When a BrowsingContext changes from being local to remote, we have to
change all window proxies from being local to remote, using
transplanting. The actual window proxy becomes a remote window
proxy. Cross compartment wrappers (CCWs) to the window proxy also
become remote window proxies in their respective compartments, rather
than CCWs to a remote proxy in the old compartment of the window
proxy, because the window is no longer actually in that
compartment. This also avoids having to figure out what Xray behavior
for remote window proxies should be.
This patch uses the transplanting support I added to
GetRemoteOuterWindowProxy() in the previous patch to ensure that the
remote proxy map holds the correct value after transplanting finishes.
It drops the requirement that both arguments to JS_TransplantObject
have the same class, because we need to transplant a window proxy with
a remote window proxy. It also deals with this by not adding origobj
to the wrapper map unless it is a CCW, to handle transplanting to a
remote proxy.
The core design here, with the remote window proxies in every
compartment, is taken from a patch by peterv.
Differential Revision: https://phabricator.services.mozilla.com/D35730
--HG--
extra : moz-landing-system : lando
When we call GetRemoteOuterWindowProxy in the middle of a transplant,
the remote proxy that the function returns will be almost immediately
swapped with some other object. Rather than trying to fix up the
remote proxy map when that happens, this patch adds a new argument
that is a pointer to the object, if any, that the remote proxy is
going to be swapped to. This will be used in the remote proxy map.
Having a value in the remote proxy map that is not a remote proxy
could cause issues if somebody ends up calling
GetRemoteOuterWindowProxy() a second time before the transplant has
finished. To avoid that, my patch asserts that we are returning an
object with the appropriate class.
Differential Revision: https://phabricator.services.mozilla.com/D37598
--HG--
extra : moz-landing-system : lando
When a BrowsingContext changes from being local to remote, we have to
change all window proxies from being local to remote, using
transplanting. The actual window proxy becomes a remote window
proxy. Cross compartment wrappers (CCWs) to the window proxy also
become remote window proxies in their respective compartments, rather
than CCWs to a remote proxy in the old compartment of the window
proxy, because the window is no longer actually in that
compartment. This also avoids having to figure out what Xray behavior
for remote window proxies should be.
This patch uses the transplanting support I added to
GetRemoteOuterWindowProxy() in the previous patch to ensure that the
remote proxy map holds the correct value after transplanting finishes.
It drops the requirement that both arguments to JS_TransplantObject
have the same class, because we need to transplant a window proxy with
a remote window proxy. It also deals with this by not adding origobj
to the wrapper map unless it is a CCW, to handle transplanting to a
remote proxy.
The core design here, with the remote window proxies in every
compartment, is taken from a patch by peterv.
Differential Revision: https://phabricator.services.mozilla.com/D35730
--HG--
extra : moz-landing-system : lando
When we call GetRemoteOuterWindowProxy in the middle of a transplant,
the remote proxy that the function returns will be almost immediately
swapped with some other object. Rather than trying to fix up the
remote proxy map when that happens, this patch adds a new argument
that is a pointer to the object, if any, that the remote proxy is
going to be swapped to. This will be used in the remote proxy map.
Having a value in the remote proxy map that is not a remote proxy
could cause issues if somebody ends up calling
GetRemoteOuterWindowProxy() a second time before the transplant has
finished. To avoid that, my patch asserts that we are returning an
object with the appropriate class.
Differential Revision: https://phabricator.services.mozilla.com/D37598
--HG--
extra : moz-landing-system : lando
My preference was to annotate most of the failing tests with `fail-if` so that
if they start passing, the `fail-if` needs to be removed and they need to keep
passing. That doesn't work for tests that timeout, or which trigger failures
from their cleanup functions, however, so those tests need skip-if. And tests
with fail in their cleanup functions likely leave the browser in an
inconsistent state for subsequent tests, anyway, so really should be skipped
regardless.
There are some remaining tests which still fail because of crashes. I chose
not to skip them here, but to fix the crashes in separate bugs instead.
Differential Revision: https://phabricator.services.mozilla.com/D38247
--HG--
extra : rebase_source : 39ba8fec2e882cfe577c5f2b58ab7e4b461f1178
This also adds an extra assertion against browsing context mismatches that
happen when we don't get this right.
Differential Revision: https://phabricator.services.mozilla.com/D36852
--HG--
extra : source : 4b07deb4cd2ef4c98b6d6ee961a20705f4f2deae
When searching for a target by name, don't select a window if its associated
BrowsingContext is closed, discarded, or cached.
Differential Revision: https://phabricator.services.mozilla.com/D37876
--HG--
extra : moz-landing-system : lando
Renames IsActive to IsTargetable, and updates its implementation to check that
the current browsing context is neither closed nor cached.
Differential Revision: https://phabricator.services.mozilla.com/D36670
--HG--
extra : moz-landing-system : lando
We can remove references held in the ContentChild and the ContentParent once the BrowsingContextGroup becomes empty.
This allows to break the cycles and the BrowsingContextGroup to be deleted.
Differential Revision: https://phabricator.services.mozilla.com/D38180
--HG--
extra : moz-landing-system : lando
This should help us more easily identify where the crashing issues are coming
from. The issue in part 1 was found due to these assertion changes.
Differential Revision: https://phabricator.services.mozilla.com/D36996
--HG--
extra : moz-landing-system : lando
This ensures that the object is not discarded while there are still in-flight
messages from the parent process, and vice-versa, which could cause crashes if a
CC was run before any pending messages have arrived.
Differential Revision: https://phabricator.services.mozilla.com/D36995
--HG--
extra : moz-landing-system : lando
We shouldn't perform an anti-tracking check here, since that may result
in us picking the node principal unintentionally.
Differential Revision: https://phabricator.services.mozilla.com/D37811
--HG--
extra : moz-landing-system : lando
In the bug which introduced mIsDiscarded, the code was changed to not set
mClosed during Detach, and only set mIsDiscarded. This was a mistake because a
bunch of places are only reading mClosed. Specifically when creating a
BrowsingContext for an iframe, we check GetClosed() to see whether to skip
creating it. Not doing this check can lead to assertions like the one in this
bug.
This patch changes the behaviour to continue setting `mClosed`, and also updates
the relevant `GetClosed()` checks to correctly check `IsDiscarded()`
Differential Revision: https://phabricator.services.mozilla.com/D37267
--HG--
extra : moz-landing-system : lando
Failures are affecting all platforms now. Let's skip the test entirely until
you can make it more reliable.
Differential Revision: https://phabricator.services.mozilla.com/D37022
--HG--
extra : moz-landing-system : lando
Nika Layzell
Benjamin
Cameron McCormack
Thomas Nguyen
Oana Pop Rus
Brindusan Cristian
Andrew McCreight
Noemi Erli
Ciure Andrei
Kris Maglione
Kashav Madan
Jean-Yves Avenard
Bogdan Tara
Boris Zbarsky
Gijs Kruitbosch
Dorel Luca
Ehsan Akhgari
Emilio Cobos Álvarez
Nicholas Nethercote
Jonathan Kingston
Kershaw Chang
Sylvestre Ledru
Geoff Brown