This CL changes the lifespan of SSLConnectJobMessengers so that they are created only when needed,

net/socket/ssl_client_socket_pool.cc

Index: net/socket/ssl_client_socket_pool.cc
diff --git a/net/socket/ssl_client_socket_pool.cc b/net/socket/ssl_client_socket_pool.cc
index e54f79c929cee2b2eacb398bfa8896bcc64b212b..754ec870a9781d3e899e0322f15b03ce2417eae7 100644
--- a/net/socket/ssl_client_socket_pool.cc
+++ b/net/socket/ssl_client_socket_pool.cc
@@ -104,7 +104,10 @@ SSLConnectJobMessenger::SocketAndCallback::SocketAndCallback(
 SSLConnectJobMessenger::SocketAndCallback::~SocketAndCallback() {
 }
 
-SSLConnectJobMessenger::SSLConnectJobMessenger() : weak_factory_(this) {
+SSLConnectJobMessenger::SSLConnectJobMessenger(
+    const base::Closure& connection_complete_callback)
+    : connection_complete_callback_(connection_complete_callback),
+      weak_factory_(this) {
 }
 
 SSLConnectJobMessenger::~SSLConnectJobMessenger() {
@@ -125,9 +128,8 @@ void SSLConnectJobMessenger::RemovePendingSocket(SSLClientSocket* ssl_socket) {
 }
 
 bool SSLConnectJobMessenger::CanProceed(SSLClientSocket* ssl_socket) {

[wtc, 2014/08/14 23:26:26]

1. Remove the unused |ssl_socket| parameter.

2. Nit: the CanProceed() method is now so simple that it probably should be
removed. I remember both mmenke and I suggested this before.

[mshelley, 2014/08/15 16:53:06]

Done.

-  // If the session is in the session cache, or there are no connecting
-  // sockets, allow the connection to proceed.
-  return ssl_socket->InSessionCache() || connecting_sockets_.empty();
+  // If there are no connecting sockets allow the connection to proceed.
+  return connecting_sockets_.empty();
 }
 
 void SSLConnectJobMessenger::MonitorConnectionResult(
@@ -149,7 +151,9 @@ void SSLConnectJobMessenger::OnSSLHandshakeCompleted() {
   connecting_sockets_.clear();
   SSLPendingSocketsAndCallbacks temp_list;
   temp_list.swap(pending_sockets_and_callbacks_);
+  base::Closure connection_complete_callback = connection_complete_callback_;
   RunAllCallbacks(temp_list);
+  connection_complete_callback.Run();

[wtc, 2014/08/14 23:26:26]

IMPORTANT: I think we should run connection_complete_callback before calling
RunAllCallbacks.

The reason is that RunAllCallbacks() could potentially cause new connections
that use the current cache key. So we need connection_complete_callback to
remove the current messenger from the messenger map, to prevent the current
messenger from being used for the new connections.

Does this make sense?

[mshelley, 2014/08/15 16:53:06]

Done.

 }
 
 void SSLConnectJobMessenger::RunAllCallbacks(
@@ -175,7 +179,7 @@ SSLConnectJob::SSLConnectJob(const std::string& group_name,
                              ClientSocketFactory* client_socket_factory,
                              HostResolver* host_resolver,
                              const SSLClientSocketContext& context,
-                             SSLConnectJobMessenger* messenger,
+                             const GetMessengerCallback& get_messenger_callback,
                              Delegate* delegate,
                              NetLog* net_log)
     : ConnectJob(group_name,
@@ -198,7 +202,8 @@ SSLConnectJob::SSLConnectJob(const std::string& group_name,
                     : context.ssl_session_cache_shard)),
       io_callback_(
           base::Bind(&SSLConnectJob::OnIOComplete, base::Unretained(this))),
-      messenger_(messenger),
+      messenger_(NULL),
+      get_messenger_callback_(get_messenger_callback),
       weak_factory_(this) {
 }
 
@@ -402,23 +407,32 @@ int SSLConnectJob::DoCreateSSLSocket() {
       params_->host_and_port(),
       params_->ssl_config(),
       context_);
+
+  if (!ssl_socket_->InSessionCache()) {
+    messenger_ = get_messenger_callback_.Run(ssl_socket_->GetSessionCacheKey());
+  }

[wtc, 2014/08/14 23:26:26]

Nit: omit the curly braces.

[mshelley, 2014/08/15 16:53:06]

Done.

+
   return OK;
 }
 
 int SSLConnectJob::DoCheckForResume() {
   next_state_ = STATE_SSL_CONNECT;
-  if (!messenger_)
+
+  if (ssl_socket_->InSessionCache() || !messenger_)

[wtc, 2014/08/14 23:26:26]

Remove the redundant ssl_socket_->InSessionCache() test. We just tested it in
the previous state (line 411).

[mshelley, 2014/08/15 16:53:06]

Done.

     return OK;
 
-  // TODO(mshelley): Remove duplicate InSessionCache() calls.
   if (messenger_->CanProceed(ssl_socket_.get())) {
-    if (!ssl_socket_->InSessionCache())
-      messenger_->MonitorConnectionResult(ssl_socket_.get());
+    messenger_->MonitorConnectionResult(ssl_socket_.get());
+    // The SSLConnectJob no longer needs access to the messenger after this
+    // point.
+    messenger_ = NULL;

[wtc, 2014/08/14 23:26:26]

I suspect you set messenger_ to NULL because we will crash otherwise?

[mshelley, 2014/08/15 16:53:06]

Yep -- I check whether the messenger_ is valid before calling
RemovePendingSocket in the SSLConenctJob destructor. If I don't set it to NULL
here, then I end up calling that method on a deleted messenger_.

     return OK;
   }
+
   messenger_->AddPendingSocket(ssl_socket_.get(),
                                base::Bind(&SSLConnectJob::ResumeSSLConnection,
                                           weak_factory_.GetWeakPtr()));

[wtc, 2014/08/14 23:26:26]

In this case, the right time to set messenger_ to NULL is actually quite subtle.
I believe your code is correct. I wonder if we should document it.

[mshelley, 2014/08/15 16:53:06]

Probably, I'll add documentation.

+
   return ERR_IO_PENDING;
 }
 
@@ -556,6 +570,7 @@ int SSLConnectJob::DoSSLConnectComplete(int result) {
 
 void SSLConnectJob::ResumeSSLConnection() {
   DCHECK_EQ(next_state_, STATE_SSL_CONNECT);
+  messenger_ = NULL;
   OnIOComplete(OK);
 }
 
@@ -585,7 +600,7 @@ SSLClientSocketPool::SSLConnectJobFactory::SSLConnectJobFactory(
     ClientSocketFactory* client_socket_factory,
     HostResolver* host_resolver,
     const SSLClientSocketContext& context,
-    bool enable_ssl_connect_job_waiting,
+    SSLConnectJob::GetMessengerCallback get_messenger_callback,
     NetLog* net_log)
     : transport_pool_(transport_pool),
       socks_pool_(socks_pool),
@@ -593,9 +608,8 @@ SSLClientSocketPool::SSLConnectJobFactory::SSLConnectJobFactory(
       client_socket_factory_(client_socket_factory),
       host_resolver_(host_resolver),
       context_(context),
-      enable_ssl_connect_job_waiting_(enable_ssl_connect_job_waiting),
-      net_log_(net_log),
-      messenger_map_(new MessengerMap) {
+      get_messenger_callback_(get_messenger_callback),
+      net_log_(net_log) {
   base::TimeDelta max_transport_timeout = base::TimeDelta();
   base::TimeDelta pool_timeout;
   if (transport_pool_)
@@ -615,7 +629,6 @@ SSLClientSocketPool::SSLConnectJobFactory::SSLConnectJobFactory(
 }
 
 SSLClientSocketPool::SSLConnectJobFactory::~SSLConnectJobFactory() {
-  STLDeleteValues(messenger_map_.get());
 }
 
 SSLClientSocketPool::SSLClientSocketPool(
@@ -655,9 +668,12 @@ SSLClientSocketPool::SSLClientSocketPool(
                                        transport_security_state,
                                        cert_transparency_verifier,
                                        ssl_session_cache_shard),
-                enable_ssl_connect_job_waiting,
+                base::Bind(
+                    &SSLClientSocketPool::GetOrCreateSSLConnectJobMessenger,
+                    base::Unretained(this)),

[wtc, 2014/08/14 23:26:26]

Please confirm that we don't need to use a weak pointer here. (I didn't check
this.)

[mshelley, 2014/08/15 16:53:06]

We do not -- the pool owns the SSLConnectJobs, therefore it will always be valid
when this callback is run.

                 net_log)),
-      ssl_config_service_(ssl_config_service) {
+      ssl_config_service_(ssl_config_service),
+      enable_ssl_connect_job_waiting_(enable_ssl_connect_job_waiting) {
   if (ssl_config_service_.get())
     ssl_config_service_->AddObserver(this);
   if (transport_pool_)
@@ -669,28 +685,16 @@ SSLClientSocketPool::SSLClientSocketPool(
 }
 
 SSLClientSocketPool::~SSLClientSocketPool() {
+  STLDeleteContainerPairSecondPointers(messenger_map_.begin(),
+                                       messenger_map_.end());
   if (ssl_config_service_.get())
     ssl_config_service_->RemoveObserver(this);
 }
 
-scoped_ptr<ConnectJob>
-SSLClientSocketPool::SSLConnectJobFactory::NewConnectJob(
+scoped_ptr<ConnectJob> SSLClientSocketPool::SSLConnectJobFactory::NewConnectJob(
     const std::string& group_name,
     const PoolBase::Request& request,
     ConnectJob::Delegate* delegate) const {
-  SSLConnectJobMessenger* messenger = NULL;
-  if (enable_ssl_connect_job_waiting_) {
-    std::string cache_key = SSLClientSocket::CreateSessionCacheKey(
-        request.params()->host_and_port(), context_.ssl_session_cache_shard);
-    MessengerMap::const_iterator it = messenger_map_->find(cache_key);
-    if (it == messenger_map_->end()) {
-      std::pair<MessengerMap::iterator, bool> iter = messenger_map_->insert(
-          MessengerMap::value_type(cache_key, new SSLConnectJobMessenger()));
-      it = iter.first;
-    }
-    messenger = it->second;
-  }
-
   return scoped_ptr<ConnectJob>(new SSLConnectJob(group_name,
                                                   request.priority(),
                                                   request.params(),
@@ -701,13 +705,13 @@ SSLClientSocketPool::SSLConnectJobFactory::NewConnectJob(
                                                   client_socket_factory_,
                                                   host_resolver_,
                                                   context_,
-                                                  messenger,
+                                                  get_messenger_callback_,
                                                   delegate,
                                                   net_log_));
 }
 
-base::TimeDelta
-SSLClientSocketPool::SSLConnectJobFactory::ConnectionTimeout() const {
+base::TimeDelta SSLClientSocketPool::SSLConnectJobFactory::ConnectionTimeout()
+    const {
   return timeout_;
 }
 
@@ -822,6 +826,32 @@ bool SSLClientSocketPool::CloseOneIdleConnection() {
   return base_.CloseOneIdleConnectionInHigherLayeredPool();
 }
 
+SSLConnectJobMessenger* SSLClientSocketPool::GetOrCreateSSLConnectJobMessenger(
+    const std::string& cache_key) {
+  if (!enable_ssl_connect_job_waiting_)
+    return NULL;
+  MessengerMap::const_iterator it = messenger_map_.find(cache_key);
+  if (it == messenger_map_.end()) {
+    std::pair<MessengerMap::iterator, bool> iter =
+        messenger_map_.insert(MessengerMap::value_type(
+            cache_key,
+            new SSLConnectJobMessenger(
+                base::Bind(&SSLClientSocketPool::DeleteSSLConnectJobMessenger,
+                           base::Unretained(this),

[wtc, 2014/08/14 23:26:26]

Please confirm that we don't need a weak pointer here. (I didn't check this.)

[mshelley, 2014/08/15 16:53:06]

We do not, the pool also owns the SSLConnectJobMessengers, therefore it will
always be valid when this callback is run.

+                           cache_key))));
+    it = iter.first;
+  }
+  return it->second;
+}
+
+void SSLClientSocketPool::DeleteSSLConnectJobMessenger(
+    const std::string& cache_key) {
+  MessengerMap::iterator it = messenger_map_.find(cache_key);
+  CHECK(it != messenger_map_.end());

[wtc, 2014/08/14 23:26:26]

You can also assert CHECK_EQ(this, it->second).

[mshelley, 2014/08/15 16:53:06]

I'm not sure if I understand how that would work -- wouldn't that be comparing a
SSLClientSocketPool* to a SSLConnectJobMessenger*?

[wtc, 2014/08/15 18:48:29]

Ah, you're right. I thought |this| was a pointer to the SSLConnectJobMessenger
object we're about to delete. I'm not sure if we should pass that pointer to
this method for extra validation, so let's leave this unchanged.

+  delete it->second;
+  messenger_map_.erase(it);
+}
+
 void SSLClientSocketPool::OnSSLConfigChanged() {
   FlushWithError(ERR_NETWORK_CHANGED);
 }