[wasm] Fix phantom handle clearing in destructors.

The destructor of the owner of a phantom handle must clear the phantom
handle first before calling any function that can trigger GC.

Bug: chromium:827806
Change-Id: I20141d0d710c486aec3d92e729d76a53069e16fd
Reviewed-on: https://chromium-review.googlesource.com/992093Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52325}

src/wasm/module-compiler.cc

@@ -3458,14 +3458,15 @@ CompilationState::CompilationState(internal::Isolate* isolate)
 }
 
 CompilationState::~CompilationState() {
-  CancelAndWait();
-  foreground_task_manager_.CancelAndWait();
-
+  // Clear the handle at the beginning of destructor to make it robust against
+  // potential GCs in the rest of the desctructor.
   if (compiled_module_ != nullptr) {
     isolate_->global_handles()->Destroy(
         reinterpret_cast<Object**>(compiled_module_));
     compiled_module_ = nullptr;
   }
+  CancelAndWait();
+  foreground_task_manager_.CancelAndWait();
 }
 
 void CompilationState::SetNumberOfFunctionsToCompile(size_t num_functions) {

src/wasm/wasm-code-manager.cc

@@ -867,13 +867,15 @@ WasmCode* NativeModule::CloneCode(const WasmCode* original_code,
 
 NativeModule::~NativeModule() {
   TRACE_HEAP("Deleting native module: %p\n", reinterpret_cast<void*>(this));
-  wasm_code_manager_->FreeNativeModuleMemories(this);
+  // Clear the handle at the beginning of destructor to make it robust against
+  // potential GCs in the rest of the desctructor.
   if (compiled_module_ != nullptr) {
     Isolate* isolate = compiled_module()->GetIsolate();
     isolate->global_handles()->Destroy(
         reinterpret_cast<Object**>(compiled_module_));
     compiled_module_ = nullptr;
   }
+  wasm_code_manager_->FreeNativeModuleMemories(this);
 }
 
 WasmCodeManager::WasmCodeManager(v8::Isolate* isolate, size_t max_committed)