<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[214711] trunk/Source/JavaScriptCore</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/214711">214711</a></dd>
<dt>Author</dt> <dd>sbarati@apple.com</dd>
<dt>Date</dt> <dd>2017-03-31 19:09:51 -0700 (Fri, 31 Mar 2017)</dd>
</dl>

<h3>Log Message</h3>
<pre>WebAssembly: Make our calls out to JS PIC friendly
https://bugs.webkit.org/show_bug.cgi?id=170261

Reviewed by Keith Miller.

This patch removes a direct call from the module to the Wasm to JS stub.
Instead, we do an indirect call to the stub by loading the stub's executable
address off of the CodeBlock. This is to make the code we emit for comply with
requirements needed for PIC.

Adding this indirection is not ideal. Although this patch is neutral on
WasmBench, we really want to get back to a world where we have an IC
call infrastructure. This patch is obviously a regression on some
types of programs. I've filed this bug to make sure we implement a
PIC compliant Wasm to JS call IC:
https://bugs.webkit.org/show_bug.cgi?id=170375

* wasm/WasmB3IRGenerator.cpp:
* wasm/WasmFormat.h:
* wasm/WasmPlan.cpp:
(JSC::Wasm::Plan::complete):
* wasm/js/JSWebAssemblyCodeBlock.cpp:
(JSC::JSWebAssemblyCodeBlock::initialize):
* wasm/js/JSWebAssemblyCodeBlock.h:
(JSC::JSWebAssemblyCodeBlock::create):
(JSC::JSWebAssemblyCodeBlock::offsetOfImportWasmToJSStub):
(JSC::JSWebAssemblyCodeBlock::offsetOfCallees):
(JSC::JSWebAssemblyCodeBlock::allocationSize):
(JSC::JSWebAssemblyCodeBlock::importWasmToJSStub):
* wasm/js/JSWebAssemblyInstance.cpp:
(JSC::JSWebAssemblyInstance::addUnitializedCodeBlock):
* wasm/js/JSWebAssemblyInstance.h:
(JSC::JSWebAssemblyInstance::offsetOfCodeBlock):</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmWasmB3IRGeneratorcpp">trunk/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmWasmFormath">trunk/Source/JavaScriptCore/wasm/WasmFormat.h</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmWasmPlancpp">trunk/Source/JavaScriptCore/wasm/WasmPlan.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmjsJSWebAssemblyCodeBlockcpp">trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmjsJSWebAssemblyCodeBlockh">trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmjsJSWebAssemblyInstancecpp">trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmjsJSWebAssemblyInstanceh">trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (214710 => 214711)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog        2017-04-01 02:05:01 UTC (rev 214710)
+++ trunk/Source/JavaScriptCore/ChangeLog        2017-04-01 02:09:51 UTC (rev 214711)
</span><span class="lines">@@ -1,3 +1,39 @@
</span><ins>+2017-03-31  Saam Barati  &lt;sbarati@apple.com&gt;
+
+        WebAssembly: Make our calls out to JS PIC friendly
+        https://bugs.webkit.org/show_bug.cgi?id=170261
+
+        Reviewed by Keith Miller.
+
+        This patch removes a direct call from the module to the Wasm to JS stub.
+        Instead, we do an indirect call to the stub by loading the stub's executable
+        address off of the CodeBlock. This is to make the code we emit for comply with
+        requirements needed for PIC.
+        
+        Adding this indirection is not ideal. Although this patch is neutral on
+        WasmBench, we really want to get back to a world where we have an IC
+        call infrastructure. This patch is obviously a regression on some
+        types of programs. I've filed this bug to make sure we implement a
+        PIC compliant Wasm to JS call IC:
+        https://bugs.webkit.org/show_bug.cgi?id=170375
+
+        * wasm/WasmB3IRGenerator.cpp:
+        * wasm/WasmFormat.h:
+        * wasm/WasmPlan.cpp:
+        (JSC::Wasm::Plan::complete):
+        * wasm/js/JSWebAssemblyCodeBlock.cpp:
+        (JSC::JSWebAssemblyCodeBlock::initialize):
+        * wasm/js/JSWebAssemblyCodeBlock.h:
+        (JSC::JSWebAssemblyCodeBlock::create):
+        (JSC::JSWebAssemblyCodeBlock::offsetOfImportWasmToJSStub):
+        (JSC::JSWebAssemblyCodeBlock::offsetOfCallees):
+        (JSC::JSWebAssemblyCodeBlock::allocationSize):
+        (JSC::JSWebAssemblyCodeBlock::importWasmToJSStub):
+        * wasm/js/JSWebAssemblyInstance.cpp:
+        (JSC::JSWebAssemblyInstance::addUnitializedCodeBlock):
+        * wasm/js/JSWebAssemblyInstance.h:
+        (JSC::JSWebAssemblyInstance::offsetOfCodeBlock):
+
</ins><span class="cx"> 2017-03-31  Keith Miller  &lt;keith_miller@apple.com&gt;
</span><span class="cx"> 
</span><span class="cx">         WebAssembly: webAssemblyB3OptimizationLevel should use defaultB3OptLevel by default
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmWasmB3IRGeneratorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp (214710 => 214711)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp        2017-04-01 02:05:01 UTC (rev 214710)
+++ trunk/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp        2017-04-01 02:09:51 UTC (rev 214711)
</span><span class="lines">@@ -908,7 +908,7 @@
</span><span class="cx">                     AllowMacroScratchRegisterUsage allowScratch(jit);
</span><span class="cx">                     CCallHelpers::Call call = jit.call();
</span><span class="cx">                     jit.addLinkTask([unlinkedWasmToWasmCalls, call, functionIndex] (LinkBuffer&amp; linkBuffer) {
</span><del>-                        unlinkedWasmToWasmCalls-&gt;append({ linkBuffer.locationOf(call), functionIndex, UnlinkedWasmToWasmCall::Target::ToWasm });
</del><ins>+                        unlinkedWasmToWasmCalls-&gt;append({ linkBuffer.locationOf(call), functionIndex });
</ins><span class="cx">                     });
</span><span class="cx">                 });
</span><span class="cx">             });
</span><span class="lines">@@ -915,17 +915,23 @@
</span><span class="cx">         UpsilonValue* wasmCallResultUpsilon = returnType == Void ? nullptr : isWasmBlock-&gt;appendNew&lt;UpsilonValue&gt;(m_proc, origin(), wasmCallResult);
</span><span class="cx">         isWasmBlock-&gt;appendNewControlValue(m_proc, Jump, origin(), continuation);
</span><span class="cx"> 
</span><ins>+        // FIXME: Lets remove this indirection by creating a PIC friendly IC
+        // for calls out to JS. This shouldn't be that hard to do. We could probably
+        // implement the IC to be over Wasm::Context*.
+        // https://bugs.webkit.org/show_bug.cgi?id=170375
+        Value* codeBlock = isJSBlock-&gt;appendNew&lt;MemoryValue&gt;(m_proc,
+            Load, pointerType(), origin(), m_instanceValue, JSWebAssemblyInstance::offsetOfCodeBlock());
+        Value* jumpDestination = isJSBlock-&gt;appendNew&lt;MemoryValue&gt;(m_proc,
+            Load, pointerType(), origin(), codeBlock, JSWebAssemblyCodeBlock::offsetOfImportWasmToJSStub(m_info.internalFunctionCount(), functionIndex));
</ins><span class="cx">         Value* jsCallResult = wasmCallingConvention().setupCall(m_proc, isJSBlock, origin(), args, toB3Type(returnType),
</span><del>-            [=] (PatchpointValue* patchpoint) {
</del><ins>+            [&amp;] (PatchpointValue* patchpoint) {
</ins><span class="cx">                 patchpoint-&gt;effects.writesPinned = true;
</span><span class="cx">                 patchpoint-&gt;effects.readsPinned = true;
</span><ins>+                patchpoint-&gt;append(jumpDestination, ValueRep::SomeRegister);
</ins><span class="cx">                 patchpoint-&gt;clobberLate(PinnedRegisterInfo::get().toSave());
</span><del>-                patchpoint-&gt;setGenerator([unlinkedWasmToWasmCalls, functionIndex] (CCallHelpers&amp; jit, const B3::StackmapGenerationParams&amp;) {
</del><ins>+                patchpoint-&gt;setGenerator([unlinkedWasmToWasmCalls, functionIndex, returnType] (CCallHelpers&amp; jit, const B3::StackmapGenerationParams&amp; params) {
</ins><span class="cx">                     AllowMacroScratchRegisterUsage allowScratch(jit);
</span><del>-                    CCallHelpers::Call call = jit.call();
-                    jit.addLinkTask([unlinkedWasmToWasmCalls, call, functionIndex] (LinkBuffer&amp; linkBuffer) {
-                        unlinkedWasmToWasmCalls-&gt;append({ linkBuffer.locationOf(call), functionIndex, UnlinkedWasmToWasmCall::Target::ToJs });
-                    });
</del><ins>+                    jit.call(params[returnType == Void ? 0 : 1].gpr());
</ins><span class="cx">                 });
</span><span class="cx">             });
</span><span class="cx">         UpsilonValue* jsCallResultUpsilon = returnType == Void ? nullptr : isJSBlock-&gt;appendNew&lt;UpsilonValue&gt;(m_proc, origin(), jsCallResult);
</span><span class="lines">@@ -953,7 +959,7 @@
</span><span class="cx">                     AllowMacroScratchRegisterUsage allowScratch(jit);
</span><span class="cx">                     CCallHelpers::Call call = jit.call();
</span><span class="cx">                     jit.addLinkTask([unlinkedWasmToWasmCalls, call, functionIndex] (LinkBuffer&amp; linkBuffer) {
</span><del>-                        unlinkedWasmToWasmCalls-&gt;append({ linkBuffer.locationOf(call), functionIndex, UnlinkedWasmToWasmCall::Target::ToWasm });
</del><ins>+                        unlinkedWasmToWasmCalls-&gt;append({ linkBuffer.locationOf(call), functionIndex });
</ins><span class="cx">                     });
</span><span class="cx">                 });
</span><span class="cx">             });
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmWasmFormath"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/WasmFormat.h (214710 => 214711)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/WasmFormat.h        2017-04-01 02:05:01 UTC (rev 214710)
+++ trunk/Source/JavaScriptCore/wasm/WasmFormat.h        2017-04-01 02:09:51 UTC (rev 214711)
</span><span class="lines">@@ -269,10 +269,6 @@
</span><span class="cx"> struct UnlinkedWasmToWasmCall {
</span><span class="cx">     CodeLocationCall callLocation;
</span><span class="cx">     size_t functionIndex;
</span><del>-    enum class Target : uint8_t {
-        ToJs,
-        ToWasm,
-    } target;
</del><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> struct Entrypoint {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmWasmPlancpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/WasmPlan.cpp (214710 => 214711)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/WasmPlan.cpp        2017-04-01 02:05:01 UTC (rev 214710)
+++ trunk/Source/JavaScriptCore/wasm/WasmPlan.cpp        2017-04-01 02:09:51 UTC (rev 214711)
</span><span class="lines">@@ -296,13 +296,9 @@
</span><span class="cx">                 void* executableAddress;
</span><span class="cx">                 if (m_moduleInformation-&gt;isImportedFunctionFromFunctionIndexSpace(call.functionIndex)) {
</span><span class="cx">                     // FIXME imports could have been linked in B3, instead of generating a patchpoint. This condition should be replaced by a RELEASE_ASSERT. https://bugs.webkit.org/show_bug.cgi?id=166462
</span><del>-                    executableAddress = call.target == UnlinkedWasmToWasmCall::Target::ToJs
-                    ? m_wasmExitStubs.at(call.functionIndex).wasmToJs.code().executableAddress()
-                    : m_wasmExitStubs.at(call.functionIndex).wasmToWasm.code().executableAddress();
-                } else {
-                    ASSERT(call.target != UnlinkedWasmToWasmCall::Target::ToJs);
</del><ins>+                    executableAddress = m_wasmExitStubs.at(call.functionIndex).wasmToWasm.code().executableAddress();
+                } else
</ins><span class="cx">                     executableAddress = m_wasmInternalFunctions.at(call.functionIndex - m_wasmExitStubs.size())-&gt;wasmEntrypoint.compilation-&gt;code().executableAddress();
</span><del>-                }
</del><span class="cx">                 MacroAssembler::repatchCall(call.callLocation, CodeLocationLabel(executableAddress));
</span><span class="cx">             }
</span><span class="cx">         }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmjsJSWebAssemblyCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.cpp (214710 => 214711)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.cpp        2017-04-01 02:05:01 UTC (rev 214710)
+++ trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.cpp        2017-04-01 02:09:51 UTC (rev 214711)
</span><span class="lines">@@ -72,6 +72,10 @@
</span><span class="cx">     m_callLinkInfos = plan().takeCallLinkInfos();
</span><span class="cx">     m_wasmExitStubs = plan().takeWasmExitStubs();
</span><span class="cx"> 
</span><ins>+    // The code a module emits to call into JS relies on us to set this up.
+    for (unsigned i = 0; i &lt; m_wasmExitStubs.size(); i++)
+        importWasmToJSStub(m_calleeCount, i) = m_wasmExitStubs[i].wasmToJs.code().executableAddress();
+
</ins><span class="cx">     plan().initializeCallees([&amp;] (unsigned calleeIndex, JSWebAssemblyCallee* jsEntrypointCallee, JSWebAssemblyCallee* wasmEntrypointCallee) {
</span><span class="cx">         setJSEntrypointCallee(vm, calleeIndex, jsEntrypointCallee);
</span><span class="cx">         setWasmEntrypointCallee(vm, calleeIndex, wasmEntrypointCallee);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmjsJSWebAssemblyCodeBlockh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h (214710 => 214711)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h        2017-04-01 02:05:01 UTC (rev 214710)
+++ trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h        2017-04-01 02:09:51 UTC (rev 214711)
</span><span class="lines">@@ -49,9 +49,9 @@
</span><span class="cx">     typedef JSCell Base;
</span><span class="cx">     static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal;
</span><span class="cx"> 
</span><del>-    static JSWebAssemblyCodeBlock* create(VM&amp; vm, JSWebAssemblyModule* owner, Wasm::MemoryMode mode, Ref&lt;Wasm::Plan&gt;&amp;&amp; plan, unsigned calleeCount)
</del><ins>+    static JSWebAssemblyCodeBlock* create(VM&amp; vm, JSWebAssemblyModule* owner, Wasm::MemoryMode mode, Ref&lt;Wasm::Plan&gt;&amp;&amp; plan, unsigned calleeCount, unsigned functionImportCount)
</ins><span class="cx">     {
</span><del>-        auto* result = new (NotNull, allocateCell&lt;JSWebAssemblyCodeBlock&gt;(vm.heap, allocationSize(calleeCount))) JSWebAssemblyCodeBlock(vm, owner, mode, WTFMove(plan), calleeCount);
</del><ins>+        auto* result = new (NotNull, allocateCell&lt;JSWebAssemblyCodeBlock&gt;(vm.heap, allocationSize(calleeCount, functionImportCount))) JSWebAssemblyCodeBlock(vm, owner, mode, WTFMove(plan), calleeCount);
</ins><span class="cx">         result-&gt;finishCreation(vm);
</span><span class="cx">         return result;
</span><span class="cx">     }
</span><span class="lines">@@ -111,6 +111,13 @@
</span><span class="cx">         return m_wasmExitStubs[importIndex].wasmToJs.code().executableAddress();
</span><span class="cx">     }
</span><span class="cx"> 
</span><ins>+    static ptrdiff_t offsetOfImportWasmToJSStub(unsigned calleeCount, unsigned importIndex)
+    {
+        return offsetOfCallees()
+            + (sizeof(WriteBarrier&lt;JSWebAssemblyCallee&gt;) * calleeCount * 2)
+            + (sizeof(void*) * importIndex);
+    }
+
</ins><span class="cx"> private:
</span><span class="cx">     JSWebAssemblyCodeBlock(VM&amp;, JSWebAssemblyModule*, Wasm::MemoryMode, Ref&lt;Wasm::Plan&gt;&amp;&amp;, unsigned calleeCount);
</span><span class="cx">     DECLARE_EXPORT_INFO;
</span><span class="lines">@@ -118,16 +125,23 @@
</span><span class="cx">     static void destroy(JSCell*);
</span><span class="cx">     static void visitChildren(JSCell*, SlotVisitor&amp;);
</span><span class="cx"> 
</span><del>-    static size_t offsetOfCallees()
</del><ins>+    static ptrdiff_t offsetOfCallees()
</ins><span class="cx">     {
</span><span class="cx">         return WTF::roundUpToMultipleOf&lt;sizeof(WriteBarrier&lt;JSWebAssemblyCallee&gt;)&gt;(sizeof(JSWebAssemblyCodeBlock));
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    static size_t allocationSize(unsigned numCallees)
</del><ins>+    static size_t allocationSize(unsigned calleeCount, unsigned functionImportCount)
</ins><span class="cx">     {
</span><del>-        return offsetOfCallees() + sizeof(WriteBarrier&lt;JSWebAssemblyCallee&gt;) * numCallees * 2;
</del><ins>+        return offsetOfCallees()
+            + (sizeof(WriteBarrier&lt;JSWebAssemblyCallee&gt;) * calleeCount * 2)
+            + (sizeof(void*) * functionImportCount);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><ins>+    void*&amp; importWasmToJSStub(unsigned calleeCount, unsigned importIndex)
+    {
+        return *bitwise_cast&lt;void**&gt;(bitwise_cast&lt;char*&gt;(this) + offsetOfImportWasmToJSStub(calleeCount, importIndex));
+    }
+
</ins><span class="cx">     class UnconditionalFinalizer : public JSC::UnconditionalFinalizer {
</span><span class="cx">         void finalizeUnconditionally() override;
</span><span class="cx">     };
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmjsJSWebAssemblyInstancecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp (214710 => 214711)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp        2017-04-01 02:05:01 UTC (rev 214710)
+++ trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp        2017-04-01 02:09:51 UTC (rev 214711)
</span><span class="lines">@@ -96,7 +96,8 @@
</span><span class="cx"> 
</span><span class="cx"> void JSWebAssemblyInstance::addUnitializedCodeBlock(VM&amp; vm, Ref&lt;Wasm::Plan&gt; plan)
</span><span class="cx"> {
</span><del>-    auto* codeBlock = JSWebAssemblyCodeBlock::create(vm, module(), memoryMode(), WTFMove(plan), module()-&gt;moduleInformation().internalFunctionCount());
</del><ins>+    auto* codeBlock = JSWebAssemblyCodeBlock::create(
+        vm, module(), memoryMode(), WTFMove(plan), module()-&gt;moduleInformation().internalFunctionCount(), module()-&gt;moduleInformation().importFunctionCount());
</ins><span class="cx">     m_codeBlock.set(vm, this, codeBlock);
</span><span class="cx">     ASSERT(!codeBlock-&gt;initialized());
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmjsJSWebAssemblyInstanceh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h (214710 => 214711)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h        2017-04-01 02:05:01 UTC (rev 214710)
+++ trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h        2017-04-01 02:09:51 UTC (rev 214711)
</span><span class="lines">@@ -79,6 +79,7 @@
</span><span class="cx">     static ptrdiff_t offsetOfCallee() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_callee); }
</span><span class="cx">     static ptrdiff_t offsetOfGlobals() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_globals); }
</span><span class="cx">     static ptrdiff_t offsetOfVM() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_vm); }
</span><ins>+    static ptrdiff_t offsetOfCodeBlock() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_codeBlock); }
</ins><span class="cx">     static size_t offsetOfImportFunctions() { return WTF::roundUpToMultipleOf&lt;sizeof(WriteBarrier&lt;JSCell&gt;)&gt;(sizeof(JSWebAssemblyInstance)); }
</span><span class="cx">     static size_t offsetOfImportFunction(size_t importFunctionNum) { return offsetOfImportFunctions() + importFunctionNum * sizeof(sizeof(WriteBarrier&lt;JSCell&gt;)); }
</span><span class="cx"> 
</span></span></pre>
</div>
</div>

</body>
</html>