Changeset 224020 in webkit

Timestamp:

Oct 26, 2017 8:33:55 AM (6 years ago)

Author:

jfbastien@apple.com

Message:

WebAssembly: no VM / JS version of our implementation
​https://bugs.webkit.org/show_bug.cgi?id=177472

Reviewed by Michael Saboff.

This patch removes all appearances of "JS" and "VM" in the wasm
directory. These now only appear in the wasm/js directory, which
is only used in a JS embedding of wasm. It should therefore now be
possible to create non-JS embeddings of wasm through JSC, though
it'll still require:

• Mild codegen for wasm<->embedder calls;
• A strategy for trap handling (no need for full unwind! Could kill).
• Creation of the Wasm::* objects.
• Calling convention handling to call the embedder.
• Handling of multiple embedders (see #177475, this is optional).

Most of the patch consists in renaming JSWebAssemblyInstance to
Instance, and removing temporary copies which I'd added to make
this specific patch very simple.

• interpreter/CallFrame.cpp:

(JSC::CallFrame::wasmAwareLexicalGlobalObject): this one place
which needs to know about who "owns" the Wasm::Instance. In a JS
embedding it's the JSWebAssemblyInstance.

• wasm/WasmB3IRGenerator.cpp:

(JSC::Wasm::B3IRGenerator::B3IRGenerator):
(JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState):
(JSC::Wasm::B3IRGenerator::addGrowMemory):
(JSC::Wasm::B3IRGenerator::addCurrentMemory):
(JSC::Wasm::B3IRGenerator::getGlobal):
(JSC::Wasm::B3IRGenerator::setGlobal):
(JSC::Wasm::B3IRGenerator::addCall):
(JSC::Wasm::B3IRGenerator::addCallIndirect):

• wasm/WasmBinding.cpp:

(JSC::Wasm::wasmToWasm):

• wasm/WasmContext.cpp:

(JSC::Wasm::Context::load const):
(JSC::Wasm::Context::store):

• wasm/WasmContext.h:
• wasm/WasmEmbedder.h:
• wasm/WasmInstance.cpp:

(JSC::Wasm::Instance::Instance):
(JSC::Wasm::Instance::create):
(JSC::Wasm::Instance::extraMemoryAllocated const):

• wasm/WasmInstance.h: add an "owner", the Wasm::Context, move the

"tail" import information from JSWebAssemblyInstance over to here.
(JSC::Wasm::Instance::finalizeCreation):
(JSC::Wasm::Instance::owner const):
(JSC::Wasm::Instance::offsetOfOwner):
(JSC::Wasm::Instance::context const):
(JSC::Wasm::Instance::setMemory):
(JSC::Wasm::Instance::setTable):
(JSC::Wasm::Instance::offsetOfMemory):
(JSC::Wasm::Instance::offsetOfGlobals):
(JSC::Wasm::Instance::offsetOfTable):
(JSC::Wasm::Instance::offsetOfTail):
(JSC::Wasm::Instance::numImportFunctions const):
(JSC::Wasm::Instance::importFunctionInfo):
(JSC::Wasm::Instance::offsetOfTargetInstance):
(JSC::Wasm::Instance::offsetOfWasmEntrypoint):
(JSC::Wasm::Instance::offsetOfWasmToEmbedderStubExecutableAddress):
(JSC::Wasm::Instance::offsetOfImportFunction):
(JSC::Wasm::Instance::importFunction):
(JSC::Wasm::Instance::allocationSize):
(JSC::Wasm::Instance::create): Deleted.

• wasm/WasmOMGPlan.cpp:

(JSC::Wasm::OMGPlan::runForIndex):

• wasm/WasmOMGPlan.h:
• wasm/WasmTable.cpp:

(JSC::Wasm::Table::Table):
(JSC::Wasm::Table::setFunction):

• wasm/WasmTable.h:
• wasm/WasmThunks.cpp:

(JSC::Wasm::throwExceptionFromWasmThunkGenerator):
(JSC::Wasm::triggerOMGTierUpThunkGenerator):

• wasm/js/JSToWasm.cpp:

(JSC::Wasm::createJSToWasmWrapper):

• wasm/js/JSWebAssemblyInstance.cpp: delete code that is now on Wasm::Instance

(JSC::JSWebAssemblyInstance::JSWebAssemblyInstance): The embedder
decides what the import function is. Here we must properly
placement-new it to what we've elected (and initialize it later).
(JSC::JSWebAssemblyInstance::visitChildren):
(JSC::JSWebAssemblyInstance::finalizeCreation):
(JSC::JSWebAssemblyInstance::create):

• wasm/js/JSWebAssemblyInstance.h: delete code that is now on Wasm::Instance

(JSC::JSWebAssemblyInstance::instance):
(JSC::JSWebAssemblyInstance::moduleNamespaceObject):
(JSC::JSWebAssemblyInstance::setMemory):
(JSC::JSWebAssemblyInstance::table):
(JSC::JSWebAssemblyInstance::setTable):
(JSC::JSWebAssemblyInstance::offsetOfInstance):
(JSC::JSWebAssemblyInstance::offsetOfCallee):
(JSC::JSWebAssemblyInstance::context const): Deleted.
(JSC::JSWebAssemblyInstance::offsetOfTail): Deleted.
(): Deleted.
(JSC::JSWebAssemblyInstance::importFunctionInfo): Deleted.
(JSC::JSWebAssemblyInstance::offsetOfTargetInstance): Deleted.
(JSC::JSWebAssemblyInstance::offsetOfWasmEntrypoint): Deleted.
(JSC::JSWebAssemblyInstance::offsetOfWasmToEmbedderStubExecutableAddress): Deleted.
(JSC::JSWebAssemblyInstance::offsetOfImportFunction): Deleted.
(JSC::JSWebAssemblyInstance::importFunction): Deleted.
(JSC::JSWebAssemblyInstance::internalMemory): Deleted.
(JSC::JSWebAssemblyInstance::wasmCodeBlock const): Deleted.
(JSC::JSWebAssemblyInstance::offsetOfWasmTable): Deleted.
(JSC::JSWebAssemblyInstance::offsetOfGlobals): Deleted.
(JSC::JSWebAssemblyInstance::offsetOfCodeBlock): Deleted.
(JSC::JSWebAssemblyInstance::offsetOfWasmCodeBlock): Deleted.
(JSC::JSWebAssemblyInstance::offsetOfCachedStackLimit): Deleted.
(JSC::JSWebAssemblyInstance::offsetOfWasmMemory): Deleted.
(JSC::JSWebAssemblyInstance::offsetOfTopEntryFramePointer): Deleted.
(JSC::JSWebAssemblyInstance::cachedStackLimit const): Deleted.
(JSC::JSWebAssemblyInstance::setCachedStackLimit): Deleted.
(JSC::JSWebAssemblyInstance::wasmMemory): Deleted.
(JSC::JSWebAssemblyInstance::wasmModule): Deleted.
(JSC::JSWebAssemblyInstance::allocationSize): Deleted.

• wasm/js/JSWebAssemblyTable.cpp:

(JSC::JSWebAssemblyTable::setFunction):

• wasm/js/WasmToJS.cpp: One extra indirection to find the JSWebAssemblyInstance.

(JSC::Wasm::materializeImportJSCell):
(JSC::Wasm::handleBadI64Use):
(JSC::Wasm::wasmToJS):
(JSC::Wasm::wasmToJSException):

• wasm/js/WasmToJS.h:
• wasm/js/WebAssemblyFunction.cpp:

(JSC::callWebAssemblyFunction):

• wasm/js/WebAssemblyInstanceConstructor.cpp:

(JSC::constructJSWebAssemblyInstance):

• wasm/js/WebAssemblyModuleRecord.cpp:

(JSC::WebAssemblyModuleRecord::link):
(JSC::WebAssemblyModuleRecord::evaluate):

• wasm/js/WebAssemblyPrototype.cpp:

(JSC::instantiate):

• wasm/js/WebAssemblyWrapperFunction.cpp:

(JSC::WebAssemblyWrapperFunction::create):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• interpreter/CallFrame.cpp (modified) (2 diffs)
• wasm/WasmB3IRGenerator.cpp (modified) (12 diffs)
• wasm/WasmBinding.cpp (modified) (2 diffs)
• wasm/WasmContext.cpp (modified) (2 diffs)
• wasm/WasmContext.h (modified) (1 diff)
• wasm/WasmEmbedder.h (modified) (2 diffs)
• wasm/WasmInstance.cpp (modified) (2 diffs)
• wasm/WasmInstance.h (modified) (6 diffs)
• wasm/WasmOMGPlan.cpp (modified) (2 diffs)
• wasm/WasmOMGPlan.h (modified) (1 diff)
• wasm/WasmTable.cpp (modified) (2 diffs)
• wasm/WasmTable.h (modified) (3 diffs)
• wasm/WasmThunks.cpp (modified) (3 diffs)
• wasm/js/JSToWasm.cpp (modified) (2 diffs)
• wasm/js/JSWebAssemblyInstance.cpp (modified) (11 diffs)
• wasm/js/JSWebAssemblyInstance.h (modified) (5 diffs)
• wasm/js/JSWebAssemblyTable.cpp (modified) (3 diffs)
• wasm/js/WasmToJS.cpp (modified) (7 diffs)
• wasm/js/WasmToJS.h (modified) (1 diff)
• wasm/js/WebAssemblyFunction.cpp (modified) (4 diffs)
• wasm/js/WebAssemblyInstanceConstructor.cpp (modified) (1 diff)
• wasm/js/WebAssemblyModuleRecord.cpp (modified) (3 diffs)
• wasm/js/WebAssemblyPrototype.cpp (modified) (1 diff)
• wasm/js/WebAssemblyWrapperFunction.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2017-10-26  JF Bastien  <jfbastien@apple.com>
+
+        WebAssembly: no VM / JS version of our implementation
+        https://bugs.webkit.org/show_bug.cgi?id=177472
+
+        Reviewed by Michael Saboff.
+
+        This patch removes all appearances of "JS" and "VM" in the wasm
+        directory. These now only appear in the wasm/js directory, which
+        is only used in a JS embedding of wasm. It should therefore now be
+        possible to create non-JS embeddings of wasm through JSC, though
+        it'll still require:
+
+          - Mild codegen for wasm<->embedder calls;
+          - A strategy for trap handling (no need for full unwind! Could kill).
+          - Creation of the Wasm::* objects.
+          - Calling convention handling to call the embedder.
+          - Handling of multiple embedders (see #177475, this is optional).
+
+        Most of the patch consists in renaming JSWebAssemblyInstance to
+        Instance, and removing temporary copies which I'd added to make
+        this specific patch very simple.
+
+        * interpreter/CallFrame.cpp:
+        (JSC::CallFrame::wasmAwareLexicalGlobalObject): this one place
+        which needs to know about who "owns" the Wasm::Instance. In a JS
+        embedding it's the JSWebAssemblyInstance.
+        * wasm/WasmB3IRGenerator.cpp:
+        (JSC::Wasm::B3IRGenerator::B3IRGenerator):
+        (JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState):
+        (JSC::Wasm::B3IRGenerator::addGrowMemory):
+        (JSC::Wasm::B3IRGenerator::addCurrentMemory):
+        (JSC::Wasm::B3IRGenerator::getGlobal):
+        (JSC::Wasm::B3IRGenerator::setGlobal):
+        (JSC::Wasm::B3IRGenerator::addCall):
+        (JSC::Wasm::B3IRGenerator::addCallIndirect):
+        * wasm/WasmBinding.cpp:
+        (JSC::Wasm::wasmToWasm):
+        * wasm/WasmContext.cpp:
+        (JSC::Wasm::Context::load const):
+        (JSC::Wasm::Context::store):
+        * wasm/WasmContext.h:
+        * wasm/WasmEmbedder.h:
+        * wasm/WasmInstance.cpp:
+        (JSC::Wasm::Instance::Instance):
+        (JSC::Wasm::Instance::create):
+        (JSC::Wasm::Instance::extraMemoryAllocated const):
+        * wasm/WasmInstance.h: add an "owner", the Wasm::Context, move the
+        "tail" import information from JSWebAssemblyInstance over to here.
+        (JSC::Wasm::Instance::finalizeCreation):
+        (JSC::Wasm::Instance::owner const):
+        (JSC::Wasm::Instance::offsetOfOwner):
+        (JSC::Wasm::Instance::context const):
+        (JSC::Wasm::Instance::setMemory):
+        (JSC::Wasm::Instance::setTable):
+        (JSC::Wasm::Instance::offsetOfMemory):
+        (JSC::Wasm::Instance::offsetOfGlobals):
+        (JSC::Wasm::Instance::offsetOfTable):
+        (JSC::Wasm::Instance::offsetOfTail):
+        (JSC::Wasm::Instance::numImportFunctions const):
+        (JSC::Wasm::Instance::importFunctionInfo):
+        (JSC::Wasm::Instance::offsetOfTargetInstance):
+        (JSC::Wasm::Instance::offsetOfWasmEntrypoint):
+        (JSC::Wasm::Instance::offsetOfWasmToEmbedderStubExecutableAddress):
+        (JSC::Wasm::Instance::offsetOfImportFunction):
+        (JSC::Wasm::Instance::importFunction):
+        (JSC::Wasm::Instance::allocationSize):
+        (JSC::Wasm::Instance::create): Deleted.
+        * wasm/WasmOMGPlan.cpp:
+        (JSC::Wasm::OMGPlan::runForIndex):
+        * wasm/WasmOMGPlan.h:
+        * wasm/WasmTable.cpp:
+        (JSC::Wasm::Table::Table):
+        (JSC::Wasm::Table::setFunction):
+        * wasm/WasmTable.h:
+        * wasm/WasmThunks.cpp:
+        (JSC::Wasm::throwExceptionFromWasmThunkGenerator):
+        (JSC::Wasm::triggerOMGTierUpThunkGenerator):
+        * wasm/js/JSToWasm.cpp:
+        (JSC::Wasm::createJSToWasmWrapper):
+        * wasm/js/JSWebAssemblyInstance.cpp: delete code that is now on Wasm::Instance
+        (JSC::JSWebAssemblyInstance::JSWebAssemblyInstance): The embedder
+        decides what the import function is. Here we must properly
+        placement-new it to what we've elected (and initialize it later).
+        (JSC::JSWebAssemblyInstance::visitChildren):
+        (JSC::JSWebAssemblyInstance::finalizeCreation):
+        (JSC::JSWebAssemblyInstance::create):
+        * wasm/js/JSWebAssemblyInstance.h: delete code that is now on Wasm::Instance
+        (JSC::JSWebAssemblyInstance::instance):
+        (JSC::JSWebAssemblyInstance::moduleNamespaceObject):
+        (JSC::JSWebAssemblyInstance::setMemory):
+        (JSC::JSWebAssemblyInstance::table):
+        (JSC::JSWebAssemblyInstance::setTable):
+        (JSC::JSWebAssemblyInstance::offsetOfInstance):
+        (JSC::JSWebAssemblyInstance::offsetOfCallee):
+        (JSC::JSWebAssemblyInstance::context const): Deleted.
+        (JSC::JSWebAssemblyInstance::offsetOfTail): Deleted.
+        (): Deleted.
+        (JSC::JSWebAssemblyInstance::importFunctionInfo): Deleted.
+        (JSC::JSWebAssemblyInstance::offsetOfTargetInstance): Deleted.
+        (JSC::JSWebAssemblyInstance::offsetOfWasmEntrypoint): Deleted.
+        (JSC::JSWebAssemblyInstance::offsetOfWasmToEmbedderStubExecutableAddress): Deleted.
+        (JSC::JSWebAssemblyInstance::offsetOfImportFunction): Deleted.
+        (JSC::JSWebAssemblyInstance::importFunction): Deleted.
+        (JSC::JSWebAssemblyInstance::internalMemory): Deleted.
+        (JSC::JSWebAssemblyInstance::wasmCodeBlock const): Deleted.
+        (JSC::JSWebAssemblyInstance::offsetOfWasmTable): Deleted.
+        (JSC::JSWebAssemblyInstance::offsetOfGlobals): Deleted.
+        (JSC::JSWebAssemblyInstance::offsetOfCodeBlock): Deleted.
+        (JSC::JSWebAssemblyInstance::offsetOfWasmCodeBlock): Deleted.
+        (JSC::JSWebAssemblyInstance::offsetOfCachedStackLimit): Deleted.
+        (JSC::JSWebAssemblyInstance::offsetOfWasmMemory): Deleted.
+        (JSC::JSWebAssemblyInstance::offsetOfTopEntryFramePointer): Deleted.
+        (JSC::JSWebAssemblyInstance::cachedStackLimit const): Deleted.
+        (JSC::JSWebAssemblyInstance::setCachedStackLimit): Deleted.
+        (JSC::JSWebAssemblyInstance::wasmMemory): Deleted.
+        (JSC::JSWebAssemblyInstance::wasmModule): Deleted.
+        (JSC::JSWebAssemblyInstance::allocationSize): Deleted.
+        * wasm/js/JSWebAssemblyTable.cpp:
+        (JSC::JSWebAssemblyTable::setFunction):
+        * wasm/js/WasmToJS.cpp: One extra indirection to find the JSWebAssemblyInstance.
+        (JSC::Wasm::materializeImportJSCell):
+        (JSC::Wasm::handleBadI64Use):
+        (JSC::Wasm::wasmToJS):
+        (JSC::Wasm::wasmToJSException):
+        * wasm/js/WasmToJS.h:
+        * wasm/js/WebAssemblyFunction.cpp:
+        (JSC::callWebAssemblyFunction):
+        * wasm/js/WebAssemblyInstanceConstructor.cpp:
+        (JSC::constructJSWebAssemblyInstance):
+        * wasm/js/WebAssemblyModuleRecord.cpp:
+        (JSC::WebAssemblyModuleRecord::link):
+        (JSC::WebAssemblyModuleRecord::evaluate):
+        * wasm/js/WebAssemblyPrototype.cpp:
+        (JSC::instantiate):
+        * wasm/js/WebAssemblyWrapperFunction.cpp:
+        (JSC::WebAssemblyWrapperFunction::create):
+
 2017-10-25  Devin Rousso  <webkit@devinrousso.com>
 

trunk/Source/JavaScriptCore/interpreter/CallFrame.cpp

@@ -34 +34 @@
 #include "VMEntryScope.h"
 #include "WasmContext.h"
+#include "WasmInstance.h"
 #include <wtf/StringPrintStream.h>
 
@@ -219 +220 @@
     if (!callee().isWasm())
         return lexicalGlobalObject();
-    return vm.wasmContext.load()->globalObject();
+    return vm.wasmContext.load()->owner<JSWebAssemblyInstance>()->globalObject();
 #else
     UNUSED_PARAM(vm);

trunk/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp

@@ -49 +49 @@
 #include "B3WasmBoundsCheckValue.h"
 #include "JSCInlines.h"
-#include "JSWebAssemblyInstance.h"
 #include "ScratchRegisterAllocator.h"
 #include "VirtualRegister.h"
@@ -56 +55 @@
 #include "WasmExceptionType.h"
 #include "WasmFunctionParser.h"
+#include "WasmInstance.h"
 #include "WasmMemory.h"
 #include "WasmOMGPlan.h"
@@ -429 +429 @@
                     jit.loadWasmContextInstance(contextInstance);
 
-                jit.loadPtr(CCallHelpers::Address(contextInstance, JSWebAssemblyInstance::offsetOfCachedStackLimit()), scratch2);
+                jit.loadPtr(CCallHelpers::Address(contextInstance, Instance::offsetOfCachedStackLimit()), scratch2);
                 jit.addPtr(CCallHelpers::TrustedImm32(-checkSize), fp, scratch1);
                 MacroAssembler::JumpList overflow;
@@ -473 +473 @@
         patchpoint->setGenerator([pinnedRegs] (CCallHelpers& jit, const B3::StackmapGenerationParams& params) {
             GPRReg baseMemory = pinnedRegs->baseMemoryPointer;
-            jit.loadPtr(CCallHelpers::Address(params[0].gpr(), JSWebAssemblyInstance::offsetOfWasmMemory()), baseMemory);
+            jit.loadPtr(CCallHelpers::Address(params[0].gpr(), Instance::offsetOfMemory()), baseMemory);
             const auto& sizeRegs = pinnedRegs->sizeRegisters;
             ASSERT(sizeRegs.size() >= 1);
@@ -556 +556 @@
 auto B3IRGenerator::addGrowMemory(ExpressionType delta, ExpressionType& result) -> PartialResult
 {
-    int32_t (*growMemory)(JSWebAssemblyInstance*, int32_t) = [] (JSWebAssemblyInstance* instance, int32_t delta) -> int32_t {
+    int32_t (*growMemory)(Instance*, int32_t) = [] (Instance* instance, int32_t delta) -> int32_t {
         if (delta < 0)
             return -1;
 
-        auto grown = instance->internalMemory().grow(PageCount(delta));
+        auto grown = instance->memory()->grow(PageCount(delta));
         if (!grown) {
             switch (grown.error()) {
@@ -585 +585 @@
 auto B3IRGenerator::addCurrentMemory(ExpressionType& result) -> PartialResult
 {
-    Value* memoryObject = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(JSWebAssemblyInstance::offsetOfWasmMemory()));
+    Value* memoryObject = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(Instance::offsetOfMemory()));
 
     static_assert(sizeof(decltype(static_cast<Memory*>(nullptr)->size())) == sizeof(uint64_t), "codegen relies on this size");
@@ -609 +609 @@
 auto B3IRGenerator::getGlobal(uint32_t index, ExpressionType& result) -> PartialResult
 {
-    Value* globalsArray = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(JSWebAssemblyInstance::offsetOfGlobals()));
+    Value* globalsArray = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(Instance::offsetOfGlobals()));
     result = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, toB3Type(m_info.globals[index].type), origin(), globalsArray, safeCast<int32_t>(index * sizeof(Register)));
     return { };
@@ -617 +617 @@
 {
     ASSERT(toB3Type(m_info.globals[index].type) == value->type());
-    Value* globalsArray = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(JSWebAssemblyInstance::offsetOfGlobals()));
+    Value* globalsArray = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(Instance::offsetOfGlobals()));
     m_currentBlock->appendNew<MemoryValue>(m_proc, Store, origin(), value, globalsArray, safeCast<int32_t>(index * sizeof(Register)));
     return { };
@@ -1082 +1082 @@
 
         // FIXME imports can be linked here, instead of generating a patchpoint, because all import stubs are generated before B3 compilation starts. https://bugs.webkit.org/show_bug.cgi?id=166462
-        Value* targetInstance = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(JSWebAssemblyInstance::offsetOfTargetInstance(functionIndex)));
+        Value* targetInstance = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(Instance::offsetOfTargetInstance(functionIndex)));
+        // The target instance is 0 unless the call is wasm->wasm.
         Value* isWasmCall = m_currentBlock->appendNew<Value>(m_proc, NotEqual, origin(), targetInstance, m_currentBlock->appendNew<Const64Value>(m_proc, origin(), 0));
 
@@ -1114 +1115 @@
         // https://bugs.webkit.org/show_bug.cgi?id=170375
         Value* jumpDestination = isEmbedderBlock->appendNew<MemoryValue>(m_proc,
-            Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(JSWebAssemblyInstance::offsetOfWasmToEmbedderStubExecutableAddress(functionIndex)));
+            Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(Instance::offsetOfWasmToEmbedderStubExecutableAddress(functionIndex)));
         Value* embedderCallResult = wasmCallingConvention().setupCall(m_proc, isEmbedderBlock, origin(), args, toB3Type(returnType),
             [&] (PatchpointValue* patchpoint) {
@@ -1179 +1180 @@
     {
         ExpressionType table = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(),
-            instanceValue(), safeCast<int32_t>(JSWebAssemblyInstance::offsetOfWasmTable()));
+            instanceValue(), safeCast<int32_t>(Instance::offsetOfTable()));
         callableFunctionBuffer = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(),
             table, safeCast<int32_t>(Table::offsetOfFunctions()));
@@ -1262 +1263 @@
             GPRReg baseMemory = pinnedRegs.baseMemoryPointer;
             ASSERT(newContextInstance != baseMemory);
-            jit.loadPtr(CCallHelpers::Address(oldContextInstance, JSWebAssemblyInstance::offsetOfCachedStackLimit()), baseMemory);
-            jit.storePtr(baseMemory, CCallHelpers::Address(newContextInstance, JSWebAssemblyInstance::offsetOfCachedStackLimit()));
+            jit.loadPtr(CCallHelpers::Address(oldContextInstance, Instance::offsetOfCachedStackLimit()), baseMemory);
+            jit.storePtr(baseMemory, CCallHelpers::Address(newContextInstance, Instance::offsetOfCachedStackLimit()));
             jit.storeWasmContextInstance(newContextInstance);
-            jit.loadPtr(CCallHelpers::Address(newContextInstance, JSWebAssemblyInstance::offsetOfWasmMemory()), baseMemory); // Memory*.
+            jit.loadPtr(CCallHelpers::Address(newContextInstance, Instance::offsetOfMemory()), baseMemory); // Memory*.
             ASSERT(sizeRegs.size() == 1);
             ASSERT(sizeRegs[0].sizeRegister != baseMemory);

trunk/Source/JavaScriptCore/wasm/WasmBinding.cpp

@@ -31 +31 @@
 #include "CCallHelpers.h"
 #include "JSCInlines.h"
-#include "JSWebAssemblyInstance.h"
 #include "LinkBuffer.h"
+#include "WasmInstance.h"
 
 namespace JSC { namespace Wasm {
@@ -54 +54 @@
     // B3's call codegen ensures that the JSCell is a WebAssemblyFunction.
     jit.loadWasmContextInstance(sizeRegAsScratch); // Old Instance*
-    // Get the callee's WebAssembly.Instance and set it as WasmContext's instance. The caller will take care of restoring its own Instance.
-    jit.loadPtr(JIT::Address(sizeRegAsScratch, JSWebAssemblyInstance::offsetOfTargetInstance(importIndex)), baseMemory); // JSWebAssemblyInstance*.
+    // Get the callee's Wasm::Instance and set it as WasmContext's instance. The caller will take care of restoring its own Instance.
+    jit.loadPtr(JIT::Address(sizeRegAsScratch, Instance::offsetOfTargetInstance(importIndex)), baseMemory); // Instance*.
     // While we're accessing that cacheline, also get the wasm entrypoint so we can tail call to it below.
-    jit.loadPtr(JIT::Address(sizeRegAsScratch, JSWebAssemblyInstance::offsetOfWasmEntrypoint(importIndex)), scratch); // Wasm::WasmEntrypointLoadLocation.
+    jit.loadPtr(JIT::Address(sizeRegAsScratch, Instance::offsetOfWasmEntrypoint(importIndex)), scratch); // Wasm::WasmEntrypointLoadLocation.
     jit.storeWasmContextInstance(baseMemory);
 
-    jit.loadPtr(JIT::Address(sizeRegAsScratch, JSWebAssemblyInstance::offsetOfCachedStackLimit()), sizeRegAsScratch);
-    jit.storePtr(sizeRegAsScratch, JIT::Address(baseMemory, JSWebAssemblyInstance::offsetOfCachedStackLimit()));
+    jit.loadPtr(JIT::Address(sizeRegAsScratch, Instance::offsetOfCachedStackLimit()), sizeRegAsScratch);
+    jit.storePtr(sizeRegAsScratch, JIT::Address(baseMemory, Instance::offsetOfCachedStackLimit()));
 
-    // FIXME the following code assumes that all WebAssembly.Instance have the same pinned registers. https://bugs.webkit.org/show_bug.cgi?id=162952
+    // FIXME the following code assumes that all Wasm::Instance have the same pinned registers. https://bugs.webkit.org/show_bug.cgi?id=162952
     // Set up the callee's baseMemory register as well as the memory size registers.
-    jit.loadPtr(JIT::Address(baseMemory, JSWebAssemblyInstance::offsetOfWasmMemory()), baseMemory); // Wasm::Memory*.
+    jit.loadPtr(JIT::Address(baseMemory, Instance::offsetOfMemory()), baseMemory); // Wasm::Memory*.
     ASSERT(!sizeRegs[0].sizeOffset); // The following code assumes we start at 0, and calculates subsequent size registers relative to 0.
     jit.loadPtr(JIT::Address(baseMemory, Wasm::Memory::offsetOfSize()), sizeRegs[0].sizeRegister); // Memory size.

trunk/Source/JavaScriptCore/wasm/WasmContext.cpp

@@ -29 +29 @@
 #if ENABLE(WEBASSEMBLY)
 
-#include "JSWebAssemblyInstance.h"
 #include "Options.h"
+#include "WasmInstance.h"
 
 #include <mutex>
@@ -46 +46 @@
 }
 
-JSWebAssemblyInstance* Context::load() const
+Instance* Context::load() const
 {
 #if ENABLE(FAST_TLS_JIT)
     if (useFastTLS())
-        return bitwise_cast<JSWebAssemblyInstance*>(_pthread_getspecific_direct(WTF_WASM_CONTEXT_KEY));
+        return bitwise_cast<Instance*>(_pthread_getspecific_direct(WTF_WASM_CONTEXT_KEY));
 #endif
     return instance;
 }
 
-void Context::store(JSWebAssemblyInstance* inst, void* softStackLimit)
+void Context::store(Instance* inst, void* softStackLimit)
 {
 #if ENABLE(FAST_TLS_JIT)

trunk/Source/JavaScriptCore/wasm/WasmContext.h

@@ -28 +28 @@
 #if ENABLE(WEBASSEMBLY)
 
-namespace JSC {
+namespace JSC { namespace Wasm {
 
-class JSWebAssemblyInstance;
-
-namespace Wasm {
+class Instance;
 
 struct Context {
-    JSWebAssemblyInstance* instance { nullptr };
+    Instance* instance { nullptr };
 
-    JSWebAssemblyInstance* load() const;
-    void store(JSWebAssemblyInstance*, void* softStackLimit);
+    Instance* load() const;
+    void store(Instance*, void* softStackLimit);
 
     static bool useFastTLS();

trunk/Source/JavaScriptCore/wasm/WasmEmbedder.h

@@ -38 +38 @@
 
 class ExecState;
-class JSWebAssemblyInstance; // FIXME this should be Wasm::Instance, so should use below. https://webkit.org/b/177472
 
 namespace Wasm {
 
 struct CompilationContext;
+class Instance;
 struct InternalFunction;
 struct ModuleInformation;
@@ -52 +52 @@
 
 // Called as soon as an exception is detected. The return value is the PC to continue at.
-using ThrowWasmException = void* (*)(ExecState*, Wasm::ExceptionType, JSWebAssemblyInstance*);
+using ThrowWasmException = void* (*)(ExecState*, Wasm::ExceptionType, Instance*);
 
 } } // namespace JSC::Wasm

trunk/Source/JavaScriptCore/wasm/WasmInstance.cpp

@@ -41 +41 @@
 }
 
-Instance::Instance(Ref<Module>&& module, EntryFrame** topEntryFramePointer)
-    : m_module(WTFMove(module))
+Instance::Instance(Context* context, Ref<Module>&& module, EntryFrame** topEntryFramePointer)
+    : m_context(context)
+    , m_module(WTFMove(module))
     , m_globals(MallocPtr<uint64_t>::malloc(globalMemoryByteSize(m_module.get())))
     , m_topEntryFramePointer(topEntryFramePointer)
+    , m_numImportFunctions(m_module->moduleInformation().importFunctionCount())
 {
+    for (unsigned i = 0; i < m_numImportFunctions; ++i)
+        new (importFunctionInfo(i)) ImportFunctionInfo();
+}
+
+Ref<Instance> Instance::create(Context* context, Ref<Module>&& module, EntryFrame** topEntryFramePointer)
+{
+    return adoptRef(*new (NotNull, fastMalloc(allocationSize(module->moduleInformation().importFunctionCount()))) Instance(context, WTFMove(module), topEntryFramePointer));
 }
 
@@ -52 +61 @@
 size_t Instance::extraMemoryAllocated() const
 {
-    return globalMemoryByteSize(m_module.get());
+    return globalMemoryByteSize(m_module.get()) + allocationSize(m_numImportFunctions);
 }
 

trunk/Source/JavaScriptCore/wasm/WasmInstance.h

@@ -39 +39 @@
 namespace JSC { namespace Wasm {
 
+struct Context;
+
 class Instance : public ThreadSafeRefCounted<Instance> {
 public:
-    static Ref<Instance> create(Ref<Module>&& module, EntryFrame** topEntryFramePointer)
+    static Ref<Instance> create(Context* context, Ref<Module>&& module, EntryFrame** topEntryFramePointer);
+
+    void finalizeCreation(void* owner, Ref<CodeBlock>&& codeBlock)
     {
-        return adoptRef(*new Instance(WTFMove(module), topEntryFramePointer));
-    }
-
-    void finalizeCreation(Ref<CodeBlock>&& codeBlock)
-    {
+        m_owner = owner;
         m_codeBlock = WTFMove(codeBlock);
     }
@@ -53 +53 @@
     JS_EXPORT_PRIVATE ~Instance();
 
+    template<typename T> T* owner() const { return reinterpret_cast<T*>(m_owner); }
+    static ptrdiff_t offsetOfOwner() { return OBJECT_OFFSETOF(Instance, m_owner); }
+
     size_t extraMemoryAllocated() const;
+
+    Wasm::Context* context() const { return m_context; }
 
     Module& module() { return m_module.get(); }
@@ -59 +64 @@
     Memory* memory() { return m_memory.get(); }
     Table* table() { return m_table.get(); }
+    
+    void setMemory(Ref<Memory>&& memory) { m_memory = WTFMove(memory); }
+    void setTable(Ref<Table>&& table) { m_table = WTFMove(table); }
 
     int32_t loadI32Global(unsigned i) const { return m_globals.get()[i]; }
@@ -66 +74 @@
     void setGlobal(unsigned i, int64_t bits) { m_globals.get()[i] = bits; }
 
+    static ptrdiff_t offsetOfMemory() { return OBJECT_OFFSETOF(Instance, m_memory); }
+    static ptrdiff_t offsetOfGlobals() { return OBJECT_OFFSETOF(Instance, m_globals); }
+    static ptrdiff_t offsetOfTable() { return OBJECT_OFFSETOF(Instance, m_table); }
     static ptrdiff_t offsetOfTopEntryFramePointer() { return OBJECT_OFFSETOF(Instance, m_topEntryFramePointer); }
 
@@ -72 +83 @@
     void setCachedStackLimit(void* limit) { m_cachedStackLimit = limit; }
 
-    friend class JSC::JSWebAssemblyInstance; // FIXME remove this once refactored https://webkit.org/b/177472.
+    // Tail accessors.
+    static size_t offsetOfTail() { return WTF::roundUpToMultipleOf<sizeof(uint64_t)>(sizeof(Instance)); }
+    struct ImportFunctionInfo {
+        // Target instance and entrypoint are only set for wasm->wasm calls, and are otherwise nullptr. The embedder-specific logic occurs through import function.
+        Instance* targetInstance { nullptr };
+        Wasm::WasmEntrypointLoadLocation wasmEntrypoint { nullptr };
+        void* wasmToEmbedderStubExecutableAddress { nullptr };
+        void* importFunction { nullptr }; // In a JS embedding, this is a WriteBarrier<JSObject>.
+    };
+    unsigned numImportFunctions() const { return m_numImportFunctions; }
+    ImportFunctionInfo* importFunctionInfo(size_t importFunctionNum)
+    {
+        RELEASE_ASSERT(importFunctionNum < m_numImportFunctions);
+        return &bitwise_cast<ImportFunctionInfo*>(bitwise_cast<char*>(this) + offsetOfTail())[importFunctionNum];
+    }
+    static size_t offsetOfTargetInstance(size_t importFunctionNum) { return offsetOfTail() + importFunctionNum * sizeof(ImportFunctionInfo) + OBJECT_OFFSETOF(ImportFunctionInfo, targetInstance); }
+    static size_t offsetOfWasmEntrypoint(size_t importFunctionNum) { return offsetOfTail() + importFunctionNum * sizeof(ImportFunctionInfo) + OBJECT_OFFSETOF(ImportFunctionInfo, wasmEntrypoint); }
+    static size_t offsetOfWasmToEmbedderStubExecutableAddress(size_t importFunctionNum) { return offsetOfTail() + importFunctionNum * sizeof(ImportFunctionInfo) + OBJECT_OFFSETOF(ImportFunctionInfo, wasmToEmbedderStubExecutableAddress); }
+    static size_t offsetOfImportFunction(size_t importFunctionNum) { return offsetOfTail() + importFunctionNum * sizeof(ImportFunctionInfo) + OBJECT_OFFSETOF(ImportFunctionInfo, importFunction); }
+    template<typename T> T* importFunction(unsigned importFunctionNum) { return reinterpret_cast<T*>(&importFunctionInfo(importFunctionNum)->importFunction); }
 
 private:
-    Instance(Ref<Module>&&, EntryFrame**);
+    Instance(Context* context, Ref<Module>&&, EntryFrame**);
+    
+    static size_t allocationSize(Checked<size_t> numImportFunctions)
+    {
+        return (offsetOfTail() + sizeof(ImportFunctionInfo) * numImportFunctions).unsafeGet();
+    }
 
+    void* m_owner { nullptr }; // In a JS embedding, this is a JSWebAssemblyInstance*.
+    Context* m_context { nullptr };
     Ref<Module> m_module;
     RefPtr<CodeBlock> m_codeBlock;
@@ -84 +121 @@
     EntryFrame** m_topEntryFramePointer { nullptr };
     void* m_cachedStackLimit { bitwise_cast<void*>(std::numeric_limits<uintptr_t>::max()) };
+    
+    unsigned m_numImportFunctions { 0 };
 };
 

trunk/Source/JavaScriptCore/wasm/WasmOMGPlan.cpp

@@ -32 +32 @@
 #include "B3OpaqueByproducts.h"
 #include "JSCInlines.h"
-#include "JSWebAssemblyInstance.h"
 #include "LinkBuffer.h"
 #include "WasmB3IRGenerator.h"
 #include "WasmCallee.h"
 #include "WasmContext.h"
+#include "WasmInstance.h"
 #include "WasmMachineThreads.h"
 #include "WasmMemory.h"
@@ -164 +164 @@
 }
 
-void OMGPlan::runForIndex(JSWebAssemblyInstance* instance, uint32_t functionIndex)
+void OMGPlan::runForIndex(Instance* instance, uint32_t functionIndex)
 {
-    Wasm::CodeBlock& codeBlock = instance->wasmCodeBlock();
-    ASSERT(instance->wasmMemory()->mode() == codeBlock.mode());
+    Wasm::CodeBlock& codeBlock = *instance->codeBlock();
+    ASSERT(instance->memory()->mode() == codeBlock.mode());
 
     if (codeBlock.tierUpCount(functionIndex).shouldStartTierUp()) {
-        Ref<Plan> plan = adoptRef(*new OMGPlan(instance->context(), Ref<Wasm::Module>(instance->wasmModule()), functionIndex, codeBlock.mode(), Plan::dontFinalize()));
+        Ref<Plan> plan = adoptRef(*new OMGPlan(instance->context(), Ref<Wasm::Module>(instance->module()), functionIndex, codeBlock.mode(), Plan::dontFinalize()));
         ensureWorklist().enqueue(plan.copyRef());
         if (UNLIKELY(!Options::useConcurrentJIT()))

trunk/Source/JavaScriptCore/wasm/WasmOMGPlan.h

@@ -46 +46 @@
     bool multiThreaded() const override { return false; }
 
-    static void runForIndex(JSWebAssemblyInstance*, uint32_t functionIndex);
+    static void runForIndex(Instance*, uint32_t functionIndex);
 
 private:

trunk/Source/JavaScriptCore/wasm/WasmTable.cpp

@@ -56 +56 @@
     // But for now, we're not doing that.
     m_functions = MallocPtr<Wasm::CallableFunction>::malloc(sizeof(Wasm::CallableFunction) * static_cast<size_t>(size()));
-    m_instances = MallocPtr<JSWebAssemblyInstance*>::malloc(sizeof(JSWebAssemblyInstance*) * static_cast<size_t>(size()));
+    m_instances = MallocPtr<Instance*>::malloc(sizeof(Instance*) * static_cast<size_t>(size()));
     for (uint32_t i = 0; i < size(); ++i) {
         new (&m_functions.get()[i]) CallableFunction();
@@ -111 +111 @@
 }
 
-void Table::setFunction(uint32_t index, CallableFunction function, JSWebAssemblyInstance* instance)
+void Table::setFunction(uint32_t index, CallableFunction function, Instance* instance)
 {
     RELEASE_ASSERT(index < size());

trunk/Source/JavaScriptCore/wasm/WasmTable.h

@@ -35 +35 @@
 #include <wtf/ThreadSafeRefCounted.h>
 
-namespace JSC {
+namespace JSC { namespace Wasm {
 
-class JSWebAssemblyInstance; // FIXME this should be Wasm::Instance https://webkit.org/b/177472
-
-namespace Wasm {
+class Instance;
 
 class Table : public ThreadSafeRefCounted<Table> {
@@ -51 +49 @@
     std::optional<uint32_t> grow(uint32_t delta) WARN_UNUSED_RETURN;
     void clearFunction(uint32_t);
-    void setFunction(uint32_t, CallableFunction, JSWebAssemblyInstance*); // FIXME make this Wasm::Instance. https://webkit.org/b/177472
+    void setFunction(uint32_t, CallableFunction, Instance*);
 
     static ptrdiff_t offsetOfSize() { return OBJECT_OFFSETOF(Table, m_size); }
@@ -66 +64 @@
     MallocPtr<CallableFunction> m_functions;
     // call_indirect needs to do an Instance check to potentially context switch when calling a function to another instance. We can hold raw pointers to Instance here because the embedder ensures that Table keeps all the instances alive. We couldn't hold a Ref here because it would cause cycles.
-    MallocPtr<JSWebAssemblyInstance*> m_instances; // FIXME make this a Wasm::Instance. https://webkit.org/b/177472
+    MallocPtr<Instance*> m_instances;
 };
 

trunk/Source/JavaScriptCore/wasm/WasmThunks.cpp

@@ -32 +32 @@
 #include "HeapCellInlines.h"
 #include "JITExceptions.h"
-#include "JSWebAssemblyInstance.h"
 #include "LinkBuffer.h"
 #include "ScratchRegisterAllocator.h"
 #include "WasmContext.h"
 #include "WasmExceptionType.h"
+#include "WasmInstance.h"
 #include "WasmOMGPlan.h"
 
@@ -48 +48 @@
     // We're allowed to use temp registers here. We are not allowed to use callee saves.
     jit.loadWasmContextInstance(GPRInfo::argumentGPR2);
-    jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR2, JSWebAssemblyInstance::offsetOfTopEntryFramePointer()), GPRInfo::argumentGPR0);
+    jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR2, Instance::offsetOfTopEntryFramePointer()), GPRInfo::argumentGPR0);
     jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR0), GPRInfo::argumentGPR0);
     jit.copyCalleeSavesToEntryFrameCalleeSavesBuffer(GPRInfo::argumentGPR0);
@@ -92 +92 @@
 
     jit.loadWasmContextInstance(GPRInfo::argumentGPR0);
-    typedef void (*Run)(JSWebAssemblyInstance*, uint32_t);
+    typedef void (*Run)(Instance*, uint32_t);
     Run run = OMGPlan::runForIndex;
     jit.move(MacroAssembler::TrustedImmPtr(reinterpret_cast<void*>(run)), GPRInfo::argumentGPR2);

trunk/Source/JavaScriptCore/wasm/js/JSToWasm.cpp

@@ -113 +113 @@
         ptrdiff_t jsOffset = CallFrameSlot::thisArgument * sizeof(EncodedJSValue);
 
-        // vmEntryToWasm passes Wasm::Context*'s instance as the first JS argument when we're
-        // not using fast TLS to hold the Wasm::Context*'s instance.
+        // vmEntryToWasm passes the JSWebAssemblyInstance corresponding to Wasm::Context*'s
+        // instance as the first JS argument when we're not using fast TLS to hold the
+        // Wasm::Context*'s instance.
         if (!Context::useFastTLS()) {
             jit.loadPtr(CCallHelpers::Address(GPRInfo::callFrameRegister, jsOffset), wasmContextInstanceGPR);
+            jit.loadPtr(CCallHelpers::Address(wasmContextInstanceGPR, JSWebAssemblyInstance::offsetOfInstance()), wasmContextInstanceGPR);
             jsOffset += sizeof(EncodedJSValue);
         }
@@ -173 +175 @@
 
         if (!Context::useFastTLS())
-            jit.loadPtr(CCallHelpers::Address(wasmContextInstanceGPR, JSWebAssemblyInstance::offsetOfWasmMemory()), baseMemory);
+            jit.loadPtr(CCallHelpers::Address(wasmContextInstanceGPR, Instance::offsetOfMemory()), baseMemory);
         else {
             jit.loadWasmContextInstance(baseMemory);
-            jit.loadPtr(CCallHelpers::Address(baseMemory, JSWebAssemblyInstance::offsetOfWasmMemory()), baseMemory);
+            jit.loadPtr(CCallHelpers::Address(baseMemory, Instance::offsetOfMemory()), baseMemory);
         }
 

trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp

@@ -50 +50 @@
 }
 
-JSWebAssemblyInstance::JSWebAssemblyInstance(VM& vm, Structure* structure, unsigned numImportFunctions, Ref<Wasm::Instance>&& instance)
+JSWebAssemblyInstance::JSWebAssemblyInstance(VM& vm, Structure* structure, Ref<Wasm::Instance>&& instance)
     : Base(vm, structure)
     , m_instance(WTFMove(instance))
-    , m_vm(&vm)
-    , m_wasmModule(m_instance->module())
-    , m_wasmTable(m_instance->m_table.get())
-    , m_globals(m_instance->m_globals.get())
-    , m_topEntryFramePointer(m_instance->m_topEntryFramePointer)
-    , m_numImportFunctions(numImportFunctions)
-{
-    for (unsigned i = 0; i < m_numImportFunctions; ++i)
-        new (importFunctionInfo(i)) ImportFunctionInfo();
+{
+    for (unsigned i = 0; i < this->instance().numImportFunctions(); ++i)
+        new (this->instance().importFunction<WriteBarrier<JSObject>>(i)) WriteBarrier<JSObject>();
 }
 
@@ -94 +88 @@
     visitor.append(thisObject->m_callee);
     visitor.reportExtraMemoryVisited(thisObject->m_instance->extraMemoryAllocated());
-    for (unsigned i = 0; i < thisObject->m_numImportFunctions; ++i)
-        visitor.append(thisObject->importFunctionInfo(i)->importFunction); // This also keeps the functions' JSWebAssemblyInstance alive.
+    for (unsigned i = 0; i < thisObject->instance().numImportFunctions(); ++i)
+        visitor.append(*thisObject->instance().importFunction<WriteBarrier<JSObject>>(i)); // This also keeps the functions' JSWebAssemblyInstance alive.
 }
 
 void JSWebAssemblyInstance::finalizeCreation(VM& vm, ExecState* exec, Ref<Wasm::CodeBlock>&& wasmCodeBlock)
 {
-    m_instance->finalizeCreation(wasmCodeBlock.copyRef());
-    m_wasmCodeBlock = wasmCodeBlock.ptr();
+    m_instance->finalizeCreation(this, wasmCodeBlock.copyRef());
 
     auto scope = DECLARE_THROW_SCOPE(vm);
@@ -120 +113 @@
         m_codeBlock.set(vm, this, jsCodeBlock);
     } else {
-        jsCodeBlock = JSWebAssemblyCodeBlock::create(vm, WTFMove(wasmCodeBlock), wasmModule().moduleInformation());
+        jsCodeBlock = JSWebAssemblyCodeBlock::create(vm, WTFMove(wasmCodeBlock), module()->module().moduleInformation());
         if (UNLIKELY(!jsCodeBlock->runnable())) {
             throwException(exec, scope, JSWebAssemblyLinkError::create(exec, vm, globalObject()->WebAssemblyLinkErrorStructure(), jsCodeBlock->errorMessage()));
@@ -129 +122 @@
     }
 
-    for (size_t importFunctionNum = 0; importFunctionNum < m_numImportFunctions; ++importFunctionNum) {
-        ImportFunctionInfo* info = importFunctionInfo(importFunctionNum);
+    for (unsigned importFunctionNum = 0; importFunctionNum < instance().numImportFunctions(); ++importFunctionNum) {
+        auto* info = instance().importFunctionInfo(importFunctionNum);
         info->wasmToEmbedderStubExecutableAddress = m_codeBlock->wasmToEmbedderStubExecutableAddress(importFunctionNum);
     }
@@ -172 +165 @@
     JSModuleNamespaceObject* moduleNamespace = moduleRecord->getModuleNamespace(exec);
     // FIXME: These objects could be pretty big we should try to throw OOM here.
-    auto* jsInstance = new (NotNull, allocateCell<JSWebAssemblyInstance>(vm.heap, allocationSize(moduleInformation.importFunctionCount()))) JSWebAssemblyInstance(vm, instanceStructure, moduleInformation.importFunctionCount(), WTFMove(instance));
+    auto* jsInstance = new (NotNull, allocateCell<JSWebAssemblyInstance>(vm.heap)) JSWebAssemblyInstance(vm, instanceStructure, WTFMove(instance));
     jsInstance->finishCreation(vm, jsModule, moduleNamespace);
     RETURN_IF_EXCEPTION(throwScope, nullptr);
@@ -204 +197 @@
                 return exception(createJSWebAssemblyLinkError(exec, vm, importFailMessage(import, "import function", "must be callable")));
 
-            JSWebAssemblyInstance* calleeInstance = nullptr;
+            Wasm::Instance* calleeInstance = nullptr;
             Wasm::WasmEntrypointLoadLocation wasmEntrypoint = nullptr;
             JSObject* function = jsCast<JSObject*>(value);
@@ -216 +209 @@
                 if (wasmFunction) {
                     importedSignatureIndex = wasmFunction->signatureIndex();
-                    calleeInstance = wasmFunction->instance();
+                    calleeInstance = &wasmFunction->instance()->instance();
                     wasmEntrypoint = wasmFunction->wasmEntrypointLoadLocation();
                 }
@@ -235 +228 @@
 
             ASSERT(numImportFunctions == import.kindIndex);
-            ImportFunctionInfo* info = jsInstance->importFunctionInfo(numImportFunctions++);
+            auto* info = jsInstance->instance().importFunctionInfo(numImportFunctions);
             info->targetInstance = calleeInstance;
             info->wasmEntrypoint = wasmEntrypoint;
-            info->importFunction.set(vm, jsInstance, function);
+            jsInstance->instance().importFunction<WriteBarrier<JSObject>>(numImportFunctions)->set(vm, jsInstance, function);
+            ++numImportFunctions;
             // v. Append closure to imports.
             break;
@@ -266 +260 @@
             // ii. Append v to tables.
             // iii. Append v.[[Table]] to imports.
-            jsInstance->m_table.set(vm, jsInstance, table);
-            jsInstance->m_wasmTable = table->table();
+            jsInstance->setTable(vm, table);
+            RETURN_IF_EXCEPTION(throwScope, nullptr);
             break;
         }
@@ -297 +291 @@
             // ii. Append v to memories.
             // iii. Append v.[[Memory]] to imports.
-            ASSERT(!jsInstance->m_memory);
             jsInstance->setMemory(vm, memory);
             RETURN_IF_EXCEPTION(throwScope, nullptr);
@@ -375 +368 @@
             throwScope.assertNoException();
             ASSERT(table);
-            jsInstance->m_table.set(vm, jsInstance, table);
-            jsInstance->m_wasmTable = table->table();
+            jsInstance->setTable(vm, table);
+            RETURN_IF_EXCEPTION(throwScope, nullptr);
         }
     }

trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h

@@ -33 +33 @@
 #include "JSWebAssemblyMemory.h"
 #include "JSWebAssemblyTable.h"
-#include "WasmContext.h"
 #include "WasmInstance.h"
 
@@ -44 +43 @@
 namespace Wasm {
 class CodeBlock;
-class Table; // FIXME remove this after refactoring. https://webkit.org/b/177472
 }
 
@@ -59 +57 @@
     
     Wasm::Instance& instance() { return m_instance.get(); }
-    Wasm::Context* context() const { return &m_vm->wasmContext; }
     JSModuleNamespaceObject* moduleNamespaceObject() { return m_moduleNamespaceObject.get(); }
-    JSWebAssemblyTable* table() { return m_table.get(); }
     WebAssemblyToJSCallee* webAssemblyToJSCallee() { return m_callee.get(); }
 
     JSWebAssemblyMemory* memory() { return m_memory.get(); }
-    void setMemory(VM& vm, JSWebAssemblyMemory* value) { ASSERT(!memory()); m_memory.set(vm, this, value); m_wasmMemory = &memory()->memory(); }
+    void setMemory(VM& vm, JSWebAssemblyMemory* value) {
+        ASSERT(!memory());
+        m_memory.set(vm, this, value);
+        instance().setMemory(makeRef(memory()->memory()));
+    }
     Wasm::MemoryMode memoryMode() { return memory()->memory().mode(); }
 
-    // Tail accessors.
-    static size_t offsetOfTail() { return WTF::roundUpToMultipleOf<sizeof(uint64_t)>(sizeof(JSWebAssemblyInstance)); }
-    struct ImportFunctionInfo {
-        // Target instance and entrypoint are only set for wasm->wasm calls, and are otherwise nullptr. The embedder-specific logic occurs through import function.
-        JSWebAssemblyInstance* targetInstance { nullptr };
-        Wasm::WasmEntrypointLoadLocation wasmEntrypoint { nullptr };
-        void* wasmToEmbedderStubExecutableAddress { nullptr };
-        WriteBarrier<JSObject> importFunction { WriteBarrier<JSObject>() };
-    };
-    ImportFunctionInfo* importFunctionInfo(size_t importFunctionNum)
-    {
-        RELEASE_ASSERT(importFunctionNum < m_numImportFunctions);
-        return &bitwise_cast<ImportFunctionInfo*>(bitwise_cast<char*>(this) + offsetOfTail())[importFunctionNum];
+    JSWebAssemblyTable* table() { return m_table.get(); }
+    void setTable(VM& vm, JSWebAssemblyTable* value) {
+        ASSERT(!table());
+        m_table.set(vm, this, value);
+        instance().setTable(makeRef(*table()->table()));
     }
-    static size_t offsetOfTargetInstance(size_t importFunctionNum) { return offsetOfTail() + importFunctionNum * sizeof(ImportFunctionInfo) + OBJECT_OFFSETOF(ImportFunctionInfo, targetInstance); }
-    static size_t offsetOfWasmEntrypoint(size_t importFunctionNum) { return offsetOfTail() + importFunctionNum * sizeof(ImportFunctionInfo) + OBJECT_OFFSETOF(ImportFunctionInfo, wasmEntrypoint); }
-    static size_t offsetOfWasmToEmbedderStubExecutableAddress(size_t importFunctionNum) { return offsetOfTail() + importFunctionNum * sizeof(ImportFunctionInfo) + OBJECT_OFFSETOF(ImportFunctionInfo, wasmToEmbedderStubExecutableAddress); }
-    static size_t offsetOfImportFunction(size_t importFunctionNum) { return offsetOfTail() + importFunctionNum * sizeof(ImportFunctionInfo) + OBJECT_OFFSETOF(ImportFunctionInfo, importFunction); }
-    JSObject* importFunction(unsigned importFunctionNum) { return importFunctionInfo(importFunctionNum)->importFunction.get(); }
 
-    // FIXME remove these after refactoring them out. https://webkit.org/b/177472
-    Wasm::Memory& internalMemory() { return memory()->memory(); }
-    Wasm::CodeBlock& wasmCodeBlock() const { return *m_instance->codeBlock(); }
-    static ptrdiff_t offsetOfWasmTable() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_wasmTable); }
-    static ptrdiff_t offsetOfCallee() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_callee); }
-    static ptrdiff_t offsetOfGlobals() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_globals); }
-    static ptrdiff_t offsetOfCodeBlock() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_codeBlock); }
-    static ptrdiff_t offsetOfWasmCodeBlock() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_wasmCodeBlock); }
-    static ptrdiff_t offsetOfCachedStackLimit() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_cachedStackLimit); }
-    static ptrdiff_t offsetOfWasmMemory() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_wasmMemory); }
-    static ptrdiff_t offsetOfTopEntryFramePointer() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_topEntryFramePointer); }
-    void* cachedStackLimit() const { RELEASE_ASSERT(m_instance->cachedStackLimit() == m_cachedStackLimit); return m_cachedStackLimit; }
-    void setCachedStackLimit(void* limit) { m_instance->setCachedStackLimit(limit); m_cachedStackLimit = limit; }
-    Wasm::Memory* wasmMemory() { return m_wasmMemory; }
-    Wasm::Module& wasmModule() { return m_wasmModule; }
+    static size_t offsetOfInstance() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_instance); }
+    static size_t offsetOfCallee() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_callee); }
 
 protected:
-    JSWebAssemblyInstance(VM&, Structure*, unsigned numImportFunctions, Ref<Wasm::Instance>&&);
+    JSWebAssemblyInstance(VM&, Structure*, Ref<Wasm::Instance>&&);
     void finishCreation(VM&, JSWebAssemblyModule*, JSModuleNamespaceObject*);
     static void destroy(JSCell*);
     static void visitChildren(JSCell*, SlotVisitor&);
-
-    static size_t allocationSize(Checked<size_t> numImportFunctions)
-    {
-        return (offsetOfTail() + sizeof(ImportFunctionInfo) * numImportFunctions).unsafeGet();
-    }
 
 private:
@@ -120 +89 @@
     Ref<Wasm::Instance> m_instance;
 
-    VM* m_vm;
     WriteBarrier<JSWebAssemblyModule> m_module;
     WriteBarrier<JSWebAssemblyCodeBlock> m_codeBlock;
@@ -127 +95 @@
     WriteBarrier<JSWebAssemblyTable> m_table;
     WriteBarrier<WebAssemblyToJSCallee> m_callee;
-    
-    // FIXME remove these after refactoring them out. https://webkit.org/b/177472
-    void* m_cachedStackLimit { bitwise_cast<void*>(std::numeric_limits<uintptr_t>::max()) };
-    Wasm::CodeBlock* m_wasmCodeBlock { nullptr };
-    Wasm::Module& m_wasmModule;
-    Wasm::Memory* m_wasmMemory { nullptr };
-    Wasm::Table* m_wasmTable { nullptr };
-    uint64_t* m_globals { nullptr };
-    EntryFrame** m_topEntryFramePointer { nullptr };
-
-    unsigned m_numImportFunctions;
 };
 

trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp

@@ -30 +30 @@
 
 #include "JSCInlines.h"
+#include "JSWebAssemblyInstance.h"
 
 namespace JSC {
@@ -122 +123 @@
 void JSWebAssemblyTable::setFunction(VM& vm, uint32_t index, WebAssemblyFunction* function)
 {
-    m_table->setFunction(index, function->callableFunction(), function->instance());
+    m_table->setFunction(index, function->callableFunction(), &function->instance()->instance());
     m_jsFunctions.get()[index].set(vm, this, function);
 }
@@ -128 +129 @@
 void JSWebAssemblyTable::setFunction(VM& vm, uint32_t index, WebAssemblyWrapperFunction* function)
 {
-    m_table->setFunction(index, function->callableFunction(), function->instance());
+    m_table->setFunction(index, function->callableFunction(), &function->instance()->instance());
     m_jsFunctions.get()[index].set(vm, this, function);
 }

trunk/Source/JavaScriptCore/wasm/js/WasmToJS.cpp

@@ -41 +41 @@
 #include "WasmContext.h"
 #include "WasmExceptionType.h"
+#include "WasmInstance.h"
 
 namespace JSC { namespace Wasm {
@@ -50 +51 @@
     // We're calling out of the current WebAssembly.Instance. That Instance has a list of all its import functions.
     jit.loadWasmContextInstance(result);
-    jit.loadPtr(JIT::Address(result, JSWebAssemblyInstance::offsetOfImportFunction(importIndex)), result);
+    jit.loadPtr(JIT::Address(result, Instance::offsetOfImportFunction(importIndex)), result);
 }
     
@@ -83 +84 @@
 
         // Store Callee.
+        jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR1, Instance::offsetOfOwner()), GPRInfo::argumentGPR1);
         jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR1, JSWebAssemblyInstance::offsetOfCallee()), GPRInfo::argumentGPR2);
         jit.storePtr(GPRInfo::argumentGPR2, JIT::Address(GPRInfo::callFrameRegister, CallFrameSlot::callee * static_cast<int>(sizeof(Register))));
@@ -278 +280 @@
         
         jit.loadWasmContextInstance(GPRInfo::argumentGPR0);
+        jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR0, Instance::offsetOfOwner()), GPRInfo::argumentGPR0);
         jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR0, JSWebAssemblyInstance::offsetOfCallee()), GPRInfo::argumentGPR0);
         jit.storePtr(GPRInfo::argumentGPR0, JIT::Address(GPRInfo::callFrameRegister, CallFrameSlot::callee * static_cast<int>(sizeof(Register))));
@@ -287 +290 @@
         auto noException = jit.emitExceptionCheck(*vm, AssemblyHelpers::InvertedExceptionCheck);
 
-        // exception here.
+        // Exception here.
         jit.copyCalleeSavesToEntryFrameCalleeSavesBuffer(vm->topEntryFrame);
         jit.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
@@ -460 +463 @@
 
     jit.loadWasmContextInstance(GPRInfo::argumentGPR0);
+    jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR0, Instance::offsetOfOwner()), GPRInfo::argumentGPR0);
     jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR0, JSWebAssemblyInstance::offsetOfCallee()), GPRInfo::argumentGPR0);
     jit.storePtr(GPRInfo::argumentGPR0, JIT::Address(GPRInfo::callFrameRegister, CallFrameSlot::callee * static_cast<int>(sizeof(Register))));
@@ -629 +633 @@
 }
 
-void* wasmToJSException(ExecState* exec, Wasm::ExceptionType type, JSWebAssemblyInstance* instance)
+void* wasmToJSException(ExecState* exec, Wasm::ExceptionType type, Instance* wasmInstance)
 {
+    JSWebAssemblyInstance* instance = wasmInstance->owner<JSWebAssemblyInstance>();
     VM* vm = instance->vm();
     NativeCallFrameTracer tracer(vm, exec);

trunk/Source/JavaScriptCore/wasm/js/WasmToJS.h

@@ -41 +41 @@
 namespace Wasm {
 
+class Instance;
+
 Expected<MacroAssemblerCodeRef, BindingFailure> wasmToJS(VM*, Bag<CallLinkInfo>& callLinkInfos, SignatureIndex, unsigned importIndex);
 
-void* wasmToJSException(ExecState*, Wasm::ExceptionType, JSWebAssemblyInstance*);
+void* wasmToJSException(ExecState*, Wasm::ExceptionType, Instance*);
 
 } } // namespace JSC::Wasm

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp

@@ -84 +84 @@
     Vector<JSValue> boxedArgs;
     JSWebAssemblyInstance* instance = wasmFunction->instance();
+    Wasm::Instance* wasmInstance = &instance->instance();
     // When we don't use fast TLS to store the context, the JS
-    // entry wrapper expects the instance as the first argument.
+    // entry wrapper expects a JSWebAssemblyInstance as the first argument.
     if (!Wasm::Context::useFastTLS())
         boxedArgs.append(instance);
@@ -128 +129 @@
 
     // FIXME Do away with this entire function, and only use the entrypoint generated by B3. https://bugs.webkit.org/show_bug.cgi?id=166486
-    JSWebAssemblyInstance* prevInstance = vm.wasmContext.load();
+    Wasm::Instance* prevWasmInstance = vm.wasmContext.load();
     {
         // We do the stack check here for the wrapper function because we don't
@@ -138 +139 @@
             return JSValue::encode(throwException(exec, scope, createStackOverflowError(exec)));
     }
-    vm.wasmContext.store(instance, vm.softStackLimit());
+    vm.wasmContext.store(wasmInstance, vm.softStackLimit());
     ASSERT(wasmFunction->instance());
-    ASSERT(wasmFunction->instance() == vm.wasmContext.load());
+    ASSERT(&wasmFunction->instance()->instance() == vm.wasmContext.load());
     EncodedJSValue rawResult = vmEntryToWasm(wasmFunction->jsEntrypoint(), &vm, &protoCallFrame);
     // We need to make sure this is in a register or on the stack since it's stored in Vector<JSValue>.
@@ -146 +147 @@
     // alive. But it's good hygiene.
     instance->use();
-    if (prevInstance != instance) {
+    if (prevWasmInstance != wasmInstance) {
         // This is just for some extra safety instead of leaving a cached
         // value in there. If we ever forget to set the value to be a real
         // bounds, this will force every stack overflow check to immediately
         // fire.
-        instance->setCachedStackLimit(bitwise_cast<void*>(std::numeric_limits<uintptr_t>::max()));
-    }
-    vm.wasmContext.store(prevInstance, vm.softStackLimit());
+        wasmInstance->setCachedStackLimit(bitwise_cast<void*>(std::numeric_limits<uintptr_t>::max()));
+    }
+    vm.wasmContext.store(prevWasmInstance, vm.softStackLimit());
     RETURN_IF_EXCEPTION(scope, { });
 

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyInstanceConstructor.cpp

@@ -78 +78 @@
     RETURN_IF_EXCEPTION(scope, { });
 
-    JSWebAssemblyInstance* instance = JSWebAssemblyInstance::create(vm, exec, module, importObject, instanceStructure, Wasm::Instance::create(Ref<Wasm::Module>(module->module()), &vm.topEntryFrame));
+    JSWebAssemblyInstance* instance = JSWebAssemblyInstance::create(vm, exec, module, importObject, instanceStructure, Wasm::Instance::create(&vm.wasmContext, Ref<Wasm::Module>(module->module()), &vm.topEntryFrame));
     RETURN_IF_EXCEPTION(scope, { });
 

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp

@@ -111 +111 @@
             if (exp.kindIndex < functionImportCount) {
                 unsigned functionIndex = exp.kindIndex;
-                JSObject* functionImport = instance->importFunction(functionIndex);
+                JSObject* functionImport = instance->instance().importFunction<WriteBarrier<JSObject>>(functionIndex)->get();
                 if (isWebAssemblyHostFunction(vm, functionImport))
                     exportedValue = functionImport;
@@ -192 +192 @@
         ASSERT(signature.returnType() == Wasm::Void);
         if (startFunctionIndexSpace < codeBlock->functionImportCount()) {
-            JSObject* startFunction = instance->importFunction(startFunctionIndexSpace);
+            JSObject* startFunction = instance->instance().importFunction<WriteBarrier<JSObject>>(startFunctionIndexSpace)->get();
             m_startFunction.set(vm, this, startFunction);
         } else {
@@ -296 +296 @@
             Wasm::SignatureIndex signatureIndex = module.signatureIndexFromFunctionIndexSpace(functionIndex);
             if (functionIndex < codeBlock->functionImportCount()) {
-                JSObject* functionImport = jsCast<JSObject*>(m_instance->importFunction(functionIndex));
+                JSObject* functionImport = m_instance->instance().importFunction<WriteBarrier<JSObject>>(functionIndex)->get();
                 if (isWebAssemblyHostFunction(vm, functionImport)) {
                     WebAssemblyFunction* wasmFunction = jsDynamicCast<WebAssemblyFunction*>(vm, functionImport);

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.cpp

@@ -138 +138 @@
     auto scope = DECLARE_CATCH_SCOPE(vm);
     // In order to avoid potentially recompiling a module. We first gather all the import/memory information prior to compiling code.
-    JSWebAssemblyInstance* instance = JSWebAssemblyInstance::create(vm, exec, module, importObject, exec->lexicalGlobalObject()->WebAssemblyInstanceStructure(), Wasm::Instance::create(Ref<Wasm::Module>(module->module()), &vm.topEntryFrame));
+    JSWebAssemblyInstance* instance = JSWebAssemblyInstance::create(vm, exec, module, importObject, exec->lexicalGlobalObject()->WebAssemblyInstanceStructure(), Wasm::Instance::create(&vm.wasmContext, Ref<Wasm::Module>(module->module()), &vm.topEntryFrame));
     RETURN_IF_EXCEPTION(scope, reject(exec, scope, promise));
 

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.cpp

@@ -64 +64 @@
     String name = "";
     NativeExecutable* executable = vm.getHostFunction(callWebAssemblyWrapperFunction, NoIntrinsic, callHostFunctionAsConstructor, nullptr, name);
-    WebAssemblyWrapperFunction* result = new (NotNull, allocateCell<WebAssemblyWrapperFunction>(vm.heap)) WebAssemblyWrapperFunction(vm, globalObject, globalObject->webAssemblyWrapperFunctionStructure(), Wasm::CallableFunction { signatureIndex, &instance->importFunctionInfo(importIndex)->wasmToEmbedderStubExecutableAddress } );
+    WebAssemblyWrapperFunction* result = new (NotNull, allocateCell<WebAssemblyWrapperFunction>(vm.heap)) WebAssemblyWrapperFunction(vm, globalObject, globalObject->webAssemblyWrapperFunctionStructure(), Wasm::CallableFunction { signatureIndex, &instance->instance().importFunctionInfo(importIndex)->wasmToEmbedderStubExecutableAddress } );
     const Wasm::Signature& signature = Wasm::SignatureInformation::get(signatureIndex);
     result->finishCreation(vm, executable, signature.argumentCount(), name, function, instance);