Moved the function GetValue from the code generator to the Reference...

src/codegen-ia32.cc

 // Copyright 2006-2008 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 39 matching lines @@
 // Reference support
 
 // A reference is a C++ stack-allocated object that keeps an ECMA
 // reference on the execution stack while in scope. For variables
 // the reference is empty, indicating that it isn't necessary to
 // store state on the stack for keeping track of references to those.
 // For properties, we keep either one (named) or two (indexed) values
 // on the execution stack to represent the reference.
 
 enum InitState { CONST_INIT, NOT_CONST_INIT };
+enum TypeofState { INSIDE_TYPEOF, NOT_INSIDE_TYPEOF };
 
 class Reference BASE_EMBEDDED {
  public:
   // The values of the types is important, see size().
   enum Type { ILLEGAL = -1, SLOT = 0, NAMED = 1, KEYED = 2 };
   Reference(Ia32CodeGenerator* cgen, Expression* expression);
   ~Reference();
 
   Expression* expression() const { return expression_; }
   Type type() const { return type_; }
   void set_type(Type value) {
     ASSERT(type_ == ILLEGAL);
     type_ = value;
   }
 
   // The size of the reference or -1 if the reference is illegal.
   int size() const { return type_; }
 
   bool is_illegal() const { return type_ == ILLEGAL; }
   bool is_slot() const { return type_ == SLOT; }
   bool is_property() const { return type_ == NAMED || type_ == KEYED; }
 
+  // Return the name.  Only valid for named property references.
+  Handle<String> GetName();
+
+  // Generate code to push the value of the reference on top of the
+  // expression stack.  The reference is expected to be already on top of
+  // the expression stack, and it is left in place with its value above it.
+  void GetValue(TypeofState typeof_state);
+
+  // Generate code to store the value on top of the expression stack in the
+  // reference.  The reference is expected to be immediately below the value
+  // on the expression stack.  The stored value is left in place (with the
+  // reference intact below it) to support chained assignments.
   void SetValue(InitState init_state);
 
  private:
   Ia32CodeGenerator* cgen_;
   Expression* expression_;
   Type type_;
 };
 
 
 // -------------------------------------------------------------------------
 // Code generation state
 
 // The state is passed down the AST by the code generator (and back up, in
 // the form of the state of the label pair).  It is threaded through the
 // call stack.  Constructing a state implicitly pushes it on the owning code
 // generator's stack of states, and destroying one implicitly pops it.
 
 class CodeGenState BASE_EMBEDDED {
  public:
-  enum AccessType {
-    UNDEFINED,
-    LOAD,
-    LOAD_TYPEOF_EXPR
-  };
-
   // Create an initial code generator state.  Destroying the initial state
   // leaves the code generator with a NULL state.
   explicit CodeGenState(Ia32CodeGenerator* owner);
 
   // Create a code generator state based on a code generator's current
-  // state.  The new state has its own access type and pair of branch
-  // labels, and no reference.
+  // state.  The new state has its own typeof state and pair of branch
+  // labels.
   CodeGenState(Ia32CodeGenerator* owner,
-               AccessType access,
+               TypeofState typeof_state,
                Label* true_target,
                Label* false_target);
 
-  // Create a code generator state based on a code generator's current
-  // state.  The new state has an access type of LOAD, its own reference,
-  // and inherits the pair of branch labels of the current state.
-  CodeGenState(Ia32CodeGenerator* owner, Reference* ref);
-
   // Destroy a code generator state and restore the owning code generator's
   // previous state.
   ~CodeGenState();
 
-  AccessType access() const { return access_; }
-  Reference* ref() const { return ref_; }
+  TypeofState typeof_state() const { return typeof_state_; }
   Label* true_target() const { return true_target_; }
   Label* false_target() const { return false_target_; }
 
  private:
   Ia32CodeGenerator* owner_;
-  AccessType access_;
-  Reference* ref_;
+  TypeofState typeof_state_;
   Label* true_target_;
   Label* false_target_;
   CodeGenState* previous_;
 };
 
 
 // -----------------------------------------------------------------------------
 // Ia32CodeGenerator
 
 class Ia32CodeGenerator: public CodeGenerator {
@@ skipping 31 matching lines @@
 
   // Main code generation function
   void GenCode(FunctionLiteral* fun);
 
   // The following are used by class Reference.
   void LoadReference(Reference* ref);
   void UnloadReference(Reference* ref);
 
   // State
   bool has_cc() const  { return cc_reg_ >= 0; }
-  CodeGenState::AccessType access() const  { return state_->access(); }
-  Reference* ref() const  { return state_->ref(); }
-  bool is_referenced() const { return state_->ref() != NULL; }
+  TypeofState typeof_state() const { return state_->typeof_state(); }
   Label* true_target() const  { return state_->true_target(); }
   Label* false_target() const  { return state_->false_target(); }
 
   // Expressions
   Operand GlobalObject() const {
     return ContextOperand(esi, Context::GLOBAL_INDEX);
   }
 
   // Support functions for accessing parameters.
   Operand ParameterOperand(int index) const {
     int num_parameters = scope()->num_parameters();
     ASSERT(-2 <= index && index < num_parameters);
     return Operand(ebp, (1 + num_parameters - index) * kPointerSize);
   }
 
   Operand ReceiverOperand() const { return ParameterOperand(-1); }
 
   Operand FunctionOperand() const {
     return Operand(ebp, JavaScriptFrameConstants::kFunctionOffset);
   }
 
   Operand ContextOperand(Register context, int index) const {
     return Operand(context, Context::SlotOffset(index));
   }
 
   Operand SlotOperand(Slot* slot, Register tmp);
 
   void LoadCondition(Expression* x,
-                     CodeGenState::AccessType access,
+                     TypeofState typeof_state,
                      Label* true_target,
                      Label* false_target,
                      bool force_cc);
-  void Load(Expression* x,
-            CodeGenState::AccessType access = CodeGenState::LOAD);
+  void Load(Expression* x, TypeofState typeof_state = NOT_INSIDE_TYPEOF);
   void LoadGlobal();
 
+  // Read a value from a slot and leave it on top of the expression stack.
+  void LoadFromSlot(Slot* slot, TypeofState typeof_state);
+
   // Special code for typeof expressions: Unfortunately, we must
   // be careful when loading the expression in 'typeof'
   // expressions. We are not allowed to throw reference errors for
   // non-existing properties of the global object, so we must make it
   // look like an explicit property access, instead of an access
   // through the context chain.
   void LoadTypeofExpression(Expression* x);
 
-  // References
-
-  // Generate code to fetch the value of a reference.  The reference is
-  // expected to be on top of the expression stack.  It is left in place and
-  // its value is pushed on top of it.
-  void GetValue(Reference* ref) {
-    ASSERT(!has_cc());
-    ASSERT(!ref->is_illegal());
-    CodeGenState new_state(this, ref);
-    Visit(ref->expression());
-  }
-
-  // Generate code to fetch a value from a property of a reference.  The
-  // reference is expected on top of the expression stack.  It is left in
-  // place and its value is pushed on top of it.
-  void GetReferenceProperty(Expression* key);
-
   void ToBoolean(Label* true_target, Label* false_target);
 
   void GenericBinaryOperation(
       Token::Value op,
       const OverwriteMode overwrite_mode = NO_OVERWRITE);
   void Comparison(Condition cc, bool strict = false);
 
   // Inline small integer literals. To prevent long attacker-controlled byte
   // sequences, we only inline small Smi:s.
   static const int kMaxSmiInlinedBits = 16;
@@ skipping 71 matching lines @@
   friend class VariableProxy;
   friend class Slot;
 };
 
 
 // -------------------------------------------------------------------------
 // CodeGenState implementation.
 
 CodeGenState::CodeGenState(Ia32CodeGenerator* owner)
     : owner_(owner),
-      access_(UNDEFINED),
-      ref_(NULL),
+      typeof_state_(NOT_INSIDE_TYPEOF),
       true_target_(NULL),
       false_target_(NULL),
       previous_(NULL) {
   owner_->set_state(this);
 }
 
 
 CodeGenState::CodeGenState(Ia32CodeGenerator* owner,
-                           AccessType access,
+                           TypeofState typeof_state,
                            Label* true_target,
                            Label* false_target)
     : owner_(owner),
-      access_(access),
-      ref_(NULL),
+      typeof_state_(typeof_state),
       true_target_(true_target),
       false_target_(false_target),
       previous_(owner->state()) {
   owner_->set_state(this);
 }
 
 
-CodeGenState::CodeGenState(Ia32CodeGenerator* owner, Reference* ref)
-    : owner_(owner),
-      access_(LOAD),
-      ref_(ref),
-      true_target_(owner->state()->true_target_),
-      false_target_(owner->state()->false_target_),
-      previous_(owner->state()) {
-  owner_->set_state(this);
-}
-
-
 CodeGenState::~CodeGenState() {
   ASSERT(owner_->state() == this);
   owner_->set_state(previous_);
 }
 
 
 // -----------------------------------------------------------------------------
 // Ia32CodeGenerator implementation
 
 #define __ masm_->
@@ skipping 365 matching lines @@
   }
 }
 
 
 // Loads a value on TOS. If it is a boolean value, the result may have been
 // (partially) translated into branches, or it may have set the condition code
 // register. If force_cc is set, the value is forced to set the condition code
 // register and no value is pushed. If the condition code register was set,
 // has_cc() is true and cc_reg_ contains the condition to test for 'true'.
 void Ia32CodeGenerator::LoadCondition(Expression* x,
-                                      CodeGenState::AccessType access,
+                                      TypeofState typeof_state,
                                       Label* true_target,
                                       Label* false_target,
                                       bool force_cc) {
-  ASSERT(access == CodeGenState::LOAD ||
-         access == CodeGenState::LOAD_TYPEOF_EXPR);
-  ASSERT(!has_cc() && !is_referenced());
+  ASSERT(!has_cc());
 
-  { CodeGenState new_state(this, access, true_target, false_target);
+  { CodeGenState new_state(this, typeof_state, true_target, false_target);
     Visit(x);
   }
   if (force_cc && !has_cc()) {
     ToBoolean(true_target, false_target);
   }
   ASSERT(has_cc() || !force_cc);
 }
 
 
-void Ia32CodeGenerator::Load(Expression* x, CodeGenState::AccessType access) {
-  ASSERT(access == CodeGenState::LOAD ||
-         access == CodeGenState::LOAD_TYPEOF_EXPR);
-
+void Ia32CodeGenerator::Load(Expression* x, TypeofState typeof_state) {
   Label true_target;
   Label false_target;
-  LoadCondition(x, access, &true_target, &false_target, false);
+  LoadCondition(x, typeof_state, &true_target, &false_target, false);
 
   if (has_cc()) {
     // convert cc_reg_ into a bool
 
     Label loaded, materialize_true;
     __ j(cc_reg_, &materialize_true);
     __ push(Immediate(Factory::false_value()));
     __ jmp(&loaded);
     __ bind(&materialize_true);
     __ push(Immediate(Factory::true_value()));
@@ skipping 28 matching lines @@
   ASSERT(!has_cc());
 }
 
 
 void Ia32CodeGenerator::LoadGlobal() {
   __ push(GlobalObject());
 }
 
 
 // TODO(1241834): Get rid of this function in favor of just using Load, now
-// that we have the LOAD_TYPEOF_EXPR access type. => Need to handle
-// global variables w/o reference errors elsewhere.
+// that we have the INSIDE_TYPEOF typeof state. => Need to handle global
+// variables w/o reference errors elsewhere.
 void Ia32CodeGenerator::LoadTypeofExpression(Expression* x) {
   Variable* variable = x->AsVariableProxy()->AsVariable();
   if (variable != NULL && !variable->is_this() && variable->is_global()) {
     // NOTE: This is somewhat nasty. We force the compiler to load
     // the variable as if through '<global>.<variable>' to make sure we
     // do not get reference errors.
     Slot global(variable, Slot::CONTEXT, Context::GLOBAL_INDEX);
     Literal key(variable->name());
     // TODO(1241834): Fetch the position from the variable instead of using
     // no position.
     Property property(&global, &key, RelocInfo::kNoPosition);
     Load(&property);
   } else {
-    Load(x, CodeGenState::LOAD_TYPEOF_EXPR);
+    Load(x, INSIDE_TYPEOF);
   }
 }
 
 
 Reference::Reference(Ia32CodeGenerator* cgen, Expression* expression)
     : cgen_(cgen), expression_(expression), type_(ILLEGAL) {
   cgen->LoadReference(this);
 }
 
 
 Reference::~Reference() {
   cgen_->UnloadReference(this);
 }
 
 
 void Ia32CodeGenerator::LoadReference(Reference* ref) {
+  Comment cmnt(masm_, "[ LoadReference");
   Expression* e = ref->expression();
   Property* property = e->AsProperty();
   Variable* var = e->AsVariableProxy()->AsVariable();
 
   if (property != NULL) {
     // The expression is either a property or a variable proxy that rewrites
     // to a property.
     Load(property->obj());
     // We use a named reference if the key is a literal symbol, unless it is
     // a string that can be legally parsed as an integer.  This is because
@@ skipping 21 matching lines @@
     }
   } else {
     // Anything else is a runtime error.
     Load(e);
     __ CallRuntime(Runtime::kThrowReferenceError, 1);
   }
 }
 
 
 void Ia32CodeGenerator::UnloadReference(Reference* ref) {
-  // Pop n references on the stack while preserving TOS
+  // Pop a reference from the stack while preserving TOS.
   Comment cmnt(masm_, "[ UnloadReference");
   int size = ref->size();
   if (size <= 0) {
     // Do nothing. No popping is necessary.
   } else if (size == 1) {
     __ pop(eax);
     __ mov(TOS, eax);
   } else {
     __ pop(eax);
     __ add(Operand(esp), Immediate(size * kPointerSize));
@@ skipping 59 matching lines @@
   ToBooleanStub stub;
   __ CallStub(&stub);
   // Convert result (eax) to condition code.
   __ test(eax, Operand(eax));
 
   ASSERT(not_equal == not_zero);
   cc_reg_ = not_equal;
 }
 
 
-void Ia32CodeGenerator::GetReferenceProperty(Expression* key) {
-  ASSERT(!ref()->is_illegal());
-
-  // TODO(1241834): Make sure that this it is safe to ignore the distinction
-  // between access types LOAD and LOAD_TYPEOF_EXPR. If there is a chance
-  // that reference errors can be thrown below, we must distinguish between
-  // the two kinds of loads (typeof expression loads must not throw a
-  // reference error).
-  if (ref()->type() == Reference::NAMED) {
-    // Compute the name of the property.
-    Literal* literal = key->AsLiteral();
-    Handle<String> name(String::cast(*literal->handle()));
-
-    Handle<Code> ic(Builtins::builtin(Builtins::LoadIC_Initialize));
-    Variable* var = ref()->expression()->AsVariableProxy()->AsVariable();
-    // Setup the name register.
-    __ Set(ecx, Immediate(name));
-    if (var != NULL) {
-      ASSERT(var->is_global());
-      __ call(ic, RelocInfo::CODE_TARGET_CONTEXT);
-    } else {
-      __ call(ic, RelocInfo::CODE_TARGET);
-    }
-  } else {
-    // Access keyed property.
-    ASSERT(ref()->type() == Reference::KEYED);
-
-    // Call IC code.
-    Handle<Code> ic(Builtins::builtin(Builtins::KeyedLoadIC_Initialize));
-    Variable* var = ref()->expression()->AsVariableProxy()->AsVariable();
-    if (var != NULL) {
-      ASSERT(var->is_global());
-      __ call(ic, RelocInfo::CODE_TARGET_CONTEXT);
-    } else {
-      __ call(ic, RelocInfo::CODE_TARGET);
-    }
-  }
-  __ push(eax);  // IC call leaves result in eax, push it out
-}
-
-
 class FloatingPointHelper : public AllStatic {
  public:
   // Code pattern for loading floating point values. Input values must
   // be either smi or heap number objects (fp values). Requirements:
   // operand_1 on TOS+1 , operand_2 on TOS+2; Returns operands as
   // floating point numbers on FPU stack.
   static void LoadFloatOperands(MacroAssembler* masm, Register scratch);
   // Test if operands are smi or number objects (fp). Requirements:
   // operand_1 in eax, operand_2 in edx; falls through on float
   // operands, jumps to the non_float label otherwise.
@@ skipping 630 matching lines @@
   Major MajorKey() { return CallFunction; }
   int MinorKey() { return argc_; }
 };
 
 
 // Call the function just below TOS on the stack with the given
 // arguments. The receiver is the TOS.
 void Ia32CodeGenerator::CallWithArguments(ZoneList<Expression*>* args,
                                           int position) {
   // Push the arguments ("left-to-right") on the stack.
-  for (int i = 0; i < args->length(); i++) Load(args->at(i));
+  for (int i = 0; i < args->length(); i++) {
+    Load(args->at(i));
+  }

[iposva, 2008/10/07 19:43:31]

Thanks!

 
   // Record the position for debugging purposes.
   __ RecordPosition(position);
 
   // Use the shared code stub to call the function.
   CallFunctionStub call_function(args->length());
   __ CallStub(&call_function);
 
   // Restore context and pop function from the stack.
   __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
@@ skipping 124 matching lines @@
   // parts of the if statement are present or not.
   bool has_then_stm = node->HasThenStatement();
   bool has_else_stm = node->HasElseStatement();
 
   RecordStatementPosition(node);
   Label exit;
   if (has_then_stm && has_else_stm) {
     Label then;
     Label else_;
     // if (cond)
-    LoadCondition(node->condition(), CodeGenState::LOAD, &then, &else_, true);
+    LoadCondition(node->condition(), NOT_INSIDE_TYPEOF, &then, &else_, true);
     Branch(false, &else_);
     // then
     __ bind(&then);
     Visit(node->then_statement());
     __ jmp(&exit);
     // else
     __ bind(&else_);
     Visit(node->else_statement());
 
   } else if (has_then_stm) {
     ASSERT(!has_else_stm);
     Label then;
     // if (cond)
-    LoadCondition(node->condition(), CodeGenState::LOAD, &then, &exit, true);
+    LoadCondition(node->condition(), NOT_INSIDE_TYPEOF, &then, &exit, true);
     Branch(false, &exit);
     // then
     __ bind(&then);
     Visit(node->then_statement());
 
   } else if (has_else_stm) {
     ASSERT(!has_then_stm);
     Label else_;
     // if (!cond)
-    LoadCondition(node->condition(), CodeGenState::LOAD, &exit, &else_, true);
+    LoadCondition(node->condition(), NOT_INSIDE_TYPEOF, &exit, &else_, true);
     Branch(true, &exit);
     // else
     __ bind(&else_);
     Visit(node->else_statement());
 
   } else {
     ASSERT(!has_then_stm && !has_else_stm);
     // if (cond)
-    LoadCondition(node->condition(), CodeGenState::LOAD, &exit, &exit, false);
+    LoadCondition(node->condition(), NOT_INSIDE_TYPEOF, &exit, &exit, false);
     if (has_cc()) {
       cc_reg_ = no_condition;
     } else {
       // No cc value set up, that means the boolean was pushed.
       // Pop it again, since it is not going to be used.
       __ pop(eax);
     }
   }
 
   // end
@@ skipping 264 matching lines @@
 
   // cond
   __ bind(&entry);
   switch (info) {
     case ALWAYS_TRUE:
       __ jmp(&loop);
       break;
     case ALWAYS_FALSE:
       break;
     case DONT_KNOW:
-      LoadCondition(node->cond(), CodeGenState::LOAD, &loop,
+      LoadCondition(node->cond(), NOT_INSIDE_TYPEOF, &loop,
                     node->break_target(), true);
       Branch(true, &loop);
       break;
   }
 
   // exit
   __ bind(node->break_target());
 }
 
 
@@ skipping 448 matching lines @@
 void Ia32CodeGenerator::VisitFunctionBoilerplateLiteral(
     FunctionBoilerplateLiteral* node) {
   Comment cmnt(masm_, "[ FunctionBoilerplateLiteral");
   InstantiateBoilerplate(node->boilerplate());
 }
 
 
 void Ia32CodeGenerator::VisitConditional(Conditional* node) {
   Comment cmnt(masm_, "[ Conditional");
   Label then, else_, exit;
-  LoadCondition(node->condition(), CodeGenState::LOAD, &then, &else_, true);
+  LoadCondition(node->condition(), NOT_INSIDE_TYPEOF, &then, &else_, true);
   Branch(false, &else_);
   __ bind(&then);
-  Load(node->then_expression(), access());
+  Load(node->then_expression(), typeof_state());
   __ jmp(&exit);
   __ bind(&else_);
-  Load(node->else_expression(), access());
+  Load(node->else_expression(), typeof_state());
   __ bind(&exit);
 }
 
 
-void Ia32CodeGenerator::VisitSlot(Slot* node) {
-  ASSERT(access() != CodeGenState::UNDEFINED);
-  Comment cmnt(masm_, "[ Slot");
-
-  if (node->type() == Slot::LOOKUP) {
-    ASSERT(node->var()->mode() == Variable::DYNAMIC);
+void Ia32CodeGenerator::LoadFromSlot(Slot* slot, TypeofState typeof_state) {
+  if (slot->type() == Slot::LOOKUP) {
+    ASSERT(slot->var()->mode() == Variable::DYNAMIC);
 
     // For now, just do a runtime call.
-    __ push(Operand(esi));
-    __ push(Immediate(node->var()->name()));
+    __ push(esi);
+    __ push(Immediate(slot->var()->name()));
 
-    if (access() == CodeGenState::LOAD) {
+    if (typeof_state == INSIDE_TYPEOF) {
+      __ CallRuntime(Runtime::kLoadContextSlotNoReferenceError, 2);
+    } else {
       __ CallRuntime(Runtime::kLoadContextSlot, 2);
-    } else {
-      ASSERT(access() == CodeGenState::LOAD_TYPEOF_EXPR);
-      __ CallRuntime(Runtime::kLoadContextSlotNoReferenceError, 2);
     }
     __ push(eax);
 
   } else {
     // Note: We would like to keep the assert below, but it fires because of
     // some nasty code in LoadTypeofExpression() which should be removed...
-    // ASSERT(node->var()->mode() != Variable::DYNAMIC);
-
-    if (node->var()->mode() == Variable::CONST) {
+    // ASSERT(slot->var()->mode() != Variable::DYNAMIC);
+    if (slot->var()->mode() == Variable::CONST) {
       // Const slots may contain 'the hole' value (the constant hasn't been
       // initialized yet) which needs to be converted into the 'undefined'
       // value.
       Comment cmnt(masm_, "[ Load const");
-      Label L;
-      __ mov(eax, SlotOperand(node, ecx));
+      Label exit;
+      __ mov(eax, SlotOperand(slot, ecx));
       __ cmp(eax, Factory::the_hole_value());
-      __ j(not_equal, &L);
+      __ j(not_equal, &exit);
       __ mov(eax, Factory::undefined_value());
-      __ bind(&L);
+      __ bind(&exit);
       __ push(eax);
     } else {
-      __ push(SlotOperand(node, ecx));
+      __ push(SlotOperand(slot, ecx));
     }
   }
 }
 
 
+void Ia32CodeGenerator::VisitSlot(Slot* node) {
+  Comment cmnt(masm_, "[ Slot");
+  LoadFromSlot(node, typeof_state());
+}
+
+
 void Ia32CodeGenerator::VisitVariableProxy(VariableProxy* node) {
   Comment cmnt(masm_, "[ VariableProxy");
-  Variable* var_node = node->var();
-
-  Expression* expr = var_node->rewrite();
+  Variable* var = node->var();
+  Expression* expr = var->rewrite();
   if (expr != NULL) {
     Visit(expr);
   } else {
-    ASSERT(var_node->is_global());
-    if (is_referenced()) {
-      if (var_node->AsProperty() != NULL) {
-        __ RecordPosition(var_node->AsProperty()->position());
-      }
-      GetReferenceProperty(new Literal(var_node->name()));
-    } else {
-      Reference property(this, node);
-      GetValue(&property);
-    }
+    ASSERT(var->is_global());
+    Reference ref(this, node);
+    ref.GetValue(typeof_state());
   }
 }
 
 
 void Ia32CodeGenerator::VisitLiteral(Literal* node) {
   Comment cmnt(masm_, "[ Literal");
   if (node->handle()->IsSmi() && !IsInlineSmi(node)) {
     // To prevent long attacker-controlled byte sequences in code, larger
     // Smis are loaded in two steps.
     int bits = reinterpret_cast<int>(*node->handle());
@@ skipping 242 matching lines @@
   RecordStatementPosition(node);
   Reference target(this, node->target());
   if (target.is_illegal()) return;
 
   if (node->op() == Token::ASSIGN ||
       node->op() == Token::INIT_VAR ||
       node->op() == Token::INIT_CONST) {
     Load(node->value());
 
   } else {
-    GetValue(&target);
+    target.GetValue(NOT_INSIDE_TYPEOF);
     Literal* literal = node->value()->AsLiteral();
     if (IsInlineSmi(literal)) {
       SmiOperation(node->binary_op(), literal->handle(), false, NO_OVERWRITE);
     } else {
       Load(node->value());
       GenericBinaryOperation(node->binary_op());
     }
   }
 
   Variable* var = node->target()->AsVariableProxy()->AsVariable();
@@ skipping 20 matching lines @@
 
   Load(node->exception());
   __ RecordPosition(node->position());
   __ CallRuntime(Runtime::kThrow, 1);
   __ push(eax);
 }
 
 
 void Ia32CodeGenerator::VisitProperty(Property* node) {
   Comment cmnt(masm_, "[ Property");
-
-  if (is_referenced()) {
-    __ RecordPosition(node->position());
-    GetReferenceProperty(node->key());
-  } else {
-    Reference property(this, node);
-    __ RecordPosition(node->position());
-    GetValue(&property);
-  }
+  Reference property(this, node);
+  property.GetValue(typeof_state());
 }
 
 
 void Ia32CodeGenerator::VisitCall(Call* node) {
   Comment cmnt(masm_, "[ Call");
 
   ZoneList<Expression*>* args = node->arguments();
 
   RecordStatementPosition(node);
 
@@ skipping 78 matching lines @@
       // Overwrite the function on the stack with the result.
       __ mov(TOS, eax);
 
     } else {
       // -------------------------------------------
       // JavaScript example: 'array[index](1, 2, 3)'
       // -------------------------------------------
 
       // Load the function to call from the property through a reference.
       Reference ref(this, property);
-      GetValue(&ref);
+      ref.GetValue(NOT_INSIDE_TYPEOF);
 
       // Pass receiver to called function.
       // The reference's size is non-negative.
       __ push(Operand(esp, ref.size() * kPointerSize));
 
       // Call the function.
       CallWithArguments(args, node->position());
     }
 
   } else {
@@ skipping 345 matching lines @@
   }
 }
 
 
 void Ia32CodeGenerator::VisitUnaryOperation(UnaryOperation* node) {
   Comment cmnt(masm_, "[ UnaryOperation");
 
   Token::Value op = node->op();
 
   if (op == Token::NOT) {
-    LoadCondition(node->expression(), CodeGenState::LOAD,
+    LoadCondition(node->expression(), NOT_INSIDE_TYPEOF,
                   false_target(), true_target(), true);
     cc_reg_ = NegateCondition(cc_reg_);
 
   } else if (op == Token::DELETE) {
     Property* property = node->expression()->AsProperty();
     if (property != NULL) {
       Load(property->obj());
       Load(property->key());
       __ InvokeBuiltin(Builtins::DELETE, CALL_FUNCTION);
       __ push(eax);
@@ skipping 200 matching lines @@
   bool is_increment = node->op() == Token::INC;
 
   Variable* var = node->expression()->AsVariableProxy()->AsVariable();
   bool is_const = (var != NULL && var->mode() == Variable::CONST);
 
   // Postfix: Make room for the result.
   if (is_postfix) __ push(Immediate(0));
 
   { Reference target(this, node->expression());
     if (target.is_illegal()) return;
-    GetValue(&target);
+    target.GetValue(NOT_INSIDE_TYPEOF);
 
     int result_offset = target.size() * kPointerSize;
     CountOperationDeferred* deferred =
         new CountOperationDeferred(this, is_postfix,
                                    is_increment, result_offset);
 
     __ pop(eax);  // Load TOS into eax for calculations below
 
     // Postfix: Store the old value as the result.
     if (is_postfix) __ mov(Operand(esp, result_offset), eax);
@@ skipping 34 matching lines @@
 
   // NOTE: If the left hand side produces a materialized value (not in
   // the CC register), we force the right hand side to do the
   // same. This is necessary because we may have to branch to the exit
   // after evaluating the left hand side (due to the shortcut
   // semantics), but the compiler must (statically) know if the result
   // of compiling the binary operation is materialized or not.
 
   if (op == Token::AND) {
     Label is_true;
-    LoadCondition(node->left(), CodeGenState::LOAD, &is_true,
+    LoadCondition(node->left(), NOT_INSIDE_TYPEOF, &is_true,
                   false_target(), false);
     if (has_cc()) {
       Branch(false, false_target());
 
       // Evaluate right side expression.
       __ bind(&is_true);
-      LoadCondition(node->right(), CodeGenState::LOAD, true_target(),
+      LoadCondition(node->right(), NOT_INSIDE_TYPEOF, true_target(),
                     false_target(), false);
 
     } else {
       Label pop_and_continue, exit;
 
       // Avoid popping the result if it converts to 'false' using the
       // standard ToBoolean() conversion as described in ECMA-262,
       // section 9.2, page 30.
        // Duplicate the TOS value. The duplicate will be popped by ToBoolean.
       __ mov(eax, TOS);
       __ push(eax);
       ToBoolean(&pop_and_continue, &exit);
       Branch(false, &exit);
 
       // Pop the result of evaluating the first part.
       __ bind(&pop_and_continue);
       __ pop(eax);
 
       // Evaluate right side expression.
       __ bind(&is_true);
       Load(node->right());
 
       // Exit (always with a materialized value).
       __ bind(&exit);
     }
 
   } else if (op == Token::OR) {
     Label is_false;
-    LoadCondition(node->left(), CodeGenState::LOAD, true_target(),
+    LoadCondition(node->left(), NOT_INSIDE_TYPEOF, true_target(),
                   &is_false, false);
     if (has_cc()) {
       Branch(true, true_target());
 
       // Evaluate right side expression.
       __ bind(&is_false);
-      LoadCondition(node->right(), CodeGenState::LOAD, true_target(),
+      LoadCondition(node->right(), NOT_INSIDE_TYPEOF, true_target(),
                     false_target(), false);
 
     } else {
       Label pop_and_continue, exit;
 
       // Avoid popping the result if it converts to 'true' using the
       // standard ToBoolean() conversion as described in ECMA-262,
       // section 9.2, page 30.
       // Duplicate the TOS value. The duplicate will be popped by ToBoolean.
       __ mov(eax, TOS);
@@ skipping 294 matching lines @@
   // call instruction to support patching the exit code in the
   // debugger. See VisitReturnStatement for the full return sequence.
   __ mov(esp, Operand(ebp));
   __ pop(ebp);
 }
 
 
 #undef __
 #define __ masm->
 
+Handle<String> Reference::GetName() {
+  ASSERT(type_ == NAMED);
+  Property* property = expression_->AsProperty();
+  if (property == NULL) {
+    // Global variable reference treated as a named property reference.
+    VariableProxy* proxy = expression_->AsVariableProxy();
+    ASSERT(proxy->AsVariable() != NULL);
+    ASSERT(proxy->AsVariable()->is_global());
+    return proxy->name();
+  } else {
+    MacroAssembler* masm = cgen_->masm();
+    __ RecordPosition(property->position());
+    Literal* raw_name = property->key()->AsLiteral();
+    ASSERT(raw_name != NULL);
+    return Handle<String>(String::cast(*raw_name->handle()));
+  }
+}
+
+
+void Reference::GetValue(TypeofState typeof_state) {
+  ASSERT(!is_illegal());
+  ASSERT(!cgen_->has_cc());
+  MacroAssembler* masm = cgen_->masm();
+  switch (type_) {
+    case SLOT: {
+      Comment cmnt(masm, "[ Load from Slot");
+      Slot* slot = expression_->AsVariableProxy()->AsVariable()->slot();
+      ASSERT(slot != NULL);
+      cgen_->LoadFromSlot(slot, typeof_state);
+      break;
+    }
+
+    case NAMED: {
+      // TODO(1241834): Make sure that this it is safe to ignore the
+      // distinction between expressions in a typeof and not in a typeof. If
+      // there is a chance that reference errors can be thrown below, we
+      // must distinguish between the two kinds of loads (typeof expression
+      // loads must not throw a reference error).
+      Comment cmnt(masm, "[ Load from named Property");
+      Handle<String> name(GetName());
+      Handle<Code> ic(Builtins::builtin(Builtins::LoadIC_Initialize));
+      // Setup the name register.
+      __ mov(ecx, name);
+
+      Variable* var = expression_->AsVariableProxy()->AsVariable();
+      if (var != NULL) {
+        ASSERT(var->is_global());
+        __ call(ic, RelocInfo::CODE_TARGET_CONTEXT);
+      } else {
+        __ call(ic, RelocInfo::CODE_TARGET);
+      }
+      __ push(eax);  // IC call leaves result in eax, push it out
+      break;
+    }
+
+    case KEYED: {
+      // TODO(1241834): Make sure that this it is safe to ignore the
+      // distinction between expressions in a typeof and not in a typeof.
+      Comment cmnt(masm, "[ Load from keyed Property");
+      Property* property = expression_->AsProperty();
+      ASSERT(property != NULL);
+      __ RecordPosition(property->position());
+      Handle<Code> ic(Builtins::builtin(Builtins::KeyedLoadIC_Initialize));
+
+      Variable* var = expression_->AsVariableProxy()->AsVariable();
+      if (var != NULL) {
+        ASSERT(var->is_global());
+        __ call(ic, RelocInfo::CODE_TARGET_CONTEXT);
+      } else {
+        __ call(ic, RelocInfo::CODE_TARGET);
+      }
+      __ push(eax);  // IC call leaves result in eax, push it out
+      break;
+    }
+
+    default:
+      UNREACHABLE();
+  }
+}
+
+
 void Reference::SetValue(InitState init_state) {
   ASSERT(!is_illegal());
   ASSERT(!cgen_->has_cc());
   MacroAssembler* masm = cgen_->masm();
   switch (type_) {
     case SLOT: {
       Comment cmnt(masm, "[ Store to Slot");
       Slot* slot = expression_->AsVariableProxy()->AsVariable()->slot();
       ASSERT(slot != NULL);
       if (slot->type() == Slot::LOOKUP) {
@@ skipping 62 matching lines @@
         // If we definitely did not jump over the assignment, we do not need
         // to bind the exit label.  Doing so can defeat peephole
         // optimization.
         if (init_state == CONST_INIT) __ bind(&exit);
       }
       break;
     }
 
     case NAMED: {
       Comment cmnt(masm, "[ Store to named Property");
-      Property* property = expression_->AsProperty();
-      Handle<String> name;
-      if (property == NULL) {
-        // Global variable reference treated as named property access.
-        VariableProxy* proxy = expression_->AsVariableProxy();
-        ASSERT(proxy->AsVariable() != NULL);
-        ASSERT(proxy->AsVariable()->is_global());
-        name = proxy->name();
-      } else {
-        Literal* raw_name = property->key()->AsLiteral();
-        ASSERT(raw_name != NULL);
-        name = Handle<String>(String::cast(*raw_name->handle()));
-        __ RecordPosition(property->position());
-      }
-
       // Call the appropriate IC code.
+      Handle<String> name(GetName());
       Handle<Code> ic(Builtins::builtin(Builtins::StoreIC_Initialize));
       // TODO(1222589): Make the IC grab the values from the stack.
       __ pop(eax);
       // Setup the name register.
       __ mov(ecx, name);
       __ call(ic, RelocInfo::CODE_TARGET);
       __ push(eax);  // IC call leaves result in eax, push it out
       break;
     }
 
@@ skipping 1121 matching lines @@
                                      bool is_eval) {
   Handle<Code> code = Ia32CodeGenerator::MakeCode(fun, script, is_eval);
   if (!code.is_null()) {
     Counters::total_compiled_code_size.Increment(code->instruction_size());
   }
   return code;
 }
 
 
 } }  // namespace v8::internal