1371389 - seems we can run js on frozen windows

Status: RESOLVED WONTFIX

(Core :: DOM: Core & HTML, enhancement)

Description

[Ben Kelly [:bkelly, not reviewing]]

Over in bug 1371020 we have a couple stacks that suggest js code is running on frozen windows in the bfcache.  Should we be doing more to prevent js from running on frozen windows?

These suggests it can happen from requestAnimationFrame:

https://crash-stats.mozilla.com/report/index/b6635e6b-1a7c-407f-b0a4-7ebbc0170604
https://crash-stats.mozilla.com/report/index/854b8fba-191d-425d-aca8-c35ce0170607
https://crash-stats.mozilla.com/report/index/fae5ca2f-3d27-4f0d-ae62-b1f3f0170606
https://crash-stats.mozilla.com/report/index/2e0fbfb5-7785-466c-a1d1-f35250170606
https://crash-stats.mozilla.com/report/index/0d2c51a4-8b7b-41ac-8e15-9dc9c0170605

From IDB callbacks:

https://crash-stats.mozilla.com/report/index/7ea6332d-c085-4f23-86d3-87e8c0170608

From resize event:

https://crash-stats.mozilla.com/report/index/2eea3848-3cc2-4a63-94df-6bcfb0170608

From mouse event:

https://crash-stats.mozilla.com/report/index/68cee4be-73ac-4cf4-8d4e-b0aa20170607

I'm inferring that the window is frozen since that is the only case where a Timeout should have a null mWhen TimeStamp.

Olli, what do you think?

Comment 1

[Olli Pettay [:smaug][bugs@pettay.fi]]

What does it mean "run js on frozen windows"?
Some other page can always take reference to JS in the page which then enters bfcache and still access the JS.
Looks like the assertion is wrong.

Comment 2

[Ben Kelly [:bkelly, not reviewing]]

(In reply to Olli Pettay [:smaug] from comment #1)
> What does it mean "run js on frozen windows"?
> Some other page can always take reference to JS in the page which then
> enters bfcache and still access the JS.
> Looks like the assertion is wrong.

Its not wrong.  I am fixing the code to avoid calling Timeout::When() if the window is frozen.  I just thought maybe it was a bug that clearTimeout() could be called on a frozen window at all, though.