Fix data races in MojoShellConnectionImpl

Fix data races in MojoShellConnectionImpl

Corrects some data being improperly guarded by locks.

connection_filters_ must always be accessed under lock. This change
will lead to deadlock if any filter tries to add or remove filters
during OnConnect, but 1) nobody is doing that yet and 2) it is
currently unsafe to do this already. With guaranteed deadlock at
least it's now impossible to do by accident.

Refines the thread checking in ConnectionFilterImpl
to allow for destruction on any thread if OnConnect has never
been called. This guards against ConnectionFilterImpls being
added after shutdown is initiated. This state may not be reachable
in practice since we shouldn't bring up new RPHIs during shutdown,
but it seems reasonable to express more accurate constraints here
and the change is trivial.

Finally, this also allows the IOThreadContext's internal
MessageLoopObserver (nee "Obs"?) to be cleaned up when the
IOThreadContext is shut down, rather than leaving all of them
around until shutdown. This is worthwhile since incognito
BrowserContexts may be created and destroyed arbitrarily many
times in a normal browser session, accumulating many such
observers which would otherwise live indefinitely.

BUG=638581
R=ben@chromium.org

Committed: https://crrev.com/2432550219bea14d12a8445ae92617e2b8d6acc0
Cr-Commit-Position: refs/heads/master@{#412690}

[Ken Rockot(use gerrit already), 2016-08-17 20:43:40]

The CQ bit was checked by rockot@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-08-17 20:44:15]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Ben Goodger (Google), 2016-08-17 20:50:57]

lgtm

[commit-bot: I haz the power, 2016-08-17 21:05:45]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-17 21:05:46]

Dry run: Try jobs failed on following builders:
  cast_shell_linux on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/cast_shell_linu...)

[Ken Rockot(use gerrit already), 2016-08-17 21:59:53]

The CQ bit was checked by rockot@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-08-17 22:00:17]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Ken Rockot(use gerrit already), 2016-08-17 22:48:26]

The CQ bit was unchecked by rockot@chromium.org

[Ken Rockot(use gerrit already), 2016-08-17 22:48:28]

The CQ bit was checked by rockot@chromium.org

[Ken Rockot(use gerrit already), 2016-08-17 22:48:28]

The patchset sent to the CQ was uploaded after l-g-t-m from ben@chromium.org
Link to the patchset: https://codereview.chromium.org/2245333005/#ps20001
(title: ".")

[commit-bot: I haz the power, 2016-08-17 22:48:47]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-17 23:29:24]

Committed patchset #2 (id:20001)

[commit-bot: I haz the power, 2016-08-17 23:40:07]

Description was changed from

==========
Fix data races in MojoShellConnectionImpl

Corrects some data being improperly guarded by locks.

connection_filters_ must always be accessed under lock. This change
will lead to deadlock if any filter tries to add or remove filters
during OnConnect, but 1) nobody is doing that yet and 2) it is
currently unsafe to do this already. With guaranteed deadlock at
least it's now impossible to do by accident.

Refines the thread checking in ConnectionFilterImpl
to allow for destruction on any thread if OnConnect has never
been called. This guards against ConnectionFilterImpls being
added after shutdown is initiated. This state may not be reachable
in practice since we shouldn't bring up new RPHIs during shutdown,
but it seems reasonable to express more accurate constraints here
and the change is trivial.

Finally, this also allows the IOThreadContext's internal
MessageLoopObserver (nee "Obs"?) to be cleaned up when the
IOThreadContext is shut down, rather than leaving all of them
around until shutdown. This is worthwhile since incognito
BrowserContexts may be created and destroyed arbitrarily many
times in a normal browser session, accumulating many such
observers which would otherwise live indefinitely.

BUG=638581
R=ben@chromium.org
==========

to

==========
Fix data races in MojoShellConnectionImpl

Corrects some data being improperly guarded by locks.

connection_filters_ must always be accessed under lock. This change
will lead to deadlock if any filter tries to add or remove filters
during OnConnect, but 1) nobody is doing that yet and 2) it is
currently unsafe to do this already. With guaranteed deadlock at
least it's now impossible to do by accident.

Refines the thread checking in ConnectionFilterImpl
to allow for destruction on any thread if OnConnect has never
been called. This guards against ConnectionFilterImpls being
added after shutdown is initiated. This state may not be reachable
in practice since we shouldn't bring up new RPHIs during shutdown,
but it seems reasonable to express more accurate constraints here
and the change is trivial.

Finally, this also allows the IOThreadContext's internal
MessageLoopObserver (nee "Obs"?) to be cleaned up when the
IOThreadContext is shut down, rather than leaving all of them
around until shutdown. This is worthwhile since incognito
BrowserContexts may be created and destroyed arbitrarily many
times in a normal browser session, accumulating many such
observers which would otherwise live indefinitely.

BUG=638581
R=ben@chromium.org

Committed: https://crrev.com/2432550219bea14d12a8445ae92617e2b8d6acc0
Cr-Commit-Position: refs/heads/master@{#412690}
==========

[commit-bot: I haz the power, 2016-08-17 23:40:08]

Patchset 2 (id:??) landed as
https://crrev.com/2432550219bea14d12a8445ae92617e2b8d6acc0
Cr-Commit-Position: refs/heads/master@{#412690}