Revert "[bindings] Replace JSFunction backlink with GC-aware wrapper link"

This reverts commit e7b3bd5b.

Reason for revert: Suspected of breaking CFI bots:

https://ci.chromium.org/p/chromium/builders/luci.chromium.ci/Android%20CFI/2266
https://ci.chromium.org/p/chromium/builders/luci.chromium.ci/Linux%20CFI/9276

Example failure: https://logs.chromium.org/logs/chromium/buildbucket/cr-buildbucket.appspot.com/8939838131233782656/+/steps/content_browsertests/0/logs/DoNotTrackTest.FetchFromWorker/0

../../third_party/blink/renderer/platform/bindings/wrapper_type_info.h:178:10: runtime error: control flow integrity check for type 'blink::ScriptWrappable' failed during cast to unrelated type (vtable address 0x0000009aab90)
0x0000009aab90: note: vtable is of type 'blink::V8EventListener'
 00 00 00 00  10 96 ab 08 00 00 00 00  90 9c ab 08 00 00 00 00  40 9b ab 08 00 00 00 00  f0 ad ab 08

Original change's description:
> [bindings] Replace JSFunction backlink with GC-aware wrapper link
> 
> Replaces the custom backlink from V8->Blink that was using a v8::External with a
> GC-aware backpointer that is encapsulated in the CustomWrappableAdapter
> interface.
> 
> CustomWrappableAdapter establishes a link from a given JavaScript object to the
> Blink object inheriting from CustomWrappableAdapter. The link is known to
> garbage collectors and thus the Blink object will be kept alive as long as the
> JavaScript object is alive. The adapter can be used to model liveness across V8
> and Blink component boundaries. In contrast to ScriptWrappable, there is no IDL
> definitions required and the JavaScript object must not escape to user-visible
> JavaScript.
> 
> Cq-Include-Trybots: luci.chromium.try:linux_layout_tests_layout_ng;luci.chromium.try:linux_layout_tests_slimming_paint_v2;luci.chromium.try:win_optional_gpu_tests_rel;master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: Id9b6a046fd5e3f4c31ddf15894a9968701831e90
> Bug: chromium:843903
> Reviewed-on: https://chromium-review.googlesource.com/1145262
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Kentaro Hara <haraken@chromium.org>
> Reviewed-by: Yuki Shiino <yukishiino@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#578621}

TBR=yukishiino@chromium.org,haraken@chromium.org,mlippautz@chromium.org

Change-Id: I2fdc26e9ecffcb2b5d39295650aa061b742985c9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:843903
Cq-Include-Trybots: luci.chromium.try:linux_layout_tests_layout_ng;luci.chromium.try:linux_layout_tests_slimming_paint_v2;luci.chromium.try:win_optional_gpu_tests_rel;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1153390Reviewed-by: Stephen McGruer <smcgruer@chromium.org>
Commit-Queue: Stephen McGruer <smcgruer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#578692}

third_party/blink/renderer/bindings/bindings.gni

@@ -30,8 +30,6 @@ bindings_core_v8_files =
                     "core/v8/binding_security.cc",
                     "core/v8/binding_security.h",
                     "core/v8/callback_promise_adapter.h",
-                    "core/v8/custom_wrappable_adapter.cc",
-                    "core/v8/custom_wrappable_adapter.h",
                     "core/v8/dictionary.cc",
                     "core/v8/dictionary.h",
                     "core/v8/dictionary_helper_for_core.cc",

third_party/blink/renderer/bindings/core/v8/custom_wrappable_adapter.cc

-// Copyright 2018 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "third_party/blink/renderer/bindings/core/v8/custom_wrappable_adapter.h"
-
-#include "third_party/blink/renderer/bindings/core/v8/v8_dom_configuration.h"
-#include "third_party/blink/renderer/platform/bindings/script_state.h"
-#include "third_party/blink/renderer/platform/bindings/v8_dom_wrapper.h"
-#include "third_party/blink/renderer/platform/bindings/wrapper_type_info.h"
-
-namespace blink {
-
-namespace {
-
-v8::Local<v8::FunctionTemplate> CreateCustomWrappableTemplate(
-    v8::Isolate* isolate,
-    const DOMWrapperWorld& world);
-
-const WrapperTypeInfo custom_wrappable_info = {
-    gin::kEmbedderBlink,
-    CreateCustomWrappableTemplate,
-    nullptr,
-    "CustomWrappableAdapter",
-    nullptr,
-    WrapperTypeInfo::kWrapperTypeNoPrototype,
-    WrapperTypeInfo::kCustomWrappableId,
-    WrapperTypeInfo::kNotInheritFromActiveScriptWrappable,
-};
-
-void InstallCustomWrappableTemplate(
-    v8::Isolate* isolate,
-    const DOMWrapperWorld& world,
-    v8::Local<v8::FunctionTemplate> interfaceTemplate) {
-  V8DOMConfiguration::InitializeDOMInterfaceTemplate(
-      isolate, interfaceTemplate, custom_wrappable_info.interface_name,
-      v8::Local<v8::FunctionTemplate>(), kV8DefaultWrapperInternalFieldCount);
-}
-
-v8::Local<v8::FunctionTemplate> CreateCustomWrappableTemplate(
-    v8::Isolate* isolate,
-    const DOMWrapperWorld& world) {
-  return V8DOMConfiguration::DomClassTemplate(
-      isolate, world, const_cast<WrapperTypeInfo*>(&custom_wrappable_info),
-      InstallCustomWrappableTemplate);
-}
-
-}  // namespace
-
-CustomWrappableAdapter* CustomWrappableAdapter::LookupInternal(
-    v8::Local<v8::Object> object,
-    const V8PrivateProperty::Symbol& property) {
-  v8::Local<v8::Value> custom_wrappable_adapter_value;
-  if (!property.GetOrUndefined(object).ToLocal(&custom_wrappable_adapter_value))
-    return nullptr;
-
-  if (!custom_wrappable_adapter_value->IsUndefined()) {
-    return static_cast<CustomWrappableAdapter*>(
-        ToCustomWrappable(custom_wrappable_adapter_value.As<v8::Object>()));
-  }
-  return nullptr;
-}
-
-void CustomWrappableAdapter::Attach(ScriptState* script_state,
-                                    v8::Local<v8::Object> object,
-                                    const V8PrivateProperty::Symbol& property,
-                                    CustomWrappableAdapter* adapter) {
-  DCHECK(wrapper_.IsEmpty());
-  v8::Isolate* isolate = script_state->GetIsolate();
-  v8::Local<v8::Object> wrapper_object = V8DOMWrapper::CreateWrapper(
-      isolate, script_state->GetContext()->Global(), &custom_wrappable_info);
-  V8DOMWrapper::AssociateObjectWithWrapper(
-      isolate, adapter, &custom_wrappable_info, wrapper_object);
-  property.Set(object, wrapper_object);
-  wrapper_.Set(isolate, wrapper_object);
-  custom_wrappable_info.ConfigureWrapper(&wrapper_.Get());
-}
-
-}  // namespace blink

third_party/blink/renderer/bindings/core/v8/custom_wrappable_adapter.h

-// Copyright 2018 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef THIRD_PARTY_BLINK_RENDERER_BINDINGS_CORE_V8_CUSTOM_WRAPPABLE_ADAPTER_H_
-#define THIRD_PARTY_BLINK_RENDERER_BINDINGS_CORE_V8_CUSTOM_WRAPPABLE_ADAPTER_H_
-
-#include "third_party/blink/renderer/core/core_export.h"
-#include "third_party/blink/renderer/platform/bindings/custom_wrappable.h"
-#include "third_party/blink/renderer/platform/bindings/trace_wrapper_v8_reference.h"
-#include "third_party/blink/renderer/platform/bindings/v8_private_property.h"
-#include "third_party/blink/renderer/platform/heap/handle.h"
-#include "v8/include/v8.h"
-
-namespace blink {
-
-class ScriptState;
-
-// CustomWrappableAdapter establishes a link from a given JavaScript object to
-// the Blink object inheriting from CustomWrappableAdapter. The link is known to
-// garbage collectors and the lifetime of the V8 and Blink objects will be tied
-// together. The adapter can be used to model liveness across V8 and Blink
-// component boundaries. In contrast to ScriptWrappable, no IDL definitions are
-// required.
-//
-// The intended use case is binding the lifetime of a Blink object to a
-// user-provided JavaScript object.
-class CORE_EXPORT CustomWrappableAdapter : public CustomWrappable {
- public:
-  // Lookup the CustomWrappableAdapter implementation on a given |object|'s
-  // |property|. Returns nullptr if no adapter has been attached. See Attach.
-  template <typename T>
-  static T* Lookup(v8::Local<v8::Object> object,
-                   const V8PrivateProperty::Symbol& property) {
-    return static_cast<T*>(LookupInternal(object, property));
-  }
-
-  // Attaches a given |adapter| to |object|'s |property|.
-  void Attach(ScriptState*,
-              v8::Local<v8::Object> object,
-              const V8PrivateProperty::Symbol& property,
-              CustomWrappableAdapter* adapter);
-
-  ~CustomWrappableAdapter() override = default;
-
-  void Trace(Visitor* visitor) override {
-    visitor->Trace(wrapper_);
-    CustomWrappable::Trace(visitor);
-  }
-
- private:
-  static CustomWrappableAdapter* LookupInternal(
-      v8::Local<v8::Object>,
-      const V8PrivateProperty::Symbol&);
-
-  // Internal wrapper reference is needed as Oilpan looks up its roots from V8
-  // by following all configured wrapper references.
-  TraceWrapperV8Reference<v8::Object> wrapper_;
-};
-
-}  // namespace blink
-
-#endif  // THIRD_PARTY_BLINK_RENDERER_BINDINGS_CORE_V8_CUSTOM_WRAPPABLE_ADAPTER_H_

third_party/blink/renderer/bindings/core/v8/v8_abstract_event_listener.h

@@ -34,6 +34,7 @@
 #include "third_party/blink/renderer/core/core_export.h"
 #include "third_party/blink/renderer/core/dom/events/event_listener.h"
 #include "third_party/blink/renderer/platform/bindings/dom_wrapper_world.h"
+#include "third_party/blink/renderer/platform/bindings/script_wrappable.h"
 #include "third_party/blink/renderer/platform/bindings/trace_wrapper_v8_reference.h"
 #include "third_party/blink/renderer/platform/heap/self_keep_alive.h"
 #include "v8/include/v8.h"

third_party/blink/renderer/bindings/core/v8/v8_event_listener_helper.cc

@@ -30,7 +30,6 @@
 
 #include "third_party/blink/renderer/bindings/core/v8/v8_event_listener_helper.h"
 
-#include "third_party/blink/renderer/bindings/core/v8/custom_wrappable_adapter.h"
 #include "third_party/blink/renderer/bindings/core/v8/v8_binding_for_core.h"
 #include "third_party/blink/renderer/bindings/core/v8/v8_error_handler.h"
 #include "third_party/blink/renderer/bindings/core/v8/v8_event_listener.h"
@@ -43,21 +42,27 @@ namespace {
 
 template <typename ListenerType, typename ListenerFactory>
 ListenerType* GetEventListenerInternal(
-    ScriptState* script_state,
+    v8::Isolate* isolate,
     v8::Local<v8::Object> object,
     const V8PrivateProperty::Symbol& listener_property,
     ListenerLookupType lookup,
     const ListenerFactory& listener_factory) {
-  DCHECK(script_state->GetIsolate()->InContext());
+  DCHECK(isolate->InContext());
+  v8::Local<v8::Value> listener_value;
+  if (!listener_property.GetOrUndefined(object).ToLocal(&listener_value))
+    return nullptr;
   ListenerType* listener =
-      CustomWrappableAdapter::Lookup<ListenerType>(object, listener_property);
+      listener_value->IsUndefined()
+          ? nullptr
+          : static_cast<ListenerType*>(
+                listener_value.As<v8::External>()->Value());
   if (listener || lookup == kListenerFindOnly)
     return listener;
 
   listener = listener_factory();
-  if (listener) {
-    listener->Attach(script_state, object, listener_property, listener);
-  }
+  if (listener)
+    listener_property.Set(object, v8::External::New(isolate, listener));
+
   return listener;
 }
 
@@ -82,7 +87,7 @@ V8EventListener* V8EventListenerHelper::GetEventListener(
           : V8PrivateProperty::GetV8EventListenerListener(isolate);
 
   return GetEventListenerInternal<V8EventListener>(
-      script_state, object, listener_property, lookup,
+      isolate, object, listener_property, lookup,
       [object, is_attribute, script_state]() {
         return script_state->World().IsWorkerWorld()
                    ? V8WorkerOrWorkletEventListener::Create(
@@ -104,7 +109,7 @@ V8ErrorHandler* V8EventListenerHelper::EnsureErrorHandler(
       V8PrivateProperty::GetV8ErrorHandlerErrorHandler(isolate);
 
   return GetEventListenerInternal<V8ErrorHandler>(
-      script_state, object, listener_property, kListenerFindOrCreate,
+      isolate, object, listener_property, kListenerFindOrCreate,
       [object, script_state]() {
         const bool is_attribute = true;
         return V8ErrorHandler::Create(object, is_attribute, script_state);

third_party/blink/renderer/bindings/core/v8/v8_gc_controller.cc

@@ -75,12 +75,6 @@ Node* V8GCController::OpaqueRootForGC(v8::Isolate*, Node* node) {
   return node;
 }
 
-bool IsDOMWrapperClassId(uint16_t class_id) {
-  return class_id == WrapperTypeInfo::kNodeClassId ||
-         class_id == WrapperTypeInfo::kObjectClassId ||
-         class_id == WrapperTypeInfo::kCustomWrappableId;
-}
-
 class MinorGCUnmodifiedWrapperVisitor : public v8::PersistentHandleVisitor {
  public:
   explicit MinorGCUnmodifiedWrapperVisitor(v8::Isolate* isolate)
@@ -88,11 +82,8 @@ class MinorGCUnmodifiedWrapperVisitor : public v8::PersistentHandleVisitor {
 
   void VisitPersistentHandle(v8::Persistent<v8::Value>* value,
                              uint16_t class_id) override {
-    if (!IsDOMWrapperClassId(class_id))
-      return;
-
-    if (class_id == WrapperTypeInfo::kCustomWrappableId) {
-      v8::Persistent<v8::Object>::Cast(*value).MarkActive();
+    if (class_id != WrapperTypeInfo::kNodeClassId &&
+        class_id != WrapperTypeInfo::kObjectClassId) {
       return;
     }
 
@@ -340,20 +331,12 @@ class DOMWrapperTracer final : public v8::PersistentHandleVisitor {
 
   void VisitPersistentHandle(v8::Persistent<v8::Value>* value,
                              uint16_t class_id) final {
-    if (!IsDOMWrapperClassId(class_id))
-      return;
-
-    WrapperTypeInfo* wrapper_type_info = const_cast<WrapperTypeInfo*>(
-        ToWrapperTypeInfo(v8::Persistent<v8::Object>::Cast(*value)));
-
-    // WrapperTypeInfo pointer may have been cleared before termination GCs on
-    // worker threads.
-    if (!wrapper_type_info)
+    if (class_id != WrapperTypeInfo::kNodeClassId &&
+        class_id != WrapperTypeInfo::kObjectClassId)
       return;
 
-    wrapper_type_info->Trace(visitor_,
-                             GetInternalField<void, kV8DOMWrapperObjectIndex>(
-                                 v8::Persistent<v8::Object>::Cast(*value)));
+    visitor_->Trace(
+        ToScriptWrappable(v8::Persistent<v8::Object>::Cast(*value)));
   }
 
  private:
@@ -368,7 +351,8 @@ class DOMWrapperPurger final : public v8::PersistentHandleVisitor {
 
   void VisitPersistentHandle(v8::Persistent<v8::Value>* value,
                              uint16_t class_id) final {
-    if (!IsDOMWrapperClassId(class_id))
+    if (class_id != WrapperTypeInfo::kNodeClassId &&
+        class_id != WrapperTypeInfo::kObjectClassId)
       return;
 
     // Clear out wrapper type information, essentially disconnecting the Blink
@@ -380,6 +364,7 @@ class DOMWrapperPurger final : public v8::PersistentHandleVisitor {
         isolate_, v8::Persistent<v8::Object>::Cast(*value));
     wrapper->SetAlignedPointerInInternalFields(base::size(indices), indices,
                                                values);
+    value->Reset();
   }
 
  private:

third_party/blink/renderer/core/dom/events/event_listener.h

@@ -21,7 +21,6 @@
 #ifndef THIRD_PARTY_BLINK_RENDERER_CORE_DOM_EVENTS_EVENT_LISTENER_H_
 #define THIRD_PARTY_BLINK_RENDERER_CORE_DOM_EVENTS_EVENT_LISTENER_H_
 
-#include "third_party/blink/renderer/bindings/core/v8/custom_wrappable_adapter.h"
 #include "third_party/blink/renderer/core/core_export.h"
 #include "third_party/blink/renderer/platform/bindings/name_client.h"
 #include "third_party/blink/renderer/platform/heap/handle.h"
@@ -32,7 +31,9 @@ namespace blink {
 class Event;
 class ExecutionContext;
 
-class CORE_EXPORT EventListener : public CustomWrappableAdapter {
+class CORE_EXPORT EventListener
+    : public GarbageCollectedFinalized<EventListener>,
+      public NameClient {
  public:
   enum ListenerType {
     kJSEventListenerType,
@@ -41,7 +42,7 @@ class CORE_EXPORT EventListener : public CustomWrappableAdapter {
     kConditionEventListenerType,
   };
 
-  ~EventListener() override = default;
+  virtual ~EventListener() = default;
   virtual bool operator==(const EventListener&) const = 0;
   virtual void handleEvent(ExecutionContext*, Event*) = 0;
   virtual const String& Code() const { return g_empty_string; }
@@ -53,6 +54,7 @@ class CORE_EXPORT EventListener : public CustomWrappableAdapter {
 
   ListenerType GetType() const { return type_; }
 
+  virtual void Trace(blink::Visitor* visitor) {}
   const char* NameInHeapSnapshot() const override { return "EventListener"; }
 
  protected:

third_party/blink/renderer/platform/BUILD.gn

@@ -423,7 +423,6 @@ jumbo_component("platform") {
     "bindings/callback_function_base.h",
     "bindings/callback_interface_base.cc",
     "bindings/callback_interface_base.h",
-    "bindings/custom_wrappable.h",
     "bindings/dom_data_store.h",
     "bindings/dom_wrapper_map.h",
     "bindings/dom_wrapper_world.cc",

third_party/blink/renderer/platform/bindings/custom_wrappable.h

-// Copyright 2018 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef THIRD_PARTY_BLINK_RENDERER_PLATFORM_BINDINGS_CUSTOM_WRAPPABLE_H_
-#define THIRD_PARTY_BLINK_RENDERER_PLATFORM_BINDINGS_CUSTOM_WRAPPABLE_H_
-
-#include "third_party/blink/renderer/platform/bindings/name_client.h"
-#include "third_party/blink/renderer/platform/heap/handle.h"
-#include "third_party/blink/renderer/platform/wtf/noncopyable.h"
-
-namespace blink {
-
-// See the comment on CustomWrappableAdaptor.
-class PLATFORM_EXPORT CustomWrappable
-    : public GarbageCollectedFinalized<CustomWrappable>,
-      public NameClient {
-  WTF_MAKE_NONCOPYABLE(CustomWrappable);
-
- public:
-  virtual ~CustomWrappable() = default;
-  virtual void Trace(Visitor*) {}
-  const char* NameInHeapSnapshot() const override { return "CustomWrappable"; }
-
- protected:
-  CustomWrappable() = default;
-};
-
-}  // namespace blink
-
-#endif  // THIRD_PARTY_BLINK_RENDERER_PLATFORM_BINDINGS_CUSTOM_WRAPPABLE_H_

third_party/blink/renderer/platform/bindings/script_wrappable_marking_visitor.cc

@@ -7,7 +7,6 @@
 #include "base/auto_reset.h"
 #include "third_party/blink/public/platform/platform.h"
 #include "third_party/blink/renderer/platform/bindings/active_script_wrappable_base.h"
-#include "third_party/blink/renderer/platform/bindings/custom_wrappable.h"
 #include "third_party/blink/renderer/platform/bindings/dom_wrapper_map.h"
 #include "third_party/blink/renderer/platform/bindings/dom_wrapper_world.h"
 #include "third_party/blink/renderer/platform/bindings/scoped_persistent.h"
@@ -166,8 +165,13 @@ void ScriptWrappableMarkingVisitor::RegisterV8Reference(
   if (wrapper_type_info->gin_embedder != gin::GinEmbedder::kEmbedderBlink) {
     return;
   }
+  DCHECK(wrapper_type_info->wrapper_class_id == WrapperTypeInfo::kNodeClassId ||
+         wrapper_type_info->wrapper_class_id ==
+             WrapperTypeInfo::kObjectClassId);
 
-  wrapper_type_info->TraceWithWrappers(this, internal_fields.second);
+  ScriptWrappable* script_wrappable =
+      reinterpret_cast<ScriptWrappable*>(internal_fields.second);
+  TraceWithWrappers(script_wrappable);
 }
 
 void ScriptWrappableMarkingVisitor::RegisterV8References(

third_party/blink/renderer/platform/bindings/v8_dom_wrapper.h

@@ -32,7 +32,6 @@
 #define THIRD_PARTY_BLINK_RENDERER_PLATFORM_BINDINGS_V8_DOM_WRAPPER_H_
 
 #include "base/stl_util.h"
-#include "third_party/blink/renderer/platform/bindings/custom_wrappable.h"
 #include "third_party/blink/renderer/platform/bindings/dom_data_store.h"
 #include "third_party/blink/renderer/platform/bindings/runtime_call_stats.h"
 #include "third_party/blink/renderer/platform/bindings/script_wrappable.h"
@@ -68,24 +67,10 @@ class V8DOMWrapper {
                              ScriptWrappable*,
                              const WrapperTypeInfo*,
                              v8::Local<v8::Object> wrapper);
-  static void AssociateObjectWithWrapper(v8::Isolate*,
-                                         CustomWrappable*,
-                                         const WrapperTypeInfo*,
-                                         v8::Local<v8::Object> wrapper);
-  static void SetNativeInfo(v8::Isolate* isolate,
-                            v8::Local<v8::Object> wrapper,
-                            const WrapperTypeInfo* wrapper_type_info,
-                            ScriptWrappable* script_wrappable) {
-    SetNativeInfoInternal(isolate, wrapper, wrapper_type_info,
-                          script_wrappable);
-  }
-  static void SetNativeInfo(v8::Isolate* isolate,
-                            v8::Local<v8::Object> wrapper,
-                            const WrapperTypeInfo* wrapper_type_info,
-                            CustomWrappable* custom_wrappable) {
-    SetNativeInfoInternal(isolate, wrapper, wrapper_type_info,
-                          custom_wrappable);
-  }
+  static void SetNativeInfo(v8::Isolate*,
+                            v8::Local<v8::Object>,
+                            const WrapperTypeInfo*,
+                            ScriptWrappable*);
   static void ClearNativeInfo(v8::Isolate*, v8::Local<v8::Object>);
 
   // hasInternalFieldsSet only checks if the value has the internal fields for
@@ -93,24 +78,19 @@ class V8DOMWrapper {
   // value may not be a Blink's wrapper object.  In order to make sure of it,
   // Use isWrapper function instead.
   PLATFORM_EXPORT static bool HasInternalFieldsSet(v8::Local<v8::Value>);
-
- private:
-  static void SetNativeInfoInternal(v8::Isolate*,
-                                    v8::Local<v8::Object>,
-                                    const WrapperTypeInfo*,
-                                    void*);
 };
 
-inline void V8DOMWrapper::SetNativeInfoInternal(
+inline void V8DOMWrapper::SetNativeInfo(
     v8::Isolate* isolate,
     v8::Local<v8::Object> wrapper,
     const WrapperTypeInfo* wrapper_type_info,
-    void* wrappable) {
+    ScriptWrappable* script_wrappable) {
   DCHECK_GE(wrapper->InternalFieldCount(), 2);
-  DCHECK(wrappable);
+  DCHECK(script_wrappable);
   DCHECK(wrapper_type_info);
   int indices[] = {kV8DOMWrapperObjectIndex, kV8DOMWrapperTypeIndex};
-  void* values[] = {wrappable, const_cast<WrapperTypeInfo*>(wrapper_type_info)};
+  void* values[] = {script_wrappable,
+                    const_cast<WrapperTypeInfo*>(wrapper_type_info)};
   wrapper->SetAlignedPointerInInternalFields(base::size(indices), indices,
                                              values);
   auto* per_isolate_data = V8PerIsolateData::From(isolate);
@@ -120,7 +100,7 @@ inline void V8DOMWrapper::SetNativeInfoInternal(
   // necessarily detect wrappers created during its incremental marking.
   per_isolate_data->GetScriptWrappableMarkingVisitor()->RegisterV8Reference(
       std::make_pair(const_cast<WrapperTypeInfo*>(wrapper_type_info),
-                     wrappable));
+                     script_wrappable));
 }
 
 inline void V8DOMWrapper::ClearNativeInfo(v8::Isolate* isolate,
@@ -147,19 +127,6 @@ inline v8::Local<v8::Object> V8DOMWrapper::AssociateObjectWithWrapper(
   return wrapper;
 }
 
-inline void V8DOMWrapper::AssociateObjectWithWrapper(
-    v8::Isolate* isolate,
-    CustomWrappable* impl,
-    const WrapperTypeInfo* wrapper_type_info,
-    v8::Local<v8::Object> wrapper) {
-  RUNTIME_CALL_TIMER_SCOPE(
-      isolate, RuntimeCallStats::CounterId::kAssociateObjectWithWrapper);
-  WrapperTypeInfo::WrapperCreated();
-  SetNativeInfo(isolate, wrapper, wrapper_type_info, impl);
-  DCHECK(HasInternalFieldsSet(wrapper));
-  SECURITY_CHECK(ToCustomWrappable(wrapper) == impl);
-}
-
 class V8WrapperInstantiationScope {
   STACK_ALLOCATED();
 

third_party/blink/renderer/platform/bindings/wrapper_type_info.cc

@@ -4,8 +4,6 @@
 
 #include "third_party/blink/renderer/platform/bindings/wrapper_type_info.h"
 
-#include "third_party/blink/renderer/platform/bindings/custom_wrappable.h"
-#include "third_party/blink/renderer/platform/bindings/script_wrappable.h"
 #include "third_party/blink/renderer/platform/heap/handle.h"
 #include "third_party/blink/renderer/platform/heap/heap_stats_collector.h"
 
@@ -27,32 +25,4 @@ void WrapperTypeInfo::WrapperDestroyed() {
   stats_collector->IncreaseCollectedWrapperCount(1);
 }
 
-void WrapperTypeInfo::Trace(Visitor* visitor, void* impl) {
-  switch (wrapper_class_id) {
-    case WrapperTypeInfo::kNodeClassId:
-    case WrapperTypeInfo::kObjectClassId:
-      visitor->Trace(reinterpret_cast<ScriptWrappable*>(impl));
-      break;
-    case WrapperTypeInfo::kCustomWrappableId:
-      visitor->Trace(reinterpret_cast<CustomWrappable*>(impl));
-      break;
-    default:
-      NOTREACHED();
-  }
-}
-
-void WrapperTypeInfo::TraceWithWrappers(Visitor* visitor, void* impl) {
-  switch (wrapper_class_id) {
-    case WrapperTypeInfo::kNodeClassId:
-    case WrapperTypeInfo::kObjectClassId:
-      visitor->TraceWithWrappers(reinterpret_cast<ScriptWrappable*>(impl));
-      break;
-    case WrapperTypeInfo::kCustomWrappableId:
-      visitor->TraceWithWrappers(reinterpret_cast<CustomWrappable*>(impl));
-      break;
-    default:
-      NOTREACHED();
-  }
-}
-
 }  // namespace blink

third_party/blink/renderer/platform/bindings/wrapper_type_info.h

@@ -40,10 +40,8 @@
 namespace blink {
 
 class ActiveScriptWrappableBase;
-class CustomWrappable;
 class DOMWrapperWorld;
 class ScriptWrappable;
-class Visitor;
 
 ScriptWrappable* ToScriptWrappable(
     const v8::PersistentBase<v8::Object>& wrapper);
@@ -89,7 +87,6 @@ struct WrapperTypeInfo {
   enum WrapperClassId {
     kNodeClassId = 1,  // NodeClassId must be smaller than ObjectClassId.
     kObjectClassId,
-    kCustomWrappableId,
   };
 
   enum ActiveScriptWrappableInheritance {
@@ -146,11 +143,6 @@ struct WrapperTypeInfo {
            kInheritFromActiveScriptWrappable;
   }
 
-  // Garbage collection support for when the type depends the WrapperTypeInfo
-  // object.
-  PLATFORM_EXPORT void Trace(Visitor*, void*);
-  PLATFORM_EXPORT void TraceWithWrappers(Visitor*, void*);
-
   // This field must be the first member of the struct WrapperTypeInfo.
   // See also static_assert() in .cpp file.
   const gin::GinEmbedder gin_embedder;
@@ -190,15 +182,6 @@ inline ScriptWrappable* ToScriptWrappable(v8::Local<v8::Object> wrapper) {
   return GetInternalField<ScriptWrappable, kV8DOMWrapperObjectIndex>(wrapper);
 }
 
-inline CustomWrappable* ToCustomWrappable(
-    const v8::PersistentBase<v8::Object>& wrapper) {
-  return GetInternalField<CustomWrappable, kV8DOMWrapperObjectIndex>(wrapper);
-}
-
-inline CustomWrappable* ToCustomWrappable(v8::Local<v8::Object> wrapper) {
-  return GetInternalField<CustomWrappable, kV8DOMWrapperObjectIndex>(wrapper);
-}
-
 inline const WrapperTypeInfo* ToWrapperTypeInfo(
     const v8::PersistentBase<v8::Object>& wrapper) {
   return GetInternalField<WrapperTypeInfo, kV8DOMWrapperTypeIndex>(wrapper);