[wasm][gc] Decrement ref count when replacing code

This CL introduces the first (and most important) place where we need
to decrement the ref count of wasm code. When installing new code in
the code table and jump table, the prior code becomes unreachable via
new function calls.
This change executes many code paths that were unreachable before,
since the ref count was never decremented.

R=mstarzinger@chromium.org

Bug: v8:8217
Change-Id: Ibe33df562f240f7cd5996f6061809e93838be425
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566512Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60845}

src/wasm/wasm-code-manager.cc

@@ -771,11 +771,15 @@ WasmCode* NativeModule::PublishCodeLocked(std::unique_ptr<WasmCode> code) {
     // the new code if it was compiled with a higher tier.
     uint32_t slot_idx = code->index() - module_->num_imported_functions;
     WasmCode* prior_code = code_table_[slot_idx];
-    ExecutionTier prior_tier =
-        prior_code == nullptr ? ExecutionTier::kNone : prior_code->tier();
-    bool update_code_table = prior_tier < code->tier();
+    bool update_code_table = !prior_code || prior_code->tier() < code->tier();
     if (update_code_table) {
       code_table_[slot_idx] = code.get();
+      if (prior_code) {
+        WasmCodeRefScope::AddRef(prior_code);
+        // The code is added to the current {WasmCodeRefScope}, hence the ref
+        // count cannot drop to zero here.
+        CHECK(!prior_code->DecRef());
+      }
     }
 
     // Populate optimized code to the jump table unless there is an active