Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Break RemoteFrame/RemoteFrameView reference cycle
https://bugs.webkit.org/show_bug.cgi?id=264862 rdar://116200737 Reviewed by Pascoe. This required some work in 3 circumstances: 1. When a LocalFrame is removed in another process and we receive a message to destroy the RemoteFrame that represents it in this process 2. When a LocalFrame transitions to a RemoteFrame because a load has committed in another process 3. When a RemoteFrame transitions to a LocalFrame to begin a provisional load in this process In these circumstances we needed some more teardown logic to break the Frame/FrameView reference cycle. Believe it or not, WebKit has never seen a RemoteFrame destructor before today. To make assertions not fire, I had to make the assertion in Page::mainFrameDidChangeToNonInitialEmptyDocument allow the main frame to be a RemoteFrame. In the LocalFrame constructor, having an HTMLFrameOwnerElement always happened in the exact same circumstances as having a parent frame before site isolation, but with site isolation we can have a parent RemoteFrame and have no HTMLFrameOwnerElement in this process. I updated the conditions for calling selfOnlyRef ot match the conditions for calling selfOnlyDeref. * Source/WebCore/page/LocalFrame.cpp: (WebCore::LocalFrame::LocalFrame): * Source/WebCore/page/Page.cpp: (WebCore::Page::mainFrameDidChangeToNonInitialEmptyDocument): * Source/WebCore/page/RemoteFrame.cpp: (WebCore::m_layerHostingContextIdentifier): * Source/WebKit/WebProcess/WebPage/WebFrame.cpp: (WebKit::WebFrame::removeFromTree): (WebKit::WebFrame::transitionToLocal): Canonical link: https://commits.webkit.org/270776@main
- Loading branch information