| blob | b9c5be36a75c1c6896c7a7e1ebe7793720f0eceb |
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
7 #include <utility>
46 Referrer referrer,
47 PageTransition page_transition,
57 }
64 }
89 // We should always have a current RenderFrameHost except in some tests.
92 // TODO(creis): Now that we aren't using Shutdown, make RenderFrameHostMap
93 // use scoped_ptrs.
94 // Delete any swapped out RenderFrameHosts.
99 }
100 }
106 // Create a RenderViewHost and RenderFrameHost, once we have an instance. It
107 // is important to immediately give this SiteInstance to a RenderViewHost so
108 // that the SiteInstance is ref counted.
116 // Keep track of renderer processes as they start to shut down or are
117 // crashed/killed.
122 }
128 }
134 }
142 }
149 // If we have assigned (zero or more) bindings to this NavigationEntry in the
150 // past, make sure we're not granting it different bindings than it had
151 // before. If so, note it and don't give it any bindings, to avoid a
152 // potential privilege escalation.
159 }
160 }
165 // Create a pending RenderFrameHost to use for the navigation.
171 // If the current render_frame_host_ isn't live, we should create it so
172 // that we don't show a sad tab while the dest_render_frame_host fetches
173 // its first page. (Bug 1145340)
176 // Note: we don't call InitRenderView here because we are navigating away
177 // soon anyway, and we don't have the NavigationEntry for this host.
180 }
182 // If the renderer crashed, then try to create a new one to satisfy this
183 // navigation request.
185 // Recreate the opener chain.
189 opener_route_id))
192 // Now that we've created a new renderer, be sure to hide it if it isn't
193 // our primary one. Otherwise, we might crash if we try to call Show()
194 // on it later.
199 // This is our primary renderer, notify here as we won't be calling
200 // CommitPending (which does the notify). We only do this for top-level
201 // frames.
204 }
205 }
207 // If entry includes the request ID of a request that is being transferred,
208 // the destination render frame will take ownership, so release ownership of
209 // the request.
214 }
217 }
222 // If we are cross-navigating, we should stop the pending renderers. This
223 // will lead to a DidFailProvisionalLoad, which will properly destroy them.
227 }
228 }
234 }
240 // We should always have a pending RFH when there's a cross-process navigation
241 // in progress. Sanity check this for http://crbug.com/276333.
244 // If the tab becomes unresponsive during {before}unload while doing a
245 // cross-site navigation, proceed with the navigation. (This assumes that
246 // the pending RenderFrameHost is still responsive.)
248 // The request has been started and paused while we're waiting for the
249 // unload handler to finish. We'll pretend that it did. The pending
250 // renderer will then be swapped in as part of the usual DidNavigate logic.
251 // (If the unload handler later finishes, this call will be ignored because
252 // the pending_nav_params_ state will already be cleaned up.)
256 // Haven't gotten around to starting the request, because we're still
257 // waiting for the beforeunload handler to finish. We'll pretend that it
258 // did finish, to let the navigation proceed. Note that there's a danger
259 // that the beforeunload handler will later finish and possibly return
260 // false (meaning the navigation should not proceed), but we'll ignore it
261 // in this case because it took too long.
266 }
267 }
269 }
276 // Ignore if we're not in a cross-site navigation.
281 // Ok to unload the current page, so proceed with the cross-site
282 // navigation. Note that if navigations are not currently suspended, it
283 // might be because the renderer was deemed unresponsive and this call was
284 // already made by ShouldCloseTabOnUnresponsiveRenderer. In that case, it
285 // is ok to do nothing here.
291 }
293 // Current page says to cancel.
296 }
298 // Non-cross site transition means closing the entire tab.
304 // If we're about to close the tab and there's a pending RFH, cancel it.
305 // Otherwise, if the navigation in the pending RFH completes before the
306 // close in the current RFH, we'll lose the tab close.
310 }
312 // This is not a cross-site navigation, the tab is being closed.
314 }
315 }
316 }
324 PageTransition page_transition,
326 // This should be called either when the pending RFH is ready to commit or
327 // when we realize that the current RFH's request requires a transfer.
331 // TODO(creis): Eventually we will want to check all navigation responses
332 // here, but currently we pass information for a transfer if
333 // ShouldSwapProcessesForRedirect returned true in the network stack.
334 // In that case, we should set up a transfer after the unload handler runs.
335 // If |cross_site_transferring_request| is NULL, we will just run the unload
336 // handler and resume.
341 should_replace_current_entry));
343 // Run the unload handler of the current page.
345 }
349 // Make sure this is from our current RFH, and that we have a pending
350 // navigation from OnCrossSiteResponse. (There may be no pending navigation
351 // for data URLs that don't make network requests, for example.) If not,
352 // just return early and ignore.
356 }
358 // Now that the unload handler has run, we need to either initiate the
359 // pending transfer (if there is one) or resume the paused response (if not).
360 // TODO(creis): The blank swapped out page is visible during this time, but
361 // we can shorten this by delivering the response directly, rather than
362 // forcing an identical request to be made.
364 // Sanity check that the params are for the correct frame and process.
365 // These should match the RenderFrameHost that made the request.
366 // If it started as a cross-process navigation via OpenURL, this is the
367 // pending one. If it wasn't cross-process until the transfer, this is the
368 // current one.
378 // Treat the last URL in the chain as the destination and the remainder as
379 // the redirect chain.
384 // We don't know whether the original request had |user_action| set to true.
385 // However, since we force the navigation to be in the current tab, it
386 // doesn't matter.
388 render_frame_host,
389 transfer_url,
393 CURRENT_TAB,
403 }
405 }
412 // We should only hear this from our current renderer.
415 // Even when there is no pending RVH, there may be a pending Web UI.
419 }
422 // The pending cross-site navigation completed, so show the renderer.
423 // If it committed without sending network requests (e.g., data URLs),
424 // then we still need to swap out the old RFH first and run its unload
425 // handler, only if it hasn't happened yet. OK for that to happen in the
426 // background.
432 }
437 // A navigation in the original page has taken place. Cancel the pending
438 // one.
442 // No one else should be sending us DidNavigate in this state.
444 }
445 }
447 // TODO(creis): Take in RenderFrameHost instead, since frames can have openers.
449 // Notify all swapped out hosts, including the pending RVH.
456 }
457 }
461 // Remove any swapped out RVHs from this process, so that we don't try to
462 // swap them back in while the process is exiting. Start by finding them,
463 // since there could be more than one.
470 }
472 // Now delete them.
477 }
478 }
481 // Should only see this while we have a pending renderer or transfer.
484 // Tell the renderer to suppress any further modal dialogs so that we can swap
485 // it out. This must be done before canceling any current dialog, in case
486 // there is a loop creating additional dialogs.
487 // TODO(creis): Handle modal dialogs in subframe processes.
490 // Now close any modal dialogs that would prevent us from swapping out. This
491 // must be done separately from SwapOut, so that the PageGroupLoadDeferrer is
492 // no longer on the stack when we send the SwapOut message.
496 // The RenderFrameHost being swapped out becomes the proxy for this
497 // frame in its parent's process. CrossProcessFrameConnector
498 // initialization only needs to happen on an initial cross-process
499 // navigation, when the RenderFrame leaves the same process as its parent.
500 // The same CrossProcessFrameConnector is used for subsequent cross-
501 // process navigations, but it will be destroyed if the Frame is
502 // navigated back to the same site instance as its parent.
503 // TODO(kenrb): This will change when RenderFrameProxyHost is created.
505 cross_process_frame_connector_ =
507 }
508 }
510 // Tell the old frame it is being swapped out. This will fire the unload
511 // handler in the background (without firing the beforeunload handler a second
512 // time). When the navigation completes, we will send a message to the
513 // ResourceDispatcherHost, allowing the pending RVH's response to resume.
516 // ResourceDispatcherHost has told us to run the onunload handler, which
517 // means it is not a download or unsafe page, and we are going to perform the
518 // navigation. Thus, we no longer need to remember that the RenderFrameHost
519 // is part of a pending cross-site request.
523 }
524 }
527 int32 site_instance_id,
533 }
548 }
549 }
552 int32 site_instance_id,
558 // If the RVH is pending swap out, it needs to switch state to
559 // pending shutdown. Otherwise it is deleted.
565 site_instance_id,
566 swapped_out_rfh));
574 }
577 }
579 }
582 }
585 // False in the single-process mode, as it makes RVHs to accumulate
586 // in swapped_out_hosts_.
587 // True if we are using process-per-site-instance (default) or
588 // process-per-site (kProcessPerSite).
589 return
592 }
599 // If new_entry already has a SiteInstance, assume it is correct. We only
600 // need to force a swap if it is in a different BrowsingInstance.
604 }
606 // Check for reasons to swap processes even if we are in a process model that
607 // doesn't usually swap (e.g., process-per-tab). Any time we return true,
608 // the new_entry will be rendered in a new SiteInstance AND BrowsingInstance.
610 // We use the effective URL here, since that's what is used in the
611 // SiteInstance's site and when we later call IsSameWebSite. If there is no
612 // current_entry, check the current SiteInstance's site, which might already
613 // be committed to a Web UI URL (such as the NTP).
623 // Don't force a new BrowsingInstance for debug URLs that are handled in the
624 // renderer process, like javascript: or chrome://crash.
628 // For security, we should transition between processes when one is a Web UI
629 // page and one isn't.
632 // If so, force a swap if destination is not an acceptable URL for Web UI.
633 // Here, data URLs are never allowed.
637 }
639 // Force a swap if it's a Web UI URL.
643 }
644 }
646 // Check with the content client as well. Important to pass current_url here,
647 // which uses the SiteInstance's site if there is no current_entry.
652 }
654 // We can't switch a RenderView between view source and non-view source mode
655 // without screwing up the session history sometimes (when navigating between
656 // "view-source:http://foo.com/" and "http://foo.com/", Blink doesn't treat
657 // it as a new navigation). So require a BrowsingInstance switch.
663 }
675 }
681 // Determine which SiteInstance to use for navigating to |entry|.
687 // If the entry has an instance already we should use it.
689 // If we are forcing a swap, this should be in a different BrowsingInstance.
693 }
695 }
697 // If a swap is required, we need to force the SiteInstance AND
698 // BrowsingInstance to be different ones, using CreateForURL.
702 // (UGLY) HEURISTIC, process-per-site only:
703 //
704 // If this navigation is generated, then it probably corresponds to a search
705 // query. Given that search results typically lead to users navigating to
706 // other sites, we don't really want to use the search engine hostname to
707 // determine the site instance for this navigation.
708 //
709 // NOTE: This can be removed once we have a way to transition between
710 // RenderViews in response to a link click.
711 //
714 PAGE_TRANSITION_GENERATED)) {
716 }
721 // If we haven't used our SiteInstance (and thus RVH) yet, then we can use it
722 // for this entry. We won't commit the SiteInstance to this site until the
723 // navigation commits (in DidNavigate), unless the navigation entry was
724 // restored or it's a Web UI as described below.
726 // If we've already created a SiteInstance for our destination, we don't
727 // want to use this unused SiteInstance; use the existing one. (We don't
728 // do this check if the current_instance has a site, because for now, we
729 // want to compare against the current URL and not the SiteInstance's site.
730 // In this case, there is no current URL, so comparing against the site is
731 // ok. See additional comments below.)
732 //
733 // Also, if the URL should use process-per-site mode and there is an
734 // existing process for the site, we should use it. We can call
735 // GetRelatedSiteInstance() for this, which will eagerly set the site and
736 // thus use the correct process.
741 use_process_per_site) {
743 }
745 // For extensions, Web UI URLs (such as the new tab page), and apps we do
746 // not want to use the current_instance if it has no site, since it will
747 // have a RenderProcessHost of PRIV_NORMAL. Create a new SiteInstance for
748 // this URL instead (with the correct process type).
752 // View-source URLs must use a new SiteInstance and BrowsingInstance.
753 // TODO(nasko): This is the same condition as later in the function. This
754 // should be taken into account when refactoring this method as part of
755 // http://crbug.com/123007.
759 // If we are navigating from a blank SiteInstance to a WebUI, make sure we
760 // create a new SiteInstance.
764 }
766 // Normally the "site" on the SiteInstance is set lazily when the load
767 // actually commits. This is to support better process sharing in case
768 // the site redirects to some other site: we want to use the destination
769 // site in the site instance.
770 //
771 // In the case of session restore, as it loads all the pages immediately
772 // we need to set the site first, otherwise after a restore none of the
773 // pages would share renderers in process-per-site.
778 }
780 // Otherwise, only create a new SiteInstance for a cross-site navigation.
782 // TODO(creis): Once we intercept links and script-based navigations, we
783 // will be able to enforce that all entries in a SiteInstance actually have
784 // the same site, and it will be safe to compare the URL against the
785 // SiteInstance's site, as follows:
786 // const GURL& current_url = current_instance->site();
787 // For now, though, we're in a hybrid model where you only switch
788 // SiteInstances if you type in a cross-site URL. This means we have to
789 // compare the entry's URL to the last committed entry's URL.
792 // The interstitial is currently the last committed entry, but we want to
793 // compare against the last non-interstitial entry.
795 }
796 // If there is no last non-interstitial entry (and current_instance already
797 // has a site), then we must have been opened from another tab. We want
798 // to compare against the URL of the page that opened us, but we can't
799 // get to it directly. The best we can do is check against the site of
800 // the SiteInstance. This will be correct when we intercept links and
801 // script-based navigations, but for now, it could place some pages in a
802 // new process unnecessarily. We should only hit this case if a page tries
803 // to open a new tab to an interstitial-inducing URL, and then navigates
804 // the page to a different same-site URL. (This seems very unlikely in
805 // practice.)
809 // View-source URLs must use a new SiteInstance and BrowsingInstance.
810 // We don't need a swap when going from view-source to a debug URL like
811 // chrome://crash, however.
812 // TODO(creis): Refactor this method so this duplicated code isn't needed.
813 // See http://crbug.com/123007.
818 }
820 // Use the current SiteInstance for same site navigations, as long as the
821 // process type is correct. (The URL may have been installed as an app since
822 // the last time we visited it.)
826 }
828 // Start the new renderer in a new SiteInstance, but in the current
829 // BrowsingInstance. It is important to immediately give this new
830 // SiteInstance to a RenderViewHost (if it is different than our current
831 // SiteInstance), so that it is ref counted. This will happen in
832 // CreateRenderView.
834 }
845 // Create a RVH for main frames, or find the existing one for subframes.
854 // If we haven't found a RVH for a subframe RFH, it's because we currently
855 // do not create top-level RFHs for pending subframe navigations. Create
856 // the RVH here for now.
857 // TODO(creis): Mirror the frame tree so this check isn't necessary.
861 hidden);
862 }
863 }
865 // TODO(creis): Make render_frame_host a scoped_ptr.
866 // TODO(creis): Pass hidden to RFH.
869 render_frame_delegate_,
870 frame_tree,
871 frame_tree_node_,
872 frame_routing_id,
875 }
885 // We are creating a pending or swapped out RFH here. We should never create
886 // it in the same SiteInstance as our current RFH.
889 // Check if we've already created an RFH for this SiteInstance. If so, try
890 // to re-use the existing one, which has already been initialized. We'll
891 // remove it from the list of swapped out hosts if it commits.
900 // Prevent the process from exiting while we're trying to use it.
904 // Detect if this is a cross-process child frame that is navigating
905 // back to the same SiteInstance as its parent.
911 }
912 }
914 // Create a new RenderFrameHost if we don't find an existing one.
915 // TODO(creis): Make new_render_frame_host a scoped_ptr.
918 hidden);
920 // If the new RFH is swapped out already, store it. Otherwise prevent the
921 // process from exiting while we're trying to navigate in it.
926 }
932 // Don't show the main frame's view until we get a DidNavigate from it.
936 }
937 }
939 // Use this as our new pending RFH if it isn't swapped out.
944 }
948 // We may have initialized this RenderViewHost for another RenderFrameHost.
952 // If the pending navigation is to a WebUI and the RenderView is not in a
953 // guest process, tell the RenderViewHost about any bindings it will need
954 // enabled.
958 // Ensure that we don't create an unprivileged RenderView in a WebUI-enabled
959 // process unless it's swapped out.
965 }
966 }
970 }
973 // First check whether we're going to want to focus the location bar after
974 // this commit. We do this now because the navigation hasn't formally
975 // committed yet, so if we've already cleared |pending_web_ui_| the call chain
976 // this triggers won't be able to figure out what's going on.
979 // We expect SwapOutOldPage to have canceled any modal dialogs and told the
980 // renderer to suppress any further dialogs until it is swapped out. However,
981 // crash reports indicate that it's still possible for modal dialogs to exist
982 // at this point, which poses a risk if we delete their RenderViewHost below.
983 // Cancel them again to be safe. http://crbug.com/324320.
986 // Next commit the Web UI, if any. Either replace |web_ui_| with
987 // |pending_web_ui_|, or clear |web_ui_| if there is no pending WebUI, or
988 // leave |web_ui_| as is if reusing it.
997 }
999 // It's possible for the pending_render_frame_host_ to be NULL when we aren't
1000 // crossing process boundaries. If so, we just needed to handle the Web UI
1001 // committing above and we're done.
1006 }
1008 // Remember if the page was focused so we can focus the new renderer in
1009 // that case.
1014 // TODO(creis): As long as show/hide are on RVH, we don't want to do them for
1015 // subframe navigations or they'll interfere with the top-level page.
1018 // Swap in the pending frame and make it active. Also ensure the FrameTree
1019 // stays in sync.
1025 // The process will no longer try to exit, so we can decrement the count.
1028 // If the view is gone, then this RenderViewHost died while it was hidden.
1029 // We ignored the RenderProcessGone call at the time, so we should send it now
1030 // to make sure the sad tab shows up, etc.
1036 }
1038 // If the old view is live and top-level, hide it now that the new one is
1039 // visible.
1040 int32 old_site_instance_id =
1048 old_site_instance_id,
1049 old_render_frame_host));
1051 // TODO(creis): We'll need to set this back to false if we navigate back.
1053 }
1054 }
1056 // Make sure the size is up to date. (Fix for bug 1079768.)
1065 }
1067 // Notify that we've swapped RenderFrameHosts. We do this before shutting down
1068 // the RFH so that we can clean up RendererResources related to the RFH first.
1069 // TODO(creis): Only do this on top-level RFHs for now, and later update it to
1070 // pass the RFHs.
1075 }
1077 // If the pending frame was on the swapped out list, we can remove it.
1081 // If the old RFH is live, we are swapping it out and should keep track of
1082 // it in case we navigate back to it, or it is waiting for the unload event
1083 // to execute in the background.
1084 // TODO(creis): Swap out the subframe in --site-per-process.
1089 // Temp fix for http://crbug.com/90867 until we do a better cleanup to make
1090 // sure we don't get different rvh instances for the same site instance
1091 // in the same rvhmgr.
1092 // TODO(creis): Clean this up.
1097 // Delete the RFH that will be replaced in the map to avoid a leak.
1099 }
1100 // If the RenderViewHost backing the RenderFrameHost is pending shutdown,
1101 // the RenderFrameHost should be put in the map of RenderFrameHosts pending
1102 // shutdown. Otherwise, it is stored in the map of swapped out
1103 // RenderFrameHosts.
1113 }
1116 }
1118 // If there are no active views in this SiteInstance, it means that
1119 // this RFH was the last active one in the SiteInstance. Now that we
1120 // know that all RFHs are swapped out, we can delete all the RFHs and RVHs
1121 // in this SiteInstance. We do this after ensuring the RFH is on the
1122 // swapped out list to simplify the deletion.
1126 // This is deleted while cleaning up the SiteInstance's views.
1128 }
1131 }
1132 }
1135 int32 site_instance_id) {
1136 // First remove any swapped out RFH for this SiteInstance from our own list.
1139 // Use the safe RenderWidgetHost iterator for now to find all RenderViewHosts
1140 // in the SiteInstance, then tell their respective FrameTrees to remove all
1141 // swapped out RenderFrameHosts corresponding to them.
1142 // TODO(creis): Replace this with a RenderFrameHostIterator that protects
1143 // against use-after-frees if a later element is deleted before getting to it.
1152 // This deletes all RenderFrameHosts using the |rvh|, which then causes
1153 // |rvh| to Shutdown.
1157 site_instance_id));
1158 }
1159 }
1160 }
1164 // If we are currently navigating cross-process, we want to get back to normal
1165 // and then navigate as usual.
1170 }
1172 // render_frame_host_'s SiteInstance and new_instance will not be deleted
1173 // before the end of this method, so we don't have to worry about their ref
1174 // counts dropping to zero.
1178 // We do not currently swap processes for navigations in webview tag guests.
1181 // Determine if we need a new BrowsingInstance for this entry. If true, this
1182 // implies that it will get a new SiteInstance (and likely process), and that
1183 // other tabs in the current BrowsingInstance will be unable to script it.
1184 // This is used for cases that require a process swap even in the
1185 // process-per-tab model, such as WebUI pages.
1193 // If force_swap is true, we must use a different SiteInstance. If we didn't,
1194 // we would have two RenderFrameHosts in the same SiteInstance and the same
1195 // frame, resulting in page_id conflicts for their NavigationEntries.
1200 // New SiteInstance: create a pending RFH to navigate.
1203 // This will possibly create (set to NULL) a Web UI object for the pending
1204 // page. We'll use this later to give the page special access. This must
1205 // happen before the new renderer is created below so it will get bindings.
1206 // It must also happen after the above conditional call to CancelPending(),
1207 // otherwise CancelPending may clear the pending_web_ui_ and the page will
1208 // not have its bindings set appropriately.
1211 // Ensure that we have created RFHs for the new RFH's opener chain if
1212 // we are staying in the same BrowsingInstance. This allows the pending RFH
1213 // to send cross-process script calls to its opener(s).
1216 opener_route_id =
1218 }
1220 // Create a non-swapped-out pending RFH with the given opener and navigate
1221 // it.
1227 // Check if our current RFH is live before we set up a transition.
1230 // The current RFH is not live. There's no reason to sit around with a
1231 // sad tab or a newly created RFH while we wait for the pending RFH to
1232 // navigate. Just switch to the pending RFH now and go back to non
1233 // cross-navigating (Note that we don't care about on{before}unload
1234 // handlers if the current RFH isn't live.)
1240 }
1241 }
1242 // Otherwise, it's safe to treat this as a pending cross-site transition.
1244 // We need to wait until the beforeunload handler has run, unless we are
1245 // transferring an existing request (in which case it has already run).
1246 // Suspend the new render view (i.e., don't let it send the cross-site
1247 // Navigate message) until we hear back from the old renderer's
1248 // beforeunload handler. If the handler returns false, we'll have to
1249 // cancel the request.
1255 // We don't need to stop the old renderer or run beforeunload/unload
1256 // handlers, because those have already been done.
1260 // Also make sure the old render view stops, in case a load is in
1261 // progress. (We don't want to do this for transfers, since it will
1262 // interrupt the transfer with an unexpected DidStopLoading.)
1269 // Tell the CrossSiteRequestManager that this RVH has a pending cross-site
1270 // request, so that ResourceDispatcherHost will know to tell us to run the
1271 // old page's unload handler before it sends the response.
1272 // TODO(creis): This needs to be on the RFH.
1275 }
1277 // We now have a pending RFH.
1281 // Unless we are transferring an existing request, we should now
1282 // tell the old render view to run its beforeunload handler, since it
1283 // doesn't otherwise know that the cross-site request is happening. This
1284 // will trigger a call to OnBeforeUnloadACK with the reply.
1289 }
1291 // Otherwise the same SiteInstance can be used. Navigate render_frame_host_.
1299 // Make sure the new RenderViewHost has the right bindings.
1303 }
1304 }
1310 }
1312 // The renderer can exit view source mode when any error or cancellation
1313 // happen. We must overwrite to recover the mode.
1318 }
1321 }
1331 // We no longer need to prevent the process from exiting.
1334 // The pending RFH may already be on the swapped out list if we started to
1335 // swap it back in and then canceled. If so, make sure it gets swapped out
1336 // again. If it's not on the swapped out list (e.g., aborting a pending
1337 // load), then it's safe to shut down.
1339 // Any currently suspended navigations are no longer needed.
1344 // We won't be coming back, so shut this one down.
1346 }
1350 }
1353 // We are doing this in order to work around and to track a crasher
1354 // (http://crbug.com/23411) where it seems that pending_render_frame_host_ is
1355 // deleted (not sure from where) but not NULLed.
1358 // If you hit this NOTREACHED, please report it in the following bug
1359 // http://crbug.com/23411 Make sure to include what you were doing when it
1360 // happened (navigating to a new page, closing a tab...) and if you can
1361 // reproduce.
1364 }
1366 // Make sure deleted RVHs are not kept in the swapped out list while we are
1367 // still alive. (If render_frame_host_ is null, we're already being deleted.)
1371 // We can't look it up by SiteInstance ID, which may no longer be valid.
1378 }
1379 }
1380 }
1389 }
1402 }
1411 }
1421 }