Closed Bug 274784 (blazinglyfastback) Opened 20 years ago Closed 19 years ago

Make back and forward blazingly fast and side-effect free

Categories

(Core :: DOM: Navigation, defect, P2)

Product:
Core
Component:
DOM: Navigation
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.8beta2

People

(Reporter: brendan, Assigned: bryner)

References

(Depends on 12 open bugs, Blocks 1 open bug)

Details

(Keywords: perf, Whiteboard: (o72555) Set browser.sessionhistory.max_viewers to nonzero to test)

Attachments

(9 files, 6 obsolete files)

fix so JSNewResolveOp can return an unrelated object
1.36 KB, patch
shaver
: review+
Details | Diff | Splinter Review
Testcase for resuming network activity on back
316 bytes, text/html
Details
Testcase showing that on back subframes that didn't get traversed get reparsed
501 bytes, text/html
Details
new patch
146.10 KB, patch
bzbarsky
: review-
bzbarsky
: superreview+
brendan
: approval1.8b2+
Details | Diff | Splinter Review
patch w/ brendan's comments addressed
146.49 KB, patch
Details | Diff | Splinter Review
Testcase that shows that we allow forms in a cached document to submit
688 bytes, text/html
Details
Testcase that shows that we allow anchors in cached documents to traverse
690 bytes, text/html
Details
pref'd off patch w/ short circuit and crash fix
164.66 KB, patch
Details | Diff | Splinter Review
mingw fix
1.57 KB, patch
dbaron
: review+
dbaron
: superreview+
Details | Diff | Splinter Review
This bug is where the real work to fix bug 38486 will go on. That bug is a pile of noise and a useless soapbox on which free-lunch-demanders wish to stand. /be
Status: NEW → ASSIGNED
Priority: -- → P2
Target Milestone: --- → mozilla1.8alpha6
Can this bug block bug 91351 163993 as the original bug did? I think it's important for those tracking (though I realize it may attract people to this bug).
bug 91351 seems fine. I'm not marking it as blocking 163993 since it not known whether this idea is a good thing yet.
Blocks: 91351
In the death-bug, I said: To do this properly, I think you have to separate the JS global scope object from the "window" object; which is something I think we should do for security reasons anyway. I don't see why scripting is a big deal; if we're going back/forward to a page which has already "loaded", there is no reason to fire onload events. Brendan then said, "we must fire onload when reloading from historoy, for backward compatibility -- so must every other browser" And Hixie said: <Hixie> opera doesn't do that <Hixie> it's the source of many of our dom bugs <Hixie> (to do with history) <Hixie> but we consider them worth the price of lightning fast back/forward
I could see a pref for fast vs. compatible back/forward being worth the UI, but before conceding that point, perhaps we could do some analysis of pages that break if they don't get reloaded (from cache) on session history navigation (back/forw). /be
Ian, can you give a few examples of URLs that break without onload-on-Back? /be
Not off-hand, no.
Interestingly enough, I just came across a page of discussion on this bug, except in reverse and for Opera: http://www.quirksmode.org/bugreports/archives/2004/11/load_and_unload.html - if you're still looking for an example of a page broken by this functionality, I'm sure you could ask him. It seems as though the Opera folks really haven't found a solution either, they just went in the opposite direction. Would it be possible to simply not load from cache if the page includes onLoad or onUnload events? That would improve performance (storage speed notwithstanding) for most pages, while retaining compatability for javascript generated pages, wouldn't it? Oh, also, does anyone have some some kind of estimate regarding how much storage this'd take?
Is it not feasible to cache the work of the parser? I was under the impression the XUL cache does that. It won't cause any back/forward quirks, and it could be used for all page loads, not just for backing up to a previous page. If an html page is to be loaded from the disk cache, check for an associated parser cache entry. If it's there, use it to load the page.
But I, at least, don't want the parser results when I go back. I want exactly the same DOM tree that I left when I went forward. I'm pretty sure that not-firing the onload even would be the correct behavior in this case; I just want to see what parts of the existing web this would break, and why. Perhaps we need to implement the "onenter" event mentioned in the linked opera thread.
hm, I guess not firing onload would break things that do stuff that's not reflected in the DOM... (window opening... alerts... confirm()... others?)
A lot of sites use onload events or top-level scripts, but most of these sites would not be broken by DOM-storing. For example, a site that just twiddles element positions would not be affected, and a site that prompts for your age while loading or in onload would be *improved* by DOM-storing. The only onload actions that might need to be redone are actions that change external state, such as variables in another frame/window or a cookie. I would expect many sites that use scripts to alter external state to have onunload events that undo those changes. Is that true -- do most sites broken by Opera's DOM-storing feature use onunload? If so, Firefox could use the following heuristic: store the DOM in history unless the site has an onunload event. To summarize the possibilities: A) Store everything. Drop support for onunload. (Opera) B) Store unless site uses onunload. (My suggestion) C) Store unless site uses onunload, onload, or inline scripts. (Comment 7) (A) or (B) could be combined with adding support for onenter and onleave.
What I might like to see is an option to have Back/Forward behave essentially as though each page was in a separate tabbed window, because that is how I have been workarounding the current behavior-- when I want to follow a link from which I expect I may want to go Back, I open the link in a new tab, and then use Shift+Ctrl+Tab to go Back and Ctrl+Tab to go Forward; when a page is outofdate, I do Ctrl+R. When combined with using tabs for branches in the browsing path/sequence, this approach is not ideal, but for plain linear browsing, I find it works great, and so I think having the equivalent behavior just using Back/Forward rather than tabs would be even better. I guess the key thing is that I can be the one who decides the behavior regarding reloading, rather than the browser having to try to figure out what to do for me, when it may not have enough understanding of what is going on at the web application level to make a good choice. I would still want to have an option to have the browser treat Back/Forward as some sort of movement along a path of pages where only one page can be visible/visited at a time, rather than that other model of any page which has been visited may still be visible in its previous state, regardless of whatever pages have been visited since then, and it is up to the user to worry about treating the set of pages as a sequence.
What do you plan to do about plugins? Re comment 11: I agree that (B) is reasonable. However, that makes the assumption that onbeforeunload handlers are idempotent while onunload handlers are not. The way onbeforeunload works (prompt using a returned string) suggests that typical onbeforeunload handlers probably ought to be idempotent. I wonder if we could get away with making the same assumption about onunload. It doesn't seem entirely unreasonable. (How widely used are both of these?)
There's another tricky case. Forms that uses onclick/onsubmit. These scripts could be setting hidden values or make other modifications to formfields before they are submitted. OTOH, these pages are already in trouble since formfields are restored when you go back to a page. But there are actually pages that break on this already. (Can't come up with an example off the top of my head). I think the best way to deal with those pages is some sort of 'onenter' or 'onreturn' event. Also, it would be usefull to be able to tag a formfield (or maybe an entire form) for being automatically reset on this event. This is usefull for things like navigation selects, or seach-fields (it's always confusing returning to a google seachpage and see a value you searched for _leaving_ that page, rather then see the value you searched for _getting_ that page). In fact, this stuff could be independent of this bug. Though if we did store the DOM it would be usefull if the event indicated wheather the DOM was restored or just the form-values. Something for WHATWG, i'll see if I can write up a formal proposal...
Actually, what happens if I leave a page, resize the window, then go back to the page? Is there an onload event? Is there an onresize event? If there is neither, how is the page to reposition things if it does the usual "position it all in JS" thing? As for doing prototype stuff like XUL, it's been thought of.... it might still happen. It wouldn't really solve this bug as filed, though, I suspect.
(In reply to comment #15) > Actually, what happens if I leave a page, resize the window, then go back > to the page? There's an onresize event.
Whiteboard: (o72555)
Target Milestone: mozilla1.8alpha6 → mozilla1.8beta2
Blocks: 203448
I'm not gonna have time for this till 1.9, but bryner has already started hacking on it, and we've been talking. He's the man for this bug, so reassigning. /be
Assignee: brendan → bryner
Status: ASSIGNED → NEW
Hixie, anyone: do any of Opera, Safari, or IE implement an onreturn on onenter event handler as sicking proposed? (Isn't onback the obvious handler name? Hmm, not if you go forward. onhistorymove?) It would be good to build on a de-facto standard, if one exists and doesn't suck. /be
Alias: blazinglyfastback
We were this close back when jband and I last messed around with this odd case. The idea is that you have o1, you want to resolve id in it, but o1[id] doesn't exist. o1's class has a new-resolve hook that defines id in some o2 not == o1 and not on o1's prototype chain. That should work, because all callers of js_LookupProperty* (direct or via OBJ_LOOKUP_PROPERTY) respect the out params. This patch fixes the bug that broke it. For this bug, consider window == o1, an inner window object that's N:1 against the window, where N is the length of session history as o2. bryner, find me on IRC if you run into further problems. They should all be fixable. Thanks, /be
Attachment #177491 - Flags: review?(shaver)
Comment on attachment 177491 [details] [diff] [review] fix so JSNewResolveOp can return an unrelated object In my feverish haze, that looks great! r=shaver
Attachment #177491 - Flags: review?(shaver) → review+
Comment on attachment 177491 [details] [diff] [review] fix so JSNewResolveOp can return an unrelated object Checked in, although this won't be needed for now, if ever, by this bug. /be
Note bug 288462.
Depends on: 285404
bryner's got a patch, it's getting there. Please don't spam this bug with notes about other bugs. Yeah, once bryner's patch lands, and if you go back within the limit of in-memory-cached history items, we will comply with RFC 2616. Woo. /be
Blocks: 288462
*** Bug 288432 has been marked as a duplicate of this bug. ***
Attached patch work in progress (obsolete) — Splinter Review
This is where I'm at right now. There are a number of known issues here: - random crashes, often when closing windows - plugins need to be stopped and restarted - timeouts need to be stopped and restarted - need to fire a new event so that password autocomplete can run when going back - random rendering problem with reload button on mac - the cache size needs to be tweaked, and ideally based on available RAM - need to handle window size changes between saving and restoring presentation - do something with marquee
One source of crashes seems to happen if an iframe has focus when you close a window -- this has to do with the non-sticky case in DocumentViewerImpl::Hide. Working on that now.
bryner, what's the plan for loads that aren't done when we leave a document? Say an image is still loading? Or the document itself is not done loading?
(In reply to comment #27) > bryner, what's the plan for loads that aren't done when we leave a document? > Say an image is still loading? Or the document itself is not done loading? Brian and I spoke about this today. I think we agreed that partially loaded pages should not be put in the back cache since they might compete against the newly loading page for network and CPU bandwidth. Either that, or we should find some way to suspend the loading of an incomplete page... but that sounds very complicated.
> since they might compete against the newly loading page for network and CPU > bandwidth. I was thinking more in terms of sharing the same loadgroup, so affecting onload and the like... ;) I agree that just not putting incompletely loaded pages in the back cache is a simple solution for the time being.
Attached patch patch for review (obsolete) — Splinter Review
I think this still has a few problems. In fact, I'm pretty sure of it. But I think we should get this in, turned on, so that we can start getting crashes isolated with Talkback, etc. and we can have this stable by Firefox 1.1.
Attachment #179734 - Attachment is obsolete: true
Attachment #181003 - Flags: superreview?(jst)
Attachment #181003 - Flags: review?(roc)
This is targeted at 1.8b3, not b2, right?
I'll do what I can but I think bz-review would be invaluable also.
I'd certainly like to see it for b2 so that we can get testing exposure in the Firefox developer preview. Unless it turns out to be so bad that it masks all other problems with the developer preview, in which case we'd be best off getting it in as soon as possible after that release.
I've been using bf-cache builds for days and not had any problems that would warrant it being turned off. This should totally be checked in, without a pref.
> This should totally be checked in, without a pref. Pref'd on to be sure, but without a pref to disable just in case?!? A simple pref that lets me disable bf-cache to see if it is the culprit in some instance would be invaluable IMO.
Some none-substantive comments: Shouldn't a Sanitize() failure cause the DOM to automatically not be cached? It looks like we just ignore the return from Sanitize()... Also, what happens if content fires DOMPageRestore events? Wouldn't autofill trigger on those? Do we need some isTrusted checks here? I'd really rather we stopped putting our custom events in the DOM* namespace. How about Moz* event names instead?
mIsGoingAway is never set for a document with this patch, as far as I can see. That seems wrong. It'll lead to extra work in RemoveStyleSheet() when the document is finally destroyed. It may also be worth seeing when we currently enter GetScriptGlobalObject() while mIsGoingAway is true, since the behavior of those codepaths will change with this patch (in particular, if they actually need a script global they'll break). I'm assuming you did some basic testing and verified that the destructors for the documents you evict from the cache are in fact firing, right? Removing the code that tears down the DOM in SetScriptGlobalObject is a tad scary, but if we can do that without effectively leaking, that's great. Some subclasses override SetScriptGlobalObject and do nontrivial things in it. If you're setting it to null and then back to non-null on the same document, for example, this should cause nsImageDocument to create a new root and call SetRootContent on it, triggering some asserts. Worth checking on this and nsPluginDocument's behavior. If a document is loaded but there are still network requests in the loadgroup (background images, loads started _after_ the onload event, etc), we don't deal at all well, as far as I can tell -- either they end up in the loadgroup of the new document we're loading (which is the same exact loadgroup), or we kill them and probably don't restart them properly on restore. We need to figure out how to do this right (while recalling that at the moment reflow events, say, look like a foreground request in the loadgroup). More comments later....
I'd vote for no pref because we're getting drowned in prefs. If this is checked in _with_ a pref then I would say we absolutely must remove at least two other prefs first. (I'm talking hidden prefs here of course, not UI prefs.)
Blocks: 290394
I was using this patch for two days, and had to go back to default build because of intermittent problems with keyboard focus. Keyboard navigation was sometimes totally broken, and while usually click inside the window helped, this trick didn't work here. Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b2) Gecko/20050413, GTK2/Xft
I'm using build with this patch for 2 days without any problems. It works great. I built Linux builds with this, and a few folks used it - also without a problem. Today I'm going to build Windows one, to get the feedback from Win users.
Comment on attachment 181003 [details] [diff] [review] patch for review roc said it was fine to switch reviewer of record to bz, who has started already. roc's gonna have a look too. jst is on vacation still, so I'm going to sr. At this point, apart from overt bugs and design mistakes that will be hard to fix the longer we wait, I'd like to see review happen in the next couple of days, so we can get this patch in and get wider testing. /be
Attachment #181003 - Flags: superreview?(jst)
Attachment #181003 - Flags: superreview?(brendan)
Attachment #181003 - Flags: review?(roc)
Attachment #181003 - Flags: review?(bzbarsky)
I'm not going to be able to do a thourough review of this till early next week....
Attached patch new patch (obsolete) — Splinter Review
Issues fixed since the last patch: - Added a null check in the accessibility code so that we don't crash if the document has no container. I don't actually think this is related to my changes but I hit it while testing, and aaronl's recent checkin seems to be the culprit. - Added additional checking in nsDocShell::CanSavePresentation to avoid saving the presentation when we're reloading the page. - Added save and restore of the docshell tree (oops) - Refactored timeout suspend/resume code and made sure to suspend and resume for child windows as well.
Attachment #181003 - Attachment is obsolete: true
Attachment #181463 - Flags: superreview?(brendan)
Attachment #181463 - Flags: review?(bzbarsky)
Comment on attachment 181003 [details] [diff] [review] patch for review removing obsolete requests
Attachment #181003 - Flags: superreview?(brendan)
Attachment #181003 - Flags: review?(bzbarsky)
The patch changes the behavior on this simple testcase. Replace the CGI with one that does JPEG push or XMLHttpRequest activity or whatever to get an idea of where this could become a pretty major issue. The problem, of course, is that a page transition stops all network activity in a docshell's loadgroup. This is desirable, since the loadgroup belongs to the _docshell_. But then when we fast-back we don't restart the network requests we killed.
I'd like to see some documentation in nsDocShell.h. Specifically, I'd like to see documentation as to the lifetime and ownership model of mContentViewer, and documentation on what the three methods you're adding do, when it's OK to call them, what happens if aURI doesn't match the URI in aSHEntry in RestorePresentation(), what's an acceptable SHEntry to pass to RestorePresentation. I'm still sorting out through the subframe navigation handling, so if you actually wrote down somewhere how that works with this patch (given that cloning the session history entries doesn't clone this cached presentation stuff), let me know please... I suspect it works out in some cases because we only actually do a load when we have a different history entry, on the specific docshell the entry is different for, but doesn't this mean that going back to the result of a subframe navigation across a toplevel load will be slow?
More things to check on I thought of... 1) Is there an issue with the cached prescontexts holding a backpointer to the docshell (the "container")? It's an nsWeakPtr, so it's not that it can start pointing to dellocated memory or anything, but could something in the prescontext or some prescontext consumer make a call on the docshell when the docshell doesn't expect it? I seem to recall anchors getting the docshell for traversal via this pointer. What happens if someone fires a (trusted, so say from chrome) DOM click event on a pointer to a node in a document that we've moved away from? 2) Are there issues with the device context being shared by the cached viewmanagers and the current live one? I'm not sure what could arise here; roc might know this part better... So if we go back to a frameset from a non-frame page, do we create new docshells for the subframes? And if so, do they create new device contexts? Or is the device context held by the content viewer?
(In reply to comment #45) > a docshell's loadgroup. This is desirable, since the loadgroup belongs to the > _docshell_. But then when we fast-back we don't restart the network requests > we killed. I'm going to post a new patch in a minute that avoids this problem by not caching the presentation if there are any active requests in the load group (other than the request for the new document). That way we don't have to figure out how to restart something like an XMLHttpRequest. (In reply to comment #46) > them, what happens if aURI doesn't match the URI in aSHEntry in That would be bad and should not happen. Do you know of a case where it does? > I'm still sorting out through the subframe navigation handling, so if you > actually wrote down somewhere how that works with this patch (given that cloning > the session history entries doesn't clone this cached presentation stuff), let > me know please... I suspect it works out in some cases because we only actually > do a load when we have a different history entry, on the specific docshell the > entry is different for, but doesn't this mean that going back to the result of a > subframe navigation across a toplevel load will be slow? I'm not entirely clear on how it does or should work either, or I would. Do you think just copying the nsIContentViewer pointer to the cloned entry would fix this? It seems like if you do that, once you restore one of the history entries, you would need to nuke the saved presentation pointer from any other entries that are using it.
(In reply to comment #48) > traversal via this pointer. What happens if someone fires a (trusted, so say > from chrome) DOM click event on a pointer to a node in a document that we've > moved away from? > The intent is that the cached document is completely dead to events. You have to explicitly go to session history to get a pointer to one, so I don't think we need to plug this at every entry point. > 2) Are there issues with the device context being shared by the cached > viewmanagers and the current live one? I'm not sure what could arise here; roc > might know this part better... So if we go back to a frameset from a non-frame > page, do we create new docshells for the subframes? And if so, do they create > new device contexts? Or is the device context held by the content viewer? If we go back to a frameset, the subframe docshells are cached with the toplevel content viewer (because the subdocuments will have a reference to them). So they will retain their original device contexts.
> not caching the presentation if there are any active requests in the load group What if the active request is a pending reflow? Or a pending image error or load event? Same thing? As far as that goes, what _is_ the plan for pending PLEvents of various sorts when the presentation is cached? Do we want them firing on the cached presentation? > That would be bad and should not happen. Then why do you need both the URI and the SHEntry? If the URI is always the URI in the SHEntry, just pass the latter? > Do you think just copying the nsIContentViewer pointer to the cloned entry > would fix this? I'm not sure, for the same reasons you're not sure (ownership issues, Hide/Show ordering, etc). > You have to explicitly go to session history to get a pointer to one Why? What if you're holding a pointer to a document (say in a different frame on the same website) and then the document gets unloaded before you do something with it?
Attached patch new patch (obsolete) — Splinter Review
Changes since the last patch: - Added a check for active requests in the docshell's load group, and skip caching the presentation if there are any. - Got rid of nsDocument::mIsGoingAway in favor of checking for null SGO. - Fixed nsEventListenerManager::HasUnloadEvents to check for beforeunload as well. - Made nsPluginDocument recreate its mStreamListener when restored from session history. - Moved nsISecureBrowserUI ownership to the docshell, so that we can always get at this to cache it (it formerly lived on the XUL <browser>, in a way that was inaccessible from C++). Added capture and restore of security state so that alerts fire as exepcted when going back/forward. - Added suspend and resume of meta-refresh loads. To do this I ended up adding to nsITimer so that you can retrieve the nsITimerCallback object. This doesn't address Boris's most recent comments yet, but I wanted to get this new code up.
Attachment #181463 - Attachment is obsolete: true
Attachment #181797 - Flags: superreview?(brendan)
Attachment #181797 - Flags: review?(bzbarsky)
(In reply to comment #51) > What if the active request is a pending reflow? Or a pending image error or > load event? Same thing? > > As far as that goes, what _is_ the plan for pending PLEvents of various sorts > when the presentation is cached? Do we want them firing on the cached presentation? > No, I don't really want anything to fire on the cached presentation. If it's not something that we can figure out how to suspend and resume, then I'd say it should be a no-cache condition. I'd rather start off overly-conservative and then gradually expand the types of pages that we can cache. > Then why do you need both the URI and the SHEntry? If the URI is always the URI > in the SHEntry, just pass the latter? > Could... aURI originates in LoadHistoryEntry if aSHEntry is non-null, so it looks like they definitely have to correspond. > > You have to explicitly go to session history to get a pointer to one > > Why? What if you're holding a pointer to a document (say in a different frame > on the same website) and then the document gets unloaded before you do something > with it? The document needs to act as if it has no presentation, in that case.
> - Got rid of nsDocument::mIsGoingAway in favor of checking for null SGO. Note that a document created via the DOMImplementation should have a null SGO, last I checked. Not sure about documents loaded via XMLHttpRequest and such, but that may be the case there too... I need to think about how embedding apps are affected by the secure browser UI change. In general, any time we have to use nsIDocShell in our chrome that means the functionality is not available to embeddors (since nsIDocShell is not frozen and never will be). > No, I don't really want anything to fire on the cached presentation. Then we probably need to audit all places where we create and post PLEvents and figure out what's supposed to happen for all of them.... Similar for various timers (the caret blink timer comes to mind). > The document needs to act as if it has no presentation, in that case. I'm not sure this patch accomplishes that. One other thing to watch out for -- computed style. Once someone gets a computed style object, we need to somehow invalidate it (or something?) when the document is cached.
(In reply to comment #54) > I need to think about how embedding apps are affected by the secure browser UI > change. In general, any time we have to use nsIDocShell in our chrome that > means the functionality is not available to embeddors (since nsIDocShell is not > frozen and never will be). > Darin and I went through this... the secure browser UI object is not accessible via any public interface on nsWebBrowser, either. So it should be no change. > > No, I don't really want anything to fire on the cached presentation. > > Then we probably need to audit all places where we create and post PLEvents and > figure out what's supposed to happen for all of them.... Similar for various > timers (the caret blink timer comes to mind). Right, we could also try harder to suspend things that might post such events. Even if we did that, it might not hurt to have a global "inactive" flag for a presentation that would kill anything like this. > > > The document needs to act as if it has no presentation, in that case. > > I'm not sure this patch accomplishes that. > No, I don't think it does. I'd say unless there are immediate known issues, that could be addressed later. > One other thing to watch out for -- computed style. Once someone gets a computed > style object, we need to somehow invalidate it (or something?) when the document > is cached. It might not hurt to see what Safari does in this case (and the above case, as well).
So just to be clear, I've somewhat accepted that we plan to check this in with known issues. I'd like to make sure those issues are not ones that affect the basic architecture of the the design. Things like deciding on the ownership of things, clear statement of our design invariants, and a plan for enforcing those invariants are, in my mind, prerequisites for sorting out what issues can be solved in the current design....
Attached patch new patchSplinter Review
Made sure to disable any active carets before putting a document into session history. Also added lots of comments in nsDocShell.h about how this all works.
Attachment #181797 - Attachment is obsolete: true
Attachment #181828 - Flags: superreview?(brendan)
Attachment #181828 - Flags: review?(bzbarsky)
Comment on attachment 181828 [details] [diff] [review] new patch bryner, great work. sr+a=me with the major issues below fixed before checkin; minor issues for your consideration only. My marks carry over if you attach a new patch fixing these issues shortly. With bz agreeing, I think you should check this in as soon as possible. Followup bugs should be filed and fixed as usual for any big patch, particularly on the XXX and XXXbryner issues, which should, if you follow Nat Friedman's wise advice, be FIXME: <bug#> comments instead. (So do file followup bugs now). It would be good to have a followup bug about better global-LRU memory pressure instead of the at-most-five-by-default pref. I'll file it if you like; let me know. /be Major issues: CopyJSPropertyArray should use the JS_GetStringChars, JS_GetUCPropertyAttributes, JS_GetUCProperty, and JS_DefineUCProperty APIs to handle full Unicode. If any of those APIs fail, there was a JS error reported (OOM) or set as a pending exception (other than OOM), so you should propagate failure from CopyJSPropertyArray. It looks like user-defined window-level getters and setters (which will be enumerable) will be replaced by undefined values, which is bad. Instead of + jsval propvalue; + if (!::JS_GetProperty(cx, aSource, propname_str, &propvalue)) { + NS_WARNING("property was found, but get failed"); + continue; + } + + PRBool res = ::JS_DefineProperty(cx, aDest, propname_str, propvalue, + NULL, NULL, attrs); you want to declare JSPropertyOp getter, setter; call JS_GetUCPropertyAttrsGetterAndSetter (I just added this API) instead of JS_GetPropertyAttributes; and define the (Unicode-named) property with getter and setter passed instead of NULL and NULL. Why don't you have to save and restore mTimeoutInsertionPoint as well as mTimeouts? Minor issues: Nit: use two-space indenting in nsDocument::Sanitize(). Nit: localize input and form to their respective for loop body blocks in nsDocument::Sanitize() Nit: SubDocEnumData *args = NS_STATIC_CAST(SubDocEnumData*, arg); inSubDocHashEnum to avoid data->data (args->data, nice). In light of that: SubDocEnumArgs, not SubDocEnumData. DOMPageRestore is ok by me -- we should standardize this via whatwg or (hah! I'll believe it when I see it) the re-forming w3c DOM group. Uber-nit: in nsDocShell::CanSavePresentation, // difficult (i.e. XMLHttpRequest). s/i.e./e.g./ In nsDocShell::RestorePresentation, // Pulling the viewer out of the CachedPresentation will thaw() it. thaw refers to some old name for what method? open?
Attachment #181828 - Flags: superreview?(brendan)
Attachment #181828 - Flags: superreview+
Attachment #181828 - Flags: approval1.8b2+
Status: NEW → ASSIGNED
Flags: blocking1.8b2+
Oh, and bryner found what I should have remembered to mention: intervals need mWhen updating on resume. And we agreed timeouts and intervals should resume with whatever time remains in the current timeout or interval period, to avoid skewing outstanding timeouts from any related intervals. /be
Comment on attachment 181463 [details] [diff] [review] new patch patch is obsolete. Removing review-request.
Attachment #181463 - Flags: superreview?(brendan)
Attachment #181463 - Flags: review?(bzbarsky)
Comment on attachment 181797 [details] [diff] [review] new patch Patch is obsolete, removing review-request.
Attachment #181797 - Flags: superreview?(brendan)
Attachment #181797 - Flags: review?(bzbarsky)
Running with this, lots of windows, tabs, plugins, maps.google.com... crashed here: #0 0x006837a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 #1 0x008ea624 in raise () from /lib/tls/libpthread.so.0 #2 0x080545fe in nsProfileLock::FatalSignalHandler () #3 <signal handler called> #4 0xb6f00c9e in nsDocShell::CanSavePresentation () from /home/brendan/src/firefox-opt/mozilla/dist/bin/components/libdocshell.so #5 0xb6f03458 in nsDocShell::CreateContentViewer () from /home/brendan/src/firefox-opt/mozilla/dist/bin/components/libdocshell.so #6 0xb6f0c7ea in nsDSURIContentListener::DoContent () from /home/brendan/src/firefox-opt/mozilla/dist/bin/components/libdocshell.so Looking at the disassembly before $eip in frame 4, I'm thinking nsCOMPtr<nsIDocument> doc = do_QueryInterface(pWin->GetExtantDocument()); if (doc->HasRequests(aNewRequest)) return PR_FALSE; needs a null check. bryner? /be
Nits: printf("Copied window property: %s\n", propname_str); won't work too well now that propname_str is jschar *. /be
###!!! ASSERTION: Already have a root content! Clear out first!: '!mRootContent ', file c:/mozilla.org/trunk2/mozilla/content/base/src/nsDocument.cpp, line 1501 I'm guessing that's comment 37? things get real bad after that assert.
Perhaps nsGenericElement::ShouldFocus shoul default to false when there is no script global? That would make a lot more sense to me...
Comment on attachment 181828 [details] [diff] [review] new patch Drive-by review comments: +class WindowStateHolder : public nsISupports [...] + JSRuntime *mRuntime; In Mozilla there's only ever one JSRuntime, and you can always get to that through the nsIJSRuntimeService, so no need to store that here IMO. Or is this potentially needed after the service is no longer reachable? If so, add comments about that. Also nsDocument::Sanitize() should use 2-space indentation.
Attachment #181828 - Flags: superreview+ → superreview?(brendan)
Comment on attachment 181828 [details] [diff] [review] new patch I finally built a tree with this patch and did a run with XPCOM_MEM_LEAK_LOG set. Just start up and shut down. With this patch, that leaks 22 nsDocument objects (and all sorts of other stuff that they're holding references too, of course). That's not so good. Then I tried using this patch. Loaded http://lxr.mozilla.org/seamonkey/source/layout/base/nsCSSFrameConstructor.cpp then clicked the "CVS Log" link. So far so good. Then clicked back (which was fast). Then clicked forward. Then clicked back and watched nsCSSFrameConstructor be reparsed. I guess the problem is that I'm using SeaMonkey, so the max_viewers pref ended up being 0. But if it's zero, why did we cache the viewer for nsCSSFrameConstructor the first time around? That should be fixed. If I start the browser, open a new tab, load about:config in the new tab, filter for "svg", right-click on the svg.enabled pref, toggle it, and shut down the browser, I leak two more documents (24 instead of 22). That may just be because I loaded more XUL documents, of course. I got some assertions that seem to be caused by this patch: ###!!! ASSERTION: Can't get interface requestor: 'ifreq', file /home/bzbarsky/mozilla/xlib/mozilla/extensions/typeaheadfind/src/nsTypeAheadFin d.cpp, line 2096 ###!!! ASSERTION: failed to get the nsIScriptGlobalObject. bug 95465?: 'boundGlobal', file /home/bzbarsky/mozilla/xlib/mozilla/content/xbl/src/nsXBLPrototypeHandler.cpp, line 423 The former I can reproduce at will. Start the browser, hit Ctrl-T to open a new tab, then focus the content area and hit Ctrl-W to close the tab. Gives that assert and some nice frame manager warnings. The latter assert, I'm not quite sure how I got... I managed to reproduce it once more while messing with about:config for the "svg" pref, though. With this patch, I still fail the "resuming network activity" testcase, most of the time (more on this when I comment on the docshell changes). When I _do_ pass it, going forward again I get: ###!!! ASSERTION: Request list is not empty.: 'mRequests.entryCount == 0', file /home/bzbarsky/mozilla/xlib/mozilla/netwerk/base/src/nsLoadGroup.cpp, line 410 ###!!! ASSERTION: Foreground URLs are active.: 'mForegroundCount == 0', file /home/bzbarsky/mozilla/xlib/mozilla/netwerk/base/src/nsLoadGroup.cpp, line 411 On the "forms in cached document submit" testcase, if I just click the link in the subframe and then go back (without clicking the button), I get: ###!!! ASSERTION: Unexpected root view: 'rootView == origView->GetViewManager()->RootViewManager()->GetRootView()', file /home/bzbarsky/mozilla/xlib/mozilla/view/src/nsViewManager.cpp, line 4108 on every paint... Sounds like restoring viewmanager state for subdocuments doesn't quite work. Moving on to the patch itself: >Index: browser/app/profile/firefox.js Please make a similar change to browser-prefs.js. Or maybe the C++ code should default to something nonzero here, so embeddors get this feature automatically (and those who don't want it have to disable it explicitly)? >Index: content/base/public/nsIDocument.h >@@ -52,6 +52,7 @@ >+#include "pldhash.h" Why? I don't see you using it anywhere in this header... >+ /** >+ * Sanitize the document by resetting all input elements and forms that have >+ * autocomplete=off to their default values. Do we really want to be that specific? What effect, if any, should Sanitize have on XForms? Might want to file a followup bug on that. Certainly not an initil-landing blocker. >+ typedef PRBool (*nsSubDocEnumFunc)(nsIDocument *aDocument, void *aData); What does the return value mean? >Index: content/base/src/nsDocument.cpp >@@ -1616,7 +1618,12 @@ nsDocument::RemoveStyleSheet(nsIStyleShe >+ // If there is no script global object, we assume that either: >+ // 1) Document teardown is in progress >+ // 2) The document is in session history not being shown; it >should not be That's not a good assumption for data documents, etc (though they may not ever get RemoveStyleSheet called on them; I'm not sure). Wouldn't it make sense to key off of mInDestructor here, if that's the only place where we remove all our content? >@@ -1832,7 +1839,7 @@ nsDocument::GetScriptGlobalObject() cons >+ if (!mScriptGlobalObject) { > nsCOMPtr<nsIInterfaceRequestor> requestor = > do_QueryReferent(mDocumentContainer); I don't see anything in this patch that changes a document's container... So it looks to me like cached documents will point to their original docshell as the container, and will point to the window in that docshell as their script global. Is that really desirable? jst might be able to say for sure, but it seems wrong to me... Then again, it's no different from what we already had if someone held a pointer to a document past the point where the window loaded a new document... >@@ -1847,37 +1854,6 @@ nsDocument::GetScriptGlobalObject() cons > nsDocument::SetScriptGlobalObject(nsIScriptGlobalObject *aScriptGlobalObject) I'll bet that the changes to this function are causing the leaks I observed, fwiw. >+nsDocument::Sanitize() Is there a reason we don't have to worry about autocomplete="off" <textarea> elements? >+SubDocHasRequests(PLDHashTable *table, PLDHashEntryHdr *hdr, >+ PRUint32 number, void *arg) >+ PRBool hasRequest = subdoc ? PR_FALSE : subdoc->HasRequests(nsnull); That should be the other way around? >Index: content/events/public/nsIEventListenerManager.h >+ * Allows us to quickly determine if we have unload or beforeunload s/if/whether/ >Index: content/events/src/nsDOMEvent.cpp >+ "DOMPageRestore", "submit", "reset", "change", "select", "input", "paint", I'm still not so happy with putting this in the DOM spec event name namespace. I guess if jst and brendan both feel this part is ok I'll let it be, though... >Index: content/html/content/src/nsGenericHTMLElement.cpp I still think it's odd that we plan to allow anchors in cached documents to perform page traversals in the relevant docshell (which they get off the prescontext). See the "anchors in cached documents" testcase. Note that that testcase updates the status bar too. As the "forms submit" testcase shows, we also allow forms to submit... It sounds like we need a much clearer concept of what is and what is not allowed in these cached documents and then we need to make sure that we actually satisfy these constraints somehow... We also allow focus() and blur() to do something useful. That's probably wrong... For Focus() it can be fixed easily, but blur() basically assumes that as long as we have a prescontext blurring is ok. I'm not sure we can just pretend to have no prescontext either -- there are various DOM changes that would need to be propagated to the frame tree as things stand (inline style changes, image URI changes, etc). Maybe it would make sense to drop the cached DOM if it gets mutated? >Index: content/html/document/src/nsPluginDocument.cpp >+ } else if (!mStreamListener) { >+ mStreamListener = new nsMediaDocumentStreamListener(this); >+ // XXX no way to indicate OOM I'm not sure what this is trying to do... The mStreamListener is what data is being pumped into by necko when the document starts loading. We really shouldn't need it after we finish loading the document, I suspect; we certainly shouldn't need to recreate it on fast-back... If you're trying to make the plugin show up again on back, that's not the way to do it; you'd have to reopen the network stream yourself or something. To test, load a full-page plugin (http://www.copyright.gov/legislation/dmca.pdf is a good example), go to another page, go back. Notice lack of plugin after back. I don't see changes to nsImageDocument here. Didn't I point out that this patch breaks it? To test, load an image (https://bugzilla.mozilla.org/mozilla-banner.gif will do nicely), then go somewhere, then go back. Note the assert. After this operation, we have a DOM node around that thinks it's in the DOM when it really isn't. After that, some finagling should probably cause it to crash. >Index: content/xbl/src/nsXBLPrototypeHandler.cpp >- focusController = privateWindow->GetRootFocusController(); >+ if (privateWindow) >+ focusController = privateWindow->GetRootFocusController(); I think if we have no privateWindow in here we should be bailing out altogether... I can't think of a reason we'd want to run XBL command handlers in a cached document, in general.
Attachment #181828 - Flags: superreview?(brendan) → superreview+
As I said a few weeks ago on IRC, I don't think a cache of 5 documents per-session-history object is the right approach. I think we should determine when to evict documents based on a global MRU list (perhaps around 25?). Users who keep lots of tabs or windows open probably don't want 5 documents hanging around for all of them, especially ones that haven't been touched for days.
(In reply to comment #70) > As I said a few weeks ago on IRC, I don't think a cache of 5 documents > per-session-history object is the right approach. I think we should determine > when to evict documents based on a global MRU list (perhaps around 25?). Users > who keep lots of tabs or windows open probably don't want 5 documents hanging > around for all of them, especially ones that haven't been touched for days. I'm sure everyone agrees, I mentioned darin and I discussing this last week -- but this should be a followup bug. There's no point in adding to the hurdles for the patch in this bug. Please file one. /be
> I'm sure everyone agrees, I mentioned darin and I discussing this last week -- > but this should be a followup bug. There's no point in adding to the hurdles > for the patch in this bug. Please file one. Yeah, brendan and I spoke about possibly implementing a memory pressure observer since not all pages are equal in size and it is difficult to estimate the size of a page. We of course only implement the memory pressure system on Windows, but in theory it seems like the right approach. We monitor overall memory usage by the browser, and then ask subsystems to reduce memory usage when we see the overal memory usage of the browser increasing. Of course, something simple for bfcache in the meantime seems ideal ;-)
Comment on attachment 181828 [details] [diff] [review] new patch >Index: docshell/base/nsDocShell.cpp >+#include "nsICaret.h" I'm not really so thrilled with making docshell depend on caret... If we can move caret-disabling into presshell (which already knows about caret), great. If not, I guess I can deal. >+nsDocShell::SetSecurityUI(nsISecureBrowserUI *aSecurityUI) >+{ >+ mSecurityUI = aSecurityUI; Do we want to assert here if both mSecurityUI and aSecurityUI are non-null? Or do we really support that correctly? Note to self: This adds another strong ref from docshell to window. Need to update the map. >+nsDocShell::SuspendRefreshURIs() >+ for (PRUint32 i = 0; i < n; ++i) { >+ timer = do_QueryElementAt(mRefreshURIList, --n); That doesn't look right (both incrementing i and decrementing n). In particular, say n == 3. We put the callback from slot 2 in slot 0, then put the callback from slot 1 in slot 1. The callback in slot 0 got lost. >+nsDocShell::CanSavePresentation(nsIRequest *aNewRequest) >+ nsCOMPtr<nsPIDOMWindow> pWin = do_QueryInterface(mScriptGlobal); >+ if (pWin && pWin->IsLoading()) Can pWin be null here? >+ nsCOMPtr<nsIDocument> doc = do_QueryInterface(pWin->GetExtantDocument()); If so, this will crash. I think it makes more sense to return false on null pWin, really. >+ if (doc->HasRequests(aNewRequest)) Unfortunately, this call is far too late... This method is being called when we're setting up the new content viewer, but all network activity for the old document was already stopped by the Stop() call in nsDocShell::InternalLoad. This is why this patch still fails the "resuming network activity" testcase... >+ // Only save presentation for "normal" loads and link loads. Anything else >+ // probably wants to refetch the page, so caching the old presentation >+ // would be incorrect. It might be safe to also cache for LOAD_NORMAL_REPLACE, but that's followup bug material.... >+ // If there is an unload or beforeunload listener on the window, then we do >+ // not save the presentation into the session history cache. What if there's an unload or beforeunload listener on a subframe of this window?In general, it seems to me that we want to save only if we can save the presentation for this docshell _and_ all its descendants. >+nsresult >+nsDocShell::CaptureState() This method, or something like it, needs to be called recursively on all kids of this docshell. We don't want to do the "save the kids in the SHEntry" part for all descendants, and we probably don't want to save the script global objects's properties (since we're not clearing them), but we _do_ want to suspend all timeouts and intervals in subframes, suspend refresh timers, capture any security UI state as needed, etc. As you pointed out we do suspend timeouts and intervals on the kids, but refresh timers in the kids look like they would still fire. >+nsDocShell::RestorePresentation(nsISHEntry *aSHEntry) >+ if (!viewer) { >+ return NS_ERROR_FAILURE; I think NOT_AVAILABLE would make more sense here. >+ nsresult rv = mContentViewer->Open(); >+ NS_ENSURE_SUCCESS(rv, rv); On failure here we have both the SHEntry and the docshell holding a ref to the viewer, which violates the invariant we have about it being owned by one or the other. Fix that? >+ // restore the sticky state of the viewer >+ PRBool sticky; >+ aSHEntry->GetSticky(&sticky); >+ mContentViewer->SetSticky(sticky); It's a little confusing to me that we're saving this state in the viewer but restoring it here.... I guess by this point the viewer doesn't have a ref to the shtentry, right? Might be worth a comment here that we're undoing what Destroy() on the viewer did. >+ // save the previous content viewer size >+ nsRect oldBounds(0, 0, 0, 0); >+ aSHEntry->GetViewerBounds(oldBounds); Not only are we not saving anything here, oldBounds is completely unused... So I'm not sure what this code or the code that saved the bounds in the SHEntry is trying to do, exactly. >+ // Insert the new root view at the correct location in the view tree. >+ if (rootViewParent) { ... >+ if (oldPresShell) >+ oldPresShell->InvalidateViewManagers(); Did you mean to call that on the _new_ shell? I don't see us fixing up the root viewmanager pointer for the new viewmanager anywhere; that's probably causing those asserts I saw. >+ RefreshURIFromQueue(); >+ >+ mOSHE = aSHEntry; >+ EndPageLoad(nsnull, nsnull, NS_OK); EndPageLoad already calls RefreshURIFromQueue, no? So probably no need to do it here. I assume that this avoids firing onload from EndPageLoad because mEODForCurrentDocument is true, right? May be worth documenting that here. >+ if (rootSH && (mLoadType & LOAD_CMD_HISTORY)) { Can we get here if this is not a history load? Perhaps it would make more sense to assert up front in this method that |mLoadType & LOAD_CMD_HISTORY|? >+ nsCOMPtr<nsIPresShell> shell; >+ nsDocShell::GetPresShell(getter_AddRefs(shell)); >+ >+ if (shell) { (when setting the new size) This is duplicating the code for the case when we have a rootViewParent. Perhaps we should unconditionally do some of this earlier so we don't have two copies of this code within 20-some lines of each other? >+ if (mScriptGlobal) { This method earlier asserts that it got a privWin, so mScriptGlobal isn't null by now (or we've crashed). >+ mScriptGlobal->HandleDOMEvent(presContext, &restoreEvent, nsnull, >+ NS_EVENT_FLAG_INIT, &status); I assume there's a reason we don't need to allocate the private data here? >+ // Restart plugins >+ if (shell) >+ shell->StartPlugins(); Is it safe to do this synchronously? That is, can't the plugins run random script as they instantiate (if nothing else, by firing broken-plugin events)? If they can, we could reenter docshell code from in here.... is that something we're OK with? Where do we restore caret visibility? Or do we? >@@ -4727,7 +5209,10 @@ nsDocShell::CreateContentViewer(const ch >+ if (savePresentation) { >+ // The old content viewer will be saved during the call to Embed(). >+ rv = CaptureState(); >+ gSavingOldViewer = PR_TRUE; >+ // XXX this isn't really fatal, necessarily... >+ // should we try to fire unload if NS_FAILED(rv) ? Indeed. Also, if CaptureState fails we want to NOT cache the presentation (because we may not have disabled parts of it that need to be disabled). >+ gSavingOldViewer = PR_FALSE; I'd be much happier with a member var here, just in case Embed causes something else to happen in some other docshell somewhere... If we can do that without increasing docshell size, great. Otherwise, I'll take bigger size in return for safer clearer code. >@@ -5005,6 +5499,7 @@ nsDocShell::SetupNewViewer(nsIContentVie >+ nsCOMPtr<nsIDOMDocument> oldDocument; That seems to be write-only. Is it just holding a reference so the document won't die, or something else? If this really needs to be here, please document why so it won't get removed? >@@ -5627,6 +6131,20 @@ nsDocShell::InternalLoad(nsIURI * aURI, >+ if (!CanSavePresentation(nsnull)) >+ FireUnloadNotification(); >+ >+ mFiredUnloadEvent = PR_FALSE; >+ >+ CaptureState(); Do we really want to do that if CanSavePresentation returned false? I don't think we do. >Index: docshell/base/nsDocShell.h >@@ -395,6 +397,49 @@ protected: >+ // Captures the state of the supporting elements of the presentation >+ // (the "window" object, docshell tree, meta-refresh loads, and security >+ // state) and stores them on |mOSHE|. >+ nsresult CaptureState(); Are there non-fatal error returns? If so, which? >+ // Restores the presentation stored in |aSHEntry|. >+ nsresult RestorePresentation(nsISHEntry *aSHEntry); Again, there are basically nonfatal error returns (eg if we couldn't cache the rpresentation for aSHEntry for some reason). I'm still not quite sure the order of the various calls in this code is right; I'd have to spend another day or so sorting through this stuff to make sure... Titles are probably not updating because SetTitle is called by the content sink on the document, which passes it on to the docshell. So on restore we probably want to get the title from the document and set it on ourselves. The fact that we're not firing any of the usual progress notifications other than OnLocationChange probably means we're breaking some extensions. I'd like to see some reasoning behind why we think it's OK to not fire the other expected web progress listener notifications here (and darin should probably check that reasoning out, since we're basically changing the behavior of the frozen progress listener apis). >Index: docshell/base/nsIContentViewer.idl It would be nice to document >@@ -68,4 +69,21 @@ interface nsIContentViewer : nsISupports >+ * (*) unless the document is currently being printed What will happen if it _is_ being printed? One other thing that sort of bothers me in all this code is that if we fail somewhere we leave the SHEntry holding references to all sorts of stuff (eg whatever propertties were set on the window). It'd really be good to clean that up better. >Index: dom/public/base/nsPIDOMWindow.h >@@ -139,6 +145,12 @@ public: >+ // Returns an object containing the window's state. >+ virtual nsresult SaveWindowState(nsISupports **aState) = 0; This should probably indicate that it also suspends all current timeouts, etc, and stores them all in the state.... That is, this not only saves things into the state but also changes the state of the window. >Index: dom/public/coreEvents/nsIDOMLoadListener.h >+ /** >+ * Processes a DOMPageRestore event. This is dispatched when a page's >+ * presentation is restored from session history (onload does not fire >+ * in this case). Will this fire only for the "topmost" page being restored (unlike onload, which fires for all subframes too)? That's what the code looked like to me... Should this have a behavior more like onload? >Index: dom/src/base/nsGlobalWindow.cpp >+ WindowStateHolder(JSContext *cx, JSObject *aObject, nsGlobalWindow *aWindow); Document the args? >+ JSObject* GetObject() { return mJSObj; } Document this? Same for other methods on this class? >+ nsCOMPtr<nsIEventListenerManager> mListenerManager; >+ nsCOMPtr<nsIDOMElement> mFocusedElement; >+ nsCOMPtr<nsIDOMWindowInternal> mFocusedWindow; I assume you've checked these for cycles and there are no problems? >+CopyJSPropertyArray(JSContext *cx, JSObject *aSource, JSObject *aDest, >+ if (!::JS_IdToValue(cx, props->vector[i], &propname_value) || >+ !JSVAL_IS_STRING(propname_value)) { >+ NS_WARNING("Failed to copy non-string window property\n"); Can that actually happen? If so, shouldn't we actually propagate the error and fall back on normal loads instead of just warning and leading to broken behavior? Is "non-string" referring to the value of the property? Or its name? I'm not really so much following this code, so I'm assuming Brendan has given it a careful review. >+ if (!::JS_GetProperty(cx, aSource, propname_str, &propvalue)) { >+ NS_WARNING("property was found, but get failed"); Again, we should error out. >+ JSObject *stateObj = ::JS_NewObject(cx, &sWindowStateClass, NULL, NULL); >+ NS_ENSURE_TRUE(stateObj, NS_ERROR_OUT_OF_MEMORY); So we have a newly allocated unrooted JSObject... >+ CopyJSProperties(cx, mJSObject, stateObj); And we make JS_DefineUCProperty calls in here. Those can trigger GC. >+ *aState = new WindowStateHolder(cx, stateObj, this); Which means that stateObj may have been GCed by now. I think we want to do all this copying either in the WindowStateHolder or at least after we've created the holder and rooted stateObj. >+nsGlobalWindow::RestoreWindowState(nsISupports *aState) >+ nsIDOMElement *focusedElement = holder->GetFocusedElement(); >+ if (focusedElement) { >+ nsCOMPtr<nsIDOMNSHTMLElement> htmlElement = >+ do_QueryInterface(focusedElement); >+ if (htmlElement) { >+ htmlElement->Focus(); Hmm... So back() will pull focus into the new document we navigate to in most cases (since we left it by clicking a link in it, probably, so focus was in it). I guess that makes some sense.... Shouldn't we focus the window if the element wasn't HTML or XUL? For that matter, don't we have APIs to focus arbitrary elements? Shouldn't we use them? Also, calling Focus() on HTML elements fires the onfocus handler on that element, as well as onblur handlers for whatever element used to have focus. Given the codepath into this code, is that really something we want happening here? Consider handlers starting another load in this very window, or handlers closing the window, or whatever.... >+nsGlobalWindow::SuspendTimeouts() >+ PRInt64 now = PR_IntervalNow(); >+ t->mWhen = PR_MAX(0, t->mWhen - now); No can do. First of all, there is no '-' operator for PRInt64, in general. Second of all, there is no '>' operator for it (which is needed by PR_MAX). Either use nsInt64, or use the LL_* macros as needed here. >+nsGlobalWindow::ResumeTimeouts() >+ t->mWhen += now; Same here. >Index: dom/src/base/nsGlobalWindow.h >+ virtual NS_HIDDEN_(void) SuspendTimeouts(); >+ virtual NS_HIDDEN_(nsresult) ResumeTimeouts(); Why are these virtual? And it's worth documenting what they do (esp. wrt kids). >@@ -215,6 +219,8 @@ public: >+ friend class WindowStateHolder; This will lead to build bustage on some of our platforms, since there is no prior decl of |class WindowStateHolder| (a forward-decl would suffice, outside the nsGlobalWindo class declaration). >Index: layout/base/nsDocumentViewer.cpp > DocumentViewerImpl::Destroy() >+ // This is after Hide() so that the user doesn't see the inputs clear. >+ if (mDocument) >+ mDocument->Sanitize(); Sanitize() can fail. If it does, we'll have sensitive data left sitting around in the cached document. Not only should we be checking the rv here, we should be propagating it back to someplace that nukes the cached viewer (so that on back to a document we failed to Sanitize we'll reparse it). >@@ -1323,8 +1386,9 @@ DocumentViewerImpl::Stop(void) >+ if (mEnableRendering && (mLoaded || mStopped) && mPresContext) { > mPresContext->SetImageAnimationMode(imgIContainer::kDontAnimMode); >+ } Note that this means that image animations in cached documents are disabled, right? I don't see us reenabling them anywhere... Basic testing shows that on back to a document with animated images they're all not animated. >Index: layout/base/nsPresShell.cpp >+void >+PresShell::StartPlugins() What about plugins in subdocuments? I don't see us starting those... Needs to happen. >+PresShell::StopPlugins() Same issue here. >Index: netwerk/base/public/nsISecureBrowserUI.idl >+interface nsISecureBrowserUIState : nsISupports Why do we need an empty interface for this? Why not just use nsISupports? >Index: security/manager/boot/src/nsSecureBrowserUIImpl.h >+ nsresult HandleStateChange(PRBool aIsToplevel, nsIURI *aURI, >+ PRUint32 aLoadFlags, PRUint32 aProgressStateFlgs); This seems to be unused. >Index: toolkit/components/passwordmgr/base/nsPasswordManager.cpp Doesn't the password manager in extensions/wallet also need updating? Note that if we delivered the expected progress/state notifications this change would not be necessary.... >Index: toolkit/content/widgets/browser.xml The xpfe version also needs to be updated, no? >Index: view/src/nsViewManager.cpp >+nsViewManager::InvalidateHierarchy() >+ mRootViewManager = parent->GetViewManager()->RootViewManager(); >+ NS_ADDREF(mRootViewManager); Assert that mRootViewManager != this here, ok? >Index: xpfe/components/shistory/public/nsISHEntry.idl >+ /** >+ * Saved child docshells corresponding to contentViewer. There are weak >+ * references since it's assumed that the content viewer's document has >+ * an owning reference to the subdocument for each shell. That's not a valid assumption, since the DOM of the content viewer's document can be mutated arbitrarily by anyone who happened to grab a pointer to it before we left the page. In fact, the assumption that this list has anything to do with the content viewer document is not a valid assumption as things stand. >+ void addChildShell(in nsIDocShellTreeItem shell); >+ nsIDocShellTreeItem childShellAt(in long index); >+ void clearChildShells(); Documentation, please? In particular it's not clear how one would go about enumerating the child shells in a sane way. If the index is out of bounds (which bounds?), do we return null, throw, or crash? Does addChildShell add to the end? >@@ -77,12 +84,21 @@ nsSHEntry::nsSHEntry(const nsSHEntry &ot >+ , mSticky(other.mSticky) >+ , mViewerBounds(other.mViewerBounds) Do we really want to copy those, but none of the other restoration state, when cloning? >Index: xpfe/components/shistory/src/nsSHistory.cpp >@@ -104,10 +109,10 @@ nsSHistory::Init() Do we care that the pref we added isn't live? And that there's no way for the user to manually flush out this cache? >- nsCOMPtr<nsIPrefBranch> defaultBranch; >- prefs->GetDefaultBranch(nsnull, getter_AddRefs(defaultBranch)); This would regress bug 126826. >@@ -171,7 +176,10 @@ nsSHistory::AddEntry(nsISHEntry * aSHEnt >+ EvictContentViewers(mIndex - 1, mIndex); I suspect this happenns before we store the content viewer in the entry at mIndex - 1, which is why caching 0 viewers doesn't work (caches one or two after all).
Comment on attachment 181828 [details] [diff] [review] new patch OK. So overall design comments now: As I mentioned earlier, I think changing what happens wrt web progress listener notifications (at least the state ones) on session history traversal is a really bad idea. To do this patch right, we need to define what the behavior is for various accesses to the cached document (which is available to various content and chrome scripts). What happens on DOM modification? Calls to DOM interfaces? There needs to be a clear idea of what codepaths are safe to execute in a cached document. Once we have that, we need to make sure that those code paths are the only ones that we execute. There further needs to be a clear concept of how much of the cached presentation should be visible to scripts (eg via computed style) and we need to enforce that. Once we have this codepaths thing sorted out, we need to look at the various ways of triggering them, including the various PLEvents we post in Gecko and the various timers we set up (blink timer come to mind here, as do the object frame timers, XUL listbox timers, menu timers, combobox PLEvents, restyle events, selection scroll events, image box frame events, viewmanager invalidate events, etc). I would like to second David's comment about having a global cache here instead of a per-session-history one. I would also like to say, in case anyone actually cares to listen, that I feel that trying to force this patch in for 1.8/1.1 is a grave mistake. It's nowhere close to being ready as it stands, I suspect it will lead to a number of hard-to-detect regressions that we won't catch before final because of the limited testing schedule. That is, assuming we're still planning to branch for final sometime this June. If we've decided to add another few months to the schedule, then maybe (but not definitely) we could have this working by then.
Attachment #181828 - Flags: review?(bzbarsky) → review-
(In reply to comment #71) > I'm sure everyone agrees, I mentioned darin and I discussing this last week -- > but this should be a followup bug. There's no point in adding to the hurdles > for the patch in this bug. Please file one. Since when is it the responsibility of design and code reviewers to file bugs on the review comments that the patch author chooses to ignore? And sorry, but I think doing something vaguely reasonable regarding eviction does belong in this bug and should block it from landing. Maybe the fancy memory pressure stuff doesn't need to, but a simple change like the one I suggested would help a lot. I've put in quite a few weeks of work on memory leaks in this release cycle alone, mostly cleaning up after other people's messes. I'd rather not see all that work shot to pieces by a patch that's IMO too risky to land anytime in the month before the freeze, never mind nearly a month after the freeze. I'll say more bluntly what I've said somewhat gently before: I am opposed to this patch landing for 1.8. Getting this right for all the corner cases that we need to get right in order to be able to ship is going to take time. We also need to ensure that the API that we provide to web pages for the case where our heuristics don't do the right thing is sufficient and well-documented. And then there are crashes, memory leaks, and catching up from lost testing on all the other things that we're trying to stabilize for the release. I'm tired of planning my own work responsibly around a proposed release schedule and then having everybody else ignore the schedule, start *building feature lists* around or after the freeze, and leave me doing stabilization-before-a-release work for nine months out of the year. And I certainly have no plans to do another leak-cleanup cycle for this release, since I already did that in late February and late March, which was an appropriate time given the schedule that I foolishly believed.
> Since when is it the responsibility of design and code reviewers to file bugs > on the review comments that the patch author chooses to ignore? It's not, I didn't imply that, and bryner hasn't chosen to ignore anything here. It's my opinion, and I said so, that we shouldn't have to do everything in one fell swoop. That can limit testing and serialize work through one hacker and one or a few reviewers, compared to the alternative of followup bugs. I shouldn't have presumed you agreed; sorry about that. > And sorry, but I think doing something vaguely reasonable regarding eviction > does belong in this bug and should block it from landing. Maybe the fancy > memory pressure stuff doesn't need to, but a simple change like the one I > suggested would help a lot. I've put in quite a few weeks of work on memory > leaks in this release cycle alone, mostly cleaning up after other people's > messes. I'd rather not see all that work shot to pieces by a patch that's IMO > too risky to land anytime in the month before the freeze, never mind nearly a > month after the freeze. Then the only hope is that this patch goes on a branch for two months, where in spite of lots of conflicting changes and other demands, bryner manages to keep it alive. That looks like a risky plan too. There's an alternative, but it can't be done without more people helping, even if you personally don't: we get the patch reviewed and fixed more, get it in for an alpha (not necessarily the first alpha), and divide the resulting regression and perf/footprint fixing among a number of people larger than just bryner. > I'll say more bluntly what I've said somewhat gently before: I am opposed to > this patch landing for 1.8. Getting this right for all the corner cases that > we need to get right in order to be able to ship is going to take time. I think it will take more than just time. If it's serialized through one person on a branch, besides the risk of conflicts and other demands leading to that branch becoming a dead limb, the regressions that one person with some review help will never find still must be confronted when it lands. That may be a better plan for everyone else hacking on the code, but it may be a worse plan than the alternative sketched above for users. It's hard to say, but I believe a shipably fixed version patch is more valuable for users than almost any other tradeable big ticket item. It may not be worth as much as a bunch of little fixes to severe bugs, though. There's another point I'd like to make: bz esp., and others including me, talk about document things like docshell, cleaning up interfaces, reforming bad old code. But that is never going to happen as an end in itself -- nor should it! It should happen as part of an aggressive improvement to end-user function such as this patch attempts. That is the best way to guide trade-offs away from diminishing returns. I am still in favor of trying to get this patch into an alpha soon. /be
Sorry for the typos, it's late and it has been a very long day. In a nutshell, my last point comes down to the observation that we should not put off reform as a separate exercise. My next to last point, which I am not sure is a worthwhile generalization, is that forcing ambitious plans to serialize through strong hackers on (virtual or real) branches is limiting our ability to benefit end users and actually improve our codebase at the same time. I think this is likely a half-truth, but my gut says there is something real and important to it. I wonder if we did more pair programming, whether we could get more done, more quickly, and in certain particular dimensions, even if it meant fewer good results among all dimensions. /be
> I am still in favor of trying to get this patch into an alpha soon. pref'ed off with zero regressions in the pref'ed off case, I should have said (it should go without saying!). /be
At some point, I remember there being talk about getting this patch into the tree pref'd off by default. What happened to that idea? This is a big patch, and a valuable one IMO. Getting the code into the tree will not only avoid bit-rot but also allow other people to more easily test and contribute to the patch. Please correct me if I'm mistaken, but it would seem that there should be some pinch-point (or at most a couple) where we can decide whether or not to enable this feature. Trying to get this patch to be 100% perfect before everyone uses it by default is the right goal, but that doesn't mean that it has to be 100% perfect before it is checked into the tree. This patch sort of reminds me of the HTTP/1.1 pipelining patch. If I had not checked in the patch -- pref'd off -- then it would never have landed. It is still not good enough to be enabled by default, but yet people do enable it. Over time, people have reported bugs, and the feature has slowly improved as a result. Now, in some ways pipelining is probably not the best example since it still isn't enabled by default after all these years ;-) That has to do with insurmountable server compatibility issues, but I wouldn't know that if users hadn't tried the feature and reported sites that were broken. This isn't to say that Boris isn't correct in saying that more analysis is needed. Of course, the more we know about the system, the better we can ensure that this patch "hits on all cylinders." I'm just saying that perhaps we're close to a point where we can learn even more from user feedback as well. So, are we anywhere close to be able to land this pref'd off? ;-)
First, people seem to be conveniently forgetting that we're in a _beta_ Gecko milestone. The _second_ beta, in fact. As David points out, we've already gone through a bunch of post-alpha stabilization work on Gecko in the _first_ beta cycle (most done, by David, I admit). Just because Firefox is having an alpha for its UI doesn't exactly make this an "alpha milestone". Second, most of the patch is in code that really shouldn't be changing much in beta and the following final cycle if we're doing things right. So I think it should be reasonable to maintain it until we reopen for 1.9a. If desired I will put my time where my mouth is and stick this in a tree all alone and repost the merged-to-tip patch here when 1.9a opens. Third, minimal requirements for getting this in even preffed of would be (at least; I may be missing something): 1) Having the preffing off actually work 2) Not leaking documents 3) Being very very sure that the ownership model changes in document viewer are OK. 4) Deciding how much we're willing to have not work with the code preffed on (eg, do we need to audit the code for security issues as the DOM is mutated, or do we clearly say that enabling this code can wipe your hard drive and melt your monitor?). The main issue here, of course, is that even preffed off the patch changes some very very fragile code in somewhat nontrivial ways. We'd need to make sure those changes don't break things either, basically.
> First, people seem to be conveniently forgetting that we're in a _beta_ Gecko > milestone. The _second_ beta, in fact. No, I think everyone is quite aware of that (and the complications of refocusing the project on a different major release vehicle). You know as well that this talk is motivated by a desire to make Firefox 1.1 as compelling to users as it can be. Let's not kid ourselves, Firefox is what puts our project on the map. Maybe we are trying for too much... ok, that is a fair argument. > As David points out, we've already gone > through a bunch of post-alpha stabilization work on Gecko in the _first_ beta > cycle (most done, by David, I admit). Just because Firefox is having an alpha > for its UI doesn't exactly make this an "alpha milestone". Yes, lot's of great work has been done to improve Gecko for the 1.8 milestone. No one wants to regress Gecko or undo all that good work ;-) > The main issue here, of course, is that even preffed off the patch changes > some very very fragile code in somewhat nontrivial ways. We'd need to make > sure those changes don't break things either, basically. OK, so it sounds like there is currently no way to pref it off completely. That's definitely a concern.
I pulled last night and built [SeaMonkey] with attachment 181884 [details] [diff] [review]. I didn't set any prefs. 1. open browser (home page is slashdot) 2. load http://www.microsoft.com/whdc/devtools/debugging/default.mspx 3. hit back then forward 4. url bar shows http://www.microsoft.com/whdc/devtools/debugging/default.mspx and page still be slashdot every other time
Between today and 1.1 release there is time for fixing bugs that this patch can regress. And having this feature for 1.1 is IMO extremly important for marketing reasons. There is a lot of interest around this stuff, and I believe that bryner wont be left alone working on fixes for regressions that may happen.
re: comment 82, you also get the following asserts when you do that: ###!!! ASSERTION: User did not call nsIContentViewer::Close: '!mDocument', file mozilla/layout/base/nsDocumentViewer.cpp, line 516 ###!!! ASSERTION: User did not call nsIContentViewer::Destroy: '!mPresShell && !mPresContext', file mozilla/layout/base/nsDocumentViewer.cpp, line 522 This happens even with the max_viewers pref set to 5.
(In reply to comment #83) To clear my comment. I'm just trying to say, that if it would be able to focus resources on this bug and getting it for 1.1 would be extremly valuable IMO. It would give us a lot of good press, and would be a key argument in promotion of Fx 1.1. What I'm not trying to say is that the bugs and regressions should be ignored and this patch checked in asap.
Successful software releases are built around features that help the product's marketability. This is one such feature. I shouldn't have to remind anyone here that Mozilla is facing a threat from Microsoft this summer. I'm not saying we should do a poor job of any one feature, but we need to all be on the same page here. Shipping incremental improvements to existing code as new releases is not the way we ensure our vitality - we need at least a few high impact end user features. Everyone *needs* to understand this, otherwise we will run up against these problems again and again and again. I think there's a lot more we can do here as a team that recognizes the importance of this moment in time before we write this feature off. Anyhow, enough spam from me.
I filed this bug because the previous bug, bug 38486, became overloaded with advocacy. Let's not go there again. The problem here is not advocacy against the feature, as a feature. Nor is it a difference in values about regressions (bryner doesn't want to regress Firefox 1.1). There probably is a difference in judgment about the value of expediting and favoring this feature in spite of the trunk "beta" freeze, but again, that can't be the main problem, or the patch would be in more working order and we would be arguing only about less tangible risks and release philosophies. The problem is that the patch is not ready to land as is. It will cause a storm of dups, and bad user experiences at the margin that will be counterproductive in the developer preview. That's no good, given that bryner is probably pretty crispy right now. To make progress by allowing selected others to enable, test, and even help fix regressions, the change needs to cause no regressions when landed pref'ed off. That's what I've talked to bryner about getting working, and that is what I will support when landing, as I've already said. So let's do that, or tell start a newsgroup thread about why this feature should not be expedited, if possible. /be
bug got my vote! just tried the feature in Opera. I'm amazed...
If we're shipping Firefox 1.1 with this turned on, we need to have the maximum amount of testing. Checking this in preffed off won't get us adequate testing. In fact all it will do is introduce a second codepath which will later cause support problems (not to mention that each codepath multiplies the QA cost). I understand that there is a Gecko cycle and that this is the wrong time to land something like this in the Gecko cycle. But there is also a Firefox cycle and this is the right time to land this in the Firefox cycle. The Firefox cycle is what will ensure the Gecko engine remains relevant in the future. Design problems should be fixed before being checked in. But it needs to go in.
No me-too/gee-whiz bugspam or else; comment 88 is the last one I expect to see. If bryner comes up with a patch that can be pref'ed off by default without any regression in that state, then I will make a benevolent dictator decision to land that patch, so that bryner, myself, and anyone else willing to help (there will be many) can work to get the design and implementation in agreement with the (mostly hidden as usual with our codebase) requirements. This does not mean that I will decide anything else right now, including whether this feature will be on for 1.1. No one can decide that right now -- we lack the information to make an informed decision given the current schedule, and the schedule itself is too uncertain to decide. The pref can be temporary, but it is necessary to land this so bryner does not give up out of frustration. It's unreasonable to expect him to do it all; it is also unreasonable to turn it on and coerce everyone not signed up to help to put up with the regressions likely or known from the current patch. So pref'ing it off and landing it soon are the right moves. I heard dbaron agree in person, which is great. I would like to win bz's agreement. There shouldn't be mistrust that people (specifically, bryer, me, dbaron) will do the wrong thing, (allow us to) ship an unstable release, or walk away from unfixed design or implementation bugs. If we have that level of mistrust, we shouldn't even be here. Yes, this feature is late, and it may not make it for 1.8 / Firefox 1.1. We are making a special case for it, to get it checked in pref'd off, to avoid risking the work being lost, and to get more help while not breaking too many people too soon. That's an executive decision you can blame me for. The buck stops here. /be
If the leaks are fixed, I have no problem with this landing preffed off. I agree that that would prevent it bitrotting and would allow people who want to work on it to do so, which is a very good thing in this case. We have good precedent for this sort of thing with the "scary viewmanager" of olde, which benefited a good bit from the testing it got this way, iirc.
(In reply to comment #69) > >+nsDocument::Sanitize() > > Is there a reason we don't have to worry about autocomplete="off" <textarea> > elements? > Microsoft basically defined the behavior of this attribute, and they only define it to be valid for form and input elements. We don't honor autocomplete=off for textareas for purposes of saving form data, either. > >+nsDocShell::SetSecurityUI(nsISecureBrowserUI *aSecurityUI) > >+{ > >+ mSecurityUI = aSecurityUI; > > Do we want to assert here if both mSecurityUI and aSecurityUI are non-null? Or > do we really support that correctly? > It's just a pointer, what can happen incorrectly? Granted, I wouldn't expect this situation to arise, but I don't see what bad thing happens if it does. > >+ // If there is an unload or beforeunload listener on the window, then we do > >+ // not save the presentation into the session history cache. > > What if there's an unload or beforeunload listener on a subframe of this > window?In general, it seems to me that we want to save only if we can save the > presentation for this docshell _and_ all its descendants. > > >+nsresult > >+nsDocShell::CaptureState() > > This method, or something like it, needs to be called recursively on all kids > of this docshell. We don't want to do the "save the kids in the SHEntry" part > for all descendants, and we probably don't want to save the script global > objects's properties (since we're not clearing them), but we _do_ want to > suspend all timeouts and intervals in subframes, suspend refresh timers, > capture any security UI state as needed, etc. As you pointed out we do suspend > timeouts and intervals on the kids, but refresh timers in the kids look like > they would still fire. > > >+ mScriptGlobal->HandleDOMEvent(presContext, &restoreEvent, nsnull, > >+ NS_EVENT_FLAG_INIT, &status); > > I assume there's a reason we don't need to allocate the private data here? I had to allocate it for the load event so that HandleDOMEvent would not try to set the event's target to the chrome event handler. Instead, the event gets its target from the pres context, which is correct. For the restore event, I am dispatching to the window object, which will set up the target correctly. > > >+ // Restart plugins > >+ if (shell) > >+ shell->StartPlugins(); > > Is it safe to do this synchronously? That is, can't the plugins run random > script as they instantiate (if nothing else, by firing broken-plugin events)? > If they can, we could reenter docshell code from in here.... is that something > we're OK with? I'm not really sure. Maybe jst knows. > > Where do we restore caret visibility? Or do we? We don't, it happens as part of restoring focus. Thinking about it, maybe we should just blur the element instead of messing with the caret. > >Index: docshell/base/nsDocShell.h > >@@ -395,6 +397,49 @@ protected: > > >+ // Captures the state of the supporting elements of the presentation > >+ // (the "window" object, docshell tree, meta-refresh loads, and security > >+ // state) and stores them on |mOSHE|. > >+ nsresult CaptureState(); > > Are there non-fatal error returns? If so, which? I don't think so... if anything here fails we should not store the content viewer in history. > > >+ // Restores the presentation stored in |aSHEntry|. > >+ nsresult RestorePresentation(nsISHEntry *aSHEntry); > > Again, there are basically nonfatal error returns (eg if we couldn't cache the > rpresentation for aSHEntry for some reason). I'm not really following you here, maybe I'm not sure what you mean by "fatal". Fatal in what sense? > > I'm still not quite sure the order of the various calls in this code is right; > I'd have to spend another day or so sorting through this stuff to make sure... > Titles are probably not updating because SetTitle is called by the content sink > on the document, which passes it on to the docshell. So on restore we probably > want to get the title from the document and set it on ourselves. The fact that > we're not firing any of the usual progress notifications other than > OnLocationChange probably means we're breaking some extensions. I'd like to > see some reasoning behind why we think it's OK to not fire the other expected > web progress listener notifications here (and darin should probably check that > reasoning out, since we're basically changing the behavior of the frozen > progress listener apis). > Darin and I talked at length about this and decided to avoid firing progress listener notifications, if at all possible. This is to avoid having to create some kind of dummy request/channel. > One other thing that sort of bothers me in all this code is that if we fail > somewhere we leave the SHEntry holding references to all sorts of stuff (eg > whatever propertties were set on the window). It'd really be good to clean > that up better. Agreed; but I'm not sure where offhand. Most everything is only relevant if there is a content viewer set (or the content viewer is waiting to go into SH), so maybe it makes sense to do a consistency check between the content viewer and the history entry after we return from SavePresentation and RestorePresentation. If the content viewer doesn't have a pointer to the history entry, or vice versa, all of the supporting attributes of the history entry could be nulled out. > >Index: dom/public/coreEvents/nsIDOMLoadListener.h > > >+ /** > >+ * Processes a DOMPageRestore event. This is dispatched when a page's > >+ * presentation is restored from session history (onload does not fire > >+ * in this case). > > Will this fire only for the "topmost" page being restored (unlike onload, which > fires for all subframes too)? That's what the code looked like to me... Should > this have a behavior more like onload? > You're right, it does fire only for the topmost page. Perhaps it should fire for the subframes since they were restored as well. > >+ nsCOMPtr<nsIEventListenerManager> mListenerManager; > >+ nsCOMPtr<nsIDOMElement> mFocusedElement; > >+ nsCOMPtr<nsIDOMWindowInternal> mFocusedWindow; > > I assume you've checked these for cycles and there are no problems? As far as I know, correct. > > >+CopyJSPropertyArray(JSContext *cx, JSObject *aSource, JSObject *aDest, > > >+ if (!::JS_IdToValue(cx, props->vector[i], &propname_value) || > >+ !JSVAL_IS_STRING(propname_value)) { > >+ NS_WARNING("Failed to copy non-string window property\n"); > > Can that actually happen? If so, shouldn't we actually propagate the error and > fall back on normal loads instead of just warning and leading to broken > behavior? Is "non-string" referring to the value of the property? Or its > name? > Brendan said this might be possible with E4X, where the property name can be an object (?), iirc. > >+nsGlobalWindow::RestoreWindowState(nsISupports *aState) ---- More later, I'm up to here with either answering these here or fixing the code (minus the assertions noted, I can test for those after fixing other things up and see if they're still around).
> Darin and I talked at length about this and decided to avoid firing progress > listener notifications, if at all possible. This is to avoid having to create > some kind of dummy request/channel. To be clear, this applies to onStateChange, onStatusChange, and onProgressChange. We will still need to generate onLocationChange and onSecurityChange events. There are cases already where onLocationChange may be called with a null request. As for onSecurityChange, none of the consumers in our tree use the request that is passed to it, presumably because all of the interesting information is available from the associated browser's nsISecureBrowserUI object. We decided that it would be best to try to issue onSecurityChange events with a null request to avoid having to create a dummy request. I asked bryner to post a message to n.p.m.embedding to give people a heads up about this, and I also said that this may end up requiring a dummy request... the challenge with that however is in constructing a dummy request. Does it QI to nsIChannel? If so, does it return a non-null value for nsIChannel::securityInfo? And, if so... what value? Otherwise, I see no problem suppressing the other notifications including onStateChange. Boris: can you think of any problems with this?
> It's just a pointer, what can happen incorrectly? Nothing per se, but I can't think of a non-broken reason it'd be getting set twice.... > Thinking about it, maybe we should just blur the element instead of messing > with the caret. Would that work with caret browsing mode? For that matter, does setting focus (to the window, say) in caret browsing mode reenable the caret if it's been disabled? That sounds odd to me, but... > I'm not really following you here, maybe I'm not sure what you mean by > "fatal". Fatal as in "cases where the return value doesn't indicate that you should just bail out immediately". That is, cases that could happen during normal browser operation that we signal via an error nsresult. For example, if there was no presentation cached in aSHEntry (which is perfectly fine), this method will throw. It would be good to define exactly what it will throw then (and preferably make sure it never throws it otherwise)... > maybe it makes sense to do a consistency check between the content viewer and > the history entry after we return from SavePresentation and > RestorePresentation. That sounds reasonable, yes. It'd only have to be done on error return too... > Perhaps it should fire for the subframes since they were restored as well. It it's meant to serve as a general onload replacement for chrome consumption, that might make sense... but see below.
On the web progress listener issue, talked to Darin some more. The problem, of course, is that of figuring out which approach breaks the smallest number of consumers due to assumptions they make about correlation between changes in what a docshell is showing and WPL notifications. Some specific issues we discussed: 1) The WPL notifications need a request. I think this can be dealt with by just storing the document's channel in the document. The HTML document already does, and the XML document does until end of pageload. The latter could use a boolean to indicate whether the channel is still "live", and we could push mChannel up to nsDocument. This isn't quite perfect, since the channel isn't in the state it normally would be in when STATE_START, say, happens (eg. Darin pointed out its cache entry is closed), but better than nothing. ccing sicking and peterv in case they have thoughts against moving this to nsDocument... 2) The WPL notifications are tightly tied to the firing of load an unload events and consumers may be expecting said events. This is a case of which approach breaks fewest consumers... If we do send WPL notifications and people get confused because of lack of load/unload we could even consider dispatching load/unload events for fastbacked documents to chrome only. That may also break things, of course, if said chrome munges the document onload in a non-idempotent way. Have to try to figure out which breaks more... 3) Which notifications to send. I think onProgressChange makes no sense, nor does onStatusChange. onStateChange with the minimal flags we can use to indicate completion of a full pageload (with all subframes) is probably the best way to go here. If we want to be really close to what we do now, we could even do it for the child docshells of the docshell doing fastback.... Thoughts? Do we have a good idea of what extensions are actually assuming and what our UI code is assuming? For now the one data point I've seen is that password manager depends on STATE_DOCUMENT|STATE_STOP notifications. Note that it depends on getting the for subframes too, by the way. We can fix it up with DOMPageRestore listeners if those are fired on all subdocuments, but again I'm worried that this is a common usage pattern for WPL.
Other thoughts I had about this, in general: 1) It may be worth it to have a way for embeddors (or extensions) veto fastback on a per-document basis (that is, give them a hook into CanSavePresentation). Future-proofing, if nothing else. For example, XForms can then hook into that for whatever XForms has in the way of password inputs. 2) Do we need a way for embeddors to tell that a fastback operation is starting (DOMPageRestore tells them it's done)? I guess if we implement WPL notifications they'll know the document in the docshell is changing. The question is whether they need to know specifically that it's changing because of fastback.
The only important UI progress listener is the browser status handler. At least in the Suite, it needs to see start/stop state, location and security changes as these already have to be synthesized by the tabbrowser when switching tabs. Thinking of tabbrowser, the other notification it sends when switching tabs is the favicon, which expects to see DOMLinkAdded notifications. Otherwise it would need some way of persisting the favicon to restore it during a DOMPageRestore. Thinking of DOMLinkAdded notifications, the link toolbar uses a combination of unload, load, DOMHeadLoaded, DOMLinkAdded and select events. However I think adding support for DOMPageRestore would suffice. In fact, I'd quite like tabbrowser to generate DOMPageRestore events instead of select events. Oh, and I don't think Password Manager should try to restore anything.
Actually I think we can live without state changes, they're only used to force the URL bar to update to the latest page's URL even if it's been typed into.
we must send STATE_STOP notification to listeners. people are using it to figure out when a page finished loading, according to questions asked in the newsgroups ;) a11y may depend on it too...
On a practical note, we're going to be rev'ing the extension version for FF 1.1, so extension authors will be having to update anyway... as long as we clearly document the notification changes, I think they can probably deal.
Yes, but that doesn't help embeddors so much. Again, nsIWPL is a frozen interface, so we should preserve backwards compat in its functioning as much as we can (perfectly if we could, but I don't think we can do that with fastback...)
(In reply to comment #101) > Yes, but that doesn't help embeddors so much. Again, nsIWPL is a frozen > interface, so we should preserve backwards compat in its functioning as much as > we can (perfectly if we could, but I don't think we can do that with fastback...) Well, part of the reasoning that Darin and I had was that max_viewers would be enabled in application- specific prefs, so embedders would have to opt-in.
Right. I'm not saying people can't work around this and all. I'm saying we should do what we can to make it as easy as possible for this feature to be used with minimal code changes in the rest of the Mozilla tree, extensions, embedding apps, etc.
> Right. I'm not saying people can't work around this and all. I'm saying we > should do what we can to make it as easy as possible for this feature to be used > with minimal code changes in the rest of the Mozilla tree, extensions, embedding > apps, etc. This should have zero impact on non-firefox stuff (no workarounds required)... that is, unless other products enable bfcache as well. For example, pink has said that he's interested in enabling bfcache for camino. I'm sure he'll have to change some things to support bfcache, but that's ok.
Ideally, every single Gecko consumer will be able to enable any Gecko feature desired with minimal pain... That's all I'm saying. I'm really not so happy with the "it works in Firefox, so that's ok" approach, and I hope that's not what we're talking about here...
Please, nobody (least of all Darin!) is giving embedders the finger here. Embedders who want to use a more complex history and back/forward model will have to deal with that more complex model. We are giving them the _opportunity_ to use a bfcache, should they want to do the app-side work to make the user experience whatever they desire it to be. Nobody is forcing it on them, and I don't think it's "ideal" to spend effort to prevent embedders from having to write some code here if they want to take advantage of the bfcache. But arguing about an ideal world doesn't seem to be useful here, even if we were to agree on what "ideal" was. If existing embeddings of Gecko can continue unchanged when using a bfcache-capable Gecko, and observe the same behaviour, then we're exactly in the right place; investment in making it a freer lunch for embedders who _do_ want to use bfcache should wait until we know more about what it means to "enable" bfcache, have some idea of what the useful knobs are, and can spot cliches in embedder use. Right now, we only know of one app's use of it (Firefox), and we have far too many embedding interfaces that were frozen on the basis of single data points.
bz, what do you think about this going in? The only changes here that will happen regardless of the pref being enabled are (as far as I know), - nsDocument::SetScriptGlobalObject(nsnull) changes - No longer releasing mDocument in DocumentViewerImpl::Close() If you're comfortable with those changes by themselves, I think this can go in with minimal risk. Here's the complete set of changes since the last patch: - Get rid of default enabled state for firefox - Added documentation for subdocument enumeration in nsIDocument - Added nsIDocument::Destroy(), which does what SetScriptGlobalObject(nsnull) used to do. This is called when the document viewer releases its reference, and fixes the leaks bz pointed out. - Fixed grammar for nsIEventListenerManager.h comments - Got rid of mStreamListener recreation in nsPluginDocument, it's bogus. - Changed nsDocShell gSavingOldViewer to be a member variable - Fixed SuspendRefreshURIs loop copy+paste error - Made CanSavePresentation short-circuit if max_viewers == 0 - Moved caret disabling into nsIPreShell::Freeze - Made RestorePresentation take aCanSavePresentation argument, so that the check can happen before Stop() is called. - Added comments and error checking to RestorePresentation - Merged jst event changes - Got rid of unneeded GetDOMDocument call in SetupNewViewer - Clarified comments in several files. - Made CopyJSPropertyArray a little more bulletproof - Made sure nsGlobalWindow mIsDocumentLoaded is set to true after restoring from shistory
Attachment #182197 - Flags: review?(bzbarsky)
shaver, I'm not saying that we _have_ to do something more complicated. Just that it may be worth considering doing it if the win (a better and more consistent platform) is there and is worth it. I somewhat suspect it is, but I'd welcome data either way. Do we have a reasonable way yet of contacting embedders and extension writers about changes like this? bryner, I'll try to look at the pref'd off patch tonight, but if that doesn't happen it'll have to be Sunday....
One change I forgot to list: - never cache full page plugin documents
er, the interface in question (http://lxr.mozilla.org/seamonkey/source/uriloader/base/nsIWebProgressListener.idl) is already frozen. what is the way to get notified that the current page changed, or is changing, when fastback is involved (if we don't support nsIWebProgressListener for this purpose)?
(In reply to comment #110) > what is the way to get notified that the current page changed, or is changing, > when fastback is involved (if we don't support nsIWebProgressListener for this > purpose)? The DOMPageRestore event.
biesi: WPL.onLocationChange is still called. onLocationChange is the event that tells you when the contents of the webprogress object have really changed. using onStateChange for that purpose is somewhat problematic anyways since STATE_START doesn't mean the thing is going to be loaded in that webprogress anyways, and STATE_STOP happens pretty late. See the WPL implementation here: http://friedfish.homeip.net/~darinf/xulrunner/content/mybrowser/mybrowser.js I believe that that WPL would still function correctly with this bfcache.
DOMPageRestore doesn't help me if I'm watching the global nsIWebProgress. hm, yeah, onLocationChange does, I think... let's hope it suffices...
> onLocationChange is the event that tells you when the contents of the > webprogress object have really changed. That notification is not fired for initial loads in subframes, so currently if you want to keep track of documents as they're being loaded you listen to onStateChange...
ok, so, I probably missed it in the last two dozen comments... but what exactly was the problem with the suggestion in comment 95? it seems like it would be an easy way to keep the semantics of nsIWebProgressListener.
(In reply to comment #73) > >+nsGlobalWindow::SuspendTimeouts() > > >+ PRInt64 now = PR_IntervalNow(); > > >+ t->mWhen = PR_MAX(0, t->mWhen - now); > > No can do. First of all, there is no '-' operator for PRInt64, in general. > Second of all, there is no '>' operator for it (which is needed by PR_MAX). > Either use nsInt64, or use the LL_* macros as needed here. It was my understanding that the need for the LL_ macros was a limitation of the old Mac Codewarrior build, and is not necessary for any platforms we currently compile on. > >Index: dom/src/base/nsGlobalWindow.h > > >+ virtual NS_HIDDEN_(void) SuspendTimeouts(); > >+ virtual NS_HIDDEN_(nsresult) ResumeTimeouts(); > > Why are these virtual? And it's worth documenting what they do (esp. wrt > kids). > Because at one point I had them on nsPIDOMWindow... I'll fix that. > in the cached document. Not only should we be checking the rv here, we should > be propagating it back to someplace that nukes the cached viewer (so that on > back to a document we failed to Sanitize we'll reparse it). > > >@@ -1323,8 +1386,9 @@ DocumentViewerImpl::Stop(void) > > >+ if (mEnableRendering && (mLoaded || mStopped) && mPresContext) { > > mPresContext->SetImageAnimationMode(imgIContainer::kDontAnimMode); > >+ } > > Note that this means that image animations in cached documents are disabled, > right? I don't see us reenabling them anywhere... Basic testing shows that on > back to a document with animated images they're all not animated. > Oops, what I really meant to do here was to leave the animations enabled, since we want to avoid the possibility that the new document shares images (which would also have their animations stop). We need to do some work in imglib to make the animations not be shared between documents. > >Index: netwerk/base/public/nsISecureBrowserUI.idl > > >+interface nsISecureBrowserUIState : nsISupports > > Why do we need an empty interface for this? Why not just use nsISupports? > The idea was to avoid unnecessary QI'ing around. > >Index: toolkit/components/passwordmgr/base/nsPasswordManager.cpp > > Doesn't the password manager in extensions/wallet also need updating? > I'm going to hold off, pending the outcome of the WebProgressListener discussion. > >Index: xpfe/components/shistory/public/nsISHEntry.idl > > >+ /** > >+ * Saved child docshells corresponding to contentViewer. There are weak > >+ * references since it's assumed that the content viewer's document has > >+ * an owning reference to the subdocument for each shell. > > That's not a valid assumption, since the DOM of the content viewer's document > can be mutated arbitrarily by anyone who happened to grab a pointer to it > before we left the page. > > In fact, the assumption that this list has anything to do with the content > viewer document is not a valid assumption as things stand. > Is your suggestion, then, to throw out the cached presentation when the DOM is mutated? Or just to hold strong references here? > >@@ -77,12 +84,21 @@ nsSHEntry::nsSHEntry(const nsSHEntry &ot > >+ , mSticky(other.mSticky) > >+ , mViewerBounds(other.mViewerBounds) > > Do we really want to copy those, but none of the other restoration state, when > cloning? > I'm not actually sure which things it's safe to copy (because I don't entirely understand the circumstances where we clone a history entry). I haven't been thinking about this with the possibility of multiple history entries hanging on the same content viewer (and I can imagine it causing all sorts of problems). So maybe we don't want to copy any of the state... what do you think? > >Index: xpfe/components/shistory/src/nsSHistory.cpp > > >@@ -104,10 +109,10 @@ nsSHistory::Init() > > Do we care that the pref we added isn't live? > I don't, really... there's no UI for it. > And that there's no way for the user to manually flush out this cache? In firefox, when you clear history it clears session history as well. It might be that that's too coarse, but I'd prefer to solve that by making improvements to the eviction behavior rather than exposing something to the user. > > >- nsCOMPtr<nsIPrefBranch> defaultBranch; > >- prefs->GetDefaultBranch(nsnull, getter_AddRefs(defaultBranch)); > > This would regress bug 126826. > Oh, wow, that was intentional. I will restore it and add a comment so that someone doesn't do this again. > >@@ -171,7 +176,10 @@ nsSHistory::AddEntry(nsISHEntry * aSHEnt ---- up to here now, more later
> It was my understanding that the need for the LL_ macros was a limitation It's a limitation of any platform without an 8-byte long long.... We use them pretty consistently in our code, and I'd rather we didn't start misusing the type. If we want to avoid the macros, we should just use nsInt64. > The idea was to avoid unnecessary QI'ing around. But QI'ing from what to what, exactly? Any one could implement this interface (which is even scriptable!). So the cast from it to a concrete class in nsSecureBrowserUIImpl::TransitionToState is equally dangerous no matter whether the interface being cast from is nsISupports or nsISecureBrowserUIState... > Is your suggestion, then, to throw out the cached presentation when the DOM is > mutated? I think this is the only thing that makes sense in general, yes... I don't think we want to have DOM mutations that happen on the hidden document affect the state of what the user fast-backs to. The other option would be to clone the DOM wholesale on mutation and have the clone to fast-back to while the original is mutated. That could take some work, though. Then again, any solution to this issue will take work. :( > I'm not actually sure which things it's safe to copy (because I don't entirely > understand the circumstances where we clone a history entry) We clone in a few cases I can think of: 1) (Most common) Subframe pageloads. These clone the entire session history tree and then replace the subtree rooted at the relevant subframe with the new session history entry for that subframe. 2) When handing out a currentDescriptor via nsIWebPageDescriptor. That clone should probably have anything related to bfcache cleared in it before it's returned. 3) When we do a view-source load via nsIWebPageDescriptor. If #2 is done, this should be a non-issue. Those might well be it. For now I think copying none of the state is safest, since it'll just mean that fastback doesn't happen sometimes when maybe it could. I _think_ the approach you took to eviction (getting the entry via the transaction) will find the entries with the viewers correctly...
Comment on attachment 182197 [details] [diff] [review] pref'd off patch, with some review comments addressed Not repeating earlier review comments that haven't been addressed, on the assumption that there are plans to address them. >+ /** >+ * Notify the document that its associated ContentViewer is being destroyed. >+ * This releases circular references so that the document can go away. So this isn't guaranteed to be called (since not all documents have a content viewer), right? That's sort of what we have now, but may be worth documenting anyway. And please file a followup bug on figuring out why this is needed at all. >Index: content/base/src/nsDocument.cpp >+nsDocument::Destroy() >+ // XXX HACK ALERT! If the script context owner is null, the document Fix the comment? This has nothing to do with the script context owner anymore. >+ // This has to be done before we actually >+ // set the script context owner to null so that the content elements >+ // can remove references to their script objects. Is that still relevant? If so, we have a problem.... If not, it should probably be removed. >Index: docshell/base/nsDocShell.cpp >+nsDocShell::CanSavePresentation(nsIRequest *aNewRequest) >+ // If there is an unload or beforeunload listener on the window, then we do >+ // not save the presentation into the session history cache. Just realized that this doesn't check for such listeners on subdocuments. It probably needs to.... >@@ -5588,6 +6053,11 @@ nsDocShell::InternalLoad(nsIURI * aURI, >+ // Check for saving the presentation here, before calling Stop(). >+ // This is necessary so that we can catch any pending requests. >+ PRBool savePresentation = >+ aSHEntry ? CanSavePresentation(nsnull) : PR_FALSE; This looks wrong, fwiw. aSHEntry is always null for normal loads, so we'll always end up with a PR_FALSE here on, say, a link click. Then we'll stop current network activity, etc, etc. So the checking for network activity is still broken with this patch, if fastback is enabled. Doesn't affect things with it disabled, of course. >+ // If we have a saved content viewer in history, restore and show it now. >+ if (aSHEntry) { >+ if (!savePresentation) >+ FireUnloadNotification(); I don't see why we're doing this (and I should have caught this the first time). This will fire unload here if we can't save the presentation. Why? The old code didn't use to fire unload here.... We need to fire unload if we _restore_ a presentation in this block, but that's handled inside RestorePresentation(). In any case, this is changing the current codepath for history loads in a way that looks wrong to me, and does so even when fastback is disabled. >Index: docshell/base/nsIContentViewer.idl >+ * (*) unless the document is currently being printed, in which case >+ * it will never be saved in session history. But we would have skipped firing unload on it anyway? That doesn't sound so great... Not an issue for in-page listeners (since we check for those), but chrome listening for unload on the content will get a little confused. It might even do that in the non-printing case, though, since we also skip firing unload there (and the user may never hit back). Not an issue for the preffed-off patch, I guess. >Index: layout/base/nsDocumentViewer.cpp > DocumentViewerImpl::~DocumentViewerImpl() >- NS_ASSERTION(!mDocument, "User did not call nsIContentViewer::Close"); Is it normal to have an mDocument here now? If not, perhaps we should leave a warning here? But I'm guessing that it is? The rest looks ok. Note that I didn't read any of the code that's not supposed to execute when fastback is off. So the only parts I really reviewed are the change to docshell to make sure turning it off really leaves it off, the changes to codepaths that are executed when it's off, and the ownership stuff... The issue with firing unload on history traversals needs to be fixed; once that's fixed I guess I'm ok with this being checked in, preffed off, as long as the final code we decide to enable gets reviewed before we enable it.
Attachment #182197 - Flags: review?(bzbarsky) → review-
Attached patch new pref'd off patch (obsolete) — Splinter Review
This patch addresses all of the review comments in this bug, except for a few which I'll mention at the end. Here are the changes from the last patch: - Replaced nsIDocument::HasRequests with CanSavePresentation, which is also overridden by nsPluginDocument to always return false. This checks for pending requests and for unload handlers, recursively. - Change nsGenericElement::ShouldFocus to not allow focus if there is no window. - Fixed nsImageDocument::Destroy/SetScriptGlobalObject. - Fixed nsXBLPrototypeHandler::ExecuteHandler to just bail if it can't get a window. - Made refresh URI suspend/resume recursive - Removed special case in CanSavePresentation for max_viewers == 0, since I fixed the problems in nsSHistory (see below). - Changed securityState to be an nsISupports. - Made DOMPageRestore fire on all subframes, bottom-up. - Added a mechanism to make the saved presentation state of a history entry self-consistent. Call this whenever we had an error saving or restoring a presentation. - Made RestorePresentation return a boolean for whether the presentation was restored; this makes it so there is no error return if we simply hadn't saved the presentation. - On Brendan/jst advice, get rid of saving/restoring exception state in CopyJSPropertyArray. Instead, use LookupUCProperty, and explicitly exclude the location property since we prevent it from being defined. - Clean up focus logic in RestoreWindowState -- don't special case various element types, and don't steal focus away if the toplevel window is not active. - Use nsInt64 where appropriate in nsGlobalWindow::SuspendTimeouts. - Make the document viewer unset the document container and prescontext link handler when the document stores itself into session history. These are restored in Open(). This makes both the form-submit and link-traversal testcases work as expected. - Yank the content viewer back out of history if Sanitize() fails. - Make sure that content viewer eviction runs _after_ storing the content viewer into history (not after creating the history entry). This makes the max_viewers == 0/1 cases work correctly. - Made plugin stop/restore and caret hiding be recursive. - Made password manager only process trusted DOMPageRestore events. - Fixed an unrelated error in nsTypeAheadFind that I found while testing caret browsing (missing QI entry for nsIObserver). - Eliminated need for nsIViewManager::InvalidateHierarchy. Just update the pointers automatically whenever a root view is inserted or removed. Roc thought this would be a good approach; this case is not common at all. - Made sure to clone none of the presentation state for history entries. Now, the issues that I did not address: - It may still be possible for focus and blur to have effects in cached documents - The presentation is not cleared out when the DOM is mutated - I didn't do anything with respect to WebProgressListener notifications; darin and I continue to feel that we should basically try this and see what breaks. - I didn't do anything to address the possibility of reentering docshell code due to plugin start. I believe this could trivially be put off on a PLEvent but I think a wait-and-see approach is best. - Going back fires a focus event on the last-focused content; I still want to test IE and Safari and copy their behavior on this. - I did not do anything to make the cache be global instead of per session-history instance. - I have not yet filed a follow-up bug to determine why nsIDocument::Destroy is needed. All in all I think things are pretty good with this patch, both with it turned off and with it turned on. I'm not seeing any assertions or crashes anymore.
Attachment #182197 - Attachment is obsolete: true
Attachment #182539 - Flags: review?(bzbarsky)
That patch also doesn't address the issue with network requests being killed and restarted. Just try it on the very first testcase I posted in the bug. I pointed out in comment 73 that the current approach to dealing with the issue simply doesn't work.... I'd really prefer that we leave the short-circuit in place, since that will make this a lot easier to review. I simply won't have the time to adequately review the bulk of this patch this week.
Jesus, let's get this in and be done with it already. I can and will fix bugs later. I'm not disappearing tomorrow. If you can't review it this week, we need to find someone who can so that this can go in for alpha. (In reply to comment #120) > That patch also doesn't address the issue with network requests being killed and > restarted. Just try it on the very first testcase I posted in the bug. I > pointed out in comment 73 that the current approach to dealing with the issue > simply doesn't work.... > > I'd really prefer that we leave the short-circuit in place, since that will make > this a lot easier to review. I simply won't have the time to adequately review > the bulk of this patch this week.
Just in case people still are not clear on my position, I want this patch to land pref'd off without regressions, ASAP. I trust bryner to respond to bz's review comments and tests, and do whatever else it takes to fix this bug in the right time frame, with some ability to rest, recouperate, get help, etc. So I think this patch should land tomorrow. /be
Let me rephrase. I believe that the network-activity testcase is not an architectural problem and can be fixed by tweaking the CanSavePresentation logic. I don't think that there is anything right now that should block this from landing turned off, and very little, if anything, that should block it from being turned on. The short-circuit path is convenient for limiting regressions in the short-term, but I think we really want this to just be an immediate ejection from session history, and I think that's pretty safe. Safe enough for 1.1 alpha, in fact.
Perhaps I need to clarify: 1) CanSavePresentation is being called at the wrong time to possibly be able to fix the network-activity testcase. If by "tweak the logic" you mean "call it at a few other places in the load sequence", I buy that, perhaps. If you mean "edit the logic of the existing method", there's no way that will help. 2) I believe the short-circuit is the right way to go in general, not just for my review convenience, since it avoids a fair amount of work for cases when this is disabled. Given that this being disabled is our proposed embedding scenario for the near term, we should make that case reasonable. 3) I'm getting mixed signals here. We want this to land preffed off without regressions but today? It'll take me on the order of 15-20 hours of reviewing time to be able to sign off on that without the short-circuit. With the short-circuit I can do that in 2-3 hours. So I'm going to review this with the assumption that the short-circuit will be put back in (which means I'll not review any code called by CanSavePresentation or any code triggered when that returns true). Then you can land it if you want as far as I'm concerned, as long as that code _is_ reviewed (and tested, dammit!) before the pref is enabled.
I'm not sending mixed messages, I'm trusting bryner to do the right thing. If the patch lands pref'd off and we do a bunch of extra work that's thrown away on every back and forward, we are technically not regressing corrrectness, but we are wasting memory and cycles. The short-circuit code avoids this. But is it really necessary before landing? I said "without regressions". bryner: will everyone who runs default builds (with the pref set to 0) notice the lack of the short circuit? /be
It sounds like Thunderbird does not turn off session history, so without the short circuit this patch will cause presentations to be saved and thrown away on every message load over top of a previous message view. That's a case for fixing Thunderbird and other such apps to disable sesson history altogether in their embeddings. But it also suggests that the short circuit is the safer, more conservative way to handle the pref, besides being more efficient for the pref'd off case. So i'm in favor of the short circuit. But, I still trust bryner to do that as an easy step after landing. At this point followup bugs seems much better for tracking open issues. /be
Is there a mechanism to turn off session history for a particular docshell/<xul:browser>/whathaveyou?
It sounded like Thunderbird didn't disable history, but looking is better than listening -- http://lxr.mozilla.org/aviary101branch/source/mail/base/content/messageWindow.xul#146. There may be other <browser> tags that lack that attribute setting, though. Anyway, please land and fix the short circuit in a separate patch. /be
We should assume that there are embeddings out there that do not turn off session history and won't have any chance to rev code before being using with Gecko 1.8. I'm thinking of Eclipse mainly (I have not tested it), and there may be others.
Comment on attachment 182539 [details] [diff] [review] new pref'd off patch >Index: content/base/src/nsDocument.cpp >+nsDocument::CanSavePresentation(nsIRequest *aNewRequest) >+ if (request && request != aNewRequest) { ... >+ return PR_TRUE; PR_FALSE, right? >Index: content/html/document/src/nsImageDocument.cpp >+nsImageDocument::Destroy() This needs to call the superclass Destroy(). >Index: docshell/base/nsDocShell.cpp >+nsDocShell::FireRestoreEvents() >+{ >+ // These events fire bottom-up, so call this on our children first. >+ PRInt32 n = mChildList.Count(); Followup bug -- if event handlers modify the DOM, this can walk off the end of the array. In general, it's worth sorting out what should happen here if the DOM gets mutated (shell subtrees get removed, say). Similarly, the caller of this method needs to deal with the docshell being removed from the docshell tree; I'm not sure it does. >+nsDocShell::RestorePresentation(nsISHEntry *aSHEntry, PRBool aSavePresentation, >+ // save the previous content viewer size We're getting it, not saving it.... >Index: docshell/base/nsIDocShell.idl >+ void suspendRefreshURIs(); >+ void resumeRefreshURIs(); >+ void fireRestoreEvents(); I really wish we didn't need to put these on a "public" scriptable API... Maybe we can do something like the GetAsDocLoader thing we have... or something. >Index: layout/base/nsPresShell.cpp >+FreezeSubDocument(nsIDocument *aDocument, void *aData) Later on, might be worth doing the recursion in document, not presshell, and freezing all presentations, not just the one at 0. Let's file separate bugs on the remaining issues, since they're starting to get lost here... With the short-circuit restored, this is ok to land, I think. I still haven't really had a chance to trace the details of the session history stuff, but it looks reasonable at first glance. Thank you for bailing out on Sanitize failure! r=bzbarsky (with short-circuit in)
Attachment #182539 - Flags: review?(bzbarsky) → review+
Actually, there is one more serious issue. Open a new window. Load an image (full-page image). Close the window. We crash when trying to remove event listeners off a null event target. This happens no matter what the pref is set to. The problem is that mScriptGlobalObject is null by the time we get into Destroy() there. Setting and unsetting of listeners on the global object should remain in SetScriptGlobalObject, not move to Destroy().
Just to clarify, the r= holds with that crash fixed.
(In reply to comment #127) > Is there a mechanism to turn off session history for a particular > docshell/<xul:browser>/whathaveyou? xul:browser has a 'disablehistory' attribute whose presence prevents (or at least ought to prevent) session history from being used.
Depends on: 292890
- Fixed inverted return value of nsDocument::HasRequests - Fixed nsImageDocument to deal with the window event listeners in SetScriptGlobalObject (the mImageContent listener is still unhooked in Destroy). Also make sure to call nsMediaDocument::Destroy(). - Restored the short-circuit in nsDocShell::CanSavePresentation. Reordered the checks in that method to minimize the overhead in cases where we can't save the presentation (doc->CanSavePresentation() becomes last since it does a recursive crawl of the subdocuments).
Attachment #182539 - Attachment is obsolete: true
That last patch looks good to go to me.
Can someone set a review flag on the last patch?
(In reply to comment #136) > Can someone set a review flag on the last patch? https://bugzilla.mozilla.org/show_bug.cgi?id=274784#c132
Depends on: 292903
I'm getting a build error on Win32 cygwin MinGW which seems to be due to this bugs patch :- e:/mozilla/source/mozilla/dom/src/base/nsGlobalWindow.cpp: In function `nsresult CopyJSPropertyArray(JSContext*, JSObject*, JSObject*, JSIdArray*)': e:/mozilla/source/mozilla/dom/src/base/nsGlobalWindow.cpp:5928: error: invalid s tatic_cast from type `jschar*' to type `PRUnichar*' e:/mozilla/source/mozilla/dom/src/base/nsGlobalWindow.cpp:5962: error: invalid s tatic_cast from type `jschar*' to type `PRUnichar*' make[5]: *** [nsGlobalWindow.o] Error 1
Attached patch mingw fixSplinter Review
Comment on attachment 182608 [details] [diff] [review] pref'd off patch w/ short circuit and crash fix - In CopyJSPropertyArray(): + JSString *propname = JSVAL_TO_STRING(propname_value); + jschar *propname_str = ::JS_GetStringChars(propname); + NS_ENSURE_TRUE(propname_str, NS_ERROR_FAILURE); + + // We exclude the "location" property because restoring it this way is + // problematic. It will "just work" without us explicitly saving or + // restoring the value. + + if (!nsCRT::strcmp(NS_STATIC_CAST(PRUnichar*, propname_str), + NS_LITERAL_STRING("location").get())) { + continue; + } + + size_t propname_len = ::JS_GetStringLength(propname); There is a nsDependentJSString class that you could use here, but you do need the jschar pointer too so I'm not sure it's worth it. Oh, and on an unrelated note, I wonder if the state-saving code could be triggerd from a timeout? If it could, then there's some nasty timer issues to deal with. When an XPCOM timer fires, we may run more than one JS timeout if the XPCOM timer fires late (which is not that uncommon), or if there are more than one timeout with the same deadline. In such a case, we need to stop firing timeouts if we end up saving state, and we need to make sure we never save timeouts that are on the stack (if this code is triggerd from a timeout there will be a timeout in the timeout list that's not heap allocated, look for dummy_timeout in nsGlobalWindow::RunTimeout()). Separate bug, I guess, but it needs fixing, I think (or are location changes from JS *guaranteed* to be async?).
Donno if you guys want comments in here for side effects or not. Some side effects: 1) Seems like there is a short pause before browser starts loading the page...actually I think the page loads before the page displayed except for secure pages (See #3) 2) The favicon is not changing when I go back and forward...the second page I go to, its favicon stays in the address bar. 3) Not instant back/foward with secure servers ie.. paypal, bugzilla, usaa.com...also takes a long time for page to display
File new bugs for new problems, please. Also, study up on this bug before reporting intentional design decisions as bugs (and don't report the paint suppression delay as a bug, if that's what comment 141 #1 is). /be
Component: DOM: Level 0 → History: Session
Depends on: 292926
Blocks: 292934
No longer blocks: 292923, 292933, 292934
Depends on: 292923
No longer depends on: 292926
Blocks: 292933
No longer blocks: 292933
Depends on: 292934
Depends on: 292938
Blocks: 292941
No longer blocks: 292941
Depends on: 292941
Depends on: 292945
Depends on: 292998
This was checked in on 5/4. Leaving the bug open since this is not yet turned on.
(In reply to comment #143) > This was checked in on 5/4. Leaving the bug open since this is not yet turned on. What's the pref to enable this in the nightlies? (I apologise for the bugspam if this was mentioned earlier.)
Alex, I think it should already be enabled in latest builds. The number of pages cached is held in the preference browser.sessionhistory.max_entries and is defaulted to 50, I think.
max_viewers and defaults to 0, actually.
Whiteboard: (o72555) → (o72555)Set browser.sessionhistory.max_viewers to nonzero to test
(In reply to comment #146) > max_viewers and defaults to 0, actually. If max_viewers determines the number of pages to cache and it's set to 0 by default, does that meant that bfcache is disabled by default, in effect?
Depends on: 293049
(In reply to comment #147) > If max_viewers determines the number of pages to cache and it's set to 0 by > default, does that meant that bfcache is disabled by default, in effect? It is currently disabled by default while testing is carried out and as a compromise while other patches are attended to that some people have believed to be more important as they are lower risk.
No longer depends on: 293049
Whiteboard: (o72555)Set browser.sessionhistory.max_viewers to nonzero to test → (o72555)
Depends on: 293049
(In reply to comment #144) > What's the pref to enable this in the nightlies? See http://weblogs.mozillazine.org/chase/archives/008085.html (In reply to comment #145) > The number of pages > cached is held in the preference browser.sessionhistory.max_entries and is > defaulted to 50, I think. That's the number of pages to store in the session history (Go menu, Back/Forward menus). browser.sessionhistory.max_viewers is the relevant preference. (In reply to comment #147) > If max_viewers determines the number of pages to cache and it's set to 0 by > default, does that meant that bfcache is disabled by default, in effect? browser.sessionhistory.max_viewers is the number of pages to store (I think that's per window/tab right now but may become global later). A value of 5 would be sensible. By default, it's not set at all, so the bfcache is disabled. <rant>Most of these questions could be answered just by reading the bug.</rant>
No longer depends on: 285404
This is a great feature. I'm loving it. I would like to report on some side effects I have seen. -when pressing Back or Forward, the page view will first become grey, and then load the page from cache. This isn't the normal behavior that is used when following a link. I think it should be the same -animated GIFs on a page you Back or Forward to will no longer animate -as I think I have read in a previous comment, the website icon isn't displayed anymore on a page that you Back or Forward to
Please report any side effects or issues in new bugs blocking this one if you want them to be fixed.
Depends on: 293074
Whiteboard: (o72555) → (o72555) Set browser.sessionhistory.max_viewers to nonzero to test
No longer depends on: 293074
Related crash cases: #293076
This might have caused bug 293135? Bug is reproducable _without_ enabling the pref
Depends on: 293135
Depends on: 293076
Depends on: 293173
Depends on: 293175
Depends on: 293176
Depends on: 293179
Depends on: 293234
Depends on: 293235
Depends on: 293022
Depends on: 293270
Depends on: 293386
Depends on: 293534
Depends on: 293572
I think that this bug should not block 1.8b2 anymore. Instead I think it should block aviary1.1 and once the time comes the discussion whether to enable or disable this feature should be here.
Depends on: 293588
Depends on: 293698
Depends on: 293700
Depends on: 293709
(http://www.animatedgif.net/sitemessages/download/download.shtml) 1. A page with several animated gif's. Select View Image on one of them 2. See the gif and then push Back. Only one of them (the one you clicked) is only moving. Other are stucked
Filed #293797
Depends on: 293797
No longer depends on: 293797
Depends on: 293793
Depends on: 293606
Depends on: 294258
Depends on: 294231
we'll be tracking blocking regressions individually so I'm pulling this bug off the blocking 1.8b2 radar.
Flags: blocking1.8b2+
Depends on: 294454
Depends on: 294610
Depends on: 293754
Depends on: 295085
Blocks: majorbugs
Depends on: 295591
No longer blocks: majorbugs
Depends on: 295656
Depends on: 295931
Depends on: 296575
Depends on: 296745
Depends on: 296760
Depends on: 297122
Depends on: 292987
Depends on: 293403
Depends on: 297488
Depends on: 297887
Depends on: 297945
Depends on: 298077
Depends on: 298125
No longer depends on: 292948
Depends on: 298133
No longer depends on: 297122
No longer depends on: 297945
Depends on: 298112
Depends on: 298622
Depends on: 298794
Depends on: 297926
Depends on: 299205
Depends on: 299547
Depends on: 299556
No longer depends on: 299205
Depends on: 300411
Depends on: 299853
Depends on: 300533
Depends on: 300538
Depends on: 300642
Depends on: 300663
Depends on: 300800
Depends on: 300802
Depends on: 300863
No longer depends on: 300863
Depends on: 300572
Depends on: 300944
Depends on: 300956
Depends on: 301354
Depends on: 301358
Depends on: 301397
No longer depends on: 293175
Depends on: 293175
Depends on: 301516
Depends on: 301517
Depends on: 298377
Depends on: 302290
Depends on: 299514
Depends on: 302956
Depends on: 303013
Depends on: 303151
Depends on: 303059
Depends on: 303237
Depends on: 303255
No longer depends on: 303237
Depends on: 303311
Depends on: 303360
Depends on: 303327
Depends on: 303267
Depends on: 303637, 303638
Depends on: 303904
Depends on: 304003
Depends on: 304288
Depends on: 304764
Depends on: 304639
Depends on: 305129
Depends on: 305167
Depends on: 300756
Depends on: 304994
Depends on: 303839
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050823 Firefox/1.0+ http://www.key.ru -- DPA2 doesn't put the page in memory and redownload/rerender it when clicking back or forward buttons. If it's a bug, will it be fixed?
Depends on: 305954
Depends on: 305995
Depends on: 306283
(In reply to comment #158) > http://www.key.ru -- DPA2 doesn't put the page in memory and redownload/rerender > it when clicking back or forward buttons. If it's a bug, will it be fixed? It's Bug 292941.
Blocks: 304083
Depends on: 308194
Depends on: 297575
No longer blocks: 38486
*** Bug 38486 has been marked as a duplicate of this bug. ***
Blocks: 164421
Depends on: 310738
Depends on: 311791
Depends on: 312027
Depends on: 312117
Depends on: 312816
No longer blocks: 304083
Depends on: 304083
Depends on: 314400
Depends on: 307178
Depends on: 314288
Depends on: 314549
Depends on: 317380
Depends on: 319527
Depends on: 306862
Depends on: 322725
Depends on: 328722
Depends on: 328752
done.
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Depends on: 333050
Depends on: 319551
Depends on: 309993
Depends on: 338542
Depends on: 314362
Depends on: 343258
Component: History: Session → Document Navigation
QA Contact: ian → docshell
Depends on: 343747
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: