diff options
| author | nasko <nasko@chromium.org> | 2014-10-20 14:05:02 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2014-10-20 21:05:53 +0000 |
| commit | d2c7272b80fe61a11cd2f04f17fb6caf52631010 (patch) | |
| tree | b1ff489847b6c061fc1ff0b0897915e5b4848938 /content/browser/frame_host/frame_tree.cc | |
| parent | b7893322082382329bf46d20d91c4695c234026c (diff) | |
| download | chromium_src-d2c7272b80fe61a11cd2f04f17fb6caf52631010.zip chromium_src-d2c7272b80fe61a11cd2f04f17fb6caf52631010.tar.gz chromium_src-d2c7272b80fe61a11cd2f04f17fb6caf52631010.tar.bz2 | |
Revert of Drop CreateChildFrame messages when swapping out. (patchset #1 id:1 of https://codereview.chromium.org/649683007/)
Reason for revert:
It broke compile since this CL relies on https://crrev.com/cce56cd951f6685a0120db63418aa7e6d3df28f2 and it isn't in this branch.
Original issue's description:
> Drop CreateChildFrame messages when swapping out.
>
> There is a race condition in the current state of the code where in cross-process navigation we swap the existing RenderFrameHost with a new RenderFrameHost. If the existing host sends an IPC message to create a new child frame, it arrives on the IO thread, allocates a routing id based of the existing process (p1) and does a PostTask to the UI thread. If there is a CommitPending event either executing on the UI thread or in the task queue before the task posted from the IO thread, it will end up putting the existing RenderFrameHost in swapped out state (or waiting for swapped out). When the task to create a child frame is executed after that, it creates a new RenderFrameHost, but it uses the "current" process (p2), which is different than the process that sent the message (p1). This manifests sometimes as adding duplicate routing ids to RenderProcessHost and is in general really bad bug.
>
> BUG=415059, 423691, 381990
>
> Review URL: https://codereview.chromium.org/642813007
>
> Cr-Commit-Position: refs/heads/master@{#299939}
> (cherry picked from commit dcdb02fab210ec5f7b8b560075ce96d0f48f344c)
>
> Conflicts:
> content/browser/frame_host/navigator_impl_unittest.cc
>
> R=creis@chromium.org
>
> Committed: https://chromium.googlesource.com/chromium/src/+/a6a21983b1a29ad11d30782c66d95facca65ab55
TBR=creis@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=415059, 423691, 381990
Review URL: https://codereview.chromium.org/663183003
Cr-Commit-Position: refs/heads/master@{#300332}
Diffstat (limited to 'content/browser/frame_host/frame_tree.cc')
| -rw-r--r-- | content/browser/frame_host/frame_tree.cc | 10 |
1 files changed, 1 insertions, 9 deletions
diff --git a/content/browser/frame_host/frame_tree.cc b/content/browser/frame_host/frame_tree.cc index 90c1f8d..caa1ab3 100644 --- a/content/browser/frame_host/frame_tree.cc +++ b/content/browser/frame_host/frame_tree.cc @@ -147,16 +147,8 @@ void FrameTree::ForEach( } RenderFrameHostImpl* FrameTree::AddFrame(FrameTreeNode* parent, - int process_id, int new_routing_id, const std::string& frame_name) { - // A child frame always starts with an initial empty document, which means - // it is in the same SiteInstance as the parent frame. Ensure that the process - // which requested a child frame to be added is the same as the process of the - // parent node. - if (parent->current_frame_host()->GetProcess()->GetID() != process_id) - return nullptr; - scoped_ptr<FrameTreeNode> node(new FrameTreeNode( this, parent->navigator(), render_frame_delegate_, render_view_delegate_, render_widget_delegate_, manager_delegate_, frame_name)); @@ -166,7 +158,7 @@ RenderFrameHostImpl* FrameTree::AddFrame(FrameTreeNode* parent, CHECK(result.second); FrameTreeNode* node_ptr = node.get(); // AddChild is what creates the RenderFrameHost. - parent->AddChild(node.Pass(), process_id, new_routing_id); + parent->AddChild(node.Pass(), new_routing_id); return node_ptr->current_frame_host(); } |