Delay client registration of MessagePort to MessagePortChannel

Delay client registration of MessagePort to MessagePortChannel

MessagePort used to be registered to MessagePortChannel on entangle(),
and be unregisted when the ExecutionContext is stopped or MessagePort
is swept by GC. Once its start() is called, its hasPendingActivity()
will be true and that extends the MessagePort lifetime to stop() or close() call.

However, there's a time gap between the MessagePort instance is marked
as unreachable, and swept by GC system. If MessagePortChannel accesses
the MessagePort in this period, that causes use-after-poison crash.

I.e. there are two pattern of the life of MessagePort.
 1. entangle() + register -> gets unreachable -(poisoned period)-> swept + unregister
 2. entangle() + register -> start() -> stop() + unregister
 3. entangle() + register -> start() -> close() + unregister

(2) and (3) cases are OK, while (1) has a dangerous period.
This CL delays the registration from entangle() to start(), so that
the case (1) doesn't register the MessagePort to MessagePortChannel at all.

BUG=627457
Review-Url: https://codereview.chromium.org/2143003003
Cr-Commit-Position: refs/heads/master@{#405450}
(cherry picked from commit f7dbf39be31d8aa9214d5d84da613508d4e06491)

Committed: https://chromium.googlesource.com/chromium/src/+/7b600704b01eb15d7cce4e30a6c8d4c2a1645673

[tzik, 2016-07-18 18:19:56]

Description was changed from

==========
Delay client registration of MessagePort to MessagePortChannel

MessagePort used to be registered to MessagePortChannel on entangle(),
and be unregisted when the ExecutionContext is stopped or MessagePort
is swept by GC. Once its start() is called, its hasPendingActivity()
will be true and that extends the MessagePort lifetime to stop() or close()
call.

However, there's a time gap between the MessagePort instance is marked
as unreachable, and swept by GC system. If MessagePortChannel accesses
the MessagePort in this period, that causes use-after-poison crash.

I.e. there are two pattern of the life of MessagePort.
 1. entangle() + register -> gets unreachable -(poisoned period)-> swept +
unregister
 2. entangle() + register -> start() -> stop() + unregister
 3. entangle() + register -> start() -> close() + unregister

(2) and (3) cases are OK, while (1) has a dangerous period.
This CL delays the registration from entangle() to start(), so that
the case (1) doesn't register the MessagePort to MessagePortChannel at all.

BUG=627457

Review-Url: https://codereview.chromium.org/2143003003
Cr-Commit-Position: refs/heads/master@{#405450}
(cherry picked from commit f7dbf39be31d8aa9214d5d84da613508d4e06491)
==========

to

==========
Delay client registration of MessagePort to MessagePortChannel

MessagePort used to be registered to MessagePortChannel on entangle(),
and be unregisted when the ExecutionContext is stopped or MessagePort
is swept by GC. Once its start() is called, its hasPendingActivity()
will be true and that extends the MessagePort lifetime to stop() or close()
call.

However, there's a time gap between the MessagePort instance is marked
as unreachable, and swept by GC system. If MessagePortChannel accesses
the MessagePort in this period, that causes use-after-poison crash.

I.e. there are two pattern of the life of MessagePort.
 1. entangle() + register -> gets unreachable -(poisoned period)-> swept +
unregister
 2. entangle() + register -> start() -> stop() + unregister
 3. entangle() + register -> start() -> close() + unregister

(2) and (3) cases are OK, while (1) has a dangerous period.
This CL delays the registration from entangle() to start(), so that
the case (1) doesn't register the MessagePort to MessagePortChannel at all.

BUG=627457

Review-Url: https://codereview.chromium.org/2143003003
Cr-Commit-Position: refs/heads/master@{#405450}
(cherry picked from commit f7dbf39be31d8aa9214d5d84da613508d4e06491)

Committed:
https://chromium.googlesource.com/chromium/src/+/7b600704b01eb15d7cce4e30a6c8...
==========

[tzik, 2016-07-18 18:19:58]

Committed patchset #1 (id:1) manually as
7b600704b01eb15d7cce4e30a6c8d4c2a1645673.