[wasm] reuse the first compiled module

src/wasm/wasm-module.cc

 // Copyright 2015 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <memory>
 
 #include "src/base/atomic-utils.h"
 #include "src/code-stubs.h"
 
 #include "src/macro-assembler.h"
@@ skipping 140 matching lines @@
   DCHECK_NOT_NULL(deopt_data);
   DCHECK(deopt_data->length() == 2);
   Object* weak_link = deopt_data->get(0);
   if (weak_link == undefined) return undefined;
   WeakCell* cell = WeakCell::cast(weak_link);
   return cell->value();
 }
 
 namespace {
 // Internal constants for the layout of the module object.
-const int kWasmModuleFunctionTable = 0;
-const int kWasmModuleCodeTable = 1;
-const int kWasmMemArrayBuffer = 2;
-const int kWasmGlobalsArrayBuffer = 3;
-// TODO(clemensh): Remove function name array, extract names from module bytes.
-const int kWasmFunctionNamesArray = 4;
-const int kWasmModuleBytesString = 5;
-const int kWasmDebugInfo = 6;
-const int kWasmModuleInternalFieldCount = 7;
+enum WasmInstanceFields {
+  kWasmCompiledModule,

[bradnelson, 2016/09/02 16:56:59]

Optional:
Realize the default is zero, but I've sometimes seen the pattern where an
explicit =0 is a signal that other code depends on this enum being tightly
packed.

[Mircea Trofin, 2016/09/02 20:55:30]

Done.

+  kWasmModuleFunctionTable,
+  kWasmModuleCodeTable,
+  kWasmMemArrayBuffer,
+  kWasmGlobalsArrayBuffer,
+  // TODO(clemensh): Remove function name array, extract names from module
+  // bytes.
+  kWasmFunctionNamesArray,
+  kWasmModuleBytesString,
+  kWasmDebugInfo,
+  kWasmModuleInternalFieldCount
+};
 
 // TODO(mtrofin): Unnecessary once we stop using JS Heap for wasm code.
 // For now, each field is expected to have the type commented by its side.
 // The elements typed as "maybe" are optional. The others are mandatory. Since
 // the compiled module is either obtained from the current v8 instance, or from
 // a snapshot produced by a compatible (==identical) v8 instance, we simply
 // fail at instantiation time, in the face of invalid data.
 enum CompiledWasmObjectFields {
   kFunctions,        // FixedArray of Code
   kImportData,       // maybe FixedArray of FixedArray respecting the
                      // WasmImportMetadata structure.
   kImportMap,        // FixedArray. The i-th element is the Code object used for
                      // import i
   kExports,          // maybe FixedArray of FixedArray of WasmExportMetadata
                      // structure
   kStartupFunction,  // maybe FixedArray of WasmExportMetadata structure
   kTableOfIndirectFunctionTables,  // maybe FixedArray of FixedArray of
                                    // WasmIndirectFunctionTableMetadata
   kModuleBytes,                    // maybe String
   kFunctionNameTable,              // maybe ByteArray
   kMinRequiredMemory,              // Smi. an uint32_t
   // The following 2 are either together present or absent:
   kDataSegmentsInfo,  // maybe FixedArray of FixedArray respecting the
                       // WasmSegmentInfo structure
   kDataSegments,      // maybe ByteArray.
 
   kGlobalsSize,                 // Smi. an uint32_t
+  kMemSize,                     // Smi.an uint32_t
+  kMemStart,                    // MaybeHandle<ArrayBuffer>
   kExportMem,                   // Smi. bool
   kOrigin,                      // Smi. ModuleOrigin
+  kNextInstance,                // WeakCell. See compiled code cloning.
+  kPrevInstance,                // WeakCell. See compiled code cloning.
+  kOwningInstance,              // WeakCell, pointing to the owning instance.
+  kModuleObject,                // WeakCell, pointing to the module object.
   kCompiledWasmObjectTableSize  // Sentinel value.
 };
 
 enum WasmImportMetadata {
   kModuleName,              // String
   kFunctionName,            // maybe String
   kOutputCount,             // Smi. an uint32_t
   kSignature,               // ByteArray. A copy of the data in FunctionSig
   kWasmImportDataTableSize  // Sentinel value.
 };
@@ skipping 113 matching lines @@
     DCHECK_EQ(0, bytes[i]);
   }
 #endif
 
   Handle<JSArrayBuffer> buffer = isolate->factory()->NewJSArrayBuffer();
   JSArrayBuffer::Setup(buffer, isolate, false, memory, static_cast<int>(size));
   buffer->set_is_neuterable(false);
   return buffer;
 }
 
-void RelocateInstanceCode(Handle<JSObject> instance, Address start,
-                          uint32_t prev_size, uint32_t new_size) {
+void RelocateInstanceCode(Handle<JSObject> instance, Address old_start,
+                          Address start, uint32_t prev_size,
+                          uint32_t new_size) {
   Handle<FixedArray> functions = Handle<FixedArray>(
       FixedArray::cast(instance->GetInternalField(kWasmModuleCodeTable)));
   for (int i = 0; i < functions->length(); ++i) {
     Handle<Code> function = Handle<Code>(Code::cast(functions->get(i)));
     AllowDeferredHandleDereference embedding_raw_address;
     int mask = (1 << RelocInfo::WASM_MEMORY_REFERENCE) |
                (1 << RelocInfo::WASM_MEMORY_SIZE_REFERENCE);
     for (RelocIterator it(*function, mask); !it.done(); it.next()) {
-      it.rinfo()->update_wasm_memory_reference(nullptr, start, prev_size,
+      it.rinfo()->update_wasm_memory_reference(old_start, start, prev_size,
                                                new_size);
     }
   }
 }
 
 // Allocate memory for a module instance as a new JSArrayBuffer.
 Handle<JSArrayBuffer> AllocateMemory(ErrorThrower* thrower, Isolate* isolate,
                                      uint32_t min_mem_pages) {
   if (min_mem_pages > WasmModule::kMaxMemPages) {
     thrower->Error("Out of memory: wasm memory too large");
     return Handle<JSArrayBuffer>::null();
   }
   Handle<JSArrayBuffer> mem_buffer =
       NewArrayBuffer(isolate, min_mem_pages * WasmModule::kPageSize);
 
   if (mem_buffer.is_null()) {
     thrower->Error("Out of memory: wasm memory");
   }
   return mem_buffer;
 }
 
-void RelocateGlobals(Handle<JSObject> instance, Address globals_start) {
+void RelocateGlobals(Handle<JSObject> instance, Address old_start,
+                     Address globals_start) {
   Handle<FixedArray> functions = Handle<FixedArray>(
       FixedArray::cast(instance->GetInternalField(kWasmModuleCodeTable)));
   uint32_t function_count = static_cast<uint32_t>(functions->length());
   for (uint32_t i = 0; i < function_count; ++i) {
     Handle<Code> function = Handle<Code>(Code::cast(functions->get(i)));
     AllowDeferredHandleDereference embedding_raw_address;
     int mask = 1 << RelocInfo::WASM_GLOBAL_REFERENCE;
     for (RelocIterator it(*function, mask); !it.done(); it.next()) {
-      it.rinfo()->update_wasm_global_reference(nullptr, globals_start);
+      it.rinfo()->update_wasm_global_reference(old_start, globals_start);
     }
   }
 }
 
 Handle<Code> CreatePlaceholder(Factory* factory, uint32_t index,
                                Code::Kind kind) {
   // Create a placeholder code object and encode the corresponding index in
   // the {constant_pool_offset} field of the code object.
   // TODO(titzer): placeholder code objects are somewhat dangerous.
   static byte buffer[] = {0, 0, 0, 0, 0, 0, 0, 0};  // fake instructions.
@@ skipping 10 matching lines @@
                             std::vector<Handle<Code>>* placeholders,
                             size_t size) {
   DCHECK(placeholders->empty());
   placeholders->reserve(size);
 
   for (uint32_t i = 0; i < size; ++i) {
     placeholders->push_back(CreatePlaceholder(factory, i, Code::WASM_FUNCTION));
   }
 }
 
-bool LinkFunction(Handle<Code> unlinked,
-                  const std::vector<Handle<Code>>& code_targets,
-                  Code::Kind kind) {
+bool LinkFunction(Isolate* isolate, Handle<Code> unlinked,
+                  Handle<FixedArray> code_targets,
+                  Code::Kind kind = Code::WASM_FUNCTION) {
   bool modified = false;
-  int mode_mask = RelocInfo::kCodeTargetMask;
+  int mode_mask = RelocInfo::ModeMask(RelocInfo::CODE_TARGET);
   AllowDeferredHandleDereference embedding_raw_address;
   for (RelocIterator it(*unlinked, mode_mask); !it.done(); it.next()) {
-    RelocInfo::Mode mode = it.rinfo()->rmode();
-    if (RelocInfo::IsCodeTarget(mode)) {
-      Code* target =
-          Code::GetCodeFromTargetAddress(it.rinfo()->target_address());
-      if (target->kind() == kind &&
-          target->constant_pool_offset() >= kPlaceholderMarker) {
-        // Patch direct calls to placeholder code objects.
-        uint32_t index = target->constant_pool_offset() - kPlaceholderMarker;
-        CHECK(index < code_targets.size());
-        Handle<Code> new_target = code_targets[index];
-        if (target != *new_target) {
-          it.rinfo()->set_target_address(new_target->instruction_start(),
-                                         UPDATE_WRITE_BARRIER,
-                                         SKIP_ICACHE_FLUSH);
-          modified = true;
-        }
+    Code* target = Code::GetCodeFromTargetAddress(it.rinfo()->target_address());
+    if (target->kind() == kind &&
+        target->constant_pool_offset() >= kPlaceholderMarker) {
+      // Patch direct calls to placeholder code objects.
+      uint32_t index = target->constant_pool_offset() - kPlaceholderMarker;
+      CHECK(index < static_cast<uint32_t>(code_targets->length()));
+      Handle<Code> new_target =
+          code_targets->GetValueChecked<Code>(isolate, index);
+      if (target != *new_target) {
+        it.rinfo()->set_target_address(new_target->instruction_start(),
+                                       UPDATE_WRITE_BARRIER, SKIP_ICACHE_FLUSH);
+        modified = true;
       }
     }
   }
   return modified;
 }
 
-void LinkModuleFunctions(Isolate* isolate,
-                         std::vector<Handle<Code>>& functions) {
-  for (size_t i = 0; i < functions.size(); ++i) {
-    Handle<Code> code = functions[i];
-    LinkFunction(code, functions, Code::WASM_FUNCTION);
+void LinkModuleFunctions(Isolate* isolate, Handle<FixedArray> functions) {
+  for (int i = 0; i < functions->length(); ++i) {
+    Handle<Code> code = functions->GetValueChecked<Code>(isolate, i);
+    LinkFunction(isolate, code, functions);
   }
 }
 
 void FlushAssemblyCache(Isolate* isolate, Handle<FixedArray> functions) {
   for (int i = 0; i < functions->length(); ++i) {
     Handle<Code> code = functions->GetValueChecked<Code>(isolate, i);
     Assembler::FlushICache(isolate, code->instruction_start(),
                            code->instruction_size());
   }
 }
 
 void SetRuntimeSupport(Isolate* isolate, Handle<JSObject> js_object) {
   Handle<FixedArray> functions = Handle<FixedArray>(
       FixedArray::cast(js_object->GetInternalField(kWasmModuleCodeTable)));
   Handle<WeakCell> weak_link = isolate->factory()->NewWeakCell(js_object);
 
   for (int i = FLAG_skip_compiling_wasm_funcs; i < functions->length(); ++i) {
     Handle<Code> code = functions->GetValueChecked<Code>(isolate, i);
-    DCHECK(code->deoptimization_data() == nullptr ||

[bradnelson, 2016/09/02 16:57:00]

Why?

[Mircea Trofin, 2016/09/02 20:55:30]

Because now the deopt will be valid, but belonging to the code object we
used as prototype for this new one.

-           code->deoptimization_data()->length() == 0);
     Handle<FixedArray> deopt_data =
         isolate->factory()->NewFixedArray(2, TENURED);
     deopt_data->set(0, *weak_link);
     deopt_data->set(1, Smi::FromInt(static_cast<int>(i)));
     deopt_data->set_length(2);
     code->set_deoptimization_data(*deopt_data);
   }
 }
 
 }  // namespace
@@ skipping 146 matching lines @@
   for (Handle<Code> c : functions) RecordStats(isolate, *c);
 }
 
 static void RecordStats(Isolate* isolate, Handle<FixedArray> functions) {
   DisallowHeapAllocation no_gc;
   for (int i = 0; i < functions->length(); ++i) {
     RecordStats(isolate, Code::cast(functions->get(i)));
   }
 }
 
+Address GetGlobalStartAddressFromCodeTemplate(Object* undefined,
+                                              JSObject* owner) {
+  Address old_address = nullptr;
+  Object* stored_value = owner->GetInternalField(kWasmGlobalsArrayBuffer);
+  if (stored_value != undefined) {
+    old_address = static_cast<Address>(
+        JSArrayBuffer::cast(stored_value)->backing_store());
+  }
+  return old_address;
+}
+
 Handle<FixedArray> GetImportsMetadata(Factory* factory,
                                       const WasmModule* module) {
   Handle<FixedArray> ret = factory->NewFixedArray(
       static_cast<int>(module->import_table.size()), TENURED);
   for (size_t i = 0; i < module->import_table.size(); ++i) {
     const WasmImport& import = module->import_table[i];
     WasmName module_name = module->GetNameOrNull(import.module_name_offset,
                                                  import.module_name_length);
     WasmName function_name = module->GetNameOrNull(import.function_name_offset,
                                                    import.function_name_length);
@@ skipping 271 matching lines @@
   }
 
   MaybeHandle<ByteArray> function_name_table =
       compiled_module->GetValue<ByteArray>(isolate, kFunctionNameTable);
   if (!function_name_table.is_null()) {
     js_object->SetInternalField(kWasmFunctionNamesArray,
                                 *function_name_table.ToHandleChecked());
   }
 }
 
-bool SetupGlobals(Isolate* isolate, Handle<FixedArray> compiled_module,
-                  Handle<JSObject> instance, ErrorThrower* thrower) {
+bool SetupGlobals(Isolate* isolate, MaybeHandle<JSObject> template_owner,
+                  Handle<FixedArray> compiled_module, Handle<JSObject> instance,
+                  ErrorThrower* thrower) {
   uint32_t globals_size = static_cast<uint32_t>(
       Smi::cast(compiled_module->get(kGlobalsSize))->value());
   if (globals_size > 0) {
     Handle<JSArrayBuffer> globals_buffer =
         NewArrayBuffer(isolate, globals_size);
     if (globals_buffer.is_null()) {
       thrower->Error("Out of memory: wasm globals");
       return false;
     }
-    RelocateGlobals(instance,
+    Address old_address =
+        template_owner.is_null()
+            ? nullptr
+            : GetGlobalStartAddressFromCodeTemplate(
+                  *isolate->factory()->undefined_value(),
+                  JSObject::cast(*template_owner.ToHandleChecked()));
+    RelocateGlobals(instance, old_address,
                     static_cast<Address>(globals_buffer->backing_store()));
     instance->SetInternalField(kWasmGlobalsArrayBuffer, *globals_buffer);
   }
   return true;
 }
 
 bool SetupInstanceHeap(Isolate* isolate, Handle<FixedArray> compiled_module,
                        Handle<JSObject> instance, Handle<JSArrayBuffer> memory,
                        ErrorThrower* thrower) {
   uint32_t min_mem_pages = static_cast<uint32_t>(
       Smi::cast(compiled_module->get(kMinRequiredMemory))->value());
   isolate->counters()->wasm_min_mem_pages_count()->AddSample(min_mem_pages);
   // TODO(wasm): re-enable counter for max_mem_pages when we use that field.
 
   if (memory.is_null() && min_mem_pages > 0) {
     memory = AllocateMemory(thrower, isolate, min_mem_pages);
     if (memory.is_null()) {
       return false;
     }
   }
 
   if (!memory.is_null()) {
     instance->SetInternalField(kWasmMemArrayBuffer, *memory);
     Address mem_start = static_cast<Address>(memory->backing_store());
     uint32_t mem_size = static_cast<uint32_t>(memory->byte_length()->Number());
-    RelocateInstanceCode(instance, mem_start,
-                         WasmModule::kPageSize * min_mem_pages, mem_size);
+    uint32_t old_mem_size = static_cast<uint32_t>(
+        compiled_module->GetValueChecked<HeapNumber>(isolate, kMemSize)
+            ->value());
+    MaybeHandle<JSArrayBuffer> old_mem =
+        compiled_module->GetValue<JSArrayBuffer>(isolate, kMemStart);
+    Address old_mem_start =
+        old_mem.is_null()
+            ? nullptr
+            : static_cast<Address>(old_mem.ToHandleChecked()->backing_store());
+    RelocateInstanceCode(instance, old_mem_start, mem_start, old_mem_size,
+                         mem_size);
     LoadDataSegments(compiled_module, mem_start, mem_size);
+    compiled_module->GetValueChecked<HeapNumber>(isolate, kMemSize)
+        ->set_value(static_cast<double>(mem_size));
+    compiled_module->set(kMemStart, *memory);
   }
   return true;
 }
 
+void FixupFunctionsAndImports(Handle<FixedArray> old_functions,
+                              Handle<FixedArray> new_functions,
+                              MaybeHandle<FixedArray> maybe_old_imports,
+                              MaybeHandle<FixedArray> maybe_new_imports) {
+  DCHECK_EQ(new_functions->length(), old_functions->length());
+
+  DisallowHeapAllocation no_gc;
+  std::map<Code*, Code*> old_to_new_code;
+  for (int i = 0; i < new_functions->length(); ++i) {
+    old_to_new_code.insert(std::make_pair(Code::cast(old_functions->get(i)),
+                                          Code::cast(new_functions->get(i))));
+  }
+  DCHECK_EQ(maybe_old_imports.is_null(), maybe_new_imports.is_null());
+  if (!maybe_old_imports.is_null()) {
+    Handle<FixedArray> old_imports = maybe_old_imports.ToHandleChecked();
+    Handle<FixedArray> new_imports = maybe_new_imports.ToHandleChecked();
+    DCHECK_EQ(new_imports->length(), old_imports->length());
+    for (int i = 0; i < new_imports->length(); ++i) {
+      old_to_new_code.insert(std::make_pair(Code::cast(old_imports->get(i)),
+                                            Code::cast(new_imports->get(i))));
+    }
+  }
+  int mode_mask = RelocInfo::ModeMask(RelocInfo::CODE_TARGET);
+  AllowDeferredHandleDereference embedding_raw_address;
+  for (int i = 0; i < new_functions->length(); ++i) {
+    Code* wasm_function = Code::cast(new_functions->get(i));
+    for (RelocIterator it(wasm_function, mode_mask); !it.done(); it.next()) {
+      Code* old_code =
+          Code::GetCodeFromTargetAddress(it.rinfo()->target_address());
+      if (old_code->kind() == Code::WASM_TO_JS_FUNCTION ||
+          old_code->kind() == Code::WASM_FUNCTION) {
+        auto found = old_to_new_code.find(old_code);
+        DCHECK(found != old_to_new_code.end());
+        Code* new_code = found->second;
+        // Avoid redundant updates, expected for wasm functions, if we're at the
+        // first instance.
+        if (new_code == old_code) {
+          DCHECK(new_code->kind() == Code::WASM_FUNCTION);
+          continue;
+        }
+        it.rinfo()->set_target_address(new_code->instruction_start(),
+                                       UPDATE_WRITE_BARRIER, SKIP_ICACHE_FLUSH);
+      }
+    }
+  }
+}
+
 bool SetupImports(Isolate* isolate, Handle<FixedArray> compiled_module,
                   Handle<JSObject> instance, ErrorThrower* thrower,
                   Handle<JSReceiver> ffi) {
   //-------------------------------------------------------------------------
   // Compile wrappers to imported functions.
   //-------------------------------------------------------------------------
   std::vector<Handle<Code>> import_code;
   MaybeHandle<FixedArray> maybe_import_data =
       compiled_module->GetValue<FixedArray>(isolate, kImportData);
   Handle<FixedArray> import_data;
   if (maybe_import_data.ToHandle(&import_data)) {
     if (!CompileWrappersToImportedFunctions(isolate, ffi, import_code,
                                             import_data, thrower)) {
       return false;
     }
   }
 
   RecordStats(isolate, import_code);
-
   if (import_code.empty()) return true;
 
-  {
-    DisallowHeapAllocation no_gc;
-    std::map<Code*, int> import_to_index;
-    Handle<FixedArray> mapping =
-        compiled_module->GetValueChecked<FixedArray>(isolate, kImportMap);
-    for (int i = 0; i < mapping->length(); ++i) {
-      import_to_index.insert(std::make_pair(Code::cast(mapping->get(i)), i));
-    }
-
-    Handle<FixedArray> code_table = Handle<FixedArray>(
-        FixedArray::cast(instance->GetInternalField(kWasmModuleCodeTable)));
-
-    int mode_mask = RelocInfo::ModeMask(RelocInfo::CODE_TARGET);
-    AllowDeferredHandleDereference embedding_raw_address;
-    for (int i = 0; i < code_table->length(); ++i) {
-      Handle<Code> wasm_function =
-          code_table->GetValueChecked<Code>(isolate, i);
-      for (RelocIterator it(*wasm_function, mode_mask); !it.done(); it.next()) {
-        Code* target =
-            Code::GetCodeFromTargetAddress(it.rinfo()->target_address());
-        if (target->kind() == Code::WASM_TO_JS_FUNCTION) {
-          auto found_index = import_to_index.find(target);
-          CHECK(found_index != import_to_index.end());
-          int index = found_index->second;
-          CHECK(index < static_cast<int>(import_code.size()));
-          Handle<Code> new_target = import_code[index];
-          it.rinfo()->set_target_address(new_target->instruction_start(),
-                                         UPDATE_WRITE_BARRIER,
-                                         SKIP_ICACHE_FLUSH);
-        }
-      }
-    }
+  Handle<FixedArray> new_imports =
+      isolate->factory()->NewFixedArray(static_cast<int>(import_code.size()));
+  for (int i = 0; i < new_imports->length(); ++i) {
+    new_imports->set(i, *import_code[i]);
   }
-  Handle<FixedArray> new_mapping =
-      isolate->factory()->NewFixedArray(static_cast<int>(import_code.size()));
-  for (int i = 0; i < new_mapping->length(); ++i) {
-    new_mapping->set(i, *import_code[i]);
-  }
-  compiled_module->set(kImportMap, *new_mapping);
-
+  compiled_module->set(kImportMap, *new_imports);
   return true;
 }
 
 bool SetupExportsObject(Handle<FixedArray> compiled_module, Isolate* isolate,
                         Handle<JSObject> instance, ErrorThrower* thrower) {
   Factory* factory = isolate->factory();
   bool mem_export =
       static_cast<bool>(Smi::cast(compiled_module->get(kExportMem))->value());
   ModuleOrigin origin = static_cast<ModuleOrigin>(
       Smi::cast(compiled_module->get(kOrigin))->value());
@@ skipping 44 matching lines @@
       // Export the memory as a named property.
       Handle<String> name = factory->InternalizeUtf8String("memory");
       Handle<JSArrayBuffer> memory = Handle<JSArrayBuffer>(
           JSArrayBuffer::cast(instance->GetInternalField(kWasmMemArrayBuffer)));
       JSObject::AddProperty(exports_object, name, memory, READ_ONLY);
     }
   }
   return true;
 }
 
+#define GET_COMPILED_MODULE_WEAK_RELATION_OR_NULL(Field)    \
+  WeakCell* Get##Field(const FixedArray* compiled_module) { \
+    Object* obj = compiled_module->get(k##Field);           \
+    DCHECK_NOT_NULL(obj);                                   \
+    if (obj->IsWeakCell()) {                                \
+      return WeakCell::cast(obj);                           \
+    } else {                                                \
+      return nullptr;                                       \
+    }                                                       \
+  }
+
+GET_COMPILED_MODULE_WEAK_RELATION_OR_NULL(NextInstance)
+GET_COMPILED_MODULE_WEAK_RELATION_OR_NULL(PrevInstance)
+GET_COMPILED_MODULE_WEAK_RELATION_OR_NULL(OwningInstance)
+GET_COMPILED_MODULE_WEAK_RELATION_OR_NULL(ModuleObject)
+
+static void ResetCompiledModule(Isolate* isolate, JSObject* owner,
+                                FixedArray* compiled_module) {
+  Object* undefined = *isolate->factory()->undefined_value();
+  Object* mem_size_obj = compiled_module->get(kMemSize);
+  DCHECK(mem_size_obj->IsNumber());
+  uint32_t old_mem_size =
+      static_cast<uint32_t>(HeapNumber::cast(mem_size_obj)->value());
+  Object* mem_start = compiled_module->get(kMemStart);
+  Address old_mem_address = nullptr;
+  Address globals_start =
+      GetGlobalStartAddressFromCodeTemplate(undefined, owner);
+
+  if (old_mem_size > 0) {
+    CHECK_NE(mem_start, undefined);
+    old_mem_address =
+        static_cast<Address>(JSArrayBuffer::cast(mem_start)->backing_store());
+  }
+  int mode_mask = RelocInfo::ModeMask(RelocInfo::WASM_MEMORY_REFERENCE) |
+                  RelocInfo::ModeMask(RelocInfo::WASM_MEMORY_SIZE_REFERENCE) |
+                  RelocInfo::ModeMask(RelocInfo::WASM_GLOBAL_REFERENCE);
+
+  Object* fct_obj = compiled_module->get(kFunctions);
+  if (fct_obj != nullptr && fct_obj != undefined &&
+      (old_mem_size > 0 || globals_start != nullptr)) {
+    FixedArray* functions = FixedArray::cast(fct_obj);
+    for (int i = 0; i < functions->length(); ++i) {
+      Code* code = Code::cast(functions->get(i));
+      bool changed = false;
+      for (RelocIterator it(code, mode_mask); !it.done(); it.next()) {
+        RelocInfo::Mode mode = it.rinfo()->rmode();
+        if (RelocInfo::IsWasmMemoryReference(mode) ||
+            RelocInfo::IsWasmMemorySizeReference(mode)) {
+          it.rinfo()->update_wasm_memory_reference(old_mem_address, nullptr,
+                                                   old_mem_size, old_mem_size);
+          changed = true;
+        } else {
+          CHECK(RelocInfo::IsWasmGlobalReference(mode));
+          it.rinfo()->update_wasm_global_reference(globals_start, nullptr);
+          changed = true;
+        }
+      }
+      if (changed) {
+        Assembler::FlushICache(isolate, code->instruction_start(),
+                               code->instruction_size());
+      }
+    }
+  }
+  compiled_module->set(kOwningInstance, undefined);
+  compiled_module->set(kMemStart, undefined);
+}
+
+static void InstanceFinalizer(const v8::WeakCallbackInfo<void>& data) {
+  JSObject** p = reinterpret_cast<JSObject**>(data.GetParameter());
+  JSObject* owner = *p;
+  FixedArray* compiled_module =
+      FixedArray::cast(owner->GetInternalField(kWasmCompiledModule));
+  Isolate* isolate = reinterpret_cast<Isolate*>(data.GetIsolate());
+  Object* undefined = *isolate->factory()->undefined_value();
+  WeakCell* weak_module_obj = GetModuleObject(compiled_module);
+  DCHECK_NOT_NULL(weak_module_obj);
+  if (!weak_module_obj->cleared()) {

[bradnelson, 2016/09/02 16:57:00]

Why?

[Mircea Trofin, 2016/09/02 20:55:30]

It may be cleared when this happens:
var m = new WebAssembly.Module(...);
var i1 = new WebAssembly.Instance(m);
var i2 = new WebAssembly.Instance(m);
m = nullptr;
gc();

In this case, we don't care anymore to maintain the links, because no new
instances may be created.

I added a comment.

+    JSObject* module_obj = JSObject::cast(weak_module_obj->value());
+    FixedArray* current_template =
+        FixedArray::cast(module_obj->GetInternalField(0));
+    DCHECK_NULL(GetPrevInstance(current_template));

[bradnelson, 2016/09/02 16:57:00]

Separate out the remove from chain operation?
Or comment that's what's going on?

[Mircea Trofin, 2016/09/02 20:55:30]

There nothing else than the delete - we're called here when an instance is
dying.

+    WeakCell* next = GetNextInstance(compiled_module);
+    WeakCell* prev = GetPrevInstance(compiled_module);
+
+    if (current_template == compiled_module) {
+      if (next == nullptr) {
+        ResetCompiledModule(isolate, owner, compiled_module);
+      } else {
+        DCHECK(next->value()->IsFixedArray());
+        module_obj->SetInternalField(0, next->value());
+        DCHECK_NULL(prev);
+        FixedArray::cast(next->value())->set(kPrevInstance, undefined);
+      }
+    } else {
+      DCHECK(!(prev == nullptr && next == nullptr));
+      // the only reason prev or next would be cleared is if the
+      // respective objects got collected, but if that happened,
+      // we would have relinked the list.
+      if (prev != nullptr) {
+        DCHECK(!prev->cleared());
+        FixedArray::cast(prev->value())
+            ->set(kNextInstance, next == nullptr ? undefined : next);
+      }
+      if (next != nullptr) {
+        DCHECK(!next->cleared());
+        FixedArray::cast(next->value())
+            ->set(kPrevInstance, prev == nullptr ? undefined : prev);
+      }
+    }
+  }
+  GlobalHandles::Destroy(reinterpret_cast<Object**>(p));
+}
+
 }  // namespace
 
 MaybeHandle<FixedArray> WasmModule::CompileFunctions(
     Isolate* isolate, ErrorThrower* thrower) const {
   Factory* factory = isolate->factory();
 
   MaybeHandle<FixedArray> nothing;
 
   WasmModuleInstance temp_instance_for_compilation(this);
   temp_instance_for_compilation.context = isolate->native_context();
@@ skipping 55 matching lines @@
   }
   if (thrower->error()) return nothing;
 
   // At this point, compilation has completed. Update the code table.
   for (size_t i = FLAG_skip_compiling_wasm_funcs;
        i < temp_instance_for_compilation.function_code.size(); ++i) {
     Code* code = *temp_instance_for_compilation.function_code[i];
     compiled_functions->set(static_cast<int>(i), code);
   }
 
+  LinkModuleFunctions(isolate, compiled_functions);
+
+  // TODO(mtrofin): do we need to flush the cache here?
+  FlushAssemblyCache(isolate, compiled_functions);

[bradnelson, 2016/09/02 16:56:59]

Because the code has never run? Probably not.

[Mircea Trofin, 2016/09/02 20:55:30]

Acknowledged.

+
   // Create the compiled module object, and populate with compiled functions
   // and information needed at instantiation time. This object needs to be
   // serializable. Instantiation may occur off a deserialized version of this
   // object.
   Handle<FixedArray> ret =
       factory->NewFixedArray(kCompiledWasmObjectTableSize, TENURED);
   ret->set(kFunctions, *compiled_functions);
   if (!indirect_table.is_null()) {
     ret->set(kTableOfIndirectFunctionTables, *indirect_table.ToHandleChecked());
   }
@@ skipping 75 matching lines @@
   }
 
   Handle<ByteArray> function_name_table =
       BuildFunctionNamesTable(isolate, module_env.module);
   ret->set(kFunctionNameTable, *function_name_table);
   ret->set(kMinRequiredMemory, Smi::FromInt(min_mem_pages));
   if (data_segments.size() > 0) SaveDataSegmentInfo(factory, this, ret);
   ret->set(kGlobalsSize, Smi::FromInt(globals_size));
   ret->set(kExportMem, Smi::FromInt(mem_export));
   ret->set(kOrigin, Smi::FromInt(origin));
+  ret->set(kMemSize,
+           *factory->NewHeapNumber(
+               static_cast<double>(temp_instance_for_compilation.mem_size),
+               MUTABLE, TENURED));
   return ret;
 }
 
 void PatchJSWrapper(Isolate* isolate, Handle<Code> wrapper,
                     Handle<Code> new_target) {
   AllowDeferredHandleDereference embedding_raw_address;
   bool seen = false;
   for (RelocIterator it(*wrapper, 1 << RelocInfo::CODE_TARGET); !it.done();
        it.next()) {
     Code* target = Code::GetCodeFromTargetAddress(it.rinfo()->target_address());
     if (target->kind() == Code::WASM_FUNCTION) {
       DCHECK(!seen);
       seen = true;
       it.rinfo()->set_target_address(new_target->instruction_start(),
                                      UPDATE_WRITE_BARRIER, SKIP_ICACHE_FLUSH);
     }
   }
   CHECK(seen);
   Assembler::FlushICache(isolate, wrapper->instruction_start(),
                          wrapper->instruction_size());
 }
 
 Handle<FixedArray> SetupIndirectFunctionTable(
     Isolate* isolate, Handle<FixedArray> wasm_functions,
-    Handle<FixedArray> indirect_table_template) {
+    Handle<FixedArray> indirect_table_template,
+    Handle<FixedArray> tables_to_replace) {
   Factory* factory = isolate->factory();
   Handle<FixedArray> cloned_indirect_tables =
       factory->CopyFixedArray(indirect_table_template);
   for (int i = 0; i < cloned_indirect_tables->length(); ++i) {
     Handle<FixedArray> orig_metadata =
         cloned_indirect_tables->GetValueChecked<FixedArray>(isolate, i);
     Handle<FixedArray> cloned_metadata = factory->CopyFixedArray(orig_metadata);
     cloned_indirect_tables->set(i, *cloned_metadata);
 
     Handle<FixedArray> orig_table =
         cloned_metadata->GetValueChecked<FixedArray>(isolate, kTable);
     Handle<FixedArray> cloned_table = factory->CopyFixedArray(orig_table);
     cloned_metadata->set(kTable, *cloned_table);
     // Patch the cloned code to refer to the cloned kTable.
-    for (int i = 0; i < wasm_functions->length(); ++i) {
+    Handle<FixedArray> table_to_replace =
+        tables_to_replace->GetValueChecked<FixedArray>(isolate, i)
+            ->GetValueChecked<FixedArray>(isolate, kTable);
+    for (int fct_index = 0; fct_index < wasm_functions->length(); ++fct_index) {
       Handle<Code> wasm_function =
-          wasm_functions->GetValueChecked<Code>(isolate, i);
-      PatchFunctionTable(wasm_function, orig_table, cloned_table);
+          wasm_functions->GetValueChecked<Code>(isolate, fct_index);
+      PatchFunctionTable(wasm_function, table_to_replace, cloned_table);
     }
   }
   return cloned_indirect_tables;
 }
 
 Handle<FixedArray> CloneModuleForInstance(Isolate* isolate,
                                           Handle<FixedArray> original) {
   Factory* factory = isolate->factory();
+  bool is_first =
+      original->GetValue<WeakCell>(isolate, kOwningInstance).is_null();
+
+  if (is_first) {
+    return original;
+  }
+
+  // We insert the latest clone in front.
   Handle<FixedArray> clone = factory->CopyFixedArray(original);
+  Handle<WeakCell> weak_link_to_wasm_obj =
+      original->GetValueChecked<WeakCell>(isolate, kModuleObject);
+
+  clone->set(kModuleObject, *weak_link_to_wasm_obj);
+  clone->set(kNextInstance, *factory->NewWeakCell(original));
+  original->set(kPrevInstance, *factory->NewWeakCell(clone));
+  JSObject::cast(weak_link_to_wasm_obj->value())->SetInternalField(0, *clone);
 
   // Clone each wasm code object.
   Handle<FixedArray> orig_wasm_functions =
       original->GetValueChecked<FixedArray>(isolate, kFunctions);
   Handle<FixedArray> clone_wasm_functions =
       factory->CopyFixedArray(orig_wasm_functions);
   clone->set(kFunctions, *clone_wasm_functions);
   for (int i = 0; i < clone_wasm_functions->length(); ++i) {
     Handle<Code> orig_code =
         clone_wasm_functions->GetValueChecked<Code>(isolate, i);
@@ skipping 40 matching lines @@
     clone->set(kStartupFunction, *startup_metadata);
     // TODO(wasm): see todo above about int vs size_t indexing in FixedArray.
     int startup_fct_index =
         Smi::cast(startup_metadata->get(kExportedFunctionIndex))->value();
     CHECK_GE(startup_fct_index, 0);
     CHECK_LT(startup_fct_index, clone_wasm_functions->length());
     Handle<Code> new_target =
         clone_wasm_functions->GetValueChecked<Code>(isolate, startup_fct_index);
     PatchJSWrapper(isolate, startup_fct_clone, new_target);
   }
+  clone->set(kImportMap, *isolate->factory()->undefined_value());
   return clone;
 }
 
 // Instantiates a wasm module as a JSObject.
 //  * allocates a backing store of {mem_size} bytes.
 //  * installs a named property "memory" for that buffer if exported
 //  * installs named properties on the object for exported functions
 //  * compiles wasm code to machine code
 MaybeHandle<JSObject> WasmModule::Instantiate(
-    Isolate* isolate, Handle<FixedArray> compiled_module,
+    Isolate* isolate, Handle<FixedArray> compiled_module_template,
     Handle<JSReceiver> ffi, Handle<JSArrayBuffer> memory) {
   HistogramTimerScope wasm_instantiate_module_time_scope(
       isolate->counters()->wasm_instantiate_module_time());
   ErrorThrower thrower(isolate, "WasmModule::Instantiate()");
   Factory* factory = isolate->factory();
 
-  compiled_module = CloneModuleForInstance(isolate, compiled_module);
+  Handle<FixedArray> compiled_module =
+      CloneModuleForInstance(isolate, compiled_module_template);
 
+  bool template_is_owned =
+      GetOwningInstance(*compiled_module_template) != nullptr;
+
+  MaybeHandle<JSObject> template_owner;
+  if (template_is_owned) {
+    Handle<WeakCell> weak_owner =
+        compiled_module_template->GetValueChecked<WeakCell>(isolate,
+                                                            kOwningInstance);
+    template_owner = handle(JSObject::cast(weak_owner->value()));
+  }
   // These fields are compulsory.
   Handle<FixedArray> code_table =
       compiled_module->GetValueChecked<FixedArray>(isolate, kFunctions);
 
-  std::vector<Handle<Code>> functions(
-      static_cast<size_t>(code_table->length()));
-  for (int i = 0; i < code_table->length(); ++i) {
-    functions[static_cast<size_t>(i)] =
-        code_table->GetValueChecked<Code>(isolate, i);
-  }
-  LinkModuleFunctions(isolate, functions);
-
   RecordStats(isolate, code_table);
 
   MaybeHandle<JSObject> nothing;
 
   Handle<Map> map = factory->NewMap(
       JS_OBJECT_TYPE,
       JSObject::kHeaderSize + kWasmModuleInternalFieldCount * kPointerSize);
   Handle<JSObject> js_object = factory->NewJSObjectFromMap(map, TENURED);
   js_object->SetInternalField(kWasmModuleCodeTable, *code_table);
 
+  // Remember the old imports, for the case when we are at the first instance -
+  // they will be
+  // replaced with the instance's actual imports in SetupImports.

[bradnelson, 2016/09/02 16:57:00]

reflow comment

[Mircea Trofin, 2016/09/02 20:55:30]

Done.

+  MaybeHandle<FixedArray> old_imports =
+      compiled_module_template->GetValue<FixedArray>(isolate, kImportMap);
   if (!(SetupInstanceHeap(isolate, compiled_module, js_object, memory,
                           &thrower) &&
-        SetupGlobals(isolate, compiled_module, js_object, &thrower) &&
+        SetupGlobals(isolate, template_owner, compiled_module, js_object,
+                     &thrower) &&
         SetupImports(isolate, compiled_module, js_object, &thrower, ffi) &&
         SetupExportsObject(compiled_module, isolate, js_object, &thrower))) {
     return nothing;
   }
 
+  FixupFunctionsAndImports(
+      compiled_module_template->GetValueChecked<FixedArray>(isolate,
+                                                            kFunctions),
+      code_table, old_imports,
+      compiled_module->GetValue<FixedArray>(isolate, kImportMap));
+
   SetDebugSupport(factory, compiled_module, js_object);
   SetRuntimeSupport(isolate, js_object);
 
   FlushAssemblyCache(isolate, code_table);
 
-  MaybeHandle<FixedArray> maybe_indirect_tables =
-      compiled_module->GetValue<FixedArray>(isolate,
-                                            kTableOfIndirectFunctionTables);
-  Handle<FixedArray> indirect_tables_template;
-  if (maybe_indirect_tables.ToHandle(&indirect_tables_template)) {
-    Handle<FixedArray> indirect_tables = SetupIndirectFunctionTable(
-        isolate, code_table, indirect_tables_template);
-    for (int i = 0; i < indirect_tables->length(); ++i) {
-      Handle<FixedArray> metadata =
-          indirect_tables->GetValueChecked<FixedArray>(isolate, i);
-      uint32_t size = Smi::cast(metadata->get(kSize))->value();
-      Handle<FixedArray> table =
-          metadata->GetValueChecked<FixedArray>(isolate, kTable);
-      wasm::PopulateFunctionTable(table, size, &functions);
+  {
+    std::vector<Handle<Code>> functions(
+        static_cast<size_t>(code_table->length()));
+    for (int i = 0; i < code_table->length(); ++i) {
+      functions[static_cast<size_t>(i)] =
+          code_table->GetValueChecked<Code>(isolate, i);
     }
-    js_object->SetInternalField(kWasmModuleFunctionTable, *indirect_tables);
+
+    MaybeHandle<FixedArray> maybe_indirect_tables =
+        compiled_module->GetValue<FixedArray>(isolate,
+                                              kTableOfIndirectFunctionTables);
+    Handle<FixedArray> indirect_tables_template;
+    if (maybe_indirect_tables.ToHandle(&indirect_tables_template)) {
+      Handle<FixedArray> to_replace =
+          template_owner.is_null()
+              ? indirect_tables_template
+              : handle(FixedArray::cast(
+                    template_owner.ToHandleChecked()->GetInternalField(
+                        kWasmModuleFunctionTable)));
+      Handle<FixedArray> indirect_tables = SetupIndirectFunctionTable(
+          isolate, code_table, indirect_tables_template, to_replace);
+      for (int i = 0; i < indirect_tables->length(); ++i) {
+        Handle<FixedArray> metadata =
+            indirect_tables->GetValueChecked<FixedArray>(isolate, i);
+        uint32_t size = Smi::cast(metadata->get(kSize))->value();
+        Handle<FixedArray> table =
+            metadata->GetValueChecked<FixedArray>(isolate, kTable);
+        wasm::PopulateFunctionTable(table, size, &functions);
+      }
+      js_object->SetInternalField(kWasmModuleFunctionTable, *indirect_tables);
+    }
   }
 
   // Run the start function if one was specified.
   MaybeHandle<FixedArray> maybe_startup_fct =
       compiled_module->GetValue<FixedArray>(isolate, kStartupFunction);
   Handle<FixedArray> metadata;
   if (maybe_startup_fct.ToHandle(&metadata)) {
     HandleScope scope(isolate);
     Handle<Code> startup_code =
         metadata->GetValueChecked<Code>(isolate, kExportCode);
     int arity = Smi::cast(metadata->get(kExportArity))->value();
     MaybeHandle<ByteArray> startup_signature =
         metadata->GetValue<ByteArray>(isolate, kExportedSignature);
     Handle<JSFunction> startup_fct = WrapExportCodeAsJSFunction(
         isolate, startup_code, factory->InternalizeUtf8String("start"), arity,
         startup_signature, js_object);
     RecordStats(isolate, *startup_code);
     // Call the JS function.
     Handle<Object> undefined = isolate->factory()->undefined_value();
     MaybeHandle<Object> retval =
         Execution::Call(isolate, startup_fct, undefined, 0, nullptr);
 
     if (retval.is_null()) {
       thrower.Error("WASM.instantiateModule(): start function failed");
       return nothing;
     }
   }
 
   DCHECK(wasm::IsWasmObject(*js_object));
+
+  if (!compiled_module->GetValue<WeakCell>(isolate, kModuleObject).is_null()) {
+    js_object->SetInternalField(kWasmCompiledModule, *compiled_module);
+    compiled_module->set(kOwningInstance, *factory->NewWeakCell(js_object));
+
+    Handle<Object> global_handle =
+        isolate->global_handles()->Create(*js_object);
+    GlobalHandles::MakeWeak(global_handle.location(), global_handle.location(),
+                            &InstanceFinalizer,
+                            v8::WeakCallbackType::kFinalizer);
+  }
+
   return js_object;
 }
 
 // TODO(mtrofin): remove this once we move to WASM_DIRECT_CALL
 Handle<Code> ModuleEnv::GetCodeOrPlaceholder(uint32_t index) const {
   DCHECK(IsValidFunction(index));
   if (!placeholders.empty()) return placeholders[index];
   DCHECK_NOT_NULL(instance);
   return instance->function_code[index];
 }
@@ skipping 167 matching lines @@
     DCHECK(origin == ModuleOrigin::kAsmJsOrigin);
     Handle<Map> map = isolate->factory()->NewMap(
         JS_OBJECT_TYPE, JSObject::kHeaderSize + kPointerSize);
     module_obj = isolate->factory()->NewJSObjectFromMap(map, TENURED);
   }
   module_obj->SetInternalField(0, *compiled_module);
   if (origin == ModuleOrigin::kWasmOrigin) {
     Handle<Symbol> module_sym(isolate->native_context()->wasm_module_sym());
     Object::SetProperty(module_obj, module_sym, module_obj, STRICT).Check();
   }
+  compiled_module->set(kModuleObject,
+                       *isolate->factory()->NewWeakCell(module_obj));
   return module_obj;
 }
 
 MaybeHandle<JSObject> CreateModuleObjectFromBytes(Isolate* isolate,
                                                   const byte* start,
                                                   const byte* end,
                                                   ErrorThrower* thrower,
                                                   ModuleOrigin origin) {
   MaybeHandle<JSObject> nothing;
   Zone zone(isolate->allocator());
   ModuleResult result =
       DecodeWasmModule(isolate, &zone, start, end, false, origin);
   std::unique_ptr<const WasmModule> decoded_module(result.val);
   if (result.failed()) {
     thrower->Failed("Wasm decoding failed", result);
     return nothing;
   }
   MaybeHandle<FixedArray> compiled_module =
       decoded_module->CompileFunctions(isolate, thrower);
   if (compiled_module.is_null()) return nothing;
 
   return CreateCompiledModuleObject(isolate, compiled_module.ToHandleChecked(),
                                     origin);
 }
 
+MaybeHandle<JSArrayBuffer> GetInstanceMemory(Isolate* isolate,
+                                             Handle<JSObject> instance) {
+  Object* mem = instance->GetInternalField(kWasmMemArrayBuffer);
+  DCHECK(IsWasmObject(*instance));
+  if (mem->IsUndefined(isolate)) return MaybeHandle<JSArrayBuffer>();
+  return Handle<JSArrayBuffer>(JSArrayBuffer::cast(mem));
+}
+
+void SetInstanceMemory(Handle<JSObject> instance, JSArrayBuffer* buffer) {
+  DisallowHeapAllocation no_gc;
+  DCHECK(IsWasmObject(*instance));
+  instance->SetInternalField(kWasmMemArrayBuffer, buffer);
+}
+
 namespace testing {
 
 int32_t CompileAndRunWasmModule(Isolate* isolate, const byte* module_start,
                                 const byte* module_end, bool asm_js) {
   HandleScope scope(isolate);
   Zone zone(isolate->allocator());
   ErrorThrower thrower(isolate, "CompileAndRunWasmModule");
 
   // Decode the module, but don't verify function bodies, since we'll
   // be compiling them anyway.
@@ skipping 64 matching lines @@
   if (result->IsSmi()) {
     return Smi::cast(*result)->value();
   }
   if (result->IsHeapNumber()) {
     return static_cast<int32_t>(HeapNumber::cast(*result)->value());
   }
   thrower->Error("WASM.compileRun() failed: Return value should be number");
   return -1;
 }
 
+void ValidateInstancesChain(Isolate* isolate, Handle<JSObject> module_obj,
+                            int instance_count) {
+  CHECK_GE(instance_count, 0);
+  DisallowHeapAllocation no_gc;
+  FixedArray* compiled_module =
+      FixedArray::cast(module_obj->GetInternalField(0));
+  CHECK_EQ(JSObject::cast(GetModuleObject(compiled_module)->value()),
+           *module_obj);
+  Object* prev = nullptr;
+  int found_instances = GetOwningInstance(compiled_module) == nullptr ? 0 : 1;
+  FixedArray* current_instance = compiled_module;
+  while (GetNextInstance(current_instance) != nullptr) {
+    CHECK((prev == nullptr && GetPrevInstance(current_instance) == nullptr) ||
+          GetPrevInstance(current_instance)->value() == prev);
+    CHECK_EQ(GetModuleObject(current_instance)->value(), *module_obj);
+    CHECK(IsWasmObject(GetOwningInstance(current_instance)->value()));
+    prev = current_instance;
+    current_instance =
+        FixedArray::cast(GetNextInstance(current_instance)->value());
+    ++found_instances;
+    CHECK_LE(found_instances, instance_count);
+  }
+  CHECK_EQ(found_instances, instance_count);
+}
+
+void ValidateModuleState(Isolate* isolate, Handle<JSObject> module_obj) {
+  DisallowHeapAllocation no_gc;
+  FixedArray* compiled_module =
+      FixedArray::cast(module_obj->GetInternalField(0));
+  CHECK_NOT_NULL(GetModuleObject(compiled_module));
+  CHECK_EQ(GetModuleObject(compiled_module)->value(), *module_obj);
+  CHECK_NULL(GetPrevInstance(compiled_module));
+  CHECK_NULL(GetNextInstance(compiled_module));
+  CHECK_NULL(GetOwningInstance(compiled_module));
+}
+
+void ValidateOrphanedInstance(Isolate* isolate, Handle<JSObject> instance) {
+  DisallowHeapAllocation no_gc;
+  CHECK(IsWasmObject(*instance));
+  FixedArray* compiled_module =
+      FixedArray::cast(instance->GetInternalField(kWasmCompiledModule));
+  CHECK_NOT_NULL(GetModuleObject(compiled_module));
+  CHECK(GetModuleObject(compiled_module)->cleared());
+}
+
 }  // namespace testing
 }  // namespace wasm
 }  // namespace internal
 }  // namespace v8