[wasm] Fix partially initialized object during GC

A GC can happen while we allocate the resume callback, and before the
suspender is fully initialized. We cannot just change the order of
allocation, because they both reference each other. So temporarily set a
default value for the "resume" property to make the GC happy.

R=jkummerow@chromium.org

Bug: v8:12803
Change-Id: Ieecc5182b8dcf7a159713c9400d65da59c4b2af6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3586989Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80027}

src/wasm/wasm-objects.cc

@@ -1807,8 +1807,6 @@ Handle<WasmSuspenderObject> WasmSuspenderObject::New(Isolate* isolate) {
   // which it will wrap the imports/exports, allocate in old space too.
   auto suspender = Handle<WasmSuspenderObject>::cast(
       isolate->factory()->NewJSObject(suspender_cons, AllocationType::kOld));
-  suspender->set_continuation(ReadOnlyRoots(isolate).undefined_value());
-  suspender->set_parent(ReadOnlyRoots(isolate).undefined_value());
   suspender->set_state(Inactive);
   // Instantiate the callable object which resumes this Suspender. This will be
   // used implicitly as the onFulfilled callback of the returned JS promise.

src/wasm/wasm-objects.tq

@@ -103,7 +103,7 @@ extern class WasmContinuationObject extends Struct {
 extern class WasmSuspenderObject extends JSObject {
   continuation: WasmContinuationObject|Undefined;
   parent: WasmSuspenderObject|Undefined;
-  resume: JSObject;
+  resume: JSObject|Undefined;
   state: Smi;  // 0: Inactive, 1: Active, 2: Suspended.
 }