Revert "Oilpan: Check for interiors in freed backings"

This reverts commit 4a8c777f.

Reason for revert: Check did not catch anything.

Original change's description:
> Oilpan: Check for interiors in freed backings
> 
> Backings that we are freeing should not contain any interiors that are registered in HeapCompact.
> This adds a speculative check to diagnose a crash.
> 
> Bug: 918064
> Change-Id: I8c70bb4c2f455f7881474e981a56cb6c7197b94b
> Reviewed-on: https://chromium-review.googlesource.com/c/1437037
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Kentaro Hara <haraken@chromium.org>
> Commit-Queue: Keishi Hattori <keishi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#627008}

TBR=haraken@chromium.org,keishi@chromium.org,mlippautz@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: 918064
Change-Id: Ibe36de441dbdefdf8e5cfd59b50aa14f786fe2ff
Reviewed-on: https://chromium-review.googlesource.com/c/1448074Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Keishi Hattori <keishi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#627954}

third_party/blink/renderer/platform/heap/heap_allocator.h

@@ -9,7 +9,6 @@
 #include "third_party/blink/renderer/platform/bindings/script_wrappable_marking_visitor.h"
 #include "third_party/blink/renderer/platform/heap/heap.h"
 #include "third_party/blink/renderer/platform/heap/heap_buildflags.h"
-#include "third_party/blink/renderer/platform/heap/heap_compact.h"
 #include "third_party/blink/renderer/platform/heap/marking_visitor.h"
 #include "third_party/blink/renderer/platform/heap/trace_traits.h"
 #include "third_party/blink/renderer/platform/wtf/allocator.h"
@@ -407,11 +406,6 @@ void HeapVectorBacking<T, Traits>::Finalize(void* pointer) {
       !std::is_trivially_destructible<T>::value,
       "Finalization of trivially destructible classes should not happen.");
   HeapObjectHeader* header = HeapObjectHeader::FromPayload(pointer);
-
-  // TODO(keishi): Speculative check for crbug.com/918064
-  CHECK(!ThreadState::Current()->Heap().Compaction()->RangeHasInteriors(
-      header->Payload(), header->PayloadSize()));
-
   // Use the payload size as recorded by the heap to determine how many
   // elements to finalize.
   size_t length = header->PayloadSize() / sizeof(T);
@@ -441,9 +435,6 @@ void HeapHashTableBacking<Table>::Finalize(void* pointer) {
       !std::is_trivially_destructible<Value>::value,
       "Finalization of trivially destructible classes should not happen.");
   HeapObjectHeader* header = HeapObjectHeader::FromPayload(pointer);
-  // TODO(keishi): Speculative check for crbug.com/918064
-  CHECK(!ThreadState::Current()->Heap().Compaction()->RangeHasInteriors(
-      header->Payload(), header->PayloadSize()));
   // Use the payload size as recorded by the heap to determine how many
   // elements to finalize.
   size_t length = header->PayloadSize() / sizeof(Value);

third_party/blink/renderer/platform/heap/heap_compact.cc

@@ -130,25 +130,6 @@ class HeapCompact::MovableObjectFixups final {
       fixup_callbacks_.erase(it);
   }
 
-  bool RangeHasInteriors(Address address, size_t size) {
-    if (!interiors_)
-      return false;
-
-    SparseHeapBitmap* range = interiors_->HasRange(address, size);
-    if (LIKELY(!range))
-      return false;
-
-    for (size_t offset = 0; offset < size; offset += sizeof(void*)) {
-      MovableReference* slot =
-          reinterpret_cast<MovableReference*>(address + offset);
-      if (range->IsSet(reinterpret_cast<Address>(slot)))
-        return true;
-    }
-
-    NOTREACHED();
-    return false;
-  }
-
   void RelocateInteriorFixups(Address from, Address to, size_t size) {
     SparseHeapBitmap* range = interiors_->HasRange(from, size);
     if (LIKELY(!range))
@@ -513,10 +494,6 @@ void HeapCompact::Relocate(Address from, Address to) {
   Fixups().Relocate(from, to);
 }
 
-bool HeapCompact::RangeHasInteriors(Address address, size_t size) {
-  return fixups_ && fixups_->RangeHasInteriors(address, size);
-}
-
 void HeapCompact::StartThreadCompaction() {
   if (!do_compact_)
     return;

third_party/blink/renderer/platform/heap/heap_compact.h

@@ -123,9 +123,6 @@ class PLATFORM_EXPORT HeapCompact final {
   // (Called by the sweep compaction pass.)
   void Relocate(Address from, Address to);
 
-  // Returns true if range has registered interiors.
-  bool RangeHasInteriors(Address, size_t);
-
   // For unit testing only: arrange for a compaction GC to be triggered
   // next time a non-conservative GC is run. Sets the compact-next flag
   // to the new value, returning old.