Google Git
Sign in
chromium / chromium / src / fa84233d2339c1be03a754d81a201a75f076184f
commitfa84233d2339c1be03a754d81a201a75f076184f[log] [tgz]
authorMatt Giuca <mgiuca@chromium.org>Fri Aug 02 03:07:28 2019
committerCommit Bot <commit-bot@chromium.org>Fri Aug 02 03:07:28 2019
tree8079417eb416f33ae39cff1151e21309ae7ec383
parent4dcc8e2b937cda23e8f7b86a84727795cd55f706 [diff]
Revert "Make browser process own RenderView."

This reverts commit 55bc919aff4f9d30d03090859321050557407e85.

Reason for revert: Suspected cause of https://crbug.com/990192

Since this changes the ownership of RenderWidget and the newly flaky
test (which started failing on MSAN 1 build after this landed) has a
use-after-free in RenderWidget, I am suspecting this CL.

Original change's description:
> Make browser process own RenderView.
> 
> Historically, RenderView and RenderWidget were 1:1, and their lifetimes were
> entwined.
> 1) RenderViewHost would create the RenderView.
> 2) RenderView would create a RenderWidget and pass ownership of itself to the
> RenderWidget.
> 3) RenderViewHost's destructor would destroy the RenderWidget, thus destroying
> the RenderView
> 
> We want the lifetime of RenderView and RenderWidget to be decoupled. The first
> step of this is making RenderView explicitly owned by the browser. This means
> that instead of (3), RenderViewHost's destructor will destroy the RenderView,
> which will in turn destroy the RenderWidget.
> 
> One subtlety is that prior to this CL, RenderWidget was always destroyed
> asynchronously. The original reason for supporting this -- dealing with
> re-entrancy from nested message loops -- is no longer applicable. The IPC that
> destroys RenderWidget is asynchronous, which means it can never be called from a
> re-entrant context. However, it is possible for a RenderWidget associated with a
> child-frame to be synchronously destroyed by JS. This can be re-entrant. This CL
> updates destruction of RenderWidget to be synchronous when called from IPC.
> 
> Bug: 987731
> Change-Id: If4b319fab19d02c5495ba14e5cc929f441ca4d2e
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1717456
> Commit-Queue: Avi Drissman <avi@chromium.org>
> Reviewed-by: Avi Drissman <avi@chromium.org>
> Reviewed-by: Daniel Cheng <dcheng@chromium.org>
> Auto-Submit: Erik Chen <erikchen@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#683247}

TBR=avi@chromium.org,dcheng@chromium.org,erikchen@chromium.org

Change-Id: I762230d0df57c6bcd75af80c1aa231d7b4d2183e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: 987731, 990192
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1731991
Reviewed-by: Matt Giuca <mgiuca@chromium.org>
Commit-Queue: Matt Giuca <mgiuca@chromium.org>
Cr-Commit-Position: refs/heads/master@{#683457}
15 files changed
tree: 8079417eb416f33ae39cff1151e21309ae7ec383
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. cloud_print/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. jingle/
  31. media/
  32. mojo/
  33. native_client_sdk/
  34. net/
  35. pdf/
  36. ppapi/
  37. printing/
  38. remoting/
  39. rlz/
  40. sandbox/
  41. services/
  42. skia/
  43. sql/
  44. storage/
  45. styleguide/
  46. testing/
  47. third_party/
  48. tools/
  49. ui/
  50. url/
  51. .clang-format
  52. .eslintrc.js
  53. .git-blame-ignore-revs
  54. .gitattributes
  55. .gitignore
  56. .gn
  57. .vpython
  58. AUTHORS
  59. BUILD.gn
  60. CODE_OF_CONDUCT.md
  61. codereview.settings
  62. DEPS
  63. ENG_REVIEW_OWNERS
  64. LICENSE
  65. LICENSE.chromium_os
  66. OWNERS
  67. PRESUBMIT.py
  68. PRESUBMIT_test.py
  69. PRESUBMIT_test_mocks.py
  70. README.md
  71. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .