Re: [webkit-dev] Frame and FrameView references
On Feb 29, 2008, at 4:25 AM, Artem Ananiev wrote: > setView(0); > ... > if (d->m_view) { > d->m_view->hide(); > d->m_view->clearFrame(); > } Good catch. This is all dead code and should be replaced with an assertion: ASSERT(!d->m_view); > How this situation is supposed to be handled? A FrameView holds a RefPtr to the Frame, so there's no way the Frame could be destroyed until after the FrameView is destroyed. The only reason there's anything complicated about this is some old half-obsolete code in the back/forward cache. There's a call to FrameView::clearFrame() in CachedPage::clear() that is made when the page that's cached is removed from the cache. It's possible that with some study this could be removed and we could entirely remove the clearFrame() function. -- Darin ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
[webkit-dev] Frame and FrameView references
Hi, all, I have noticed the following strange code in Frame class: Frame::~Frame() { setView(0); ... if (d->m_view) { d->m_view->hide(); d->m_view->clearFrame(); } ... } It is clear that the latter statements are never executed as d->m_view is always NULL after setView(0). Then, I tried moving 'if' statement to the very top of the method, but this didn't helped as setView(0) is called every time before destructor. I have also searched for all the places where m_frame field in FrameView class is changed. Only two lines were found: in FrameView constructor and in clearFrame(). As clearFrame() is never called, I get an outdated reference to an instance of Frame in FrameView which results in a crash. The frame view can't even be deleted as its destructor contains some calls to m_frame object... How this situation is supposed to be handled? Thanks, Artem ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev