Changeset 223002 – WebKit

trunk/JSTests/ChangeLog

-              r222901
+              r223002
+-10-06  Commit Queue  <commit-queue@webkit.org>
+        Unreviewed, rolling out r222791 and r222873.
+        https://bugs.webkit.org/show_bug.cgi?id=178031
+        Caused crashes with workers/wasm LayoutTests (Requested by
+        ryanhaddad on #webkit).
+        Reverted changesets:
+        "WebAssembly: no VM / JS version of everything but Instance"
+        https://bugs.webkit.org/show_bug.cgi?id=177473
+        http://trac.webkit.org/changeset/222791
+        "WebAssembly: address no VM / JS follow-ups"
+        https://bugs.webkit.org/show_bug.cgi?id=177887
+        http://trac.webkit.org/changeset/222873
 -10-05  Saam Barati  <sbarati@apple.com>

trunk/JSTests/wasm/js-api/memory-grow.js

r222791	r223002
46	46
47	47	// This shouldn't neuter the buffer since it fails.
48		assertThrows(() => memory.grow(1000), ~~RangeError, "WebAssembly.Memory.grow would exceed the memory's declared maximum size");~~
	48	assertThrows(() => memory.grow(1000), Error, "Out of memory");
49	49	assertEq(buffer.byteLength, 2641024);
50	50	assertEq(memory.buffer, buffer);

trunk/JSTests/wasm/js-api/table.js

-              r222791
+              r223002
          "WebAssembly.Module doesn't parse at byte 37 / 43: resizable limits has a initial page count of 4294967295 which is greater than its maximum 4294967294 (evaluating 'new WebAssembly.Module(builder.WebAssembly().get())')"],
         [{initial: 2**31, element: "anyfunc"},
          "WebAssembly.Module doesn't parse at byte 24 / 27: Table's initial page count of 2147483648 is too big, maximum 10000000 (evaluating 'new WebAssembly.Module(builder.WebAssembly().get())')",
          "WebAssembly.Module doesn't parse at byte 32 / 38: Table's initial page count of 2147483648 is too big, maximum 10000000 (evaluating 'new WebAssembly.Module(builder.WebAssembly().get())')"],
+         "WebAssembly.Module doesn't parse at byte 24 / 27: Table's initial page count of 2147483648 is invalid (evaluating 'new WebAssembly.Module(builder.WebAssembly().get())')",
+         "WebAssembly.Module doesn't parse at byte 32 / 38: Table's initial page count of 2147483648 is invalid (evaluating 'new WebAssembly.Module(builder.WebAssembly().get())')"],
     ];

trunk/Source/JavaScriptCore/ChangeLog

-              r222981
+              r223002
+-10-06  Commit Queue  <commit-queue@webkit.org>
+        Unreviewed, rolling out r222791 and r222873.
+        https://bugs.webkit.org/show_bug.cgi?id=178031
+        Caused crashes with workers/wasm LayoutTests (Requested by
+        ryanhaddad on #webkit).
+        Reverted changesets:
+        "WebAssembly: no VM / JS version of everything but Instance"
+        https://bugs.webkit.org/show_bug.cgi?id=177473
+        http://trac.webkit.org/changeset/222791
+        "WebAssembly: address no VM / JS follow-ups"
+        https://bugs.webkit.org/show_bug.cgi?id=177887
+        http://trac.webkit.org/changeset/222873
 -10-06  Robin Morisset  <rmorisset@apple.com>

trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj

-              r222954
+              r223002
 CFC6F01C33B10000C768EA /* LLIntPCRanges.h in Headers */ = {isa = PBXBuildFile; fileRef = 79CFC6EF1C33B10000C768EA /* LLIntPCRanges.h */; settings = {ATTRIBUTES = (Private, ); }; };
 D5CD5B1C1106A900CECA07 /* SamplingProfiler.h in Headers */ = {isa = PBXBuildFile; fileRef = 79D5CD591C1106A900CECA07 /* SamplingProfiler.h */; settings = {ATTRIBUTES = (Private, ); }; };
 DAE27A1E03C82200B526AA /* WasmExceptionType.h in Headers */ = {isa = PBXBuildFile; fileRef = 79DAE2791E03C82200B526AA /* WasmExceptionType.h */; settings = {ATTRIBUTES = (Private, ); }; };
+DAE27A1E03C82200B526AA /* WasmExceptionType.h in Headers */ = {isa = PBXBuildFile; fileRef = 79DAE2791E03C82200B526AA /* WasmExceptionType.h */; };
 DFCBDB1D88C59600527D03 /* HasOwnPropertyCache.h in Headers */ = {isa = PBXBuildFile; fileRef = 79DFCBDA1D88C59600527D03 /* HasOwnPropertyCache.h */; settings = {ATTRIBUTES = (Private, ); }; };
 EE0C001B4AFB85000385C9 /* VariableEnvironment.h in Headers */ = {isa = PBXBuildFile; fileRef = 79EE0BFE1B4AFB85000385C9 /* VariableEnvironment.h */; settings = {ATTRIBUTES = (Private, ); }; };
 …
                 AD2FCC211DB59CB200B3E736 /* WebAssemblyTablePrototype.lut.h in Headers */ = {isa = PBXBuildFile; fileRef = AD2FCC151DB59C5900B3E736 /* WebAssemblyTablePrototype.lut.h */; };
                 AD2FCC2D1DB838FD00B3E736 /* WebAssemblyPrototype.h in Headers */ = {isa = PBXBuildFile; fileRef = AD2FCC271DB838C400B3E736 /* WebAssemblyPrototype.h */; };
+                AD2FCC311DB83D4900B3E736 /* JSWebAssembly.h in Headers */ = {isa = PBXBuildFile; fileRef = AD2FCC2F1DB839F700B3E736 /* JSWebAssembly.h */; };
                 AD412B341E7B2E9E008AF157 /* WasmContext.h in Headers */ = {isa = PBXBuildFile; fileRef = AD412B321E7B2E8A008AF157 /* WasmContext.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 AD4252511E5D0E14009D2A97 /* FullCodeOrigin.h in Headers */ = {isa = PBXBuildFile; fileRef = AD4252501E5D0DEB009D2A97 /* FullCodeOrigin.h */; };
 …
                 AD4B1DFA1DF244E20071AE32 /* WasmBinding.h in Headers */ = {isa = PBXBuildFile; fileRef = AD4B1DF81DF244D70071AE32 /* WasmBinding.h */; };
                 AD5B416F1EBAFB77008EFA43 /* WasmName.h in Headers */ = {isa = PBXBuildFile; fileRef = AD5B416E1EBAFB65008EFA43 /* WasmName.h */; settings = {ATTRIBUTES = (Private, ); }; };
-                AD5C36DD1F688B65000BCAAF /* WasmEmbedder.h in Headers */ = {isa = PBXBuildFile; fileRef = AD5C36DC1F688B5F000BCAAF /* WasmEmbedder.h */; settings = {ATTRIBUTES = (Private, ); }; };
-                AD5C36E21F699EC0000BCAAF /* WasmInstance.h in Headers */ = {isa = PBXBuildFile; fileRef = AD5C36DF1F699EB6000BCAAF /* WasmInstance.h */; settings = {ATTRIBUTES = (Private, ); }; };
-                AD5C36E61F69EC91000BCAAF /* WasmTable.h in Headers */ = {isa = PBXBuildFile; fileRef = AD5C36E41F69EC8B000BCAAF /* WasmTable.h */; settings = {ATTRIBUTES = (Private, ); }; };
-                AD5C36EA1F75AD6A000BCAAF /* JSToWasm.h in Headers */ = {isa = PBXBuildFile; fileRef = AD8DD6CF1F67089F0004EB52 /* JSToWasm.h */; settings = {ATTRIBUTES = (Private, ); }; };
-                AD5C36EB1F75AD73000BCAAF /* JSWebAssembly.h in Headers */ = {isa = PBXBuildFile; fileRef = ADD09AF31F62482E001313C2 /* JSWebAssembly.h */; settings = {ATTRIBUTES = (Private, ); }; };
-                AD5C36EC1F75AD7C000BCAAF /* WasmToJS.h in Headers */ = {isa = PBXBuildFile; fileRef = ADD09AEE1F5F623F001313C2 /* WasmToJS.h */; settings = {ATTRIBUTES = (Private, ); }; };
-                AD5C36EF1F7A263A000BCAAF /* WasmMemoryMode.h in Headers */ = {isa = PBXBuildFile; fileRef = AD5C36EE1F7A2629000BCAAF /* WasmMemoryMode.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 AD7438C01E0457A400FD0C2A /* WasmSignature.h in Headers */ = {isa = PBXBuildFile; fileRef = AD7438BF1E04579200FD0C2A /* WasmSignature.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 AD86A93E1AA4D88D002FE77F /* WeakGCMapInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = AD86A93D1AA4D87C002FE77F /* WeakGCMapInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
 …
                 AD2FCC261DB838C400B3E736 /* WebAssemblyPrototype.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = WebAssemblyPrototype.cpp; path = js/WebAssemblyPrototype.cpp; sourceTree = "<group>"; };
                 AD2FCC271DB838C400B3E736 /* WebAssemblyPrototype.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = WebAssemblyPrototype.h; path = js/WebAssemblyPrototype.h; sourceTree = "<group>"; };
+                AD2FCC2E1DB839F700B3E736 /* JSWebAssembly.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSWebAssembly.cpp; sourceTree = "<group>"; };
+                AD2FCC2F1DB839F700B3E736 /* JSWebAssembly.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSWebAssembly.h; sourceTree = "<group>"; };
                 AD2FCC321DC4045300B3E736 /* WasmFormat.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WasmFormat.cpp; sourceTree = "<group>"; };
-                AD3F1E471F4BA78600669912 /* WABase.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WABase.h; sourceTree = "<group>"; };
-                AD3F1E4A1F4DE68C00669912 /* WAInstance.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WAInstance.h; sourceTree = "<group>"; };
-                AD3F1E4B1F4DE68C00669912 /* WATable.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WATable.h; sourceTree = "<group>"; };
-                AD3F1E4C1F4DE68C00669912 /* WAMemory.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WAMemory.h; sourceTree = "<group>"; };
-                AD3F1E521F4F4AE500669912 /* WAMemory.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WAMemory.cpp; sourceTree = "<group>"; };
-                AD3F1E531F4F4AE500669912 /* WAModule.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WAModule.cpp; sourceTree = "<group>"; };
-                AD3F1E541F4F4AE500669912 /* WAInstance.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WAInstance.cpp; sourceTree = "<group>"; };
-                AD3F1E551F4F4AE500669912 /* WATable.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WATable.cpp; sourceTree = "<group>"; };
-                AD3F1E641F50E57F00669912 /* WAException.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WAException.h; sourceTree = "<group>"; };
-                AD3F1E651F50E57F00669912 /* WAException.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WAException.cpp; sourceTree = "<group>"; };
-                AD3F1E681F547CB600669912 /* WAMemoryDescriptor.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WAMemoryDescriptor.cpp; sourceTree = "<group>"; };
-                AD3F1E691F547CB600669912 /* WAMemoryDescriptor.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WAMemoryDescriptor.h; sourceTree = "<group>"; };
-                AD3F1E6A1F547CB600669912 /* WAImportObject.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WAImportObject.h; sourceTree = "<group>"; };
-                AD3F1E6B1F547CB800669912 /* WATableDescriptor.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WATableDescriptor.h; sourceTree = "<group>"; };
-                AD3F1E6C1F547CB800669912 /* WAImportObject.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WAImportObject.cpp; sourceTree = "<group>"; };
-                AD3F1E6D1F547CB800669912 /* WATableDescriptor.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WATableDescriptor.cpp; sourceTree = "<group>"; };
-                AD3F1E701F54C3AA00669912 /* WAFunction.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WAFunction.h; sourceTree = "<group>"; };
-                AD3F1E711F54C3AA00669912 /* WAFunction.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WAFunction.cpp; sourceTree = "<group>"; };
                 AD412B311E7B2E8A008AF157 /* WasmContext.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WasmContext.cpp; sourceTree = "<group>"; };
                 AD412B321E7B2E8A008AF157 /* WasmContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WasmContext.h; sourceTree = "<group>"; };
 …
                 AD4B1DF81DF244D70071AE32 /* WasmBinding.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WasmBinding.h; sourceTree = "<group>"; };
                 AD5B416E1EBAFB65008EFA43 /* WasmName.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WasmName.h; sourceTree = "<group>"; };
-                AD5C36DC1F688B5F000BCAAF /* WasmEmbedder.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WasmEmbedder.h; sourceTree = "<group>"; };
-                AD5C36DE1F699EB6000BCAAF /* WasmInstance.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WasmInstance.cpp; sourceTree = "<group>"; };
-                AD5C36DF1F699EB6000BCAAF /* WasmInstance.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WasmInstance.h; sourceTree = "<group>"; };
-                AD5C36E31F69EC8B000BCAAF /* WasmTable.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WasmTable.cpp; sourceTree = "<group>"; };
-                AD5C36E41F69EC8B000BCAAF /* WasmTable.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WasmTable.h; sourceTree = "<group>"; };
-                AD5C36EE1F7A2629000BCAAF /* WasmMemoryMode.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WasmMemoryMode.h; sourceTree = "<group>"; };
-                AD5C36F01F7A26BF000BCAAF /* WasmMemoryMode.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WasmMemoryMode.cpp; sourceTree = "<group>"; };
                 AD7438BE1E04579200FD0C2A /* WasmSignature.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WasmSignature.cpp; sourceTree = "<group>"; };
                 AD7438BF1E04579200FD0C2A /* WasmSignature.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WasmSignature.h; sourceTree = "<group>"; };
                 AD86A93D1AA4D87C002FE77F /* WeakGCMapInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WeakGCMapInlines.h; sourceTree = "<group>"; };
-                AD8DD6CF1F67089F0004EB52 /* JSToWasm.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = JSToWasm.h; path = js/JSToWasm.h; sourceTree = "<group>"; };
-                AD8DD6D01F6708A30004EB52 /* JSToWasm.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; name = JSToWasm.cpp; path = js/JSToWasm.cpp; sourceTree = "<group>"; };
                 AD8FF3951EB5BD850087FF82 /* WasmIndexOrName.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WasmIndexOrName.h; sourceTree = "<group>"; };
                 AD8FF3961EB5BD850087FF82 /* WasmIndexOrName.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WasmIndexOrName.cpp; sourceTree = "<group>"; };
 …
                 ADBC54D21DF8EA00005BF738 /* WebAssemblyToJSCallee.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = WebAssemblyToJSCallee.cpp; path = js/WebAssemblyToJSCallee.cpp; sourceTree = "<group>"; };
                 ADBC54D31DF8EA00005BF738 /* WebAssemblyToJSCallee.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = WebAssemblyToJSCallee.h; path = js/WebAssemblyToJSCallee.h; sourceTree = "<group>"; };
-                ADD09AEE1F5F623F001313C2 /* WasmToJS.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = WasmToJS.h; path = js/WasmToJS.h; sourceTree = "<group>"; };
-                ADD09AEF1F5F623F001313C2 /* WasmToJS.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; name = WasmToJS.cpp; path = js/WasmToJS.cpp; sourceTree = "<group>"; };
-                ADD09AF21F624829001313C2 /* JSWebAssembly.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; name = JSWebAssembly.cpp; path = js/JSWebAssembly.cpp; sourceTree = "<group>"; };
-                ADD09AF31F62482E001313C2 /* JSWebAssembly.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = JSWebAssembly.h; path = js/JSWebAssembly.h; sourceTree = "<group>"; };
                 ADD8FA431EB3077100DF542F /* WasmNameSectionParser.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WasmNameSectionParser.h; sourceTree = "<group>"; };
                 ADD8FA441EB3077100DF542F /* WasmNameSectionParser.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WasmNameSectionParser.cpp; sourceTree = "<group>"; };
 …
                 ADE802971E08F1C90058DE78 /* WebAssemblyLinkErrorPrototype.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = WebAssemblyLinkErrorPrototype.h; path = js/WebAssemblyLinkErrorPrototype.h; sourceTree = "<group>"; };
                 ADE8029D1E08F2260058DE78 /* WebAssemblyLinkErrorConstructor.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = WebAssemblyLinkErrorConstructor.cpp; path = js/WebAssemblyLinkErrorConstructor.cpp; sourceTree = "<group>"; };
-                ADFC30F71F47A7B8006451D3 /* WebAssembly.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WebAssembly.h; sourceTree = "<group>"; };
-                ADFC30F91F47A8C0006451D3 /* WAModule.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WAModule.h; sourceTree = "<group>"; };
                 B59F89371891AD3300D5CCDC /* UnlinkedInstructionStream.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = UnlinkedInstructionStream.h; sourceTree = "<group>"; };
                 B59F89381891ADB500D5CCDC /* UnlinkedInstructionStream.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = UnlinkedInstructionStream.cpp; sourceTree = "<group>"; };
 …
                                 E124A8F60E555775003091F1 /* OpaqueJSString.cpp */,
                                 E124A8F50E555775003091F1 /* OpaqueJSString.h */,
-                                AD3F1E471F4BA78600669912 /* WABase.h */,
-                                AD3F1E651F50E57F00669912 /* WAException.cpp */,
-                                AD3F1E641F50E57F00669912 /* WAException.h */,
-                                AD3F1E711F54C3AA00669912 /* WAFunction.cpp */,
-                                AD3F1E701F54C3AA00669912 /* WAFunction.h */,
-                                AD3F1E6C1F547CB800669912 /* WAImportObject.cpp */,
-                                AD3F1E6A1F547CB600669912 /* WAImportObject.h */,
-                                AD3F1E541F4F4AE500669912 /* WAInstance.cpp */,
-                                AD3F1E4A1F4DE68C00669912 /* WAInstance.h */,
-                                AD3F1E521F4F4AE500669912 /* WAMemory.cpp */,
-                                AD3F1E4C1F4DE68C00669912 /* WAMemory.h */,
-                                AD3F1E681F547CB600669912 /* WAMemoryDescriptor.cpp */,
-                                AD3F1E691F547CB600669912 /* WAMemoryDescriptor.h */,
-                                AD3F1E531F4F4AE500669912 /* WAModule.cpp */,
-                                ADFC30F91F47A8C0006451D3 /* WAModule.h */,
-                                AD3F1E551F4F4AE500669912 /* WATable.cpp */,
-                                AD3F1E4B1F4DE68C00669912 /* WATable.h */,
-                                AD3F1E6D1F547CB800669912 /* WATableDescriptor.cpp */,
-                                AD3F1E6B1F547CB800669912 /* WATableDescriptor.h */,
-                                ADFC30F71F47A7B8006451D3 /* WebAssembly.h */,
 DE3D0F40DD8DDFB00468714 /* WebKitAvailability.h */,
                         );
 …
                         children = (
                                 AD2FCB8A1DB5840000B3E736 /* js */,
+                                AD2FCC2E1DB839F700B3E736 /* JSWebAssembly.cpp */,
+                                AD2FCC2F1DB839F700B3E736 /* JSWebAssembly.h */,
 F40E8E1D5902820099A1B6 /* WasmB3IRGenerator.cpp */,
 F40E921D5A4AB30099A1B6 /* WasmB3IRGenerator.h */,
 …
                                 AD412B311E7B2E8A008AF157 /* WasmContext.cpp */,
                                 AD412B321E7B2E8A008AF157 /* WasmContext.h */,
-                                AD5C36DC1F688B5F000BCAAF /* WasmEmbedder.h */,
 DAE2791E03C82200B526AA /* WasmExceptionType.h */,
 B9361E60E9660090F794 /* WasmFaultSignalHandler.cpp */,
 …
                                 AD8FF3961EB5BD850087FF82 /* WasmIndexOrName.cpp */,
                                 AD8FF3951EB5BD850087FF82 /* WasmIndexOrName.h */,
-                                AD5C36DE1F699EB6000BCAAF /* WasmInstance.cpp */,
-                                AD5C36DF1F699EB6000BCAAF /* WasmInstance.h */,
                                 AD00659D1ECAC7FE000CA926 /* WasmLimits.h */,
 E9E0A91EAE83DE00FEE251 /* WasmMachineThreads.cpp */,
 …
 B759711DFA4C600052174C /* WasmMemoryInformation.cpp */,
 B759721DFA4C600052174C /* WasmMemoryInformation.h */,
-                                AD5C36F01F7A26BF000BCAAF /* WasmMemoryMode.cpp */,
-                                AD5C36EE1F7A2629000BCAAF /* WasmMemoryMode.h */,
                                 790081361E95A8EC0052D7CD /* WasmModule.cpp */,
                                 790081371E95A8EC0052D7CD /* WasmModule.h */,
 …
                                 AD7438BE1E04579200FD0C2A /* WasmSignature.cpp */,
                                 AD7438BF1E04579200FD0C2A /* WasmSignature.h */,
-                                AD5C36E31F69EC8B000BCAAF /* WasmTable.cpp */,
-                                AD5C36E41F69EC8B000BCAAF /* WasmTable.h */,
 D2CF1E8DA05A0029A932 /* WasmThunks.cpp */,
 D2D01E8DA05A0029A932 /* WasmThunks.h */,
 …
                         isa = PBXGroup;
                         children = (
-                                AD8DD6D01F6708A30004EB52 /* JSToWasm.cpp */,
-                                AD8DD6CF1F67089F0004EB52 /* JSToWasm.h */,
-                                ADD09AF21F624829001313C2 /* JSWebAssembly.cpp */,
-                                ADD09AF31F62482E001313C2 /* JSWebAssembly.h */,
 AA2F1E65E8A100A532FC /* JSWebAssemblyCodeBlock.cpp */,
                                 AD9E852E1E8A0C6E008DE39E /* JSWebAssemblyCodeBlock.h */,
 …
                                 AD2FCBAE1DB58DA400B3E736 /* JSWebAssemblyTable.cpp */,
                                 AD2FCBAF1DB58DA400B3E736 /* JSWebAssemblyTable.h */,
-                                ADD09AEF1F5F623F001313C2 /* WasmToJS.cpp */,
-                                ADD09AEE1F5F623F001313C2 /* WasmToJS.h */,
                                 AD2FCBB01DB58DA400B3E736 /* WebAssemblyCompileErrorConstructor.cpp */,
                                 AD2FCBB11DB58DA400B3E736 /* WebAssemblyCompileErrorConstructor.h */,
 …
 FDF67D21D9C6D27001B9825 /* B3Kind.h in Headers */,
 E54531C468E7400B5AF73 /* B3LegalizeMemoryOffsets.h in Headers */,
-                                AD5C36EC1F75AD7C000BCAAF /* WasmToJS.h in Headers */,
 F338E1E1BF286EA0013C88F /* B3LowerMacros.h in Headers */,
 DA041C1BE40D001D260B /* B3LowerMacrosAfterOptimizations.h in Headers */,
 …
 F21918B3E1670098FF8B /* Bytecodes.h in Headers */,
 F885E111849A3BE00F1E3FA /* BytecodeUseDef.h in Headers */,
-                                AD5C36EB1F75AD73000BCAAF /* JSWebAssembly.h in Headers */,
 F8023EA1613832B00A0BA45 /* ByValInfo.h in Headers */,
 B8392E1BACAD360044E824 /* CachedRecovery.h in Headers */,
 …
                                 DCEE220D1CEBAF75000C2396 /* DFGNullAbstractState.h in Headers */,
 F2B9CE719D0BA7D00B1D1B5 /* DFGObjectAllocationSinkingPhase.h in Headers */,
-                                AD5C36DD1F688B65000BCAAF /* WasmEmbedder.h in Headers */,
 F2B9CE919D0BA7D00B1D1B5 /* DFGObjectMaterializationData.h in Headers */,
 EC9DD01328DF82002B2AD7 /* DFGOperations.h in Headers */,
 …
 FB105861675481200F8AB6E /* ExitKind.h in Headers */,
 F0B83AB14BCF5BB00885B4F /* ExpressionRangeInfo.h in Headers */,
-                                AD5C36EA1F75AD6A000BCAAF /* JSToWasm.h in Headers */,
 FEC3C571F33A45300F59B6C /* FastMallocAlignedMemoryAllocator.h in Headers */,
                                 A7A8AF3817ADB5F3005AB174 /* Float32Array.h in Headers */,
-                                AD5C36E21F699EC0000BCAAF /* WasmInstance.h in Headers */,
                                 A7A8AF3917ADB5F3005AB174 /* Float64Array.h in Headers */,
 F24E54317EA9F5900ABB217 /* FPRInfo.h in Headers */,
 …
 F0B286B1EB8E6CF000EB5D2 /* JSWeakPrivate.h in Headers */,
 FB8681AE335C60039D069 /* JSWeakSet.h in Headers */,
+                                AD2FCC311DB83D4900B3E736 /* JSWebAssembly.h in Headers */,
                                 AD9E852F1E8A0C7C008DE39E /* JSWebAssemblyCodeBlock.h in Headers */,
 EFD4841EBC045C00F3DFEA /* JSWebAssemblyCodeBlockSubspace.h in Headers */,
 …
 F7C39FB1C8F629300480151 /* RegExpInlines.h in Headers */,
                                 A1712B4111C7B235007A5315 /* RegExpKey.h in Headers */,
-                                AD5C36E61F69EC91000BCAAF /* WasmTable.h in Headers */,
                                 BC18C45B0E16F5CD00B34460 /* RegExpObject.h in Headers */,
 F7C39FD1C8F659500480151 /* RegExpObjectInlines.h in Headers */,
 …
 F426A491460CBB700131F8F /* VirtualRegister.h in Headers */,
 F1FB3931E177A7200A9BE50 /* VisitingTimeout.h in Headers */,
-                                AD5C36EF1F7A263A000BCAAF /* WasmMemoryMode.h in Headers */,
 F952AA11DF7860900E06FBD /* VisitRaceKey.h in Headers */,
                                 BC18C4200E16F5CD00B34460 /* VM.h in Headers */,

trunk/Source/JavaScriptCore/Sources.txt

-              r222827
+              r223002
 tools/VMInspector.cpp
+wasm/JSWebAssembly.cpp
 wasm/WasmB3IRGenerator.cpp
 wasm/WasmBBQPlan.cpp
 …
 wasm/WasmCodeBlock.cpp
 wasm/WasmContext.cpp
-wasm/WasmEmbedder.h
 wasm/WasmFaultSignalHandler.cpp
 wasm/WasmFormat.cpp
 wasm/WasmIndexOrName.cpp
-wasm/WasmInstance.cpp
-wasm/WasmInstance.h
 wasm/WasmMachineThreads.cpp
 wasm/WasmMemory.cpp
 wasm/WasmMemoryInformation.cpp
-wasm/WasmMemoryMode.cpp
 wasm/WasmModule.cpp
 wasm/WasmModuleInformation.cpp
 …
 wasm/WasmPlan.cpp
 wasm/WasmSignature.cpp
-wasm/WasmTable.cpp
-wasm/WasmTable.h
 wasm/WasmThunks.cpp
 wasm/WasmValidate.cpp
 wasm/WasmWorklist.cpp
-wasm/js/JSToWasm.cpp
-wasm/js/JSToWasm.h
-wasm/js/JSWebAssembly.cpp
 wasm/js/JSWebAssemblyCodeBlock.cpp
 wasm/js/JSWebAssemblyCodeBlockSubspace.cpp
 …
 wasm/js/JSWebAssemblyRuntimeError.cpp
 wasm/js/JSWebAssemblyTable.cpp
-wasm/js/WasmToJS.cpp
-wasm/js/WasmToJS.h
 wasm/js/WebAssemblyCompileErrorConstructor.cpp
 wasm/js/WebAssemblyCompileErrorPrototype.cpp

trunk/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp

r222891	r223002
180	180	{
181	181	restoreScratch();
182		jit->copyCalleeSavesTo~~EntryFrameCalleeSavesBuffer(m_vm.topEntryFrame~~);
	182	jit->copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(m_vm);
183	183	if (needsToRestoreRegistersIfException()) {
184	184	// To the JIT that produces the original exception handling

trunk/Source/JavaScriptCore/debugger/Debugger.cpp

-              r222791
+              r223002
 /*
  *  Copyright (C) 2008-2017 Apple Inc. All rights reserved.
+ *  Copyright (C) 2008, 2013, 2014, 2016 Apple Inc. All rights reserved.
  *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
  *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
 …
         return;
     EntryFrame* topEntryFrame = m_vm.topEntryFrame;
     m_pauseOnCallFrame = m_currentCallFrame ? m_currentCallFrame->callerFrame(topEntryFrame) : nullptr;
+    VMEntryFrame* topVMEntryFrame = m_vm.topVMEntryFrame;
+    m_pauseOnCallFrame = m_currentCallFrame ? m_currentCallFrame->callerFrame(topVMEntryFrame) : nullptr;
     m_pauseOnStepOut = true;
     setSteppingMode(SteppingModeEnabled);
 …
         return;
     EntryFrame* topEntryFrame = m_vm.topEntryFrame;
     CallFrame* callerFrame = m_currentCallFrame->callerFrame(topEntryFrame);
+    VMEntryFrame* topVMEntryFrame = m_vm.topVMEntryFrame;
+    CallFrame* callerFrame = m_currentCallFrame->callerFrame(topVMEntryFrame);
     // Returning from a call, there was at least one expression on the statement we are returning to.
 …
         return;
     EntryFrame* topEntryFrame = m_vm.topEntryFrame;
     CallFrame* callerFrame = m_currentCallFrame->callerFrame(topEntryFrame);
+    VMEntryFrame* topVMEntryFrame = m_vm.topVMEntryFrame;
+    CallFrame* callerFrame = m_currentCallFrame->callerFrame(topVMEntryFrame);
     // Treat stepping over an exception location like a step-out.
 …
         return;
     EntryFrame* topEntryFrame = m_vm.topEntryFrame;
     CallFrame* callerFrame = m_currentCallFrame->callerFrame(topEntryFrame);
+    VMEntryFrame* topVMEntryFrame = m_vm.topVMEntryFrame;
+    CallFrame* callerFrame = m_currentCallFrame->callerFrame(topVMEntryFrame);
     // Returning from a program, could be eval(), there was at least one expression on the statement we are returning to.

trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp

-              r222871
+              r223002
         m_exceptionChecksWithCallFrameRollback.link(this);
         copyCalleeSavesToEntryFrameCalleeSavesBuffer(vm()->topEntryFrame);
+        copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(*vm());
         // lookupExceptionHandlerFromCallerFrame is passed two arguments, the VM and the exec (the CallFrame*).
 …
         m_exceptionChecks.link(this);
         copyCalleeSavesToEntryFrameCalleeSavesBuffer(vm()->topEntryFrame);
+        copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(*vm());
         // lookupExceptionHandler is passed two arguments, the VM and the exec (the CallFrame*).

trunk/Source/JavaScriptCore/dfg/DFGOSREntry.cpp

-              r222791
+              r223002
 /*
  * Copyright (C) 2011-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2011, 2013-2016 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
     unsigned registerCount = registerSaveLocations->size();
     VMEntryRecord* record = vmEntryRecord(vm->topEntryFrame);
+    VMEntryRecord* record = vmEntryRecord(vm->topVMEntryFrame);
     for (unsigned i = 0; i < registerCount; i++) {
         RegisterAtOffset currentEntry = registerSaveLocations->at(i);

trunk/Source/JavaScriptCore/dfg/DFGOSRExit.cpp

-              r222871
+              r223002
 /*
  * Copyright (C) 2011-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2011, 2013 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
             // We are acting as a defacto op_catch because we arrive here from genericUnwind().
             // So, we must restore our call frame and stack pointer.
             jit.restoreCalleeSavesFromEntryFrameCalleeSavesBuffer(vm->topEntryFrame);
+            jit.restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer(*vm);
             jit.loadPtr(vm->addressOfCallFrameForCatch(), GPRInfo::callFrameRegister);
+        }
 …
     if (exit.isExceptionHandler())
         jit.copyCalleeSavesToEntryFrameCalleeSavesBuffer(vm.topEntryFrame);
+        jit.copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(vm);
     // Do all data format conversions and store the results into the stack.

trunk/Source/JavaScriptCore/dfg/DFGThunks.cpp

r222871	r223002
144	144
145	145	ok.link(&jit);
146		jit.restoreCalleeSavesFrom~~EntryFrameCalleeSavesBuffer(vm->topEntryFrame~~);
	146	jit.restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer(*vm);
147	147	jit.emitMaterializeTagCheckRegisters();
148	148

trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp

r222791	r223002
132	132	// Emit the exception handler.
133	133	*state.exceptionHandler = jit.label();
134		jit.copyCalleeSavesTo~~EntryFrameCalleeSavesBuffer(vm.topEntryFrame~~);
	134	jit.copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(vm);
135	135	jit.move(MacroAssembler::TrustedImmPtr(&vm), GPRInfo::argumentGPR0);
136	136	jit.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR1);

trunk/Source/JavaScriptCore/ftl/FTLLink.cpp

-              r222791
+              r223002
 /*
  * Copyright (C) 2013-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
             auto noException = jit.branch32(CCallHelpers::GreaterThanOrEqual, GPRInfo::returnValueGPR, CCallHelpers::TrustedImm32(0));
             jit.copyCalleeSavesToEntryFrameCalleeSavesBuffer(vm.topEntryFrame);
+            jit.copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(vm);
             jit.move(CCallHelpers::TrustedImmPtr(&vm), GPRInfo::argumentGPR0);
             jit.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR1);

trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp

r222827	r223002
265	265	MacroAssembler::TrustedImm32(callSiteIndex.bits()),
266	266	CCallHelpers::tagFor(VirtualRegister(CallFrameSlot::argumentCount)));
267		jit.copyCalleeSavesTo~~EntryFrameCalleeSavesBuffer(vm->topEntryFrame~~);
	267	jit.copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(*vm);
268	268
269	269	jit.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);

trunk/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp

-              r222791
+              r223002
 /*
  * Copyright (C) 2013-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2016 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
     if (exit.isGenericUnwindHandler()) {
         RELEASE_ASSERT(vm->callFrameForCatch); // The first time we hit this exit, like at all other times, this field should be non-null.
         jit.restoreCalleeSavesFromEntryFrameCalleeSavesBuffer(vm->topEntryFrame);
+        jit.restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer(*vm);
         jit.loadPtr(vm->addressOfCallFrameForCatch(), MacroAssembler::framePointerRegister);
         jit.addPtr(CCallHelpers::TrustedImm32(codeBlock->stackPointerOffset() * sizeof(Register)),
 …
     RegisterSet vmCalleeSavesToSkip = RegisterSet::stackRegisters();
     if (exit.isExceptionHandler()) {
         jit.loadPtr(&vm->topEntryFrame, GPRInfo::regT1);
         jit.addPtr(CCallHelpers::TrustedImm32(EntryFrame::calleeSaveRegistersBufferOffset()), GPRInfo::regT1);
+        jit.loadPtr(&vm->topVMEntryFrame, GPRInfo::regT1);
+        jit.addPtr(CCallHelpers::TrustedImm32(VMEntryFrame::calleeSaveRegistersBufferOffset()), GPRInfo::regT1);
+    }

trunk/Source/JavaScriptCore/interpreter/CallFrame.cpp

-              r222791
+              r223002
 /*
  * Copyright (C) 2008-2017 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008, 2013-2014, 2016 Apple Inc. All Rights Reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
 #include "Interpreter.h"
 #include "JSCInlines.h"
-#include "JSWebAssemblyInstance.h"
 #include "VMEntryScope.h"
 #include "WasmContext.h"
 …
     if (!callee().isWasm())
         return lexicalGlobalObject();
     return vm.wasmContext.load()->globalObject();
+    return Wasm::loadContext(vm)->globalObject();
 #else
     UNUSED_PARAM(vm);
 …
+}
 CallFrame* CallFrame::callerFrame(EntryFrame*& currEntryFrame)
+{
     if (callerFrameOrEntryFrame() == currEntryFrame) {
         VMEntryRecord* currVMEntryRecord = vmEntryRecord(currEntryFrame);
         currEntryFrame = currVMEntryRecord->prevTopEntryFrame();
+CallFrame* CallFrame::callerFrame(VMEntryFrame*& currVMEntryFrame)
+{
+    if (callerFrameOrVMEntryFrame() == currVMEntryFrame) {
+        VMEntryRecord* currVMEntryRecord = vmEntryRecord(currVMEntryFrame);
+        currVMEntryFrame = currVMEntryRecord->prevTopVMEntryFrame();
         return currVMEntryRecord->prevTopCallFrame();
+    }
     return static_cast<CallFrame*>(callerFrameOrEntryFrame());
+}
 SUPPRESS_ASAN CallFrame* CallFrame::unsafeCallerFrame(EntryFrame*& currEntryFrame)
+{
     if (unsafeCallerFrameOrEntryFrame() == currEntryFrame) {
         VMEntryRecord* currVMEntryRecord = vmEntryRecord(currEntryFrame);
         currEntryFrame = currVMEntryRecord->unsafePrevTopEntryFrame();
+    return static_cast<CallFrame*>(callerFrameOrVMEntryFrame());
+}
+SUPPRESS_ASAN CallFrame* CallFrame::unsafeCallerFrame(VMEntryFrame*& currVMEntryFrame)
+{
+    if (unsafeCallerFrameOrVMEntryFrame() == currVMEntryFrame) {
+        VMEntryRecord* currVMEntryRecord = vmEntryRecord(currVMEntryFrame);
+        currVMEntryFrame = currVMEntryRecord->unsafePrevTopVMEntryFrame();
         return currVMEntryRecord->unsafePrevTopCallFrame();
+    }
     return static_cast<CallFrame*>(unsafeCallerFrameOrEntryFrame());
+    return static_cast<CallFrame*>(unsafeCallerFrameOrVMEntryFrame());
+}

trunk/Source/JavaScriptCore/interpreter/CallFrame.h

-              r222791
+              r223002
         CallFrame& operator=(const Register& r) { *static_cast<Register*>(this) = r; return *this; }
         CallFrame* callerFrame() const { return static_cast<CallFrame*>(callerFrameOrEntryFrame()); }
         void* callerFrameOrEntryFrame() const { return callerFrameAndPC().callerFrame; }
         SUPPRESS_ASAN void* unsafeCallerFrameOrEntryFrame() const { return unsafeCallerFrameAndPC().callerFrame; }
         CallFrame* unsafeCallerFrame(EntryFrame*&);
         JS_EXPORT_PRIVATE CallFrame* callerFrame(EntryFrame*&);
+        CallFrame* callerFrame() const { return static_cast<CallFrame*>(callerFrameOrVMEntryFrame()); }
+        void* callerFrameOrVMEntryFrame() const { return callerFrameAndPC().callerFrame; }
+        SUPPRESS_ASAN void* unsafeCallerFrameOrVMEntryFrame() const { return unsafeCallerFrameAndPC().callerFrame; }
+        CallFrame* unsafeCallerFrame(VMEntryFrame*&);
+        JS_EXPORT_PRIVATE CallFrame* callerFrame(VMEntryFrame*&);
         JS_EXPORT_PRIVATE SourceOrigin callerSourceOrigin();

trunk/Source/JavaScriptCore/interpreter/FrameTracers.h

-              r222791
+              r223002
 /*
  * Copyright (C) 2016-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
 namespace JSC {
 struct EntryFrame;
+struct VMEntryFrame;
 class SuspendExceptionScope {
 …
         ASSERT(vm);
         ASSERT(callFrame);
         ASSERT(reinterpret_cast<void*>(callFrame) < reinterpret_cast<void*>(vm->topEntryFrame));
+        ASSERT(reinterpret_cast<void*>(callFrame) < reinterpret_cast<void*>(vm->topVMEntryFrame));
         vm->topCallFrame = callFrame;
+    }
 …
 class NativeCallFrameTracerWithRestore {
 public:
     ALWAYS_INLINE NativeCallFrameTracerWithRestore(VM* vm, EntryFrame* EntryFrame, CallFrame* callFrame)
+    ALWAYS_INLINE NativeCallFrameTracerWithRestore(VM* vm, VMEntryFrame* vmEntryFrame, CallFrame* callFrame)
         : m_vm(vm)
+    {
         ASSERT(vm);
         ASSERT(callFrame);
         m_savedTopEntryFrame = vm->topEntryFrame;
+        m_savedTopVMEntryFrame = vm->topVMEntryFrame;
         m_savedTopCallFrame = vm->topCallFrame;
         vm->topEntryFrame = EntryFrame;
+        vm->topVMEntryFrame = vmEntryFrame;
         vm->topCallFrame = callFrame;
+    }
 …
     ALWAYS_INLINE ~NativeCallFrameTracerWithRestore()
+    {
         m_vm->topEntryFrame = m_savedTopEntryFrame;
+        m_vm->topVMEntryFrame = m_savedTopVMEntryFrame;
         m_vm->topCallFrame = m_savedTopCallFrame;
+    }
 …
 private:
     VM* m_vm;
     EntryFrame* m_savedTopEntryFrame;
+    VMEntryFrame* m_savedTopVMEntryFrame;
     CallFrame* m_savedTopCallFrame;
 };

trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

-              r222791
+              r223002
         notifyDebuggerOfUnwinding(m_vm, m_callFrame);
         copyCalleeSavesToEntryFrameCalleeSavesBuffer(visitor);
         bool shouldStopUnwinding = visitor->callerIsEntryFrame();
+        copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(visitor);
+        bool shouldStopUnwinding = visitor->callerIsVMEntryFrame();
         if (shouldStopUnwinding)
             return StackVisitor::Done;
 …
 private:
     void copyCalleeSavesToEntryFrameCalleeSavesBuffer(StackVisitor& visitor) const
+    void copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(StackVisitor& visitor) const
+    {
 #if ENABLE(JIT) && NUMBER_OF_CALLEE_SAVES_REGISTERS > 0
 …
         unsigned registerCount = currentCalleeSaves->size();
         VMEntryRecord* record = vmEntryRecord(m_vm.topEntryFrame);
+        VMEntryRecord* record = vmEntryRecord(m_vm.topVMEntryFrame);
         for (unsigned i = 0; i < registerCount; i++) {
             RegisterAtOffset currentEntry = currentCalleeSaves->at(i);
 …
     if (unwindStart == UnwindFromCallerFrame) {
         if (callFrame->callerFrameOrEntryFrame() == vm.topEntryFrame)
+        if (callFrame->callerFrameOrVMEntryFrame() == vm.topVMEntryFrame)
             return nullptr;

trunk/Source/JavaScriptCore/interpreter/StackVisitor.cpp

-              r222791
+              r223002
 /*
  * Copyright (C) 2013, 2015-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2013, 2015-2016 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
     if (startFrame) {
         ASSERT(vm);
         m_frame.m_entryFrame = vm->topEntryFrame;
+        m_frame.m_VMEntryFrame = vm->topVMEntryFrame;
         topFrame = vm->topCallFrame;
         if (topFrame && static_cast<void*>(m_frame.m_entryFrame) == static_cast<void*>(topFrame)) {
             topFrame = vmEntryRecord(m_frame.m_entryFrame)->m_prevTopCallFrame;
             m_frame.m_entryFrame = vmEntryRecord(m_frame.m_entryFrame)->m_prevTopEntryFrame;
+        if (topFrame && static_cast<void*>(m_frame.m_VMEntryFrame) == static_cast<void*>(topFrame)) {
+            topFrame = vmEntryRecord(m_frame.m_VMEntryFrame)->m_prevTopCallFrame;
+            m_frame.m_VMEntryFrame = vmEntryRecord(m_frame.m_VMEntryFrame)->m_prevTopVMEntryFrame;
+        }
     } else {
         m_frame.m_entryFrame = 0;
+        m_frame.m_VMEntryFrame = 0;
         topFrame = 0;
+    }
     m_frame.m_callerIsEntryFrame = false;
+    m_frame.m_callerIsVMEntryFrame = false;
     readFrame(topFrame);
 …
                 inlineCallFrame = m_frame.inlineCallFrame();
+            }
             m_frame.m_entryFrame = m_frame.m_callerEntryFrame;
+            m_frame.m_VMEntryFrame = m_frame.m_CallerVMEntryFrame;
             readFrame(m_frame.callerFrame());
         } else
 …
+    }
 #endif // ENABLE(DFG_JIT)
     m_frame.m_entryFrame = m_frame.m_callerEntryFrame;
+    m_frame.m_VMEntryFrame = m_frame.m_CallerVMEntryFrame;
     readFrame(m_frame.callerFrame());
+}
 …
     m_frame.m_callFrame = callFrame;
     m_frame.m_argumentCountIncludingThis = callFrame->argumentCountIncludingThis();
     m_frame.m_callerEntryFrame = m_frame.m_entryFrame;
     m_frame.m_callerFrame = callFrame->callerFrame(m_frame.m_callerEntryFrame);
     m_frame.m_callerIsEntryFrame = m_frame.m_callerEntryFrame != m_frame.m_entryFrame;
+    m_frame.m_CallerVMEntryFrame = m_frame.m_VMEntryFrame;
+    m_frame.m_callerFrame = callFrame->callerFrame(m_frame.m_CallerVMEntryFrame);
+    m_frame.m_callerIsVMEntryFrame = m_frame.m_CallerVMEntryFrame != m_frame.m_VMEntryFrame;
     m_frame.m_isWasmFrame = false;
 …
             indent--;
+        }
         out.print(indent, "EntryFrame: ", RawPointer(m_entryFrame), "\n");
+        out.print(indent, "vmEntryFrame: ", RawPointer(vmEntryFrame()), "\n");
         indent--;
+    }

trunk/Source/JavaScriptCore/interpreter/StackVisitor.h

-              r222791
+              r223002
 /*
  * Copyright (C) 2013-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2013, 2015-2016 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
         size_t index() const { return m_index; }
         size_t argumentCountIncludingThis() const { return m_argumentCountIncludingThis; }
         bool callerIsEntryFrame() const { return m_callerIsEntryFrame; }
+        bool callerIsVMEntryFrame() const { return m_callerIsVMEntryFrame; }
         CallFrame* callerFrame() const { return m_callerFrame; }
         CalleeBits callee() const { return m_callee; }
 …
         ClonedArguments* createArguments();
+        VMEntryFrame* vmEntryFrame() const { return m_VMEntryFrame; }
         CallFrame* callFrame() const { return m_callFrame; }
 …
 #endif
         CallFrame* m_callFrame;
         EntryFrame* m_entryFrame;
         EntryFrame* m_callerEntryFrame;
+        VMEntryFrame* m_VMEntryFrame;
+        VMEntryFrame* m_CallerVMEntryFrame;
         CallFrame* m_callerFrame;
         CalleeBits m_callee;
 …
         unsigned m_bytecodeOffset;
         Wasm::IndexOrName m_wasmFunctionIndexOrName;
         bool m_callerIsEntryFrame : 1;
+        bool m_callerIsVMEntryFrame : 1;
         bool m_isWasmFrame : 1;

trunk/Source/JavaScriptCore/interpreter/VMEntryRecord.h

-              r222791
+              r223002
 /*
  * Copyright (C) 2014-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2014, 2016 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
 namespace JSC {
 struct EntryFrame;
+struct VMEntryFrame;
 class ExecState;
 class VM;
 …
     VM* m_vm;
     ExecState* m_prevTopCallFrame;
     EntryFrame* m_prevTopEntryFrame;
+    VMEntryFrame* m_prevTopVMEntryFrame;
 #if ENABLE(JIT) && NUMBER_OF_CALLEE_SAVES_REGISTERS > 0
 …
     SUPPRESS_ASAN ExecState* unsafePrevTopCallFrame() { return m_prevTopCallFrame; }
     EntryFrame* prevTopEntryFrame() { return m_prevTopEntryFrame; }
     SUPPRESS_ASAN EntryFrame* unsafePrevTopEntryFrame() { return m_prevTopEntryFrame; }
+    VMEntryFrame* prevTopVMEntryFrame() { return m_prevTopVMEntryFrame; }
+    SUPPRESS_ASAN VMEntryFrame* unsafePrevTopVMEntryFrame() { return m_prevTopVMEntryFrame; }
 };
 extern "C" VMEntryRecord* vmEntryRecord(EntryFrame*);
+extern "C" VMEntryRecord* vmEntryRecord(VMEntryFrame*);
 struct EntryFrame {
+struct VMEntryFrame {
 #if ENABLE(JIT) && NUMBER_OF_CALLEE_SAVES_REGISTERS > 0
     static ptrdiff_t vmEntryRecordOffset()
+    {
         EntryFrame* fakeEntryFrame = reinterpret_cast<EntryFrame*>(0x1000);
         VMEntryRecord* record = vmEntryRecord(fakeEntryFrame);
+        VMEntryFrame* fakeVMEntryFrame = reinterpret_cast<VMEntryFrame*>(0x1000);
+        VMEntryRecord* record = vmEntryRecord(fakeVMEntryFrame);
         return static_cast<ptrdiff_t>(
             reinterpret_cast<char*>(record) - reinterpret_cast<char*>(fakeEntryFrame));
+            reinterpret_cast<char*>(record) - reinterpret_cast<char*>(fakeVMEntryFrame));
+    }

trunk/Source/JavaScriptCore/jit/AssemblyHelpers.cpp

-              r222791
+              r223002
 #endif
 void AssemblyHelpers::restoreCalleeSavesFromEntryFrameCalleeSavesBuffer(EntryFrame*& topEntryFrame)
+void AssemblyHelpers::restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer(VM& vm)
+{
 #if NUMBER_OF_CALLEE_SAVES_REGISTERS > 0
 …
     ASSERT(scratch != InvalidGPRReg);
     loadPtr(&topEntryFrame, scratch);
     addPtr(TrustedImm32(EntryFrame::calleeSaveRegistersBufferOffset()), scratch);
+    loadPtr(&vm.topVMEntryFrame, scratch);
+    addPtr(TrustedImm32(VMEntryFrame::calleeSaveRegistersBufferOffset()), scratch);
     // Restore all callee saves except for the scratch.
 …
     loadPtr(Address(scratch, entry.offset()), scratch);
 #else
     UNUSED_PARAM(topEntryFrame);
+    UNUSED_PARAM(vm);
 #endif
+}
 …
 #if ENABLE(WEBASSEMBLY)
 void AssemblyHelpers::loadWasmContextInstance(GPRReg dst)
+void AssemblyHelpers::loadWasmContext(GPRReg dst)
+{
 #if ENABLE(FAST_TLS_JIT)
     if (Wasm::Context::useFastTLS()) {
+    if (Wasm::useFastTLSForContext()) {
         loadFromTLSPtr(fastTLSOffsetForKey(WTF_WASM_CONTEXT_KEY), dst);
         return;
+    }
 #endif
     move(Wasm::PinnedRegisterInfo::get().wasmContextInstancePointer, dst);
+}
 void AssemblyHelpers::storeWasmContextInstance(GPRReg src)
+    move(Wasm::PinnedRegisterInfo::get().wasmContextPointer, dst);
+}
+void AssemblyHelpers::storeWasmContext(GPRReg src)
+{
 #if ENABLE(FAST_TLS_JIT)
     if (Wasm::Context::useFastTLS()) {
+    if (Wasm::useFastTLSForContext()) {
         storeToTLSPtr(src, fastTLSOffsetForKey(WTF_WASM_CONTEXT_KEY));
         return;
+    }
 #endif
     move(src, Wasm::PinnedRegisterInfo::get().wasmContextInstancePointer);
+}
 bool AssemblyHelpers::loadWasmContextInstanceNeedsMacroScratchRegister()
+    move(src, Wasm::PinnedRegisterInfo::get().wasmContextPointer);
+}
+bool AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister()
+{
 #if ENABLE(FAST_TLS_JIT)
     if (Wasm::Context::useFastTLS())
+    if (Wasm::useFastTLSForContext())
         return loadFromTLSPtrNeedsMacroScratchRegister();
 #endif
 …
+}
 bool AssemblyHelpers::storeWasmContextInstanceNeedsMacroScratchRegister()
+bool AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister()
+{
 #if ENABLE(FAST_TLS_JIT)
     if (Wasm::Context::useFastTLS())
+    if (Wasm::useFastTLSForContext())
         return storeToTLSPtrNeedsMacroScratchRegister();
 #endif
 …
+}
 void AssemblyHelpers::copyCalleeSavesToEntryFrameCalleeSavesBufferImpl(GPRReg calleeSavesBuffer)
+void AssemblyHelpers::copyCalleeSavesToVMEntryFrameCalleeSavesBufferImpl(GPRReg calleeSavesBuffer)
+{
 #if NUMBER_OF_CALLEE_SAVES_REGISTERS > 0
     addPtr(TrustedImm32(EntryFrame::calleeSaveRegistersBufferOffset()), calleeSavesBuffer);
+    addPtr(TrustedImm32(VMEntryFrame::calleeSaveRegistersBufferOffset()), calleeSavesBuffer);
     RegisterAtOffsetList* allCalleeSaves = VM::getAllCalleeSaveRegisterOffsets();

trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h

-              r222791
+              r223002
+    {
 #if NUMBER_OF_CALLEE_SAVES_REGISTERS > 0
         loadPtr(Address(vmGPR, VM::topEntryFrameOffset()), vmGPR);
         copyCalleeSavesToEntryFrameCalleeSavesBufferImpl(vmGPR);
+        loadPtr(Address(vmGPR, VM::topVMEntryFrameOffset()), vmGPR);
+        copyCalleeSavesToVMEntryFrameCalleeSavesBufferImpl(vmGPR);
 #else
         UNUSED_PARAM(vmGPR);
 …
+    }
     void copyCalleeSavesToEntryFrameCalleeSavesBuffer(EntryFrame*& topEntryFrame, const TempRegisterSet& usedRegisters = { RegisterSet::stubUnavailableRegisters() })
+    void copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(VM& vm, const TempRegisterSet& usedRegisters = { RegisterSet::stubUnavailableRegisters() })
+    {
 #if NUMBER_OF_CALLEE_SAVES_REGISTERS > 0
         GPRReg temp1 = usedRegisters.getFreeGPR(0);
         loadPtr(&topEntryFrame, temp1);
         copyCalleeSavesToEntryFrameCalleeSavesBufferImpl(temp1);
 #else
         UNUSED_PARAM(topEntryFrame);
+        loadPtr(&vm.topVMEntryFrame, temp1);
+        copyCalleeSavesToVMEntryFrameCalleeSavesBufferImpl(temp1);
+#else
+        UNUSED_PARAM(vm);
         UNUSED_PARAM(usedRegisters);
 #endif
+    }
     void restoreCalleeSavesFromEntryFrameCalleeSavesBuffer(EntryFrame*&);
     void copyCalleeSavesFromFrameOrRegisterToEntryFrameCalleeSavesBuffer(EntryFrame*& topEntryFrame, const TempRegisterSet& usedRegisters = { RegisterSet::stubUnavailableRegisters() })
+    void restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer(VM&);
+    void copyCalleeSavesFromFrameOrRegisterToVMEntryFrameCalleeSavesBuffer(VM& vm, const TempRegisterSet& usedRegisters = { RegisterSet::stubUnavailableRegisters() })
+    {
 #if NUMBER_OF_CALLEE_SAVES_REGISTERS > 0
 …
         // Copy saved calleeSaves on stack or unsaved calleeSaves in register to vm calleeSave buffer
         loadPtr(&topEntryFrame, temp1);
         addPtr(TrustedImm32(EntryFrame::calleeSaveRegistersBufferOffset()), temp1);
+        loadPtr(&vm.topVMEntryFrame, temp1);
+        addPtr(TrustedImm32(VMEntryFrame::calleeSaveRegistersBufferOffset()), temp1);
         RegisterAtOffsetList* allCalleeSaves = VM::getAllCalleeSaveRegisterOffsets();
 …
         for (unsigned i = 0; i < registerCount; i++) {
             RegisterAtOffset entry = allCalleeSaves->at(i);
             if (dontCopyRegisters.get(entry.reg()))
+            RegisterAtOffset vmEntry = allCalleeSaves->at(i);
+            if (dontCopyRegisters.get(vmEntry.reg()))
                 continue;
             RegisterAtOffset* currentFrameEntry = currentCalleeSaves->find(entry.reg());
             if (entry.reg().isGPR()) {
+            RegisterAtOffset* currentFrameEntry = currentCalleeSaves->find(vmEntry.reg());
+            if (vmEntry.reg().isGPR()) {
                 GPRReg regToStore;
                 if (currentFrameEntry) {
 …
                 } else
                     // Just store callee save directly
                     regToStore = entry.reg().gpr();
                 storePtr(regToStore, Address(temp1, entry.offset()));
+                    regToStore = vmEntry.reg().gpr();
+                storePtr(regToStore, Address(temp1, vmEntry.offset()));
             } else {
                 FPRReg fpRegToStore;
 …
                 } else
                     // Just store callee save directly
                     fpRegToStore = entry.reg().fpr();
                 storeDouble(fpRegToStore, Address(temp1, entry.offset()));
+                    fpRegToStore = vmEntry.reg().fpr();
+                storeDouble(fpRegToStore, Address(temp1, vmEntry.offset()));
+            }
+        }
 #else
         UNUSED_PARAM(topEntryFrame);
+        UNUSED_PARAM(vm);
         UNUSED_PARAM(usedRegisters);
 #endif
 …
 #if ENABLE(WEBASSEMBLY)
     void loadWasmContextInstance(GPRReg dst);
     void storeWasmContextInstance(GPRReg src);
     static bool loadWasmContextInstanceNeedsMacroScratchRegister();
     static bool storeWasmContextInstanceNeedsMacroScratchRegister();
+    void loadWasmContext(GPRReg dst);
+    void storeWasmContext(GPRReg src);
+    static bool loadWasmContextNeedsMacroScratchRegister();
+    static bool storeWasmContextNeedsMacroScratchRegister();
 #endif
 protected:
     void copyCalleeSavesToEntryFrameCalleeSavesBufferImpl(GPRReg calleeSavesBuffer);
+    void copyCalleeSavesToVMEntryFrameCalleeSavesBufferImpl(GPRReg calleeSavesBuffer);
     CodeBlock* m_codeBlock;

trunk/Source/JavaScriptCore/jit/JIT.cpp

-              r222791
+              r223002
     ASSERT(!m_bytecodeOffset);
     copyCalleeSavesFromFrameOrRegisterToEntryFrameCalleeSavesBuffer(vm()->topEntryFrame);
+    copyCalleeSavesFromFrameOrRegisterToVMEntryFrameCalleeSavesBuffer(*vm());
     callOperation(operationOptimize, m_bytecodeOffset);
 …
         m_exceptionChecksWithCallFrameRollback.link(this);
         copyCalleeSavesToEntryFrameCalleeSavesBuffer(vm()->topEntryFrame);
+        copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(*vm());
         // lookupExceptionHandlerFromCallerFrame is passed two arguments, the VM and the exec (the CallFrame*).
 …
         m_exceptionChecks.link(this);
         copyCalleeSavesToEntryFrameCalleeSavesBuffer(vm()->topEntryFrame);
+        copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(*vm());
         // lookupExceptionHandler is passed two arguments, the VM and the exec (the CallFrame*).

trunk/Source/JavaScriptCore/jit/JITExceptions.cpp

-              r222791
+              r223002
 /*
  * Copyright (C) 2012-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2013, 2016 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
     ExecState* shadowChickenTopFrame = callFrame;
     if (unwindStart == UnwindFromCallerFrame) {
         EntryFrame* topEntryFrame = vm->topEntryFrame;
         shadowChickenTopFrame = callFrame->callerFrame(topEntryFrame);
+        VMEntryFrame* topVMEntryFrame = vm->topVMEntryFrame;
+        shadowChickenTopFrame = callFrame->callerFrame(topVMEntryFrame);
+    }
     vm->shadowChicken().log(*vm, shadowChickenTopFrame, ShadowChicken::Packet::throwPacket());
 …
         catchRoutine = LLInt::getCodePtr(handleUncaughtException);
     ASSERT(bitwise_cast<uintptr_t>(callFrame) < bitwise_cast<uintptr_t>(vm->topEntryFrame));
+    ASSERT(bitwise_cast<uintptr_t>(callFrame) < bitwise_cast<uintptr_t>(vm->topVMEntryFrame));
     vm->callFrameForCatch = callFrame;

trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp

-              r222827
+              r223002
+{
     ASSERT(regT0 == returnValueGPR);
     copyCalleeSavesToEntryFrameCalleeSavesBuffer(vm()->topEntryFrame);
+    copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(*vm());
     emitGetVirtualRegister(currentInstruction[1].u.operand, regT0);
     callOperationNoExceptionCheck(operationThrow, regT0);
 …
 void JIT::emit_op_catch(Instruction* currentInstruction)
+{
     restoreCalleeSavesFromEntryFrameCalleeSavesBuffer(vm()->topEntryFrame);
+    restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer(*vm());
     move(TrustedImmPtr(m_vm), regT3);
 …
         linkSlowCase(iter);
         copyCalleeSavesFromFrameOrRegisterToEntryFrameCalleeSavesBuffer(vm()->topEntryFrame);
+        copyCalleeSavesFromFrameOrRegisterToVMEntryFrameCalleeSavesBuffer(*vm());
         callOperation(operationOptimize, m_bytecodeOffset);

trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp

-              r222827
+              r223002
 /*
  * Copyright (C) 2009-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2009, 2012-2016 Apple Inc. All rights reserved.
  * Copyright (C) 2010 Patrick Gansterer <paroga@paroga.com>
+ *
 …
+{
     ASSERT(regT0 == returnValueGPR);
     copyCalleeSavesToEntryFrameCalleeSavesBuffer(vm()->topEntryFrame);
+    copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(*vm());
     emitLoad(currentInstruction[1].u.operand, regT1, regT0);
     callOperationNoExceptionCheck(operationThrow, regT1, regT0);
 …
 void JIT::emit_op_catch(Instruction* currentInstruction)
+{
     restoreCalleeSavesFromEntryFrameCalleeSavesBuffer(vm()->topEntryFrame);
+    restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer(*vm());
     move(TrustedImmPtr(m_vm), regT3);

trunk/Source/JavaScriptCore/jit/JITOperations.cpp

-              r222791
+              r223002
     auto scope = DECLARE_THROW_SCOPE(*vm);
     EntryFrame* entryFrame = vm->topEntryFrame;
     CallFrame* callerFrame = exec->callerFrame(entryFrame);
+    VMEntryFrame* vmEntryFrame = vm->topVMEntryFrame;
+    CallFrame* callerFrame = exec->callerFrame(vmEntryFrame);
     if (!callerFrame) {
         callerFrame = exec;
         entryFrame = vm->topEntryFrame;
+    }
     NativeCallFrameTracerWithRestore tracer(vm, entryFrame, callerFrame);
+        vmEntryFrame = vm->topVMEntryFrame;
+    }
+    NativeCallFrameTracerWithRestore tracer(vm, vmEntryFrame, callerFrame);
     throwStackOverflowError(callerFrame, scope);
+}
 …
     auto scope = DECLARE_THROW_SCOPE(*vm);
     EntryFrame* entryFrame = vm->topEntryFrame;
     CallFrame* callerFrame = exec->callerFrame(entryFrame);
     NativeCallFrameTracerWithRestore tracer(vm, entryFrame, callerFrame);
+    VMEntryFrame* vmEntryFrame = vm->topVMEntryFrame;
+    CallFrame* callerFrame = exec->callerFrame(vmEntryFrame);
+    NativeCallFrameTracerWithRestore tracer(vm, vmEntryFrame, callerFrame);
     ErrorHandlingScope errorScope(*vm);
     throwException(callerFrame, scope, createError(callerFrame, ASCIILiteral("Division by zero or division overflow.")));
 …
     auto scope = DECLARE_THROW_SCOPE(*vm);
     EntryFrame* entryFrame = vm->topEntryFrame;
     CallFrame* callerFrame = exec->callerFrame(entryFrame);
     NativeCallFrameTracerWithRestore tracer(vm, entryFrame, callerFrame);
+    VMEntryFrame* vmEntryFrame = vm->topVMEntryFrame;
+    CallFrame* callerFrame = exec->callerFrame(vmEntryFrame);
+    NativeCallFrameTracerWithRestore tracer(vm, vmEntryFrame, callerFrame);
     ErrorHandlingScope errorScope(*vm);
     throwException(callerFrame, scope, createError(callerFrame, ASCIILiteral("Out-of-bounds access.")));
 …
     int32_t missingArgCount = CommonSlowPaths::arityCheckFor(exec, *vm, CodeForCall);
     if (missingArgCount < 0) {
         EntryFrame* entryFrame = vm->topEntryFrame;
         CallFrame* callerFrame = exec->callerFrame(entryFrame);
         NativeCallFrameTracerWithRestore tracer(vm, entryFrame, callerFrame);
+        VMEntryFrame* vmEntryFrame = vm->topVMEntryFrame;
+        CallFrame* callerFrame = exec->callerFrame(vmEntryFrame);
+        NativeCallFrameTracerWithRestore tracer(vm, vmEntryFrame, callerFrame);
         throwStackOverflowError(callerFrame, scope);
+    }
 …
     int32_t missingArgCount = CommonSlowPaths::arityCheckFor(exec, *vm, CodeForConstruct);
     if (missingArgCount < 0) {
         EntryFrame* entryFrame = vm->topEntryFrame;
         CallFrame* callerFrame = exec->callerFrame(entryFrame);
         NativeCallFrameTracerWithRestore tracer(vm, entryFrame, callerFrame);
+        VMEntryFrame* vmEntryFrame = vm->topVMEntryFrame;
+        CallFrame* callerFrame = exec->callerFrame(vmEntryFrame);
+        NativeCallFrameTracerWithRestore tracer(vm, vmEntryFrame, callerFrame);
         throwStackOverflowError(callerFrame, scope);
+    }

trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp

-              r222791
+              r223002
     jit.preserveReturnAddressAfterCall(GPRInfo::nonPreservedNonReturnGPR);
     jit.copyCalleeSavesToEntryFrameCalleeSavesBuffer(vm->topEntryFrame);
+    jit.copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(*vm);
     jit.setupArguments(CCallHelpers::TrustedImmPtr(vm), GPRInfo::callFrameRegister);
 …
     exceptionHandler.link(&jit);
     jit.copyCalleeSavesToEntryFrameCalleeSavesBuffer(vm->topEntryFrame);
+    jit.copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(*vm);
     jit.storePtr(JSInterfaceJIT::callFrameRegister, &vm->topCallFrame);

trunk/Source/JavaScriptCore/jsc.cpp

-              r222895
+              r223002
+{
     VM& vm = exec->vm();
     EntryFrame* topEntryFrame = vm.topEntryFrame;
     ExecState* callerFrame = exec->callerFrame(topEntryFrame);
+    VMEntryFrame* topVMEntryFrame = vm.topVMEntryFrame;
+    ExecState* callerFrame = exec->callerFrame(topVMEntryFrame);
     if (callerFrame)
         vm.interpreter->dumpCallFrame(callerFrame);

trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

-              r222827
+              r223002
     auto throwScope = DECLARE_THROW_SCOPE(vm);
     EntryFrame* topEntryFrame = vm.topEntryFrame;
     CallFrame* callerFrame = exec->callerFrame(topEntryFrame);
+    VMEntryFrame* vmEntryFrame = vm.topVMEntryFrame;
+    CallFrame* callerFrame = exec->callerFrame(vmEntryFrame);
     if (!callerFrame) {
         callerFrame = exec;
         topEntryFrame = vm.topEntryFrame;
+    }
     NativeCallFrameTracerWithRestore tracer(&vm, topEntryFrame, callerFrame);
+        vmEntryFrame = vm.topVMEntryFrame;
+    }
+    NativeCallFrameTracerWithRestore tracer(&vm, vmEntryFrame, callerFrame);
     LLINT_SET_PC_FOR_STUBS();

trunk/Source/JavaScriptCore/llint/LLIntThunks.cpp

r222791	r223002
1	1	/*
2		* Copyright (C) 2012-2017 Apple Inc. All rights reserved.
	2	* Copyright (C) 2012-2013, 2016 Apple Inc. All rights reserved.
3	3	*
4	4	* Redistribution and use in source and binary forms, with or without
…	…
117	117	}
118	118
119		extern "C" VMEntryRecord* vmEntryRecord(EntryFrame* entryFrame)
	119	extern "C" VMEntryRecord* vmEntryRecord(VMEntryFrame* entryFrame)
120	120	{
121	121	// The C Loop doesn't have any callee save registers, so the VMEntryRecord is allocated at the base of the frame.

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm

-              r222791
+              r223002
 macro copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(vm, temp)
     if ARM64 or X86_64 or X86_64_WIN
         loadp VM::topEntryFrame[vm], temp
+        loadp VM::topVMEntryFrame[vm], temp
         vmEntryRecord(temp, temp)
         leap VMEntryRecord::calleeSaveRegistersBuffer[temp], temp
 …
 macro restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer(vm, temp)
     if ARM64 or X86_64 or X86_64_WIN
         loadp VM::topEntryFrame[vm], temp
+        loadp VM::topVMEntryFrame[vm], temp
         vmEntryRecord(temp, temp)
         leap VMEntryRecord::calleeSaveRegistersBuffer[temp], temp
 …
         ret
     # VMEntryRecord* vmEntryRecord(const EntryFrame* entryFrame)
+    # VMEntryRecord* vmEntryRecord(const VMEntryFrame* entryFrame)
     global _vmEntryRecord
     _vmEntryRecord:

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

-              r222791
+              r223002
     loadp VM::topCallFrame[vm], t4
     storep t4, VMEntryRecord::m_prevTopCallFrame[sp]
     loadp VM::topEntryFrame[vm], t4
     storep t4, VMEntryRecord::m_prevTopEntryFrame[sp]
+    loadp VM::topVMEntryFrame[vm], t4
+    storep t4, VMEntryRecord::m_prevTopVMEntryFrame[sp]
     # Align stack pointer
 …
     loadp VMEntryRecord::m_prevTopCallFrame[sp], t4
     storep t4, VM::topCallFrame[t5]
     loadp VMEntryRecord::m_prevTopEntryFrame[sp], t4
     storep t4, VM::topEntryFrame[t5]
+    loadp VMEntryRecord::m_prevTopVMEntryFrame[sp], t4
+    storep t4, VM::topVMEntryFrame[t5]
     if ARMv7
 …
 .copyArgsDone:
     storep sp, VM::topCallFrame[vm]
     storep cfr, VM::topEntryFrame[vm]
+    storep cfr, VM::topVMEntryFrame[vm]
     makeCall(entry, t3, t4)
 …
     loadp VMEntryRecord::m_prevTopCallFrame[sp], t4
     storep t4, VM::topCallFrame[t5]
     loadp VMEntryRecord::m_prevTopEntryFrame[sp], t4
     storep t4, VM::topEntryFrame[t5]
+    loadp VMEntryRecord::m_prevTopVMEntryFrame[sp], t4
+    storep t4, VM::topVMEntryFrame[t5]
     if ARMv7
 …
     loadp VMEntryRecord::m_prevTopCallFrame[sp], t5
     storep t5, VM::topCallFrame[t3]
     loadp VMEntryRecord::m_prevTopEntryFrame[sp], t5
     storep t5, VM::topEntryFrame[t3]
+    loadp VMEntryRecord::m_prevTopVMEntryFrame[sp], t5
+    storep t5, VM::topVMEntryFrame[t3]
     if ARMv7

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

-              r222791
+              r223002
     loadp VM::topCallFrame[vm], t4
     storep t4, VMEntryRecord::m_prevTopCallFrame[sp]
     loadp VM::topEntryFrame[vm], t4
     storep t4, VMEntryRecord::m_prevTopEntryFrame[sp]
+    loadp VM::topVMEntryFrame[vm], t4
+    storep t4, VMEntryRecord::m_prevTopVMEntryFrame[sp]
     loadi ProtoCallFrame::paddedArgCount[protoCallFrame], t4
 …
     loadp VMEntryRecord::m_prevTopCallFrame[t4], extraTempReg
     storep extraTempReg, VM::topCallFrame[vm]
     loadp VMEntryRecord::m_prevTopEntryFrame[t4], extraTempReg
     storep extraTempReg, VM::topEntryFrame[vm]
+    loadp VMEntryRecord::m_prevTopVMEntryFrame[t4], extraTempReg
+    storep extraTempReg, VM::topVMEntryFrame[vm]
     subp cfr, CalleeRegisterSaveSize, sp
 …
         storep sp, VM::topCallFrame[vm]
     end
     storep cfr, VM::topEntryFrame[vm]
+    storep cfr, VM::topVMEntryFrame[vm]
     checkStackPointerAlignment(extraTempReg, 0xbad0dc02)
 …
     loadp VMEntryRecord::m_prevTopCallFrame[t4], t2
     storep t2, VM::topCallFrame[vm]
     loadp VMEntryRecord::m_prevTopEntryFrame[t4], t2
     storep t2, VM::topEntryFrame[vm]
+    loadp VMEntryRecord::m_prevTopVMEntryFrame[t4], t2
+    storep t2, VM::topVMEntryFrame[vm]
     subp cfr, CalleeRegisterSaveSize, sp
 …
 end
 _handleUncaughtException:
     loadp Callee[cfr], t3
 …
     loadp VMEntryRecord::m_prevTopCallFrame[t2], extraTempReg
     storep extraTempReg, VM::topCallFrame[t3]
     loadp VMEntryRecord::m_prevTopEntryFrame[t2], extraTempReg
     storep extraTempReg, VM::topEntryFrame[t3]
+    loadp VMEntryRecord::m_prevTopVMEntryFrame[t2], extraTempReg
+    storep extraTempReg, VM::topVMEntryFrame[t3]
     subp cfr, CalleeRegisterSaveSize, sp

trunk/Source/JavaScriptCore/runtime/Options.cpp

r222925	r223002
407	407
408	408	if (!Options::useWebAssembly())
409		Options::use~~FastTLSForWasmContext~~() = false;
	409	Options::useWebAssemblyFastTLS() = false;
410	410
411	411	if (Options::dumpDisassembly()

trunk/Source/JavaScriptCore/runtime/Options.h

-              r222871
+              r223002
     v(bool, crashIfWebAssemblyCantFastMemory, false, Normal, "If true, we will crash if we can't obtain fast memory for wasm.") \
     v(unsigned, maxNumWebAssemblyFastMemories, 4, Normal, nullptr) \
+    v(bool, useFastTLSForWasmContext, true, Normal, "If true, we will store context in fast TLS. If false, we will pin it to a register.") \
+    v(bool, useWebAssemblyFastTLS, true, Normal, "If true, we will try to use fast thread-local storage if available on the current platform.") \
+    v(bool, useFastTLSForWasmContext, true, Normal, "If true (and fast TLS is enabled), we will store context in fast TLS. If false, we will pin it to a register.") \
     v(bool, useCallICsForWebAssemblyToJSCalls, true, Normal, "If true, we will use CallLinkInfo to inline cache Wasm to JS calls.") \
     v(bool, useObjectRestSpread, true, Normal, "If true, we will enable Object Rest/Spread feature.") \

trunk/Source/JavaScriptCore/runtime/SamplingProfiler.cpp

-              r222791
+              r223002
         : m_vm(vm)
         , m_callFrame(callFrame)
         , m_entryFrame(vm.topEntryFrame)
+        , m_vmEntryFrame(vm.topVMEntryFrame)
         , m_codeBlockSetLocker(codeBlockSetLocker)
         , m_machineThreadsLocker(machineThreadsLocker)
 …
     void advanceToParentFrame()
+    {
         m_callFrame = m_callFrame->unsafeCallerFrame(m_entryFrame);
+        m_callFrame = m_callFrame->unsafeCallerFrame(m_vmEntryFrame);
+    }
 …
     VM& m_vm;
     ExecState* m_callFrame;
     EntryFrame* m_entryFrame;
+    VMEntryFrame* m_vmEntryFrame;
     const AbstractLocker& m_codeBlockSetLocker;
     const AbstractLocker& m_machineThreadsLocker;
 …
                 // This might also be false for various reasons (known and unknown), even though
                 // it's super unlikely. One reason that this can be false is when we throw from a DFG frame,
                 // and we end up having to unwind past an EntryFrame, we will end up executing
+                // and we end up having to unwind past a VMEntryFrame, we will end up executing
                 // inside the LLInt's handleUncaughtException. So we just protect against this
                 // by ignoring it.

trunk/Source/JavaScriptCore/runtime/ThrowScope.cpp

-              r222791
+              r223002
 /*
  * Copyright (C) 2016-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
     bool willBeHandleByLLIntOrJIT = false;
     void* previousScope = m_previousScope;
     void* topEntryFrame = m_vm.topEntryFrame;
+    void* topVMEntryFrame = m_vm.topVMEntryFrame;
     // If the topEntryFrame was pushed on the stack after the previousScope was instantiated,
+    // If the topVMEntryFrame was pushed on the stack after the previousScope was instantiated,
     // then this throwScope will be returning to LLINT or JIT code that always do an exception
     // check. In that case, skip the simulated throw because the LLInt and JIT will be
     // checking for the exception their own way instead of calling ThrowScope::exception().
     if (topEntryFrame && previousScope > topEntryFrame)
+    if (topVMEntryFrame && previousScope > topVMEntryFrame)
         willBeHandleByLLIntOrJIT = true;

trunk/Source/JavaScriptCore/runtime/VM.cpp

-              r222791
+              r223002
     , vmType(vmType)
     , clientData(0)
     , topEntryFrame(nullptr)
+    , topVMEntryFrame(nullptr)
     , topCallFrame(CallFrame::noCaller())
     , promiseDeferredTimer(std::make_unique<PromiseDeferredTimer>(*this))
 …
 #if ENABLE(WEBASSEMBLY)
     if (Wasm::existingWorklistOrNull())
         Wasm::ensureWorklist().stopAllPlansForContext(wasmContext);
+        Wasm::ensureWorklist().stopAllPlansForVM(*this);
 #endif
     if (UNLIKELY(m_watchdog))

trunk/Source/JavaScriptCore/runtime/VM.h

-              r222791
+              r223002
 #include "VMEntryRecord.h"
 #include "VMTraps.h"
-#include "WasmContext.h"
 #include "Watchpoint.h"
 #include <wtf/BumpPointerAllocator.h>
 …
     VMType vmType;
     ClientData* clientData;
     EntryFrame* topEntryFrame;
+    VMEntryFrame* topVMEntryFrame;
     // NOTE: When throwing an exception while rolling back the call frame, this may be equal to
     // topEntryFrame.
+    // topVMEntryFrame.
     // FIXME: This should be a void*, because it might not point to a CallFrame.
     // https://bugs.webkit.org/show_bug.cgi?id=160441
     ExecState* topCallFrame { nullptr };
+#if ENABLE(WEBASSEMBLY)
+    Wasm::Context wasmContext;
+#endif
+    // FIXME: Save this state elsewhere to allow PIC. https://bugs.webkit.org/show_bug.cgi?id=169773
+    JSWebAssemblyInstance* wasmContext { nullptr };
     Strong<Structure> structureStructure;
     Strong<Structure> structureRareDataStructure;
 …
+    }
     static ptrdiff_t topEntryFrameOffset()
+    {
         return OBJECT_OFFSETOF(VM, topEntryFrame);
+    static ptrdiff_t topVMEntryFrameOffset()
+    {
+        return OBJECT_OFFSETOF(VM, topVMEntryFrame);
+    }

trunk/Source/JavaScriptCore/runtime/VMTraps.cpp

-              r222791
+              r223002
+}
 static bool isSaneFrame(CallFrame* frame, CallFrame* calleeFrame, EntryFrame* entryFrame, StackBounds stackBounds)
+static bool isSaneFrame(CallFrame* frame, CallFrame* calleeFrame, VMEntryFrame* entryFrame, StackBounds stackBounds)
+{
     if (reinterpret_cast<void*>(frame) >= reinterpret_cast<void*>(entryFrame))
 …
     CodeBlock* foundCodeBlock = nullptr;
     EntryFrame* entryFrame = vm.topEntryFrame;
+    VMEntryFrame* vmEntryFrame = vm.topVMEntryFrame;
     // We don't have a callee to start with. So, use the end of the stack to keep the
 …
     CallFrame* calleeFrame = reinterpret_cast<CallFrame*>(stackBounds.end());
     if (!entryFrame || !callFrame)
+    if (!vmEntryFrame || !callFrame)
         return; // Not running JS code. Let the SignalSender try again later.
     do {
         if (!isSaneFrame(callFrame, calleeFrame, entryFrame, stackBounds))
+        if (!isSaneFrame(callFrame, calleeFrame, vmEntryFrame, stackBounds))
             return; // Let the SignalSender try again later.
 …
         calleeFrame = callFrame;
         callFrame = callFrame->callerFrame(entryFrame);
     } while (callFrame && entryFrame);
+        callFrame = callFrame->callerFrame(vmEntryFrame);
+    } while (callFrame && vmEntryFrame);
     if (!foundCodeBlock) {
 …
     m_needToInvalidatedCodeBlocks = false;
     EntryFrame* entryFrame = vm().topEntryFrame;
+    VMEntryFrame* vmEntryFrame = vm().topVMEntryFrame;
     CallFrame* callFrame = topCallFrame;
     if (!entryFrame)
+    if (!vmEntryFrame)
         return; // Not running JS code. Nothing to invalidate.
 …
         if (codeBlock && JITCode::isOptimizingJIT(codeBlock->jitType()))
             codeBlock->jettison(Profiler::JettisonDueToVMTraps);
         callFrame = callFrame->callerFrame(entryFrame);
+        callFrame = callFrame->callerFrame(vmEntryFrame);
+    }
+}

trunk/Source/JavaScriptCore/wasm/JSWebAssembly.h

-              r223001
+              r223002
 #include "JSObject.h"
 #include "JSWebAssemblyCompileError.h"
 #include "JSWebAssemblyInstance.h"
 #include "JSWebAssemblyLinkError.h"
 #include "JSWebAssemblyMemory.h"
 #include "JSWebAssemblyModule.h"
 #include "JSWebAssemblyRuntimeError.h"
 #include "JSWebAssemblyTable.h"
 #include "WebAssemblyCompileErrorConstructor.h"
 #include "WebAssemblyCompileErrorPrototype.h"
 #include "WebAssemblyFunction.h"
 #include "WebAssemblyInstanceConstructor.h"
 #include "WebAssemblyInstancePrototype.h"
 #include "WebAssemblyLinkErrorConstructor.h"
 #include "WebAssemblyLinkErrorPrototype.h"
 #include "WebAssemblyMemoryConstructor.h"
 #include "WebAssemblyMemoryPrototype.h"
 #include "WebAssemblyModuleConstructor.h"
 #include "WebAssemblyModulePrototype.h"
 #include "WebAssemblyModuleRecord.h"
 #include "WebAssemblyPrototype.h"
 #include "WebAssemblyRuntimeErrorConstructor.h"
 #include "WebAssemblyRuntimeErrorPrototype.h"
 #include "WebAssemblyTableConstructor.h"
 #include "WebAssemblyTablePrototype.h"
 #include "WebAssemblyToJSCallee.h"
+#include "js/JSWebAssemblyCompileError.h"
+#include "js/JSWebAssemblyInstance.h"
+#include "js/JSWebAssemblyLinkError.h"
+#include "js/JSWebAssemblyMemory.h"
+#include "js/JSWebAssemblyModule.h"
+#include "js/JSWebAssemblyRuntimeError.h"
+#include "js/JSWebAssemblyTable.h"
+#include "js/WebAssemblyCompileErrorConstructor.h"
+#include "js/WebAssemblyCompileErrorPrototype.h"
+#include "js/WebAssemblyFunction.h"
+#include "js/WebAssemblyInstanceConstructor.h"
+#include "js/WebAssemblyInstancePrototype.h"
+#include "js/WebAssemblyLinkErrorConstructor.h"
+#include "js/WebAssemblyLinkErrorPrototype.h"
+#include "js/WebAssemblyMemoryConstructor.h"
+#include "js/WebAssemblyMemoryPrototype.h"
+#include "js/WebAssemblyModuleConstructor.h"
+#include "js/WebAssemblyModulePrototype.h"
+#include "js/WebAssemblyModuleRecord.h"
+#include "js/WebAssemblyPrototype.h"
+#include "js/WebAssemblyRuntimeErrorConstructor.h"
+#include "js/WebAssemblyRuntimeErrorPrototype.h"
+#include "js/WebAssemblyTableConstructor.h"
+#include "js/WebAssemblyTablePrototype.h"
+#include "js/WebAssemblyToJSCallee.h"
 namespace JSC {

trunk/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp

-              r222878
+              r223002
 #include "JSCInlines.h"
 #include "JSWebAssemblyInstance.h"
+#include "JSWebAssemblyModule.h"
+#include "JSWebAssemblyRuntimeError.h"
 #include "ScratchRegisterAllocator.h"
 #include "VirtualRegister.h"
 …
     } while (0)
     B3IRGenerator(const ModuleInformation&, Procedure&, InternalFunction*, Vector<UnlinkedWasmToWasmCall>&, MemoryMode, CompilationMode, unsigned functionIndex, TierUpCount*, ThrowWasmException);
+    B3IRGenerator(const ModuleInformation&, Procedure&, InternalFunction*, Vector<UnlinkedWasmToWasmCall>&, MemoryMode, CompilationMode, unsigned functionIndex, TierUpCount*);
     PartialResult WARN_UNUSED_RETURN addArguments(const Signature&);
 …
     int32_t WARN_UNUSED_RETURN fixupPointerPlusOffset(ExpressionType&, uint32_t);
     void restoreWasmContextInstance(Procedure&, BasicBlock*, Value*);
+    void restoreWasmContext(Procedure&, BasicBlock*, Value*);
     void restoreWebAssemblyGlobalState(const MemoryInformation&, Value* instance, Procedure&, BasicBlock*);
 …
     GPRReg m_memoryBaseGPR { InvalidGPRReg };
     GPRReg m_memorySizeGPR { InvalidGPRReg };
     GPRReg m_wasmContextInstanceGPR { InvalidGPRReg };
+    GPRReg m_wasmContextGPR { InvalidGPRReg };
     bool m_makesCalls { false };
 …
+}
 void B3IRGenerator::restoreWasmContextInstance(Procedure& proc, BasicBlock* block, Value* arg)
+{
     if (Context::useFastTLS()) {
+void B3IRGenerator::restoreWasmContext(Procedure& proc, BasicBlock* block, Value* arg)
+{
+    if (useFastTLSForContext()) {
         PatchpointValue* patchpoint = block->appendNew<PatchpointValue>(proc, B3::Void, Origin());
         if (CCallHelpers::storeWasmContextInstanceNeedsMacroScratchRegister())
+        if (CCallHelpers::storeWasmContextNeedsMacroScratchRegister())
             patchpoint->clobber(RegisterSet::macroScratchRegisters());
         patchpoint->append(ConstrainedValue(arg, ValueRep::SomeRegister));
         patchpoint->setGenerator(
             [=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
                 AllowMacroScratchRegisterUsageIf allowScratch(jit, CCallHelpers::storeWasmContextInstanceNeedsMacroScratchRegister());
                 jit.storeWasmContextInstance(params[0].gpr());
+                AllowMacroScratchRegisterUsageIf allowScratch(jit, CCallHelpers::storeWasmContextNeedsMacroScratchRegister());
+                jit.storeWasmContext(params[0].gpr());
             });
         return;
+    }
     // FIXME: Because WasmToWasm call clobbers wasmContextInstance register and does not restore it, we need to restore it in the caller side.
+    // FIXME: Because WasmToWasm call clobbers wasmContext register and does not restore it, we need to restore it in the caller side.
     // This prevents us from using ArgumentReg to this (logically) immutable pinned register.
     PatchpointValue* patchpoint = block->appendNew<PatchpointValue>(proc, B3::Void, Origin());
 …
     effects.reads = B3::HeapRange::top();
     patchpoint->effects = effects;
     patchpoint->clobberLate(RegisterSet(m_wasmContextInstanceGPR));
+    patchpoint->clobberLate(RegisterSet(m_wasmContextGPR));
     patchpoint->append(instanceValue(), ValueRep::SomeRegister);
     GPRReg wasmContextInstanceGPR = m_wasmContextInstanceGPR;
+    GPRReg wasmContextGPR = m_wasmContextGPR;
     patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& param) {
         jit.move(param[0].gpr(), wasmContextInstanceGPR);
     });
+}
 B3IRGenerator::B3IRGenerator(const ModuleInformation& info, Procedure& procedure, InternalFunction* compilation, Vector<UnlinkedWasmToWasmCall>& unlinkedWasmToWasmCalls, MemoryMode mode, CompilationMode compilationMode, unsigned functionIndex, TierUpCount* tierUp, ThrowWasmException throwWasmException)
+        jit.move(param[0].gpr(), wasmContextGPR);
+    });
+}
+B3IRGenerator::B3IRGenerator(const ModuleInformation& info, Procedure& procedure, InternalFunction* compilation, Vector<UnlinkedWasmToWasmCall>& unlinkedWasmToWasmCalls, MemoryMode mode, CompilationMode compilationMode, unsigned functionIndex, TierUpCount* tierUp)
     : m_info(info)
     , m_mode(mode)
 …
     m_proc.pinRegister(m_memoryBaseGPR);
     m_wasmContextInstanceGPR = pinnedRegs.wasmContextInstancePointer;
     if (!Context::useFastTLS())
         m_proc.pinRegister(m_wasmContextInstanceGPR);
+    m_wasmContextGPR = pinnedRegs.wasmContextPointer;
+    if (!useFastTLSForContext())
+        m_proc.pinRegister(m_wasmContextGPR);
     if (mode != MemoryMode::Signaling) {
 …
             m_proc.pinRegister(regInfo.sizeRegister);
+    }
-    if (throwWasmException)
-        Thunks::singleton().setThrowWasmException(throwWasmException);
     if (info.memory) {
 …
             this->emitExceptionCheck(jit, ExceptionType::OutOfBoundsMemoryAccess);
         });
-        switch (m_mode) {
-        case MemoryMode::BoundsChecking:
-            break;
-        case MemoryMode::Signaling:
-            // Most memory accesses in signaling mode don't do an explicit
-            // exception check because they can rely on fault handling to detect
-            // out-of-bounds accesses. FaultSignalHandler nonetheless needs the
-            // thunk to exist so that it can jump to that thunk.
-            if (UNLIKELY(!Thunks::singleton().stub(throwExceptionFromWasmThunkGenerator)))
-                CRASH();
-            break;
+        }
+    }
 …
         stackOverflowCheck->appendSomeRegister(framePointer);
         stackOverflowCheck->clobber(RegisterSet::macroScratchRegisters());
         if (!Context::useFastTLS()) {
             // FIXME: Because WasmToWasm call clobbers wasmContextInstance register and does not restore it, we need to restore it in the caller side.
+        if (!useFastTLSForContext()) {
+            // FIXME: Because WasmToWasm call clobbers wasmContext register and does not restore it, we need to restore it in the caller side.
             // This prevents us from using ArgumentReg to this (logically) immutable pinned register.
             stackOverflowCheck->effects.writesPinned = false;
             stackOverflowCheck->effects.readsPinned = true;
             stackOverflowCheck->resultConstraint = ValueRep::reg(m_wasmContextInstanceGPR);
+            stackOverflowCheck->resultConstraint = ValueRep::reg(m_wasmContextGPR);
+        }
         stackOverflowCheck->numGPScratchRegisters = 2;
 …
             bool needsOverflowCheck = m_makesCalls || wasmFrameSize >= minimumParentCheckSize || needUnderflowCheck;
             GPRReg contextInstance = Context::useFastTLS() ? params[0].gpr() : m_wasmContextInstanceGPR;
+            GPRReg context = useFastTLSForContext() ? params[0].gpr() : m_wasmContextGPR;
             // This allows leaf functions to not do stack checks if their frame size is within
 …
                 GPRReg scratch2 = params.gpScratch(1);
                 if (Context::useFastTLS())
                     jit.loadWasmContextInstance(contextInstance);
                 jit.loadPtr(CCallHelpers::Address(contextInstance, JSWebAssemblyInstance::offsetOfCachedStackLimit()), scratch2);
+                if (useFastTLSForContext())
+                    jit.loadWasmContext(context);
+                jit.loadPtr(CCallHelpers::Address(context, Context::offsetOfCachedStackLimit()), scratch2);
                 jit.addPtr(CCallHelpers::TrustedImm32(-checkSize), fp, scratch1);
                 MacroAssembler::JumpList overflow;
 …
                     linkBuffer.link(overflow, CodeLocationLabel(Thunks::singleton().stub(throwStackOverflowFromWasmThunkGenerator).code()));
                 });
             } else if (m_usesInstanceValue && Context::useFastTLS()) {
+            } else if (m_usesInstanceValue && useFastTLSForContext()) {
                 // No overflow check is needed, but the instance values still needs to be correct.
                 AllowMacroScratchRegisterUsageIf allowScratch(jit, CCallHelpers::loadWasmContextInstanceNeedsMacroScratchRegister());
                 jit.loadWasmContextInstance(contextInstance);
+                AllowMacroScratchRegisterUsageIf allowScratch(jit, CCallHelpers::loadWasmContextNeedsMacroScratchRegister());
+                jit.loadWasmContext(context);
             } else {
                 // We said we'd return a pointer. We don't actually need to because it isn't used, but the patchpoint conservatively said it had effects (potential stack check) which prevent it from getting removed.
 …
 void B3IRGenerator::restoreWebAssemblyGlobalState(const MemoryInformation& memory, Value* instance, Procedure& proc, BasicBlock* block)
+{
     restoreWasmContextInstance(proc, block, instance);
+    restoreWasmContext(proc, block, instance);
     if (!!memory) {
 …
         patchpoint->setGenerator([pinnedRegs] (CCallHelpers& jit, const B3::StackmapGenerationParams& params) {
             GPRReg baseMemory = pinnedRegs->baseMemoryPointer;
             jit.loadPtr(CCallHelpers::Address(params[0].gpr(), JSWebAssemblyInstance::offsetOfWasmMemory()), baseMemory);
+            jit.loadPtr(CCallHelpers::Address(params[0].gpr(), JSWebAssemblyInstance::offsetOfMemory()), baseMemory);
             const auto& sizeRegs = pinnedRegs->sizeRegisters;
             ASSERT(sizeRegs.size() >= 1);
             ASSERT(!sizeRegs[0].sizeOffset); // The following code assumes we start at 0, and calculates subsequent size registers relative to 0.
             jit.loadPtr(CCallHelpers::Address(baseMemory, Memory::offsetOfSize()), sizeRegs[0].sizeRegister);
             jit.loadPtr(CCallHelpers::Address(baseMemory, Memory::offsetOfMemory()), baseMemory);
+            jit.loadPtr(CCallHelpers::Address(baseMemory, JSWebAssemblyMemory::offsetOfSize()), sizeRegs[0].sizeRegister);
+            jit.loadPtr(CCallHelpers::Address(baseMemory, JSWebAssemblyMemory::offsetOfMemory()), baseMemory);
             for (unsigned i = 1; i < sizeRegs.size(); ++i)
                 jit.add64(CCallHelpers::TrustedImm32(-sizeRegs[i].sizeOffset), sizeRegs[0].sizeRegister, sizeRegs[i].sizeRegister);
 …
 auto B3IRGenerator::addGrowMemory(ExpressionType delta, ExpressionType& result) -> PartialResult
+{
+    int32_t (*growMemory)(JSWebAssemblyInstance*, int32_t) = [] (JSWebAssemblyInstance* instance, int32_t delta) -> int32_t {
+    int32_t (*growMemory) (Context*, int32_t) = [] (Context* wasmContext, int32_t delta) -> int32_t {
+        VM& vm = *wasmContext->vm();
+        auto scope = DECLARE_THROW_SCOPE(vm);
+        JSWebAssemblyMemory* wasmMemory = wasmContext->memory();
         if (delta < 0)
             return -1;
+        auto grown = instance->internalMemory().grow(PageCount(delta));
+        if (!grown) {
+            switch (grown.error()) {
+            case Memory::GrowFailReason::InvalidDelta:
+            case Memory::GrowFailReason::InvalidGrowSize:
+            case Memory::GrowFailReason::WouldExceedMaximum:
+            case Memory::GrowFailReason::OutOfMemory:
+                return -1;
+            }
+        }
+        return grown.value().pageCount();
+        bool shouldThrowExceptionsOnFailure = false;
+        // grow() does not require ExecState* if it doesn't throw exceptions.
+        ExecState* exec = nullptr;
+        PageCount result = wasmMemory->grow(vm, exec, static_cast<uint32_t>(delta), shouldThrowExceptionsOnFailure);
+        scope.releaseAssertNoException();
+        if (!result)
+            return -1;
+        return result.pageCount();
     };
 …
 auto B3IRGenerator::addCurrentMemory(ExpressionType& result) -> PartialResult
+{
     Value* memoryObject = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(JSWebAssemblyInstance::offsetOfWasmMemory()));
     static_assert(sizeof(decltype(static_cast<Memory*>(nullptr)->size())) == sizeof(uint64_t), "codegen relies on this size");
     Value* size = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, Int64, origin(), memoryObject, safeCast<int32_t>(Memory::offsetOfSize()));
+    Value* memoryObject = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(JSWebAssemblyInstance::offsetOfMemory()));
+    static_assert(sizeof(decltype(static_cast<JSWebAssemblyInstance*>(nullptr)->memory()->memory().size())) == sizeof(uint64_t), "codegen relies on this size");
+    Value* size = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, Int64, origin(), memoryObject, safeCast<int32_t>(JSWebAssemblyMemory::offsetOfSize()));
     constexpr uint32_t shiftValue = 16;
     static_assert(PageCount::pageSize == 1ull << shiftValue, "This must hold for the code below to be correct.");
+    static_assert(PageCount::pageSize == 1 << shiftValue, "This must hold for the code below to be correct.");
     Value* numPages = m_currentBlock->appendNew<Value>(m_proc, ZShr, origin(),
         size, m_currentBlock->appendNew<Const32Value>(m_proc, origin(), shiftValue));
 …
         // FIXME imports can be linked here, instead of generating a patchpoint, because all import stubs are generated before B3 compilation starts. https://bugs.webkit.org/show_bug.cgi?id=166462
+        Value* targetInstance = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(JSWebAssemblyInstance::offsetOfTargetInstance(functionIndex)));
+        Value* isWasmCall = m_currentBlock->appendNew<Value>(m_proc, NotEqual, origin(), targetInstance, m_currentBlock->appendNew<Const64Value>(m_proc, origin(), 0));
+        Value* functionImport = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(JSWebAssemblyInstance::offsetOfImportFunction(functionIndex)));
+        Value* jsTypeOfImport = m_currentBlock->appendNew<MemoryValue>(m_proc, Load8Z, origin(), functionImport, safeCast<int32_t>(JSCell::typeInfoTypeOffset()));
+        Value* isWasmCall = m_currentBlock->appendNew<Value>(m_proc, Equal, origin(), jsTypeOfImport, m_currentBlock->appendNew<Const32Value>(m_proc, origin(), WebAssemblyFunctionType));
         BasicBlock* isWasmBlock = m_proc.addBlock();
         BasicBlock* isEmbedderBlock = m_proc.addBlock();
+        BasicBlock* isJSBlock = m_proc.addBlock();
         BasicBlock* continuation = m_proc.addBlock();
         m_currentBlock->appendNewControlValue(m_proc, B3::Branch, origin(), isWasmCall, FrequentedBlock(isWasmBlock), FrequentedBlock(isEmbedderBlock));
+        m_currentBlock->appendNewControlValue(m_proc, B3::Branch, origin(), isWasmCall, FrequentedBlock(isWasmBlock), FrequentedBlock(isJSBlock));
         Value* wasmCallResult = wasmCallingConvention().setupCall(m_proc, isWasmBlock, origin(), args, toB3Type(returnType),
 …
         isWasmBlock->appendNewControlValue(m_proc, Jump, origin(), continuation);
         // FIXME: Let's remove this indirection by creating a PIC friendly IC
+        // FIXME: Lets remove this indirection by creating a PIC friendly IC
         // for calls out to JS. This shouldn't be that hard to do. We could probably
         // implement the IC to be over Context*.
+        // implement the IC to be over Wasm::Context*.
         // https://bugs.webkit.org/show_bug.cgi?id=170375
         Value* codeBlock = isEmbedderBlock->appendNew<MemoryValue>(m_proc,
             Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(JSWebAssemblyInstance::offsetOfWasmCodeBlock()));
         Value* jumpDestination = isEmbedderBlock->appendNew<MemoryValue>(m_proc,
             Load, pointerType(), origin(), codeBlock, safeCast<int32_t>(CodeBlock::offsetOfImportWasmToEmbedderStub(functionIndex)));
         Value* embedderCallResult = wasmCallingConvention().setupCall(m_proc, isEmbedderBlock, origin(), args, toB3Type(returnType),
+        Value* codeBlock = isJSBlock->appendNew<MemoryValue>(m_proc,
+            Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(JSWebAssemblyInstance::offsetOfCodeBlock()));
+        Value* jumpDestination = isJSBlock->appendNew<MemoryValue>(m_proc,
+            Load, pointerType(), origin(), codeBlock, safeCast<int32_t>(JSWebAssemblyCodeBlock::offsetOfImportWasmToJSStub(functionIndex)));
+        Value* jsCallResult = wasmCallingConvention().setupCall(m_proc, isJSBlock, origin(), args, toB3Type(returnType),
             [&] (PatchpointValue* patchpoint) {
                 patchpoint->effects.writesPinned = true;
 …
                 });
             });
         UpsilonValue* embedderCallResultUpsilon = returnType == Void ? nullptr : isEmbedderBlock->appendNew<UpsilonValue>(m_proc, origin(), embedderCallResult);
         isEmbedderBlock->appendNewControlValue(m_proc, Jump, origin(), continuation);
+        UpsilonValue* jsCallResultUpsilon = returnType == Void ? nullptr : isJSBlock->appendNew<UpsilonValue>(m_proc, origin(), jsCallResult);
+        isJSBlock->appendNewControlValue(m_proc, Jump, origin(), continuation);
         m_currentBlock = continuation;
 …
             result = continuation->appendNew<Value>(m_proc, Phi, toB3Type(returnType), origin());
             wasmCallResultUpsilon->setPhi(result);
             embedderCallResultUpsilon->setPhi(result);
+            jsCallResultUpsilon->setPhi(result);
+        }
 …
     ExpressionType callableFunctionBuffer;
     ExpressionType instancesBuffer;
+    ExpressionType jsFunctionBuffer;
     ExpressionType callableFunctionBufferSize;
+    {
         ExpressionType table = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(),
             instanceValue(), safeCast<int32_t>(JSWebAssemblyInstance::offsetOfWasmTable()));
+            instanceValue(), safeCast<int32_t>(JSWebAssemblyInstance::offsetOfTable()));
         callableFunctionBuffer = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(),
             table, safeCast<int32_t>(Table::offsetOfFunctions()));
         instancesBuffer = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(),
             table, safeCast<int32_t>(Table::offsetOfInstances()));
+            table, safeCast<int32_t>(JSWebAssemblyTable::offsetOfFunctions()));
+        jsFunctionBuffer = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(),
+            table, safeCast<int32_t>(JSWebAssemblyTable::offsetOfJSFunctions()));
         callableFunctionBufferSize = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, Int32, origin(),
             table, safeCast<int32_t>(Table::offsetOfSize()));
+            table, safeCast<int32_t>(JSWebAssemblyTable::offsetOfSize()));
+    }
 …
     // Check that the CallableFunction is initialized. We trap if it isn't. An "invalid" SignatureIndex indicates it's not initialized.
-    // FIXME: when we have trap handlers, we can just let the call fail because Signature::invalidIndex is 0. https://bugs.webkit.org/show_bug.cgi?id=177210
     static_assert(sizeof(CallableFunction::signatureIndex) == sizeof(uint32_t), "Load codegen assumes i32");
     ExpressionType calleeSignatureIndex = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, Int32, origin(), callableFunction, safeCast<int32_t>(OBJECT_OFFSETOF(CallableFunction, signatureIndex)));
 …
         Value* offset = m_currentBlock->appendNew<Value>(m_proc, Mul, origin(),
             m_currentBlock->appendNew<Value>(m_proc, ZExt32, origin(), calleeIndex),
             constant(pointerType(), sizeof(Instance*)));
         Value* newContextInstance = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(),
             m_currentBlock->appendNew<Value>(m_proc, Add, origin(), instancesBuffer, offset));
+            constant(pointerType(), sizeof(WriteBarrier<JSObject>)));
+        Value* jsObject = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(),
+            m_currentBlock->appendNew<Value>(m_proc, Add, origin(), jsFunctionBuffer, offset));
         BasicBlock* continuation = m_proc.addBlock();
         BasicBlock* doContextSwitch = m_proc.addBlock();
+        Value* isSameContextInstance = m_currentBlock->appendNew<Value>(m_proc, Equal, origin(),
+            newContextInstance, instanceValue());
+        Value* newContext = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(),
+            jsObject, safeCast<int32_t>(WebAssemblyFunctionBase::offsetOfInstance()));
+        Value* isSameContext = m_currentBlock->appendNew<Value>(m_proc, Equal, origin(),
+            newContext, instanceValue());
         m_currentBlock->appendNewControlValue(m_proc, B3::Branch, origin(),
             isSameContextInstance, FrequentedBlock(continuation), FrequentedBlock(doContextSwitch));
+            isSameContext, FrequentedBlock(continuation), FrequentedBlock(doContextSwitch));
         PatchpointValue* patchpoint = doContextSwitch->appendNew<PatchpointValue>(m_proc, B3::Void, origin());
 …
         patchpoint->clobber(PinnedRegisterInfo::get().toSave(MemoryMode::BoundsChecking));
         patchpoint->clobber(RegisterSet::macroScratchRegisters());
         patchpoint->append(newContextInstance, ValueRep::SomeRegister);
+        patchpoint->append(newContext, ValueRep::SomeRegister);
         patchpoint->append(instanceValue(), ValueRep::SomeRegister);
         patchpoint->setGenerator([=] (CCallHelpers& jit, const B3::StackmapGenerationParams& params) {
             AllowMacroScratchRegisterUsage allowScratch(jit);
             GPRReg newContextInstance = params[0].gpr();
             GPRReg oldContextInstance = params[1].gpr();
+            GPRReg newContext = params[0].gpr();
+            GPRReg oldContext = params[1].gpr();
             const PinnedRegisterInfo& pinnedRegs = PinnedRegisterInfo::get();
             const auto& sizeRegs = pinnedRegs.sizeRegisters;
             GPRReg baseMemory = pinnedRegs.baseMemoryPointer;
             ASSERT(newContextInstance != baseMemory);
             jit.loadPtr(CCallHelpers::Address(oldContextInstance, JSWebAssemblyInstance::offsetOfCachedStackLimit()), baseMemory);
             jit.storePtr(baseMemory, CCallHelpers::Address(newContextInstance, JSWebAssemblyInstance::offsetOfCachedStackLimit()));
             jit.storeWasmContextInstance(newContextInstance);
             jit.loadPtr(CCallHelpers::Address(newContextInstance, JSWebAssemblyInstance::offsetOfWasmMemory()), baseMemory); // Memory*.
+            ASSERT(newContext != baseMemory);
+            jit.loadPtr(CCallHelpers::Address(oldContext, Context::offsetOfCachedStackLimit()), baseMemory);
+            jit.storePtr(baseMemory, CCallHelpers::Address(newContext, Context::offsetOfCachedStackLimit()));
+            jit.storeWasmContext(newContext);
+            jit.loadPtr(CCallHelpers::Address(newContext, Context::offsetOfMemory()), baseMemory); // JSWebAssemblyMemory*.
             ASSERT(sizeRegs.size() == 1);
             ASSERT(sizeRegs[0].sizeRegister != baseMemory);
             ASSERT(sizeRegs[0].sizeRegister != newContextInstance);
+            ASSERT(sizeRegs[0].sizeRegister != newContext);
             ASSERT(!sizeRegs[0].sizeOffset);
             jit.loadPtr(CCallHelpers::Address(baseMemory, Memory::offsetOfSize()), sizeRegs[0].sizeRegister); // Memory size.
             jit.loadPtr(CCallHelpers::Address(baseMemory, Memory::offsetOfMemory()), baseMemory); // Memory::void*.
+            jit.loadPtr(CCallHelpers::Address(baseMemory, JSWebAssemblyMemory::offsetOfSize()), sizeRegs[0].sizeRegister); // Memory size.
+            jit.loadPtr(CCallHelpers::Address(baseMemory, JSWebAssemblyMemory::offsetOfMemory()), baseMemory); // WasmMemory::void*.
         });
         doContextSwitch->appendNewControlValue(m_proc, Jump, origin(), continuation);
 …
+}
+std::unique_ptr<InternalFunction> createJSToWasmWrapper(CompilationContext& compilationContext, const Signature& signature, Vector<UnlinkedWasmToWasmCall>* unlinkedWasmToWasmCalls, const ModuleInformation& info, MemoryMode mode, unsigned functionIndex)
+{
+    CCallHelpers& jit = *compilationContext.jsEntrypointJIT;
+    auto result = std::make_unique<InternalFunction>();
+    jit.emitFunctionPrologue();
+    // FIXME Stop using 0 as codeBlocks. https://bugs.webkit.org/show_bug.cgi?id=165321
+    jit.store64(CCallHelpers::TrustedImm64(0), CCallHelpers::Address(GPRInfo::callFrameRegister, CallFrameSlot::codeBlock * static_cast<int>(sizeof(Register))));
+    MacroAssembler::DataLabelPtr calleeMoveLocation = jit.moveWithPatch(MacroAssembler::TrustedImmPtr(nullptr), GPRInfo::nonPreservedNonReturnGPR);
+    jit.storePtr(GPRInfo::nonPreservedNonReturnGPR, CCallHelpers::Address(GPRInfo::callFrameRegister, CallFrameSlot::callee * static_cast<int>(sizeof(Register))));
+    CodeLocationDataLabelPtr* linkedCalleeMove = &result->calleeMoveLocation;
+    jit.addLinkTask([=] (LinkBuffer& linkBuffer) {
+        *linkedCalleeMove = linkBuffer.locationOf(calleeMoveLocation);
+    });
+    const PinnedRegisterInfo& pinnedRegs = PinnedRegisterInfo::get();
+    RegisterSet toSave = pinnedRegs.toSave(mode);
+#if !ASSERT_DISABLED
+    unsigned toSaveSize = toSave.numberOfSetGPRs();
+    // They should all be callee saves.
+    toSave.filter(RegisterSet::calleeSaveRegisters());
+    ASSERT(toSave.numberOfSetGPRs() == toSaveSize);
+#endif
+    RegisterAtOffsetList registersToSpill(toSave, RegisterAtOffsetList::OffsetBaseType::FramePointerBased);
+    result->entrypoint.calleeSaveRegisters = registersToSpill;
+    unsigned totalFrameSize = registersToSpill.size() * sizeof(void*);
+    totalFrameSize += WasmCallingConvention::headerSizeInBytes();
+    totalFrameSize -= sizeof(CallerFrameAndPC);
+    unsigned numGPRs = 0;
+    unsigned numFPRs = 0;
+    for (unsigned i = 0; i < signature.argumentCount(); i++) {
+        switch (signature.argument(i)) {
+        case Wasm::I64:
+        case Wasm::I32:
+            if (numGPRs >= wasmCallingConvention().m_gprArgs.size())
+                totalFrameSize += sizeof(void*);
+            ++numGPRs;
+            break;
+        case Wasm::F32:
+        case Wasm::F64:
+            if (numFPRs >= wasmCallingConvention().m_fprArgs.size())
+                totalFrameSize += sizeof(void*);
+            ++numFPRs;
+            break;
+        default:
+            RELEASE_ASSERT_NOT_REACHED();
+        }
+    }
+    totalFrameSize = WTF::roundUpToMultipleOf(stackAlignmentBytes(), totalFrameSize);
+    jit.subPtr(MacroAssembler::TrustedImm32(totalFrameSize), MacroAssembler::stackPointerRegister);
+    // We save all these registers regardless of having a memory or not.
+    // The reason is that we use one of these as a scratch. That said,
+    // almost all real wasm programs use memory, so it's not really
+    // worth optimizing for the case that they don't.
+    for (const RegisterAtOffset& regAtOffset : registersToSpill) {
+        GPRReg reg = regAtOffset.reg().gpr();
+        ptrdiff_t offset = regAtOffset.offset();
+        jit.storePtr(reg, CCallHelpers::Address(GPRInfo::callFrameRegister, offset));
+    }
+    GPRReg wasmContextGPR = pinnedRegs.wasmContextPointer;
+    {
+        CCallHelpers::Address calleeFrame = CCallHelpers::Address(MacroAssembler::stackPointerRegister, -static_cast<ptrdiff_t>(sizeof(CallerFrameAndPC)));
+        numGPRs = 0;
+        numFPRs = 0;
+        // We're going to set the pinned registers after this. So
+        // we can use this as a scratch for now since we saved it above.
+        GPRReg scratchReg = pinnedRegs.baseMemoryPointer;
+        ptrdiff_t jsOffset = CallFrameSlot::thisArgument * sizeof(EncodedJSValue);
+        // vmEntryToWasm passes Wasm::Context* as the first JS argument when we're
+        // not using fast TLS to hold the Wasm::Context*.
+        if (!useFastTLSForContext()) {
+            jit.loadPtr(CCallHelpers::Address(GPRInfo::callFrameRegister, jsOffset), wasmContextGPR);
+            jsOffset += sizeof(EncodedJSValue);
+        }
+        ptrdiff_t wasmOffset = CallFrame::headerSizeInRegisters * sizeof(void*);
+        for (unsigned i = 0; i < signature.argumentCount(); i++) {
+            switch (signature.argument(i)) {
+            case Wasm::I32:
+            case Wasm::I64:
+                if (numGPRs >= wasmCallingConvention().m_gprArgs.size()) {
+                    if (signature.argument(i) == Wasm::I32) {
+                        jit.load32(CCallHelpers::Address(GPRInfo::callFrameRegister, jsOffset), scratchReg);
+                        jit.store32(scratchReg, calleeFrame.withOffset(wasmOffset));
+                    } else {
+                        jit.load64(CCallHelpers::Address(GPRInfo::callFrameRegister, jsOffset), scratchReg);
+                        jit.store64(scratchReg, calleeFrame.withOffset(wasmOffset));
+                    }
+                    wasmOffset += sizeof(void*);
+                } else {
+                    if (signature.argument(i) == Wasm::I32)
+                        jit.load32(CCallHelpers::Address(GPRInfo::callFrameRegister, jsOffset), wasmCallingConvention().m_gprArgs[numGPRs].gpr());
+                    else
+                        jit.load64(CCallHelpers::Address(GPRInfo::callFrameRegister, jsOffset), wasmCallingConvention().m_gprArgs[numGPRs].gpr());
+                }
+                ++numGPRs;
+                break;
+            case Wasm::F32:
+            case Wasm::F64:
+                if (numFPRs >= wasmCallingConvention().m_fprArgs.size()) {
+                    if (signature.argument(i) == Wasm::F32) {
+                        jit.load32(CCallHelpers::Address(GPRInfo::callFrameRegister, jsOffset), scratchReg);
+                        jit.store32(scratchReg, calleeFrame.withOffset(wasmOffset));
+                    } else {
+                        jit.load64(CCallHelpers::Address(GPRInfo::callFrameRegister, jsOffset), scratchReg);
+                        jit.store64(scratchReg, calleeFrame.withOffset(wasmOffset));
+                    }
+                    wasmOffset += sizeof(void*);
+                } else {
+                    if (signature.argument(i) == Wasm::F32)
+                        jit.loadFloat(CCallHelpers::Address(GPRInfo::callFrameRegister, jsOffset), wasmCallingConvention().m_fprArgs[numFPRs].fpr());
+                    else
+                        jit.loadDouble(CCallHelpers::Address(GPRInfo::callFrameRegister, jsOffset), wasmCallingConvention().m_fprArgs[numFPRs].fpr());
+                }
+                ++numFPRs;
+                break;
+            default:
+                RELEASE_ASSERT_NOT_REACHED();
+            }
+            jsOffset += sizeof(EncodedJSValue);
+        }
+    }
+    if (!!info.memory) {
+        GPRReg baseMemory = pinnedRegs.baseMemoryPointer;
+        if (!useFastTLSForContext())
+            jit.loadPtr(CCallHelpers::Address(wasmContextGPR, JSWebAssemblyInstance::offsetOfMemory()), baseMemory);
+        else {
+            jit.loadWasmContext(baseMemory);
+            jit.loadPtr(CCallHelpers::Address(baseMemory, JSWebAssemblyInstance::offsetOfMemory()), baseMemory);
+        }
+        if (mode != MemoryMode::Signaling) {
+            const auto& sizeRegs = pinnedRegs.sizeRegisters;
+            ASSERT(sizeRegs.size() >= 1);
+            ASSERT(!sizeRegs[0].sizeOffset); // The following code assumes we start at 0, and calculates subsequent size registers relative to 0.
+            jit.loadPtr(CCallHelpers::Address(baseMemory, JSWebAssemblyMemory::offsetOfSize()), sizeRegs[0].sizeRegister);
+            for (unsigned i = 1; i < sizeRegs.size(); ++i)
+                jit.add64(CCallHelpers::TrustedImm32(-sizeRegs[i].sizeOffset), sizeRegs[0].sizeRegister, sizeRegs[i].sizeRegister);
+        }
+        jit.loadPtr(CCallHelpers::Address(baseMemory, JSWebAssemblyMemory::offsetOfMemory()), baseMemory);
+    }
+    CCallHelpers::Call call = jit.threadSafePatchableNearCall();
+    unsigned functionIndexSpace = functionIndex + info.importFunctionCount();
+    ASSERT(functionIndexSpace < info.functionIndexSpaceSize());
+    jit.addLinkTask([unlinkedWasmToWasmCalls, call, functionIndexSpace] (LinkBuffer& linkBuffer) {
+        unlinkedWasmToWasmCalls->append({ linkBuffer.locationOfNearCall(call), functionIndexSpace });
+    });
+    for (const RegisterAtOffset& regAtOffset : registersToSpill) {
+        GPRReg reg = regAtOffset.reg().gpr();
+        ASSERT(reg != GPRInfo::returnValueGPR);
+        ptrdiff_t offset = regAtOffset.offset();
+        jit.loadPtr(CCallHelpers::Address(GPRInfo::callFrameRegister, offset), reg);
+    }
+    switch (signature.returnType()) {
+    case Wasm::F32:
+        jit.moveFloatTo32(FPRInfo::returnValueFPR, GPRInfo::returnValueGPR);
+        break;
+    case Wasm::F64:
+        jit.moveDoubleTo64(FPRInfo::returnValueFPR, GPRInfo::returnValueGPR);
+        break;
+    default:
+        break;
+    }
+    jit.emitFunctionEpilogue();
+    jit.ret();
+    return result;
+}
 auto B3IRGenerator::origin() -> Origin
+{
 …
+}
 Expected<std::unique_ptr<InternalFunction>, String> parseAndCompile(CompilationContext& compilationContext, const uint8_t* functionStart, size_t functionLength, const Signature& signature, Vector<UnlinkedWasmToWasmCall>& unlinkedWasmToWasmCalls, const ModuleInformation& info, MemoryMode mode, CompilationMode compilationMode, uint32_t functionIndex, TierUpCount* tierUp, ThrowWasmException throwWasmException)
+Expected<std::unique_ptr<InternalFunction>, String> parseAndCompile(CompilationContext& compilationContext, const uint8_t* functionStart, size_t functionLength, const Signature& signature, Vector<UnlinkedWasmToWasmCall>& unlinkedWasmToWasmCalls, const ModuleInformation& info, MemoryMode mode, CompilationMode compilationMode, uint32_t functionIndex, TierUpCount* tierUp)
+{
     auto result = std::make_unique<InternalFunction>();
 …
         : Options::webAssemblyOMGOptimizationLevel());
     B3IRGenerator irGenerator(info, procedure, result.get(), unlinkedWasmToWasmCalls, mode, compilationMode, functionIndex, tierUp, throwWasmException);
     FunctionParser<B3IRGenerator> parser(irGenerator, functionStart, functionLength, signature, info);
+    B3IRGenerator context(info, procedure, result.get(), unlinkedWasmToWasmCalls, mode, compilationMode, functionIndex, tierUp);
+    FunctionParser<B3IRGenerator> parser(context, functionStart, functionLength, signature, info);
     WASM_FAIL_IF_HELPER_FAILS(parser.parse());
     irGenerator.insertConstants();
+    context.insertConstants();
     procedure.resetReachability();

trunk/Source/JavaScriptCore/wasm/WasmB3IRGenerator.h

-              r222791
+              r223002
 #include "B3OpaqueByproducts.h"
 #include "CCallHelpers.h"
-#include "WasmEmbedder.h"
 #include "WasmMemory.h"
 #include "WasmModuleInformation.h"
 …
 };
+Expected<std::unique_ptr<InternalFunction>, String> parseAndCompile(CompilationContext&, const uint8_t*, size_t, const Signature&, Vector<UnlinkedWasmToWasmCall>&, const ModuleInformation&, MemoryMode, CompilationMode, uint32_t functionIndex, TierUpCount* = nullptr, ThrowWasmException = nullptr);
+Expected<std::unique_ptr<InternalFunction>, String> parseAndCompile(CompilationContext&, const uint8_t*, size_t, const Signature&, Vector<UnlinkedWasmToWasmCall>&, const ModuleInformation&, MemoryMode, CompilationMode, uint32_t functionIndex, TierUpCount* = nullptr);
+std::unique_ptr<InternalFunction> createJSToWasmWrapper(CompilationContext&, const Signature&, Vector<UnlinkedWasmToWasmCall>*, const ModuleInformation&, MemoryMode, uint32_t functionIndex);
 } } // namespace JSC::Wasm

trunk/Source/JavaScriptCore/wasm/WasmBBQPlan.cpp

-              r222791
+              r223002
 #include "B3Compilation.h"
+#include "JSCInlines.h"
+#include "JSGlobalObject.h"
 #include "WasmB3IRGenerator.h"
 #include "WasmBinding.h"
 …
+}
 BBQPlan::BBQPlan(Context* context, Ref<ModuleInformation> info, AsyncWork work, CompletionTask&& task, CreateEmbedderWrapper&& createEmbedderWrapper, ThrowWasmException throwWasmException)
     : Base(context, WTFMove(info), WTFMove(task), WTFMove(createEmbedderWrapper), throwWasmException)
+BBQPlan::BBQPlan(VM* vm, Ref<ModuleInformation> info, AsyncWork work, CompletionTask&& task)
+    : Base(vm, WTFMove(info), WTFMove(task))
     , m_state(State::Validated)
     , m_asyncWork(work)
 …
+}
 BBQPlan::BBQPlan(Context* context, Vector<uint8_t>&& source, AsyncWork work, CompletionTask&& task, CreateEmbedderWrapper&& createEmbedderWrapper, ThrowWasmException throwWasmException)
     : BBQPlan(context, adoptRef(*new ModuleInformation(WTFMove(source))), work, WTFMove(task), WTFMove(createEmbedderWrapper), throwWasmException)
+BBQPlan::BBQPlan(VM* vm, Vector<uint8_t>&& source, AsyncWork work, CompletionTask&& task)
+    : BBQPlan(vm, adoptRef(*new ModuleInformation(WTFMove(source))), work, WTFMove(task))
+{
     m_state = State::Initial;
+}
 BBQPlan::BBQPlan(Context* context, const uint8_t* source, size_t sourceLength, AsyncWork work, CompletionTask&& task)
     : Base(context, source, sourceLength, WTFMove(task))
+BBQPlan::BBQPlan(VM* vm, const uint8_t* source, size_t sourceLength, AsyncWork work, CompletionTask&& task)
+    : Base(vm, source, sourceLength, WTFMove(task))
     , m_state(State::Initial)
     , m_asyncWork(work)
 …
         m_unlinkedWasmToWasmCalls[functionIndex] = Vector<UnlinkedWasmToWasmCall>();
         TierUpCount* tierUp = Options::useBBQTierUpChecks() ? &m_tierUpCounts[functionIndex] : nullptr;
         auto parseAndCompileResult = parseAndCompile(m_compilationContexts[functionIndex], functionStart, functionLength, signature, m_unlinkedWasmToWasmCalls[functionIndex], m_moduleInformation.get(), m_mode, CompilationMode::BBQMode, functionIndex, tierUp, m_throwWasmException);
+        auto parseAndCompileResult = parseAndCompile(m_compilationContexts[functionIndex], functionStart, functionLength, signature, m_unlinkedWasmToWasmCalls[functionIndex], m_moduleInformation.get(), m_mode, CompilationMode::BBQMode, functionIndex, tierUp);
         if (UNLIKELY(!parseAndCompileResult)) {
 …
         if (m_exportedFunctionIndices.contains(functionIndex)) {
             auto locker = holdLock(m_lock);
             auto result = m_embedderToWasmInternalFunctions.add(functionIndex, m_createEmbedderWrapper(m_compilationContexts[functionIndex], signature, &m_unlinkedWasmToWasmCalls[functionIndex], m_moduleInformation.get(), m_mode, functionIndex));
+            auto result = m_jsToWasmInternalFunctions.add(functionIndex, createJSToWasmWrapper(m_compilationContexts[functionIndex], signature, &m_unlinkedWasmToWasmCalls[functionIndex], m_moduleInformation.get(), m_mode, functionIndex));
             ASSERT_UNUSED(result, result.isNewEntry);
+        }
 …
+            }
             if (auto embedderToWasmInternalFunction = m_embedderToWasmInternalFunctions.get(functionIndex)) {
+            if (auto jsToWasmInternalFunction = m_jsToWasmInternalFunctions.get(functionIndex)) {
                 LinkBuffer linkBuffer(*context.jsEntrypointJIT, nullptr, JITCompilationCanFail);
                 if (UNLIKELY(linkBuffer.didFailToAllocate())) {
 …
+                }
                 embedderToWasmInternalFunction->entrypoint.compilation = std::make_unique<B3::Compilation>(
+                jsToWasmInternalFunction->entrypoint.compilation = std::make_unique<B3::Compilation>(
                     FINALIZE_CODE(linkBuffer, ("JavaScript->WebAssembly entrypoint[%i] %s", functionIndex, SignatureInformation::get(signatureIndex).toString().ascii().data())),
                     WTFMove(context.jsEntrypointByproducts));

trunk/Source/JavaScriptCore/wasm/WasmBBQPlan.h

-              r222791
+              r223002
 #include "CompilationResult.h"
+#include "VM.h"
 #include "WasmB3IRGenerator.h"
 #include "WasmModuleInformation.h"
 …
 #include "WasmTierUpCount.h"
 #include <wtf/Bag.h>
-#include <wtf/Function.h>
 #include <wtf/SharedTask.h>
 #include <wtf/ThreadSafeRefCounted.h>
 …
 class CallLinkInfo;
+class JSGlobalObject;
+class JSPromiseDeferred;
 namespace Wasm {
 …
     using Base = Plan;
     enum AsyncWork : uint8_t { FullCompile, Validation };
     // Note: CompletionTask should not hold a reference to the Plan otherwise there will be a reference cycle.
     BBQPlan(Context*, Ref<ModuleInformation>, AsyncWork, CompletionTask&&, CreateEmbedderWrapper&&, ThrowWasmException);
     JS_EXPORT_PRIVATE BBQPlan(Context*, Vector<uint8_t>&&, AsyncWork, CompletionTask&&, CreateEmbedderWrapper&&, ThrowWasmException);
+    BBQPlan(VM*, Ref<ModuleInformation>, AsyncWork, CompletionTask&&);
+    JS_EXPORT_PRIVATE BBQPlan(VM*, Vector<uint8_t>&&, AsyncWork, CompletionTask&&);
     // Note: This constructor should only be used if you are not actually building a module e.g. validation/function tests
     // FIXME: When we get rid of function tests we should remove AsyncWork from this constructor.
     JS_EXPORT_PRIVATE BBQPlan(Context*, const uint8_t*, size_t, AsyncWork, CompletionTask&&);
+    JS_EXPORT_PRIVATE BBQPlan(VM*, const uint8_t*, size_t, AsyncWork, CompletionTask&&);
     bool parseAndValidateModule();
 …
     Vector<std::unique_ptr<InternalFunction>> m_wasmInternalFunctions;
     HashSet<uint32_t, typename DefaultHash<uint32_t>::Hash, WTF::UnsignedWithZeroKeyHashTraits<uint32_t>> m_exportedFunctionIndices;
     HashMap<uint32_t, std::unique_ptr<InternalFunction>, typename DefaultHash<uint32_t>::Hash, WTF::UnsignedWithZeroKeyHashTraits<uint32_t>> m_embedderToWasmInternalFunctions;
+    HashMap<uint32_t, std::unique_ptr<InternalFunction>, typename DefaultHash<uint32_t>::Hash, WTF::UnsignedWithZeroKeyHashTraits<uint32_t>> m_jsToWasmInternalFunctions;
     Vector<CompilationContext> m_compilationContexts;
     Vector<TierUpCount> m_tierUpCounts;

trunk/Source/JavaScriptCore/wasm/WasmBBQPlanInlines.h

-              r222791
+              r223002
     for (unsigned internalFunctionIndex = 0; internalFunctionIndex < m_wasmInternalFunctions.size(); ++internalFunctionIndex) {
         RefPtr<Wasm::Callee> embedderEntrypointCallee;
         if (auto embedderToWasmFunction = m_embedderToWasmInternalFunctions.get(internalFunctionIndex)) {
             embedderEntrypointCallee = Wasm::Callee::create(WTFMove(embedderToWasmFunction->entrypoint));
             MacroAssembler::repatchPointer(embedderToWasmFunction->calleeMoveLocation, CalleeBits::boxWasm(embedderEntrypointCallee.get()));
+        RefPtr<Wasm::Callee> jsEntrypointCallee;
+        if (auto jsToWasmFunction = m_jsToWasmInternalFunctions.get(internalFunctionIndex)) {
+            jsEntrypointCallee = Wasm::Callee::create(WTFMove(jsToWasmFunction->entrypoint));
+            MacroAssembler::repatchPointer(jsToWasmFunction->calleeMoveLocation, CalleeBits::boxWasm(jsEntrypointCallee.get()));
+        }
 …
         MacroAssembler::repatchPointer(function->calleeMoveLocation, CalleeBits::boxWasm(wasmEntrypointCallee.ptr()));
         callback(internalFunctionIndex, WTFMove(embedderEntrypointCallee), WTFMove(wasmEntrypointCallee));
+        callback(internalFunctionIndex, WTFMove(jsEntrypointCallee), WTFMove(wasmEntrypointCallee));
+    }
+}

trunk/Source/JavaScriptCore/wasm/WasmBinding.cpp

-              r222791
+              r223002
 #include "CCallHelpers.h"
+#include "FrameTracers.h"
+#include "JITExceptions.h"
 #include "JSCInlines.h"
 #include "JSWebAssemblyInstance.h"
 #include "LinkBuffer.h"
+#include "NativeErrorConstructor.h"
+#include "ThunkGenerators.h"
+#include "WasmCallingConvention.h"
+#include "WasmContext.h"
+#include "WasmExceptionType.h"
 namespace JSC { namespace Wasm {
 using JIT = CCallHelpers;
+static void materializeImportJSCell(JIT& jit, unsigned importIndex, GPRReg result)
+{
+    // We're calling out of the current WebAssembly.Instance. That Instance has a list of all its import functions.
+    jit.loadWasmContext(result);
+    jit.loadPtr(JIT::Address(result, JSWebAssemblyInstance::offsetOfImportFunction(importIndex)), result);
+}
+Expected<MacroAssemblerCodeRef, BindingFailure> wasmToJs(VM* vm, Bag<CallLinkInfo>& callLinkInfos, SignatureIndex signatureIndex, unsigned importIndex)
+{
+    // FIXME: This function doesn't properly abstract away the calling convention.
+    // It'd be super easy to do so: https://bugs.webkit.org/show_bug.cgi?id=169401
+    const WasmCallingConvention& wasmCC = wasmCallingConvention();
+    const JSCCallingConvention& jsCC = jscCallingConvention();
+    const Signature& signature = SignatureInformation::get(signatureIndex);
+    unsigned argCount = signature.argumentCount();
+    JIT jit;
+    // Note: WasmB3IRGenerator assumes that this stub treats SP as a callee save.
+    // If we ever change this, we will also need to change WasmB3IRGenerator.
+    // Below, we assume that the JS calling convention is always on the stack.
+    ASSERT(!jsCC.m_gprArgs.size());
+    ASSERT(!jsCC.m_fprArgs.size());
+    jit.emitFunctionPrologue();
+    jit.store64(JIT::TrustedImm32(0), JIT::Address(GPRInfo::callFrameRegister, CallFrameSlot::codeBlock * static_cast<int>(sizeof(Register)))); // FIXME Stop using 0 as codeBlocks. https://bugs.webkit.org/show_bug.cgi?id=165321
+    {
+        bool hasBadI64Use = false;
+        hasBadI64Use |= signature.returnType() == I64;
+        for (unsigned argNum = 0; argNum < argCount && !hasBadI64Use; ++argNum) {
+            Type argType = signature.argument(argNum);
+            switch (argType) {
+            case Void:
+            case Func:
+            case Anyfunc:
+                RELEASE_ASSERT_NOT_REACHED();
+            case I64: {
+                hasBadI64Use = true;
+                break;
+            }
+            default:
+                break;
+            }
+        }
+        if (hasBadI64Use) {
+            jit.copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(*vm);
+            jit.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
+            jit.loadWasmContext(GPRInfo::argumentGPR1);
+            // Store Callee.
+            jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR1, JSWebAssemblyInstance::offsetOfCallee()), GPRInfo::argumentGPR2);
+            jit.storePtr(GPRInfo::argumentGPR2, JIT::Address(GPRInfo::callFrameRegister, CallFrameSlot::callee * static_cast<int>(sizeof(Register))));
+            auto call = jit.call();
+            jit.jumpToExceptionHandler(*vm);
+            void (*throwBadI64)(ExecState*, JSWebAssemblyInstance*) = [] (ExecState* exec, JSWebAssemblyInstance* wasmContext) -> void {
+                VM* vm = &exec->vm();
+                NativeCallFrameTracer tracer(vm, exec);
+                {
+                    auto throwScope = DECLARE_THROW_SCOPE(*vm);
+                    JSGlobalObject* globalObject = wasmContext->globalObject();
+                    auto* error = ErrorInstance::create(exec, *vm, globalObject->typeErrorConstructor()->errorStructure(), ASCIILiteral("i64 not allowed as return type or argument to an imported function"));
+                    throwException(exec, throwScope, error);
+                }
+                genericUnwind(vm, exec);
+                ASSERT(!!vm->callFrameForCatch);
+            };
+            LinkBuffer linkBuffer(jit, GLOBAL_THUNK_ID, JITCompilationCanFail);
+            if (UNLIKELY(linkBuffer.didFailToAllocate()))
+                return makeUnexpected(BindingFailure::OutOfMemory);
+            linkBuffer.link(call, throwBadI64);
+            return FINALIZE_CODE(linkBuffer, ("WebAssembly->JavaScript invalid i64 use in import[%i]", importIndex));
+        }
+    }
+    // Here we assume that the JS calling convention saves at least all the wasm callee saved. We therefore don't need to save and restore more registers since the wasm callee already took care of this.
+    RegisterSet missingCalleeSaves = wasmCC.m_calleeSaveRegisters;
+    missingCalleeSaves.exclude(jsCC.m_calleeSaveRegisters);
+    ASSERT(missingCalleeSaves.isEmpty());
+    if (!Options::useCallICsForWebAssemblyToJSCalls()) {
+        ScratchBuffer* scratchBuffer = vm->scratchBufferForSize(argCount * sizeof(uint64_t));
+        char* buffer = argCount ? static_cast<char*>(scratchBuffer->dataBuffer()) : nullptr;
+        unsigned marshalledGPRs = 0;
+        unsigned marshalledFPRs = 0;
+        unsigned bufferOffset = 0;
+        unsigned frOffset = CallFrame::headerSizeInRegisters * static_cast<int>(sizeof(Register));
+        const GPRReg scratchGPR = GPRInfo::regCS0;
+        jit.subPtr(MacroAssembler::TrustedImm32(WTF::roundUpToMultipleOf(stackAlignmentBytes(), sizeof(Register))), MacroAssembler::stackPointerRegister);
+        jit.storePtr(scratchGPR, MacroAssembler::Address(MacroAssembler::stackPointerRegister));
+        for (unsigned argNum = 0; argNum < argCount; ++argNum) {
+            Type argType = signature.argument(argNum);
+            switch (argType) {
+            case Void:
+            case Func:
+            case Anyfunc:
+            case I64:
+                RELEASE_ASSERT_NOT_REACHED();
+            case I32: {
+                GPRReg gprReg;
+                if (marshalledGPRs < wasmCC.m_gprArgs.size())
+                    gprReg = wasmCC.m_gprArgs[marshalledGPRs].gpr();
+                else {
+                    // We've already spilled all arguments, these registers are available as scratch.
+                    gprReg = GPRInfo::argumentGPR0;
+                    jit.load64(JIT::Address(GPRInfo::callFrameRegister, frOffset), gprReg);
+                    frOffset += sizeof(Register);
+                }
+                jit.zeroExtend32ToPtr(gprReg, gprReg);
+                jit.store64(gprReg, buffer + bufferOffset);
+                ++marshalledGPRs;
+                break;
+            }
+            case F32: {
+                FPRReg fprReg;
+                if (marshalledFPRs < wasmCC.m_fprArgs.size())
+                    fprReg = wasmCC.m_fprArgs[marshalledFPRs].fpr();
+                else {
+                    // We've already spilled all arguments, these registers are available as scratch.
+                    fprReg = FPRInfo::argumentFPR0;
+                    jit.loadFloat(JIT::Address(GPRInfo::callFrameRegister, frOffset), fprReg);
+                    frOffset += sizeof(Register);
+                }
+                jit.convertFloatToDouble(fprReg, fprReg);
+                jit.moveDoubleTo64(fprReg, scratchGPR);
+                jit.store64(scratchGPR, buffer + bufferOffset);
+                ++marshalledFPRs;
+                break;
+            }
+            case F64: {
+                FPRReg fprReg;
+                if (marshalledFPRs < wasmCC.m_fprArgs.size())
+                    fprReg = wasmCC.m_fprArgs[marshalledFPRs].fpr();
+                else {
+                    // We've already spilled all arguments, these registers are available as scratch.
+                    fprReg = FPRInfo::argumentFPR0;
+                    jit.loadDouble(JIT::Address(GPRInfo::callFrameRegister, frOffset), fprReg);
+                    frOffset += sizeof(Register);
+                }
+                jit.moveDoubleTo64(fprReg, scratchGPR);
+                jit.store64(scratchGPR, buffer + bufferOffset);
+                ++marshalledFPRs;
+                break;
+            }
+            }
+            bufferOffset += sizeof(Register);
+        }
+        jit.loadPtr(MacroAssembler::Address(MacroAssembler::stackPointerRegister), scratchGPR);
+        if (argCount) {
+            // The GC should not look at this buffer at all, these aren't JSValues.
+            jit.move(CCallHelpers::TrustedImmPtr(scratchBuffer->addressOfActiveLength()), GPRInfo::argumentGPR0);
+            jit.storePtr(CCallHelpers::TrustedImmPtr(0), GPRInfo::argumentGPR0);
+        }
+        uint64_t (*callFunc)(ExecState*, JSObject*, SignatureIndex, uint64_t*) =
+            [] (ExecState* exec, JSObject* callee, SignatureIndex signatureIndex, uint64_t* buffer) -> uint64_t {
+                VM* vm = &exec->vm();
+                NativeCallFrameTracer tracer(vm, exec);
+                auto throwScope = DECLARE_THROW_SCOPE(*vm);
+                const Signature& signature = SignatureInformation::get(signatureIndex);
+                MarkedArgumentBuffer args;
+                for (unsigned argNum = 0; argNum < signature.argumentCount(); ++argNum) {
+                    Type argType = signature.argument(argNum);
+                    JSValue arg;
+                    switch (argType) {
+                    case Void:
+                    case Func:
+                    case Anyfunc:
+                    case I64:
+                        RELEASE_ASSERT_NOT_REACHED();
+                    case I32:
+                        arg = jsNumber(static_cast<int32_t>(buffer[argNum]));
+                        break;
+                    case F32:
+                    case F64:
+                        arg = jsNumber(bitwise_cast<double>(buffer[argNum]));
+                        break;
+                    }
+                    args.append(arg);
+                }
+                CallData callData;
+                CallType callType = callee->methodTable(*vm)->getCallData(callee, callData);
+                RELEASE_ASSERT(callType != CallType::None);
+                JSValue result = call(exec, callee, callType, callData, jsUndefined(), args);
+                RETURN_IF_EXCEPTION(throwScope, 0);
+                uint64_t realResult;
+                switch (signature.returnType()) {
+                case Func:
+                case Anyfunc:
+                case I64:
+                    RELEASE_ASSERT_NOT_REACHED();
+                    break;
+                case Void:
+                    break;
+                case I32: {
+                    realResult = static_cast<uint64_t>(static_cast<uint32_t>(result.toInt32(exec)));
+                    break;
+                }
+                case F64:
+                case F32: {
+                    realResult = bitwise_cast<uint64_t>(result.toNumber(exec));
+                    break;
+                }
+                }
+                RETURN_IF_EXCEPTION(throwScope, 0);
+                return realResult;
+            };
+        jit.loadWasmContext(GPRInfo::argumentGPR0);
+        jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR0, JSWebAssemblyInstance::offsetOfCallee()), GPRInfo::argumentGPR0);
+        jit.storePtr(GPRInfo::argumentGPR0, JIT::Address(GPRInfo::callFrameRegister, CallFrameSlot::callee * static_cast<int>(sizeof(Register))));
+        materializeImportJSCell(jit, importIndex, GPRInfo::argumentGPR1);
+        static_assert(GPRInfo::numberOfArgumentRegisters >= 4, "We rely on this with the call below.");
+        jit.setupArgumentsWithExecState(GPRInfo::argumentGPR1, CCallHelpers::TrustedImm32(signatureIndex), CCallHelpers::TrustedImmPtr(buffer));
+        auto call = jit.call();
+        auto noException = jit.emitExceptionCheck(*vm, AssemblyHelpers::InvertedExceptionCheck);
+        // exception here.
+        jit.copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(*vm);
+        jit.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
+        void (*doUnwinding)(ExecState*) = [] (ExecState* exec) -> void {
+            VM* vm = &exec->vm();
+            NativeCallFrameTracer tracer(vm, exec);
+            genericUnwind(vm, exec);
+            ASSERT(!!vm->callFrameForCatch);
+        };
+        auto exceptionCall = jit.call();
+        jit.jumpToExceptionHandler(*vm);
+        noException.link(&jit);
+        switch (signature.returnType()) {
+        case F64: {
+            jit.move64ToDouble(GPRInfo::returnValueGPR, FPRInfo::returnValueFPR);
+            break;
+        }
+        case F32: {
+            jit.move64ToDouble(GPRInfo::returnValueGPR, FPRInfo::returnValueFPR);
+            jit.convertDoubleToFloat(FPRInfo::returnValueFPR, FPRInfo::returnValueFPR);
+            break;
+        }
+        default:
+            break;
+        }
+        jit.emitFunctionEpilogue();
+        jit.ret();
+        LinkBuffer linkBuffer(jit, GLOBAL_THUNK_ID, JITCompilationCanFail);
+        if (UNLIKELY(linkBuffer.didFailToAllocate()))
+            return makeUnexpected(BindingFailure::OutOfMemory);
+        linkBuffer.link(call, callFunc);
+        linkBuffer.link(exceptionCall, doUnwinding);
+        return FINALIZE_CODE(linkBuffer, ("WebAssembly->JavaScript import[%i] %s", importIndex, signature.toString().ascii().data()));
+    }
+    // Note: We don't need to perform a stack check here since WasmB3IRGenerator
+    // will do the stack check for us. Whenever it detects that it might make
+    // a call to this thunk, it'll make sure its stack check includes space
+    // for us here.
+    const unsigned numberOfParameters = argCount + 1; // There is a "this" argument.
+    const unsigned numberOfRegsForCall = CallFrame::headerSizeInRegisters + numberOfParameters;
+    const unsigned numberOfBytesForCall = numberOfRegsForCall * sizeof(Register) - sizeof(CallerFrameAndPC);
+    const unsigned stackOffset = WTF::roundUpToMultipleOf(stackAlignmentBytes(), numberOfBytesForCall);
+    jit.subPtr(MacroAssembler::TrustedImm32(stackOffset), MacroAssembler::stackPointerRegister);
+    JIT::Address calleeFrame = CCallHelpers::Address(MacroAssembler::stackPointerRegister, -static_cast<ptrdiff_t>(sizeof(CallerFrameAndPC)));
+    // FIXME make these loops which switch on Signature if there are many arguments on the stack. It'll otherwise be huge for huge signatures. https://bugs.webkit.org/show_bug.cgi?id=165547
+    // First go through the integer parameters, freeing up their register for use afterwards.
+    {
+        unsigned marshalledGPRs = 0;
+        unsigned marshalledFPRs = 0;
+        unsigned calleeFrameOffset = CallFrameSlot::firstArgument * static_cast<int>(sizeof(Register));
+        unsigned frOffset = CallFrame::headerSizeInRegisters * static_cast<int>(sizeof(Register));
+        for (unsigned argNum = 0; argNum < argCount; ++argNum) {
+            Type argType = signature.argument(argNum);
+            switch (argType) {
+            case Void:
+            case Func:
+            case Anyfunc:
+            case I64:
+                RELEASE_ASSERT_NOT_REACHED(); // Handled above.
+            case I32: {
+                GPRReg gprReg;
+                if (marshalledGPRs < wasmCC.m_gprArgs.size())
+                    gprReg = wasmCC.m_gprArgs[marshalledGPRs].gpr();
+                else {
+                    // We've already spilled all arguments, these registers are available as scratch.
+                    gprReg = GPRInfo::argumentGPR0;
+                    jit.load64(JIT::Address(GPRInfo::callFrameRegister, frOffset), gprReg);
+                    frOffset += sizeof(Register);
+                }
+                ++marshalledGPRs;
+                jit.zeroExtend32ToPtr(gprReg, gprReg); // Clear non-int32 and non-tag bits.
+                jit.boxInt32(gprReg, JSValueRegs(gprReg), DoNotHaveTagRegisters);
+                jit.store64(gprReg, calleeFrame.withOffset(calleeFrameOffset));
+                calleeFrameOffset += sizeof(Register);
+                break;
+            }
+            case F32:
+            case F64:
+                // Skipped: handled below.
+                if (marshalledFPRs >= wasmCC.m_fprArgs.size())
+                    frOffset += sizeof(Register);
+                ++marshalledFPRs;
+                calleeFrameOffset += sizeof(Register);
+                break;
+            }
+        }
+    }
+    {
+        // Integer registers have already been spilled, these are now available.
+        GPRReg doubleEncodeOffsetGPRReg = GPRInfo::argumentGPR0;
+        GPRReg scratch = GPRInfo::argumentGPR1;
+        bool hasMaterializedDoubleEncodeOffset = false;
+        auto materializeDoubleEncodeOffset = [&hasMaterializedDoubleEncodeOffset, &jit] (GPRReg dest) {
+            if (!hasMaterializedDoubleEncodeOffset) {
+                static_assert(DoubleEncodeOffset == 1ll << 48, "codegen assumes this below");
+                jit.move(JIT::TrustedImm32(1), dest);
+                jit.lshift64(JIT::TrustedImm32(48), dest);
+                hasMaterializedDoubleEncodeOffset = true;
+            }
+        };
+        unsigned marshalledGPRs = 0;
+        unsigned marshalledFPRs = 0;
+        unsigned calleeFrameOffset = CallFrameSlot::firstArgument * static_cast<int>(sizeof(Register));
+        unsigned frOffset = CallFrame::headerSizeInRegisters * static_cast<int>(sizeof(Register));
+        for (unsigned argNum = 0; argNum < argCount; ++argNum) {
+            Type argType = signature.argument(argNum);
+            switch (argType) {
+            case Void:
+            case Func:
+            case Anyfunc:
+            case I64:
+                RELEASE_ASSERT_NOT_REACHED(); // Handled above.
+            case I32:
+                // Skipped: handled above.
+                if (marshalledGPRs >= wasmCC.m_gprArgs.size())
+                    frOffset += sizeof(Register);
+                ++marshalledGPRs;
+                calleeFrameOffset += sizeof(Register);
+                break;
+            case F32: {
+                FPRReg fprReg;
+                if (marshalledFPRs < wasmCC.m_fprArgs.size())
+                    fprReg = wasmCC.m_fprArgs[marshalledFPRs].fpr();
+                else {
+                    // We've already spilled all arguments, these registers are available as scratch.
+                    fprReg = FPRInfo::argumentFPR0;
+                    jit.loadFloat(JIT::Address(GPRInfo::callFrameRegister, frOffset), fprReg);
+                    frOffset += sizeof(Register);
+                }
+                jit.convertFloatToDouble(fprReg, fprReg);
+                jit.purifyNaN(fprReg);
+                jit.moveDoubleTo64(fprReg, scratch);
+                materializeDoubleEncodeOffset(doubleEncodeOffsetGPRReg);
+                jit.add64(doubleEncodeOffsetGPRReg, scratch);
+                jit.store64(scratch, calleeFrame.withOffset(calleeFrameOffset));
+                calleeFrameOffset += sizeof(Register);
+                ++marshalledFPRs;
+                break;
+            }
+            case F64: {
+                FPRReg fprReg;
+                if (marshalledFPRs < wasmCC.m_fprArgs.size())
+                    fprReg = wasmCC.m_fprArgs[marshalledFPRs].fpr();
+                else {
+                    // We've already spilled all arguments, these registers are available as scratch.
+                    fprReg = FPRInfo::argumentFPR0;
+                    jit.loadDouble(JIT::Address(GPRInfo::callFrameRegister, frOffset), fprReg);
+                    frOffset += sizeof(Register);
+                }
+                jit.purifyNaN(fprReg);
+                jit.moveDoubleTo64(fprReg, scratch);
+                materializeDoubleEncodeOffset(doubleEncodeOffsetGPRReg);
+                jit.add64(doubleEncodeOffsetGPRReg, scratch);
+                jit.store64(scratch, calleeFrame.withOffset(calleeFrameOffset));
+                calleeFrameOffset += sizeof(Register);
+                ++marshalledFPRs;
+                break;
+            }
+            }
+        }
+    }
+    jit.loadWasmContext(GPRInfo::argumentGPR0);
+    jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR0, JSWebAssemblyInstance::offsetOfCallee()), GPRInfo::argumentGPR0);
+    jit.storePtr(GPRInfo::argumentGPR0, JIT::Address(GPRInfo::callFrameRegister, CallFrameSlot::callee * static_cast<int>(sizeof(Register))));
+    GPRReg importJSCellGPRReg = GPRInfo::regT0; // Callee needs to be in regT0 for slow path below.
+    ASSERT(!wasmCC.m_calleeSaveRegisters.get(importJSCellGPRReg));
+    materializeImportJSCell(jit, importIndex, importJSCellGPRReg);
+    jit.store64(importJSCellGPRReg, calleeFrame.withOffset(CallFrameSlot::callee * static_cast<int>(sizeof(Register))));
+    jit.store32(JIT::TrustedImm32(numberOfParameters), calleeFrame.withOffset(CallFrameSlot::argumentCount * static_cast<int>(sizeof(Register)) + PayloadOffset));
+    jit.store64(JIT::TrustedImm64(ValueUndefined), calleeFrame.withOffset(CallFrameSlot::thisArgument * static_cast<int>(sizeof(Register))));
+    // FIXME Tail call if the wasm return type is void and no registers were spilled. https://bugs.webkit.org/show_bug.cgi?id=165488
+    CallLinkInfo* callLinkInfo = callLinkInfos.add();
+    callLinkInfo->setUpCall(CallLinkInfo::Call, CodeOrigin(), importJSCellGPRReg);
+    JIT::DataLabelPtr targetToCheck;
+    JIT::TrustedImmPtr initialRightValue(0);
+    JIT::Jump slowPath = jit.branchPtrWithPatch(MacroAssembler::NotEqual, importJSCellGPRReg, targetToCheck, initialRightValue);
+    JIT::Call fastCall = jit.nearCall();
+    JIT::Jump done = jit.jump();
+    slowPath.link(&jit);
+    // Callee needs to be in regT0 here.
+    jit.move(MacroAssembler::TrustedImmPtr(callLinkInfo), GPRInfo::regT2); // Link info needs to be in regT2.
+    JIT::Call slowCall = jit.nearCall();
+    done.link(&jit);
+    CCallHelpers::JumpList exceptionChecks;
+    switch (signature.returnType()) {
+    case Void:
+        // Discard.
+        break;
+    case Func:
+    case Anyfunc:
+        // For the JavaScript embedding, imports with these types in their signature return are a WebAssembly.Module validation error.
+        RELEASE_ASSERT_NOT_REACHED();
+        break;
+    case I64: {
+        RELEASE_ASSERT_NOT_REACHED(); // Handled above.
+    }
+    case I32: {
+        CCallHelpers::JumpList done;
+        CCallHelpers::JumpList slowPath;
+        slowPath.append(jit.branchIfNotNumber(GPRInfo::returnValueGPR, DoNotHaveTagRegisters));
+        slowPath.append(jit.branchIfNotInt32(JSValueRegs(GPRInfo::returnValueGPR), DoNotHaveTagRegisters));
+        jit.zeroExtend32ToPtr(GPRInfo::returnValueGPR, GPRInfo::returnValueGPR);
+        done.append(jit.jump());
+        slowPath.link(&jit);
+        jit.setupArgumentsWithExecState(GPRInfo::returnValueGPR);
+        auto call = jit.call();
+        exceptionChecks.append(jit.emitJumpIfException(*vm));
+        int32_t (*convertToI32)(ExecState*, JSValue) = [] (ExecState* exec, JSValue v) -> int32_t {
+            VM* vm = &exec->vm();
+            NativeCallFrameTracer tracer(vm, exec);
+            return v.toInt32(exec);
+        };
+        jit.addLinkTask([=] (LinkBuffer& linkBuffer) {
+            linkBuffer.link(call, convertToI32);
+        });
+        done.link(&jit);
+        break;
+    }
+    case F32: {
+        CCallHelpers::JumpList done;
+        auto notANumber = jit.branchIfNotNumber(GPRInfo::returnValueGPR, DoNotHaveTagRegisters);
+        auto isDouble = jit.branchIfNotInt32(JSValueRegs(GPRInfo::returnValueGPR), DoNotHaveTagRegisters);
+        // We're an int32
+        jit.signExtend32ToPtr(GPRInfo::returnValueGPR, GPRInfo::returnValueGPR);
+        jit.convertInt64ToFloat(GPRInfo::returnValueGPR, FPRInfo::returnValueFPR);
+        done.append(jit.jump());
+        isDouble.link(&jit);
+        jit.move(JIT::TrustedImm64(TagTypeNumber), GPRInfo::returnValueGPR2);
+        jit.add64(GPRInfo::returnValueGPR2, GPRInfo::returnValueGPR);
+        jit.move64ToDouble(GPRInfo::returnValueGPR, FPRInfo::returnValueFPR);
+        jit.convertDoubleToFloat(FPRInfo::returnValueFPR, FPRInfo::returnValueFPR);
+        done.append(jit.jump());
+        notANumber.link(&jit);
+        jit.setupArgumentsWithExecState(GPRInfo::returnValueGPR);
+        auto call = jit.call();
+        exceptionChecks.append(jit.emitJumpIfException(*vm));
+        float (*convertToF32)(ExecState*, JSValue) = [] (ExecState* exec, JSValue v) -> float {
+            VM* vm = &exec->vm();
+            NativeCallFrameTracer tracer(vm, exec);
+            return static_cast<float>(v.toNumber(exec));
+        };
+        jit.addLinkTask([=] (LinkBuffer& linkBuffer) {
+            linkBuffer.link(call, convertToF32);
+        });
+        done.link(&jit);
+        break;
+    }
+    case F64: {
+        CCallHelpers::JumpList done;
+        auto notANumber = jit.branchIfNotNumber(GPRInfo::returnValueGPR, DoNotHaveTagRegisters);
+        auto isDouble = jit.branchIfNotInt32(JSValueRegs(GPRInfo::returnValueGPR), DoNotHaveTagRegisters);
+        // We're an int32
+        jit.signExtend32ToPtr(GPRInfo::returnValueGPR, GPRInfo::returnValueGPR);
+        jit.convertInt64ToDouble(GPRInfo::returnValueGPR, FPRInfo::returnValueFPR);
+        done.append(jit.jump());
+        isDouble.link(&jit);
+        jit.move(JIT::TrustedImm64(TagTypeNumber), GPRInfo::returnValueGPR2);
+        jit.add64(GPRInfo::returnValueGPR2, GPRInfo::returnValueGPR);
+        jit.move64ToDouble(GPRInfo::returnValueGPR, FPRInfo::returnValueFPR);
+        done.append(jit.jump());
+        notANumber.link(&jit);
+        jit.setupArgumentsWithExecState(GPRInfo::returnValueGPR);
+        auto call = jit.call();
+        exceptionChecks.append(jit.emitJumpIfException(*vm));
+        double (*convertToF64)(ExecState*, JSValue) = [] (ExecState* exec, JSValue v) -> double {
+            VM* vm = &exec->vm();
+            NativeCallFrameTracer tracer(vm, exec);
+            return v.toNumber(exec);
+        };
+        jit.addLinkTask([=] (LinkBuffer& linkBuffer) {
+            linkBuffer.link(call, convertToF64);
+        });
+        done.link(&jit);
+        break;
+    }
+    }
+    jit.emitFunctionEpilogue();
+    jit.ret();
+    if (!exceptionChecks.empty()) {
+        exceptionChecks.link(&jit);
+        jit.copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(*vm);
+        jit.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
+        auto call = jit.call();
+        jit.jumpToExceptionHandler(*vm);
+        void (*doUnwinding)(ExecState*) = [] (ExecState* exec) -> void {
+            VM* vm = &exec->vm();
+            NativeCallFrameTracer tracer(vm, exec);
+            genericUnwind(vm, exec);
+            ASSERT(!!vm->callFrameForCatch);
+        };
+        jit.addLinkTask([=] (LinkBuffer& linkBuffer) {
+            linkBuffer.link(call, doUnwinding);
+        });
+    }
+    LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, JITCompilationCanFail);
+    if (UNLIKELY(patchBuffer.didFailToAllocate()))
+        return makeUnexpected(BindingFailure::OutOfMemory);
+    patchBuffer.link(slowCall, FunctionPtr(vm->getCTIStub(linkCallThunkGenerator).code().executableAddress()));
+    CodeLocationLabel callReturnLocation(patchBuffer.locationOfNearCall(slowCall));
+    CodeLocationLabel hotPathBegin(patchBuffer.locationOf(targetToCheck));
+    CodeLocationNearCall hotPathOther = patchBuffer.locationOfNearCall(fastCall);
+    callLinkInfo->setCallLocations(callReturnLocation, hotPathBegin, hotPathOther);
+    return FINALIZE_CODE(patchBuffer, ("WebAssembly->JavaScript import[%i] %s", importIndex, signature.toString().ascii().data()));
+}
 Expected<MacroAssemblerCodeRef, BindingFailure> wasmToWasm(unsigned importIndex)
 …
     GPRReg sizeRegAsScratch = sizeRegs[0].sizeRegister;
+    static_assert(std::is_same<Context, JSWebAssemblyInstance>::value, "This is assumed in the code below.");
     // B3's call codegen ensures that the JSCell is a WebAssemblyFunction.
     jit.loadWasmContextInstance(sizeRegAsScratch); // Old Instance*
     // Get the callee's WebAssembly.Instance and set it as WasmContext's instance. The caller will take care of restoring its own Instance.
+    jit.loadPtr(JIT::Address(sizeRegAsScratch, JSWebAssemblyInstance::offsetOfTargetInstance(importIndex)), baseMemory); // JSWebAssemblyInstance*.
     // While we're accessing that cacheline, also get the wasm entrypoint so we can tail call to it below.
     jit.loadPtr(JIT::Address(sizeRegAsScratch, JSWebAssemblyInstance::offsetOfWasmEntrypoint(importIndex)), scratch); // Wasm::WasmEntrypointLoadLocation.
     jit.storeWasmContextInstance(baseMemory);
+    jit.loadWasmContext(sizeRegAsScratch); // Old Instance*
+    jit.loadPtr(JIT::Address(sizeRegAsScratch, JSWebAssemblyInstance::offsetOfImportFunction(importIndex)), scratch);
+    // Get the callee's WebAssembly.Instance and set it as WasmContext. The caller will take care of restoring its own Instance.
+    jit.loadPtr(JIT::Address(scratch, WebAssemblyFunction::offsetOfInstance()), baseMemory); // Instance*.
+    jit.storeWasmContext(baseMemory);
     jit.loadPtr(JIT::Address(sizeRegAsScratch, JSWebAssemblyInstance::offsetOfCachedStackLimit()), sizeRegAsScratch);
 …
     // FIXME the following code assumes that all WebAssembly.Instance have the same pinned registers. https://bugs.webkit.org/show_bug.cgi?id=162952
     // Set up the callee's baseMemory register as well as the memory size registers.
     jit.loadPtr(JIT::Address(baseMemory, JSWebAssemblyInstance::offsetOfWasmMemory()), baseMemory); // Wasm::Memory*.
+    jit.loadPtr(JIT::Address(baseMemory, JSWebAssemblyInstance::offsetOfMemory()), baseMemory); // JSWebAssemblyMemory*.
     ASSERT(!sizeRegs[0].sizeOffset); // The following code assumes we start at 0, and calculates subsequent size registers relative to 0.
     jit.loadPtr(JIT::Address(baseMemory, Wasm::Memory::offsetOfSize()), sizeRegs[0].sizeRegister); // Memory size.
     jit.loadPtr(JIT::Address(baseMemory, Wasm::Memory::offsetOfMemory()), baseMemory); // Wasm::Memory::void*.
+    jit.loadPtr(JIT::Address(baseMemory, JSWebAssemblyMemory::offsetOfSize()), sizeRegs[0].sizeRegister); // Memory size.
+    jit.loadPtr(JIT::Address(baseMemory, JSWebAssemblyMemory::offsetOfMemory()), baseMemory); // WasmMemory::void*.
     for (unsigned i = 1; i < sizeRegs.size(); ++i) {
         ASSERT(sizeRegs[i].sizeRegister != baseMemory);
 …
     // Tail call into the callee WebAssembly function.
+    jit.loadPtr(JIT::Address(scratch, WebAssemblyFunction::offsetOfWasmEntrypointLoadLocation()), scratch);
     jit.loadPtr(scratch, scratch);
     jit.jump(scratch);

trunk/Source/JavaScriptCore/wasm/WasmBinding.h

-              r222791
+              r223002
 /*
  * Copyright (C) 2016-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
 #include "B3Compilation.h"
+#include "VM.h"
 #include "WasmFormat.h"
+#include <wtf/Bag.h>
 #include <wtf/Expected.h>
 …
 Expected<MacroAssemblerCodeRef, BindingFailure> wasmToWasm(unsigned importIndex);
+Expected<MacroAssemblerCodeRef, BindingFailure> wasmToJs(VM*, Bag<CallLinkInfo>& callLinkInfos, SignatureIndex, unsigned importIndex);
 } } // namespace JSC::Wasm

trunk/Source/JavaScriptCore/wasm/WasmCodeBlock.cpp

-              r222791
+              r223002
 #include "WasmBBQPlanInlines.h"
 #include "WasmCallee.h"
-#include "WasmFormat.h"
 #include "WasmWorklist.h"
 namespace JSC { namespace Wasm {
+Ref<CodeBlock> CodeBlock::create(Context* context, MemoryMode mode, ModuleInformation& moduleInformation, CreateEmbedderWrapper&& createEmbedderWrapper, ThrowWasmException throwWasmException)
+{
+    size_t importFunctionCount = moduleInformation.importFunctionCount();
+    auto* result = new (NotNull, fastMalloc(allocationSize(importFunctionCount))) CodeBlock(context, mode, moduleInformation, WTFMove(createEmbedderWrapper), throwWasmException);
+    for (size_t i = 0; i < importFunctionCount; ++i)
+        result->importWasmToEmbedderStub(i) = nullptr;
+    return adoptRef(*result);
+}
+CodeBlock::CodeBlock(Context* context, MemoryMode mode, ModuleInformation& moduleInformation, CreateEmbedderWrapper&& createEmbedderWrapper, ThrowWasmException throwWasmException)
+CodeBlock::CodeBlock(MemoryMode mode, ModuleInformation& moduleInformation)
     : m_calleeCount(moduleInformation.internalFunctionCount())
     , m_mode(mode)
+{
     RefPtr<CodeBlock> protectedThis = this;
+    m_plan = adoptRef(*new BBQPlan(context, makeRef(moduleInformation), BBQPlan::FullCompile, createSharedTask<Plan::CallbackType>([this, protectedThis = WTFMove(protectedThis)] (Plan&) {
+    m_plan = adoptRef(*new BBQPlan(nullptr, makeRef(moduleInformation), BBQPlan::FullCompile, createSharedTask<Plan::CallbackType>([this, protectedThis = WTFMove(protectedThis)] (VM*, Plan&) {
         auto locker = holdLock(m_lock);
         if (m_plan->failed()) {
             m_errorMessage = m_plan->errorMessage();
             setCompilationFinished();
+            m_plan = nullptr;
             return;
+        }
 …
         m_tierUpCounts = m_plan->takeTierUpCounts();
+        setCompilationFinished();
+    }), WTFMove(createEmbedderWrapper), throwWasmException));
+        m_plan = nullptr;
+    })));
     m_plan->setMode(mode);
     auto& worklist = Wasm::ensureWorklist();
     // Note, immediately after we enqueue the plan, there is a chance the above callback will be called.
 …
+}
 void CodeBlock::compileAsync(Context* context, AsyncCompilationCallback&& task)
+void CodeBlock::compileAsync(VM& vm, AsyncCompilationCallback&& task)
+{
     RefPtr<Plan> plan;
 …
         // a RefPtr on the Plan until the plan finishes notifying all of its callbacks.
         RefPtr<CodeBlock> protectedThis = this;
+        plan->addCompletionTask(context, createSharedTask<Plan::CallbackType>([this, task = WTFMove(task), protectedThis = WTFMove(protectedThis)] (Plan&) {
+            task->run(makeRef(*this));
+        plan->addCompletionTask(vm, createSharedTask<Plan::CallbackType>([this, task = WTFMove(task), protectedThis = WTFMove(protectedThis)] (VM* vm, Plan&) {
+            ASSERT(vm);
+            task->run(*vm, makeRef(*this));
         }));
     } else
         task->run(makeRef(*this));
+        task->run(vm, makeRef(*this));
+}
 …
+}
-void CodeBlock::setCompilationFinished()
+{
-    m_plan = nullptr;
-    m_compilationFinished.store(true);
+}
 } } // namespace JSC::Wasm

trunk/Source/JavaScriptCore/wasm/WasmCodeBlock.h

-              r222791
+              r223002
 #include "MacroAssemblerCodeRef.h"
-#include "WasmEmbedder.h"
 #include "WasmTierUpCount.h"
 #include <wtf/Lock.h>
 …
 namespace JSC {
+class VM;
 namespace Wasm {
 class Callee;
-struct Context;
 class BBQPlan;
 class OMGPlan;
 …
 class CodeBlock : public ThreadSafeRefCounted<CodeBlock> {
 public:
     typedef void CallbackType(Ref<CodeBlock>&&);
+    typedef void CallbackType(VM&, Ref<CodeBlock>&&);
     using AsyncCompilationCallback = RefPtr<WTF::SharedTask<CallbackType>>;
+    static Ref<CodeBlock> create(Context*, MemoryMode, ModuleInformation&, CreateEmbedderWrapper&&, ThrowWasmException);
+    static size_t offsetOfImportStubs()
+    static Ref<CodeBlock> create(MemoryMode mode, ModuleInformation& moduleInformation)
+    {
+        return WTF::roundUpToMultipleOf<sizeof(void*)>(sizeof(CodeBlock));
+    }
+    static size_t allocationSize(Checked<size_t> functionImportCount)
+    {
+        return (offsetOfImportStubs() + sizeof(void*) * functionImportCount).unsafeGet();
+    }
+    void*& importWasmToEmbedderStub(unsigned importIndex)
+    {
+        return *bitwise_cast<void**>(bitwise_cast<char*>(this) + offsetOfImportWasmToEmbedderStub(importIndex));
+    }
+    static ptrdiff_t offsetOfImportWasmToEmbedderStub(unsigned importIndex)
+    {
+        return offsetOfImportStubs() + sizeof(void*) * importIndex;
+    }
+    Wasm::WasmEntrypointLoadLocation wasmToJSCallStubForImport(unsigned importIndex)
+    {
+        ASSERT(runnable());
+        return &importWasmToEmbedderStub(importIndex);
+        return adoptRef(*new CodeBlock(mode, moduleInformation));
+    }
     void waitUntilFinished();
     void compileAsync(Context*, AsyncCompilationCallback&&);
+    void compileAsync(VM&, AsyncCompilationCallback&&);
     bool compilationFinished()
+    {
+        return m_compilationFinished.load();
+        auto locker = holdLock(m_lock);
+        return !m_plan;
+    }
     bool runnable() { return compilationFinished() && !m_errorMessage; }
 …
     unsigned functionImportCount() const { return m_wasmToWasmExitStubs.size(); }
-    // These two callee getters are only valid once the callees have been populated.
     Callee& jsEntrypointCalleeFromFunctionIndexSpace(unsigned functionIndexSpace)
+    {
-        ASSERT(runnable());
         RELEASE_ASSERT(functionIndexSpace >= functionImportCount());
         unsigned calleeIndex = functionIndexSpace - functionImportCount();
 …
     Callee& wasmEntrypointCalleeFromFunctionIndexSpace(unsigned functionIndexSpace)
+    {
-        ASSERT(runnable());
         RELEASE_ASSERT(functionIndexSpace >= functionImportCount());
         unsigned calleeIndex = functionIndexSpace - functionImportCount();
 …
     friend class OMGPlan;
+    CodeBlock(Context*, MemoryMode, ModuleInformation&, CreateEmbedderWrapper&&, ThrowWasmException);
+    void setCompilationFinished();
+    CodeBlock(MemoryMode, ModuleInformation&);
     unsigned m_calleeCount;
     MemoryMode m_mode;
 …
     Vector<MacroAssemblerCodeRef> m_wasmToWasmExitStubs;
     RefPtr<BBQPlan> m_plan;
-    std::atomic<bool> m_compilationFinished { false };
     String m_errorMessage;
     Lock m_lock;

trunk/Source/JavaScriptCore/wasm/WasmContext.cpp

-              r222873
+              r223002
 #if ENABLE(WEBASSEMBLY)
+#include "JSWebAssemblyInstance.h"
+#include "Options.h"
+#include "VM.h"
 #include <mutex>
 #include <wtf/FastTLS.h>
 …
 namespace JSC { namespace Wasm {
 bool Context::useFastTLS()
+Context* loadContext(VM& vm)
+{
 #if ENABLE(FAST_TLS_JIT)
+    return Options::useFastTLSForWasmContext();
+#else
+    return false;
+    if (useFastTLSForContext())
+        return bitwise_cast<Context*>(_pthread_getspecific_direct(WTF_WASM_CONTEXT_KEY));
 #endif
+    return vm.wasmContext;
+}
+JSWebAssemblyInstance* Context::load() const
+void storeContext(VM& vm, Context* context)
+{
 #if ENABLE(FAST_TLS_JIT)
     if (useFastTLS())
         return bitwise_cast<JSWebAssemblyInstance*>(_pthread_getspecific_direct(WTF_WASM_CONTEXT_KEY));
+    if (useFastTLSForContext())
+        _pthread_setspecific_direct(WTF_WASM_CONTEXT_KEY, bitwise_cast<void*>(context));
 #endif
+    return instance;
+}
+void Context::store(JSWebAssemblyInstance* inst, void* softStackLimit)
+{
+#if ENABLE(FAST_TLS_JIT)
+    if (useFastTLS())
+        _pthread_setspecific_direct(WTF_WASM_CONTEXT_KEY, bitwise_cast<void*>(inst));
+#endif
+    instance = inst;
+    if (instance)
+        instance->setCachedStackLimit(softStackLimit);
+    vm.wasmContext = context;
+    if (context)
+        context->setCachedStackLimit(vm.softStackLimit());
+}

trunk/Source/JavaScriptCore/wasm/WasmContext.h

-              r222791
+              r223002
 #if ENABLE(WEBASSEMBLY)
+#include "JSWebAssemblyInstance.h"
+#include "Options.h"
 namespace JSC {
 class JSWebAssemblyInstance;
+class VM;
 namespace Wasm {
+struct Context {
+    JSWebAssemblyInstance* instance { nullptr };
+// FIXME: We might want this to be something else at some point:
+// https://bugs.webkit.org/show_bug.cgi?id=170260
+using Context = JSWebAssemblyInstance;
+    JSWebAssemblyInstance* load() const;
+    void store(JSWebAssemblyInstance*, void* softStackLimit);
+inline bool useFastTLS()
+{
+#if ENABLE(FAST_TLS_JIT)
+    return Options::useWebAssemblyFastTLS();
+#else
+    return false;
+#endif
+}
+    static bool useFastTLS();
+};
+inline bool useFastTLSForContext()
+{
+    if (useFastTLS())
+        return Options::useFastTLSForWasmContext();
+    return false;
+}
+Context* loadContext(VM&);
+void storeContext(VM&, Context*);
 } } // namespace JSC::Wasm

trunk/Source/JavaScriptCore/wasm/WasmFaultSignalHandler.cpp

-              r222791
+              r223002
 #include "ExecutableAllocator.h"
 #include "MachineContext.h"
+#include "VM.h"
 #include "WasmExceptionType.h"
 #include "WasmMemory.h"
 #include "WasmThunks.h"
-#include <wtf/HashSet.h>
 #include <wtf/Lock.h>
 #include <wtf/NeverDestroyed.h>

trunk/Source/JavaScriptCore/wasm/WasmFaultSignalHandler.h

r222791	r223002
28	28	namespace JSC {
29	29
	30	class VM;
	31
30	32	namespace Wasm {
31	33

trunk/Source/JavaScriptCore/wasm/WasmFormat.h

-              r222791
+              r223002
 namespace JSC {
+class JSFunction;
 namespace B3 {
 class Compilation;
 …
 namespace Wasm {
-struct CompilationContext;
-struct ModuleInformation;
 inline bool isValueType(Type type)

trunk/Source/JavaScriptCore/wasm/WasmMemory.cpp

-              r222791
+              r223002
 #if ENABLE(WEBASSEMBLY)
 #include "Options.h"
 #include <wtf/DataLog.h>
+#include "VM.h"
+#include "WasmThunks.h"
 #include <wtf/Gigacage.h>
 #include <wtf/Lock.h>
-#include <wtf/OSAllocator.h>
-#include <wtf/PageBlock.h>
 #include <wtf/Platform.h>
 #include <wtf/PrintStream.h>
 #include <wtf/RAMSize.h>
-#include <wtf/Vector.h>
-#include <cstring>
-#include <mutex>
 namespace JSC { namespace Wasm {
 …
     enum Kind {
         Success,
         SuccessAndNotifyMemoryPressure,
         SyncTryToReclaimMemory
+        SuccessAndAsyncGC,
+        SyncGCAndRetry
     };
     static const char* toString(Kind kind)
+    {
 …
         case Success:
             return "Success";
         case SuccessAndNotifyMemoryPressure:
             return "SuccessAndNotifyMemoryPressure";
         case SyncTryToReclaimMemory:
             return "SyncTryToReclaimMemory";
+        case SuccessAndAsyncGC:
+            return "SuccessAndAsyncGC";
+        case SyncGCAndRetry:
+            return "SyncGCAndRetry";
+        }
         RELEASE_ASSERT_NOT_REACHED();
 …
             auto holder = holdLock(m_lock);
             if (m_memories.size() >= m_maxCount)
                 return MemoryResult(nullptr, MemoryResult::SyncTryToReclaimMemory);
+                return MemoryResult(nullptr, MemoryResult::SyncGCAndRetry);
             void* result = Gigacage::tryAllocateVirtualPages(Gigacage::Primitive, Memory::fastMappedBytes());
             if (!result)
                 return MemoryResult(nullptr, MemoryResult::SyncTryToReclaimMemory);
+                return MemoryResult(nullptr, MemoryResult::SyncGCAndRetry);
             m_memories.append(result);
 …
             return MemoryResult(
                 result,
                 m_memories.size() >= m_maxCount / 2 ? MemoryResult::SuccessAndNotifyMemoryPressure : MemoryResult::Success);
+                m_memories.size() >= m_maxCount / 2 ? MemoryResult::SuccessAndAsyncGC : MemoryResult::Success);
         }();
 …
             auto holder = holdLock(m_lock);
             if (m_physicalBytes + bytes > memoryLimit())
                 return MemoryResult::SyncTryToReclaimMemory;
+                return MemoryResult::SyncGCAndRetry;
             m_physicalBytes += bytes;
             if (m_physicalBytes >= memoryLimit() / 2)
                 return MemoryResult::SuccessAndNotifyMemoryPressure;
+                return MemoryResult::SuccessAndAsyncGC;
             return MemoryResult::Success;
 …
 template<typename Func>
 bool tryAllocate(const Func& allocate, const WTF::Function<void(Memory::NotifyPressure)>& notifyMemoryPressure, const WTF::Function<void(Memory::SyncTryToReclaim)>& syncTryToReclaimMemory)
+bool tryAndGC(VM& vm, const Func& allocate)
+{
     unsigned numTries = 2;
 …
             done = true;
             break;
+        case MemoryResult::SuccessAndNotifyMemoryPressure:
+            if (notifyMemoryPressure)
+                notifyMemoryPressure(Memory::NotifyPressureTag);
+        case MemoryResult::SuccessAndAsyncGC:
+            vm.heap.collectAsync(CollectionScope::Full);
             done = true;
             break;
         case MemoryResult::SyncTryToReclaimMemory:
+        case MemoryResult::SyncGCAndRetry:
             if (i + 1 == numTries)
                 break;
+            if (syncTryToReclaimMemory)
+                syncTryToReclaimMemory(Memory::SyncTryToReclaimTag);
+            vm.heap.collectSync(CollectionScope::Full);
             break;
+        }
 …
 } // anonymous namespace
+Memory::Memory()
+{
+}
+Memory::Memory(PageCount initial, PageCount maximum, Function<void(NotifyPressure)>&& notifyMemoryPressure, Function<void(SyncTryToReclaim)>&& syncTryToReclaimMemory, WTF::Function<void(GrowSuccess, PageCount, PageCount)>&& growSuccessCallback)
+const char* makeString(MemoryMode mode)
+{
+    switch (mode) {
+    case MemoryMode::BoundsChecking: return "BoundsChecking";
+    case MemoryMode::Signaling: return "Signaling";
+    }
+    RELEASE_ASSERT_NOT_REACHED();
+    return "";
+}
+Memory::Memory(PageCount initial, PageCount maximum)
     : m_initial(initial)
     , m_maximum(maximum)
-    , m_notifyMemoryPressure(WTFMove(notifyMemoryPressure))
-    , m_syncTryToReclaimMemory(WTFMove(syncTryToReclaimMemory))
-    , m_growSuccessCallback(WTFMove(growSuccessCallback))
+{
     ASSERT(!initial.bytes());
 …
+}
 Memory::Memory(void* memory, PageCount initial, PageCount maximum, size_t mappedCapacity, MemoryMode mode, Function<void(NotifyPressure)>&& notifyMemoryPressure, Function<void(SyncTryToReclaim)>&& syncTryToReclaimMemory, WTF::Function<void(GrowSuccess, PageCount, PageCount)>&& growSuccessCallback)
+Memory::Memory(void* memory, PageCount initial, PageCount maximum, size_t mappedCapacity, MemoryMode mode)
     : m_memory(memory)
     , m_size(initial.bytes())
 …
     , m_mappedCapacity(mappedCapacity)
     , m_mode(mode)
-    , m_notifyMemoryPressure(WTFMove(notifyMemoryPressure))
-    , m_syncTryToReclaimMemory(WTFMove(syncTryToReclaimMemory))
-    , m_growSuccessCallback(WTFMove(growSuccessCallback))
+{
     dataLogLnIf(verbose, "Memory::Memory allocating ", *this);
 …
+}
+RefPtr<Memory> Memory::create()
+{
+    return adoptRef(new Memory());
+}
+RefPtr<Memory> Memory::create(PageCount initial, PageCount maximum, WTF::Function<void(NotifyPressure)>&& notifyMemoryPressure, WTF::Function<void(SyncTryToReclaim)>&& syncTryToReclaimMemory, WTF::Function<void(GrowSuccess, PageCount, PageCount)>&& growSuccessCallback)
+RefPtr<Memory> Memory::create(VM& vm, PageCount initial, PageCount maximum)
+{
     ASSERT(initial);
 …
     const size_t initialBytes = initial.bytes();
     const size_t maximumBytes = maximum ? maximum.bytes() : 0;
+    // We need to be sure we have a stub prior to running code.
+    if (UNLIKELY(!Thunks::singleton().stub(throwExceptionFromWasmThunkGenerator)))
+        return nullptr;
     if (maximum && !maximumBytes) {
         // User specified a zero maximum, initial size must also be zero.
         RELEASE_ASSERT(!initialBytes);
+        return adoptRef(new Memory(initial, maximum, WTFMove(notifyMemoryPressure), WTFMove(syncTryToReclaimMemory), WTFMove(growSuccessCallback)));
+    }
+    bool done = tryAllocate(
+        return adoptRef(new Memory(initial, maximum));
+    }
+    bool done = tryAndGC(
+        vm,
         [&] () -> MemoryResult::Kind {
             return memoryManager().tryAllocatePhysicalBytes(initialBytes);
         }, notifyMemoryPressure, syncTryToReclaimMemory);
+        });
     if (!done)
         return nullptr;
 …
     char* fastMemory = nullptr;
     if (Options::useWebAssemblyFastMemory()) {
+        tryAllocate(
+        tryAndGC(
+            vm,
             [&] () -> MemoryResult::Kind {
                 auto result = memoryManager().tryAllocateVirtualPages();
                 fastMemory = bitwise_cast<char*>(result.basePtr);
                 return result.kind;
             }, notifyMemoryPressure, syncTryToReclaimMemory);
+            });
+    }
 …
         commitZeroPages(fastMemory, initialBytes);
         return adoptRef(new Memory(fastMemory, initial, maximum, Memory::fastMappedBytes(), MemoryMode::Signaling, WTFMove(notifyMemoryPressure), WTFMove(syncTryToReclaimMemory), WTFMove(growSuccessCallback)));
+        return adoptRef(new Memory(fastMemory, initial, maximum, Memory::fastMappedBytes(), MemoryMode::Signaling));
+    }
 …
     if (!initialBytes)
         return adoptRef(new Memory(initial, maximum, WTFMove(notifyMemoryPressure), WTFMove(syncTryToReclaimMemory), WTFMove(growSuccessCallback)));
+        return adoptRef(new Memory(initial, maximum));
     void* slowMemory = Gigacage::tryAlignedMalloc(Gigacage::Primitive, WTF::pageSize(), initialBytes);
 …
+    }
     memset(slowMemory, 0, initialBytes);
     return adoptRef(new Memory(slowMemory, initial, maximum, initialBytes, MemoryMode::BoundsChecking, WTFMove(notifyMemoryPressure), WTFMove(syncTryToReclaimMemory), WTFMove(growSuccessCallback)));
+    return adoptRef(new Memory(slowMemory, initial, maximum, initialBytes, MemoryMode::BoundsChecking));
+}
 …
         switch (m_mode) {
         case MemoryMode::Signaling:
+            if (mprotect(m_memory, Memory::fastMappedBytes(), PROT_READ | PROT_WRITE)) {
+                dataLog("mprotect failed: ", strerror(errno), "\n");
+                RELEASE_ASSERT_NOT_REACHED();
+            }
+            mprotect(m_memory, Memory::fastMappedBytes(), PROT_READ | PROT_WRITE);
             memoryManager().freeVirtualPages(m_memory);
             break;
 …
+}
+Expected<PageCount, Memory::GrowFailReason> Memory::grow(PageCount delta)
+{
+    const Wasm::PageCount oldPageCount = sizeInPages();
+    if (!delta.isValid())
+        return makeUnexpected(GrowFailReason::InvalidDelta);
+    const Wasm::PageCount newPageCount = oldPageCount + delta;
+    if (!newPageCount)
+        return makeUnexpected(GrowFailReason::InvalidGrowSize);
+    auto success = [&] () {
+        m_growSuccessCallback(GrowSuccessTag, oldPageCount, newPageCount);
+        return oldPageCount;
+    };
+    if (delta.pageCount() == 0)
+        return success();
+    dataLogLnIf(verbose, "Memory::grow(", delta, ") to ", newPageCount, " from ", *this);
+    RELEASE_ASSERT(newPageCount > PageCount::fromBytes(m_size));
+    if (maximum() && newPageCount > maximum())
+        return makeUnexpected(GrowFailReason::WouldExceedMaximum);
+    size_t desiredSize = newPageCount.bytes();
+bool Memory::grow(VM& vm, PageCount newSize)
+{
+    RELEASE_ASSERT(newSize > PageCount::fromBytes(m_size));
+    dataLogLnIf(verbose, "Memory::grow to ", newSize, " from ", *this);
+    if (maximum() && newSize > maximum())
+        return false;
+    size_t desiredSize = newSize.bytes();
     RELEASE_ASSERT(desiredSize > m_size);
     size_t extraBytes = desiredSize - m_size;
     RELEASE_ASSERT(extraBytes);
+    bool allocationSuccess = tryAllocate(
+    bool success = tryAndGC(
+        vm,
         [&] () -> MemoryResult::Kind {
             return memoryManager().tryAllocatePhysicalBytes(extraBytes);
         }, m_notifyMemoryPressure, m_syncTryToReclaimMemory);
     if (!allocationSuccess)
         return makeUnexpected(GrowFailReason::OutOfMemory);
+        });
+    if (!success)
+        return false;
     switch (mode()) {
     case MemoryMode::BoundsChecking: {
         RELEASE_ASSERT(maximum().bytes() != 0);
         void* newMemory = Gigacage::tryAlignedMalloc(Gigacage::Primitive, WTF::pageSize(), desiredSize);
         if (!newMemory)
+            return makeUnexpected(GrowFailReason::OutOfMemory);
+            return false;
         memcpy(newMemory, m_memory, m_size);
         memset(static_cast<char*>(newMemory) + m_size, 0, desiredSize - m_size);
 …
         m_mappedCapacity = desiredSize;
         m_size = desiredSize;
         return success();
+        return true;
+    }
     case MemoryMode::Signaling: {
 …
         dataLogLnIf(verbose, "Marking WebAssembly memory's ", RawPointer(m_memory), " as read+write in range [", RawPointer(startAddress), ", ", RawPointer(startAddress + extraBytes), ")");
         if (mprotect(startAddress, extraBytes, PROT_READ | PROT_WRITE)) {
             dataLog("mprotect failed: ", strerror(errno), "\n");
             RELEASE_ASSERT_NOT_REACHED();
+            dataLogLnIf(verbose, "Memory::grow in-place failed ", *this);
+            return false;
+        }
         commitZeroPages(startAddress, extraBytes);
         m_size = desiredSize;
+        return success();
+    }
+    }
+        return true;
+    } }
     RELEASE_ASSERT_NOT_REACHED();
     return oldPageCount;
+    return false;
+}

trunk/Source/JavaScriptCore/wasm/WasmMemory.h

-              r222791
+              r223002
 #if ENABLE(WEBASSEMBLY)
-#include "WasmMemoryMode.h"
 #include "WasmPageCount.h"
-#include <wtf/Expected.h>
-#include <wtf/Function.h>
 #include <wtf/RefCounted.h>
 #include <wtf/RefPtr.h>
 …
 namespace JSC {
+class VM;
 namespace Wasm {
+// FIXME: We should support other modes. see: https://bugs.webkit.org/show_bug.cgi?id=162693
+enum class MemoryMode : uint8_t {
+    BoundsChecking,
+    Signaling
+};
+static constexpr size_t NumberOfMemoryModes = 2;
+JS_EXPORT_PRIVATE const char* makeString(MemoryMode);
 class Memory : public RefCounted<Memory> {
 …
     explicit operator bool() const { return !!m_memory; }
+    enum NotifyPressure { NotifyPressureTag };
+    enum SyncTryToReclaim { SyncTryToReclaimTag };
+    enum GrowSuccess { GrowSuccessTag };
+    static RefPtr<Memory> create();
+    static RefPtr<Memory> create(PageCount initial, PageCount maximum, WTF::Function<void(NotifyPressure)>&& notifyMemoryPressure, WTF::Function<void(SyncTryToReclaim)>&& syncTryToReclaimMemory, WTF::Function<void(GrowSuccess, PageCount, PageCount)>&& growSuccessCallback);
+    static RefPtr<Memory> create(VM&, PageCount initial, PageCount maximum);
     ~Memory();
 …
     MemoryMode mode() const { return m_mode; }
+    enum class GrowFailReason {
+        InvalidDelta,
+        InvalidGrowSize,
+        WouldExceedMaximum,
+        OutOfMemory,
+    };
+    Expected<PageCount, GrowFailReason> grow(PageCount);
+    // grow() should only be called from the JSWebAssemblyMemory object since that object needs to update internal
+    // pointers with the current base and size.
+    bool grow(VM&, PageCount);
     void check() {  ASSERT(!deletionHasBegun()); }
+private:
+    Memory(void* memory, PageCount initial, PageCount maximum, size_t mappedCapacity, MemoryMode);
+    Memory(PageCount initial, PageCount maximum);
+    static ptrdiff_t offsetOfMemory() { return OBJECT_OFFSETOF(Memory, m_memory); }
+    static ptrdiff_t offsetOfSize() { return OBJECT_OFFSETOF(Memory, m_size); }
+private:
+    Memory();
+    Memory(void* memory, PageCount initial, PageCount maximum, size_t mappedCapacity, MemoryMode, WTF::Function<void(NotifyPressure)>&& notifyMemoryPressure, WTF::Function<void(SyncTryToReclaim)>&& syncTryToReclaimMemory, WTF::Function<void(GrowSuccess, PageCount, PageCount)>&& growSuccessCallback);
+    Memory(PageCount initial, PageCount maximum, WTF::Function<void(NotifyPressure)>&& notifyMemoryPressure, WTF::Function<void(SyncTryToReclaim)>&& syncTryToReclaimMemory, WTF::Function<void(GrowSuccess, PageCount, PageCount)>&& growSuccessCallback);
+    // FIXME: we cache these on the instances to avoid a load on instance->instance calls. This will require updating all the instances when grow is called. https://bugs.webkit.org/show_bug.cgi?id=177305
+    // FIXME: we should move these to the instance to avoid a load on instance->instance calls.
     void* m_memory { nullptr };
     size_t m_size { 0 };
 …
     size_t m_mappedCapacity { 0 };
     MemoryMode m_mode { MemoryMode::BoundsChecking };
-    WTF::Function<void(NotifyPressure)> m_notifyMemoryPressure;
-    WTF::Function<void(SyncTryToReclaim)> m_syncTryToReclaimMemory;
-    WTF::Function<void(GrowSuccess, PageCount, PageCount)> m_growSuccessCallback;
 };

trunk/Source/JavaScriptCore/wasm/WasmMemoryInformation.cpp

-              r222791
+              r223002
         Vector<PinnedSizeRegisterInfo> sizeRegisters;
         GPRReg baseMemoryPointer = InvalidGPRReg;
         GPRReg wasmContextInstancePointer = InvalidGPRReg;
+        GPRReg wasmContextPointer = InvalidGPRReg;
         // FIXME: We should support more than one memory size register, and we should allow different
 …
         Vector<unsigned> pinnedSizes = { 0 };
         unsigned numberOfPinnedRegisters = pinnedSizes.size() + 1;
         if (!Context::useFastTLS())
+        if (!useFastTLSForContext())
             ++numberOfPinnedRegisters;
         Vector<GPRReg> pinnedRegs = getPinnedRegisters(numberOfPinnedRegisters);
         baseMemoryPointer = pinnedRegs.takeLast();
         if (!Context::useFastTLS())
             wasmContextInstancePointer = pinnedRegs.takeLast();
+        if (!useFastTLSForContext())
+            wasmContextPointer = pinnedRegs.takeLast();
         ASSERT(pinnedSizes.size() == pinnedRegs.size());
         for (unsigned i = 0; i < pinnedSizes.size(); ++i)
             sizeRegisters.append({ pinnedRegs[i], pinnedSizes[i] });
         staticPinnedRegisterInfo.construct(WTFMove(sizeRegisters), baseMemoryPointer, wasmContextInstancePointer);
+        staticPinnedRegisterInfo.construct(WTFMove(sizeRegisters), baseMemoryPointer, wasmContextPointer);
     });
 …
+}
 PinnedRegisterInfo::PinnedRegisterInfo(Vector<PinnedSizeRegisterInfo>&& sizeRegisters, GPRReg baseMemoryPointer, GPRReg wasmContextInstancePointer)
+PinnedRegisterInfo::PinnedRegisterInfo(Vector<PinnedSizeRegisterInfo>&& sizeRegisters, GPRReg baseMemoryPointer, GPRReg wasmContextPointer)
     : sizeRegisters(WTFMove(sizeRegisters))
     , baseMemoryPointer(baseMemoryPointer)
     , wasmContextInstancePointer(wasmContextInstancePointer)
+    , wasmContextPointer(wasmContextPointer)
+{
+}

trunk/Source/JavaScriptCore/wasm/WasmMemoryInformation.h

-              r222791
+              r223002
 /*
  * Copyright (C) 2016-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
     Vector<PinnedSizeRegisterInfo> sizeRegisters;
     GPRReg baseMemoryPointer;
     GPRReg wasmContextInstancePointer;
+    GPRReg wasmContextPointer;
     static const PinnedRegisterInfo& get();
     PinnedRegisterInfo(Vector<PinnedSizeRegisterInfo>&&, GPRReg, GPRReg);
 …
         RegisterSet result;
         result.set(baseMemoryPointer);
         if (wasmContextInstancePointer != InvalidGPRReg)
             result.set(wasmContextInstancePointer);
+        if (wasmContextPointer != InvalidGPRReg)
+            result.set(wasmContextPointer);
         if (mode != MemoryMode::Signaling) {
             for (const auto& info : sizeRegisters)

trunk/Source/JavaScriptCore/wasm/WasmModule.cpp

r222878	r223002
57	57	static Plan::CompletionTask makeValidationCallback(Module::AsyncValidationCallback&& callback)
58	58	{
59		return createSharedTask<Plan::CallbackType>([callback = WTFMove(callback)] (Plan& plan) {
	59	return createSharedTask<Plan::CallbackType>([callback = WTFMove(callback)] (VM* vm, Plan& plan) {
60	60	ASSERT(!plan.hasWork());
61		callback->run(makeValidationResult(static_cast<BBQPlan&>(plan)));
	61	ASSERT(vm);
	62	callback->run(*vm, makeValidationResult(static_cast<BBQPlan&>(plan)));
62	63	});
63	64	}
64	65
65		Module::ValidationResult Module::validateSync(~~Context* context~~, Vector<uint8_t>&& source)
	66	Module::ValidationResult Module::validateSync(VM& vm, Vector<uint8_t>&& source)
66	67	{
67		Ref<BBQPlan> plan = adoptRef(*new BBQPlan(~~context, WTFMove(source), BBQPlan::Validation, Plan::dontFinalize(), nullptr, nullptr~~));
	68	Ref<BBQPlan> plan = adoptRef(*new BBQPlan(&vm, WTFMove(source), BBQPlan::Validation, Plan::dontFinalize()));
68	69	plan->parseAndValidateModule();
69	70	return makeValidationResult(plan.get());
70	71	}
71	72
72		void Module::validateAsync(~~Context* context~~, Vector<uint8_t>&& source, Module::AsyncValidationCallback&& callback)
	73	void Module::validateAsync(VM& vm, Vector<uint8_t>&& source, Module::AsyncValidationCallback&& callback)
73	74	{
74		Ref<Plan> plan = adoptRef(*new BBQPlan(~~context, WTFMove(source), BBQPlan::Validation, makeValidationCallback(WTFMove(callback)), nullptr, nullptr~~));
	75	Ref<Plan> plan = adoptRef(*new BBQPlan(&vm, WTFMove(source), BBQPlan::Validation, makeValidationCallback(WTFMove(callback))));
75	76	Wasm::ensureWorklist().enqueue(WTFMove(plan));
76	77	}
77	78
78		Ref<CodeBlock> Module::getOrCreateCodeBlock(~~Context* context, MemoryMode mode, CreateEmbedderWrapper&& createEmbedderWrapper, ThrowWasmException throwWasmException~~)
	79	Ref<CodeBlock> Module::getOrCreateCodeBlock(MemoryMode mode)
79	80	{
80	81	RefPtr<CodeBlock> codeBlock;
…	…
87	88	// https://bugs.webkit.org/show_bug.cgi?id=170607
88	89	if (!codeBlock \|\| (codeBlock->compilationFinished() && !codeBlock->runnable())) {
89		codeBlock = CodeBlock::create(~~context, mode, const_cast<ModuleInformation&>(moduleInformation()), WTFMove(createEmbedderWrapper), throwWasmException~~);
	90	codeBlock = CodeBlock::create(mode, const_cast<ModuleInformation&>(moduleInformation()));
90	91	m_codeBlocks[static_cast<uint8_t>(mode)] = codeBlock;
91	92	}
…	…
93	94	}
94	95
95		Ref<CodeBlock> Module::compileSync(~~Context* context, MemoryMode mode, CreateEmbedderWrapper&& createEmbedderWrapper, ThrowWasmException throwWasmException~~)
	96	Ref<CodeBlock> Module::compileSync(MemoryMode mode)
96	97	{
97		Ref<CodeBlock> codeBlock = getOrCreateCodeBlock(~~context, mode, WTFMove(createEmbedderWrapper), throwWasmException~~);
	98	Ref<CodeBlock> codeBlock = getOrCreateCodeBlock(mode);
98	99	codeBlock->waitUntilFinished();
99	100	return codeBlock;
100	101	}
101	102
102		void Module::compileAsync(~~Context* context, MemoryMode mode, CodeBlock::AsyncCompilationCallback&& task, CreateEmbedderWrapper&& createEmbedderWrapper, ThrowWasmException throwWasmException~~)
	103	void Module::compileAsync(VM& vm, MemoryMode mode, CodeBlock::AsyncCompilationCallback&& task)
103	104	{
104		Ref<CodeBlock> codeBlock = getOrCreateCodeBlock(~~context, mode, WTFMove(createEmbedderWrapper), throwWasmException~~);
105		codeBlock->compileAsync(~~context~~, WTFMove(task));
	105	Ref<CodeBlock> codeBlock = getOrCreateCodeBlock(mode);
	106	codeBlock->compileAsync(vm, WTFMove(task));
106	107	}
107	108

trunk/Source/JavaScriptCore/wasm/WasmModule.h

-              r222791
+              r223002
 #include "WasmCodeBlock.h"
-#include "WasmEmbedder.h"
 #include "WasmMemory.h"
 #include <wtf/Expected.h>
 …
 namespace JSC { namespace Wasm {
-struct Context;
 struct ModuleInformation;
 class Plan;
 using SignatureIndex = uint32_t;
 class Module : public ThreadSafeRefCounted<Module> {
 public:
     using ValidationResult = WTF::Expected<RefPtr<Module>, String>;
     typedef void CallbackType(ValidationResult&&);
+    typedef void CallbackType(VM&, ValidationResult&&);
     using AsyncValidationCallback = RefPtr<SharedTask<CallbackType>>;
     static ValidationResult validateSync(Context*, Vector<uint8_t>&& source);
     static void validateAsync(Context*, Vector<uint8_t>&& source, Module::AsyncValidationCallback&&);
+    static ValidationResult validateSync(VM&, Vector<uint8_t>&& source);
+    static void validateAsync(VM&, Vector<uint8_t>&& source, Module::AsyncValidationCallback&&);
     static Ref<Module> create(Ref<ModuleInformation>&& moduleInformation)
 …
     const Wasm::ModuleInformation& moduleInformation() const { return m_moduleInformation.get(); }
     Ref<CodeBlock> compileSync(Context*, MemoryMode, CreateEmbedderWrapper&&, ThrowWasmException);
     void compileAsync(Context*, MemoryMode, CodeBlock::AsyncCompilationCallback&&, CreateEmbedderWrapper&&, ThrowWasmException);
+    Ref<CodeBlock> compileSync(MemoryMode);
+    void compileAsync(VM&, MemoryMode, CodeBlock::AsyncCompilationCallback&&);
     JS_EXPORT_PRIVATE ~Module();
 …
     CodeBlock* codeBlockFor(MemoryMode mode) { return m_codeBlocks[static_cast<uint8_t>(mode)].get(); }
 private:
     Ref<CodeBlock> getOrCreateCodeBlock(Context*, MemoryMode, CreateEmbedderWrapper&&, ThrowWasmException);
+    Ref<CodeBlock> getOrCreateCodeBlock(MemoryMode);
     Module(Ref<ModuleInformation>&&);

trunk/Source/JavaScriptCore/wasm/WasmModuleParser.cpp

-              r222791
+              r223002
 #include "IdentifierInlines.h"
+#include "JSWebAssemblyTable.h"
 #include "WasmMemoryInformation.h"
 #include "WasmNameSectionParser.h"
 …
     if (UNLIKELY(!limits))
         return limits.getUnexpected();
     WASM_PARSER_FAIL_IF(initial > maxTableEntries, "Table's initial page count of ", initial, " is too big, maximum ", maxTableEntries);
+    WASM_PARSER_FAIL_IF(!JSWebAssemblyTable::isValidSize(initial), "Table's initial page count of ", initial, " is invalid");
     ASSERT(!maximum || *maximum >= initial);

trunk/Source/JavaScriptCore/wasm/WasmOMGPlan.cpp

-              r222791
+              r223002
 #include "B3OpaqueByproducts.h"
 #include "JSCInlines.h"
 #include "JSWebAssemblyInstance.h"
+#include "JSWebAssemblyModule.h"
 #include "LinkBuffer.h"
 #include "WasmB3IRGenerator.h"
-#include "WasmCallee.h"
 #include "WasmContext.h"
 #include "WasmMachineThreads.h"
 …
+}
 OMGPlan::OMGPlan(Context* context, Ref<Module>&& module, uint32_t functionIndex, MemoryMode mode, CompletionTask&& task)
     : Base(context, makeRef(const_cast<ModuleInformation&>(module->moduleInformation())), WTFMove(task))
     , m_module(WTFMove(module))
     , m_codeBlock(*m_module->codeBlockFor(mode))
+OMGPlan::OMGPlan(Ref<Module> module, uint32_t functionIndex, MemoryMode mode, CompletionTask&& task)
+    : Base(nullptr, makeRef(const_cast<ModuleInformation&>(module->moduleInformation())), WTFMove(task))
+    , m_module(module.copyRef())
+    , m_codeBlock(*module->codeBlockFor(mode))
     , m_functionIndex(functionIndex)
+{
 …
+}
 void OMGPlan::runForIndex(JSWebAssemblyInstance* instance, uint32_t functionIndex)
+void runOMGPlanForIndex(Context* context, uint32_t functionIndex)
+{
     Wasm::CodeBlock& codeBlock = instance->wasmCodeBlock();
     ASSERT(instance->wasmMemory()->mode() == codeBlock.mode());
+    JSWebAssemblyCodeBlock* codeBlock = context->codeBlock();
+    ASSERT(context->memoryMode() == codeBlock->m_codeBlock->mode());
     if (codeBlock.tierUpCount(functionIndex).shouldStartTierUp()) {
         Ref<Plan> plan = adoptRef(*new OMGPlan(instance->context(), Ref<Wasm::Module>(instance->wasmModule()), functionIndex, codeBlock.mode(), Plan::dontFinalize()));
+    if (codeBlock->m_codeBlock->tierUpCount(functionIndex).shouldStartTierUp()) {
+        Ref<Plan> plan = adoptRef(*new OMGPlan(context->module()->module(), functionIndex, codeBlock->m_codeBlock->mode(), Plan::dontFinalize()));
         ensureWorklist().enqueue(plan.copyRef());
         if (UNLIKELY(!Options::useConcurrentJIT()))

trunk/Source/JavaScriptCore/wasm/WasmOMGPlan.h

-              r222791
+              r223002
 #if ENABLE(WEBASSEMBLY)
+#include "VM.h"
 #include "WasmContext.h"
 #include "WasmModule.h"
 …
 public:
     using Base = Plan;
+    // Note: CompletionTask should not hold a reference to the Plan otherwise there will be a reference cycle.
+    OMGPlan(Ref<Module>, uint32_t functionIndex, MemoryMode, CompletionTask&&);
     bool hasWork() const override { return !m_completed; }
 …
     bool multiThreaded() const override { return false; }
-    static void runForIndex(JSWebAssemblyInstance*, uint32_t functionIndex);
 private:
     // For some reason friendship doesn't extend to parent classes...
     using Base::m_lock;
-    // Note: CompletionTask should not hold a reference to the Plan otherwise there will be a reference cycle.
-    OMGPlan(Context*, Ref<Module>&&, uint32_t functionIndex, MemoryMode, CompletionTask&&);
     bool isComplete() const override { return m_completed; }
 …
 };
+void runOMGPlanForIndex(Context*, uint32_t functionIndex);
 } } // namespace JSC::Wasm

trunk/Source/JavaScriptCore/wasm/WasmPageCount.h

-              r222791
+              r223002
 /*
  * Copyright (C) 2016-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
         return pageCount <= maxPageCount;
+    }
-    bool isValid() const
+    {
-        return isValid(m_pageCount);
+    }
     static PageCount fromBytes(uint64_t bytes)

trunk/Source/JavaScriptCore/wasm/WasmPlan.cpp

-              r222791
+              r223002
 /*
  * Copyright (C) 2016-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
 #include "B3Compilation.h"
+#include "JSCInlines.h"
+#include "JSGlobalObject.h"
 #include "WasmB3IRGenerator.h"
 #include "WasmBinding.h"
 …
+}
 Plan::Plan(Context* context, Ref<ModuleInformation> info, CompletionTask&& task, CreateEmbedderWrapper&& createEmbedderWrapper, ThrowWasmException throwWasmException)
+Plan::Plan(VM* vm, Ref<ModuleInformation> info, CompletionTask&& task)
     : m_moduleInformation(WTFMove(info))
-    , m_createEmbedderWrapper(WTFMove(createEmbedderWrapper))
-    , m_throwWasmException(throwWasmException)
     , m_source(m_moduleInformation->source.data())
     , m_sourceLength(m_moduleInformation->source.size())
+{
     m_completionTasks.append(std::make_pair(context, WTFMove(task)));
+    m_completionTasks.append(std::make_pair(vm, WTFMove(task)));
+}
+Plan::Plan(Context* context, Ref<ModuleInformation> info, CompletionTask&& task)
+    : Plan(context, WTFMove(info), WTFMove(task), nullptr, nullptr)
+{
+}
+Plan::Plan(Context* context, const uint8_t* source, size_t sourceLength, CompletionTask&& task)
+Plan::Plan(VM* vm, const uint8_t* source, size_t sourceLength, CompletionTask&& task)
     : m_moduleInformation(adoptRef(*new ModuleInformation(Vector<uint8_t>())))
     , m_source(source)
     , m_sourceLength(sourceLength)
+{
     m_completionTasks.append(std::make_pair(context, WTFMove(task)));
+    m_completionTasks.append(std::make_pair(vm, WTFMove(task)));
+}
 …
     for (auto& task : m_completionTasks)
         task.second->run(*this);
+        task.second->run(task.first, *this);
     m_completionTasks.clear();
     m_completed.notifyAll();
+}
 void Plan::addCompletionTask(Context* context, CompletionTask&& task)
+void Plan::addCompletionTask(VM& vm, CompletionTask&& task)
+{
     LockHolder locker(m_lock);
     if (!isComplete())
         m_completionTasks.append(std::make_pair(context, WTFMove(task)));
+        m_completionTasks.append(std::make_pair(&vm, WTFMove(task)));
     else
         task->run(*this);
+        task->run(&vm, *this);
+}
 …
+}
 bool Plan::tryRemoveContextAndCancelIfLast(Context& context)
+bool Plan::tryRemoveVMAndCancelIfLast(VM& vm)
+{
     LockHolder locker(m_lock);
     if (!ASSERT_DISABLED) {
         // We allow the first completion task to not have a Context.
+        // We allow the first completion task to not have a vm.
         for (unsigned i = 1; i < m_completionTasks.size(); ++i)
             ASSERT(m_completionTasks[i].first);
 …
     bool removedAnyTasks = false;
     m_completionTasks.removeAllMatching([&] (const std::pair<Context*, CompletionTask>& pair) {
         bool shouldRemove = pair.first == &context;
+    m_completionTasks.removeAllMatching([&] (const std::pair<VM*, CompletionTask>& pair) {
+        bool shouldRemove = pair.first == &vm;
         removedAnyTasks |= shouldRemove;
         return shouldRemove;

trunk/Source/JavaScriptCore/wasm/WasmPlan.h

-              r222791
+              r223002
 #include "CompilationResult.h"
+#include "VM.h"
 #include "WasmB3IRGenerator.h"
-#include "WasmEmbedder.h"
 #include "WasmModuleInformation.h"
 #include <wtf/Bag.h>
 …
 class CallLinkInfo;
+class JSGlobalObject;
+class JSPromiseDeferred;
 namespace Wasm {
-struct Context;
 class Plan : public ThreadSafeRefCounted<Plan> {
 public:
     typedef void CallbackType(Plan&);
+    typedef void CallbackType(VM*, Plan&);
     using CompletionTask = RefPtr<SharedTask<CallbackType>>;
+    static CompletionTask dontFinalize() { return createSharedTask<CallbackType>([](Plan&) { }); }
+    Plan(Context*, Ref<ModuleInformation>, CompletionTask&&, CreateEmbedderWrapper&&, ThrowWasmException);
+    Plan(Context*, Ref<ModuleInformation>, CompletionTask&&);
+    static CompletionTask dontFinalize() { return createSharedTask<CallbackType>([](VM*, Plan&) { }); }
+    Plan(VM*, Ref<ModuleInformation>, CompletionTask&&);
     // Note: This constructor should only be used if you are not actually building a module e.g. validation/function tests
     JS_EXPORT_PRIVATE Plan(Context*, const uint8_t*, size_t, CompletionTask&&);
+    JS_EXPORT_PRIVATE Plan(VM*, const uint8_t*, size_t, CompletionTask&&);
     virtual JS_EXPORT_PRIVATE ~Plan();
     // If you guarantee the ordering here, you can rely on FIFO of the
     // completion tasks being called.
     void addCompletionTask(Context*, CompletionTask&&);
+    void addCompletionTask(VM&, CompletionTask&&);
     void setMode(MemoryMode mode) { m_mode = mode; }
 …
     void waitForCompletion();
     // Returns true if it cancelled the plan.
     bool tryRemoveContextAndCancelIfLast(Context&);
+    bool tryRemoveVMAndCancelIfLast(VM&);
 protected:
 …
     Ref<ModuleInformation> m_moduleInformation;
+    Vector<std::pair<Context*, CompletionTask>, 1> m_completionTasks;
+    CreateEmbedderWrapper m_createEmbedderWrapper;
+    ThrowWasmException m_throwWasmException { nullptr };
+    Vector<std::pair<VM*, CompletionTask>, 1> m_completionTasks;
     const uint8_t* m_source;

trunk/Source/JavaScriptCore/wasm/WasmSignature.cpp

-              r222791
+              r223002
 /*
  * Copyright (C) 2016-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
 #if ENABLE(WEBASSEMBLY)
+#include "VM.h"
 #include <wtf/FastMalloc.h>
 #include <wtf/HashFunctions.h>
 #include <wtf/PrintStream.h>
-#include <wtf/text/WTFString.h>
 namespace JSC { namespace Wasm {

trunk/Source/JavaScriptCore/wasm/WasmSignature.h

-              r222791
+              r223002
 /*
  * Copyright (C) 2016-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
 namespace JSC {
+class VM;
 namespace Wasm {
 …
 namespace JSC { namespace Wasm {
 // Signature information is held globally and shared by the entire process to allow all signatures to be unique. This is required when wasm calls another wasm instance, and must work when modules are shared between multiple VMs.
+// Signature information is held globally and shared by VMs to allow all signatures to be unique. This is required when wasm calls another wasm instance, and must work when modules are shared between multiple VMs.
 // Note: signatures are never removed because that would require accounting for all WebAssembly.Module and which signatures they use. The maximum number of signatures is bounded, and isn't worth the counting overhead. We could clear everything when we reach zero outstanding WebAssembly.Module. https://bugs.webkit.org/show_bug.cgi?id=166037
 class SignatureInformation {

trunk/Source/JavaScriptCore/wasm/WasmThunks.cpp

-              r222791
+              r223002
 #include "CCallHelpers.h"
+#include "FrameTracers.h"
 #include "HeapCellInlines.h"
 #include "JITExceptions.h"
 #include "JSWebAssemblyInstance.h"
+#include "JSWebAssemblyRuntimeError.h"
 #include "LinkBuffer.h"
 #include "ScratchRegisterAllocator.h"
 …
     // The thing that jumps here must move ExceptionType into the argumentGPR1 before jumping here.
     // We're allowed to use temp registers here. We are not allowed to use callee saves.
     jit.loadWasmContextInstance(GPRInfo::argumentGPR2);
     jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR2, JSWebAssemblyInstance::offsetOfVM()), GPRInfo::argumentGPR0);
+    jit.loadWasmContext(GPRInfo::argumentGPR2);
+    jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR2, Context::offsetOfVM()), GPRInfo::argumentGPR0);
     jit.copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(GPRInfo::argumentGPR0);
     jit.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
 …
     jit.breakpoint(); // We should not reach this.
+    ThrowWasmException throwWasmException = Thunks::singleton().throwWasmException();
+    RELEASE_ASSERT(throwWasmException);
+    void* (*throwWasmException)(ExecState*, Wasm::ExceptionType, Wasm::Context*) = [] (ExecState* exec, Wasm::ExceptionType type, Wasm::Context* wasmContext) -> void* {
+        VM* vm = wasmContext->vm();
+        NativeCallFrameTracer tracer(vm, exec);
+        {
+            auto throwScope = DECLARE_THROW_SCOPE(*vm);
+            JSGlobalObject* globalObject = wasmContext->globalObject();
+            JSObject* error;
+            if (type == ExceptionType::StackOverflow)
+                error = createStackOverflowError(exec, globalObject);
+            else
+                error = JSWebAssemblyRuntimeError::create(exec, *vm, globalObject->WebAssemblyRuntimeErrorStructure(), Wasm::errorMessageForExceptionType(type));
+            throwException(exec, throwScope, error);
+        }
+        genericUnwind(vm, exec);
+        ASSERT(!!vm->callFrameForCatch);
+        ASSERT(!!vm->targetMachinePCForThrow);
+        // FIXME: We could make this better:
+        // This is a total hack, but the llint (both op_catch and handleUncaughtException)
+        // require a cell in the callee field to load the VM. (The baseline JIT does not require
+        // this since it is compiled with a constant VM pointer.) We could make the calling convention
+        // for exceptions first load callFrameForCatch info call frame register before jumping
+        // to the exception handler. If we did this, we could remove this terrible hack.
+        // https://bugs.webkit.org/show_bug.cgi?id=170440
+        bitwise_cast<uint64_t*>(exec)[CallFrameSlot::callee] = bitwise_cast<uint64_t>(wasmContext->webAssemblyToJSCallee());
+        return vm->targetMachinePCForThrow;
+    };
     LinkBuffer linkBuffer(jit, GLOBAL_THUNK_ID);
     linkBuffer.link(call, FunctionPtr(throwWasmException));
+    linkBuffer.link(call, throwWasmException);
     return FINALIZE_CODE(linkBuffer, ("Throw exception from Wasm"));
+}
 …
     unsigned numberOfStackBytesUsedForRegisterPreservation = ScratchRegisterAllocator::preserveRegistersToStackForCall(jit, registersToSpill, extraPaddingBytes);
+    jit.loadWasmContextInstance(GPRInfo::argumentGPR0);
+    typedef void (*Run)(JSWebAssemblyInstance*, uint32_t);
+    Run run = OMGPlan::runForIndex;
+    jit.move(MacroAssembler::TrustedImmPtr(reinterpret_cast<void*>(run)), GPRInfo::argumentGPR2);
+    jit.loadWasmContext(GPRInfo::argumentGPR0);
+    jit.move(MacroAssembler::TrustedImmPtr(reinterpret_cast<void*>(runOMGPlanForIndex)), GPRInfo::argumentGPR2);
     jit.call(GPRInfo::argumentGPR2);
 …
     ASSERT(thunks);
     return *thunks;
+}
-void Thunks::setThrowWasmException(ThrowWasmException throwWasmException)
+{
-    auto locker = holdLock(m_lock);
-    // The thunks are unique for the entire process, therefore changing the throwing function changes it for all uses of WebAssembly.
-    RELEASE_ASSERT(!m_throwWasmException || m_throwWasmException == throwWasmException);
-    m_throwWasmException = throwWasmException;
+}
-ThrowWasmException Thunks::throwWasmException()
+{
-    return m_throwWasmException;
+}

trunk/Source/JavaScriptCore/wasm/WasmThunks.h

-              r222791
+              r223002
 #include "MacroAssemblerCodeRef.h"
-#include "WasmEmbedder.h"
 namespace JSC { namespace Wasm {
 …
     static Thunks& singleton();
-    void setThrowWasmException(ThrowWasmException);
-    ThrowWasmException throwWasmException();
     MacroAssemblerCodeRef stub(ThunkGenerator);
     MacroAssemblerCodeRef stub(const AbstractLocker&, ThunkGenerator);
 …
     HashMap<ThunkGenerator, MacroAssemblerCodeRef> m_stubs;
-    ThrowWasmException m_throwWasmException { nullptr };
     Lock m_lock;
 };

trunk/Source/JavaScriptCore/wasm/WasmWorklist.cpp

-              r222791
+              r223002
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "config.h"
 #include "WasmWorklist.h"
 …
+}
 void Worklist::stopAllPlansForContext(Context& context)
+void Worklist::stopAllPlansForVM(VM& vm)
+{
     LockHolder locker(*m_lock);
 …
     while (!m_queue.isEmpty()) {
         QueueElement element = m_queue.dequeue();
         bool didCancel = element.plan->tryRemoveContextAndCancelIfLast(context);
+        bool didCancel = element.plan->tryRemoveVMAndCancelIfLast(vm);
         if (!didCancel)
             elements.append(WTFMove(element));
 …
     for (auto& thread : m_threads) {
         if (thread->element.plan) {
             bool didCancel = thread->element.plan->tryRemoveContextAndCancelIfLast(context);
+            bool didCancel = thread->element.plan->tryRemoveVMAndCancelIfLast(vm);
             if (didCancel) {
                 // We don't have to worry about the deadlocking since the thread can't block without checking for a new plan and must hold the lock to do so.

trunk/Source/JavaScriptCore/wasm/WasmWorklist.h

-              r222791
+              r223002
 #if ENABLE(WEBASSEMBLY)
+#include "VM.h"
 #include <queue>
 …
 namespace JSC {
+class JSPromiseDeferred;
 namespace Wasm {
-struct Context;
 class Plan;
 …
     JS_EXPORT_PRIVATE void enqueue(Ref<Plan>);
     void stopAllPlansForContext(Context&);
+    void stopAllPlansForVM(VM&);
     JS_EXPORT_PRIVATE void completePlanSynchronously(Plan&);
+    void activatePlan(JSPromiseDeferred*, Plan*);
+    void deactivePlan(JSPromiseDeferred*, Plan*);
     enum class Priority {

trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.cpp

-              r222791
+              r223002
 #include "JSWebAssemblyMemory.h"
 #include "JSWebAssemblyModule.h"
+#include "WasmBinding.h"
 #include "WasmModuleInformation.h"
-#include "WasmToJS.h"
 #include <wtf/CurrentTime.h>
 …
+{
     const Wasm::ModuleInformation& moduleInformation = module->module().moduleInformation();
     auto* result = new (NotNull, allocateCell<JSWebAssemblyCodeBlock>(vm.heap)) JSWebAssemblyCodeBlock(vm, WTFMove(codeBlock), moduleInformation);
+    auto* result = new (NotNull, allocateCell<JSWebAssemblyCodeBlock>(vm.heap, allocationSize(moduleInformation.importFunctionCount()))) JSWebAssemblyCodeBlock(vm, WTFMove(codeBlock), moduleInformation);
     result->finishCreation(vm, module);
     return result;
 …
     for (unsigned importIndex = 0; importIndex < m_codeBlock->functionImportCount(); ++importIndex) {
         Wasm::SignatureIndex signatureIndex = moduleInformation.importFunctionSignatureIndices.at(importIndex);
         auto binding = Wasm::wasmToJS(&vm, m_callLinkInfos, signatureIndex, importIndex);
+        auto binding = Wasm::wasmToJs(&vm, m_callLinkInfos, signatureIndex, importIndex);
         if (UNLIKELY(!binding)) {
             switch (binding.error()) {
 …
+        }
         m_wasmToJSExitStubs.uncheckedAppend(binding.value());
         m_codeBlock->importWasmToEmbedderStub(importIndex) = m_wasmToJSExitStubs[importIndex].code().executableAddress();
+        importWasmToJSStub(importIndex) = m_wasmToJSExitStubs[importIndex].code().executableAddress();
+    }
+}
 …
+{
     static_cast<JSWebAssemblyCodeBlock*>(cell)->JSWebAssemblyCodeBlock::~JSWebAssemblyCodeBlock();
+}
+bool JSWebAssemblyCodeBlock::isSafeToRun(JSWebAssemblyMemory* memory) const
+{
+    return m_codeBlock->isSafeToRun(memory->memory().mode());
+}

trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h

-              r222791
+              r223002
+    }
+    Wasm::CodeBlock& codeBlock() { return m_codeBlock.get(); }
+    unsigned functionImportCount() const { return m_codeBlock->functionImportCount(); }
     JSWebAssemblyModule* module() const { return m_module.get(); }
+    bool isSafeToRun(JSWebAssemblyMemory*) const;
     void finishCreation(VM&, JSWebAssemblyModule*);
+    // These two callee getters are only valid once the callees have been populated.
+    Wasm::Callee& jsEntrypointCalleeFromFunctionIndexSpace(unsigned functionIndexSpace)
+    {
+        ASSERT(runnable());
+        return m_codeBlock->jsEntrypointCalleeFromFunctionIndexSpace(functionIndexSpace);
+    }
+    Wasm::WasmEntrypointLoadLocation wasmEntrypointLoadLocationFromFunctionIndexSpace(unsigned functionIndexSpace)
+    {
+        ASSERT(runnable());
+        return m_codeBlock->wasmEntrypointLoadLocationFromFunctionIndexSpace(functionIndexSpace);
+    }
+    Wasm::WasmEntrypointLoadLocation wasmToJsCallStubForImport(unsigned importIndex)
+    {
+        ASSERT(runnable());
+        return &importWasmToJSStub(importIndex);
+    }
+    static ptrdiff_t offsetOfImportWasmToJSStub(unsigned importIndex)
+    {
+        return offsetOfImportStubs() + sizeof(void*) * importIndex;
+    }
+    Wasm::CodeBlock& codeBlock() { return m_codeBlock.get(); }
     void clearJSCallICs(VM&);
 …
     static void visitChildren(JSCell*, SlotVisitor&);
+    static size_t offsetOfImportStubs()
+    {
+        return WTF::roundUpToMultipleOf<sizeof(void*)>(sizeof(JSWebAssemblyCodeBlock));
+    }
+    static size_t allocationSize(Checked<size_t> functionImportCount)
+    {
+        return (offsetOfImportStubs() + sizeof(void*) * functionImportCount).unsafeGet();
+    }
+    void*& importWasmToJSStub(unsigned importIndex)
+    {
+        return *bitwise_cast<void**>(bitwise_cast<char*>(this) + offsetOfImportWasmToJSStub(importIndex));
+    }
     class UnconditionalFinalizer : public JSC::UnconditionalFinalizer {
         void finalizeUnconditionally() override;

trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp

-              r222873
+              r223002
+}
 JSWebAssemblyInstance::JSWebAssemblyInstance(VM& vm, Structure* structure, unsigned numImportFunctions, Ref<Wasm::Instance>&& instance)
+JSWebAssemblyInstance::JSWebAssemblyInstance(VM& vm, Structure* structure, unsigned numImportFunctions)
     : Base(vm, structure)
-    , m_instance(WTFMove(instance))
     , m_vm(&vm)
-    , m_wasmModule(m_instance->module())
-    , m_wasmTable(m_instance->m_table.get())
-    , m_globals(m_instance->m_globals.get())
     , m_numImportFunctions(numImportFunctions)
+{
+    for (unsigned i = 0; i < m_numImportFunctions; ++i)
+        default_construct_at(importFunctionInfo(i));
+    memset(importFunctions(), 0, m_numImportFunctions * sizeof(WriteBarrier<JSObject>));
+}
 …
     m_module.set(vm, this, module);
+    const size_t extraMemorySize = globalMemoryByteSize();
+    m_globals = MallocPtr<uint64_t>::malloc(extraMemorySize);
+    heap()->reportExtraMemoryAllocated(extraMemorySize);
     m_moduleNamespaceObject.set(vm, this, moduleNamespaceObject);
     m_callee.set(vm, this, module->callee());
-    heap()->reportExtraMemoryAllocated(m_instance->extraMemoryAllocated());
+}
 …
     visitor.append(thisObject->m_table);
     visitor.append(thisObject->m_callee);
     visitor.reportExtraMemoryVisited(thisObject->m_instance->extraMemoryAllocated());
+    visitor.reportExtraMemoryVisited(thisObject->globalMemoryByteSize());
     for (unsigned i = 0; i < thisObject->m_numImportFunctions; ++i)
         visitor.append(thisObject->importFunctionInfo(i)->importFunction); // This also keeps the functions' JSWebAssemblyInstance alive.
+        visitor.append(thisObject->importFunctions()[i]);
+}
 void JSWebAssemblyInstance::finalizeCreation(VM& vm, ExecState* exec, Ref<Wasm::CodeBlock>&& wasmCodeBlock)
+{
-    m_instance->finalizeCreation(wasmCodeBlock.copyRef());
-    m_wasmCodeBlock = wasmCodeBlock.ptr();
     auto scope = DECLARE_THROW_SCOPE(vm);
     if (!wasmCodeBlock->runnable()) {
         throwException(exec, scope, JSWebAssemblyLinkError::create(exec, vm, globalObject()->WebAssemblyLinkErrorStructure(), wasmCodeBlock->errorMessage()));
 …
     RELEASE_ASSERT(wasmCodeBlock->isSafeToRun(memoryMode()));
     JSWebAssemblyCodeBlock* jsCodeBlock = m_module->codeBlock(memoryMode());
     if (jsCodeBlock) {
+    JSWebAssemblyCodeBlock* codeBlock = module()->codeBlock(memoryMode());
+    if (codeBlock) {
         // A CodeBlock might have already been compiled. If so, it means
         // that the CodeBlock we are trying to compile must be the same
         // because we will never compile a CodeBlock again once it's
         // runnable.
         ASSERT(&jsCodeBlock->codeBlock() == wasmCodeBlock.ptr());
         m_codeBlock.set(vm, this, jsCodeBlock);
+        ASSERT(&codeBlock->codeBlock() == wasmCodeBlock.ptr());
+        m_codeBlock.set(vm, this, codeBlock);
     } else {
         jsCodeBlock = JSWebAssemblyCodeBlock::create(vm, WTFMove(wasmCodeBlock), m_module.get());
         if (UNLIKELY(!jsCodeBlock->runnable())) {
             throwException(exec, scope, JSWebAssemblyLinkError::create(exec, vm, globalObject()->WebAssemblyLinkErrorStructure(), jsCodeBlock->errorMessage()));
+        codeBlock = JSWebAssemblyCodeBlock::create(vm, wasmCodeBlock.copyRef(), m_module.get());
+        if (UNLIKELY(!codeBlock->runnable())) {
+            throwException(exec, scope, JSWebAssemblyLinkError::create(exec, vm, globalObject()->WebAssemblyLinkErrorStructure(), codeBlock->errorMessage()));
             return;
+        }
         m_codeBlock.set(vm, this, jsCodeBlock);
         m_module->setCodeBlock(vm, memoryMode(), jsCodeBlock);
+        m_codeBlock.set(vm, this, codeBlock);
+        module()->setCodeBlock(vm, memoryMode(), codeBlock);
+    }
     auto* moduleRecord = jsCast<WebAssemblyModuleRecord*>(m_moduleNamespaceObject->moduleRecord());
     moduleRecord->link(exec, m_module.get(), this);
+    moduleRecord->link(exec, module(), this);
     RETURN_IF_EXCEPTION(scope, void());
 …
+}
 JSWebAssemblyInstance* JSWebAssemblyInstance::create(VM& vm, ExecState* exec, JSWebAssemblyModule* jsModule, JSObject* importObject, Structure* instanceStructure, Ref<Wasm::Instance>&& instance)
+JSWebAssemblyInstance* JSWebAssemblyInstance::create(VM& vm, ExecState* exec, JSWebAssemblyModule* jsModule, JSObject* importObject, Structure* instanceStructure)
+{
     auto throwScope = DECLARE_THROW_SCOPE(vm);
 …
     JSModuleNamespaceObject* moduleNamespace = moduleRecord->getModuleNamespace(exec);
     // FIXME: These objects could be pretty big we should try to throw OOM here.
     auto* jsInstance = new (NotNull, allocateCell<JSWebAssemblyInstance>(vm.heap, allocationSize(moduleInformation.importFunctionCount()))) JSWebAssemblyInstance(vm, instanceStructure, moduleInformation.importFunctionCount(), WTFMove(instance));
     jsInstance->finishCreation(vm, jsModule, moduleNamespace);
+    auto* instance = new (NotNull, allocateCell<JSWebAssemblyInstance>(vm.heap, allocationSize(moduleInformation.importFunctionCount()))) JSWebAssemblyInstance(vm, instanceStructure, moduleInformation.importFunctionCount());
+    instance->finishCreation(vm, jsModule, moduleNamespace);
     RETURN_IF_EXCEPTION(throwScope, nullptr);
 …
                 return exception(createJSWebAssemblyLinkError(exec, vm, importFailMessage(import, "import function", "must be callable")));
-            JSWebAssemblyInstance* calleeInstance = nullptr;
-            Wasm::WasmEntrypointLoadLocation wasmEntrypoint = nullptr;
             JSObject* function = jsCast<JSObject*>(value);
             // ii. If v is an Exported Function Exotic Object:
             WebAssemblyFunction* wasmFunction;
 …
                 // a. If the signature of v does not match the signature of i, throw a WebAssembly.LinkError.
                 Wasm::SignatureIndex importedSignatureIndex;
                 if (wasmFunction) {
+                if (wasmFunction)
                     importedSignatureIndex = wasmFunction->signatureIndex();
-                    calleeInstance = wasmFunction->instance();
-                    wasmEntrypoint = wasmFunction->wasmEntrypointLoadLocation();
+                }
                 else {
                     importedSignatureIndex = wasmWrapperFunction->signatureIndex();
 …
             ASSERT(numImportFunctions == import.kindIndex);
+            ImportFunctionInfo* info = jsInstance->importFunctionInfo(numImportFunctions++);
+            info->targetInstance = calleeInstance;
+            info->wasmEntrypoint = wasmEntrypoint;
+            info->importFunction.set(vm, jsInstance, function);
+            instance->importFunctions()[numImportFunctions++].set(vm, instance, function);
             // v. Append closure to imports.
             break;
 …
             // ii. Append v to tables.
             // iii. Append v.[[Table]] to imports.
+            jsInstance->m_table.set(vm, jsInstance, table);
+            jsInstance->m_wasmTable = table->table();
+            instance->m_table.set(vm, instance, table);
             break;
+        }
 …
             // ii. Append v to memories.
             // iii. Append v.[[Memory]] to imports.
             ASSERT(!jsInstance->m_memory);
             jsInstance->setMemory(vm, memory);
+            ASSERT(!instance->m_memory);
+            instance->m_memory.set(vm, instance, memory);
             RETURN_IF_EXCEPTION(throwScope, nullptr);
             break;
 …
             switch (moduleInformation.globals[import.kindIndex].type) {
             case Wasm::I32:
                 jsInstance->instance().setGlobal(numImportGlobals++, value.toInt32(exec));
+                instance->setGlobal(numImportGlobals++, value.toInt32(exec));
                 break;
             case Wasm::F32:
                 jsInstance->instance().setGlobal(numImportGlobals++, bitwise_cast<uint32_t>(value.toFloat(exec)));
+                instance->setGlobal(numImportGlobals++, bitwise_cast<uint32_t>(value.toFloat(exec)));
                 break;
             case Wasm::F64:
                 jsInstance->instance().setGlobal(numImportGlobals++, bitwise_cast<uint64_t>(value.asNumber()));
+                instance->setGlobal(numImportGlobals++, bitwise_cast<uint64_t>(value.asNumber()));
                 break;
             default:
 …
         if (moduleInformation.memory && !hasMemoryImport) {
+            RELEASE_ASSERT(!moduleInformation.memory.isImport());
             // We create a memory when it's a memory definition.
+            RELEASE_ASSERT(!moduleInformation.memory.isImport());
+            auto* jsMemory = JSWebAssemblyMemory::create(exec, vm, exec->lexicalGlobalObject()->WebAssemblyMemoryStructure());
+            RETURN_IF_EXCEPTION(throwScope, nullptr);
+            RefPtr<Wasm::Memory> memory = Wasm::Memory::create(moduleInformation.memory.initial(), moduleInformation.memory.maximum(),
+                [&vm] (Wasm::Memory::NotifyPressure) { vm.heap.collectAsync(CollectionScope::Full); },
+                [&vm] (Wasm::Memory::SyncTryToReclaim) { vm.heap.collectSync(CollectionScope::Full); },
+                [&vm, jsMemory] (Wasm::Memory::GrowSuccess, Wasm::PageCount oldPageCount, Wasm::PageCount newPageCount) { jsMemory->growSuccessCallback(vm, oldPageCount, newPageCount); });
+            RefPtr<Wasm::Memory> memory = Wasm::Memory::create(vm, moduleInformation.memory.initial(), moduleInformation.memory.maximum());
             if (!memory)
                 return exception(createOutOfMemoryError(exec));
             jsMemory->adopt(memory.releaseNonNull());
             jsInstance->setMemory(vm, jsMemory);
+            instance->m_memory.set(vm, instance,
+                JSWebAssemblyMemory::create(exec, vm, exec->lexicalGlobalObject()->WebAssemblyMemoryStructure(), memory.releaseNonNull()));
             RETURN_IF_EXCEPTION(throwScope, nullptr);
+        }
 …
             RELEASE_ASSERT(!moduleInformation.tableInformation.isImport());
             // We create a Table when it's a Table definition.
+            RefPtr<Wasm::Table> wasmTable = Wasm::Table::create(moduleInformation.tableInformation.initial(), moduleInformation.tableInformation.maximum());
+            if (!wasmTable)
+                return exception(createJSWebAssemblyLinkError(exec, vm, "couldn't create Table"));
+            JSWebAssemblyTable* table = JSWebAssemblyTable::create(exec, vm, exec->lexicalGlobalObject()->WebAssemblyTableStructure(), wasmTable.releaseNonNull());
+            JSWebAssemblyTable* table = JSWebAssemblyTable::create(exec, vm, exec->lexicalGlobalObject()->WebAssemblyTableStructure(),
+                moduleInformation.tableInformation.initial(), moduleInformation.tableInformation.maximum());
             // We should always be able to allocate a JSWebAssemblyTable we've defined.
             // If it's defined to be too large, we should have thrown a validation error.
             throwScope.assertNoException();
             ASSERT(table);
+            jsInstance->m_table.set(vm, jsInstance, table);
+            jsInstance->m_wasmTable = table->table();
+            instance->m_table.set(vm, instance, table);
+        }
+    }
     if (!jsInstance->memory()) {
+    if (!instance->memory()) {
         // Make sure we have a dummy memory, so that wasm -> wasm thunks avoid checking for a nullptr Memory when trying to set pinned registers.
+        auto* jsMemory = JSWebAssemblyMemory::create(exec, vm, exec->lexicalGlobalObject()->WebAssemblyMemoryStructure());
+        jsMemory->adopt(Wasm::Memory::create().releaseNonNull());
+        jsInstance->setMemory(vm, jsMemory);
+        instance->m_memory.set(vm, instance, JSWebAssemblyMemory::create(exec, vm, exec->lexicalGlobalObject()->WebAssemblyMemoryStructure(), Wasm::Memory::create(vm, 0, 0).releaseNonNull()));
         RETURN_IF_EXCEPTION(throwScope, nullptr);
+    }
 …
             if (global.initializationType == Wasm::Global::FromGlobalImport) {
                 ASSERT(global.initialBitsOrImportNumber < numImportGlobals);
                 jsInstance->instance().setGlobal(globalIndex, jsInstance->instance().loadI64Global(global.initialBitsOrImportNumber));
+                instance->setGlobal(globalIndex, instance->loadI64Global(global.initialBitsOrImportNumber));
             } else
+                jsInstance->instance().setGlobal(globalIndex, global.initialBitsOrImportNumber);
+        }
+    }
+    return jsInstance;
+                instance->setGlobal(globalIndex, global.initialBitsOrImportNumber);
+        }
+    }
+    ASSERT(!instance->codeBlock());
+    return instance;
+}
+size_t JSWebAssemblyInstance::globalMemoryByteSize() const
+{
+    return m_module->moduleInformation().globals.size() * sizeof(Register);
+}

trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h

-              r222791
+              r223002
 #include "JSWebAssemblyMemory.h"
 #include "JSWebAssemblyTable.h"
-#include "WasmContext.h"
-#include "WasmInstance.h"
 namespace JSC {
 …
 class WebAssemblyToJSCallee;
-namespace Wasm {
-class CodeBlock;
-class Table; // FIXME remove this after refactoring. https://webkit.org/b/177472
+}
 class JSWebAssemblyInstance : public JSDestructibleObject {
 public:
     typedef JSDestructibleObject Base;
     static JSWebAssemblyInstance* create(VM&, ExecState*, JSWebAssemblyModule*, JSObject* importObject, Structure*, Ref<Wasm::Instance>&&);
+    static JSWebAssemblyInstance* create(VM&, ExecState*, JSWebAssemblyModule*, JSObject* importObject, Structure*);
     static Structure* createStructure(VM&, JSGlobalObject*, JSValue);
     DECLARE_EXPORT_INFO;
+    JSWebAssemblyCodeBlock* codeBlock() const { return m_codeBlock.get(); }
     void finalizeCreation(VM&, ExecState*, Ref<Wasm::CodeBlock>&&);
+    Wasm::Instance& instance() { return m_instance.get(); }
+    Wasm::Context* context() const { return &m_vm->wasmContext; }
+    JSWebAssemblyModule* module() const { return m_module.get(); }
+    JSObject* importFunction(unsigned idx) { RELEASE_ASSERT(idx < m_numImportFunctions); return importFunctions()[idx].get(); }
     JSModuleNamespaceObject* moduleNamespaceObject() { return m_moduleNamespaceObject.get(); }
+    JSWebAssemblyMemory* memory() { return m_memory.get(); }
+    void setMemory(VM& vm, JSWebAssemblyMemory* value) { ASSERT(!memory()); m_memory.set(vm, this, value); }
+    Wasm::MemoryMode memoryMode() { return memory()->memory().mode(); }
     JSWebAssemblyTable* table() { return m_table.get(); }
+    int32_t loadI32Global(unsigned i) const { return m_globals.get()[i]; }
+    int64_t loadI64Global(unsigned i) const { return m_globals.get()[i]; }
+    float loadF32Global(unsigned i) const { return bitwise_cast<float>(loadI32Global(i)); }
+    double loadF64Global(unsigned i) const { return bitwise_cast<double>(loadI64Global(i)); }
+    void setGlobal(unsigned i, int64_t bits) { m_globals.get()[i] = bits; }
+    static ptrdiff_t offsetOfMemory() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_memory); }
+    static ptrdiff_t offsetOfTable() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_table); }
+    static ptrdiff_t offsetOfCallee() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_callee); }
+    static ptrdiff_t offsetOfGlobals() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_globals); }
+    static ptrdiff_t offsetOfVM() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_vm); }
+    static ptrdiff_t offsetOfCodeBlock() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_codeBlock); }
+    static ptrdiff_t offsetOfCachedStackLimit() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_cachedStackLimit); }
+    static size_t offsetOfImportFunctions() { return WTF::roundUpToMultipleOf<sizeof(WriteBarrier<JSCell>)>(sizeof(JSWebAssemblyInstance)); }
+    static size_t offsetOfImportFunction(size_t importFunctionNum) { return offsetOfImportFunctions() + importFunctionNum * sizeof(sizeof(WriteBarrier<JSCell>)); }
     WebAssemblyToJSCallee* webAssemblyToJSCallee() { return m_callee.get(); }
+    JSWebAssemblyMemory* memory() { return m_memory.get(); }
+    void setMemory(VM& vm, JSWebAssemblyMemory* value) { ASSERT(!memory()); m_memory.set(vm, this, value); m_wasmMemory = &memory()->memory(); }
+    Wasm::MemoryMode memoryMode() { return memory()->memory().mode(); }
+    // Tail accessors.
+    static size_t offsetOfTail() { return WTF::roundUpToMultipleOf<sizeof(uint64_t)>(sizeof(JSWebAssemblyInstance)); }
+    struct ImportFunctionInfo {
+        // Target instance and entrypoint are only set for wasm->wasm calls, and are otherwise nullptr. The embedder-specific logic occurs through import function.
+        JSWebAssemblyInstance* targetInstance { nullptr };
+        Wasm::WasmEntrypointLoadLocation wasmEntrypoint { nullptr };
+        WriteBarrier<JSObject> importFunction { WriteBarrier<JSObject>() };
+    };
+    ImportFunctionInfo* importFunctionInfo(size_t importFunctionNum) { return &bitwise_cast<ImportFunctionInfo*>(bitwise_cast<char*>(this) + offsetOfTail())[importFunctionNum]; }
+    static size_t offsetOfTargetInstance(size_t importFunctionNum) { return offsetOfTail() + importFunctionNum * sizeof(ImportFunctionInfo) + OBJECT_OFFSETOF(ImportFunctionInfo, targetInstance); }
+    static size_t offsetOfWasmEntrypoint(size_t importFunctionNum) { return offsetOfTail() + importFunctionNum * sizeof(ImportFunctionInfo) + OBJECT_OFFSETOF(ImportFunctionInfo, wasmEntrypoint); }
+    static size_t offsetOfImportFunction(size_t importFunctionNum) { return offsetOfTail() + importFunctionNum * sizeof(ImportFunctionInfo) + OBJECT_OFFSETOF(ImportFunctionInfo, importFunction); }
+    JSObject* importFunction(unsigned importFunctionNum) { RELEASE_ASSERT(importFunctionNum < m_numImportFunctions); return importFunctionInfo(importFunctionNum)->importFunction.get(); }
+    // FIXME remove these after refactoring them out. https://webkit.org/b/177472
+    Wasm::Memory& internalMemory() { return memory()->memory(); }
+    Wasm::CodeBlock& wasmCodeBlock() const { return *m_instance->codeBlock(); }
+    static ptrdiff_t offsetOfWasmTable() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_wasmTable); }
+    static ptrdiff_t offsetOfCallee() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_callee); }
+    static ptrdiff_t offsetOfVM() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_vm); }
+    static ptrdiff_t offsetOfGlobals() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_globals); }
+    static ptrdiff_t offsetOfCodeBlock() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_codeBlock); }
+    static ptrdiff_t offsetOfWasmCodeBlock() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_wasmCodeBlock); }
+    static ptrdiff_t offsetOfCachedStackLimit() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_cachedStackLimit); }
+    static ptrdiff_t offsetOfWasmMemory() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_wasmMemory); }
+    void* cachedStackLimit() const { RELEASE_ASSERT(m_instance->cachedStackLimit() == m_cachedStackLimit); return m_cachedStackLimit; }
+    void setCachedStackLimit(void* limit) { m_instance->setCachedStackLimit(limit); m_cachedStackLimit = limit; }
+    Wasm::Memory* wasmMemory() { return m_wasmMemory; }
+    Wasm::Module& wasmModule() { return m_wasmModule; }
+    void* cachedStackLimit() const { return m_cachedStackLimit; }
+    void setCachedStackLimit(void* limit) { m_cachedStackLimit = limit; }
 protected:
     JSWebAssemblyInstance(VM&, Structure*, unsigned numImportFunctions, Ref<Wasm::Instance>&&);
+    JSWebAssemblyInstance(VM&, Structure*, unsigned numImportFunctions);
     void finishCreation(VM&, JSWebAssemblyModule*, JSModuleNamespaceObject*);
     static void destroy(JSCell*);
 …
     static size_t allocationSize(Checked<size_t> numImportFunctions)
+    {
         return (offsetOfTail() + sizeof(ImportFunctionInfo) * numImportFunctions).unsafeGet();
+        return (offsetOfImportFunctions() + sizeof(WriteBarrier<JSCell>) * numImportFunctions).unsafeGet();
+    }
 private:
+    JSWebAssemblyModule* module() const { return m_module.get(); }
+    VM* m_vm;
+    WriteBarrier<JSObject>* importFunctions() { return bitwise_cast<WriteBarrier<JSObject>*>(bitwise_cast<char*>(this) + offsetOfImportFunctions()); }
+    size_t globalMemoryByteSize() const;
-    Ref<Wasm::Instance> m_instance;
-    VM* m_vm;
     WriteBarrier<JSWebAssemblyModule> m_module;
     WriteBarrier<JSWebAssemblyCodeBlock> m_codeBlock;
 …
     WriteBarrier<JSWebAssemblyTable> m_table;
     WriteBarrier<WebAssemblyToJSCallee> m_callee;
+    // FIXME remove these after refactoring them out. https://webkit.org/b/177472
+    MallocPtr<uint64_t> m_globals;
     void* m_cachedStackLimit { bitwise_cast<void*>(std::numeric_limits<uintptr_t>::max()) };
-    Wasm::CodeBlock* m_wasmCodeBlock { nullptr };
-    Wasm::Module& m_wasmModule;
-    Wasm::Memory* m_wasmMemory { nullptr };
-    Wasm::Table* m_wasmTable { nullptr };
-    uint64_t* m_globals { nullptr };
     unsigned m_numImportFunctions;
 };

trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.cpp

-              r222791
+              r223002
 const ClassInfo JSWebAssemblyMemory::s_info = { "WebAssembly.Memory", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSWebAssemblyMemory) };
 JSWebAssemblyMemory* JSWebAssemblyMemory::create(ExecState* exec, VM& vm, Structure* structure)
+JSWebAssemblyMemory* JSWebAssemblyMemory::create(ExecState* exec, VM& vm, Structure* structure, Ref<Wasm::Memory>&& memory)
+{
     auto throwScope = DECLARE_THROW_SCOPE(vm);
 …
         return exception(createEvalError(exec, globalObject->webAssemblyDisabledErrorMessage()));
+    auto* memory = new (NotNull, allocateCell<JSWebAssemblyMemory>(vm.heap)) JSWebAssemblyMemory(vm, structure);
+    memory->finishCreation(vm);
+    return memory;
+}
+void JSWebAssemblyMemory::adopt(Ref<Wasm::Memory>&& memory)
+{
+    m_memory.swap(memory);
+    ASSERT(m_memory->refCount() == 1);
+    m_memory->check();
+    auto* instance = new (NotNull, allocateCell<JSWebAssemblyMemory>(vm.heap)) JSWebAssemblyMemory(vm, structure, WTFMove(memory));
+    instance->m_memory->check();
+    instance->finishCreation(vm);
+    return instance;
+}
 …
+}
 JSWebAssemblyMemory::JSWebAssemblyMemory(VM& vm, Structure* structure)
+JSWebAssemblyMemory::JSWebAssemblyMemory(VM& vm, Structure* structure, Ref<Wasm::Memory>&& memory)
     : Base(vm, structure)
     , m_memory(Wasm::Memory::create().releaseNonNull())
+    , m_memory(WTFMove(memory))
+{
+    ASSERT(m_memory->refCount() == 1);
+    m_memoryBase = m_memory->memory();
+    m_memorySize = m_memory->size();
+}
 …
+}
 Wasm::PageCount JSWebAssemblyMemory::grow(VM& vm, ExecState* exec, uint32_t delta)
+Wasm::PageCount JSWebAssemblyMemory::grow(VM& vm, ExecState* exec, uint32_t delta, bool shouldThrowExceptionsOnFailure)
+{
+    // Note: We can only use exec if shouldThrowExceptionsOnFailure is true.
     auto throwScope = DECLARE_THROW_SCOPE(vm);
     auto grown = memory().grow(Wasm::PageCount(delta));
+    if (!grown) {
         switch (grown.error()) {
         case Wasm::Memory::GrowFailReason::InvalidDelta:
+    Wasm::PageCount oldPageCount = memory().sizeInPages();
+    if (!Wasm::PageCount::isValid(delta)) {
+        if (shouldThrowExceptionsOnFailure)
             throwException(exec, throwScope, createRangeError(exec, ASCIILiteral("WebAssembly.Memory.grow expects the delta to be a valid page count")));
-            break;
-        case Wasm::Memory::GrowFailReason::InvalidGrowSize:
-            throwException(exec, throwScope, createRangeError(exec, ASCIILiteral("WebAssembly.Memory.grow expects the grown size to be a valid page count")));
-            break;
-        case Wasm::Memory::GrowFailReason::WouldExceedMaximum:
-            throwException(exec, throwScope, createRangeError(exec, ASCIILiteral("WebAssembly.Memory.grow would exceed the memory's declared maximum size")));
-            break;
-        case Wasm::Memory::GrowFailReason::OutOfMemory:
-            throwException(exec, throwScope, createOutOfMemoryError(exec));
-            break;
+        }
         return Wasm::PageCount();
+    }
+    return grown.value();
+}
+    Wasm::PageCount newSize = oldPageCount + Wasm::PageCount(delta);
+    if (!newSize) {
+        if (shouldThrowExceptionsOnFailure)
+            throwException(exec, throwScope, createRangeError(exec, ASCIILiteral("WebAssembly.Memory.grow expects the grown size to be a valid page count")));
+        return Wasm::PageCount();
+    }
+void JSWebAssemblyMemory::growSuccessCallback(VM& vm, Wasm::PageCount oldPageCount, Wasm::PageCount newPageCount)
+{
+    // We need to clear out the old array buffer because it might now be pointing to stale memory.
+    if (delta) {
+        bool success = memory().grow(vm, newSize);
+        if (!success) {
+            ASSERT(m_memoryBase == memory().memory());
+            ASSERT(m_memorySize == memory().size());
+            if (shouldThrowExceptionsOnFailure)
+                throwException(exec, throwScope, createOutOfMemoryError(exec));
+            return Wasm::PageCount();
+        }
+        m_memoryBase = memory().memory();
+        m_memorySize = memory().size();
+    }
+    // We need to clear out the old array buffer because it might now be pointing
+    // to stale memory.
     // Neuter the old array.
     if (m_buffer) {
 …
         m_bufferWrapper.clear();
+    }
     memory().check();
+    vm.heap.reportExtraMemoryAllocated(newPageCount.bytes() - oldPageCount.bytes());
+    vm.heap.reportExtraMemoryAllocated(Wasm::PageCount(delta).bytes());
+    return oldPageCount;
+}

trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h

-              r222791
+              r223002
+    }
     static JSWebAssemblyMemory* create(ExecState*, VM&, Structure*);
+    static JSWebAssemblyMemory* create(ExecState*, VM&, Structure*, Ref<Wasm::Memory>&&);
     static Structure* createStructure(VM&, JSGlobalObject*, JSValue);
     DECLARE_EXPORT_INFO;
-    void adopt(Ref<Wasm::Memory>&&);
     Wasm::Memory& memory() { return m_memory.get(); }
     JSArrayBuffer* buffer(VM& vm, JSGlobalObject*);
+    Wasm::PageCount grow(VM&, ExecState*, uint32_t delta);
+    void growSuccessCallback(VM&, Wasm::PageCount oldPageCount, Wasm::PageCount newPageCount);
+    Wasm::PageCount grow(VM&, ExecState*, uint32_t delta, bool shouldThrowExceptionsOnFailure);
+    static ptrdiff_t offsetOfMemory() { return OBJECT_OFFSETOF(JSWebAssemblyMemory, m_memoryBase); }
+    static ptrdiff_t offsetOfSize() { return OBJECT_OFFSETOF(JSWebAssemblyMemory, m_memorySize); }
 private:
     JSWebAssemblyMemory(VM&, Structure*);
+    JSWebAssemblyMemory(VM&, Structure*, Ref<Wasm::Memory>&&);
     void finishCreation(VM&);
     static void destroy(JSCell*);
     static void visitChildren(JSCell*, SlotVisitor&);
+    void* m_memoryBase;
+    size_t m_memorySize;
     Ref<Wasm::Memory> m_memory;
     WriteBarrier<JSArrayBuffer> m_bufferWrapper;

trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.cpp

-              r222791
+              r223002
 #include "WasmFormat.h"
 #include "WasmMemory.h"
-#include "WasmModule.h"
 #include "WasmPlan.h"
 #include "WebAssemblyToJSCallee.h"
 …
     return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
+}
 JSWebAssemblyModule::JSWebAssemblyModule(VM& vm, Structure* structure, Ref<Wasm::Module>&& module)
 …
+}
-const Wasm::ModuleInformation& JSWebAssemblyModule::moduleInformation() const
+{
-    return m_module->moduleInformation();
+}
-SymbolTable* JSWebAssemblyModule::exportSymbolTable() const
+{
-    return m_exportSymbolTable.get();
+}
-Wasm::SignatureIndex JSWebAssemblyModule::signatureIndexFromFunctionIndexSpace(unsigned functionIndexSpace) const
+{
-    return m_module->signatureIndexFromFunctionIndexSpace(functionIndexSpace);
+}
-WebAssemblyToJSCallee* JSWebAssemblyModule::callee() const
+{
-    return m_callee.get();
+}
-JSWebAssemblyCodeBlock* JSWebAssemblyModule::codeBlock(Wasm::MemoryMode mode)
+{
-    return m_codeBlocks[static_cast<size_t>(mode)].get();
+}
-Wasm::Module& JSWebAssemblyModule::module()
+{
-    return m_module.get();
+}
 void JSWebAssemblyModule::setCodeBlock(VM& vm, Wasm::MemoryMode mode, JSWebAssemblyCodeBlock* codeBlock)
+{

trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h

-              r222791
+              r223002
 #include "JSObject.h"
 #include "UnconditionalFinalizer.h"
 #include "WasmMemoryMode.h"
+#include "WasmModule.h"
 #include <wtf/Bag.h>
-#include <wtf/Expected.h>
 #include <wtf/Forward.h>
-#include <wtf/text/WTFString.h>
 namespace JSC {
 …
 namespace Wasm {
 class Module;
-struct ModuleInformation;
 class Plan;
-using SignatureIndex = uint32_t;
+}
 …
     DECLARE_EXPORT_INFO;
     JS_EXPORT_PRIVATE static JSWebAssemblyModule* createStub(VM&, ExecState*, Structure*, WTF::Expected<RefPtr<Wasm::Module>, String>&&);
+    JS_EXPORT_PRIVATE static JSWebAssemblyModule* createStub(VM&, ExecState*, Structure*, Wasm::Module::ValidationResult&&);
     static Structure* createStructure(VM&, JSGlobalObject*, JSValue);
+    const Wasm::ModuleInformation& moduleInformation() const;
+    SymbolTable* exportSymbolTable() const;
+    Wasm::SignatureIndex signatureIndexFromFunctionIndexSpace(unsigned functionIndexSpace) const;
+    WebAssemblyToJSCallee* callee() const;
+    const Wasm::ModuleInformation& moduleInformation() const { return m_module->moduleInformation(); }
+    SymbolTable* exportSymbolTable() const { return m_exportSymbolTable.get(); }
+    Wasm::SignatureIndex signatureIndexFromFunctionIndexSpace(unsigned functionIndexSpace) const
+    {
+        return m_module->signatureIndexFromFunctionIndexSpace(functionIndexSpace);
+    }
+    WebAssemblyToJSCallee* callee() const { return m_callee.get(); }
+    JSWebAssemblyCodeBlock* codeBlock(Wasm::MemoryMode mode);
+    void setCodeBlock(VM&, Wasm::MemoryMode, JSWebAssemblyCodeBlock*);
+    JSWebAssemblyCodeBlock* codeBlock(Wasm::MemoryMode mode) { return m_codeBlocks[static_cast<size_t>(mode)].get(); }
     const Vector<uint8_t>& source() const;
+    JS_EXPORT_PRIVATE Wasm::Module& module();
+    Wasm::Module& module() { return m_module.get(); }
+    void setCodeBlock(VM&, Wasm::MemoryMode, JSWebAssemblyCodeBlock*);
 private:

trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp

-              r222873
+              r223002
 #include "JSCInlines.h"
+#include "WasmFormat.h"
+#include <wtf/CheckedArithmetic.h>
 namespace JSC {
 …
 const ClassInfo JSWebAssemblyTable::s_info = { "WebAssembly.Table", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSWebAssemblyTable) };
 JSWebAssemblyTable* JSWebAssemblyTable::create(ExecState* exec, VM& vm, Structure* structure, Ref<Wasm::Table>&& table)
+JSWebAssemblyTable* JSWebAssemblyTable::create(ExecState* exec, VM& vm, Structure* structure, uint32_t initial, std::optional<uint32_t> maximum)
+{
     auto throwScope = DECLARE_THROW_SCOPE(vm);
     auto* globalObject = exec->lexicalGlobalObject();
     if (!globalObject->webAssemblyEnabled()) {
         throwException(exec, throwScope, createEvalError(exec, globalObject->webAssemblyDisabledErrorMessage()));
+    auto exception = [&] (JSObject* error) {
+        throwException(exec, throwScope, error);
         return nullptr;
+    }
+    };
+    auto* instance = new (NotNull, allocateCell<JSWebAssemblyTable>(vm.heap)) JSWebAssemblyTable(vm, structure, WTFMove(table));
+    if (!globalObject->webAssemblyEnabled())
+        return exception(createEvalError(exec, globalObject->webAssemblyDisabledErrorMessage()));
+    if (!isValidSize(initial))
+        return exception(createOutOfMemoryError(exec));
+    auto* instance = new (NotNull, allocateCell<JSWebAssemblyTable>(vm.heap)) JSWebAssemblyTable(vm, structure, initial, maximum);
     instance->finishCreation(vm);
     return instance;
 …
+}
 JSWebAssemblyTable::JSWebAssemblyTable(VM& vm, Structure* structure, Ref<Wasm::Table>&& table)
+JSWebAssemblyTable::JSWebAssemblyTable(VM& vm, Structure* structure, uint32_t initial, std::optional<uint32_t> maximum)
     : Base(vm, structure)
-    , m_table(WTFMove(table))
+{
+    m_size = initial;
+    ASSERT(isValidSize(m_size));
+    m_maximum = maximum;
+    ASSERT(!m_maximum || *m_maximum >= m_size);
     // FIXME: It might be worth trying to pre-allocate maximum here. The spec recommends doing so.
     // But for now, we're not doing that.
+    m_jsFunctions = MallocPtr<WriteBarrier<JSObject>>::malloc(sizeof(WriteBarrier<JSObject>) * static_cast<size_t>(size()));
+    for (uint32_t i = 0; i < size(); ++i)
+        default_construct_at(&m_jsFunctions.get()[i]);
+    m_functions = MallocPtr<Wasm::CallableFunction>::malloc(sizeof(Wasm::CallableFunction) * static_cast<size_t>(m_size));
+    m_jsFunctions = MallocPtr<WriteBarrier<JSObject>>::malloc(sizeof(WriteBarrier<JSObject>) * static_cast<size_t>(m_size));
+    for (uint32_t i = 0; i < m_size; ++i) {
+        new (&m_functions.get()[i]) Wasm::CallableFunction();
+        ASSERT(m_functions.get()[i].signatureIndex == Wasm::Signature::invalidIndex); // We rely on this in compiled code.
+        new (&m_jsFunctions.get()[i]) WriteBarrier<JSObject>();
+    }
+}
 …
     Base::visitChildren(thisObject, visitor);
     for (unsigned i = 0; i < thisObject->size(); ++i)
+    for (unsigned i = 0; i < thisObject->m_size; ++i)
         visitor.append(thisObject->m_jsFunctions.get()[i]);
+}
 …
     if (delta == 0)
         return true;
+    size_t oldSize = size();
+    auto grew = m_table->grow(delta);
+    if (!grew)
+    Checked<uint32_t, RecordOverflow> newSizeChecked = m_size;
+    newSizeChecked += delta;
+    uint32_t newSize;
+    if (newSizeChecked.safeGet(newSize) == CheckedState::DidOverflow)
+        return false;
+    if (maximum() && newSize > *maximum())
+        return false;
+    if (!isValidSize(newSize))
         return false;
     size_t newSize = grew.value();
     m_jsFunctions.realloc(sizeof(WriteBarrier<JSObject>) * newSize);
+    m_functions.realloc(sizeof(Wasm::CallableFunction) * static_cast<size_t>(newSize));
+    m_jsFunctions.realloc(sizeof(WriteBarrier<JSObject>) * static_cast<size_t>(newSize));
+    for (size_t i = oldSize; i < newSize; ++i)
+        default_construct_at(&m_jsFunctions.get()[i]);
+    for (uint32_t i = m_size; i < newSize; ++i) {
+        new (&m_functions.get()[i]) Wasm::CallableFunction();
+        new (&m_jsFunctions.get()[i]) WriteBarrier<JSObject>();
+    }
+    m_size = newSize;
     return true;
+}
-JSObject* JSWebAssemblyTable::getFunction(uint32_t index)
+{
-    RELEASE_ASSERT(index < size());
-    return m_jsFunctions.get()[index].get();
+}
 void JSWebAssemblyTable::clearFunction(uint32_t index)
+{
     m_table->clearFunction(index);
+    RELEASE_ASSERT(index < m_size);
     m_jsFunctions.get()[index] = WriteBarrier<JSObject>();
+    m_functions.get()[index] = Wasm::CallableFunction();
+    ASSERT(m_functions.get()[index].signatureIndex == Wasm::Signature::invalidIndex); // We rely on this in compiled code.
+}
 void JSWebAssemblyTable::setFunction(VM& vm, uint32_t index, WebAssemblyFunction* function)
+{
     m_table->setFunction(index, function->callableFunction(), function->instance());
+    RELEASE_ASSERT(index < m_size);
     m_jsFunctions.get()[index].set(vm, this, function);
+    m_functions.get()[index] = function->callableFunction();
+}
 void JSWebAssemblyTable::setFunction(VM& vm, uint32_t index, WebAssemblyWrapperFunction* function)
+{
     m_table->setFunction(index, function->callableFunction(), function->instance());
+    RELEASE_ASSERT(index < m_size);
     m_jsFunctions.get()[index].set(vm, this, function);
+    m_functions.get()[index] = function->callableFunction();
+}

trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.h

-              r222791
+              r223002
 /*
  * Copyright (C) 2016-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
 #include "JSDestructibleObject.h"
 #include "JSObject.h"
-#include "WasmLimits.h"
-#include "WasmTable.h"
 #include "WebAssemblyWrapperFunction.h"
 #include "WebAssemblyFunction.h"
 …
 namespace JSC {
+namespace Wasm {
+struct CallableFunction;
+}
 class JSWebAssemblyTable : public JSDestructibleObject {
 public:
     typedef JSDestructibleObject Base;
     static JSWebAssemblyTable* create(ExecState*, VM&, Structure*, Ref<Wasm::Table>&&);
+    static JSWebAssemblyTable* create(ExecState*, VM&, Structure*, uint32_t initial, std::optional<uint32_t> maximum);
     static Structure* createStructure(VM&, JSGlobalObject*, JSValue);
     DECLARE_INFO;
+    static bool isValidSize(uint32_t size) { return Wasm::Table::isValidSize(size); }
+    std::optional<uint32_t> maximum() const { return m_table->maximum(); }
+    uint32_t size() const { return m_table->size(); }
+    std::optional<uint32_t> maximum() const { return m_maximum; }
+    uint32_t size() const { return m_size; }
     bool grow(uint32_t delta) WARN_UNUSED_RETURN;
+    JSObject* getFunction(uint32_t);
+    void clearFunction(uint32_t);
+    void setFunction(VM&, uint32_t, WebAssemblyFunction*);
+    void setFunction(VM&, uint32_t, WebAssemblyWrapperFunction*);
+    JSObject* getFunction(uint32_t index)
+    {
+        RELEASE_ASSERT(index < m_size);
+        return m_jsFunctions.get()[index].get();
+    }
+    void clearFunction(uint32_t index);
+    void setFunction(VM&, uint32_t index, WebAssemblyFunction*);
+    void setFunction(VM&, uint32_t index, WebAssemblyWrapperFunction*);
+    Wasm::Table* table() { return m_table.ptr(); }
+    static ptrdiff_t offsetOfSize() { return OBJECT_OFFSETOF(JSWebAssemblyTable, m_size); }
+    static ptrdiff_t offsetOfFunctions() { return OBJECT_OFFSETOF(JSWebAssemblyTable, m_functions); }
+    static ptrdiff_t offsetOfJSFunctions() { return OBJECT_OFFSETOF(JSWebAssemblyTable, m_jsFunctions); }
+    static bool isValidSize(uint32_t size)
+    {
+        // This tops out at ~384 MB worth of data in this class.
+        return size < (1 << 24);
+    }
 private:
     JSWebAssemblyTable(VM&, Structure*, Ref<Wasm::Table>&&);
+    JSWebAssemblyTable(VM&, Structure*, uint32_t initial, std::optional<uint32_t> maximum);
     void finishCreation(VM&);
     static void destroy(JSCell*);
     static void visitChildren(JSCell*, SlotVisitor&);
     Ref<Wasm::Table> m_table;
+    MallocPtr<Wasm::CallableFunction> m_functions;
     MallocPtr<WriteBarrier<JSObject>> m_jsFunctions;
+    std::optional<uint32_t> m_maximum;
+    uint32_t m_size;
 };

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp

-              r222791
+              r223002
     // Make sure that the memory we think we are going to run with matches the one we expect.
     ASSERT(wasmFunction->instance()->instance().codeBlock()->isSafeToRun(wasmFunction->instance()->memory()->memory().mode()));
+    ASSERT(wasmFunction->instance()->codeBlock()->isSafeToRun(wasmFunction->instance()->memory()));
+    {
         // Check if we have a disallowed I64 use.
 …
     Vector<JSValue> boxedArgs;
     JSWebAssemblyInstance* instance = wasmFunction->instance();
     // When we don't use fast TLS to store the context, the JS
     // entry wrapper expects the instance as the first argument.
     if (!Wasm::Context::useFastTLS())
         boxedArgs.append(instance);
+    Wasm::Context* wasmContext = wasmFunction->instance();
+    // When we don't use fast TLS to store the context, the js
+    // entry wrapper expects the WasmContext* as the first argument.
+    if (!Wasm::useFastTLSForContext())
+        boxedArgs.append(wasmContext);
     for (unsigned argIndex = 0; argIndex < signature.argumentCount(); ++argIndex) {
 …
     // FIXME Do away with this entire function, and only use the entrypoint generated by B3. https://bugs.webkit.org/show_bug.cgi?id=166486
     JSWebAssemblyInstance* prevInstance = vm.wasmContext.load();
+    Wasm::Context* prevWasmContext = Wasm::loadContext(vm);
+    {
         // We do the stack check here for the wrapper function because we don't
 …
             return JSValue::encode(throwException(exec, scope, createStackOverflowError(exec)));
+    }
     vm.wasmContext.store(instance, vm.softStackLimit());
+    Wasm::storeContext(vm, wasmContext);
     ASSERT(wasmFunction->instance());
     ASSERT(wasmFunction->instance() == vm.wasmContext.load());
+    ASSERT(wasmFunction->instance() == Wasm::loadContext(vm));
     EncodedJSValue rawResult = vmEntryToWasm(wasmFunction->jsEntrypoint(), &vm, &protoCallFrame);
     // We need to make sure this is in a register or on the stack since it's stored in Vector<JSValue>.
     // This probably isn't strictly necessary, since the WebAssemblyFunction* should keep the instance
     // alive. But it's good hygiene.
     instance->use();
     if (prevInstance != instance) {
+    wasmContext->use();
+    if (prevWasmContext != wasmContext) {
         // This is just for some extra safety instead of leaving a cached
         // value in there. If we ever forget to set the value to be a real
         // bounds, this will force every stack overflow check to immediately
         // fire.
         instance->setCachedStackLimit(bitwise_cast<void*>(std::numeric_limits<uintptr_t>::max()));
+    }
     vm.wasmContext.store(prevInstance, vm.softStackLimit());
+        wasmContext->setCachedStackLimit(bitwise_cast<void*>(std::numeric_limits<uintptr_t>::max()));
+    }
+    Wasm::storeContext(vm, prevWasmContext);
     RETURN_IF_EXCEPTION(scope, { });

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyInstanceConstructor.cpp

-              r222791
+              r223002
 #include "JSModuleEnvironment.h"
 #include "JSModuleNamespaceObject.h"
-#include "JSToWasm.h"
 #include "JSWebAssemblyHelpers.h"
 #include "JSWebAssemblyInstance.h"
 …
 #include "JSWebAssemblyModule.h"
 #include "WasmPlan.h"
-#include "WasmToJS.h"
 #include "WasmWorklist.h"
 #include "WebAssemblyFunction.h"
 …
     RETURN_IF_EXCEPTION(scope, { });
     JSWebAssemblyInstance* instance = JSWebAssemblyInstance::create(vm, exec, module, importObject, instanceStructure, Wasm::Instance::create(Ref<Wasm::Module>(module->module())));
+    JSWebAssemblyInstance* instance = JSWebAssemblyInstance::create(vm, exec, module, importObject, instanceStructure);
     RETURN_IF_EXCEPTION(scope, { });
     instance->finalizeCreation(vm, exec, module->module().compileSync(&vm.wasmContext, instance->memoryMode(), &Wasm::createJSToWasmWrapper, &Wasm::wasmToJSException));
+    instance->finalizeCreation(vm, exec, module->module().compileSync(instance->memoryMode()));
     RETURN_IF_EXCEPTION(scope, { });
     return JSValue::encode(instance);

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyMemoryConstructor.cpp

-              r222791
+              r223002
+    }
+    auto* jsMemory = JSWebAssemblyMemory::create(exec, vm, exec->lexicalGlobalObject()->WebAssemblyMemoryStructure());
+    RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
+    RefPtr<Wasm::Memory> memory = Wasm::Memory::create(initialPageCount, maximumPageCount,
+        [&vm] (Wasm::Memory::NotifyPressure) { vm.heap.collectAsync(CollectionScope::Full); },
+        [&vm] (Wasm::Memory::SyncTryToReclaim) { vm.heap.collectSync(CollectionScope::Full); },
+        [&vm, jsMemory] (Wasm::Memory::GrowSuccess, Wasm::PageCount oldPageCount, Wasm::PageCount newPageCount) { jsMemory->growSuccessCallback(vm, oldPageCount, newPageCount); });
+    RefPtr<Wasm::Memory> memory = Wasm::Memory::create(vm, initialPageCount, maximumPageCount);
     if (!memory)
         return JSValue::encode(throwException(exec, throwScope, createOutOfMemoryError(exec)));
+    jsMemory->adopt(memory.releaseNonNull());
+    auto* jsMemory = JSWebAssemblyMemory::create(exec, vm, exec->lexicalGlobalObject()->WebAssemblyMemoryStructure(), adoptRef(*memory.leakRef()));
+    RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
     return JSValue::encode(jsMemory);
+}

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyMemoryPrototype.cpp

-              r222791
+              r223002
     RETURN_IF_EXCEPTION(throwScope, { });
+    Wasm::PageCount result = memory->grow(vm, exec, delta);
+    bool shouldThrowExceptionsOnFailure = true;
+    Wasm::PageCount result = memory->grow(vm, exec, delta, shouldThrowExceptionsOnFailure);
     RETURN_IF_EXCEPTION(throwScope, { });

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleConstructor.cpp

-              r222791
+              r223002
+{
     VM& vm = exec->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+    Vector<uint8_t> source = createSourceBufferFromValue(vm, exec, exec->argument(0));
+    RETURN_IF_EXCEPTION(scope, { });
+    scope.release();
+    return JSValue::encode(WebAssemblyModuleConstructor::createModule(exec, WTFMove(source)));
+    auto throwScope = DECLARE_THROW_SCOPE(vm);
+    auto* structure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), exec->lexicalGlobalObject()->WebAssemblyModuleStructure());
+    RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
+    throwScope.release();
+    return JSValue::encode(WebAssemblyModuleConstructor::createModule(exec, exec->argument(0), structure));
+}
 …
+}
 JSWebAssemblyModule* WebAssemblyModuleConstructor::createModule(ExecState* exec, Vector<uint8_t>&& buffer)
+JSValue WebAssemblyModuleConstructor::createModule(ExecState* exec, JSValue buffer, Structure* structure)
+{
     VM& vm = exec->vm();
     auto scope = DECLARE_THROW_SCOPE(vm);
     auto* structure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), exec->lexicalGlobalObject()->WebAssemblyModuleStructure());
     RETURN_IF_EXCEPTION(scope, nullptr);
+    Vector<uint8_t> source = createSourceBufferFromValue(vm, exec, buffer);
+    RETURN_IF_EXCEPTION(scope, { });
     scope.release();
     return JSWebAssemblyModule::createStub(vm, exec, structure, Wasm::Module::validateSync(&vm.wasmContext, WTFMove(buffer)));
+    return JSWebAssemblyModule::createStub(vm, exec, structure, Wasm::Module::validateSync(vm, WTFMove(source)));
+}

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleConstructor.h

-              r222791
+              r223002
 #include "JSObject.h"
-#include <wtf/Vector.h>
 namespace JSC {
-class JSWebAssemblyModule;
 class WebAssemblyModulePrototype;
 …
     DECLARE_INFO;
     static JSWebAssemblyModule* createModule(ExecState*, Vector<uint8_t>&& buffer);
+    static JSValue createModule(ExecState*, JSValue buffer, Structure*);
 protected:

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp

-              r222791
+              r223002
     auto* globalObject = exec->lexicalGlobalObject();
     Wasm::CodeBlock* codeBlock = instance->instance().codeBlock();
+    JSWebAssemblyCodeBlock* codeBlock = instance->codeBlock();
     const Wasm::ModuleInformation& moduleInformation = module->moduleInformation();
 …
             switch (global.type) {
             case Wasm::I32:
                 exportedValue = JSValue(instance->instance().loadI32Global(exp.kindIndex));
+                exportedValue = JSValue(instance->loadI32Global(exp.kindIndex));
                 break;
 …
             case Wasm::F32:
                 exportedValue = JSValue(instance->instance().loadF32Global(exp.kindIndex));
+                exportedValue = JSValue(instance->loadF32Global(exp.kindIndex));
                 break;
             case Wasm::F64:
                 exportedValue = JSValue(instance->instance().loadF64Global(exp.kindIndex));
+                exportedValue = JSValue(instance->loadF64Global(exp.kindIndex));
                 break;
 …
     auto scope = DECLARE_THROW_SCOPE(vm);
     Wasm::Module& module = m_instance->instance().module();
     Wasm::CodeBlock* codeBlock = m_instance->instance().codeBlock();
     const Wasm::ModuleInformation& moduleInformation = module.moduleInformation();
+    JSWebAssemblyModule* module = m_instance->module();
+    JSWebAssemblyCodeBlock* codeBlock = m_instance->codeBlock();
+    const Wasm::ModuleInformation& moduleInformation = module->moduleInformation();
     JSWebAssemblyTable* table = m_instance->table();
     const Vector<Wasm::Segment::Ptr>& data = moduleInformation.data;
+    const Vector<Wasm::Segment::Ptr>& data = m_instance->module()->moduleInformation().data;
     JSWebAssemblyMemory* jsMemory = m_instance->memory();
 …
             uint32_t tableIndex = element.offset.isGlobalImport()
                 ? static_cast<uint32_t>(m_instance->instance().loadI32Global(element.offset.globalImportIndex()))
+                ? static_cast<uint32_t>(m_instance->loadI32Global(element.offset.globalImportIndex()))
                 : element.offset.constValue();
 …
         for (const Wasm::Segment::Ptr& segment : data) {
             uint32_t offset = segment->offset.isGlobalImport()
                 ? static_cast<uint32_t>(m_instance->instance().loadI32Global(segment->offset.globalImportIndex()))
+                ? static_cast<uint32_t>(m_instance->loadI32Global(segment->offset.globalImportIndex()))
                 : segment->offset.constValue();
 …
             // https://bugs.webkit.org/show_bug.cgi?id=165510
             uint32_t functionIndex = element.functionIndices[i];
             Wasm::SignatureIndex signatureIndex = module.signatureIndexFromFunctionIndexSpace(functionIndex);
+            Wasm::SignatureIndex signatureIndex = module->signatureIndexFromFunctionIndexSpace(functionIndex);
             if (functionIndex < codeBlock->functionImportCount()) {
                 JSObject* functionImport = jsCast<JSObject*>(m_instance->importFunction(functionIndex));

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.cpp

-              r222791
+              r223002
 #include "JSCInlines.h"
 #include "JSPromiseDeferred.h"
-#include "JSToWasm.h"
 #include "JSWebAssemblyHelpers.h"
 #include "JSWebAssemblyInstance.h"
 …
 #include "StrongInlines.h"
 #include "WasmBBQPlan.h"
-#include "WasmToJS.h"
 #include "WasmWorklist.h"
 #include "WebAssemblyInstanceConstructor.h"
 …
         reject(exec, scope, promise);
     else {
         Wasm::Module::validateAsync(&vm.wasmContext, WTFMove(source), createSharedTask<Wasm::Module::CallbackType>([promise, globalObject, &vm] (Wasm::Module::ValidationResult&& result) mutable {
+        Wasm::Module::validateAsync(vm, WTFMove(source), createSharedTask<Wasm::Module::CallbackType>([promise, globalObject] (VM& vm, Wasm::Module::ValidationResult&& result) mutable {
             vm.promiseDeferredTimer->scheduleWorkSoon(promise, [promise, globalObject, result = WTFMove(result), &vm] () mutable {
                 auto scope = DECLARE_CATCH_SCOPE(vm);
 …
     auto scope = DECLARE_CATCH_SCOPE(vm);
     // In order to avoid potentially recompiling a module. We first gather all the import/memory information prior to compiling code.
     JSWebAssemblyInstance* instance = JSWebAssemblyInstance::create(vm, exec, module, importObject, exec->lexicalGlobalObject()->WebAssemblyInstanceStructure(), Wasm::Instance::create(Ref<Wasm::Module>(module->module())));
+    JSWebAssemblyInstance* instance = JSWebAssemblyInstance::create(vm, exec, module, importObject, exec->lexicalGlobalObject()->WebAssemblyInstanceStructure());
     RETURN_IF_EXCEPTION(scope, reject(exec, scope, promise));
 …
     vm.promiseDeferredTimer->addPendingPromise(promise, WTFMove(dependencies));
     // Note: This completion task may or may not get called immediately.
     module->module().compileAsync(&vm.wasmContext, instance->memoryMode(), createSharedTask<Wasm::CodeBlock::CallbackType>([promise, instance, module, resolveKind, &vm] (Ref<Wasm::CodeBlock>&& refCodeBlock) mutable {
+    module->module().compileAsync(vm, instance->memoryMode(), createSharedTask<Wasm::CodeBlock::CallbackType>([promise, instance, module, resolveKind] (VM& vm, Ref<Wasm::CodeBlock>&& refCodeBlock) mutable {
         RefPtr<Wasm::CodeBlock> codeBlock = WTFMove(refCodeBlock);
         vm.promiseDeferredTimer->scheduleWorkSoon(promise, [promise, instance, module, resolveKind, &vm, codeBlock = WTFMove(codeBlock)] () mutable {
 …
             resolve(vm, exec, promise, instance, module, codeBlock.releaseNonNull(), resolveKind);
         });
     }), &Wasm::createJSToWasmWrapper, &Wasm::wasmToJSException);
+    }));
+}
 …
     RETURN_IF_EXCEPTION(scope, reject(exec, scope, promise));
     Wasm::Module::validateAsync(&vm.wasmContext, WTFMove(source), createSharedTask<Wasm::Module::CallbackType>([promise, importObject, globalObject, &vm] (Wasm::Module::ValidationResult&& result) mutable {
+    Wasm::Module::validateAsync(vm, WTFMove(source), createSharedTask<Wasm::Module::CallbackType>([promise, importObject, globalObject] (VM& vm, Wasm::Module::ValidationResult&& result) mutable {
         vm.promiseDeferredTimer->scheduleWorkSoon(promise, [promise, importObject, globalObject, result = WTFMove(result), &vm] () mutable {
             auto scope = DECLARE_CATCH_SCOPE(vm);
 …
     uint8_t* base = getWasmBufferFromValue(exec, exec->argument(0), byteOffset, byteSize);
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
     BBQPlan plan(&vm.wasmContext, base + byteOffset, byteSize, BBQPlan::Validation, Plan::dontFinalize());
+    BBQPlan plan(&vm, base + byteOffset, byteSize, BBQPlan::Validation, Plan::dontFinalize());
     // FIXME: We might want to throw an OOM exception here if we detect that something will OOM.
     // https://bugs.webkit.org/show_bug.cgi?id=166015

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyTableConstructor.cpp

-              r222791
+              r223002
+    }
-    RefPtr<Wasm::Table> wasmTable = Wasm::Table::create(initial, maximum);
-    if (!wasmTable) {
-        return JSValue::encode(throwException(exec, throwScope,
-            createRangeError(exec, ASCIILiteral("couldn't create Table"))));
+    }
     throwScope.release();
+    return JSValue::encode(JSWebAssemblyTable::create(exec, vm, exec->lexicalGlobalObject()->WebAssemblyTableStructure(), wasmTable.releaseNonNull()));
+    return JSValue::encode(JSWebAssemblyTable::create(exec, vm, exec->lexicalGlobalObject()->WebAssemblyTableStructure(), initial, maximum));
+}

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.cpp

r222791	r223002
64	64	String name = "";
65	65	NativeExecutable* executable = vm.getHostFunction(callWebAssemblyWrapperFunction, NoIntrinsic, callHostFunctionAsConstructor, nullptr, name);
66		WebAssemblyWrapperFunction* result = new (NotNull, allocateCell<WebAssemblyWrapperFunction>(vm.heap)) WebAssemblyWrapperFunction(vm, globalObject, globalObject->webAssemblyWrapperFunctionStructure(), ~~Wasm::CallableFunction { signatureIndex, instance->wasmCodeBlock().wasmToJSCallStubForImport(importIndex) }~~ );
	66	WebAssemblyWrapperFunction* result = new (NotNull, allocateCell<WebAssemblyWrapperFunction>(vm.heap)) WebAssemblyWrapperFunction(vm, globalObject, globalObject->webAssemblyWrapperFunctionStructure(), { signatureIndex, instance->codeBlock()->wasmToJsCallStubForImport(importIndex) });
67	67	const Wasm::Signature& signature = Wasm::SignatureInformation::get(signatureIndex);
68	68	result->finishCreation(vm, executable, signature.argumentCount(), name, function, instance);

trunk/Source/WTF/ChangeLog

-              r222977
+              r223002
+-10-06  Commit Queue  <commit-queue@webkit.org>
+        Unreviewed, rolling out r222791 and r222873.
+        https://bugs.webkit.org/show_bug.cgi?id=178031
+        Caused crashes with workers/wasm LayoutTests (Requested by
+        ryanhaddad on #webkit).
+        Reverted changesets:
+        "WebAssembly: no VM / JS version of everything but Instance"
+        https://bugs.webkit.org/show_bug.cgi?id=177473
+        http://trac.webkit.org/changeset/222791
+        "WebAssembly: address no VM / JS follow-ups"
+        https://bugs.webkit.org/show_bug.cgi?id=177887
+        http://trac.webkit.org/changeset/222873
 -10-06  Antti Koivisto  <antti@apple.com>

trunk/Source/WTF/wtf/StdLibExtras.h

-              r222791
+              r223002
+}
-template<typename T>
-inline T& default_construct_at(T* addr)
+{
-    return *new (addr) T();
+}
 // Returns a count of the number of bits set in 'bits'.
 inline size_t bitCount(unsigned bits)
 …
 using WTF::binarySearch;
 using WTF::bitwise_cast;
-using WTF::default_construct_at;
 using WTF::callStatelessLambda;
 using WTF::checkAndSet;

trunk/Source/WebCore/ChangeLog

-              r223001
+              r223002
+-10-06  Commit Queue  <commit-queue@webkit.org>
+        Unreviewed, rolling out r222791 and r222873.
+        https://bugs.webkit.org/show_bug.cgi?id=178031
+        Caused crashes with workers/wasm LayoutTests (Requested by
+        ryanhaddad on #webkit).
+        Reverted changesets:
+        "WebAssembly: no VM / JS version of everything but Instance"
+        https://bugs.webkit.org/show_bug.cgi?id=177473
+        http://trac.webkit.org/changeset/222791
+        "WebAssembly: address no VM / JS follow-ups"
+        https://bugs.webkit.org/show_bug.cgi?id=177887
+        http://trac.webkit.org/changeset/222873
 -10-06  Alex Christensen  <achristensen@webkit.org>

trunk/Source/WebCore/bindings/js/SerializedScriptValue.cpp

r222791	r223002
80	80	#include <runtime/TypedArrays.h>
81	81	#include <wasm/js/JSWebAssemblyModule.h>
82		~~#include <wasm/WasmModule.h>~~
83	82	#include <wtf/HashTraits.h>
84	83	#include <wtf/MainThread.h>

Context Navigation

Changeset 223002 in webkit

Legend:

Download in other formats: