Google Git
Sign in
chromium / chromium / src.git / e7d59816288ef3246defc4b86cb4e03e28d75956
commite7d59816288ef3246defc4b86cb4e03e28d75956[log] [tgz]
authordanakj <[email protected]>Wed May 15 18:14:50 2019
committerCommit Bot <[email protected]>Wed May 15 18:14:50 2019
tree3f338b2ef516836329087ceb03b88a419f391119
parent2bfeedf48342fc29dde839bf4d43b9c8fe146f3b [diff]
Handle race of SwapIn() and browser destroying the speculative MainFrame

When WebContentsImpl destroys, it deletes the speculative main frame,
but the renderer may have taken ownership of it already, and the notice
of such action is in flight to the browser still. This leads to DCHECKs
failing in the renderer. So inform the FrameMsg_Delete IPC what the
intention of the browser is, there are 3 modes:

- Deleting a non-main frame. This is the common case. These frames are
all owned by the browser so it's all good, no races.
- Deleting a speculative main frame at shutdown. This is the race we
address here.
- Deleting a speculative main frame because it's no longer needed. This
race is not handled by this CL but we CHECK() it explicitly now instead
of letting the renderer continue with a missing RenderFrame that it
expects to be present until it crashes somewhere random later.

[email protected], [email protected]

Bug: 957858, 838348
Change-Id: I2110bdaf8b116df48037f69db6cb992fa3796e29
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1594834
Commit-Queue: danakj <[email protected]>
Reviewed-by: Daniel Cheng <[email protected]>
Reviewed-by: Avi Drissman <[email protected]>
Cr-Commit-Position: refs/heads/master@{#660025}
10 files changed
tree: 3f338b2ef516836329087ceb03b88a419f391119
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. cloud_print/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. jingle/
  31. media/
  32. mojo/
  33. native_client_sdk/
  34. net/
  35. pdf/
  36. ppapi/
  37. printing/
  38. remoting/
  39. rlz/
  40. sandbox/
  41. services/
  42. skia/
  43. sql/
  44. storage/
  45. styleguide/
  46. testing/
  47. third_party/
  48. tools/
  49. ui/
  50. url/
  51. .clang-format
  52. .eslintrc.js
  53. .git-blame-ignore-revs
  54. .gitattributes
  55. .gitignore
  56. .gn
  57. .vpython
  58. AUTHORS
  59. BUILD.gn
  60. CODE_OF_CONDUCT.md
  61. codereview.settings
  62. DEPS
  63. ENG_REVIEW_OWNERS
  64. LICENSE
  65. LICENSE.chromium_os
  66. OWNERS
  67. PRESUBMIT.py
  68. PRESUBMIT_test.py
  69. PRESUBMIT_test_mocks.py
  70. README.md
  71. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .