This alters nsIWebBrowserPersistable so that startPersistence takes an
outerWindowID. This allows us to target a particular subframe from
beneath an nsFrameLoader, which is useful when attempting to Save
Frame As a remote browser.
The creation of the surrogate native window in the child NPAPI process was
failing when then sandbox was at low integrity, because the parent is from the
chrome process, so at medium integrity.
Instead of making an IPC call to get the parent, we now create the window upfront
and send it in an IPC message to be parented in the chrome process.
This is done with asynchronous messaging.
We send a pagehide event during swapping docshell frame loaders, and
before this patch we would not be able to differentiate this event with
the one that we send when navigating away from a page, so we would
incorrectly dispatch an audio-playback notification indicating that
audio playback has stopped. This patch adds a flag to the root docshell
when the frame loader swapping is in progress and disables the above
behavior when that flag is set.
The high-level overview is that the parts of nsWebBrowserPersist which
access the DOM have been factored out (as WebBrowserPersistLocalDocument)
and abstracted (nsIWebBrowserPersistDocument) such that they can be
implemented in the cross-process case using IPC.
This allows us to send a sync fork request to the Nuwa process when we need one but there is no
spare process available. After an app is launched, the request to fork a spare process is still
handled asynchronously.
There are a variety of ways that the parent and child process ensure that
the child process exits quickly in opt builds, but for AddressSanitizer
builds we want to let the child process to run to completion, so that we
can get a LeakSanitizer report.
This requires adding some addition LSan suppressions, because running
LSan in child processes detects some new leaks.
We were returning a nullptr from AllocPRenderFrameParent in TabParent, which causes
a killhard abort in the child. We suspect this is occurring because the TabParent
is attempting to kick off drawing in a tab that's already closed (so there is no
frame loader, which means we can't create a PRenderFrameParent). So now, we return
a PRenderFrameParent* even if constructing it was unsuccessful, and the child
destroys it once it confirms that there is an invalid layer ID associated with
the RenderFrame.
