When called, validate_candidate creates an instance from provided wasm module, which can copy data segments from module into the linear memory at arbitrary locations.
After the module has been instantiated, validation params is copied over to the heap starting from address 0.

This scheme is problematic, because there is always a chance that input data will overwrite the static data. There is also a chance that this data will overlap with the (shadow) stack area, so stack operations may corrupt the input data.

We can fix this issue by mounting (with grow) a few pages for input data by ourselves and putting the data there. I think it is unreasonable for compiler/allocator to expect that it has exclusive control of mounting pages.