Introduce 'top-of-stack caching' to the toplevel code generator by...

src/ia32/fast-codegen-ia32.cc

 // Copyright 2009 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 11 matching lines @@
 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 #include "v8.h"
 
 #include "codegen-inl.h"
 #include "compiler.h"
+#include "debug.h"
 #include "fast-codegen.h"
 #include "parser.h"
-#include "debug.h"
 
 namespace v8 {
 namespace internal {
 
 #define __ ACCESS_MASM(masm_)
 
 // Generate code for a JS function.  On entry to the function the receiver
 // and arguments have been pushed on the stack left to right, with the
 // return address on top of them.  The actual argument count matches the
 // formal parameter count expected by the function.
@@ skipping 64 matching lines @@
     } else {
       __ push(Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
     }
     // Receiver is just before the parameters on the caller's stack.
     __ lea(edx, Operand(ebp, StandardFrameConstants::kCallerSPOffset +
                                  fun->num_parameters() * kPointerSize));
     __ push(edx);
     __ push(Immediate(Smi::FromInt(fun->num_parameters())));
     // Arguments to ArgumentsAccessStub:
     //   function, receiver address, parameter count.
-    // The stub will rewrite receiever and parameter count if the previous
+    // The stub will rewrite receiver and parameter count if the previous
     // stack frame was an arguments adapter frame.
     ArgumentsAccessStub stub(ArgumentsAccessStub::NEW_OBJECT);
     __ CallStub(&stub);
     __ mov(ecx, eax);  // Duplicate result.
     Move(arguments->slot(), eax, ebx, edx);
     Slot* dot_arguments_slot =
         fun->scope()->arguments_shadow()->AsVariable()->slot();
     Move(dot_arguments_slot, ecx, ebx, edx);
   }
 
@@ skipping 56 matching lines @@
 #ifdef ENABLE_DEBUGGER_SUPPORT
     // Check that the size of the code used for returning matches what is
     // expected by the debugger.
     ASSERT_EQ(Assembler::kJSReturnSequenceLength,
             masm_->SizeOfCodeGeneratedSince(&check_exit_codesize));
 #endif
   }
 }
 
 
-void FastCodeGenerator::Apply(Expression::Context context,
-                              Slot* slot,
-                              Register scratch) {
+void FastCodeGenerator::Apply(Expression::Context context, Register reg) {
+  switch (context) {
+    case Expression::kUninitialized:
+      UNREACHABLE();
+
+    case Expression::kEffect:
+      // Nothing to do.
+      break;
+
+    case Expression::kValue:
+      // Move value into place.
+      switch (location_) {
+        case kAccumulator:
+          if (!reg.is(result_register())) __ mov(result_register(), reg);
+          break;
+        case kStack:
+          __ push(reg);
+          break;
+      }
+      break;
+
+    case Expression::kValueTest:
+    case Expression::kTestValue:
+      // Push an extra copy of the value in case it's needed.
+      __ push(reg);
+      // Fall through.
+
+    case Expression::kTest:
+      // For simplicity we always test the accumulator register.
+      if (!reg.is(result_register())) __ mov(result_register(), reg);
+      DoTest(context);
+      break;
+  }
+}
+
+
+void FastCodeGenerator::Apply(Expression::Context context, Slot* slot) {
   switch (context) {
     case Expression::kUninitialized:
       UNREACHABLE();
     case Expression::kEffect:
+      // Nothing to do.
       break;
     case Expression::kValue: {
-      MemOperand location = EmitSlotSearch(slot, scratch);
-      __ push(location);
+      MemOperand slot_operand = EmitSlotSearch(slot, result_register());
+      switch (location_) {
+        case kAccumulator:
+          __ mov(result_register(), slot_operand);
+          break;
+        case kStack:
+          // Memory operands can be pushed directly.
+          __ push(slot_operand);
+          break;
+      }
       break;
     }
+
     case Expression::kTest:
+      Move(result_register(), slot);
+      DoTest(context);
+      break;
+
     case Expression::kValueTest:
     case Expression::kTestValue:
-      Move(scratch, slot);
-      Apply(context, scratch);
+      Move(result_register(), slot);
+      __ push(result_register());
+      DoTest(context);
       break;
   }
 }
 
 
 void FastCodeGenerator::Apply(Expression::Context context, Literal* lit) {
   switch (context) {
     case Expression::kUninitialized:
       UNREACHABLE();
     case Expression::kEffect:
+      // Nothing to do.
       break;
     case Expression::kValue:
-      __ push(Immediate(lit->handle()));
+      switch (location_) {
+        case kAccumulator:
+          __ mov(result_register(), lit->handle());
+          break;
+        case kStack:
+          // Immediates can be pushed directly.
+          __ push(Immediate(lit->handle()));
+          break;
+      }
       break;
+
     case Expression::kTest:
+      __ mov(result_register(), lit->handle());
+      DoTest(context);
+      break;
+
     case Expression::kValueTest:
     case Expression::kTestValue:
-      __ mov(eax, lit->handle());
-      Apply(context, eax);
+      __ mov(result_register(), lit->handle());
+      __ push(result_register());
+      DoTest(context);
       break;
   }
 }
 
 
 void FastCodeGenerator::ApplyTOS(Expression::Context context) {
   switch (context) {
     case Expression::kUninitialized:
       UNREACHABLE();
+
     case Expression::kEffect:
       __ Drop(1);
       break;
+
     case Expression::kValue:
+      switch (location_) {
+        case kAccumulator:
+          __ pop(result_register());
+          break;
+        case kStack:
+          break;
+      }
       break;
+
     case Expression::kTest:
-      __ pop(eax);
-      TestAndBranch(eax, true_label_, false_label_);
+      __ pop(result_register());
+      DoTest(context);
       break;
-    case Expression::kValueTest: {
-      Label discard;
-      __ mov(eax, Operand(esp, 0));
-      TestAndBranch(eax, true_label_, &discard);
-      __ bind(&discard);
-      __ Drop(1);
-      __ jmp(false_label_);
+
+    case Expression::kValueTest:
+    case Expression::kTestValue:
+      __ mov(result_register(), Operand(esp, 0));
+      DoTest(context);
       break;
-    }
-    case Expression::kTestValue: {
-      Label discard;
-      __ mov(eax, Operand(esp, 0));
-      TestAndBranch(eax, &discard, false_label_);
-      __ bind(&discard);
-      __ Drop(1);
-      __ jmp(true_label_);
-    }
   }
 }
 
 
 void FastCodeGenerator::DropAndApply(int count,
                                      Expression::Context context,
                                      Register reg) {
   ASSERT(count > 0);
   ASSERT(!reg.is(esp));
   switch (context) {
     case Expression::kUninitialized:
       UNREACHABLE();
+
     case Expression::kEffect:
       __ Drop(count);
       break;
+
     case Expression::kValue:
-      if (count > 1) __ Drop(count - 1);
-      __ mov(Operand(esp, 0), reg);
+      switch (location_) {
+        case kAccumulator:
+          __ Drop(count);
+          if (!reg.is(result_register())) __ mov(result_register(), reg);
+          break;
+        case kStack:
+          if (count > 1) __ Drop(count - 1);
+          __ mov(Operand(esp, 0), reg);
+          break;
+      }
       break;
+
     case Expression::kTest:
       __ Drop(count);
-      TestAndBranch(reg, true_label_, false_label_);
+      if (!reg.is(result_register())) __ mov(result_register(), reg);
+      DoTest(context);
       break;
-    case Expression::kValueTest: {
-      Label discard;
+
+    case Expression::kValueTest:
+    case Expression::kTestValue:
       if (count > 1) __ Drop(count - 1);
-      __ mov(Operand(esp, 0), reg);
-      TestAndBranch(reg, true_label_, &discard);
+      if (!reg.is(result_register())) __ mov(result_register(), reg);
+      __ mov(Operand(esp, 0), result_register());
+      DoTest(context);
+      break;
+  }
+}
+
+
+void FastCodeGenerator::Apply(Expression::Context context,
+                              Label* materialize_true,
+                              Label* materialize_false) {
+  switch (context) {
+    case Expression::kUninitialized:
+
+    case Expression::kEffect:
+      ASSERT_EQ(materialize_true, materialize_false);
+      __ bind(materialize_true);
+
+    case Expression::kValue: {
+      Label done;
+      switch (location_) {
+        case kAccumulator:
+          __ bind(materialize_true);
+          __ mov(result_register(), Factory::true_value());
+          __ jmp(&done);
+          __ bind(materialize_false);
+          __ mov(result_register(), Factory::false_value());
+          break;
+        case kStack:
+          __ bind(materialize_true);
+          __ push(Immediate(Factory::true_value()));
+          __ jmp(&done);
+          __ bind(materialize_false);
+          __ push(Immediate(Factory::false_value()));
+          break;
+      }
+      __ bind(&done);
+      break;
+    }
+
+    case Expression::kTest:
+      break;
+
+    case Expression::kValueTest:
+      __ bind(materialize_true);
+      switch (location_) {
+        case kAccumulator:
+          __ mov(result_register(), Factory::true_value());
+          break;
+        case kStack:
+          __ push(Immediate(Factory::true_value()));
+          break;
+      }
+      __ jmp(true_label_);
+      break;
+
+    case Expression::kTestValue:
+      __ bind(materialize_false);
+      switch (location_) {
+        case kAccumulator:
+          __ mov(result_register(), Factory::false_value());
+          break;
+        case kStack:
+          __ push(Immediate(Factory::false_value()));
+          break;
+      }
+      __ jmp(false_label_);
+      break;
+  }
+}
+
+
+void FastCodeGenerator::DoTest(Expression::Context context) {
+  // The value to test is in the accumulator, and duplicated on the stack if
+  // necessary (for value/test and test/value contexts).
+  ASSERT_NE(NULL, true_label_);
+  ASSERT_NE(NULL, false_label_);
+
+  // If there is a value on the stack, use a discard label for the
+  // value-is-unneeded branch in the inlined part of the test.
+  Label discard;
+  Label* if_true =
+      (context == Expression::kTestValue) ? &discard : true_label_;
+  Label* if_false =
+      (context == Expression::kValueTest) ? &discard : false_label_;
+
+  // Emit the inlined tests assumed by the stub.
+  __ cmp(result_register(), Factory::undefined_value());
+  __ j(equal, if_false);
+  __ cmp(result_register(), Factory::true_value());
+  __ j(equal, if_true);
+  __ cmp(result_register(), Factory::false_value());
+  __ j(equal, if_false);
+  ASSERT_EQ(0, kSmiTag);
+  __ test(result_register(), Operand(result_register()));
+  __ j(zero, if_false);
+  __ test(result_register(), Immediate(kSmiTagMask));
+  __ j(zero, if_true);
+
+  // Call the ToBoolean stub for all other cases.
+  ToBooleanStub stub;
+  __ push(result_register());
+  __ CallStub(&stub);
+  __ test(eax, Operand(eax));
+
+  // The stub returns nonzero for true.  Complete based on the context.
+  switch (context) {
+    case Expression::kUninitialized:
+    case Expression::kEffect:
+    case Expression::kValue:
+      UNREACHABLE();
+
+    case Expression::kTest:
+      __ j(not_zero, true_label_);
+      __ jmp(false_label_);
+      break;
+
+    case Expression::kValueTest:
+      switch (location_) {
+        case kAccumulator:
+          __ j(zero, &discard);
+          __ pop(result_register());
+          __ jmp(true_label_);
+          break;
+        case kStack:
+          __ j(not_zero, true_label_);
+          break;
+      }
       __ bind(&discard);
       __ Drop(1);
       __ jmp(false_label_);
       break;
-    }
-    case Expression::kTestValue: {
-      Label discard;
-      if (count > 1) __ Drop(count - 1);
-      __ mov(Operand(esp, 0), reg);
-      TestAndBranch(reg, &discard, false_label_);
+
+    case Expression::kTestValue:
+      switch (location_) {
+        case kAccumulator:
+          __ j(not_zero, &discard);
+          __ pop(result_register());
+          __ jmp(false_label_);
+          break;
+        case kStack:
+          __ j(zero, false_label_);
+          break;
+      }
       __ bind(&discard);
       __ Drop(1);
       __ jmp(true_label_);
       break;
-    }
   }
 }
 
 
 MemOperand FastCodeGenerator::EmitSlotSearch(Slot* slot, Register scratch) {
   switch (slot->type()) {
     case Slot::PARAMETER:
     case Slot::LOCAL:
       return Operand(ebp, SlotOffset(slot));
     case Slot::CONTEXT: {
@@ skipping 25 matching lines @@
   MemOperand location = EmitSlotSearch(dst, scratch1);
   __ mov(location, src);
   // Emit the write barrier code if the location is in the heap.
   if (dst->type() == Slot::CONTEXT) {
     int offset = FixedArray::kHeaderSize + dst->index() * kPointerSize;
     __ RecordWrite(scratch1, offset, src, scratch2);
   }
 }
 
 
-void FastCodeGenerator::TestAndBranch(Register source,
-                                      Label* true_label,
-                                      Label* false_label) {
-  ASSERT_NE(NULL, true_label);
-  ASSERT_NE(NULL, false_label);
-  // Use the shared ToBoolean stub to compile the value in the register into
-  // control flow to the code generator's true and false labels.  Perform
-  // the fast checks assumed by the stub.
-  __ cmp(source, Factory::undefined_value());  // The undefined value is false.
-  __ j(equal, false_label);
-  __ cmp(source, Factory::true_value());  // True is true.
-  __ j(equal, true_label);
-  __ cmp(source, Factory::false_value());  // False is false.
-  __ j(equal, false_label);
-  ASSERT_EQ(0, kSmiTag);
-  __ test(source, Operand(source));  // The smi zero is false.
-  __ j(zero, false_label);
-  __ test(source, Immediate(kSmiTagMask));  // All other smis are true.
-  __ j(zero, true_label);
-
-  // Call the stub for all other cases.
-  __ push(source);
-  ToBooleanStub stub;
-  __ CallStub(&stub);
-  __ test(eax, Operand(eax));  // The stub returns nonzero for true.
-  __ j(not_zero, true_label);
-  __ jmp(false_label);
-}
-
-
 void FastCodeGenerator::VisitDeclaration(Declaration* decl) {
   Comment cmnt(masm_, "[ Declaration");
   Variable* var = decl->proxy()->var();
   ASSERT(var != NULL);  // Must have been resolved.
   Slot* slot = var->slot();
   Property* prop = var->AsProperty();
 
   if (slot != NULL) {
     switch (slot->type()) {
       case Slot::PARAMETER:
       case Slot::LOCAL:
         if (decl->mode() == Variable::CONST) {
           __ mov(Operand(ebp, SlotOffset(slot)),
                  Immediate(Factory::the_hole_value()));
         } else if (decl->fun() != NULL) {
-          Visit(decl->fun());
-          __ pop(Operand(ebp, SlotOffset(slot)));
+          VisitForValue(decl->fun(), kAccumulator);
+          __ mov(Operand(ebp, SlotOffset(slot)), result_register());
         }
         break;
 
       case Slot::CONTEXT:
         // We bypass the general EmitSlotSearch because we know more about
         // this specific context.
 
         // The variable in the decl always resides in the current context.
         ASSERT_EQ(0, function_->scope()->ContextChainLength(var->scope()));
         if (FLAG_debug_code) {
           // Check if we have the correct context pointer.
           __ mov(ebx,
                  CodeGenerator::ContextOperand(esi, Context::FCONTEXT_INDEX));
           __ cmp(ebx, Operand(esi));
           __ Check(equal, "Unexpected declaration in current context.");
         }
         if (decl->mode() == Variable::CONST) {
           __ mov(eax, Immediate(Factory::the_hole_value()));
           __ mov(CodeGenerator::ContextOperand(esi, slot->index()), eax);
           // No write barrier since the hole value is in old space.
         } else if (decl->fun() != NULL) {
-          Visit(decl->fun());
-          __ pop(eax);
-          __ mov(CodeGenerator::ContextOperand(esi, slot->index()), eax);
+          VisitForValue(decl->fun(), kAccumulator);
+          __ mov(CodeGenerator::ContextOperand(esi, slot->index()),
+                 result_register());
           int offset = Context::SlotOffset(slot->index());
-          __ RecordWrite(esi, offset, eax, ecx);
+          __ RecordWrite(esi, offset, result_register(), ecx);
         }
         break;
 
       case Slot::LOOKUP: {
         __ push(esi);
         __ push(Immediate(var->name()));
         // Declaration nodes are always introduced in one of two modes.
         ASSERT(decl->mode() == Variable::VAR ||
                decl->mode() == Variable::CONST);
         PropertyAttributes attr =
             (decl->mode() == Variable::VAR) ? NONE : READ_ONLY;
         __ push(Immediate(Smi::FromInt(attr)));
         // Push initial value, if any.
         // Note: For variables we must not push an initial value (such as
         // 'undefined') because we may have a (legal) redeclaration and we
         // must not destroy the current value.
         if (decl->mode() == Variable::CONST) {
           __ push(Immediate(Factory::the_hole_value()));
         } else if (decl->fun() != NULL) {
-          Visit(decl->fun());
+          VisitForValue(decl->fun(), kStack);
         } else {
           __ push(Immediate(Smi::FromInt(0)));  // No initial value!
         }
         __ CallRuntime(Runtime::kDeclareContextSlot, 4);
         break;
       }
     }
 
   } else if (prop != NULL) {
     if (decl->fun() != NULL || decl->mode() == Variable::CONST) {
       // We are declaring a function or constant that rewrites to a
       // property.  Use (keyed) IC to set the initial value.
-      ASSERT_EQ(Expression::kValue, prop->obj()->context());
-      Visit(prop->obj());
-      ASSERT_EQ(Expression::kValue, prop->key()->context());
-      Visit(prop->key());
+      VisitForValue(prop->obj(), kStack);
+      VisitForValue(prop->key(), kStack);
 
       if (decl->fun() != NULL) {
-        ASSERT_EQ(Expression::kValue, decl->fun()->context());
-        Visit(decl->fun());
-        __ pop(eax);
+        VisitForValue(decl->fun(), kAccumulator);
       } else {
-        __ Set(eax, Immediate(Factory::the_hole_value()));
+        __ mov(result_register(), Factory::the_hole_value());
       }
 
       Handle<Code> ic(Builtins::builtin(Builtins::KeyedStoreIC_Initialize));
       __ call(ic, RelocInfo::CODE_TARGET);
       // Absence of a test eax instruction following the call
       // indicates that none of the load was inlined.
+      __ nop();
 
       // Value in eax is ignored (declarations are statements).  Receiver
       // and key on stack are discarded.
       __ Drop(2);
     }
   }
 }
 
 
 void FastCodeGenerator::DeclareGlobals(Handle<FixedArray> pairs) {
@@ skipping 59 matching lines @@
         }
         case Slot::CONTEXT: {
           Comment cmnt(masm_, "Context slot");
           break;
         }
         case Slot::LOOKUP:
           UNIMPLEMENTED();
           break;
       }
     }
-    Apply(context, slot, eax);
+    Apply(context, slot);
   } else {
     Comment cmnt(masm_, "Variable rewritten to property");
     // A variable has been rewritten into an explicit access to an object
     // property.
     Property* property = rewrite->AsProperty();
     ASSERT_NOT_NULL(property);
 
     // The only property expressions that can occur are of the form
     // "slot[literal]".
 
@@ skipping 59 matching lines @@
   __ mov(edi, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
   __ push(FieldOperand(edi, JSFunction::kLiteralsOffset));
   __ push(Immediate(Smi::FromInt(expr->literal_index())));
   __ push(Immediate(expr->constant_properties()));
   if (expr->depth() > 1) {
     __ CallRuntime(Runtime::kCreateObjectLiteral, 3);
   } else {
     __ CallRuntime(Runtime::kCreateObjectLiteralShallow, 3);
   }
 
-  // If result_saved == true: The result is saved on top of the
-  //  stack and in eax.
-  // If result_saved == false: The result not on the stack, just in eax.
+  // If result_saved is true the result is on top of the stack.  If
+  // result_saved is false the result is in eax.
   bool result_saved = false;
 
   for (int i = 0; i < expr->properties()->length(); i++) {
     ObjectLiteral::Property* property = expr->properties()->at(i);
     if (property->IsCompileTimeValue()) continue;
 
     Literal* key = property->key();
     Expression* value = property->value();
     if (!result_saved) {
       __ push(eax);  // Save result on the stack
       result_saved = true;
     }
     switch (property->kind()) {
-      case ObjectLiteral::Property::MATERIALIZED_LITERAL:  // Fall through.
+      case ObjectLiteral::Property::MATERIALIZED_LITERAL:
         ASSERT(!CompileTimeValue::IsCompileTimeValue(value));
+        // Fall through.
       case ObjectLiteral::Property::COMPUTED:
         if (key->handle()->IsSymbol()) {
-          Visit(value);
-          ASSERT_EQ(Expression::kValue, value->context());
-          __ pop(eax);
+          VisitForValue(value, kAccumulator);
           __ mov(ecx, Immediate(key->handle()));
           Handle<Code> ic(Builtins::builtin(Builtins::StoreIC_Initialize));
           __ call(ic, RelocInfo::CODE_TARGET);
+          __ nop();
           // StoreIC leaves the receiver on the stack.
-          __ mov(eax, Operand(esp, 0));  // Restore result into eax.
           break;
         }
         // Fall through.
       case ObjectLiteral::Property::PROTOTYPE:
-        __ push(eax);
-        Visit(key);
-        ASSERT_EQ(Expression::kValue, key->context());
-        Visit(value);
-        ASSERT_EQ(Expression::kValue, value->context());
+        __ push(Operand(esp, 0));  // Duplicate receiver.
+        VisitForValue(key, kStack);
+        VisitForValue(value, kStack);
         __ CallRuntime(Runtime::kSetProperty, 3);
-        __ mov(eax, Operand(esp, 0));  // Restore result into eax.
         break;
       case ObjectLiteral::Property::SETTER:
       case ObjectLiteral::Property::GETTER:
-        __ push(eax);
-        Visit(key);
-        ASSERT_EQ(Expression::kValue, key->context());
+        __ push(Operand(esp, 0));  // Duplicate receiver.
+        VisitForValue(key, kStack);
         __ push(Immediate(property->kind() == ObjectLiteral::Property::SETTER ?
                           Smi::FromInt(1) :
                           Smi::FromInt(0)));
-        Visit(value);
-        ASSERT_EQ(Expression::kValue, value->context());
+        VisitForValue(value, kStack);
         __ CallRuntime(Runtime::kDefineAccessor, 4);
-        __ mov(eax, Operand(esp, 0));  // Restore result into eax.
         break;
       default: UNREACHABLE();
     }
   }
-  switch (expr->context()) {
-    case Expression::kUninitialized:
-      UNREACHABLE();
-    case Expression::kEffect:
-      if (result_saved) __ Drop(1);
-      break;
-    case Expression::kValue:
-      if (!result_saved) __ push(eax);
-      break;
-    case Expression::kTest:
-      if (result_saved) __ pop(eax);
-      TestAndBranch(eax, true_label_, false_label_);
-      break;
-    case Expression::kValueTest: {
-      Label discard;
-      if (!result_saved) __ push(eax);
-      TestAndBranch(eax, true_label_, &discard);
-      __ bind(&discard);
-      __ Drop(1);
-      __ jmp(false_label_);
-      break;
-    }
-    case Expression::kTestValue: {
-      Label discard;
-      if (!result_saved) __ push(eax);
-      TestAndBranch(eax, &discard, false_label_);
-      __ bind(&discard);
-      __ Drop(1);
-      __ jmp(true_label_);
-      break;
-    }
+
+  if (result_saved) {
+    ApplyTOS(expr->context());
+  } else {
+    Apply(expr->context(), eax);
   }
 }
 
 
 void FastCodeGenerator::VisitArrayLiteral(ArrayLiteral* expr) {
   Comment cmnt(masm_, "[ ArrayLiteral");
   __ mov(ebx, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
   __ push(FieldOperand(ebx, JSFunction::kLiteralsOffset));
   __ push(Immediate(Smi::FromInt(expr->literal_index())));
   __ push(Immediate(expr->constant_elements()));
@@ skipping 14 matching lines @@
     // is already set in the cloned array.
     if (subexpr->AsLiteral() != NULL ||
         CompileTimeValue::IsCompileTimeValue(subexpr)) {
       continue;
     }
 
     if (!result_saved) {
       __ push(eax);
       result_saved = true;
     }
-    Visit(subexpr);
-    ASSERT_EQ(Expression::kValue, subexpr->context());
+    VisitForValue(subexpr, kAccumulator);
 
     // Store the subexpression value in the array's elements.
-    __ pop(eax);  // Subexpression value.
     __ mov(ebx, Operand(esp, 0));  // Copy of array literal.
     __ mov(ebx, FieldOperand(ebx, JSObject::kElementsOffset));
     int offset = FixedArray::kHeaderSize + (i * kPointerSize);
-    __ mov(FieldOperand(ebx, offset), eax);
+    __ mov(FieldOperand(ebx, offset), result_register());
 
     // Update the write barrier for the array store.
-    __ RecordWrite(ebx, offset, eax, ecx);
+    __ RecordWrite(ebx, offset, result_register(), ecx);
   }
 
-  switch (expr->context()) {
-    case Expression::kUninitialized:
-      UNREACHABLE();
-    case Expression::kEffect:
-      if (result_saved) __ Drop(1);
-      break;
-    case Expression::kValue:
-      if (!result_saved) __ push(eax);
-      break;
-    case Expression::kTest:
-      if (result_saved) __ pop(eax);
-      TestAndBranch(eax, true_label_, false_label_);
-      break;
-    case Expression::kValueTest: {
-      Label discard;
-      if (!result_saved) __ push(eax);
-      TestAndBranch(eax, true_label_, &discard);
-      __ bind(&discard);
-      __ Drop(1);
-      __ jmp(false_label_);
-      break;
-    }
-    case Expression::kTestValue: {
-      Label discard;
-      if (!result_saved) __ push(eax);
-      TestAndBranch(eax, &discard, false_label_);
-      __ bind(&discard);
-      __ Drop(1);
-      __ jmp(true_label_);
-      break;
-    }
+  if (result_saved) {
+    ApplyTOS(expr->context());
+  } else {
+    Apply(expr->context(), eax);
   }
 }
 
 
 void FastCodeGenerator::EmitNamedPropertyLoad(Property* prop) {
   SetSourcePosition(prop->position());
   Literal* key = prop->key()->AsLiteral();
   __ mov(ecx, Immediate(key->handle()));
   Handle<Code> ic(Builtins::builtin(Builtins::LoadIC_Initialize));
   __ call(ic, RelocInfo::CODE_TARGET);
   __ nop();
 }
 
 
 void FastCodeGenerator::EmitKeyedPropertyLoad(Property* prop) {
   SetSourcePosition(prop->position());
   Handle<Code> ic(Builtins::builtin(Builtins::KeyedLoadIC_Initialize));
   __ call(ic, RelocInfo::CODE_TARGET);
   __ nop();
 }
 
 
-void FastCodeGenerator::EmitCompoundAssignmentOp(Token::Value op,
-                                                 Expression::Context context) {
+void FastCodeGenerator::EmitBinaryOp(Token::Value op,
+                                     Expression::Context context) {
+  __ push(result_register());
   GenericBinaryOpStub stub(op,
                            NO_OVERWRITE,
                            NO_GENERIC_BINARY_FLAGS);
   __ CallStub(&stub);
   Apply(context, eax);
 }
 
 
 void FastCodeGenerator::EmitVariableAssignment(Variable* var,
                                                Expression::Context context) {
   ASSERT(var != NULL);
   ASSERT(var->is_global() || var->slot() != NULL);
   if (var->is_global()) {
     // Assignment to a global variable.  Use inline caching for the
     // assignment.  Right-hand-side value is passed in eax, variable name in
     // ecx, and the global object on the stack.
-    __ pop(eax);
     __ mov(ecx, var->name());
     __ push(CodeGenerator::GlobalObject());
     Handle<Code> ic(Builtins::builtin(Builtins::StoreIC_Initialize));
     __ call(ic, RelocInfo::CODE_TARGET);
     __ nop();
     // Overwrite the receiver on the stack with the result if needed.
     DropAndApply(1, context, eax);
 
   } else if (var->slot() != NULL) {
     Slot* slot = var->slot();
     switch (slot->type()) {
       case Slot::LOCAL:
-      case Slot::PARAMETER: {
-        Operand target = Operand(ebp, SlotOffset(slot));
-        switch (context) {
-          case Expression::kUninitialized:
-            UNREACHABLE();
-          case Expression::kEffect:
-            // Perform assignment and discard value.
-            __ pop(target);
-            break;
-          case Expression::kValue:
-            // Perform assignment and preserve value.
-            __ mov(eax, Operand(esp, 0));
-            __ mov(target, eax);
-            break;
-          case Expression::kTest:
-            // Perform assignment and test (and discard) value.
-            __ pop(eax);
-            __ mov(target, eax);
-            TestAndBranch(eax, true_label_, false_label_);
-            break;
-          case Expression::kValueTest: {
-            Label discard;
-            __ mov(eax, Operand(esp, 0));
-            __ mov(target, eax);
-            TestAndBranch(eax, true_label_, &discard);
-            __ bind(&discard);
-            __ Drop(1);
-            __ jmp(false_label_);
-            break;
-          }
-          case Expression::kTestValue: {
-            Label discard;
-            __ mov(eax, Operand(esp, 0));
-            __ mov(target, eax);
-            TestAndBranch(eax, &discard, false_label_);
-            __ bind(&discard);
-            __ Drop(1);
-            __ jmp(true_label_);
-            break;
-          }
-        }
+      case Slot::PARAMETER:
+        __ mov(Operand(ebp, SlotOffset(slot)), result_register());
+        break;
+
+      case Slot::CONTEXT: {
+        MemOperand target = EmitSlotSearch(slot, ecx);
+        __ mov(target, result_register());
+
+        // RecordWrite may destroy all its register arguments.
+        __ mov(edx, result_register());
+        int offset = FixedArray::kHeaderSize + slot->index() * kPointerSize;
+        __ RecordWrite(ecx, offset, edx, ebx);
         break;
       }
 
-      case Slot::CONTEXT: {
-        MemOperand target = EmitSlotSearch(slot, ecx);
-        __ pop(eax);
-        __ mov(target, eax);
-
-        // RecordWrite may destroy all its register arguments.
-        if (context == Expression::kValue) {
-          __ push(eax);
-        } else if (context != Expression::kEffect) {
-          __ mov(edx, eax);
-        }
-        int offset = FixedArray::kHeaderSize + slot->index() * kPointerSize;
-        __ RecordWrite(ecx, offset, eax, ebx);
-        if (context != Expression::kEffect && context != Expression::kValue) {
-          Apply(context, edx);
-        }
-        break;
-      }
-
       case Slot::LOOKUP:
         UNREACHABLE();
         break;
     }
+    Apply(context, result_register());
+
   } else {
     // Variables rewritten as properties are not treated as variables in
     // assignments.
     UNREACHABLE();
   }
 }
 
 
 void FastCodeGenerator::EmitNamedPropertyAssignment(Assignment* expr) {
   // Assignment to a property, using a named store IC.
   Property* prop = expr->target()->AsProperty();
   ASSERT(prop != NULL);
   ASSERT(prop->key()->AsLiteral() != NULL);
 
   // If the assignment starts a block of assignments to the same object,
   // change to slow case to avoid the quadratic behavior of repeatedly
   // adding fast properties.
   if (expr->starts_initialization_block()) {
-    __ push(Operand(esp, kPointerSize));  // Receiver is under value.
+    __ push(result_register());
+    __ push(Operand(esp, kPointerSize));  // Receiver is now under value.
     __ CallRuntime(Runtime::kToSlowProperties, 1);
+    __ pop(result_register());
   }
 
   // Record source code position before IC call.
   SetSourcePosition(expr->position());
-
-  __ pop(eax);
   __ mov(ecx, prop->key()->AsLiteral()->handle());
   Handle<Code> ic(Builtins::builtin(Builtins::StoreIC_Initialize));
   __ call(ic, RelocInfo::CODE_TARGET);
+  __ nop();
 
   // If the assignment ends an initialization block, revert to fast case.
   if (expr->ends_initialization_block()) {
     __ push(eax);  // Result of assignment, saved even if not needed.
     __ push(Operand(esp, kPointerSize));  // Receiver is under value.
     __ CallRuntime(Runtime::kToFastProperties, 1);
     __ pop(eax);
   }
 
   DropAndApply(1, expr->context(), eax);
 }
 
 
 void FastCodeGenerator::EmitKeyedPropertyAssignment(Assignment* expr) {
   // Assignment to a property, using a keyed store IC.
 
   // If the assignment starts a block of assignments to the same object,
   // change to slow case to avoid the quadratic behavior of repeatedly
   // adding fast properties.
   if (expr->starts_initialization_block()) {
-    // Reciever is under the key and value.
+    __ push(result_register());
+    // Receiver is now under the key and value.
     __ push(Operand(esp, 2 * kPointerSize));
     __ CallRuntime(Runtime::kToSlowProperties, 1);
+    __ pop(result_register());
   }
 
   // Record source code position before IC call.
   SetSourcePosition(expr->position());
-
-  __ pop(eax);
   Handle<Code> ic(Builtins::builtin(Builtins::KeyedStoreIC_Initialize));
   __ call(ic, RelocInfo::CODE_TARGET);
   // This nop signals to the IC that there is no inlined code at the call
   // site for it to patch.
   __ nop();
 
   // If the assignment ends an initialization block, revert to fast case.
   if (expr->ends_initialization_block()) {
     __ push(eax);  // Result of assignment, saved even if not needed.
-    // Reciever is under the key and value.
+    // Receiver is under the key and value.
     __ push(Operand(esp, 2 * kPointerSize));
     __ CallRuntime(Runtime::kToFastProperties, 1);
     __ pop(eax);
   }
 
   // Receiver and key are still on stack.
   DropAndApply(2, expr->context(), eax);
 }
 
 
 void FastCodeGenerator::VisitProperty(Property* expr) {
   Comment cmnt(masm_, "[ Property");
   Expression* key = expr->key();
 
   // Evaluate the receiver.
-  Visit(expr->obj());
+  VisitForValue(expr->obj(), kStack);
 
   if (key->IsPropertyName()) {
     EmitNamedPropertyLoad(expr);
     // Drop receiver left on the stack by IC.
     DropAndApply(1, expr->context(), eax);
   } else {
-    Visit(expr->key());
+    VisitForValue(expr->key(), kStack);
     EmitKeyedPropertyLoad(expr);
     // Drop key and receiver left on the stack by IC.
     DropAndApply(2, expr->context(), eax);
   }
 }
 
 
 void FastCodeGenerator::EmitCallWithIC(Call* expr,
                                        Handle<Object> name,
                                        RelocInfo::Mode mode) {
   // Code common for calls using the IC.
   ZoneList<Expression*>* args = expr->arguments();
   int arg_count = args->length();
   for (int i = 0; i < arg_count; i++) {
-    Visit(args->at(i));
-    ASSERT_EQ(Expression::kValue, args->at(i)->context());
+    VisitForValue(args->at(i), kStack);
   }
   __ Set(ecx, Immediate(name));
   // Record source position of the IC call.
   SetSourcePosition(expr->position());
   InLoopFlag in_loop = (loop_depth() > 0) ? IN_LOOP : NOT_IN_LOOP;
   Handle<Code> ic = CodeGenerator::ComputeCallInitialize(arg_count, in_loop);
   __ call(ic, mode);
   // Restore context register.
   __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
   Apply(expr->context(), eax);
 }
 
 
 void FastCodeGenerator::EmitCallWithStub(Call* expr) {
   // Code common for calls using the call stub.
   ZoneList<Expression*>* args = expr->arguments();
   int arg_count = args->length();
   for (int i = 0; i < arg_count; i++) {
-    Visit(args->at(i));
+    VisitForValue(args->at(i), kStack);
   }
   // Record source position for debugger.
   SetSourcePosition(expr->position());
   CallFunctionStub stub(arg_count, NOT_IN_LOOP, RECEIVER_MIGHT_BE_VALUE);
   __ CallStub(&stub);
   // Restore context register.
   __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
   DropAndApply(1, expr->context(), eax);
 }
 
@@ skipping 13 matching lines @@
   } else if (var != NULL && var->slot() != NULL &&
              var->slot()->type() == Slot::LOOKUP) {
     // Call to a lookup slot.
     UNREACHABLE();
   } else if (fun->AsProperty() != NULL) {
     // Call to an object property.
     Property* prop = fun->AsProperty();
     Literal* key = prop->key()->AsLiteral();
     if (key != NULL && key->handle()->IsSymbol()) {
       // Call to a named property, use call IC.
-      Visit(prop->obj());
+      VisitForValue(prop->obj(), kStack);
       EmitCallWithIC(expr, key->handle(), RelocInfo::CODE_TARGET);
     } else {
       // Call to a keyed property, use keyed load IC followed by function
       // call.
-      Visit(prop->obj());
-      Visit(prop->key());
+      VisitForValue(prop->obj(), kStack);
+      VisitForValue(prop->key(), kStack);
       // Record source code position for IC call.
       SetSourcePosition(prop->position());
       Handle<Code> ic(Builtins::builtin(Builtins::KeyedLoadIC_Initialize));
       __ call(ic, RelocInfo::CODE_TARGET);
       // By emitting a nop we make sure that we do not have a "test eax,..."
       // instruction after the call it is treated specially by the LoadIC code.
       __ nop();
       // Drop key left on the stack by IC.
       __ Drop(1);
       // Pop receiver.
@@ skipping 12 matching lines @@
   } else {
     // Call to some other expression.  If the expression is an anonymous
     // function literal not called in a loop, mark it as one that should
     // also use the fast code generator.
     FunctionLiteral* lit = fun->AsFunctionLiteral();
     if (lit != NULL &&
         lit->name()->Equals(Heap::empty_string()) &&
         loop_depth() == 0) {
       lit->set_try_fast_codegen(true);
     }
-    Visit(fun);
+    VisitForValue(fun, kStack);
     // Load global receiver object.
     __ mov(ebx, CodeGenerator::GlobalObject());
     __ push(FieldOperand(ebx, GlobalObject::kGlobalReceiverOffset));
     // Emit function call.
     EmitCallWithStub(expr);
   }
 }
 
 
 void FastCodeGenerator::VisitCallNew(CallNew* expr) {
   Comment cmnt(masm_, "[ CallNew");
   // According to ECMA-262, section 11.2.2, page 44, the function
   // expression in new calls must be evaluated before the
   // arguments.
   // Push function on the stack.
-  Visit(expr->expression());
-  ASSERT_EQ(Expression::kValue, expr->expression()->context());
+  VisitForValue(expr->expression(), kStack);
 
   // Push global object (receiver).
   __ push(CodeGenerator::GlobalObject());
 
   // Push the arguments ("left-to-right") on the stack.
   ZoneList<Expression*>* args = expr->arguments();
   int arg_count = args->length();
   for (int i = 0; i < arg_count; i++) {
-    Visit(args->at(i));
-    ASSERT_EQ(Expression::kValue, args->at(i)->context());
-    // If location is value, it is already on the stack,
-    // so nothing to do here.
+    VisitForValue(args->at(i), kStack);
   }
 
   // Call the construct call builtin that handles allocation and
   // constructor invocation.
   SetSourcePosition(expr->position());
 
   // Load function, arg_count into edi and eax.
   __ Set(eax, Immediate(arg_count));
   // Function is in esp[arg_count + 1].
   __ mov(edi, Operand(esp, eax, times_pointer_size, kPointerSize));
@@ skipping 12 matching lines @@
 
   if (expr->is_jsruntime()) {
     // Prepare for calling JS runtime function.
     __ mov(eax, CodeGenerator::GlobalObject());
     __ push(FieldOperand(eax, GlobalObject::kBuiltinsOffset));
   }
 
   // Push the arguments ("left-to-right").
   int arg_count = args->length();
   for (int i = 0; i < arg_count; i++) {
-    Visit(args->at(i));
-    ASSERT_EQ(Expression::kValue, args->at(i)->context());
+    VisitForValue(args->at(i), kStack);
   }
 
   if (expr->is_jsruntime()) {
     // Call the JS runtime function via a call IC.
     __ Set(ecx, Immediate(expr->name()));
     InLoopFlag in_loop = (loop_depth() > 0) ? IN_LOOP : NOT_IN_LOOP;
     Handle<Code> ic = CodeGenerator::ComputeCallInitialize(arg_count, in_loop);
     __ call(ic, RelocInfo::CODE_TARGET);
       // Restore context register.
     __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
   } else {
     // Call the C runtime function.
     __ CallRuntime(expr->function(), arg_count);
   }
   Apply(expr->context(), eax);
 }
 
 
 void FastCodeGenerator::VisitUnaryOperation(UnaryOperation* expr) {
   switch (expr->op()) {
     case Token::VOID: {
       Comment cmnt(masm_, "[ UnaryOperation (VOID)");
+      ASSERT_EQ(Expression::kEffect, expr->expression()->context());
       Visit(expr->expression());
-      ASSERT_EQ(Expression::kEffect, expr->expression()->context());
       switch (expr->context()) {
         case Expression::kUninitialized:
           UNREACHABLE();
           break;
         case Expression::kEffect:
           break;
         case Expression::kValue:
-          __ push(Immediate(Factory::undefined_value()));
+          switch (location_) {
+            case kAccumulator:
+              __ mov(result_register(), Factory::undefined_value());
+              break;
+            case kStack:
+              __ push(Immediate(Factory::undefined_value()));
+              break;
+          }
           break;
         case Expression::kTestValue:
           // Value is false so it's needed.
-          __ push(Immediate(Factory::undefined_value()));
+          switch (location_) {
+            case kAccumulator:
+              __ mov(result_register(), Factory::undefined_value());
+              break;
+            case kStack:
+              __ push(Immediate(Factory::undefined_value()));
+              break;
+          }
           // Fall through.
         case Expression::kTest:
         case Expression::kValueTest:
           __ jmp(false_label_);
           break;
       }
       break;
     }
 
     case Token::NOT: {
       Comment cmnt(masm_, "[ UnaryOperation (NOT)");
       ASSERT_EQ(Expression::kTest, expr->expression()->context());
 
-      Label push_true, push_false, done;
+      Label materialize_true, materialize_false, done;
+      // Initially assume a pure test context.  Notice that the labels are
+      // swapped.
+      Label* if_true = false_label_;
+      Label* if_false = true_label_;
       switch (expr->context()) {
         case Expression::kUninitialized:
           UNREACHABLE();
           break;
-
         case Expression::kEffect:
-          VisitForControl(expr->expression(), &done, &done);
-          __ bind(&done);
+          if_true = &done;
+          if_false = &done;
           break;
-
         case Expression::kValue:
-          VisitForControl(expr->expression(), &push_false, &push_true);
-          __ bind(&push_true);
-          __ push(Immediate(Factory::true_value()));
-          __ jmp(&done);
-          __ bind(&push_false);
-          __ push(Immediate(Factory::false_value()));
-          __ bind(&done);
+          if_true = &materialize_false;
+          if_false = &materialize_true;
           break;
-
         case Expression::kTest:
-          VisitForControl(expr->expression(), false_label_, true_label_);
           break;
-
         case Expression::kValueTest:
-          VisitForControl(expr->expression(), false_label_, &push_true);
-          __ bind(&push_true);
-          __ push(Immediate(Factory::true_value()));
-          __ jmp(true_label_);
+          if_false = &materialize_true;
           break;
-
         case Expression::kTestValue:
-          VisitForControl(expr->expression(), &push_false, true_label_);
-          __ bind(&push_false);
-          __ push(Immediate(Factory::false_value()));
-          __ jmp(false_label_);
+          if_true = &materialize_false;
           break;
       }
+      VisitForControl(expr->expression(), if_true, if_false);
+      Apply(expr->context(), if_false, if_true);  // Labels swapped.
       break;
     }
 
     case Token::TYPEOF: {
       Comment cmnt(masm_, "[ UnaryOperation (TYPEOF)");
       ASSERT_EQ(Expression::kValue, expr->expression()->context());
 
       VariableProxy* proxy = expr->expression()->AsVariableProxy();
       if (proxy != NULL &&
           !proxy->var()->is_this() &&
           proxy->var()->is_global()) {
         Comment cmnt(masm_, "Global variable");
         __ push(CodeGenerator::GlobalObject());
         __ mov(ecx, Immediate(proxy->name()));
         Handle<Code> ic(Builtins::builtin(Builtins::LoadIC_Initialize));
         // Use a regular load, not a contextual load, to avoid a reference
         // error.
         __ call(ic, RelocInfo::CODE_TARGET);
         __ mov(Operand(esp, 0), eax);
       } else if (proxy != NULL &&
                  proxy->var()->slot() != NULL &&
                  proxy->var()->slot()->type() == Slot::LOOKUP) {
         __ push(esi);
         __ push(Immediate(proxy->name()));
         __ CallRuntime(Runtime::kLoadContextSlotNoReferenceError, 2);
         __ push(eax);
       } else {
         // This expression cannot throw a reference error at the top level.
-        Visit(expr->expression());
+        VisitForValue(expr->expression(), kStack);
       }
 
       __ CallRuntime(Runtime::kTypeof, 1);
       Apply(expr->context(), eax);
       break;
     }
 
     default:
       UNREACHABLE();
   }
@@ skipping 12 matching lines @@
   // of the key to detect a named property.
   if (prop != NULL) {
     assign_type = (prop->key()->context() == Expression::kUninitialized)
         ? NAMED_PROPERTY
         : KEYED_PROPERTY;
   }
 
   // Evaluate expression and get value.
   if (assign_type == VARIABLE) {
     ASSERT(expr->expression()->AsVariableProxy()->var() != NULL);
+    Location saved_location = location_;
+    location_ = kStack;
     EmitVariableLoad(expr->expression()->AsVariableProxy()->var(),
                      Expression::kValue);
+    location_ = saved_location;
   } else  {
     // Reserve space for result of postfix operation.
     if (expr->is_postfix() && expr->context() != Expression::kEffect) {
       ASSERT(expr->context() != Expression::kUninitialized);
       __ push(Immediate(Smi::FromInt(0)));
     }
-    Visit(prop->obj());
-    ASSERT_EQ(Expression::kValue, prop->obj()->context());
+    VisitForValue(prop->obj(), kStack);
     if (assign_type == NAMED_PROPERTY) {
       EmitNamedPropertyLoad(prop);
     } else {
-      Visit(prop->key());
-      ASSERT_EQ(Expression::kValue, prop->key()->context());
+      VisitForValue(prop->key(), kStack);
       EmitKeyedPropertyLoad(prop);
     }
     __ push(eax);
   }
 
   // Convert to number.
   __ InvokeBuiltin(Builtins::TO_NUMBER, CALL_FUNCTION);
 
   // Save result for postfix expressions.
   if (expr->is_postfix()) {
     switch (expr->context()) {
       case Expression::kUninitialized:
         UNREACHABLE();
       case Expression::kEffect:
         // Do not save result.
         break;
       case Expression::kValue:
       case Expression::kTest:
+      case Expression::kValueTest:
       case Expression::kTestValue:
-      case Expression::kValueTest:
         // Save the result on the stack. If we have a named or keyed property
         // we store the result under the receiver that is currently on top
         // of the stack.
         switch (assign_type) {
           case VARIABLE:
             __ push(eax);
             break;
           case NAMED_PROPERTY:
             __ mov(Operand(esp, kPointerSize), eax);
             break;
           case KEYED_PROPERTY:
             __ mov(Operand(esp, 2 * kPointerSize), eax);
             break;
         }
         break;
     }
   }
 
   // Call stub for +1/-1.
   __ push(eax);
   __ push(Immediate(Smi::FromInt(1)));
   GenericBinaryOpStub stub(expr->binary_op(),
                            NO_OVERWRITE,
                            NO_GENERIC_BINARY_FLAGS);
   __ CallStub(&stub);
 
   // Store the value returned in eax.
   switch (assign_type) {
     case VARIABLE:
-      __ push(eax);
       if (expr->is_postfix()) {
         EmitVariableAssignment(expr->expression()->AsVariableProxy()->var(),
                                Expression::kEffect);
         // For all contexts except kEffect: We have the result on
         // top of the stack.
         if (expr->context() != Expression::kEffect) {
           ApplyTOS(expr->context());
         }
       } else {
         EmitVariableAssignment(expr->expression()->AsVariableProxy()->var(),
@@ skipping 55 matching lines @@
     case Token::ADD:
     case Token::SUB:
     case Token::DIV:
     case Token::MOD:
     case Token::MUL:
     case Token::BIT_OR:
     case Token::BIT_AND:
     case Token::BIT_XOR:
     case Token::SHL:
     case Token::SHR:
-    case Token::SAR: {
-      ASSERT_EQ(Expression::kValue, expr->left()->context());
-      ASSERT_EQ(Expression::kValue, expr->right()->context());
+    case Token::SAR:
+      VisitForValue(expr->left(), kStack);
+      VisitForValue(expr->right(), kAccumulator);
+      EmitBinaryOp(expr->op(), expr->context());
+      break;
 
-      Visit(expr->left());
-      Visit(expr->right());
-      GenericBinaryOpStub stub(expr->op(),
-                               NO_OVERWRITE,
-                               NO_GENERIC_BINARY_FLAGS);
-      __ CallStub(&stub);
-      Apply(expr->context(), eax);
-
-      break;
-    }
     default:
       UNREACHABLE();
   }
 }
 
 
 void FastCodeGenerator::VisitCompareOperation(CompareOperation* expr) {
   Comment cmnt(masm_, "[ CompareOperation");
-  ASSERT_EQ(Expression::kValue, expr->left()->context());
-  ASSERT_EQ(Expression::kValue, expr->right()->context());
-  Visit(expr->left());
-  Visit(expr->right());
 
   // Always perform the comparison for its control flow.  Pack the result
   // into the expression's context after the comparison is performed.
-  Label push_true, push_false, done;
+  Label materialize_true, materialize_false, done;
   // Initially assume we are in a test context.
   Label* if_true = true_label_;
   Label* if_false = false_label_;
   switch (expr->context()) {
     case Expression::kUninitialized:
       UNREACHABLE();
       break;
     case Expression::kEffect:
       if_true = &done;
       if_false = &done;
       break;
     case Expression::kValue:
-      if_true = &push_true;
-      if_false = &push_false;
+      if_true = &materialize_true;
+      if_false = &materialize_false;
       break;
     case Expression::kTest:
       break;
     case Expression::kValueTest:
-      if_true = &push_true;
+      if_true = &materialize_true;
       break;
     case Expression::kTestValue:
-      if_false = &push_false;
+      if_false = &materialize_false;
       break;
   }
 
+  VisitForValue(expr->left(), kStack);
   switch (expr->op()) {
-    case Token::IN: {
+    case Token::IN:
+      VisitForValue(expr->right(), kStack);
       __ InvokeBuiltin(Builtins::IN, CALL_FUNCTION);
       __ cmp(eax, Factory::true_value());
       __ j(equal, if_true);
       __ jmp(if_false);
       break;
-    }
 
     case Token::INSTANCEOF: {
+      VisitForValue(expr->right(), kStack);
       InstanceofStub stub;
       __ CallStub(&stub);
       __ test(eax, Operand(eax));
       __ j(zero, if_true);  // The stub returns 0 for true.
       __ jmp(if_false);
       break;
     }
 
     default: {
+      VisitForValue(expr->right(), kAccumulator);
       Condition cc = no_condition;
       bool strict = false;
       switch (expr->op()) {
         case Token::EQ_STRICT:
           strict = true;
           // Fall through
         case Token::EQ:
           cc = equal;
-          __ pop(eax);
           __ pop(edx);
           break;
         case Token::LT:
           cc = less;
-          __ pop(eax);
           __ pop(edx);
           break;
         case Token::GT:
           // Reverse left and right sizes to obtain ECMA-262 conversion order.
           cc = less;
-          __ pop(edx);
+          __ mov(edx, result_register());
           __ pop(eax);
          break;
         case Token::LTE:
           // Reverse left and right sizes to obtain ECMA-262 conversion order.
           cc = greater_equal;
-          __ pop(edx);
+          __ mov(edx, result_register());
           __ pop(eax);
           break;
         case Token::GTE:
           cc = greater_equal;
-          __ pop(eax);
           __ pop(edx);
           break;
         case Token::IN:
         case Token::INSTANCEOF:
         default:
           UNREACHABLE();
       }
 
       // The comparison stub expects the smi vs. smi case to be handled
       // before it is called.
@@ skipping 10 matching lines @@
       CompareStub stub(cc, strict);
       __ CallStub(&stub);
       __ test(eax, Operand(eax));
       __ j(cc, if_true);
       __ jmp(if_false);
     }
   }
 
   // Convert the result of the comparison into one expected for this
   // expression's context.
-  switch (expr->context()) {
-    case Expression::kUninitialized:
-      UNREACHABLE();
-      break;
-
-    case Expression::kEffect:
-      __ bind(&done);
-      break;
-
-    case Expression::kValue:
-      __ bind(&push_true);
-      __ push(Immediate(Factory::true_value()));
-      __ jmp(&done);
-      __ bind(&push_false);
-      __ push(Immediate(Factory::false_value()));
-      __ bind(&done);
-      break;
-
-    case Expression::kTest:
-      break;
-
-    case Expression::kValueTest:
-      __ bind(&push_true);
-      __ push(Immediate(Factory::true_value()));
-      __ jmp(true_label_);
-      break;
-
-    case Expression::kTestValue:
-      __ bind(&push_false);
-      __ push(Immediate(Factory::false_value()));
-      __ jmp(false_label_);
-      break;
-  }
+  Apply(expr->context(), if_true, if_false);
 }
 
 
 void FastCodeGenerator::VisitThisFunction(ThisFunction* expr) {
   __ mov(eax, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
   Apply(expr->context(), eax);
 }
 
 
 Register FastCodeGenerator::result_register() { return eax; }
@@ skipping 40 matching lines @@
   __ add(Operand(edx), Immediate(masm_->CodeObject()));
   __ mov(Operand(esp, 0), edx);
   // And return.
   __ ret(0);
 }
 
 
 #undef __
 
 } }  // namespace v8::internal