Diff
Modified: branches/safari-604-branch/LayoutTests/ChangeLog (222298 => 222299)
--- branches/safari-604-branch/LayoutTests/ChangeLog 2017-09-20 23:13:27 UTC (rev 222298)
+++ branches/safari-604-branch/LayoutTests/ChangeLog 2017-09-20 23:19:09 UTC (rev 222299)
@@ -1,3 +1,18 @@
+2017-09-20 Jason Marcell <[email protected]>
+
+ Cherry-pick r222097. rdar://problem/34508516
+
+ 2017-09-15 Brent Fulgham <[email protected]>
+
+ Make DocumentLoader a FrameDestructionObserver
+ https://bugs.webkit.org/show_bug.cgi?id=176364
+ <rdar://problem/34254780>
+
+ Reviewed by Alex Christensen.
+
+ * fast/events/beforeunload-dom-manipulation-crash-expected.txt: Added.
+ * fast/events/beforeunload-dom-manipulation-crash.html: Added.
+
2017-09-19 Jason Marcell <[email protected]>
Cherry-pick r222226. rdar://problem/34534758
Added: branches/safari-604-branch/LayoutTests/fast/events/beforeunload-dom-manipulation-crash-expected.txt (0 => 222299)
--- branches/safari-604-branch/LayoutTests/fast/events/beforeunload-dom-manipulation-crash-expected.txt (rev 0)
+++ branches/safari-604-branch/LayoutTests/fast/events/beforeunload-dom-manipulation-crash-expected.txt 2017-09-20 23:19:09 UTC (rev 222299)
@@ -0,0 +1 @@
+This test passes if it does not crash.
Added: branches/safari-604-branch/LayoutTests/fast/events/beforeunload-dom-manipulation-crash.html (0 => 222299)
--- branches/safari-604-branch/LayoutTests/fast/events/beforeunload-dom-manipulation-crash.html (rev 0)
+++ branches/safari-604-branch/LayoutTests/fast/events/beforeunload-dom-manipulation-crash.html 2017-09-20 23:19:09 UTC (rev 222299)
@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<head>
+<script src=""
+<script>
+jsTestIsAsync = true;
+
+function runTest() {
+ window._onbeforeunload_ = nextStep;
+
+ iframe.name = "foo";
+ iframe.src = ""
+
+ location.href = ""
+}
+
+function nextStep() {
+ document.head.appendChild(del);
+ if (window.testRunner)
+ testRunner.forceImmediateCompletion();
+}
+</script>
+</head>
+<body _onload_="runTest()">
+ <p>This test passes if it does not crash.</p>
+ <del id="del">
+ <iframe id="iframe"></iframe>
+</body>
Modified: branches/safari-604-branch/Source/WebCore/ChangeLog (222298 => 222299)
--- branches/safari-604-branch/Source/WebCore/ChangeLog 2017-09-20 23:13:27 UTC (rev 222298)
+++ branches/safari-604-branch/Source/WebCore/ChangeLog 2017-09-20 23:19:09 UTC (rev 222299)
@@ -1,3 +1,30 @@
+2017-09-20 Jason Marcell <[email protected]>
+
+ Cherry-pick r222097. rdar://problem/34508516
+
+ 2017-09-15 Brent Fulgham <[email protected]>
+
+ Make DocumentLoader a FrameDestructionObserver
+ https://bugs.webkit.org/show_bug.cgi?id=176364
+ <rdar://problem/34254780>
+
+ Reviewed by Alex Christensen.
+
+ The DocumentLoader needs to know when its Frame is destroyed so that it can
+ perform properly cleanup.
+
+ Test: fast/events/beforeunload-dom-manipulation-crash.html
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::DocumentLoader): Call FrameDestructionObserver constructor.
+ (WebCore::DocumentLoader::responseReceived): Drive-by fix. Make sure the current
+ object is valid during the callback.
+ (WebCore::DocumentLoader::attachToFrame): Use FrameDestructionObserver::observerFrame rather
+ than setting the m_frame variable directly.
+ (WebCore::DocumentLoader::detachFromFrame): Ditto.
+ * loader/DocumentLoader.h:
+ (WebCore::DocumentLoader::frame const): Deleted, as this is provided by the FrameDestructionObserver.
+
2017-09-19 Jason Marcell <[email protected]>
Cherry-pick r222226. rdar://problem/34534758
Modified: branches/safari-604-branch/Source/WebCore/loader/DocumentLoader.cpp (222298 => 222299)
--- branches/safari-604-branch/Source/WebCore/loader/DocumentLoader.cpp 2017-09-20 23:13:27 UTC (rev 222298)
+++ branches/safari-604-branch/Source/WebCore/loader/DocumentLoader.cpp 2017-09-20 23:19:09 UTC (rev 222299)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2006-2017 Apple Inc. All rights reserved.
* Copyright (C) 2011 Google Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -134,7 +134,8 @@
}
DocumentLoader::DocumentLoader(const ResourceRequest& request, const SubstituteData& substituteData)
- : m_cachedResourceLoader(CachedResourceLoader::create(this))
+ : FrameDestructionObserver(nullptr)
+ , m_cachedResourceLoader(CachedResourceLoader::create(this))
, m_writer(m_frame)
, m_originalRequest(request)
, m_substituteData(substituteData)
@@ -709,7 +710,7 @@
}
#endif
- frameLoader()->policyChecker().checkContentPolicy(m_response, [this](PolicyAction policy) {
+ frameLoader()->policyChecker().checkContentPolicy(m_response, [this, protectedThis = makeRef(*this)](PolicyAction policy) {
continueAfterContentPolicy(policy);
});
}
@@ -987,7 +988,7 @@
return;
ASSERT(!m_frame);
- m_frame = &frame;
+ observeFrame(&frame);
m_writer.setFrame(&frame);
attachToFrame();
@@ -1028,7 +1029,7 @@
InspectorInstrumentation::loaderDetachedFromFrame(*m_frame, *this);
- m_frame = nullptr;
+ observeFrame(nullptr);
}
void DocumentLoader::clearMainResourceLoader()
Modified: branches/safari-604-branch/Source/WebCore/loader/DocumentLoader.h (222298 => 222299)
--- branches/safari-604-branch/Source/WebCore/loader/DocumentLoader.h 2017-09-20 23:13:27 UTC (rev 222298)
+++ branches/safari-604-branch/Source/WebCore/loader/DocumentLoader.h 2017-09-20 23:19:09 UTC (rev 222299)
@@ -32,6 +32,7 @@
#include "CachedRawResourceClient.h"
#include "CachedResourceHandle.h"
#include "DocumentWriter.h"
+#include "FrameDestructionObserver.h"
#include "IconDatabaseBase.h"
#include "LinkIcon.h"
#include "LoadTiming.h"
@@ -91,7 +92,7 @@
InheritedUserGestures = 1 << 1,
};
-class DocumentLoader : public RefCounted<DocumentLoader>, private CachedRawResourceClient {
+class DocumentLoader : public RefCounted<DocumentLoader>, public FrameDestructionObserver, private CachedRawResourceClient {
WTF_MAKE_FAST_ALLOCATED;
friend class ContentFilter;
public:
@@ -102,7 +103,6 @@
WEBCORE_EXPORT virtual ~DocumentLoader();
void attachToFrame(Frame&);
- Frame* frame() const { return m_frame; }
WEBCORE_EXPORT virtual void detachFromFrame();
@@ -370,7 +370,6 @@
void notifyFinishedLoadingIcon(uint64_t callbackIdentifier, SharedBuffer*);
- Frame* m_frame { nullptr };
Ref<CachedResourceLoader> m_cachedResourceLoader;
CachedResourceHandle<CachedRawResource> m_mainResource;
Modified: branches/safari-604-branch/Tools/ChangeLog (222298 => 222299)
--- branches/safari-604-branch/Tools/ChangeLog 2017-09-20 23:13:27 UTC (rev 222298)
+++ branches/safari-604-branch/Tools/ChangeLog 2017-09-20 23:19:09 UTC (rev 222299)
@@ -1,3 +1,31 @@
+2017-09-20 Jason Marcell <[email protected]>
+
+ Cherry-pick r222097. rdar://problem/34508516
+
+ 2017-09-15 Brent Fulgham <[email protected]>
+
+ Provide mechanism to immediately end tests
+ https://bugs.webkit.org/show_bug.cgi?id=176364
+ <rdar://problem/34254780>
+
+ Reviewed by Alex Christensen.
+
+ WebKitTestRunner does not output state if the top loading frame has not been removed. This prevents some
+ tests that attempt to exercise failed load state from working properly.
+
+ This change adds a new 'forceImmediateCompletion' handler for DumpRenderTree and WebKitTestRunner so
+ that we can properly test these conditions.
+
+ * DumpRenderTree/TestRunner.h:
+ * DumpRenderTree/mac/TestRunnerMac.mm:
+ (TestRunner::forceImmediateCompletion): Added.
+ * DumpRenderTree/win/TestRunnerWin.cpp:
+ (TestRunner::forceImmediateCompletion): Ditto.
+ * WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
+ * WebKitTestRunner/InjectedBundle/TestRunner.cpp:
+ (WTR::TestRunner::forceImmediateCompletion): Ditto.
+ * WebKitTestRunner/InjectedBundle/TestRunner.h:
+
2017-09-12 Jason Marcell <[email protected]>
Cherry-pick r221917. rdar://problem/34404461
Modified: branches/safari-604-branch/Tools/DumpRenderTree/TestRunner.h (222298 => 222299)
--- branches/safari-604-branch/Tools/DumpRenderTree/TestRunner.h 2017-09-20 23:13:27 UTC (rev 222298)
+++ branches/safari-604-branch/Tools/DumpRenderTree/TestRunner.h 2017-09-20 23:19:09 UTC (rev 222299)
@@ -73,6 +73,7 @@
void displayAndTrackRepaints();
void execCommand(JSStringRef name, JSStringRef value);
bool findString(JSContextRef, JSStringRef, JSObjectRef optionsArray);
+ void forceImmediateCompletion();
void goBack();
JSValueRef originsWithApplicationCache(JSContextRef);
long long applicationCacheDiskUsageForOrigin(JSStringRef name);
Modified: branches/safari-604-branch/Tools/DumpRenderTree/mac/TestRunnerMac.mm (222298 => 222299)
--- branches/safari-604-branch/Tools/DumpRenderTree/mac/TestRunnerMac.mm 2017-09-20 23:13:27 UTC (rev 222298)
+++ branches/safari-604-branch/Tools/DumpRenderTree/mac/TestRunnerMac.mm 2017-09-20 23:19:09 UTC (rev 222299)
@@ -291,6 +291,13 @@
m_waitToDump = false;
}
+void TestRunner::forceImmediateCompletion()
+{
+ if (m_waitToDump && !WorkQueue::singleton().count())
+ dump();
+ m_waitToDump = false;
+}
+
static inline std::string stringFromJSString(JSStringRef jsString)
{
size_t maxBufferSize = JSStringGetMaximumUTF8CStringSize(jsString);
Modified: branches/safari-604-branch/Tools/DumpRenderTree/win/TestRunnerWin.cpp (222298 => 222299)
--- branches/safari-604-branch/Tools/DumpRenderTree/win/TestRunnerWin.cpp 2017-09-20 23:13:27 UTC (rev 222298)
+++ branches/safari-604-branch/Tools/DumpRenderTree/win/TestRunnerWin.cpp 2017-09-20 23:19:09 UTC (rev 222299)
@@ -293,6 +293,14 @@
m_waitToDump = false;
}
+void TestRunner::forceImmediateCompletion()
+{
+ // Same as on mac. This can be shared.
+ if (m_waitToDump && !WorkQueue::singleton().count())
+ dump();
+ m_waitToDump = false;
+}
+
static wstring jsStringRefToWString(JSStringRef jsStr)
{
size_t length = JSStringGetLength(jsStr);
Modified: branches/safari-604-branch/Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl (222298 => 222299)
--- branches/safari-604-branch/Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl 2017-09-20 23:13:27 UTC (rev 222298)
+++ branches/safari-604-branch/Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl 2017-09-20 23:19:09 UTC (rev 222299)
@@ -101,6 +101,9 @@
void display();
void displayAndTrackRepaints();
+ // Failed load condition testing
+ void forceImmediateCompletion();
+
// Printing
boolean isPageBoxVisible(long pageIndex);
Modified: branches/safari-604-branch/Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp (222298 => 222299)
--- branches/safari-604-branch/Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp 2017-09-20 23:13:27 UTC (rev 222298)
+++ branches/safari-604-branch/Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp 2017-09-20 23:19:09 UTC (rev 222299)
@@ -191,6 +191,18 @@
m_waitToDump = false;
}
+void TestRunner::forceImmediateCompletion()
+{
+ auto& injectedBundle = InjectedBundle::singleton();
+ if (!injectedBundle.isTestRunning())
+ return;
+
+ if (m_waitToDump && injectedBundle.page())
+ injectedBundle.page()->dump();
+
+ m_waitToDump = false;
+}
+
unsigned TestRunner::imageCountInGeneralPasteboard() const
{
return InjectedBundle::singleton().imageCountInGeneralPasteboard();
Modified: branches/safari-604-branch/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h (222298 => 222299)
--- branches/safari-604-branch/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h 2017-09-20 23:13:27 UTC (rev 222298)
+++ branches/safari-604-branch/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h 2017-09-20 23:19:09 UTC (rev 222299)
@@ -163,6 +163,9 @@
bool shouldDisallowIncreaseForApplicationCacheQuota() { return m_disallowIncreaseForApplicationCacheQuota; }
JSValueRef originsWithApplicationCache();
+ // Failed load condition testing
+ void forceImmediateCompletion();
+
// Printing
bool isPageBoxVisible(int pageIndex);
bool isPrinting() { return m_isPrinting; }
