[webkit-changes] [WebKit/WebKit] 764b42: Page and DrawingArea's root frame collections shou...

Alex Christensen noreply at github.com
Mon Dec 18 09:15:37 PST 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 764b4263af17c189ca7ed6f197f3a216f4d9d96b
      https://github.com/WebKit/WebKit/commit/764b4263af17c189ca7ed6f197f3a216f4d9d96b
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2023-12-18 (Mon, 18 Dec 2023)

  Changed paths:
    M Source/WebCore/bindings/js/WindowProxy.cpp
    M Source/WebCore/loader/EmptyClients.h
    M Source/WebCore/page/ChromeClient.h
    M Source/WebCore/page/FocusController.h
    M Source/WebCore/page/Frame.cpp
    M Source/WebCore/page/Frame.h
    M Source/WebCore/page/LocalFrame.cpp
    M Source/WebCore/page/LocalFrame.h
    M Source/WebCore/page/Page.cpp
    M Source/WebCore/page/RemoteFrame.h
    M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
    M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
    M Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp
    M Source/WebKit/WebProcess/WebPage/DrawingArea.h
    M Source/WebKit/WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.h
    M Source/WebKit/WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.mm
    M Source/WebKit/WebProcess/WebPage/WebFrame.cpp
    M Source/WebKit/WebProcess/WebPage/WebPage.cpp
    M Source/WebKit/WebProcess/WebPage/WebPage.h
    M Source/WebKit/WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm
    M Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.h

  Log Message:
  -----------
  Page and DrawingArea's root frame collections should be updated with LocalFrame lifetime
https://bugs.webkit.org/show_bug.cgi?id=266105
rdar://116202445

Reviewed by Pascoe.

Before this PR we were calling addRootFrame in an ad-hoc manner, and we weren't calling
remoteRootFrame at all except confusingly in the LocalFrame constructor, which was quite
incorrect.  This caused memory leaks and crashes when site isolation was enabled.

To fix this, I call addRootFrame in the LocalFrame constructor and removeRootFrame in the
LocalFrame destructor.  During the destructor call, we can't reliably check the parent
frame because it may have also been destroyed, so I cache the value of whether the
LocalFrame is a root frame using a const bool member function.  I use the ChromeClient
to tell the WebPage's DrawingArea about the creation and destruction of root frames.

In order to successfully draw after this root frame lifetime management change, I needed
the WebPage to already have a DrawingArea when the main frame is constructed, which
required moving it up in the list of constructed members of the WebPage.  When I did this,
though, the calls to WebPage::corePage in the DrawingArea constructors returned null because
the DrawingArea was being constructed before the WebCore::Page.  To fix this, I just moved
the settings update code from the DrawingArea constructors to the WebPage constructor
after creating the WebCore::Page.  Additionally, a few members needed to be initialized
before the DrawingArea constructor might use them, so I moved them around, and the call to
TiledCoreAnimationDrawingArea::setViewExposedRect needs the main frame to have been initialized,
so I moved that to after the main frame was initialized.

I need the Frame to be destroyed when it transitions between LocalFrame and RemoteFrame,
and FocusController was keeping it alive sometimes, which caused crashes.  I changed
FocusController to have a WeakPtr instead of a RefPtr keeping the Frame alive.

When the Frame is destroyed after having called Frame::takeWindowProxyFrom on it, it does some
teardown on its WindowProxy.  To make that teardown not happen on a WindowProxy that is still
being used by another Frame, I added a call to frame.resetWindowProxy() but without the
detachFromFrame() call.  This is needed to keep the WindowProxy pointing to the right Frame
and DOMWindow after the transition when the Frame lifetime is managed better.

* Source/WebCore/loader/EmptyClients.h:
* Source/WebCore/page/ChromeClient.h:
* Source/WebCore/page/FrameTree.h:
(WebCore::FrameTree::thisFrame const):
* Source/WebCore/page/LocalFrame.cpp:
(WebCore::isRootFrame):
(WebCore::LocalFrame::LocalFrame):
(WebCore::LocalFrame::~LocalFrame):
(WebCore::LocalFrame::isRootFrame const):
* Source/WebCore/page/LocalFrame.h:
* Source/WebCore/page/Page.cpp:
(WebCore::createMainFrame):
(WebCore::Page::addRootFrame):
(WebCore::Page::removeRootFrame):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::rootFrameAdded):
(WebKit::WebChromeClient::rootFrameRemoved):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h:
* Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp:
(WebKit::DrawingAreaCoordinatedGraphics::DrawingAreaCoordinatedGraphics):
* Source/WebKit/WebProcess/WebPage/DrawingArea.h:
(WebKit::DrawingArea::removeRootFrame):
(WebKit::DrawingArea::shouldForceCompositingMode const):
* Source/WebKit/WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.h:
* Source/WebKit/WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.mm:
(WebKit::RemoteLayerTreeDrawingArea::RemoteLayerTreeDrawingArea):
(WebKit::RemoteLayerTreeDrawingArea::removeRootFrame):
* Source/WebKit/WebProcess/WebPage/WebFrame.cpp:
(WebKit::WebFrame::transitionToLocal):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::WebPage):
(WebKit::m_historyItemClient):
(WebKit::addRootFramesToNewDrawingArea):
(WebKit::WebPage::reinitializeWebPage):
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Source/WebKit/WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:
(WebKit::TiledCoreAnimationDrawingArea::TiledCoreAnimationDrawingArea):
* Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.h:

Canonical link: https://commits.webkit.org/272224@main

More information about the webkit-changes mailing list