[wasm][gc] Remove dead code references when NativeModule dies

If a {NativeModule} dies while a GC is running, we could leave behind
references to code of that deleted module. This CL fixes that.
This issue was found by running with --stress-wasm-code-gc.

R=mstarzinger@chromium.org

Bug: v8:8217
Change-Id: I7f0d98977e6510899170306952936c4a7f7d3c10
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585722Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61041}

src/wasm/wasm-engine.cc

@@ -624,6 +624,19 @@ void WasmEngine::FreeNativeModule(NativeModule* native_module) {
         info->code_to_log.resize(remaining);
       }
     }
+    // If there is a GC running which has references to code contained in the
+    // deleted {NativeModule}, remove those references.
+    if (current_gc_info_) {
+      for (auto it = current_gc_info_->dead_code.begin(),
+                end = current_gc_info_->dead_code.end();
+           it != end;) {
+        if ((*it)->native_module() == native_module) {
+          it = current_gc_info_->dead_code.erase(it);
+        } else {
+          ++it;
+        }
+      }
+    }
     native_modules_.erase(it);
   }
   code_manager_.FreeNativeModule(native_module);
@@ -686,6 +699,7 @@ void WasmEngine::ReportLiveCodeForGC(Isolate* isolate,
       // count.
       dead_code = OwnedVector<WasmCode*>::Of(current_gc_info_->dead_code);
       for (WasmCode* code : dead_code) {
+        DCHECK_EQ(1, native_modules_.count(code->native_module()));
         auto* native_module_info = native_modules_[code->native_module()].get();
         DCHECK_EQ(1, native_module_info->potentially_dead_code.count(code));
         native_module_info->potentially_dead_code.erase(code);