSystemDispatcherHost);
diff --git a/content/browser/renderer_host/browser_render_process_host.cc b/content/browser/renderer_host/browser_render_process_host.cc
index ee649c7..f5d5ba4 100644
--- a/content/browser/renderer_host/browser_render_process_host.cc
+++ b/content/browser/renderer_host/browser_render_process_host.cc
@@ -368,7 +368,7 @@ void BrowserRenderProcessHost::CreateMessageFilters() {
       new AudioRendererHost(&browser_context()->GetResourceContext()));
   channel_->AddFilter(new VideoCaptureHost());
   channel_->AddFilter(
-      new AppCacheDispatcherHost(&browser_context()->GetResourceContext(),
+      new AppCacheDispatcherHost(browser_context()->GetAppCacheService(),
                                  id()));
   channel_->AddFilter(new ClipboardMessageFilter());
   channel_->AddFilter(
@@ -385,7 +385,8 @@ void BrowserRenderProcessHost::CreateMessageFilters() {
       new PepperMessageFilter(&browser_context()->GetResourceContext()));
   channel_->AddFilter(new speech_input::SpeechInputDispatcherHost(id()));
   channel_->AddFilter(
-      new FileSystemDispatcherHost(&browser_context()->GetResourceContext()));
+      new FileSystemDispatcherHost(browser_context()->GetRequestContext(),
+                                   browser_context()->GetFileSystemContext()));
   channel_->AddFilter(new device_orientation::MessageFilter());
   channel_->AddFilter(
       new BlobMessageFilter(id(), browser_context()->GetBlobStorageContext()));
diff --git a/content/browser/worker_host/worker_process_host.cc b/content/browser/worker_host/worker_process_host.cc
index 2639771..e8dbb67 100644
--- a/content/browser/worker_host/worker_process_host.cc
+++ b/content/browser/worker_host/worker_process_host.cc
@@ -253,12 +253,13 @@ void WorkerProcessHost::CreateMessageFilters(int render_process_id) {
       NewCallbackWithReturnValue(
           WorkerService::GetInstance(), &WorkerService::next_worker_route_id));
   AddFilter(worker_message_filter_);
-  AddFilter(new AppCacheDispatcherHost(resource_context_, id()));
+  AddFilter(new AppCacheDispatcherHost(
+      resource_context_->appcache_service(), id()));
   AddFilter(new FileSystemDispatcherHost(
       request_context, resource_context_->file_system_context()));
   AddFilter(new FileUtilitiesMessageFilter(id()));
-  AddFilter(
-      new BlobMessageFilter(id(), resource_context_->blob_storage_context()));
+  AddFilter(new BlobMessageFilter(
+      id(), resource_context_->blob_storage_context()));
   AddFilter(new MimeRegistryMessageFilter());
   AddFilter(new DatabaseMessageFilter(
       resource_context_->database_tracker()));
diff --git a/content/test/test_browser_context.cc b/content/test/test_browser_context.cc
index 42388b8..b17dc62 100644
--- a/content/test/test_browser_context.cc
+++ b/content/test/test_browser_context.cc
@@ -22,10 +22,6 @@ bool TestBrowserContext::IsOffTheRecord() {
   return false;
 }
 
-webkit_database::DatabaseTracker* TestBrowserContext::GetDatabaseTracker() {
-  return NULL;
-}
-
 SSLHostState* TestBrowserContext::GetSSLHostState() {
   return NULL;
 }
@@ -38,10 +34,6 @@ bool TestBrowserContext::HasCreatedDownloadManager() const {
   return false;
 }
 
-quota::QuotaManager* TestBrowserContext::GetQuotaManager() {
-  return NULL;
-}
-
 net::URLRequestContextGetter* TestBrowserContext::GetRequestContext() {
   return NULL;
 }
@@ -73,6 +65,10 @@ bool TestBrowserContext::DidLastSessionExitCleanly() {
   return true;
 }
 
+quota::QuotaManager* TestBrowserContext::GetQuotaManager() {
+  return NULL;
+}
+
 WebKitContext* TestBrowserContext::GetWebKitContext() {
   if (webkit_context_ == NULL) {
     webkit_context_ = new WebKitContext(
@@ -82,6 +78,18 @@ WebKitContext* TestBrowserContext::GetWebKitContext() {
   return webkit_context_;
 }
 
+webkit_database::DatabaseTracker* TestBrowserContext::GetDatabaseTracker() {
+  return NULL;
+}
+
 ChromeBlobStorageContext* TestBrowserContext::GetBlobStorageContext() {
   return NULL;
 }
+
+ChromeAppCacheService* TestBrowserContext::GetAppCacheService() {
+  return NULL;
+}
+
+fileapi::FileSystemContext* TestBrowserContext::GetFileSystemContext() {
+  return NULL;
+}
diff --git a/content/test/test_browser_context.h b/content/test/test_browser_context.h
index aa24b571..65f49b1 100644
--- a/content/test/test_browser_context.h
+++ b/content/test/test_browser_context.h
@@ -19,11 +19,9 @@ class TestBrowserContext : public content::BrowserContext {
 
   virtual FilePath GetPath() OVERRIDE;
   virtual bool IsOffTheRecord() OVERRIDE;
-  virtual webkit_database::DatabaseTracker* GetDatabaseTracker() OVERRIDE;
   virtual SSLHostState* GetSSLHostState() OVERRIDE;
   virtual DownloadManager* GetDownloadManager() OVERRIDE;
   virtual bool HasCreatedDownloadManager() const OVERRIDE;
-  virtual quota::QuotaManager* GetQuotaManager() OVERRIDE;
   virtual net::URLRequestContextGetter* GetRequestContext() OVERRIDE;
   virtual net::URLRequestContextGetter* GetRequestContextForRenderProcess(
       int renderer_child_id) OVERRIDE;
@@ -33,8 +31,12 @@ class TestBrowserContext : public content::BrowserContext {
   virtual GeolocationPermissionContext* GetGeolocationPermissionContext()
       OVERRIDE;
   virtual bool DidLastSessionExitCleanly() OVERRIDE;
+  virtual quota::QuotaManager* GetQuotaManager() OVERRIDE;
   virtual WebKitContext* GetWebKitContext() OVERRIDE;
+  virtual webkit_database::DatabaseTracker* GetDatabaseTracker() OVERRIDE;
   virtual ChromeBlobStorageContext* GetBlobStorageContext() OVERRIDE;
+  virtual ChromeAppCacheService* GetAppCacheService() OVERRIDE;
+  virtual fileapi::FileSystemContext* GetFileSystemContext() OVERRIDE;
 
  private:
   // WebKitContext, lazily initialized by GetWebKitContext().