Changeset 39575 in webkit

Timestamp:

Jan 3, 2009 11:52:56 AM (15 years ago)

Author:

zecke@webkit.org

Message:

[GTK] Fix the reference counting of WebKitWebFrames

The ownership is the following: WebKitWebView owns a WebCore::Page.
WebKitWebView is creating one WebKitWebFrame which will be the
mainFrame of the WebCore::Page (having the reference on the Frame).

The FrameLoaderClient has the reference of the WebKitWebFrame for
the main frame and also any other frame. This means when the
WebCore::Frame goes away the FrameLoaderClient will go away which
will normally remove the last reference of the WebKitWebFrame. Because
an API user might have g_object_ref'ed the WebKitWebFrame null
checks had to be added to WebKitWebFrame.

For WebCore::Frames created by the FrameLoaderClient the ownership
will be passed down to the FrameTree, the WebKitWebFrame is not holding
a reference to the WebCore::Frame.

Do not g_object_unref the mainFrame in the destructor of the
WebKitWebFrame as this will happen from within the WebCore::Page
destruction. Do not hold a reference to the WebCore::Frame (circle) in
WebKitWebFrame, add null checks as the WebCore::Frame might have gone
away. Do not keep track of the FrameLoaderClient in the private
structures as it was mostly unusued.

​https://bugs.webkit.org/show_bug.cgi?id=21837

Location:

trunk/WebKit/gtk

Files:

• ChangeLog (modified) (1 diff)
• WebCoreSupport/FrameLoaderClientGtk.cpp (modified) (2 diffs)
• tests/main.c (modified) (2 diffs)
• webkit/webkitprivate.cpp (modified) (1 diff)
• webkit/webkitprivate.h (modified) (2 diffs)
• webkit/webkitwebframe.cpp (modified) (18 diffs)
• webkit/webkitwebview.cpp (modified) (1 diff)

trunk/WebKit/gtk/ChangeLog

@@ +1 @@
+2009-01-03  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Reviewed by Darin Adler.
+
+        [GTK] Fix the reference counting of WebKitWebFrames
+        
+        The ownership is the following: WebKitWebView owns a WebCore::Page.
+        WebKitWebView is creating one WebKitWebFrame which will be the
+        mainFrame of the WebCore::Page (having the reference on the Frame).
+        
+        The FrameLoaderClient has the reference of the WebKitWebFrame for
+        the main frame and also any other frame. This means when the
+        WebCore::Frame goes away the FrameLoaderClient will go away which
+        will normally remove the last reference of the WebKitWebFrame. Because
+        an API user might have g_object_ref'ed the WebKitWebFrame null
+        checks had to be added to WebKitWebFrame.
+        
+        For WebCore::Frames created by the FrameLoaderClient the ownership
+        will be passed down to the FrameTree, the WebKitWebFrame is not holding
+        a reference to the WebCore::Frame.
+        
+        Do not g_object_unref the mainFrame in the destructor of the
+        WebKitWebFrame as this will happen from within the WebCore::Page
+        destruction. Do not hold a reference to the WebCore::Frame (circle) in
+        WebKitWebFrame, add null checks as the WebCore::Frame might have gone
+        away. Do not keep track of the FrameLoaderClient in the private
+        structures as it was mostly unusued.
+        
+        https://bugs.webkit.org/show_bug.cgi?id=21837
+
+        * WebCoreSupport/FrameLoaderClientGtk.cpp:
+        (WebKit::FrameLoaderClient::frameLoaderDestroyed):
+        (WebKit::FrameLoaderClient::createFrame):
+        * tests/main.c: Add test case.
+        (test_webkit_web_frame_create_destroy):
+        (test_webkit_web_frame_lifetime):
+        (main):
+        * webkit/webkitprivate.cpp:
+        (WebKit::core):
+        * webkit/webkitprivate.h:
+        * webkit/webkitwebframe.cpp:
+        * webkit/webkitwebview.cpp:
+
 2009-01-02  Holger Hans Peter Freyther  <zecke@selfish.org>
 

trunk/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp

@@ -252 +252 @@
 void FrameLoaderClient::frameLoaderDestroyed()
 {
+    webkit_web_frame_core_frame_gone(m_frame);
     g_object_unref(m_frame);
     m_frame = 0;
@@ -386 +387 @@
 
     ASSERT(core(getViewFromFrame(webFrame())) == coreFrame->page());
-    WebKitWebFrame* gtkFrame = WEBKIT_WEB_FRAME(webkit_web_frame_init_with_web_view(getViewFromFrame(webFrame()), ownerElement));
-    RefPtr<Frame> childFrame(adoptRef(core(gtkFrame)));
+
+    RefPtr<Frame> childFrame = webkit_web_frame_init_with_web_view(getViewFromFrame(webFrame()), ownerElement);
 
     coreFrame->tree()->appendChild(childFrame);

trunk/WebKit/gtk/tests/main.c

@@ -24 +24 @@
 #if GLIB_CHECK_VERSION(2, 16, 0) && GTK_CHECK_VERSION(2, 14, 0)
 
+static void test_webkit_web_frame_create_destroy(void)
+{
+    WebKitWebView* webView;
+    g_test_bug("21837");
+
+    webView = WEBKIT_WEB_VIEW(webkit_web_view_new());
+    g_object_ref_sink(webView);
+    g_assert_cmpint(G_OBJECT(webView)->ref_count, ==, 1);
+
+    // This crashed with the original version
+    g_object_unref(webView);
+}
+
+static void test_webkit_web_frame_lifetime(void)
+{
+    WebKitWebView* webView;
+    WebKitWebFrame* webFrame;
+    g_test_bug("21837");
+
+    webView = WEBKIT_WEB_VIEW(webkit_web_view_new());
+    g_object_ref_sink(webView);
+    g_assert_cmpint(G_OBJECT(webView)->ref_count, ==, 1);
+    webFrame = webkit_web_view_get_main_frame(webView);
+    g_assert_cmpint(G_OBJECT(webFrame)->ref_count, ==, 1);
+
+    // Add dummy reference on the WebKitWebFrame to keep it alive
+    g_object_ref(webFrame);
+    g_assert_cmpint(G_OBJECT(webFrame)->ref_count, ==, 2);
+
+    // This crashed with the original version
+    g_object_unref(webView);
+
+    // Make sure that the frame got deleted as well. We did this
+    // by adding an extra ref on the WebKitWebFrame and we should
+    // be the one holding the last reference.
+    g_assert_cmpint(G_OBJECT(webFrame)->ref_count, ==, 1);
+    g_object_unref(webFrame);
+}
+
 int main(int argc, char** argv)
 {
@@ -30 +69 @@
 
     g_test_bug_base("https://bugs.webkit.org/");
+    g_test_add_func("/webkit/webview/create_destroy", test_webkit_web_frame_create_destroy);
+    g_test_add_func("/webkit/webframe/lifetime", test_webkit_web_frame_lifetime);
 
     return g_test_run ();

trunk/WebKit/gtk/webkit/webkitprivate.cpp

@@ -53 +53 @@
 
     WebKitWebFramePrivate* priv = frame->priv;
-    return priv ? priv->coreFrame.get() : 0;
+    return priv ? priv->coreFrame : 0;
 }
 

trunk/WebKit/gtk/webkit/webkitprivate.h

@@ -107 +107 @@
     typedef struct _WebKitWebFramePrivate WebKitWebFramePrivate;
     struct _WebKitWebFramePrivate {
-        WTF::RefPtr<WebCore::Frame> coreFrame;
-        WebCore::FrameLoaderClient* client;
+        WebCore::Frame* coreFrame;
         WebKitWebView* webView;
 
@@ -116 +115 @@
     };
 
-    WebKitWebFrame*
+    PassRefPtr<WebCore::Frame>
     webkit_web_frame_init_with_web_view(WebKitWebView*, WebCore::HTMLFrameOwnerElement*);
+
+    void
+    webkit_web_frame_core_frame_gone(WebKitWebFrame*);
 
     WebKitWebHistoryItem*

trunk/WebKit/gtk/webkit/webkitwebframe.cpp

@@ -112 +112 @@
 }
 
+// Called from the FrameLoaderClient when it is destroyed. Normally
+// the unref in the FrameLoaderClient is destroying this object as
+// well but due reference counting a user might have added a reference...
+void webkit_web_frame_core_frame_gone(WebKitWebFrame* frame)
+{
+    ASSERT(WEBKIT_IS_WEB_FRAME(frame));
+    frame->priv->coreFrame = 0;
+}
+
 static void webkit_web_frame_finalize(GObject* object)
 {
@@ -117 +126 @@
     WebKitWebFramePrivate* priv = frame->priv;
 
-    priv->coreFrame->loader()->cancelAndClear();
-    priv->coreFrame = 0;
+    if (priv->coreFrame) {
+        priv->coreFrame->loader()->cancelAndClear();
+        priv->coreFrame = 0;
+    }
 
     g_free(priv->name);
@@ -244 +255 @@
 
     priv->webView = webView;
-    priv->client = new WebKit::FrameLoaderClient(frame);
-    priv->coreFrame = Frame::create(viewPriv->corePage, 0, priv->client).get();
+    WebKit::FrameLoaderClient* client = new WebKit::FrameLoaderClient(frame);
+    priv->coreFrame = Frame::create(viewPriv->corePage, 0, client).get();
     priv->coreFrame->init();
 
@@ -251 +262 @@
 }
 
-WebKitWebFrame* webkit_web_frame_init_with_web_view(WebKitWebView* webView, HTMLFrameOwnerElement* element)
+PassRefPtr<Frame> webkit_web_frame_init_with_web_view(WebKitWebView* webView, HTMLFrameOwnerElement* element)
 {
     WebKitWebFrame* frame = WEBKIT_WEB_FRAME(g_object_new(WEBKIT_TYPE_WEB_FRAME, NULL));
@@ -258 +269 @@
 
     priv->webView = webView;
-    priv->client = new WebKit::FrameLoaderClient(frame);
-    priv->coreFrame = Frame::create(viewPriv->corePage, element, priv->client).releaseRef();
-
-    return frame;
+    WebKit::FrameLoaderClient* client = new WebKit::FrameLoaderClient(frame);
+
+    RefPtr<Frame> coreFrame = Frame::create(viewPriv->corePage, element, client);
+    priv->coreFrame = coreFrame.get();
+
+    return coreFrame.release();
 }
 
@@ -333 +346 @@
 
     Frame* coreFrame = core(frame);
-    ASSERT(coreFrame);
+    if (!coreFrame)
+        return "";
 
     String string = coreFrame->tree()->name();
@@ -353 +367 @@
 
     Frame* coreFrame = core(frame);
-    ASSERT(coreFrame);
+    if (!coreFrame)
+        return NULL;
 
     return kit(coreFrame->tree()->parent());
@@ -375 +390 @@
 
     Frame* coreFrame = core(frame);
-    ASSERT(coreFrame);
+    if (!coreFrame)
+        return;
 
     // TODO: Use the ResourceRequest carried by WebKitNetworkRequest when it is implemented.
@@ -393 +409 @@
 
     Frame* coreFrame = core(frame);
-    ASSERT(coreFrame);
+    if (!coreFrame)
+        return;
 
     coreFrame->loader()->stopAllLoaders();
@@ -409 +426 @@
 
     Frame* coreFrame = core(frame);
-    ASSERT(coreFrame);
+    if (!coreFrame)
+        return;
 
     coreFrame->loader()->reload();
@@ -437 +455 @@
 
     Frame* coreFrame = core(frame);
-    ASSERT(coreFrame);
+    if (!coreFrame)
+        return NULL;
 
     String nameString = String::fromUTF8(name);
@@ -457 +476 @@
 
     Frame* coreFrame = core(frame);
-    ASSERT(coreFrame);
+    if (!coreFrame)
+        return NULL;
 
     return toGlobalRef(coreFrame->script()->globalObject()->globalExec());
@@ -473 +493 @@
 
     Frame* coreFrame = core(frame);
-    ASSERT(coreFrame);
+    if (!coreFrame)
+        return NULL;
 
     GSList* children = NULL;
@@ -497 +518 @@
 
     Frame* coreFrame = core(frame);
-    ASSERT(coreFrame);
+    if (!coreFrame)
+        return g_strdup("");
 
     FrameView* view = coreFrame->view();
@@ -520 +542 @@
 
     Frame* coreFrame = core(frame);
-    ASSERT(coreFrame);
+    if (!coreFrame)
+        return g_strdup("");
 
     FrameView* view = coreFrame->view();
@@ -574 +597 @@
 
     Frame* coreFrame = core(frame);
-    ASSERT(coreFrame);
+    if (!coreFrame)
+        return;
 
     PrintContext printContext(coreFrame);
@@ -610 +634 @@
 bool webkit_web_frame_pause_animation(WebKitWebFrame* frame, const gchar* name, double time, const gchar* element)
 {
+    ASSERT(core(frame));
     Element* coreElement = core(frame)->document()->getElementById(AtomicString(element));
     if (!coreElement || !coreElement->renderer())
@@ -618 +643 @@
 bool webkit_web_frame_pause_transition(WebKitWebFrame* frame, const gchar* name, double time, const gchar* element)
 {
+    ASSERT(core(frame));
     Element* coreElement = core(frame)->document()->getElementById(AtomicString(element));
     if (!coreElement || !coreElement->renderer())

trunk/WebKit/gtk/webkit/webkitwebview.cpp

@@ -827 +827 @@
     g_object_unref(priv->webInspector);
     g_object_unref(priv->webWindowFeatures);
-    g_object_unref(priv->mainFrame);
     g_object_unref(priv->imContext);
     gtk_target_list_unref(priv->copy_target_list);