[webkit-changes] [WebKit/WebKit] 8f58d6: Break RemoteFrame/RemoteFrameView reference cycle

Alex Christensen noreply at github.com
Wed Nov 15 11:03:30 PST 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 8f58d68e957e33fcb627287c83214e33430ff18e
      https://github.com/WebKit/WebKit/commit/8f58d68e957e33fcb627287c83214e33430ff18e
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2023-11-15 (Wed, 15 Nov 2023)

  Changed paths:
    M Source/WebCore/page/LocalFrame.cpp
    M Source/WebCore/page/Page.cpp
    M Source/WebCore/page/RemoteFrame.cpp
    M Source/WebKit/WebProcess/WebPage/WebFrame.cpp

  Log Message:
  -----------
  Break RemoteFrame/RemoteFrameView reference cycle
https://bugs.webkit.org/show_bug.cgi?id=264862
rdar://116200737

Reviewed by Pascoe.

This required some work in 3 circumstances:

1. When a LocalFrame is removed in another process and we receive a message to destroy the
   RemoteFrame that represents it in this process
2. When a LocalFrame transitions to a RemoteFrame because a load has committed in another process
3. When a RemoteFrame transitions to a LocalFrame to begin a provisional load in this process

In these circumstances we needed some more teardown logic to break the Frame/FrameView reference
cycle.  Believe it or not, WebKit has never seen a RemoteFrame destructor before today.

To make assertions not fire, I had to make the assertion in
Page::mainFrameDidChangeToNonInitialEmptyDocument allow the main frame to be a RemoteFrame.

In the LocalFrame constructor, having an HTMLFrameOwnerElement always happened in the exact
same circumstances as having a parent frame before site isolation, but with site isolation
we can have a parent RemoteFrame and have no HTMLFrameOwnerElement in this process.  I updated
the conditions for calling selfOnlyRef ot match the conditions for calling selfOnlyDeref.

* Source/WebCore/page/LocalFrame.cpp:
(WebCore::LocalFrame::LocalFrame):
* Source/WebCore/page/Page.cpp:
(WebCore::Page::mainFrameDidChangeToNonInitialEmptyDocument):
* Source/WebCore/page/RemoteFrame.cpp:
(WebCore::m_layerHostingContextIdentifier):
* Source/WebKit/WebProcess/WebPage/WebFrame.cpp:
(WebKit::WebFrame::removeFromTree):
(WebKit::WebFrame::transitionToLocal):

Canonical link: https://commits.webkit.org/270776@main

More information about the webkit-changes mailing list