https://bugs.webkit.org/show_bug.cgi?id=21609
        Make MessagePorts protect their peers across heaps

JavaScriptCore:
        * JavaScriptCore.exp:
        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::markCrossHeapDependentObjects):
        * kjs/JSGlobalObject.h:
        * kjs/collector.cpp:
        (JSC::Heap::collect):
        Before GC sweep phase, a function supplied by global object is now called for all global
        objects in the heap, making it possible to implement cross-heap dependencies.

WebCore:
        * dom/MessagePort.cpp:
        (WebCore::MessagePort::MessagePort):
        * dom/MessagePort.h:
        (WebCore::MessagePort::setJSWrapperIsKnownToBeInaccessible):
        (WebCore::MessagePort::jsWrapperIsKnownToBeInaccessible):
        Track objects whose JS wrappers are no longer reachable in MessagePort. Unfortunately, this
        means that the implementation object knows about JS bindings - but it is not possible to
        access JS wrappers from another heap/thread.

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::markCrossHeapDependentObjectsForDocument):
        * bindings/js/JSDOMBinding.h:
        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::markCrossHeapDependentObjects):
        * bindings/js/JSDOMWindowBase.h:
        Implement cross-heap dependency tracking for entangled MessagePorts. If a wrapper object
        hasn't been marked normally, it is marked as inaccessible. It is then marked manually,
        as long as its entangled port is accessible itself.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@37631 268f45cc-cd09-0410-ab3c-d52691b4dbfc