[wasm] Fix several gc issues

The pattern "handle->foo(factory->NewXX())" is unsafe, because the
evaluation order of the receiver (dereferencing the handle) and the
argument (allocating something on the heap) is undefined. If the
receiver is evaluated first, then the allocation in the evaluation of
the argument might invalidate the receiver.
In general, gcmole should catch these errors, but sadly, if the
method "foo" receives a Handle, it seems to not catch them.
We should generally refactor our getters and setters to receive and
return raw pointers instead of handles, just like most other code in
our code base.

R=mtrofin@chromium.org, ahaas@chromium.org

Bug: v8:7224
Change-Id: If9e84e4ca7efe02c40b97a8c5c549c222947d6bb
Reviewed-on: https://chromium-review.googlesource.com/832268Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50165}

src/wasm/module-compiler.cc

@@ -2145,8 +2145,9 @@ MaybeHandle<WasmModuleObject> ModuleCompiler::CompileToModuleObjectInternal(
   native_module_ = compiled_module->GetNativeModule();
   compiled_module->OnWasmModuleDecodingComplete(shared);
   if (lazy_compile && FLAG_wasm_jit_to_native) {
-    compiled_module->set_lazy_compile_data(isolate_->factory()->NewFixedArray(
-        static_cast<int>(module_->functions.size()), TENURED));
+    Handle<FixedArray> lazy_compile_data = isolate_->factory()->NewFixedArray(
+        static_cast<int>(module_->functions.size()), TENURED);
+    compiled_module->set_lazy_compile_data(lazy_compile_data);
   }
 
   if (!lazy_compile) {

src/wasm/wasm-code-manager.cc

@@ -246,12 +246,14 @@ void NativeModule::ResizeCodeTableForTest(size_t last_index) {
     code_table_.resize(new_size);
     int grow_by = static_cast<int>(new_size) -
                   compiled_module()->source_positions()->length();
-    compiled_module()->set_source_positions(
-        isolate->factory()->CopyFixedArrayAndGrow(
-            compiled_module()->source_positions(), grow_by, TENURED));
-    compiled_module()->set_handler_table(
-        isolate->factory()->CopyFixedArrayAndGrow(
-            compiled_module()->handler_table(), grow_by, TENURED));
+    Handle<FixedArray> source_positions = compiled_module()->source_positions();
+    source_positions = isolate->factory()->CopyFixedArrayAndGrow(
+        source_positions, grow_by, TENURED);
+    compiled_module()->set_source_positions(source_positions);
+    Handle<FixedArray> handler_table = compiled_module()->handler_table();
+    handler_table = isolate->factory()->CopyFixedArrayAndGrow(handler_table,
+                                                              grow_by, TENURED);
+    compiled_module()->set_handler_table(handler_table);
   }
 }
 

src/wasm/wasm-objects.cc

@@ -1318,10 +1318,12 @@ Handle<WasmCompiledModule> WasmCompiledModule::New(
     native_module->empty_signature_tables() = signature_tables;
 
     int function_count = static_cast<int>(module->functions.size());
-    compiled_module->set_handler_table(
-        isolate->factory()->NewFixedArray(function_count, TENURED));
-    compiled_module->set_source_positions(
-        isolate->factory()->NewFixedArray(function_count, TENURED));
+    Handle<FixedArray> handler_table =
+        isolate->factory()->NewFixedArray(function_count, TENURED);
+    compiled_module->set_handler_table(handler_table);
+    Handle<FixedArray> source_positions =
+        isolate->factory()->NewFixedArray(function_count, TENURED);
+    compiled_module->set_source_positions(source_positions);
   }
   // TODO(mtrofin): copy the rest of the specialization parameters over.
   // We're currently OK because we're only using defaults.