Always notify Mojo EDK of incomplete content child process launch

Always notify Mojo EDK of incomplete content child process launch

There are some cases where RenderProcessHostImpl creates a
ChildConnection - and therefore allocates a partial message pipe
with a corresponding pending reservation for the other end,
associated with a child token - but never launches a child process
or even attempts to use a ChildProcessLauncher.

This is intentional due to the fact that ChildConnection
facilitates IPC Channel creation, and we support horribly
subtle legacy expectations regarding the existence of said
Channel at various points in the RPHI's lifetime.

In such cases, neither mojo::edk::ChildProcessLaunched nor
mojo::edk::ChildProcessLaunchFailed is called for the child
token, as this is normally done by ChildProcessLauncher.
This leaves the child's ServiceRequest pipe reservation pending
indefinitely and thus leaves the corresponding ServiceManager
Instance with an indefinitely open Service pipe, effectively
causing the Service Manager to leak content_renderer Instances.

This CL fixes the problem by having ChildConnection notify the
EDK of launch failure if the ChildConnection is destroyed before
its user provides a child process handle.

BUG=682459
R=ben@chromium.org

Review-Url: https://codereview.chromium.org/2645713004
Cr-Commit-Position: refs/heads/master@{#444830}
(cherry picked from commit fe2fecc147dceea5d6445140448d1ae8a53ecfcb)

Review-Url: https://codereview.chromium.org/2644843007 .
Cr-Commit-Position: refs/branch-heads/2924@{#822}
Cr-Branched-From: 3a87aecc31cd1ffe751dd72c04e5a96a1fc8108a-refs/heads/master@{#433059}
Committed: https://chromium.googlesource.com/chromium/src/+/99fdcd508bf021c25171f9e4c411a8e4a3f6eaed

[Ken Rockot(use gerrit already), 2017-01-20 21:24:37]

Description was changed from

==========
Always notify Mojo EDK of incomplete content child process launch

There are some cases where RenderProcessHostImpl creates a
ChildConnection - and therefore allocates a partial message pipe
with a corresponding pending reservation for the other end,
associated with a child token - but never launches a child process
or even attempts to use a ChildProcessLauncher.

This is intentional due to the fact that ChildConnection
facilitates IPC Channel creation, and we support horribly
subtle legacy expectations regarding the existence of said
Channel at various points in the RPHI's lifetime.

In such cases, neither mojo::edk::ChildProcessLaunched nor
mojo::edk::ChildProcessLaunchFailed is called for the child
token, as this is normally done by ChildProcessLauncher.
This leaves the child's ServiceRequest pipe reservation pending
indefinitely and thus leaves the corresponding ServiceManager
Instance with an indefinitely open Service pipe, effectively
causing the Service Manager to leak content_renderer Instances.

This CL fixes the problem by having ChildConnection notify the
EDK of launch failure if the ChildConnection is destroyed before
its user provides a child process handle.

BUG=682459
R=ben@chromium.org

Review-Url: https://codereview.chromium.org/2645713004
Cr-Commit-Position: refs/heads/master@{#444830}
(cherry picked from commit fe2fecc147dceea5d6445140448d1ae8a53ecfcb)
==========

to

==========
Always notify Mojo EDK of incomplete content child process launch

There are some cases where RenderProcessHostImpl creates a
ChildConnection - and therefore allocates a partial message pipe
with a corresponding pending reservation for the other end,
associated with a child token - but never launches a child process
or even attempts to use a ChildProcessLauncher.

This is intentional due to the fact that ChildConnection
facilitates IPC Channel creation, and we support horribly
subtle legacy expectations regarding the existence of said
Channel at various points in the RPHI's lifetime.

In such cases, neither mojo::edk::ChildProcessLaunched nor
mojo::edk::ChildProcessLaunchFailed is called for the child
token, as this is normally done by ChildProcessLauncher.
This leaves the child's ServiceRequest pipe reservation pending
indefinitely and thus leaves the corresponding ServiceManager
Instance with an indefinitely open Service pipe, effectively
causing the Service Manager to leak content_renderer Instances.

This CL fixes the problem by having ChildConnection notify the
EDK of launch failure if the ChildConnection is destroyed before
its user provides a child process handle.

BUG=682459
R=ben@chromium.org

Review-Url: https://codereview.chromium.org/2645713004
Cr-Commit-Position: refs/heads/master@{#444830}
(cherry picked from commit fe2fecc147dceea5d6445140448d1ae8a53ecfcb)

Review-Url: https://codereview.chromium.org/2644843007 .
Cr-Commit-Position: refs/branch-heads/2924@{#822}
Cr-Branched-From:
3a87aecc31cd1ffe751dd72c04e5a96a1fc8108a-refs/heads/master@{#433059}
Committed:
https://chromium.googlesource.com/chromium/src/+/99fdcd508bf021c25171f9e4c411...
==========

[Ken Rockot(use gerrit already), 2017-01-20 21:24:38]

Committed patchset #1 (id:1) manually as
99fdcd508bf021c25171f9e4c411a8e4a3f6eaed.