Revert "[heap] Run phantom handle callbacks on tear down"

This reverts commit fa65063a.

Reason for revert:
This changes API contract with Blink as some state is destroyed before
actually tearing down the Isolate. Flushing the second round tasks
then tries to access various state that is already gone on the Blink
side. See bugs.

Bug: chromium:893944, chromium:893549, chromium:890631

Original change's description:
> [heap] Run phantom handle callbacks on tear down
>
> Pending phantom handle callbacks are not reliably executed if the heap
> shuts down. This can cause to memory leaks or other unwanted behaviour,
> like in wasm where the NativeModules (held in Managed objects
> implemented via phantom handles) unregister from the WasmEngine in the
> second-pass callback. This must be executed before tearing down the
> WasmEngine.
>
> This CL fixes this by running pending callback synchronously on heap
> tear down.
>
> R=ulan@chromium.org, mlippautz@chromium.org
>
> Bug: v8:8208
> Change-Id: I27b630c4d8f1fb12309040ea2179b64eed38710a
> Reviewed-on: https://chromium-review.googlesource.com/1249101
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56286}

TBR=ulan@chromium.org,mlippautz@chromium.org,clemensh@chromium.org

Bug: v8:8208
Change-Id: I4b403fd84473edb8895c3725ff3348574c54247b
Reviewed-on: https://chromium-review.googlesource.com/c/1274085
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56542}

src/global-handles.cc

@@ -1074,7 +1074,7 @@ void GlobalHandles::Print() {
 
 #endif
 
-void GlobalHandles::TearDown() { DispatchPendingPhantomCallbacks(true); }
+void GlobalHandles::TearDown() {}
 
 EternalHandles::EternalHandles() : size_(0) {
   for (unsigned i = 0; i < arraysize(singleton_handles_); i++) {

src/heap/heap.cc

@@ -4511,10 +4511,7 @@ void Heap::RegisterExternallyReferencedObject(Object** object) {
   }
 }
 
-void Heap::StartTearDown() {
-  SetGCState(TEAR_DOWN);
-  isolate_->global_handles()->TearDown();
-}
+void Heap::StartTearDown() { SetGCState(TEAR_DOWN); }
 
 void Heap::TearDown() {
   DCHECK_EQ(gc_state_, TEAR_DOWN);
@@ -4616,6 +4613,8 @@ void Heap::TearDown() {
   delete local_embedder_heap_tracer_;
   local_embedder_heap_tracer_ = nullptr;
 
+  isolate_->global_handles()->TearDown();
+
   external_string_table_.TearDown();
 
   // Tear down all ArrayBuffers before tearing down the heap since  their

src/isolate.cc

@@ -2810,10 +2810,6 @@ void Isolate::Deinit() {
     optimizing_compile_dispatcher_ = nullptr;
   }
 
-  // We start with the heap tear down so that releasing managed objects does
-  // not cause a GC.
-  heap_.StartTearDown();
-
   heap_.mark_compact_collector()->EnsureSweepingCompleted();
   heap_.memory_allocator()->unmapper()->EnsureUnmappingCompleted();
 
@@ -2830,6 +2826,10 @@ void Isolate::Deinit() {
   FreeThreadResources();
   logger_->StopProfilerThread();
 
+  // We start with the heap tear down so that releasing managed objects does
+  // not cause a GC.
+  heap_.StartTearDown();
+
   ReleaseSharedPtrs();
 
   delete deoptimizer_data_;