Migrate DevToolsSession to use GC mojo wrappers.

No behavior change. This CL reduces potential risks of use-after-free bugs. Bug: 1049056 Change-Id: Ic89e4b35dc6348038fb7ee96581d24ebed8ae3ae Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2196092Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Kouhei Ueno <kouhei@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Minoru Chikamune <chikamune@chromium.org> Cr-Commit-Position: refs/heads/master@{#774532}

Migrate DevToolsSession to use GC mojo wrappers.
No behavior change. This CL reduces potential risks of use-after-free bugs. Bug: 1049056 Change-Id: Ic89e4b35dc6348038fb7ee96581d24ebed8ae3ae Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2196092Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Kouhei Ueno <kouhei@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Minoru Chikamune <chikamune@chromium.org> Cr-Commit-Position: refs/heads/master@{#774532}
b8b59170 · Minoru Chikamune · Commit Bot · 58d01c37 · b8b59170 · b8b59170
Commit b8b59170 authored Jun 03, 2020 by Minoru Chikamune Committed by Commit Bot Jun 03, 2020
4 changed files
--- a/third_party/blink/renderer/core/inspector/devtools_agent.cc
+++ b/third_party/blink/renderer/core/inspector/devtools_agent.cc
@@ -200,7 +200,8 @@ void DevToolsAgent::AttachDevToolsSessionImpl(
  DevToolsSession* session = MakeGarbageCollected<DevToolsSession>(
      this, std::move(host), std::move(session_receiver),
      std::move(io_session_receiver), std::move(reattach_session_state),
-      client_expects_binary_responses, session_id);
+      client_expects_binary_responses, session_id,
+      inspector_task_runner_->isolate_task_runner());
  sessions_.insert(session);
  client_->DebuggerTaskFinished();
 }

--- a/third_party/blink/renderer/core/inspector/devtools_session.cc
+++ b/third_party/blink/renderer/core/inspector/devtools_session.cc
@@ -64,7 +64,7 @@ class DevToolsSession::IOSession : public mojom::blink::DevToolsSession {
                                            WTF::Passed(std::move(receiver))));
  }
-  ~IOSession() override {}
+  ~IOSession() override = default;
  void BindInterface(
      mojo::PendingReceiver<mojom::blink::DevToolsSession> receiver) {
@@ -117,20 +117,22 @@ DevToolsSession::DevToolsSession(
    mojo::PendingReceiver<mojom::blink::DevToolsSession> io_receiver,
    mojom::blink::DevToolsSessionStatePtr reattach_session_state,
    bool client_expects_binary_responses,
-    const String& session_id)
+    const String& session_id,
+    scoped_refptr<base::SequencedTaskRunner> mojo_task_runner)
    : agent_(agent),
-      receiver_(this, std::move(main_receiver)),
      inspector_backend_dispatcher_(new protocol::UberDispatcher(this)),
      session_state_(std::move(reattach_session_state)),
      client_expects_binary_responses_(client_expects_binary_responses),
      v8_session_state_(kV8StateKey),
      v8_session_state_cbor_(&v8_session_state_, /*default_value=*/{}),
      session_id_(session_id) {
+  receiver_.Bind(std::move(main_receiver), mojo_task_runner);
  io_session_ = new IOSession(
      agent_->io_task_runner_, agent_->inspector_task_runner_,
      WrapCrossThreadWeakPersistent(this), std::move(io_receiver));
-  host_remote_.Bind(std::move(host_remote));
+  host_remote_.Bind(std::move(host_remote), mojo_task_runner);
  host_remote_.set_disconnect_handler(
      WTF::Bind(&DevToolsSession::Detach, WrapWeakPersistent(this)));
@@ -157,7 +159,7 @@ void DevToolsSession::ConnectToV8(v8_inspector::V8Inspector* inspector,
 }
 bool DevToolsSession::IsDetached() {
-  return !host_remote_.is_bound();
+  return !io_session_;
 }
 void DevToolsSession::Append(InspectorAgent* agent) {
@@ -349,6 +351,8 @@ void DevToolsSession::FlushProtocolNotifications() {
 }
 void DevToolsSession::Trace(Visitor* visitor) const {
+  visitor->Trace(receiver_);
+  visitor->Trace(host_remote_);
  visitor->Trace(agent_);
  visitor->Trace(agents_);
 }

--- a/third_party/blink/renderer/core/inspector/devtools_session.h
+++ b/third_party/blink/renderer/core/inspector/devtools_session.h
@@ -8,8 +8,6 @@
 #include <memory>
 #include "base/callback.h"
 #include "base/macros.h"
-#include "mojo/public/cpp/bindings/associated_receiver.h"
-#include "mojo/public/cpp/bindings/associated_remote.h"
 #include "mojo/public/cpp/bindings/pending_associated_receiver.h"
 #include "mojo/public/cpp/bindings/pending_associated_remote.h"
 #include "mojo/public/cpp/bindings/pending_receiver.h"
@@ -18,6 +16,9 @@
 #include "third_party/blink/renderer/core/inspector/inspector_session_state.h"
 #include "third_party/blink/renderer/core/inspector/protocol/Forward.h"
 #include "third_party/blink/renderer/platform/heap/handle.h"
+#include "third_party/blink/renderer/platform/mojo/heap_mojo_associated_receiver.h"
+#include "third_party/blink/renderer/platform/mojo/heap_mojo_associated_remote.h"
+#include "third_party/blink/renderer/platform/mojo/heap_mojo_wrapper_mode.h"
 #include "third_party/blink/renderer/platform/wtf/forward.h"
 #include "third_party/blink/renderer/platform/wtf/text/wtf_string.h"
 #include "third_party/blink/renderer/platform/wtf/vector.h"
@@ -45,7 +46,8 @@ class CORE_EXPORT DevToolsSession : public GarbageCollected<DevToolsSession>,
      mojo::PendingReceiver<mojom::blink::DevToolsSession> io_receiver,
      mojom::blink::DevToolsSessionStatePtr reattach_session_state,
      bool client_expects_binary_responses,
-      const String& session_id);
+      const String& session_id,
+      scoped_refptr<base::SequencedTaskRunner> mojo_task_runner);
  ~DevToolsSession() override;
  void ConnectToV8(v8_inspector::V8Inspector*, int context_group_id);
@@ -102,8 +104,15 @@ class CORE_EXPORT DevToolsSession : public GarbageCollected<DevToolsSession>,
      std::vector<uint8_t> message) const;
  Member<DevToolsAgent> agent_;
-  mojo::AssociatedReceiver<mojom::blink::DevToolsSession> receiver_;
+  // DevToolsSession is not tied to ExecutionContext
-  mojo::AssociatedRemote<mojom::blink::DevToolsSessionHost> host_remote_;
+  HeapMojoAssociatedReceiver<mojom::blink::DevToolsSession,
+                             DevToolsSession,
+                             HeapMojoWrapperMode::kWithoutContextObserver>
+      receiver_{this, nullptr};
+  // DevToolsSession is not tied to ExecutionContext
+  HeapMojoAssociatedRemote<mojom::blink::DevToolsSessionHost,
+                           HeapMojoWrapperMode::kWithoutContextObserver>
+      host_remote_{nullptr};
  IOSession* io_session_;
  std::unique_ptr<v8_inspector::V8InspectorSession> v8_session_;
  std::unique_ptr<protocol::UberDispatcher> inspector_backend_dispatcher_;

--- a/third_party/blink/renderer/core/inspector/inspector_task_runner.h
+++ b/third_party/blink/renderer/core/inspector/inspector_task_runner.h
@@ -52,6 +52,10 @@ class CORE_EXPORT InspectorTaskRunner final
  // execution.
  void AppendTaskDontInterrupt(Task) LOCKS_EXCLUDED(mutex_);
+  scoped_refptr<base::SingleThreadTaskRunner> isolate_task_runner() {
+    return isolate_task_runner_;
+  }
 private:
  friend ThreadSafeRefCounted<InspectorTaskRunner>;
  explicit InspectorTaskRunner(