[webkit-changes] [209787] trunk/Source/WebCore

Tue, 13 Dec 2016 18:40:04 -0800

Title: [209787] trunk/Source/WebCore
Revision
209787
Author
[email protected]
Date
2016-12-13 18:39:57 -0800 (Tue, 13 Dec 2016)

Log Message

Make Document a FrameDestructionObserver
https://bugs.webkit.org/show_bug.cgi?id=165810
<rdar://problem/29157645>

Reviewed by Ryosuke Niwa.

Make Document a FrameDestructionObserver to make sure Document::m_frame
is properly nulled out when a Frame gets destroyed.
Document::disconnectFromFrame() is supposed to be called before the Frame
gets destroyed so this also adds an assertion to try and identify places
where we fail to call it.

No new tests, no known reproduction case.

* dom/Document.cpp:
(WebCore::Document::Document):
(WebCore::Document::disconnectFromFrame):
(WebCore::Document::frameDestroyed):
* dom/Document.h:
(WebCore::Document::frame): Deleted.

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (209786 => 209787)


--- trunk/Source/WebCore/ChangeLog	2016-12-14 02:39:39 UTC (rev 209786)
+++ trunk/Source/WebCore/ChangeLog	2016-12-14 02:39:57 UTC (rev 209787)
@@ -1,3 +1,26 @@
+2016-12-13  Chris Dumez  <[email protected]>
+
+        Make Document a FrameDestructionObserver
+        https://bugs.webkit.org/show_bug.cgi?id=165810
+        <rdar://problem/29157645>
+
+        Reviewed by Ryosuke Niwa.
+
+        Make Document a FrameDestructionObserver to make sure Document::m_frame
+        is properly nulled out when a Frame gets destroyed.
+        Document::disconnectFromFrame() is supposed to be called before the Frame
+        gets destroyed so this also adds an assertion to try and identify places
+        where we fail to call it.
+
+        No new tests, no known reproduction case.
+
+        * dom/Document.cpp:
+        (WebCore::Document::Document):
+        (WebCore::Document::disconnectFromFrame):
+        (WebCore::Document::frameDestroyed):
+        * dom/Document.h:
+        (WebCore::Document::frame): Deleted.
+
 2016-12-13  Joseph Pecoraro  <[email protected]>
 
         REGRESSION(r204163): Web Inspector: Page crashes when Inspector tries to load insecure SourceMap

Modified: trunk/Source/WebCore/dom/Document.cpp (209786 => 209787)


--- trunk/Source/WebCore/dom/Document.cpp	2016-12-14 02:39:39 UTC (rev 209786)
+++ trunk/Source/WebCore/dom/Document.cpp	2016-12-14 02:39:57 UTC (rev 209787)
@@ -431,6 +431,7 @@
 Document::Document(Frame* frame, const URL& url, unsigned documentClasses, unsigned constructionFlags)
     : ContainerNode(*this, CreateDocument)
     , TreeScope(*this)
+    , FrameDestructionObserver(frame)
 #if ENABLE(IOS_TOUCH_EVENTS)
     , m_touchEventsChangedTimer(*this, &Document::touchEventsChangedTimerFired)
 #endif
@@ -439,7 +440,6 @@
     , m_needsNotifyRemoveAllPendingStylesheet(false)
     , m_ignorePendingStylesheets(false)
     , m_pendingSheetLayout(NoLayoutWithPendingSheets)
-    , m_frame(frame)
     , m_cachedResourceLoader(m_frame ? Ref<CachedResourceLoader>(m_frame->loader().activeDocumentLoader()->cachedResourceLoader()) : CachedResourceLoader::create(nullptr))
     , m_activeParserCount(0)
     , m_wellFormed(false)
@@ -2203,9 +2203,16 @@
 
 void Document::disconnectFromFrame()
 {
-    m_frame = nullptr;
+    observeFrame(nullptr);
 }
 
+void Document::frameDestroyed()
+{
+    // disconnectFromFrame() must be called before destroying the Frame.
+    ASSERT_WITH_SECURITY_IMPLICATION(!m_frame);
+    FrameDestructionObserver::frameDestroyed();
+}
+
 void Document::destroyRenderTree()
 {
     ASSERT(hasLivingRenderTree());

Modified: trunk/Source/WebCore/dom/Document.h (209786 => 209787)


--- trunk/Source/WebCore/dom/Document.h	2016-12-14 02:39:39 UTC (rev 209786)
+++ trunk/Source/WebCore/dom/Document.h	2016-12-14 02:39:57 UTC (rev 209787)
@@ -35,6 +35,7 @@
 #include "ExceptionOr.h"
 #include "FocusDirection.h"
 #include "FontSelectorClient.h"
+#include "FrameDestructionObserver.h"
 #include "MediaProducer.h"
 #include "MutationObserver.h"
 #include "PageVisibilityState.h"
@@ -286,6 +287,7 @@
     , public TreeScope
     , public ScriptExecutionContext
     , public FontSelectorClient
+    , public FrameDestructionObserver
     , public Supplementable<Document> {
 public:
     static Ref<Document> create(Frame* frame, const URL& url)
@@ -512,7 +514,6 @@
     void setStateForNewFormElements(const Vector<String>&);
 
     WEBCORE_EXPORT FrameView* view() const; // can be NULL
-    Frame* frame() const { return m_frame; } // can be NULL
     WEBCORE_EXPORT Page* page() const; // can be NULL
     WEBCORE_EXPORT Settings* settings() const; // can be NULL
 
@@ -1312,6 +1313,7 @@
     friend class IgnoreOpensDuringUnloadCountIncrementer;
 
     void updateTitleElement(Element* newTitleElement);
+    void frameDestroyed() final;
 
     void commonTeardown();
 
@@ -1410,7 +1412,6 @@
     // do eventually load.
     PendingSheetLayout m_pendingSheetLayout;
 
-    Frame* m_frame;
     RefPtr<DOMWindow> m_domWindow;
     WeakPtr<Document> m_contextDocument;
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to