Revert of [wasm] Master CL for Binary 0xC changes.

src/wasm/wasm-interpreter.cc

 // Copyright 2016 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/wasm/wasm-interpreter.h"
 
 #include "src/utils.h"
 #include "src/wasm/ast-decoder.h"
 #include "src/wasm/decoder.h"
 #include "src/wasm/wasm-external-refs.h"
@@ skipping 704 matching lines @@
 
 static const int kRunSteps = 1000;
 
 // A helper class to compute the control transfers for each bytecode offset.
 // Control transfers allow Br, BrIf, BrTable, If, Else, and End bytecodes to
 // be directly executed without the need to dynamically track blocks.
 class ControlTransfers : public ZoneObject {
  public:
   ControlTransferMap map_;
 
-  ControlTransfers(Zone* zone, ModuleEnv* env, AstLocalDecls* locals,
-                   const byte* start, const byte* end)
+  ControlTransfers(Zone* zone, size_t locals_encoded_size, const byte* start,
+                   const byte* end)
       : map_(zone) {
+    // A control reference including from PC, from value depth, and whether
+    // a value is explicitly passed (e.g. br/br_if/br_table with value).
+    struct CRef {
+      const byte* pc;
+      sp_t value_depth;
+      bool explicit_value;
+    };
+
     // Represents a control flow label.
     struct CLabel : public ZoneObject {
       const byte* target;
-      ZoneVector<const byte*> refs;
+      size_t value_depth;
+      ZoneVector<CRef> refs;
 
-      explicit CLabel(Zone* zone) : target(nullptr), refs(zone) {}
+      CLabel(Zone* zone, size_t v)
+          : target(nullptr), value_depth(v), refs(zone) {}
 
       // Bind this label to the given PC.
-      void Bind(ControlTransferMap* map, const byte* start, const byte* pc) {
+      void Bind(ControlTransferMap* map, const byte* start, const byte* pc,
+                bool expect_value) {
         DCHECK_NULL(target);
         target = pc;
-        for (auto from_pc : refs) {
-          auto pcdiff = static_cast<pcdiff_t>(target - from_pc);
-          size_t offset = static_cast<size_t>(from_pc - start);
-          (*map)[offset] = pcdiff;
+        for (auto from : refs) {
+          auto pcdiff = static_cast<pcdiff_t>(target - from.pc);
+          auto spdiff = static_cast<spdiff_t>(from.value_depth - value_depth);
+          ControlTransfer::StackAction action = ControlTransfer::kNoAction;
+          if (expect_value && !from.explicit_value) {
+            action = spdiff == 0 ? ControlTransfer::kPushVoid
+                                 : ControlTransfer::kPopAndRepush;
+          }
+          pc_t offset = static_cast<size_t>(from.pc - start);
+          (*map)[offset] = {pcdiff, spdiff, action};
         }
       }
 
       // Reference this label from the given location.
-      void Ref(ControlTransferMap* map, const byte* start,
-               const byte* from_pc) {
+      void Ref(ControlTransferMap* map, const byte* start, CRef from) {
+        DCHECK_GE(from.value_depth, value_depth);
         if (target) {
-          // Target being bound before a reference means this is a loop.
-          DCHECK_EQ(kExprLoop, *target);
-          auto pcdiff = static_cast<pcdiff_t>(target - from_pc);
-          size_t offset = static_cast<size_t>(from_pc - start);
-          (*map)[offset] = pcdiff;
+          auto pcdiff = static_cast<pcdiff_t>(target - from.pc);
+          auto spdiff = static_cast<spdiff_t>(from.value_depth - value_depth);
+          pc_t offset = static_cast<size_t>(from.pc - start);
+          (*map)[offset] = {pcdiff, spdiff, ControlTransfer::kNoAction};
         } else {
-          refs.push_back(from_pc);
+          refs.push_back(from);
         }
       }
     };
 
     // An entry in the control stack.
     struct Control {
       const byte* pc;
       CLabel* end_label;
       CLabel* else_label;
 
-      void Ref(ControlTransferMap* map, const byte* start,
-               const byte* from_pc) {
-        end_label->Ref(map, start, from_pc);
+      void Ref(ControlTransferMap* map, const byte* start, const byte* from_pc,
+               size_t from_value_depth, bool explicit_value) {
+        end_label->Ref(map, start, {from_pc, from_value_depth, explicit_value});
       }
     };
 
     // Compute the ControlTransfer map.
-    // This algorithm maintains a stack of control constructs similar to the
+    // This works by maintaining a stack of control constructs similar to the
     // AST decoder. The {control_stack} allows matching {br,br_if,br_table}
     // bytecodes with their target, as well as determining whether the current
     // bytecodes are within the true or false block of an else.
+    // The value stack depth is tracked as {value_depth} and is needed to
+    // determine how many values to pop off the stack for explicit and
+    // implicit control flow.
+
     std::vector<Control> control_stack;
-    CLabel* func_label = new (zone) CLabel(zone);
-    control_stack.push_back({start, func_label, nullptr});
-    for (BytecodeIterator i(start, end, locals); i.has_next(); i.next()) {
+    size_t value_depth = 0;
+    for (BytecodeIterator i(start + locals_encoded_size, end); i.has_next();
+         i.next()) {
       WasmOpcode opcode = i.current();
-      TRACE("@%u: control %s\n", i.pc_offset(),
-            WasmOpcodes::OpcodeName(opcode));
+      TRACE("@%u: control %s (depth = %zu)\n", i.pc_offset(),
+            WasmOpcodes::OpcodeName(opcode), value_depth);
       switch (opcode) {
         case kExprBlock: {
-          TRACE("control @%u: Block\n", i.pc_offset());
-          CLabel* label = new (zone) CLabel(zone);
+          TRACE("control @%u $%zu: Block\n", i.pc_offset(), value_depth);
+          CLabel* label = new (zone) CLabel(zone, value_depth);
           control_stack.push_back({i.pc(), label, nullptr});
           break;
         }
         case kExprLoop: {
-          TRACE("control @%u: Loop\n", i.pc_offset());
-          CLabel* label = new (zone) CLabel(zone);
-          control_stack.push_back({i.pc(), label, nullptr});
-          label->Bind(&map_, start, i.pc());
+          TRACE("control @%u $%zu: Loop\n", i.pc_offset(), value_depth);
+          CLabel* label1 = new (zone) CLabel(zone, value_depth);
+          CLabel* label2 = new (zone) CLabel(zone, value_depth);
+          control_stack.push_back({i.pc(), label1, nullptr});
+          control_stack.push_back({i.pc(), label2, nullptr});
+          label2->Bind(&map_, start, i.pc(), false);
           break;
         }
         case kExprIf: {
-          TRACE("control @%u: If\n", i.pc_offset());
-          CLabel* end_label = new (zone) CLabel(zone);
-          CLabel* else_label = new (zone) CLabel(zone);
+          TRACE("control @%u $%zu: If\n", i.pc_offset(), value_depth);
+          value_depth--;
+          CLabel* end_label = new (zone) CLabel(zone, value_depth);
+          CLabel* else_label = new (zone) CLabel(zone, value_depth);
           control_stack.push_back({i.pc(), end_label, else_label});
-          else_label->Ref(&map_, start, i.pc());
+          else_label->Ref(&map_, start, {i.pc(), value_depth, false});
           break;
         }
         case kExprElse: {
           Control* c = &control_stack.back();
-          TRACE("control @%u: Else\n", i.pc_offset());
-          c->end_label->Ref(&map_, start, i.pc());
+          TRACE("control @%u $%zu: Else\n", i.pc_offset(), value_depth);
+          c->end_label->Ref(&map_, start, {i.pc(), value_depth, false});
+          value_depth = c->end_label->value_depth;
           DCHECK_NOT_NULL(c->else_label);
-          c->else_label->Bind(&map_, start, i.pc() + 1);
+          c->else_label->Bind(&map_, start, i.pc() + 1, false);
           c->else_label = nullptr;
           break;
         }
         case kExprEnd: {
           Control* c = &control_stack.back();
-          TRACE("control @%u: End\n", i.pc_offset());
+          TRACE("control @%u $%zu: End\n", i.pc_offset(), value_depth);
           if (c->end_label->target) {
             // only loops have bound labels.
             DCHECK_EQ(kExprLoop, *c->pc);
-          } else {
-            if (c->else_label) c->else_label->Bind(&map_, start, i.pc());
-            c->end_label->Bind(&map_, start, i.pc() + 1);
+            control_stack.pop_back();
+            c = &control_stack.back();
           }
+          if (c->else_label)
+            c->else_label->Bind(&map_, start, i.pc() + 1, true);
+          c->end_label->Ref(&map_, start, {i.pc(), value_depth, false});
+          c->end_label->Bind(&map_, start, i.pc() + 1, true);
+          value_depth = c->end_label->value_depth + 1;
           control_stack.pop_back();
           break;
         }
         case kExprBr: {
           BreakDepthOperand operand(&i, i.pc());
-          TRACE("control @%u: Br[depth=%u]\n", i.pc_offset(), operand.depth);
-          Control* c = &control_stack[control_stack.size() - operand.depth - 1];
-          c->Ref(&map_, start, i.pc());
+          TRACE("control @%u $%zu: Br[arity=%u, depth=%u]\n", i.pc_offset(),
+                value_depth, operand.arity, operand.depth);
+          value_depth -= operand.arity;
+          control_stack[control_stack.size() - operand.depth - 1].Ref(
+              &map_, start, i.pc(), value_depth, operand.arity > 0);
+          value_depth++;
           break;
         }
         case kExprBrIf: {
           BreakDepthOperand operand(&i, i.pc());
-          TRACE("control @%u: BrIf[depth=%u]\n", i.pc_offset(), operand.depth);
-          Control* c = &control_stack[control_stack.size() - operand.depth - 1];
-          c->Ref(&map_, start, i.pc());
+          TRACE("control @%u $%zu: BrIf[arity=%u, depth=%u]\n", i.pc_offset(),
+                value_depth, operand.arity, operand.depth);
+          value_depth -= (operand.arity + 1);
+          control_stack[control_stack.size() - operand.depth - 1].Ref(
+              &map_, start, i.pc(), value_depth, operand.arity > 0);
+          value_depth++;
           break;
         }
         case kExprBrTable: {
           BranchTableOperand operand(&i, i.pc());
-          BranchTableIterator iterator(&i, operand);
-          TRACE("control @%u: BrTable[count=%u]\n", i.pc_offset(),
-                operand.table_count);
-          while (iterator.has_next()) {
-            uint32_t j = iterator.cur_index();
-            uint32_t target = iterator.next();
-            Control* c = &control_stack[control_stack.size() - target - 1];
-            c->Ref(&map_, start, i.pc() + j);
+          TRACE("control @%u $%zu: BrTable[arity=%u count=%u]\n", i.pc_offset(),
+                value_depth, operand.arity, operand.table_count);
+          value_depth -= (operand.arity + 1);
+          for (uint32_t j = 0; j < operand.table_count + 1; ++j) {
+            uint32_t target = operand.read_entry(&i, j);
+            control_stack[control_stack.size() - target - 1].Ref(
+                &map_, start, i.pc() + j, value_depth, operand.arity > 0);
           }
+          value_depth++;
           break;
         }
         default: {
+          value_depth = value_depth - OpcodeArity(i.pc(), end) + 1;
           break;
         }
       }
     }
-    if (!func_label->target) func_label->Bind(&map_, start, end);
   }
 
-  pcdiff_t Lookup(pc_t from) {
+  ControlTransfer Lookup(pc_t from) {
     auto result = map_.find(from);
     if (result == map_.end()) {
       V8_Fatal(__FILE__, __LINE__, "no control target for pc %zu", from);
     }
     return result->second;
   }
 };
 
 // Code and metadata needed to execute a function.
 struct InterpreterCode {
@@ skipping 49 matching lines @@
     if (entry_index >= table->values.size()) return nullptr;
     uint32_t index = table->values[entry_index];
     if (index >= interpreter_code_.size()) return nullptr;
     return GetCode(index);
   }
 
   InterpreterCode* Preprocess(InterpreterCode* code) {
     if (code->targets == nullptr && code->start) {
       // Compute the control targets map and the local declarations.
       CHECK(DecodeLocalDecls(code->locals, code->start, code->end));
-      ModuleEnv env = {module_, nullptr, kWasmOrigin};
-      code->targets = new (zone_) ControlTransfers(
-          zone_, &env, &code->locals, code->orig_start, code->orig_end);
+      code->targets =
+          new (zone_) ControlTransfers(zone_, code->locals.decls_encoded_size,
+                                       code->orig_start, code->orig_end);
     }
     return code;
   }
 
   int AddFunction(const WasmFunction* function, const byte* code_start,
                   const byte* code_end) {
     InterpreterCode code = {
         function, AstLocalDecls(zone_),          code_start,
         code_end, const_cast<byte*>(code_start), const_cast<byte*>(code_end),
         nullptr};
@@ skipping 18 matching lines @@
 };
 
 // Responsible for executing code directly.
 class ThreadImpl : public WasmInterpreter::Thread {
  public:
   ThreadImpl(Zone* zone, CodeMap* codemap, WasmModuleInstance* instance)
       : codemap_(codemap),
         instance_(instance),
         stack_(zone),
         frames_(zone),
-        blocks_(zone),
         state_(WasmInterpreter::STOPPED),
         break_pc_(kInvalidPc),
         trap_reason_(kTrapCount) {}
 
   virtual ~ThreadImpl() {}
 
   //==========================================================================
   // Implementation of public interface for WasmInterpreter::Thread.
   //==========================================================================
 
   virtual WasmInterpreter::State state() { return state_; }
 
   virtual void PushFrame(const WasmFunction* function, WasmVal* args) {
     InterpreterCode* code = codemap()->FindCode(function);
     CHECK_NOT_NULL(code);
     frames_.push_back({code, 0, 0, stack_.size()});
     for (size_t i = 0; i < function->sig->parameter_count(); ++i) {
       stack_.push_back(args[i]);
     }
     frames_.back().ret_pc = InitLocals(code);
-    blocks_.push_back(
-        {0, stack_.size(), frames_.size(),
-         static_cast<uint32_t>(code->function->sig->return_count())});
     TRACE("  => PushFrame(#%u @%zu)\n", code->function->func_index,
           frames_.back().ret_pc);
   }
 
   virtual WasmInterpreter::State Run() {
     do {
       TRACE("  => Run()\n");
       if (state_ == WasmInterpreter::STOPPED ||
           state_ == WasmInterpreter::PAUSED) {
         state_ = WasmInterpreter::RUNNING;
@@ skipping 28 matching lines @@
   virtual const WasmFrame* GetFrame(int index) {
     UNIMPLEMENTED();
     return nullptr;
   }
 
   virtual WasmFrame* GetMutableFrame(int index) {
     UNIMPLEMENTED();
     return nullptr;
   }
 
-  virtual WasmVal GetReturnValue(int index) {
+  virtual WasmVal GetReturnValue() {
     if (state_ == WasmInterpreter::TRAPPED) return WasmVal(0xdeadbeef);
     CHECK_EQ(WasmInterpreter::FINISHED, state_);
-    CHECK_LT(static_cast<size_t>(index), stack_.size());
-    return stack_[index];
+    CHECK_EQ(1, stack_.size());
+    return stack_[0];
   }
 
   virtual pc_t GetBreakpointPc() { return break_pc_; }
 
   bool Terminated() {
     return state_ == WasmInterpreter::TRAPPED ||
            state_ == WasmInterpreter::FINISHED;
   }
 
  private:
   // Entries on the stack of functions being evaluated.
   struct Frame {
     InterpreterCode* code;
     pc_t call_pc;
     pc_t ret_pc;
     sp_t sp;
 
     // Limit of parameters.
     sp_t plimit() { return sp + code->function->sig->parameter_count(); }
     // Limit of locals.
     sp_t llimit() { return plimit() + code->locals.total_local_count; }
   };
 
-  struct Block {
-    pc_t pc;
-    sp_t sp;
-    size_t fp;
-    unsigned arity;
-  };
-
   CodeMap* codemap_;
   WasmModuleInstance* instance_;
   ZoneVector<WasmVal> stack_;
   ZoneVector<Frame> frames_;
-  ZoneVector<Block> blocks_;
   WasmInterpreter::State state_;
   pc_t break_pc_;
   TrapReason trap_reason_;
 
   CodeMap* codemap() { return codemap_; }
   WasmModuleInstance* instance() { return instance_; }
   const WasmModule* module() { return instance_->module; }
 
   void DoTrap(TrapReason trap, pc_t pc) {
     state_ = WasmInterpreter::TRAPPED;
     trap_reason_ = trap;
     CommitPc(pc);
   }
 
   // Push a frame with arguments already on the stack.
   void PushFrame(InterpreterCode* code, pc_t call_pc, pc_t ret_pc) {
     CHECK_NOT_NULL(code);
     DCHECK(!frames_.empty());
     frames_.back().call_pc = call_pc;
     frames_.back().ret_pc = ret_pc;
     size_t arity = code->function->sig->parameter_count();
     DCHECK_GE(stack_.size(), arity);
     // The parameters will overlap the arguments already on the stack.
     frames_.push_back({code, 0, 0, stack_.size() - arity});
-    blocks_.push_back(
-        {0, stack_.size(), frames_.size(),
-         static_cast<uint32_t>(code->function->sig->return_count())});
     frames_.back().ret_pc = InitLocals(code);
     TRACE("  => push func#%u @%zu\n", code->function->func_index,
           frames_.back().ret_pc);
   }
 
   pc_t InitLocals(InterpreterCode* code) {
     for (auto p : code->locals.local_types) {
       WasmVal val;
       switch (p.first) {
         case kAstI32:
@@ skipping 18 matching lines @@
   }
 
   void CommitPc(pc_t pc) {
     if (!frames_.empty()) {
       frames_.back().ret_pc = pc;
     }
   }
 
   bool SkipBreakpoint(InterpreterCode* code, pc_t pc) {
     if (pc == break_pc_) {
-      // Skip the previously hit breakpoint when resuming.
       break_pc_ = kInvalidPc;
       return true;
     }
     return false;
   }
 
-  int LookupTarget(InterpreterCode* code, pc_t pc) {
-    return static_cast<int>(code->targets->Lookup(pc));
-  }
-
-  int DoBreak(InterpreterCode* code, pc_t pc, size_t depth) {
-    size_t bp = blocks_.size() - depth - 1;
-    Block* target = &blocks_[bp];
-    DoStackTransfer(target->sp, target->arity);
-    blocks_.resize(bp);
-    return LookupTarget(code, pc);
-  }
-
-  bool DoReturn(InterpreterCode** code, pc_t* pc, pc_t* limit, size_t arity) {
+  bool DoReturn(InterpreterCode** code, pc_t* pc, pc_t* limit, WasmVal val) {
     DCHECK_GT(frames_.size(), 0u);
-    // Pop all blocks for this frame.
-    while (!blocks_.empty() && blocks_.back().fp == frames_.size()) {
-      blocks_.pop_back();
-    }
-
-    sp_t dest = frames_.back().sp;
+    stack_.resize(frames_.back().sp);
     frames_.pop_back();
     if (frames_.size() == 0) {
-      // A return from the last frame terminates the execution.
+      // A return from the top frame terminates the execution.
       state_ = WasmInterpreter::FINISHED;
-      DoStackTransfer(0, arity);
+      stack_.clear();
+      stack_.push_back(val);
       TRACE("  => finish\n");
       return false;
     } else {
       // Return to caller frame.
       Frame* top = &frames_.back();
       *code = top->code;
       *pc = top->ret_pc;
       *limit = top->code->end - top->code->start;
+      if (top->code->start[top->call_pc] == kExprCallIndirect ||
+          (top->code->orig_start &&
+           top->code->orig_start[top->call_pc] == kExprCallIndirect)) {
+        // UGLY: An indirect call has the additional function index on the
+        // stack.
+        stack_.pop_back();
+      }
       TRACE("  => pop func#%u @%zu\n", (*code)->function->func_index, *pc);
-      DoStackTransfer(dest, arity);
+
+      stack_.push_back(val);
       return true;
     }
   }
 
   void DoCall(InterpreterCode* target, pc_t* pc, pc_t ret_pc, pc_t* limit) {
     PushFrame(target, *pc, ret_pc);
     *pc = frames_.back().ret_pc;
     *limit = target->end - target->start;
   }
 
-  // Copies {arity} values on the top of the stack down the stack to {dest},
-  // dropping the values in-between.
-  void DoStackTransfer(sp_t dest, size_t arity) {
-    // before: |---------------| pop_count | arity |
-    //         ^ 0             ^ dest              ^ stack_.size()
-    //
-    // after:  |---------------| arity |
-    //         ^ 0                     ^ stack_.size()
-    DCHECK_LE(dest, stack_.size());
-    DCHECK_LE(dest + arity, stack_.size());
-    size_t pop_count = stack_.size() - dest - arity;
-    for (size_t i = 0; i < arity; i++) {
-      stack_[dest + i] = stack_[dest + pop_count + i];
+  // Adjust the program counter {pc} and the stack contents according to the
+  // code's precomputed control transfer map. Returns the different between
+  // the new pc and the old pc.
+  int DoControlTransfer(InterpreterCode* code, pc_t pc) {
+    auto target = code->targets->Lookup(pc);
+    switch (target.action) {
+      case ControlTransfer::kNoAction:
+        TRACE("  action [sp-%u]\n", target.spdiff);
+        PopN(target.spdiff);
+        break;
+      case ControlTransfer::kPopAndRepush: {
+        WasmVal val = Pop();
+        TRACE("  action [pop x, sp-%u, push x]\n", target.spdiff - 1);
+        DCHECK_GE(target.spdiff, 1u);
+        PopN(target.spdiff - 1);
+        Push(pc, val);
+        break;
+      }
+      case ControlTransfer::kPushVoid:
+        TRACE("  action [sp-%u, push void]\n", target.spdiff);
+        PopN(target.spdiff);
+        Push(pc, WasmVal());
+        break;
     }
-    stack_.resize(stack_.size() - pop_count);
+    return target.pcdiff;
   }
 
   void Execute(InterpreterCode* code, pc_t pc, int max) {
     Decoder decoder(code->start, code->end);
     pc_t limit = code->end - code->start;
     while (true) {
       if (max-- <= 0) {
         // Maximum number of instructions reached.
         state_ = WasmInterpreter::PAUSED;
         return CommitPc(pc);
       }
 
       if (pc >= limit) {
         // Fell off end of code; do an implicit return.
         TRACE("@%-3zu: ImplicitReturn\n", pc);
-        if (!DoReturn(&code, &pc, &limit, code->function->sig->return_count()))
-          return;
+        WasmVal val = PopArity(code->function->sig->return_count());
+        if (!DoReturn(&code, &pc, &limit, val)) return;
         decoder.Reset(code->start, code->end);
         continue;
       }
 
       const char* skip = "        ";
       int len = 1;
       byte opcode = code->start[pc];
       byte orig = opcode;
       if (opcode == kInternalBreakpoint) {
         orig = code->orig_start[pc];
@@ skipping 12 matching lines @@
       }
 
       USE(skip);
       TRACE("@%-3zu: %s%-24s:", pc, skip,
             WasmOpcodes::OpcodeName(static_cast<WasmOpcode>(orig)));
       TraceValueStack();
       TRACE("\n");
 
       switch (orig) {
         case kExprNop:
+          Push(pc, WasmVal());
           break;
-        case kExprBlock: {
-          BlockTypeOperand operand(&decoder, code->at(pc));
-          blocks_.push_back({pc, stack_.size(), frames_.size(), operand.arity});
-          len = 1 + operand.length;
-          break;
-        }
+        case kExprBlock:
         case kExprLoop: {
-          BlockTypeOperand operand(&decoder, code->at(pc));
-          blocks_.push_back({pc, stack_.size(), frames_.size(), 0});
-          len = 1 + operand.length;
+          // Do nothing.
           break;
         }
         case kExprIf: {
-          BlockTypeOperand operand(&decoder, code->at(pc));
           WasmVal cond = Pop();
           bool is_true = cond.to<uint32_t>() != 0;
-          blocks_.push_back({pc, stack_.size(), frames_.size(), operand.arity});
           if (is_true) {
             // fall through to the true block.
-            len = 1 + operand.length;
             TRACE("  true => fallthrough\n");
           } else {
-            len = LookupTarget(code, pc);
+            len = DoControlTransfer(code, pc);
             TRACE("  false => @%zu\n", pc + len);
           }
           break;
         }
         case kExprElse: {
-          blocks_.pop_back();
-          len = LookupTarget(code, pc);
+          len = DoControlTransfer(code, pc);
           TRACE("  end => @%zu\n", pc + len);
           break;
         }
         case kExprSelect: {
           WasmVal cond = Pop();
           WasmVal fval = Pop();
           WasmVal tval = Pop();
           Push(pc, cond.to<int32_t>() != 0 ? tval : fval);
           break;
         }
         case kExprBr: {
           BreakDepthOperand operand(&decoder, code->at(pc));
-          len = DoBreak(code, pc, operand.depth);
+          WasmVal val = PopArity(operand.arity);
+          len = DoControlTransfer(code, pc);
           TRACE("  br => @%zu\n", pc + len);
+          if (operand.arity > 0) Push(pc, val);
           break;
         }
         case kExprBrIf: {
           BreakDepthOperand operand(&decoder, code->at(pc));
           WasmVal cond = Pop();
+          WasmVal val = PopArity(operand.arity);
           bool is_true = cond.to<uint32_t>() != 0;
           if (is_true) {
-            len = DoBreak(code, pc, operand.depth);
+            len = DoControlTransfer(code, pc);
             TRACE("  br_if => @%zu\n", pc + len);
+            if (operand.arity > 0) Push(pc, val);
           } else {
             TRACE("  false => fallthrough\n");
             len = 1 + operand.length;
+            Push(pc, WasmVal());
           }
           break;
         }
         case kExprBrTable: {
           BranchTableOperand operand(&decoder, code->at(pc));
           uint32_t key = Pop().to<uint32_t>();
+          WasmVal val = PopArity(operand.arity);
           if (key >= operand.table_count) key = operand.table_count;
-          len = key + DoBreak(code, pc + key, operand.table[key]);
-          TRACE("  br[%u] => @%zu\n", key, pc + key + len);
+          len = DoControlTransfer(code, pc + key) + key;
+          TRACE("  br[%u] => @%zu\n", key, pc + len);
+          if (operand.arity > 0) Push(pc, val);
           break;
         }
         case kExprReturn: {
-          size_t arity = code->function->sig->return_count();
-          if (!DoReturn(&code, &pc, &limit, arity)) return;
+          ReturnArityOperand operand(&decoder, code->at(pc));
+          WasmVal val = PopArity(operand.arity);
+          if (!DoReturn(&code, &pc, &limit, val)) return;
           decoder.Reset(code->start, code->end);
           continue;
         }
         case kExprUnreachable: {
           DoTrap(kTrapUnreachable, pc);
           return CommitPc(pc);
         }
         case kExprEnd: {
-          blocks_.pop_back();
+          len = DoControlTransfer(code, pc);
+          DCHECK_EQ(1, len);
           break;
         }
         case kExprI8Const: {
           ImmI8Operand operand(&decoder, code->at(pc));
           Push(pc, WasmVal(operand.value));
           len = 1 + operand.length;
           break;
         }
         case kExprI32Const: {
           ImmI32Operand operand(&decoder, code->at(pc));
@@ skipping 22 matching lines @@
         case kExprGetLocal: {
           LocalIndexOperand operand(&decoder, code->at(pc));
           Push(pc, stack_[frames_.back().sp + operand.index]);
           len = 1 + operand.length;
           break;
         }
         case kExprSetLocal: {
           LocalIndexOperand operand(&decoder, code->at(pc));
           WasmVal val = Pop();
           stack_[frames_.back().sp + operand.index] = val;
-          len = 1 + operand.length;
-          break;
-        }
-        case kExprTeeLocal: {
-          LocalIndexOperand operand(&decoder, code->at(pc));
-          WasmVal val = Pop();
-          stack_[frames_.back().sp + operand.index] = val;
           Push(pc, val);
           len = 1 + operand.length;
           break;
         }
-        case kExprDrop: {
-          Pop();
-          break;
-        }
         case kExprCallFunction: {
           CallFunctionOperand operand(&decoder, code->at(pc));
           InterpreterCode* target = codemap()->GetCode(operand.index);
           DoCall(target, &pc, pc + 1 + operand.length, &limit);
           code = target;
           decoder.Reset(code->start, code->end);
           continue;
         }
         case kExprCallIndirect: {
           CallIndirectOperand operand(&decoder, code->at(pc));
-          uint32_t entry_index = Pop().to<uint32_t>();
+          size_t index = stack_.size() - operand.arity - 1;
+          DCHECK_LT(index, stack_.size());
+          uint32_t entry_index = stack_[index].to<uint32_t>();
           // Assume only one table for now.
           DCHECK_LE(module()->function_tables.size(), 1u);
           InterpreterCode* target = codemap()->GetIndirectCode(0, entry_index);
           if (target == nullptr) {
             return DoTrap(kTrapFuncInvalid, pc);
           } else if (target->function->sig_index != operand.index) {
             return DoTrap(kTrapFuncSigMismatch, pc);
           }
 
           DoCall(target, &pc, pc + 1 + operand.length, &limit);
           code = target;
           decoder.Reset(code->start, code->end);
           continue;
         }
+        case kExprCallImport: {
+          UNIMPLEMENTED();
+          break;
+        }
         case kExprGetGlobal: {
           GlobalIndexOperand operand(&decoder, code->at(pc));
           const WasmGlobal* global = &module()->globals[operand.index];
           byte* ptr = instance()->globals_start + global->offset;
           LocalType type = global->type;
           WasmVal val;
           if (type == kAstI32) {
             val = WasmVal(*reinterpret_cast<int32_t*>(ptr));
           } else if (type == kAstI64) {
             val = WasmVal(*reinterpret_cast<int64_t*>(ptr));
@@ skipping 18 matching lines @@
             *reinterpret_cast<int32_t*>(ptr) = val.to<int32_t>();
           } else if (type == kAstI64) {
             *reinterpret_cast<int64_t*>(ptr) = val.to<int64_t>();
           } else if (type == kAstF32) {
             *reinterpret_cast<float*>(ptr) = val.to<float>();
           } else if (type == kAstF64) {
             *reinterpret_cast<double*>(ptr) = val.to<double>();
           } else {
             UNREACHABLE();
           }
+          Push(pc, val);
           len = 1 + operand.length;
           break;
         }
 
 #define LOAD_CASE(name, ctype, mtype)                                       \
   case kExpr##name: {                                                       \
     MemoryAccessOperand operand(&decoder, code->at(pc), sizeof(ctype));     \
     uint32_t index = Pop().to<uint32_t>();                                  \
     size_t effective_mem_size = instance()->mem_size - sizeof(mtype);       \
     if (operand.offset > effective_mem_size ||                              \
@@ skipping 28 matching lines @@
     MemoryAccessOperand operand(&decoder, code->at(pc), sizeof(ctype));       \
     WasmVal val = Pop();                                                      \
     uint32_t index = Pop().to<uint32_t>();                                    \
     size_t effective_mem_size = instance()->mem_size - sizeof(mtype);         \
     if (operand.offset > effective_mem_size ||                                \
         index > (effective_mem_size - operand.offset)) {                      \
       return DoTrap(kTrapMemOutOfBounds, pc);                                 \
     }                                                                         \
     byte* addr = instance()->mem_start + operand.offset + index;              \
     WriteLittleEndianValue<mtype>(addr, static_cast<mtype>(val.to<ctype>())); \
+    Push(pc, val);                                                            \
     len = 1 + operand.length;                                                 \
     break;                                                                    \
   }
 
           STORE_CASE(I32StoreMem8, int32_t, int8_t);
           STORE_CASE(I32StoreMem16, int32_t, int16_t);
           STORE_CASE(I64StoreMem8, int64_t, int8_t);
           STORE_CASE(I64StoreMem16, int64_t, int16_t);
           STORE_CASE(I64StoreMem32, int64_t, int32_t);
           STORE_CASE(I32StoreMem, int32_t, int32_t);
@@ skipping 45 matching lines @@
           ASMJS_STORE_CASE(I32AsmjsStoreMem, int32_t, int32_t);
           ASMJS_STORE_CASE(F32AsmjsStoreMem, float, float);
           ASMJS_STORE_CASE(F64AsmjsStoreMem, double, double);
 #undef ASMJS_STORE_CASE
         case kExprGrowMemory: {
           uint32_t delta_pages = Pop().to<uint32_t>();
           Push(pc, WasmVal(ExecuteGrowMemory(delta_pages, instance())));
           break;
         }
         case kExprMemorySize: {
-          Push(pc, WasmVal(static_cast<uint32_t>(instance()->mem_size /
-                                                 WasmModule::kPageSize)));
+          Push(pc, WasmVal(static_cast<uint32_t>(instance()->mem_size)));
           break;
         }
 #define EXECUTE_SIMPLE_BINOP(name, ctype, op)             \
   case kExpr##name: {                                     \
     WasmVal rval = Pop();                                 \
     WasmVal lval = Pop();                                 \
     WasmVal result(lval.to<ctype>() op rval.to<ctype>()); \
     Push(pc, result);                                     \
     break;                                                \
   }
@@ skipping 54 matching lines @@
   }
 
   WasmVal PopArity(size_t arity) {
     if (arity == 0) return WasmVal();
     CHECK_EQ(1, arity);
     return Pop();
   }
 
   void Push(pc_t pc, WasmVal val) {
     // TODO(titzer): store PC as well?
-    if (val.type != kAstStmt) stack_.push_back(val);
+    stack_.push_back(val);
   }
 
   void TraceStack(const char* phase, pc_t pc) {
     if (FLAG_trace_wasm_interpreter) {
       PrintF("%s @%zu", phase, pc);
       UNIMPLEMENTED();
       PrintF("\n");
     }
   }
 
@@ skipping 160 matching lines @@
 }
 
 bool WasmInterpreter::SetFunctionCodeForTesting(const WasmFunction* function,
                                                 const byte* start,
                                                 const byte* end) {
   return internals_->codemap_.SetFunctionCode(function, start, end);
 }
 
 ControlTransferMap WasmInterpreter::ComputeControlTransfersForTesting(
     Zone* zone, const byte* start, const byte* end) {
-  ControlTransfers targets(zone, nullptr, nullptr, start, end);
+  ControlTransfers targets(zone, 0, start, end);
   return targets.map_;
 }
 
 }  // namespace wasm
 }  // namespace internal
 }  // namespace v8