[wasm] Exclude start function from tiering up its js-to-wasm wrapper

This CL addresses the behaviour of the tiering strategy for the case of
the start function. The start function is currently called as an
exported function, but never stored as one. This results in crashes if
the start function tries to tier up (e.g. if the threshold for the
tiering strategy is set to 1).

Bug: v8:10982
Change-Id: Ic57d581022d84715621ce558988c6512c3200e30
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2517698Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Vicky Kontoura <vkont@google.com>
Cr-Commit-Position: refs/heads/master@{#70999}

src/runtime/runtime-wasm.cc

@@ -226,18 +226,26 @@ RUNTIME_FUNCTION(Runtime_WasmCompileWrapper) {
   const wasm::WasmFunction function = module->functions[function_index];
   const wasm::FunctionSig* sig = function.sig;
 
+  MaybeHandle<WasmExternalFunction> maybe_result =
+      WasmInstanceObject::GetWasmExternalFunction(isolate, instance,
+                                                  function_index);
+
+  Handle<WasmExternalFunction> result;
+  if (!maybe_result.ToHandle(&result)) {
+    // We expect the result to be empty in the case of the start function,
+    // which is not an exported function to begin with.
+    DCHECK_EQ(function_index, module->start_function_index);
+    return ReadOnlyRoots(isolate).undefined_value();
+  }
+
   Handle<Code> wrapper =
       wasm::JSToWasmWrapperCompilationUnit::CompileSpecificJSToWasmWrapper(
           isolate, sig, module);
 
-  function_data->set_wrapper_code(*wrapper);
-
-  MaybeHandle<WasmExternalFunction> maybe_result =
-      WasmInstanceObject::GetWasmExternalFunction(isolate, instance,
-                                                  function_index);
-  Handle<WasmExternalFunction> result = maybe_result.ToHandleChecked();
   result->set_code(*wrapper);
 
+  function_data->set_wrapper_code(*wrapper);
+
   return ReadOnlyRoots(isolate).undefined_value();
 }