Add a VirtualFrame class to the IA32 code generator. All frame...

src/codegen-ia32.cc

 // Copyright 2006-2008 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 17 matching lines @@
 #include "v8.h"
 
 #include "bootstrapper.h"
 #include "codegen-inl.h"
 #include "debug.h"
 #include "scopes.h"
 #include "runtime.h"
 
 namespace v8 { namespace internal {
 
-#define TOS (Operand(esp, 0))
+#define __ masm_->
+
+// -------------------------------------------------------------------------
+// VirtualFrame implementation.
+
+VirtualFrame::VirtualFrame(CodeGenerator* cgen) {
+  ASSERT(cgen->scope() != NULL);
+
+  masm_ = cgen->masm();
+  frame_local_count_ = cgen->scope()->num_stack_slots();
+  parameter_count_ = cgen->scope()->num_parameters();
+}
+
+
+void VirtualFrame::AllocateLocals() {
+  if (frame_local_count_ > 0) {
+    Comment cmnt(masm_, "[ Allocate space for locals");
+    __ Set(eax, Immediate(Factory::undefined_value()));
+    for (int i = 0; i < frame_local_count_; i++) {
+      __ push(eax);
+    }
+  }
+}
+
+
+void VirtualFrame::Drop(int count) {
+  ASSERT(count >= 0);
+  if (count > 0) {
+    __ add(Operand(esp), Immediate(count * kPointerSize));
+  }
+}
+
+
+void VirtualFrame::Pop(Register reg) {
+  __ pop(reg);
+}
+
+
+void VirtualFrame::Pop(Operand operand) {
+  __ pop(operand);
+}
+
+
+void VirtualFrame::Push(Register reg) {
+  __ push(reg);
+}
+
+
+void VirtualFrame::Push(Operand operand) {
+  __ push(operand);
+}
+
+
+void VirtualFrame::Push(Immediate immediate) {
+  __ push(immediate);
+}
 
 
 // -------------------------------------------------------------------------
 // CodeGenState implementation.
 
 CodeGenState::CodeGenState(CodeGenerator* owner)
     : owner_(owner),
       typeof_state_(NOT_INSIDE_TYPEOF),
       true_target_(NULL),
       false_target_(NULL),
@@ skipping 14 matching lines @@
   owner_->set_state(this);
 }
 
 
 CodeGenState::~CodeGenState() {
   ASSERT(owner_->state() == this);
   owner_->set_state(previous_);
 }
 
 
-// -----------------------------------------------------------------------------
+// -------------------------------------------------------------------------
 // CodeGenerator implementation
 
-#define __ masm_->
-
 CodeGenerator::CodeGenerator(int buffer_size, Handle<Script> script,
                              bool is_eval)
     : is_eval_(is_eval),
       script_(script),
       deferred_(8),
       masm_(new MacroAssembler(NULL, buffer_size)),
       scope_(NULL),
+      frame_(NULL),
       cc_reg_(no_condition),
       state_(NULL),
       is_inside_try_(false),
       break_stack_height_(0) {
 }
 
 
 // Calling conventions:
 // ebp: frame pointer
 // esp: stack pointer
 // edi: caller's parameter pointer
 // esi: callee's context
 
 void CodeGenerator::GenCode(FunctionLiteral* fun) {
   // Record the position for debugging purposes.
   __ RecordPosition(fun->start_position());
 
-  Scope* scope = fun->scope();
   ZoneList<Statement*>* body = fun->body();
 
   // Initialize state.
-  { CodeGenState state(this);
-    scope_ = scope;
-    cc_reg_ = no_condition;
+  ASSERT(scope_ == NULL);
+  scope_ = fun->scope();
+  ASSERT(frame_ == NULL);
+  VirtualFrame virtual_frame(this);
+  frame_ = &virtual_frame;
+  cc_reg_ = no_condition;
+  {
+    CodeGenState state(this);
 
     // Entry
     // stack: function, receiver, arguments, return address
     // esp: stack pointer
     // ebp: frame pointer
     // edi: caller's parameter pointer
     // esi: callee's context
 
-    { Comment cmnt(masm_, "[ enter JS frame");
-      EnterJSFrame();
-    }
+    frame_->Enter();
     // tos: code slot
 #ifdef DEBUG
     if (strlen(FLAG_stop_at) > 0 &&
         fun->name()->IsEqualTo(CStrVector(FLAG_stop_at))) {
       __ int3();
     }
 #endif
 
     // This section now only allocates and copies the formals into the
     // arguments object. It saves the address in ecx, which is saved
     // at any point before either garbage collection or ecx is
     // overwritten.  The flag arguments_array_allocated communicates
     // with the store into the arguments variable and guards the lazy
     // pushes of ecx to TOS.  The flag arguments_array_saved notes
     // when the push has happened.
     bool arguments_object_allocated = false;
     bool arguments_object_saved = false;
 
     // Allocate arguments object.
     // The arguments object pointer needs to be saved in ecx, since we need
     // to store arguments into the context.
-    if (scope->arguments() != NULL) {
-      ASSERT(scope->arguments_shadow() != NULL);
+    if (scope_->arguments() != NULL) {
+      ASSERT(scope_->arguments_shadow() != NULL);
       Comment cmnt(masm_, "[ allocate arguments object");
       ArgumentsAccessStub stub(ArgumentsAccessStub::NEW_OBJECT);
-      __ lea(eax, ReceiverOperand());
-      __ push(FunctionOperand());
-      __ push(eax);
-      __ push(Immediate(Smi::FromInt(scope->num_parameters())));
+      __ lea(eax, frame_->Receiver());
+      frame_->Push(frame_->Function());
+      frame_->Push(eax);
+      frame_->Push(Immediate(Smi::FromInt(scope_->num_parameters())));
       __ CallStub(&stub);
       __ mov(ecx, Operand(eax));
       arguments_object_allocated = true;
     }
 
     // Allocate space for locals and initialize them.
-    if (scope->num_stack_slots() > 0) {
-      Comment cmnt(masm_, "[ allocate space for locals");
-      __ Set(eax, Immediate(Factory::undefined_value()));
-      for (int i = scope->num_stack_slots(); i-- > 0; ) __ push(eax);
-    }
+    frame_->AllocateLocals();
 
-    if (scope->num_heap_slots() > 0) {
+    if (scope_->num_heap_slots() > 0) {
       Comment cmnt(masm_, "[ allocate local context");
       // Save the arguments object pointer, if any.
       if (arguments_object_allocated && !arguments_object_saved) {
-        __ push(Operand(ecx));
+        frame_->Push(ecx);
         arguments_object_saved = true;
       }
       // Allocate local context.
       // Get outer context and create a new context based on it.
-      __ push(FunctionOperand());
+      frame_->Push(frame_->Function());
       __ CallRuntime(Runtime::kNewContext, 1);  // eax holds the result
 
       if (kDebug) {
         Label verified_true;
         // Verify eax and esi are the same in debug mode
         __ cmp(eax, Operand(esi));
         __ j(equal, &verified_true);
         __ int3();
         __ bind(&verified_true);
       }
 
       // Update context local.
-      __ mov(Operand(ebp, StandardFrameConstants::kContextOffset), esi);
+      __ mov(frame_->Context(), esi);
       // Restore the arguments array pointer, if any.
     }
 
     // TODO(1241774): Improve this code:
     // 1) only needed if we have a context
     // 2) no need to recompute context ptr every single time
     // 3) don't copy parameter operand code from SlotOperand!
     {
       Comment cmnt2(masm_, "[ copy context parameters into .context");
 
       // Note that iteration order is relevant here! If we have the same
       // parameter twice (e.g., function (x, y, x)), and that parameter
       // needs to be copied into the context, it must be the last argument
       // passed to the parameter that needs to be copied. This is a rare
       // case so we don't check for it, instead we rely on the copying
       // order: such a parameter is copied repeatedly into the same
       // context location and thus the last value is what is seen inside
       // the function.
-      for (int i = 0; i < scope->num_parameters(); i++) {
-        Variable* par = scope->parameter(i);
+      for (int i = 0; i < scope_->num_parameters(); i++) {
+        Variable* par = scope_->parameter(i);
         Slot* slot = par->slot();
         if (slot != NULL && slot->type() == Slot::CONTEXT) {
           // Save the arguments object pointer, if any.
           if (arguments_object_allocated && !arguments_object_saved) {
-            __ push(Operand(ecx));
+            frame_->Push(ecx);
             arguments_object_saved = true;
           }
-          ASSERT(!scope->is_global_scope());  // no parameters in global scope
-          __ mov(eax, ParameterOperand(i));
+          ASSERT(!scope_->is_global_scope());  // no parameters in global scope
+          __ mov(eax, frame_->Parameter(i));
           // Loads ecx with context; used below in RecordWrite.
           __ mov(SlotOperand(slot, ecx), eax);
           int offset = FixedArray::kHeaderSize + slot->index() * kPointerSize;
           __ RecordWrite(ecx, offset, eax, ebx);
         }
       }
     }
 
     // This section stores the pointer to the arguments object that
     // was allocated and copied into above. If the address was not
     // saved to TOS, we push ecx onto the stack.
 
     // Store the arguments object.
     // This must happen after context initialization because
     // the arguments object may be stored in the context
     if (arguments_object_allocated) {
-      ASSERT(scope->arguments() != NULL);
-      ASSERT(scope->arguments_shadow() != NULL);
+      ASSERT(scope_->arguments() != NULL);
+      ASSERT(scope_->arguments_shadow() != NULL);
       Comment cmnt(masm_, "[ store arguments object");
-      { Reference shadow_ref(this, scope->arguments_shadow());
+      { Reference shadow_ref(this, scope_->arguments_shadow());
         ASSERT(shadow_ref.is_slot());
-        { Reference arguments_ref(this, scope->arguments());
+        { Reference arguments_ref(this, scope_->arguments());
           ASSERT(arguments_ref.is_slot());
           // If the newly-allocated arguments object is already on the
           // stack, we make use of the convenient property that references
           // representing slots take up no space on the expression stack
           // (ie, it doesn't matter that the stored value is actually below
           // the reference).
           //
           // If the newly-allocated argument object is not already on
           // the stack, we rely on the property that loading a
           // zero-sized reference will not clobber the ecx register.
           if (!arguments_object_saved) {
-            __ push(ecx);
+            frame_->Push(ecx);
           }
           arguments_ref.SetValue(NOT_CONST_INIT);
         }
         shadow_ref.SetValue(NOT_CONST_INIT);
       }
-      __ pop(eax);  // Value is no longer needed.
+      frame_->Pop(eax);  // Value is no longer needed.

[iposva, 2008/10/10 12:53:02]

If the value is really no longer needed the there should also be a Pop()
operation that takes no target register and just pops the value from the virtual
frame without causing memory traffic. In the current implementation this could
translate to add(sp, sp, 4).

I understand that Pop() is equivalent to Drop(1), but it is sort of more
readable in these situations.

     }
 
     // Generate code to 'execute' declarations and initialize
     // functions (source elements). In case of an illegal
     // redeclaration we need to handle that instead of processing the
     // declarations.
-    if (scope->HasIllegalRedeclaration()) {
+    if (scope_->HasIllegalRedeclaration()) {
       Comment cmnt(masm_, "[ illegal redeclarations");
-      scope->VisitIllegalRedeclaration(this);
+      scope_->VisitIllegalRedeclaration(this);
     } else {
       Comment cmnt(masm_, "[ declarations");
-      ProcessDeclarations(scope->declarations());
+      ProcessDeclarations(scope_->declarations());
       // Bail out if a stack-overflow exception occurred when
       // processing declarations.
       if (HasStackOverflow()) return;
     }
 
     if (FLAG_trace) {
       __ CallRuntime(Runtime::kTraceEnter, 1);
-      __ push(eax);
+      frame_->Push(eax);
     }
     CheckStack();
 
     // Compile the body of the function in a vanilla state. Don't
     // bother compiling all the code if the scope has an illegal
     // redeclaration.
-    if (!scope->HasIllegalRedeclaration()) {
+    if (!scope_->HasIllegalRedeclaration()) {
       Comment cmnt(masm_, "[ function body");
 #ifdef DEBUG
       bool is_builtin = Bootstrapper::IsActive();
       bool should_trace =
           is_builtin ? FLAG_trace_builtin_calls : FLAG_trace_calls;
       if (should_trace) {
         __ CallRuntime(Runtime::kDebugTrace, 1);
-        __ push(eax);
+        frame_->Push(eax);
       }
 #endif
       VisitStatements(body);
 
       // Generate a return statement if necessary.
       if (body->is_empty() || body->last()->AsReturnStatement() == NULL) {
         Literal undefined(Factory::undefined_value());
         ReturnStatement statement(&undefined);
         statement.set_statement_pos(fun->end_position());
         VisitReturnStatement(&statement);
       }
     }
   }
 
   // Code generation state must be reset.
   scope_ = NULL;
+  frame_ = NULL;
   ASSERT(!has_cc());
   ASSERT(state_ == NULL);
 }
 
 
 Operand CodeGenerator::SlotOperand(Slot* slot, Register tmp) {
   // Currently, this assertion will fail if we try to assign to
   // a constant variable that is constant because it is read-only
   // (such as the variable referring to a named function expression).
   // We need to implement assignments to read-only variables.
   // Ideally, we should do this during AST generation (by converting
   // such assignments into expression statements); however, in general
   // we may not be able to make the decision until past AST generation,
   // that is when the entire program is known.
   ASSERT(slot != NULL);
   int index = slot->index();
   switch (slot->type()) {
     case Slot::PARAMETER:
-      return ParameterOperand(index);
+      return frame_->Parameter(index);
 
-    case Slot::LOCAL: {
-      ASSERT(0 <= index && index < scope()->num_stack_slots());
-      const int kLocal0Offset = JavaScriptFrameConstants::kLocal0Offset;
-      return Operand(ebp, kLocal0Offset - index * kPointerSize);
-    }
+    case Slot::LOCAL:
+      return frame_->Local(index);
 
     case Slot::CONTEXT: {
       // Follow the context chain if necessary.
       ASSERT(!tmp.is(esi));  // do not overwrite context register
       Register context = esi;
       int chain_length = scope()->ContextChainLength(slot->var()->scope());
       for (int i = chain_length; i-- > 0;) {
         // Load the closure.
         // (All contexts, even 'with' contexts, have a closure,
         // and it is the same for all contexts inside a function.
@@ skipping 46 matching lines @@
 void CodeGenerator::Load(Expression* x, TypeofState typeof_state) {
   Label true_target;
   Label false_target;
   LoadCondition(x, typeof_state, &true_target, &false_target, false);
 
   if (has_cc()) {
     // convert cc_reg_ into a bool
 
     Label loaded, materialize_true;
     __ j(cc_reg_, &materialize_true);
-    __ push(Immediate(Factory::false_value()));
+    frame_->Push(Immediate(Factory::false_value()));
     __ jmp(&loaded);
     __ bind(&materialize_true);
-    __ push(Immediate(Factory::true_value()));
+    frame_->Push(Immediate(Factory::true_value()));
     __ bind(&loaded);
     cc_reg_ = no_condition;
   }
 
   if (true_target.is_linked() || false_target.is_linked()) {
     // we have at least one condition value
     // that has been "translated" into a branch,
     // thus it needs to be loaded explicitly again
     Label loaded;
     __ jmp(&loaded);  // don't lose current TOS
     bool both = true_target.is_linked() && false_target.is_linked();
     // reincarnate "true", if necessary
     if (true_target.is_linked()) {
       __ bind(&true_target);
-      __ push(Immediate(Factory::true_value()));
+      frame_->Push(Immediate(Factory::true_value()));
     }
     // if both "true" and "false" need to be reincarnated,
     // jump across code for "false"
     if (both)
       __ jmp(&loaded);
     // reincarnate "false", if necessary
     if (false_target.is_linked()) {
       __ bind(&false_target);
-      __ push(Immediate(Factory::false_value()));
+      frame_->Push(Immediate(Factory::false_value()));
     }
     // everything is loaded at this point
     __ bind(&loaded);
   }
   ASSERT(!has_cc());
 }
 
 
 void CodeGenerator::LoadGlobal() {
-  __ push(GlobalObject());
+  frame_->Push(GlobalObject());
 }
 
 
 // TODO(1241834): Get rid of this function in favor of just using Load, now
 // that we have the INSIDE_TYPEOF typeof state. => Need to handle global
 // variables w/o reference errors elsewhere.
 void CodeGenerator::LoadTypeofExpression(Expression* x) {
   Variable* variable = x->AsVariableProxy()->AsVariable();
   if (variable != NULL && !variable->is_this() && variable->is_global()) {
     // NOTE: This is somewhat nasty. We force the compiler to load
@@ skipping 64 matching lines @@
 }
 
 
 void CodeGenerator::UnloadReference(Reference* ref) {
   // Pop a reference from the stack while preserving TOS.
   Comment cmnt(masm_, "[ UnloadReference");
   int size = ref->size();
   if (size <= 0) {
     // Do nothing. No popping is necessary.
   } else if (size == 1) {
-    __ pop(eax);
-    __ mov(TOS, eax);
+    frame_->Pop(eax);
+    __ mov(frame_->Top(), eax);
   } else {
-    __ pop(eax);
-    __ add(Operand(esp), Immediate(size * kPointerSize));
-    __ push(eax);
+    frame_->Pop(eax);
+    frame_->Drop(size);
+    frame_->Push(eax);
   }
 }
 
 
 class ToBooleanStub: public CodeStub {
  public:
   ToBooleanStub() { }
 
   void Generate(MacroAssembler* masm);
 
  private:
   Major MajorKey() { return ToBoolean; }
   int MinorKey() { return 0; }
 };
 
 
 // ECMA-262, section 9.2, page 30: ToBoolean(). Pop the top of stack and
 // convert it to a boolean in the condition code register or jump to
 // 'false_target'/'true_target' as appropriate.
 void CodeGenerator::ToBoolean(Label* true_target, Label* false_target) {
   Comment cmnt(masm_, "[ ToBoolean");
 
   // The value to convert should be popped from the stack.
-  __ pop(eax);
+  frame_->Pop(eax);
 
   // Fast case checks.
 
   // 'false' => false.
   __ cmp(eax, Factory::false_value());
   __ j(equal, false_target);
 
   // 'true' => true.
   __ cmp(eax, Factory::true_value());
   __ j(equal, true_target);
 
   // 'undefined' => false.
   __ cmp(eax, Factory::undefined_value());
   __ j(equal, false_target);
 
   // Smi => false iff zero.
   ASSERT(kSmiTag == 0);
   __ test(eax, Operand(eax));
   __ j(zero, false_target);
   __ test(eax, Immediate(kSmiTagMask));
   __ j(zero, true_target);
 
   // Call the stub for all other cases.
-  __ push(eax);  // Undo the pop(eax) from above.
+  frame_->Push(eax);  // Undo the pop(eax) from above.
   ToBooleanStub stub;
   __ CallStub(&stub);
   // Convert result (eax) to condition code.
   __ test(eax, Operand(eax));
 
   ASSERT(not_equal == not_zero);
   cc_reg_ = not_equal;
 }
 
 
@@ skipping 74 matching lines @@
   Comment cmnt(masm_, "[ BinaryOperation");
   Comment cmnt_token(masm_, Token::String(op));
   switch (op) {
     case Token::ADD:
     case Token::SUB:
     case Token::MUL:
     case Token::DIV:
     case Token::MOD: {
       GenericBinaryOpStub stub(op, overwrite_mode);
       __ CallStub(&stub);
-      __ push(eax);
+      frame_->Push(eax);
       break;
     }
     case Token::BIT_OR:
     case Token::BIT_AND:
     case Token::BIT_XOR: {
       Label slow, exit;
-      __ pop(eax);  // get y
-      __ pop(edx);  // get x
+      frame_->Pop(eax);  // get y
+      frame_->Pop(edx);  // get x
       __ mov(ecx, Operand(edx));  // Prepare smi check.
       // tag check
       __ or_(ecx, Operand(eax));  // ecx = x | y;
       ASSERT(kSmiTag == 0);  // adjust code below
       __ test(ecx, Immediate(kSmiTagMask));
       __ j(not_zero, &slow, taken);
       switch (op) {
         case Token::BIT_OR:  __ or_(eax, Operand(edx)); break;
         case Token::BIT_AND: __ and_(eax, Operand(edx)); break;
         case Token::BIT_XOR: __ xor_(eax, Operand(edx)); break;
         default: UNREACHABLE();
       }
       __ jmp(&exit);
       __ bind(&slow);
-      __ push(edx);  // restore stack slots
-      __ push(eax);
+      frame_->Push(edx);  // restore stack slots
+      frame_->Push(eax);
       GenericBinaryOpStub stub(op, overwrite_mode);
       __ CallStub(&stub);
       __ bind(&exit);
-      __ push(eax);  // push the result to the stack
+      frame_->Push(eax);  // push the result to the stack
       break;
     }
     case Token::SHL:
     case Token::SHR:
     case Token::SAR: {
       Label slow, exit;
-      __ pop(edx);  // get y
-      __ pop(eax);  // get x
+      frame_->Pop(edx);  // get y
+      frame_->Pop(eax);  // get x
       // tag check
       __ mov(ecx, Operand(edx));
       __ or_(ecx, Operand(eax));  // ecx = x | y;
       ASSERT(kSmiTag == 0);  // adjust code below
       __ test(ecx, Immediate(kSmiTagMask));
       __ j(not_zero, &slow, not_taken);
       // get copies of operands
       __ mov(ebx, Operand(eax));
       __ mov(ecx, Operand(edx));
       // remove tags from operands (but keep sign)
@@ skipping 24 matching lines @@
           __ j(not_zero, &slow, not_taken);
           break;
         default: UNREACHABLE();
       }
       // tag result and store it in TOS (eax)
       ASSERT(kSmiTagSize == times_2);  // adjust code if not the case
       __ lea(eax, Operand(ebx, times_2, kSmiTag));
       __ jmp(&exit);
       // slow case
       __ bind(&slow);
-      __ push(eax);  // restore stack
-      __ push(edx);
+      frame_->Push(eax);  // restore stack
+      frame_->Push(edx);
         GenericBinaryOpStub stub(op, overwrite_mode);
       __ CallStub(&stub);
       __ bind(&exit);
-      __ push(eax);
+      frame_->Push(eax);
       break;
     }
     case Token::COMMA: {
       // simply discard left value
-      __ pop(eax);
-      __ add(Operand(esp), Immediate(kPointerSize));
-      __ push(eax);
+      frame_->Pop(eax);
+      frame_->Drop(1);
+      frame_->Push(eax);
       break;
     }
     default: UNREACHABLE();
   }
 }
 
 
 class DeferredInlinedSmiOperation: public DeferredCode {
  public:
   DeferredInlinedSmiOperation(CodeGenerator* generator,
@@ skipping 120 matching lines @@
                                 OverwriteMode overwrite_mode) :
       DeferredCode(generator), tos_reg_(tos_reg),
       overwrite_mode_(overwrite_mode) {
     set_comment("[ DeferredInlinedSmiSubReversed");
   }
 
   virtual void Generate() {
     // Undo the optimistic sub operation and call the shared stub.
     __ add(eax, Operand(tos_reg_));
     __ push(eax);
-    __ push(Operand(tos_reg_));
+    __ push(tos_reg_);
     GenericBinaryOpStub igostub(Token::SUB, overwrite_mode_);
     __ CallStub(&igostub);
   }
 
  private:
   Register tos_reg_;
   OverwriteMode overwrite_mode_;
 };
 
 
 void CodeGenerator::SmiOperation(Token::Value op,
-                                     Handle<Object> value,
-                                     bool reversed,
-                                     OverwriteMode overwrite_mode) {
+                                 Handle<Object> value,
+                                 bool reversed,
+                                 OverwriteMode overwrite_mode) {
   // NOTE: This is an attempt to inline (a bit) more of the code for
   // some possible smi operations (like + and -) when (at least) one
   // of the operands is a literal smi. With this optimization, the
   // performance of the system is increased by ~15%, and the generated
   // code size is increased by ~1% (measured on a combination of
   // different benchmarks).
 
   // TODO(1217802): Optimize some special cases of operations
   // involving a smi literal (multiply by 2, shift by 0, etc.).
 
   // Get the literal value.
   int int_value = Smi::cast(*value)->value();
   ASSERT(is_intn(int_value, kMaxSmiInlinedBits));
 
   switch (op) {
     case Token::ADD: {
       DeferredCode* deferred = NULL;
       if (!reversed) {
         deferred = new DeferredInlinedSmiAdd(this, int_value, overwrite_mode);
       } else {
         deferred = new DeferredInlinedSmiAddReversed(this, int_value,
                                                      overwrite_mode);
       }
-      __ pop(eax);
+      frame_->Pop(eax);
       __ add(Operand(eax), Immediate(value));
       __ j(overflow, deferred->enter(), not_taken);
       __ test(eax, Immediate(kSmiTagMask));
       __ j(not_zero, deferred->enter(), not_taken);
       __ bind(deferred->exit());
-      __ push(eax);
+      frame_->Push(eax);
       break;
     }
 
     case Token::SUB: {
       DeferredCode* deferred = NULL;
-      __ pop(eax);
+      frame_->Pop(eax);
       if (!reversed) {
         deferred = new DeferredInlinedSmiSub(this, int_value, overwrite_mode);
         __ sub(Operand(eax), Immediate(value));
       } else {
         deferred = new DeferredInlinedSmiSubReversed(this, edx, overwrite_mode);
         __ mov(edx, Operand(eax));
         __ mov(Operand(eax), Immediate(value));
         __ sub(eax, Operand(edx));
       }
       __ j(overflow, deferred->enter(), not_taken);
       __ test(eax, Immediate(kSmiTagMask));
       __ j(not_zero, deferred->enter(), not_taken);
       __ bind(deferred->exit());
-      __ push(eax);
+      frame_->Push(eax);
       break;
     }
 
     case Token::SAR: {
       if (reversed) {
-        __ pop(eax);
-        __ push(Immediate(value));
-        __ push(eax);
+        frame_->Pop(eax);
+        frame_->Push(Immediate(value));
+        frame_->Push(eax);
         GenericBinaryOperation(op, overwrite_mode);
       } else {
         int shift_value = int_value & 0x1f;  // only least significant 5 bits
         DeferredCode* deferred =
           new DeferredInlinedSmiOperation(this, Token::SAR, shift_value,
                                           overwrite_mode);
-        __ pop(eax);
+        frame_->Pop(eax);
         __ test(eax, Immediate(kSmiTagMask));
         __ j(not_zero, deferred->enter(), not_taken);
         __ sar(eax, shift_value);
         __ and_(eax, ~kSmiTagMask);
         __ bind(deferred->exit());
-        __ push(eax);
+        frame_->Push(eax);
       }
       break;
     }
 
     case Token::SHR: {
       if (reversed) {
-        __ pop(eax);
-        __ push(Immediate(value));
-        __ push(eax);
+        frame_->Pop(eax);
+        frame_->Push(Immediate(value));
+        frame_->Push(eax);
         GenericBinaryOperation(op, overwrite_mode);
       } else {
         int shift_value = int_value & 0x1f;  // only least significant 5 bits
         DeferredCode* deferred =
         new DeferredInlinedSmiOperation(this, Token::SHR, shift_value,
                                         overwrite_mode);
-        __ pop(eax);
+        frame_->Pop(eax);
         __ test(eax, Immediate(kSmiTagMask));
         __ mov(ebx, Operand(eax));
         __ j(not_zero, deferred->enter(), not_taken);
         __ sar(ebx, kSmiTagSize);
         __ shr(ebx, shift_value);
         __ test(ebx, Immediate(0xc0000000));
         __ j(not_zero, deferred->enter(), not_taken);
         // tag result and store it in TOS (eax)
         ASSERT(kSmiTagSize == times_2);  // adjust code if not the case
         __ lea(eax, Operand(ebx, times_2, kSmiTag));
         __ bind(deferred->exit());
-        __ push(eax);
+        frame_->Push(eax);
       }
       break;
     }
 
     case Token::SHL: {
       if (reversed) {
-        __ pop(eax);
-        __ push(Immediate(value));
-        __ push(eax);
+        frame_->Pop(eax);
+        frame_->Push(Immediate(value));
+        frame_->Push(eax);
         GenericBinaryOperation(op, overwrite_mode);
       } else {
         int shift_value = int_value & 0x1f;  // only least significant 5 bits
         DeferredCode* deferred =
         new DeferredInlinedSmiOperation(this, Token::SHL, shift_value,
                                         overwrite_mode);
-        __ pop(eax);
+        frame_->Pop(eax);
         __ test(eax, Immediate(kSmiTagMask));
         __ mov(ebx, Operand(eax));
         __ j(not_zero, deferred->enter(), not_taken);
         __ sar(ebx, kSmiTagSize);
         __ shl(ebx, shift_value);
         __ lea(ecx, Operand(ebx, 0x40000000));
         __ test(ecx, Immediate(0x80000000));
         __ j(not_zero, deferred->enter(), not_taken);
         // tag result and store it in TOS (eax)
         ASSERT(kSmiTagSize == times_2);  // adjust code if not the case
         __ lea(eax, Operand(ebx, times_2, kSmiTag));
         __ bind(deferred->exit());
-        __ push(eax);
+        frame_->Push(eax);
       }
       break;
     }
 
     case Token::BIT_OR:
     case Token::BIT_XOR:
     case Token::BIT_AND: {
       DeferredCode* deferred = NULL;
       if (!reversed) {
         deferred =  new DeferredInlinedSmiOperation(this, op, int_value,
                                                     overwrite_mode);
       } else {
         deferred = new DeferredInlinedSmiOperationReversed(this, op, int_value,
                                                            overwrite_mode);
       }
-      __ pop(eax);
+      frame_->Pop(eax);
       __ test(eax, Immediate(kSmiTagMask));
       __ j(not_zero, deferred->enter(), not_taken);
       if (op == Token::BIT_AND) {
         __ and_(Operand(eax), Immediate(value));
       } else if (op == Token::BIT_XOR) {
         __ xor_(Operand(eax), Immediate(value));
       } else {
         ASSERT(op == Token::BIT_OR);
         __ or_(Operand(eax), Immediate(value));
       }
       __ bind(deferred->exit());
-      __ push(eax);
+      frame_->Push(eax);
       break;
     }
 
     default: {
       if (!reversed) {
-        __ push(Immediate(value));
+        frame_->Push(Immediate(value));
       } else {
-        __ pop(eax);
-        __ push(Immediate(value));
-        __ push(eax);
+        frame_->Pop(eax);
+        frame_->Push(Immediate(value));
+        frame_->Push(eax);
       }
       GenericBinaryOperation(op, overwrite_mode);
       break;
     }
   }
 }
 
 
 class CompareStub: public CodeStub {
  public:
@@ skipping 23 matching lines @@
 };
 
 
 void CodeGenerator::Comparison(Condition cc, bool strict) {
   // Strict only makes sense for equality comparisons.
   ASSERT(!strict || cc == equal);
 
   // Implement '>' and '<=' by reversal to obtain ECMA-262 conversion order.
   if (cc == greater || cc == less_equal) {
     cc = ReverseCondition(cc);
-    __ pop(edx);
-    __ pop(eax);
+    frame_->Pop(edx);
+    frame_->Pop(eax);
   } else {
-    __ pop(eax);
-    __ pop(edx);
+    frame_->Pop(eax);
+    frame_->Pop(edx);
   }
 
   // Check for the smi case.
   Label is_smi, done;
   __ mov(ecx, Operand(eax));
   __ or_(ecx, Operand(edx));
   __ test(ecx, Immediate(kSmiTagMask));
   __ j(zero, &is_smi, taken);
 
   // When non-smi, call out to the compare stub.  "parameters" setup by
@@ skipping 50 matching lines @@
                                       Handle<Object> value,
                                       bool strict) {
   // Strict only makes sense for equality comparisons.
   ASSERT(!strict || cc == equal);
 
   int int_value = Smi::cast(*value)->value();
   ASSERT(is_intn(int_value, kMaxSmiInlinedBits));
 
   SmiComparisonDeferred* deferred =
       new SmiComparisonDeferred(this, cc, strict, int_value);
-  __ pop(eax);
+  frame_->Pop(eax);
   __ test(eax, Immediate(kSmiTagMask));
   __ j(not_zero, deferred->enter(), not_taken);
   // Test smi equality by pointer comparison.
   __ cmp(Operand(eax), Immediate(value));
   __ bind(deferred->exit());
   cc_reg_ = cc;
 }
 
 
 class CallFunctionStub: public CodeStub {
@@ skipping 24 matching lines @@
   }
 
   // Record the position for debugging purposes.
   __ RecordPosition(position);
 
   // Use the shared code stub to call the function.
   CallFunctionStub call_function(args->length());
   __ CallStub(&call_function);
 
   // Restore context and pop function from the stack.
-  __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
-  __ mov(TOS, eax);
+  __ mov(esi, frame_->Context());
+  __ mov(frame_->Top(), eax);
 }
 
 
 void CodeGenerator::Branch(bool if_true, Label* L) {
   ASSERT(has_cc());
   Condition cc = if_true ? cc_reg_ : NegateCondition(cc_reg_);
   __ j(cc, L);
   cc_reg_ = no_condition;
 }
 
@@ skipping 15 matching lines @@
 void CodeGenerator::VisitBlock(Block* node) {
   Comment cmnt(masm_, "[ Block");
   RecordStatementPosition(node);
   node->set_break_stack_height(break_stack_height_);
   VisitStatements(node->statements());
   __ bind(node->break_target());
 }
 
 
 void CodeGenerator::DeclareGlobals(Handle<FixedArray> pairs) {
-  __ push(Immediate(pairs));
-  __ push(Operand(esi));
-  __ push(Immediate(Smi::FromInt(is_eval() ? 1 : 0)));
+  frame_->Push(Immediate(pairs));
+  frame_->Push(esi);
+  frame_->Push(Immediate(Smi::FromInt(is_eval() ? 1 : 0)));
   __ CallRuntime(Runtime::kDeclareGlobals, 3);
   // Return value is ignored.
 }
 
 
 void CodeGenerator::VisitDeclaration(Declaration* node) {
   Comment cmnt(masm_, "[ Declaration");
   Variable* var = node->proxy()->var();
   ASSERT(var != NULL);  // must have been resolved
   Slot* slot = var->slot();
 
   // If it was not possible to allocate the variable at compile time,
   // we need to "declare" it at runtime to make sure it actually
   // exists in the local context.
   if (slot != NULL && slot->type() == Slot::LOOKUP) {
     // Variables with a "LOOKUP" slot were introduced as non-locals
     // during variable resolution and must have mode DYNAMIC.
     ASSERT(var->mode() == Variable::DYNAMIC);
     // For now, just do a runtime call.
-    __ push(Operand(esi));
-    __ push(Immediate(var->name()));
+    frame_->Push(esi);
+    frame_->Push(Immediate(var->name()));
     // Declaration nodes are always introduced in one of two modes.
     ASSERT(node->mode() == Variable::VAR || node->mode() == Variable::CONST);
     PropertyAttributes attr = node->mode() == Variable::VAR ? NONE : READ_ONLY;
-    __ push(Immediate(Smi::FromInt(attr)));
+    frame_->Push(Immediate(Smi::FromInt(attr)));
     // Push initial value, if any.
     // Note: For variables we must not push an initial value (such as
     // 'undefined') because we may have a (legal) redeclaration and we
     // must not destroy the current value.
     if (node->mode() == Variable::CONST) {
-      __ push(Immediate(Factory::the_hole_value()));
+      frame_->Push(Immediate(Factory::the_hole_value()));
     } else if (node->fun() != NULL) {
       Load(node->fun());
     } else {
-      __ push(Immediate(0));  // no initial value!
+      frame_->Push(Immediate(0));  // no initial value!
     }
     __ CallRuntime(Runtime::kDeclareContextSlot, 4);
     // Ignore the return value (declarations are statements).
     return;
   }
 
   ASSERT(!var->is_global());
 
   // If we have a function or a constant, we need to initialize the variable.
   Expression* val = NULL;
   if (node->mode() == Variable::CONST) {
     val = new Literal(Factory::the_hole_value());
   } else {
     val = node->fun();  // NULL if we don't have a function
   }
 
   if (val != NULL) {
     // Set initial value.
     Reference target(this, node->proxy());
     ASSERT(target.is_slot());
     Load(val);
     target.SetValue(NOT_CONST_INIT);
     // Get rid of the assigned value (declarations are statements).  It's
     // safe to pop the value lying on top of the reference before unloading
     // the reference itself (which preserves the top of stack) because we
     // know that it is a zero-sized reference.
-    __ pop(eax);  // Pop(no_reg);
+    frame_->Pop(eax);  // Pop(no_reg);

[iposva, 2008/10/10 12:53:02]

Another potential use of Pop()...

   }
 }
 
 
 void CodeGenerator::VisitExpressionStatement(ExpressionStatement* node) {
   Comment cmnt(masm_, "[ ExpressionStatement");
   RecordStatementPosition(node);
   Expression* expression = node->expression();
   expression->MarkAsStatement();
   Load(expression);
-  __ pop(eax);  // remove the lingering expression result from the top of stack
+  frame_->Pop(eax);  // remove the lingering expression result from the top of stack

[iposva, 2008/10/10 12:53:02]

And another potential use of Pop()...

 }
 
 
 void CodeGenerator::VisitEmptyStatement(EmptyStatement* node) {
   Comment cmnt(masm_, "// EmptyStatement");
   // nothing to do
 }
 
 
 void CodeGenerator::VisitIfStatement(IfStatement* node) {
@@ skipping 41 matching lines @@
 
   } else {
     ASSERT(!has_then_stm && !has_else_stm);
     // if (cond)
     LoadCondition(node->condition(), NOT_INSIDE_TYPEOF, &exit, &exit, false);
     if (has_cc()) {
       cc_reg_ = no_condition;
     } else {
       // No cc value set up, that means the boolean was pushed.
       // Pop it again, since it is not going to be used.
-      __ pop(eax);
+      frame_->Pop(eax);
     }
   }
 
   // end
   __ bind(&exit);
 }
 
 
 void CodeGenerator::CleanStack(int num_bytes) {
-  ASSERT(num_bytes >= 0);
-  if (num_bytes > 0) {
-    __ add(Operand(esp), Immediate(num_bytes));
-  }
+  ASSERT(num_bytes % kPointerSize == 0);
+  frame_->Drop(num_bytes / kPointerSize);
 }
 
 
 void CodeGenerator::VisitContinueStatement(ContinueStatement* node) {
   Comment cmnt(masm_, "[ ContinueStatement");
   RecordStatementPosition(node);
   CleanStack(break_stack_height_ - node->target()->break_stack_height());
   __ jmp(node->target()->continue_target());
 }
 
 
 void CodeGenerator::VisitBreakStatement(BreakStatement* node) {
   Comment cmnt(masm_, "[ BreakStatement");
   RecordStatementPosition(node);
   CleanStack(break_stack_height_ - node->target()->break_stack_height());
   __ jmp(node->target()->break_target());
 }
 
 
 void CodeGenerator::VisitReturnStatement(ReturnStatement* node) {
   Comment cmnt(masm_, "[ ReturnStatement");
   RecordStatementPosition(node);
   Load(node->expression());
 
   // Move the function result into eax
-  __ pop(eax);
+  frame_->Pop(eax);
 
   // If we're inside a try statement or the return instruction
   // sequence has been generated, we just jump to that
   // point. Otherwise, we generate the return instruction sequence and
   // bind the function return label.
   if (is_inside_try_ || function_return_.is_bound()) {
     __ jmp(&function_return_);
   } else {
     __ bind(&function_return_);
     if (FLAG_trace) {
-      __ push(eax);  // undo the pop(eax) from above
+      frame_->Push(eax);  // undo the pop(eax) from above
       __ CallRuntime(Runtime::kTraceExit, 1);
     }
 
     // Add a label for checking the size of the code used for returning.
     Label check_exit_codesize;
     __ bind(&check_exit_codesize);
 
     // Leave the frame and return popping the arguments and the
     // receiver.
-    ExitJSFrame();
+    frame_->Exit();
     __ ret((scope_->num_parameters() + 1) * kPointerSize);
 
     // Check that the size of the code used for returning matches what is
     // expected by the debugger.
     ASSERT_EQ(Debug::kIa32JSReturnSequenceLength,
               __ SizeOfCodeGeneratedSince(&check_exit_codesize));
   }
 }
 
 
 void CodeGenerator::VisitWithEnterStatement(WithEnterStatement* node) {
   Comment cmnt(masm_, "[ WithEnterStatement");
   RecordStatementPosition(node);
   Load(node->expression());
   __ CallRuntime(Runtime::kPushContext, 1);
 
   if (kDebug) {
     Label verified_true;
     // Verify eax and esi are the same in debug mode
     __ cmp(eax, Operand(esi));
     __ j(equal, &verified_true);
     __ int3();
     __ bind(&verified_true);
   }
 
   // Update context local.
-  __ mov(Operand(ebp, StandardFrameConstants::kContextOffset), esi);
+  __ mov(frame_->Context(), esi);
 }
 
 
 void CodeGenerator::VisitWithExitStatement(WithExitStatement* node) {
   Comment cmnt(masm_, "[ WithExitStatement");
   // Pop context.
   __ mov(esi, ContextOperand(esi, Context::PREVIOUS_INDEX));
   // Update context local.
-  __ mov(Operand(ebp, StandardFrameConstants::kContextOffset), esi);
+  __ mov(frame_->Context(), esi);
 }
 
 int CodeGenerator::FastCaseSwitchMaxOverheadFactor() {
     return kFastSwitchMaxOverheadFactor;
 }
 
 int CodeGenerator::FastCaseSwitchMinCaseCount() {
     return kFastSwitchMinCaseCount;
 }
 
 // Generate a computed jump to a switch case.
 void CodeGenerator::GenerateFastCaseSwitchJumpTable(
     SwitchStatement* node, int min_index, int range, Label *fail_label,
     SmartPointer<Label*> &case_targets, SmartPointer<Label> &case_labels) {
   // Notice: Internal references, used by both the jmp instruction and
   // the table entries, need to be relocated if the buffer grows. This
   // prevents the forward use of Labels, since a displacement cannot
   // survive relocation, and it also cannot safely be distinguished
   // from a real address.  Instead we put in zero-values as
   // placeholders, and fill in the addresses after the labels have been
   // bound.
 
-  __ pop(eax);  // supposed smi
+  frame_->Pop(eax);  // supposed smi
   // check range of value, if outside [0..length-1] jump to default/end label.
   ASSERT(kSmiTagSize == 1 && kSmiTag == 0);
   if (min_index != 0) {
     __ sub(Operand(eax), Immediate(min_index << kSmiTagSize));
   }
   __ test(eax, Immediate(0x80000000 | kSmiTagMask));  // negative or not Smi
   __ j(not_equal, fail_label, not_taken);
   __ cmp(eax, range << kSmiTagSize);
   __ j(greater_equal, fail_label, not_taken);
 
@@ skipping 45 matching lines @@
       // statements if it does not match any of the cases.
       __ jmp(&next);
 
       // Bind the default case label, so we can branch to it when we
       // have compared against all other cases.
       ASSERT(default_case.is_unused());  // at most one default clause
       __ bind(&default_case);
     } else {
       __ bind(&next);
       next.Unuse();
-      __ mov(eax, TOS);
-      __ push(eax);  // duplicate TOS
+      __ mov(eax, frame_->Top());
+      frame_->Push(eax);  // duplicate TOS
       Load(clause->label());
       Comparison(equal, true);
       Branch(false, &next);
     }
 
     // Entering the case statement for the first time. Remove the switch value
     // from the stack.
-    __ pop(eax);
+    frame_->Pop(eax);
 
     // Generate code for the body.
     // This is also the target for the fall through from the previous case's
     // statements which has to skip over the matching code and the popping of
     // the switch value.
     __ bind(&fall_through);
     fall_through.Unuse();
     VisitStatements(clause->statements());
     __ jmp(&fall_through);
   }
 
   __ bind(&next);
   // Reached the end of the case statements without matching any of the cases.
   if (default_case.is_bound()) {
     // A default case exists -> execute its statements.
     __ jmp(&default_case);
   } else {
     // Remove the switch value from the stack.
-    __ pop(eax);
+    frame_->Pop(eax);
   }
 
   __ bind(&fall_through);
   __ bind(node->break_target());
 }
 
 
 void CodeGenerator::VisitLoopStatement(LoopStatement* node) {
   Comment cmnt(masm_, "[ LoopStatement");
   RecordStatementPosition(node);
@@ skipping 75 matching lines @@
   node->set_break_stack_height(break_stack_height_);
 
   Label loop, next, entry, cleanup, exit, primitive, jsobject;
   Label end_del_check, fixed_array;
 
   // Get the object to enumerate over (converted to JSObject).
   Load(node->enumerable());
 
   // Both SpiderMonkey and kjs ignore null and undefined in contrast
   // to the specification.  12.6.4 mandates a call to ToObject.
-  __ pop(eax);
+  frame_->Pop(eax);
 
   // eax: value to be iterated over
   __ cmp(eax, Factory::undefined_value());
   __ j(equal, &exit);
   __ cmp(eax, Factory::null_value());
   __ j(equal, &exit);
 
   // Stack layout in body:
   // [iteration counter (smi)] <- slot 0
   // [length of array]         <- slot 1
   // [FixedArray]              <- slot 2
   // [Map or 0]                <- slot 3
   // [Object]                  <- slot 4
 
   // Check if enumerable is already a JSObject
   // eax: value to be iterated over
   __ test(eax, Immediate(kSmiTagMask));
   __ j(zero, &primitive);
   __ mov(ecx, FieldOperand(eax, HeapObject::kMapOffset));
   __ movzx_b(ecx, FieldOperand(ecx, Map::kInstanceTypeOffset));
   __ cmp(ecx, FIRST_JS_OBJECT_TYPE);
   __ j(above_equal, &jsobject);
 
   __ bind(&primitive);
-  __ push(eax);
+  frame_->Push(eax);
   __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION);
   // function call returns the value in eax, which is where we want it below
 
 
   __ bind(&jsobject);
 
   // Get the set of properties (as a FixedArray or Map).
   // eax: value to be iterated over
-  __ push(eax);  // push the object being iterated over (slot 4)
+  frame_->Push(eax);  // push the object being iterated over (slot 4)
 
-  __ push(eax);  // push the Object (slot 4) for the runtime call
+  frame_->Push(eax);  // push the Object (slot 4) for the runtime call
   __ CallRuntime(Runtime::kGetPropertyNamesFast, 1);
 
   // If we got a Map, we can do a fast modification check.
   // Otherwise, we got a FixedArray, and we have to do a slow check.
   // eax: map or fixed array (result from call to
   // Runtime::kGetPropertyNamesFast)
   __ mov(edx, Operand(eax));
   __ mov(ecx, FieldOperand(edx, HeapObject::kMapOffset));
   __ cmp(ecx, Factory::meta_map());
   __ j(not_equal, &fixed_array);
 
   // Get enum cache
   // eax: map (result from call to Runtime::kGetPropertyNamesFast)
   __ mov(ecx, Operand(eax));
   __ mov(ecx, FieldOperand(ecx, Map::kInstanceDescriptorsOffset));
   // Get the bridge array held in the enumeration index field.
   __ mov(ecx, FieldOperand(ecx, DescriptorArray::kEnumerationIndexOffset));
   // Get the cache from the bridge array.
   __ mov(edx, FieldOperand(ecx, DescriptorArray::kEnumCacheBridgeCacheOffset));
 
-  __ push(eax);  // <- slot 3
-  __ push(Operand(edx));  // <- slot 2
+  frame_->Push(eax);  // <- slot 3
+  frame_->Push(edx);  // <- slot 2
   __ mov(eax, FieldOperand(edx, FixedArray::kLengthOffset));
   __ shl(eax, kSmiTagSize);
-  __ push(eax);  // <- slot 1
-  __ push(Immediate(Smi::FromInt(0)));  // <- slot 0
+  frame_->Push(eax);  // <- slot 1
+  frame_->Push(Immediate(Smi::FromInt(0)));  // <- slot 0
   __ jmp(&entry);
 
 
   __ bind(&fixed_array);
 
   // eax: fixed array (result from call to Runtime::kGetPropertyNamesFast)
-  __ push(Immediate(Smi::FromInt(0)));  // <- slot 3
-  __ push(eax);  // <- slot 2
+  frame_->Push(Immediate(Smi::FromInt(0)));  // <- slot 3
+  frame_->Push(eax);  // <- slot 2
 
   // Push the length of the array and the initial index onto the stack.
   __ mov(eax, FieldOperand(eax, FixedArray::kLengthOffset));
   __ shl(eax, kSmiTagSize);
-  __ push(eax);  // <- slot 1
-  __ push(Immediate(Smi::FromInt(0)));  // <- slot 0
+  frame_->Push(eax);  // <- slot 1
+  frame_->Push(Immediate(Smi::FromInt(0)));  // <- slot 0
   __ jmp(&entry);
 
   // Body.
   __ bind(&loop);
   Visit(node->body());
 
   // Next.
   __ bind(node->continue_target());
   __ bind(&next);
-  __ pop(eax);
+  frame_->Pop(eax);
   __ add(Operand(eax), Immediate(Smi::FromInt(1)));
-  __ push(eax);
+  frame_->Push(eax);
 
   // Condition.
   __ bind(&entry);
 
-  __ mov(eax, Operand(esp, 0 * kPointerSize));  // load the current count
-  __ cmp(eax, Operand(esp, kPointerSize));  // compare to the array length
+  __ mov(eax, frame_->Element(0));  // load the current count
+  __ cmp(eax, frame_->Element(1));  // compare to the array length
   __ j(above_equal, &cleanup);
 
   // Get the i'th entry of the array.
-  __ mov(edx, Operand(esp, 2 * kPointerSize));
+  __ mov(edx, frame_->Element(2));
   __ mov(ebx, Operand(edx, eax, times_2,
                       FixedArray::kHeaderSize - kHeapObjectTag));
 
   // Get the expected map from the stack or a zero map in the
   // permanent slow case eax: current iteration count ebx: i'th entry
   // of the enum cache
-  __ mov(edx, Operand(esp, 3 * kPointerSize));
+  __ mov(edx, frame_->Element(3));
   // Check if the expected map still matches that of the enumerable.
   // If not, we have to filter the key.
   // eax: current iteration count
   // ebx: i'th entry of the enum cache
   // edx: expected map value
-  __ mov(ecx, Operand(esp, 4 * kPointerSize));
+  __ mov(ecx, frame_->Element(4));
   __ mov(ecx, FieldOperand(ecx, HeapObject::kMapOffset));
   __ cmp(ecx, Operand(edx));
   __ j(equal, &end_del_check);
 
   // Convert the entry to a string (or null if it isn't a property anymore).
-  __ push(Operand(esp, 4 * kPointerSize));  // push enumerable
-  __ push(Operand(ebx));  // push entry
+  frame_->Push(frame_->Element(4));  // push enumerable
+  frame_->Push(ebx);  // push entry
   __ InvokeBuiltin(Builtins::FILTER_KEY, CALL_FUNCTION);
   __ mov(ebx, Operand(eax));
 
   // If the property has been removed while iterating, we just skip it.
   __ cmp(ebx, Factory::null_value());
   __ j(equal, &next);
 
 
   __ bind(&end_del_check);
 
   // Store the entry in the 'each' expression and take another spin in the loop.
   // edx: i'th entry of the enum cache (or string there of)
-  __ push(ebx);
+  frame_->Push(ebx);
   { Reference each(this, node->each());
     if (!each.is_illegal()) {
       if (each.size() > 0) {
-        __ push(Operand(esp, kPointerSize * each.size()));
+        frame_->Push(frame_->Element(each.size()));
       }
       // If the reference was to a slot we rely on the convenient property
       // that it doesn't matter whether a value (eg, ebx pushed above) is
       // right on top of or right underneath a zero-sized reference.
       each.SetValue(NOT_CONST_INIT);
       if (each.size() > 0) {
         // It's safe to pop the value lying on top of the reference before
         // unloading the reference itself (which preserves the top of stack,
         // ie, now the topmost value of the non-zero sized reference), since
         // we will discard the top of stack after unloading the reference
         // anyway.
-        __ pop(eax);
+        frame_->Pop(eax);
       }
     }
   }
   // Discard the i'th entry pushed above or else the remainder of the
   // reference, whichever is currently on top of the stack.
-  __ pop(eax);
+  frame_->Pop(eax);
   CheckStack();  // TODO(1222600): ignore if body contains calls.
   __ jmp(&loop);
 
   // Cleanup.
   __ bind(&cleanup);
   __ bind(node->break_target());
-  __ add(Operand(esp), Immediate(5 * kPointerSize));
+  frame_->Drop(5);
 
   // Exit.
   __ bind(&exit);
 
   break_stack_height_ -= kForInStackSize;
 }
 
 
 void CodeGenerator::VisitTryCatch(TryCatch* node) {
   Comment cmnt(masm_, "[ TryCatch");
 
   Label try_block, exit;
 
   __ call(&try_block);
   // --- Catch block ---
-  __ push(eax);
+  frame_->Push(eax);
 
   // Store the caught exception in the catch variable.
   { Reference ref(this, node->catch_var());
     ASSERT(ref.is_slot());
     // Load the exception to the top of the stack.  Here we make use of the
     // convenient property that it doesn't matter whether a value is
     // immediately on top of or underneath a zero-sized reference.
     ref.SetValue(NOT_CONST_INIT);
   }
 
   // Remove the exception from the stack.
-  __ pop(edx);
+  frame_->Pop(edx);
 
   VisitStatements(node->catch_block()->statements());
   __ jmp(&exit);
 
 
   // --- Try block ---
   __ bind(&try_block);
 
   __ PushTryHandler(IN_JAVASCRIPT, TRY_CATCH_HANDLER);
   // TODO(1222589): remove the reliance of PushTryHandler on a cached TOS
-  __ push(eax);  //
+  frame_->Push(eax);  //
 
   // Introduce shadow labels for all escapes from the try block,
   // including returns. We should probably try to unify the escaping
   // labels and the return label.
   int nof_escapes = node->escaping_labels()->length();
   List<LabelShadow*> shadows(1 + nof_escapes);
   shadows.Add(new LabelShadow(&function_return_));
   for (int i = 0; i < nof_escapes; i++) {
     shadows.Add(new LabelShadow(node->escaping_labels()->at(i)));
   }
@@ skipping 17 matching lines @@
   // Make sure that there's nothing left on the stack above the
   // handler structure.
   if (FLAG_debug_code) {
     __ mov(eax, Operand::StaticVariable(handler_address));
     __ lea(eax, Operand(eax, StackHandlerConstants::kAddressDisplacement));
     __ cmp(esp, Operand(eax));
     __ Assert(equal, "stack pointer should point to top handler");
   }
 
   // Unlink from try chain.
-  __ pop(eax);
+  frame_->Pop(eax);
   __ mov(Operand::StaticVariable(handler_address), eax);  // TOS == next_sp
-  __ add(Operand(esp), Immediate(StackHandlerConstants::kSize - kPointerSize));
+  frame_->Drop(StackHandlerConstants::kSize / kPointerSize - 1);
   // next_sp popped.
   if (nof_unlinks > 0) __ jmp(&exit);
 
   // Generate unlink code for all used shadow labels.
   for (int i = 0; i <= nof_escapes; i++) {
     if (shadows[i]->is_linked()) {
       // Unlink from try chain; be careful not to destroy the TOS.
       __ bind(shadows[i]);
 
       // Reload sp from the top handler, because some statements that we
       // break from (eg, for...in) may have left stuff on the stack.
       __ mov(edx, Operand::StaticVariable(handler_address));
       const int kNextOffset = StackHandlerConstants::kNextOffset +
           StackHandlerConstants::kAddressDisplacement;
       __ lea(esp, Operand(edx, kNextOffset));
 
-      __ pop(Operand::StaticVariable(handler_address));
-      __ add(Operand(esp),
-             Immediate(StackHandlerConstants::kSize - kPointerSize));
+      frame_->Pop(Operand::StaticVariable(handler_address));
+      frame_->Drop(StackHandlerConstants::kSize / kPointerSize - 1);
       // next_sp popped.
       __ jmp(shadows[i]->shadowed());
     }
   }
 
   __ bind(&exit);
 }
 
 
 void CodeGenerator::VisitTryFinally(TryFinally* node) {
   Comment cmnt(masm_, "[ TryFinally");
 
   // State: Used to keep track of reason for entering the finally
   // block. Should probably be extended to hold information for
   // break/continue from within the try block.
   enum { FALLING, THROWING, JUMPING };
 
   Label exit, unlink, try_block, finally_block;
 
   __ call(&try_block);
 
-  __ push(eax);
+  frame_->Push(eax);
   // In case of thrown exceptions, this is where we continue.
   __ Set(ecx, Immediate(Smi::FromInt(THROWING)));
   __ jmp(&finally_block);
 
 
   // --- Try block ---
   __ bind(&try_block);
 
   __ PushTryHandler(IN_JAVASCRIPT, TRY_FINALLY_HANDLER);
   // TODO(1222589): remove the reliance of PushTryHandler on a cached TOS
-  __ push(eax);
+  frame_->Push(eax);
 
   // Introduce shadow labels for all escapes from the try block,
   // including returns. We should probably try to unify the escaping
   // labels and the return label.
   int nof_escapes = node->escaping_labels()->length();
   List<LabelShadow*> shadows(1 + nof_escapes);
   shadows.Add(new LabelShadow(&function_return_));
   for (int i = 0; i < nof_escapes; i++) {
     shadows.Add(new LabelShadow(node->escaping_labels()->at(i)));
   }
 
   // Generate code for the statements in the try block.
   bool was_inside_try = is_inside_try_;
   is_inside_try_ = true;
   VisitStatements(node->try_block()->statements());
   is_inside_try_ = was_inside_try;
 
   // Stop the introduced shadowing and count the number of required
   // unlinks.
   int nof_unlinks = 0;
   for (int i = 0; i <= nof_escapes; i++) {
     shadows[i]->StopShadowing();
     if (shadows[i]->is_linked()) nof_unlinks++;
   }
 
   // Set the state on the stack to FALLING.
-  __ push(Immediate(Factory::undefined_value()));  // fake TOS
+  frame_->Push(Immediate(Factory::undefined_value()));  // fake TOS
   __ Set(ecx, Immediate(Smi::FromInt(FALLING)));
   if (nof_unlinks > 0) __ jmp(&unlink);
 
   // Generate code that sets the state for all used shadow labels.
   for (int i = 0; i <= nof_escapes; i++) {
     if (shadows[i]->is_linked()) {
       __ bind(shadows[i]);
       if (shadows[i]->shadowed() == &function_return_) {
         // Materialize the return value on the stack.
-        __ push(eax);
+        frame_->Push(eax);
       } else {
         // Fake TOS for break and continue.
-        __ push(Immediate(Factory::undefined_value()));
+        frame_->Push(Immediate(Factory::undefined_value()));
       }
       __ Set(ecx, Immediate(Smi::FromInt(JUMPING + i)));
       __ jmp(&unlink);
     }
   }
 
   // Unlink from try chain; be careful not to destroy the TOS.
   __ bind(&unlink);
   // Reload sp from the top handler, because some statements that we
   // break from (eg, for...in) may have left stuff on the stack.
-  __ pop(eax);  // preserve the TOS in a register across stack manipulation
+  frame_->Pop(eax);  // preserve the TOS in a register across stack manipulation
   ExternalReference handler_address(Top::k_handler_address);
   __ mov(edx, Operand::StaticVariable(handler_address));
   const int kNextOffset = StackHandlerConstants::kNextOffset +
       StackHandlerConstants::kAddressDisplacement;
   __ lea(esp, Operand(edx, kNextOffset));
 
-  __ pop(Operand::StaticVariable(handler_address));
-  __ add(Operand(esp), Immediate(StackHandlerConstants::kSize - kPointerSize));
+  frame_->Pop(Operand::StaticVariable(handler_address));
+  frame_->Drop(StackHandlerConstants::kSize / kPointerSize - 1);
   // next_sp popped.
-  __ push(eax);  // preserve the TOS in a register across stack manipulation
+  frame_->Push(eax);  // preserve the TOS in a register across stack manipulation
 
   // --- Finally block ---
   __ bind(&finally_block);
 
   // Push the state on the stack.
-  __ push(ecx);
+  frame_->Push(ecx);
 
   // We keep two elements on the stack - the (possibly faked) result
   // and the state - while evaluating the finally block. Record it, so
   // that a break/continue crossing this statement can restore the
   // stack.
   const int kFinallyStackSize = 2 * kPointerSize;
   break_stack_height_ += kFinallyStackSize;
 
   // Generate code for the statements in the finally block.
   VisitStatements(node->finally_block()->statements());
 
   // Restore state and return value or faked TOS.
-  __ pop(ecx);
-  __ pop(eax);
+  frame_->Pop(ecx);
+  frame_->Pop(eax);
   break_stack_height_ -= kFinallyStackSize;
 
   // Generate code that jumps to the right destination for all used
   // shadow labels.
   for (int i = 0; i <= nof_escapes; i++) {
     if (shadows[i]->is_bound()) {
       __ cmp(Operand(ecx), Immediate(Smi::FromInt(JUMPING + i)));
       __ j(equal, shadows[i]->shadowed());
     }
   }
 
   // Check if we need to rethrow the exception.
   __ cmp(Operand(ecx), Immediate(Smi::FromInt(THROWING)));
   __ j(not_equal, &exit);
 
   // Rethrow exception.
-  __ push(eax);  // undo pop from above
+  frame_->Push(eax);  // undo pop from above
   __ CallRuntime(Runtime::kReThrow, 1);
 
   // Done.
   __ bind(&exit);
 }
 
 
 void CodeGenerator::VisitDebuggerStatement(DebuggerStatement* node) {
   Comment cmnt(masm_, "[ DebuggerStatement");
   RecordStatementPosition(node);
   __ CallRuntime(Runtime::kDebugBreak, 1);
-  __ push(eax);
+  frame_->Push(eax);
 }
 
 
 void CodeGenerator::InstantiateBoilerplate(Handle<JSFunction> boilerplate) {
   ASSERT(boilerplate->IsBoilerplate());
 
   // Push the boilerplate on the stack.
-  __ push(Immediate(boilerplate));
+  frame_->Push(Immediate(boilerplate));
 
   // Create a new closure.
-  __ push(esi);
+  frame_->Push(esi);
   __ CallRuntime(Runtime::kNewClosure, 2);
-  __ push(eax);
+  frame_->Push(eax);
 }
 
 
 void CodeGenerator::VisitFunctionLiteral(FunctionLiteral* node) {
   Comment cmnt(masm_, "[ FunctionLiteral");
 
   // Build the function boilerplate and instantiate it.
   Handle<JSFunction> boilerplate = BuildBoilerplate(node);
   // Check for stack-overflow exception.
   if (HasStackOverflow()) return;
@@ skipping 20 matching lines @@
   Load(node->else_expression(), typeof_state());
   __ bind(&exit);
 }
 
 
 void CodeGenerator::LoadFromSlot(Slot* slot, TypeofState typeof_state) {
   if (slot->type() == Slot::LOOKUP) {
     ASSERT(slot->var()->mode() == Variable::DYNAMIC);
 
     // For now, just do a runtime call.
-    __ push(esi);
-    __ push(Immediate(slot->var()->name()));
+    frame_->Push(esi);
+    frame_->Push(Immediate(slot->var()->name()));
 
     if (typeof_state == INSIDE_TYPEOF) {
       __ CallRuntime(Runtime::kLoadContextSlotNoReferenceError, 2);
     } else {
       __ CallRuntime(Runtime::kLoadContextSlot, 2);
     }
-    __ push(eax);
+    frame_->Push(eax);
 
   } else {
     // Note: We would like to keep the assert below, but it fires because of
     // some nasty code in LoadTypeofExpression() which should be removed...
     // ASSERT(slot->var()->mode() != Variable::DYNAMIC);
     if (slot->var()->mode() == Variable::CONST) {
       // Const slots may contain 'the hole' value (the constant hasn't been
       // initialized yet) which needs to be converted into the 'undefined'
       // value.
       Comment cmnt(masm_, "[ Load const");
       Label exit;
       __ mov(eax, SlotOperand(slot, ecx));
       __ cmp(eax, Factory::the_hole_value());
       __ j(not_equal, &exit);
       __ mov(eax, Factory::undefined_value());
       __ bind(&exit);
-      __ push(eax);
+      frame_->Push(eax);
     } else {
-      __ push(SlotOperand(slot, ecx));
+      frame_->Push(SlotOperand(slot, ecx));
     }
   }
 }
 
 
 void CodeGenerator::VisitSlot(Slot* node) {
   Comment cmnt(masm_, "[ Slot");
   LoadFromSlot(node, typeof_state());
 }
 
@@ skipping 13 matching lines @@
 
 
 void CodeGenerator::VisitLiteral(Literal* node) {
   Comment cmnt(masm_, "[ Literal");
   if (node->handle()->IsSmi() && !IsInlineSmi(node)) {
     // To prevent long attacker-controlled byte sequences in code, larger
     // Smis are loaded in two steps.
     int bits = reinterpret_cast<int>(*node->handle());
     __ mov(eax, bits & 0x0000FFFF);
     __ xor_(eax, bits & 0xFFFF0000);
-    __ push(eax);
+    frame_->Push(eax);
   } else {
-    __ push(Immediate(node->handle()));
+    frame_->Push(Immediate(node->handle()));
   }
 }
 
 
 class RegExpDeferred: public DeferredCode {
  public:
   RegExpDeferred(CodeGenerator* generator, RegExpLiteral* node)
       : DeferredCode(generator), node_(node) {
     set_comment("[ RegExpDeferred");
   }
@@ skipping 20 matching lines @@
 }
 
 
 void CodeGenerator::VisitRegExpLiteral(RegExpLiteral* node) {
   Comment cmnt(masm_, "[ RegExp Literal");
   RegExpDeferred* deferred = new RegExpDeferred(this, node);
 
   // Retrieve the literal array and check the allocated entry.
 
   // Load the function of this activation.
-  __ mov(ecx, FunctionOperand());
+  __ mov(ecx, frame_->Function());
 
   // Load the literals array of the function.
   __ mov(ecx, FieldOperand(ecx, JSFunction::kLiteralsOffset));
 
   // Load the literal at the ast saved index.
   int literal_offset =
       FixedArray::kHeaderSize + node->literal_index() * kPointerSize;
   __ mov(ebx, FieldOperand(ecx, literal_offset));
 
   // Check whether we need to materialize the RegExp object.
   // If so, jump to the deferred code.
   __ cmp(ebx, Factory::undefined_value());
   __ j(equal, deferred->enter(), not_taken);
   __ bind(deferred->exit());
 
   // Push the literal.
-  __ push(ebx);
+  frame_->Push(ebx);
 }
 
 
 // This deferred code stub will be used for creating the boilerplate
 // by calling Runtime_CreateObjectLiteral.
 // Each created boilerplate is stored in the JSFunction and they are
 // therefore context dependent.
 class ObjectLiteralDeferred: public DeferredCode {
  public:
   ObjectLiteralDeferred(CodeGenerator* generator,
                         ObjectLiteral* node)
       : DeferredCode(generator), node_(node) {
     set_comment("[ ObjectLiteralDeferred");
   }
   virtual void Generate();
  private:
   ObjectLiteral* node_;
 };
 
 
 void ObjectLiteralDeferred::Generate() {
   // If the entry is undefined we call the runtime system to compute
   // the literal.
 
   // Literal array (0).
-  __ push(Operand(ecx));
+  __ push(ecx);
   // Literal index (1).
   __ push(Immediate(Smi::FromInt(node_->literal_index())));
   // Constant properties (2).
   __ push(Immediate(node_->constant_properties()));
   __ CallRuntime(Runtime::kCreateObjectLiteralBoilerplate, 3);
   __ mov(ebx, Operand(eax));
 }
 
 
 void CodeGenerator::VisitObjectLiteral(ObjectLiteral* node) {
   Comment cmnt(masm_, "[ ObjectLiteral");
   ObjectLiteralDeferred* deferred = new ObjectLiteralDeferred(this, node);
 
   // Retrieve the literal array and check the allocated entry.
 
   // Load the function of this activation.
-  __ mov(ecx, FunctionOperand());
+  __ mov(ecx, frame_->Function());
 
   // Load the literals array of the function.
   __ mov(ecx, FieldOperand(ecx, JSFunction::kLiteralsOffset));
 
   // Load the literal at the ast saved index.
   int literal_offset =
       FixedArray::kHeaderSize + node->literal_index() * kPointerSize;
   __ mov(ebx, FieldOperand(ecx, literal_offset));
 
   // Check whether we need to materialize the object literal boilerplate.
   // If so, jump to the deferred code.
   __ cmp(ebx, Factory::undefined_value());
   __ j(equal, deferred->enter(), not_taken);
   __ bind(deferred->exit());
 
   // Push the literal.
-  __ push(ebx);
+  frame_->Push(ebx);
   // Clone the boilerplate object.
   __ CallRuntime(Runtime::kCloneObjectLiteralBoilerplate, 1);
   // Push the new cloned literal object as the result.
-  __ push(eax);
+  frame_->Push(eax);
 
 
   for (int i = 0; i < node->properties()->length(); i++) {
     ObjectLiteral::Property* property  = node->properties()->at(i);
     switch (property->kind()) {
       case ObjectLiteral::Property::CONSTANT: break;
       case ObjectLiteral::Property::COMPUTED: {
         Handle<Object> key(property->key()->handle());
         Handle<Code> ic(Builtins::builtin(Builtins::StoreIC_Initialize));
         if (key->IsSymbol()) {
-          __ mov(eax, TOS);
-          __ push(eax);
+          __ mov(eax, frame_->Top());
+          frame_->Push(eax);
           Load(property->value());
-          __ pop(eax);
+          frame_->Pop(eax);
           __ Set(ecx, Immediate(key));
           __ call(ic, RelocInfo::CODE_TARGET);
-          __ add(Operand(esp), Immediate(kPointerSize));
+          frame_->Drop(1);
           // Ignore result.
           break;
         }
         // Fall through
       }
       case ObjectLiteral::Property::PROTOTYPE: {
-        __ mov(eax, TOS);
-        __ push(eax);
+        __ mov(eax, frame_->Top());
+        frame_->Push(eax);
         Load(property->key());
         Load(property->value());
         __ CallRuntime(Runtime::kSetProperty, 3);
         // Ignore result.
         break;
       }
       case ObjectLiteral::Property::SETTER: {
         // Duplicate the resulting object on the stack. The runtime
         // function will pop the three arguments passed in.
-        __ mov(eax, TOS);
-        __ push(eax);
+        __ mov(eax, frame_->Top());
+        frame_->Push(eax);
         Load(property->key());
-        __ push(Immediate(Smi::FromInt(1)));
+        frame_->Push(Immediate(Smi::FromInt(1)));
         Load(property->value());
         __ CallRuntime(Runtime::kDefineAccessor, 4);
         // Ignore result.
         break;
       }
       case ObjectLiteral::Property::GETTER: {
         // Duplicate the resulting object on the stack. The runtime
         // function will pop the three arguments passed in.
-        __ mov(eax, TOS);
-        __ push(eax);
+        __ mov(eax, frame_->Top());
+        frame_->Push(eax);
         Load(property->key());
-        __ push(Immediate(Smi::FromInt(0)));
+        frame_->Push(Immediate(Smi::FromInt(0)));
         Load(property->value());
         __ CallRuntime(Runtime::kDefineAccessor, 4);
         // Ignore result.
         break;
       }
       default: UNREACHABLE();
     }
   }
 }
 
 
 void CodeGenerator::VisitArrayLiteral(ArrayLiteral* node) {
   Comment cmnt(masm_, "[ ArrayLiteral");
 
   // Call runtime to create the array literal.
-  __ push(Immediate(node->literals()));
+  frame_->Push(Immediate(node->literals()));
   // Load the function of this frame.
-  __ mov(ecx, FunctionOperand());
+  __ mov(ecx, frame_->Function());
   // Load the literals array of the function.
   __ mov(ecx, FieldOperand(ecx, JSFunction::kLiteralsOffset));
-  __ push(ecx);
+  frame_->Push(ecx);
   __ CallRuntime(Runtime::kCreateArrayLiteral, 2);
 
   // Push the resulting array literal on the stack.
-  __ push(eax);
+  frame_->Push(eax);
 
   // Generate code to set the elements in the array that are not
   // literals.
   for (int i = 0; i < node->values()->length(); i++) {
     Expression* value = node->values()->at(i);
 
     // If value is literal the property value is already
     // set in the boilerplate object.
     if (value->AsLiteral() == NULL) {
       // The property must be set by generated code.
       Load(value);
 
       // Get the value off the stack.
-      __ pop(eax);
+      frame_->Pop(eax);
       // Fetch the object literal while leaving on the stack.
-      __ mov(ecx, TOS);
+      __ mov(ecx, frame_->Top());
       // Get the elements array.
       __ mov(ecx, FieldOperand(ecx, JSObject::kElementsOffset));
 
       // Write to the indexed properties array.
       int offset = i * kPointerSize + Array::kHeaderSize;
       __ mov(FieldOperand(ecx, offset), eax);
 
       // Update the write barrier for the array address.
       __ RecordWrite(ecx, offset, eax, ebx);
     }
@@ skipping 49 matching lines @@
   }
 }
 
 
 void CodeGenerator::VisitThrow(Throw* node) {
   Comment cmnt(masm_, "[ Throw");
 
   Load(node->exception());
   __ RecordPosition(node->position());
   __ CallRuntime(Runtime::kThrow, 1);
-  __ push(eax);
+  frame_->Push(eax);
 }
 
 
 void CodeGenerator::VisitProperty(Property* node) {
   Comment cmnt(masm_, "[ Property");
 
   Reference property(this, node);
   property.GetValue(typeof_state());
 }
 
@@ skipping 18 matching lines @@
   // automatically handles this by loading the arguments before the function
   // is resolved in cache misses (this also holds for megamorphic calls).
   // ------------------------------------------------------------------------
 
   if (var != NULL && !var->is_this() && var->is_global()) {
     // ----------------------------------
     // JavaScript example: 'foo(1, 2, 3)'  // foo is global
     // ----------------------------------
 
     // Push the name of the function and the receiver onto the stack.
-    __ push(Immediate(var->name()));
+    frame_->Push(Immediate(var->name()));
     LoadGlobal();
 
     // Load the arguments.
     for (int i = 0; i < args->length(); i++) {
       Load(args->at(i));
     }
 
     // Setup the receiver register and call the IC initialization code.
     Handle<Code> stub = ComputeCallInitialize(args->length());
     __ RecordPosition(node->position());
     __ call(stub, RelocInfo::CODE_TARGET_CONTEXT);
-    __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
+    __ mov(esi, frame_->Context());
 
     // Overwrite the function on the stack with the result.
-    __ mov(TOS, eax);
+    __ mov(frame_->Top(), eax);
 
   } else if (var != NULL && var->slot() != NULL &&
              var->slot()->type() == Slot::LOOKUP) {
     // ----------------------------------
     // JavaScript example: 'with (obj) foo(1, 2, 3)'  // foo is in obj
     // ----------------------------------
 
     // Load the function
-    __ push(Operand(esi));
-    __ push(Immediate(var->name()));
+    frame_->Push(esi);
+    frame_->Push(Immediate(var->name()));
     __ CallRuntime(Runtime::kLoadContextSlot, 2);
     // eax: slot value; edx: receiver
 
     // Load the receiver.
-    __ push(eax);
-    __ push(edx);
+    frame_->Push(eax);
+    frame_->Push(edx);
 
     // Call the function.
     CallWithArguments(args, node->position());
 
   } else if (property != NULL) {
     // Check if the key is a literal string.
     Literal* literal = property->key()->AsLiteral();
 
     if (literal != NULL && literal->handle()->IsSymbol()) {
       // ------------------------------------------------------------------
       // JavaScript example: 'object.foo(1, 2, 3)' or 'map["key"](1, 2, 3)'
       // ------------------------------------------------------------------
 
       // Push the name of the function and the receiver onto the stack.
-      __ push(Immediate(literal->handle()));
+      frame_->Push(Immediate(literal->handle()));
       Load(property->obj());
 
       // Load the arguments.
       for (int i = 0; i < args->length(); i++) Load(args->at(i));
 
       // Call the IC initialization code.
       Handle<Code> stub = ComputeCallInitialize(args->length());
       __ RecordPosition(node->position());
       __ call(stub, RelocInfo::CODE_TARGET);
-      __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
+      __ mov(esi, frame_->Context());
 
       // Overwrite the function on the stack with the result.
-      __ mov(TOS, eax);
+      __ mov(frame_->Top(), eax);
 
     } else {
       // -------------------------------------------
       // JavaScript example: 'array[index](1, 2, 3)'
       // -------------------------------------------
 
       // Load the function to call from the property through a reference.
       Reference ref(this, property);
       ref.GetValue(NOT_INSIDE_TYPEOF);
 
       // Pass receiver to called function.
       // The reference's size is non-negative.
-      __ push(Operand(esp, ref.size() * kPointerSize));
+      frame_->Push(frame_->Element(ref.size()));
 
       // Call the function.
       CallWithArguments(args, node->position());
     }
 
   } else {
     // ----------------------------------
     // JavaScript example: 'foo(1, 2, 3)'  // foo is not global
     // ----------------------------------
 
@@ skipping 27 matching lines @@
   ZoneList<Expression*>* args = node->arguments();
   for (int i = 0; i < args->length(); i++) Load(args->at(i));
 
   // Constructors are called with the number of arguments in register
   // eax for now. Another option would be to have separate construct
   // call trampolines per different arguments counts encountered.
   __ Set(eax, Immediate(args->length()));
 
   // Load the function into temporary function slot as per calling
   // convention.
-  __ mov(edi, Operand(esp, (args->length() + 1) * kPointerSize));
+  __ mov(edi, frame_->Element(args->length() + 1));
 
   // Call the construct call builtin that handles allocation and
   // constructor invocation.
   __ RecordPosition(node->position());
   __ call(Handle<Code>(Builtins::builtin(Builtins::JSConstructCall)),
           RelocInfo::CONSTRUCT_CALL);
-  __ mov(TOS, eax);  // discard the function and "push" the newly created object
+  // Discard the function and "push" the newly created object.
+  __ mov(frame_->Top(), eax);
 }
 
 
 void CodeGenerator::GenerateIsSmi(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 1);
   Load(args->at(0));
-  __ pop(eax);
+  frame_->Pop(eax);
   __ test(eax, Immediate(kSmiTagMask));
   cc_reg_ = zero;
 }
 
 
 void CodeGenerator::GenerateIsNonNegativeSmi(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 1);
   Load(args->at(0));
-  __ pop(eax);
+  frame_->Pop(eax);
   __ test(eax, Immediate(kSmiTagMask | 0x80000000));
   cc_reg_ = zero;
 }
 
 
 // This generates code that performs a charCodeAt() call or returns
 // undefined in order to trigger the slow case, Runtime_StringCharCodeAt.
 // It can handle flat and sliced strings, 8 and 16 bit characters and
 // cons strings where the answer is found in the left hand branch of the
 // cons.  The slow case will flatten the string, which will ensure that
 // the answer is in the left hand side the next time around.
 void CodeGenerator::GenerateFastCharCodeAt(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 2);
 
   Label slow_case;
   Label end;
   Label not_a_flat_string;
   Label not_a_cons_string_either;
   Label try_again_with_new_string;
   Label ascii_string;
   Label got_char_code;
 
   // Load the string into eax.
   Load(args->at(0));
-  __ pop(eax);
+  frame_->Pop(eax);
   // If the receiver is a smi return undefined.
   ASSERT(kSmiTag == 0);
   __ test(eax, Immediate(kSmiTagMask));
   __ j(zero, &slow_case, not_taken);
 
   // Load the index into ebx.
   Load(args->at(1));
-  __ pop(ebx);
+  frame_->Pop(ebx);
 
   // Check for negative or non-smi index.
   ASSERT(kSmiTag == 0);
   __ test(ebx, Immediate(kSmiTagMask | 0x80000000));
   __ j(not_zero, &slow_case, not_taken);
   // Get rid of the smi tag on the index.
   __ sar(ebx, kSmiTagSize);
 
   __ bind(&try_again_with_new_string);
   // Get the type of the heap object into ecx.
@@ skipping 50 matching lines @@
   __ jmp(&got_char_code);
 
   // ASCII string.
   __ bind(&ascii_string);
   // Load the byte.
   __ movzx_b(eax, FieldOperand(eax, ebx, times_1, SeqAsciiString::kHeaderSize));
 
   __ bind(&got_char_code);
   ASSERT(kSmiTag == 0);
   __ shl(eax, kSmiTagSize);
-  __ push(eax);
+  frame_->Push(eax);
   __ jmp(&end);
 
 
   // Handle non-flat strings.
   __ bind(&not_a_flat_string);
   __ and_(ecx, kStringRepresentationMask);
   __ cmp(ecx, kConsStringTag);
   __ j(not_equal, &not_a_cons_string_either, not_taken);
 
   // ConsString.
   // Get the first of the two strings.
   __ mov(eax, FieldOperand(eax, ConsString::kFirstOffset));
   __ jmp(&try_again_with_new_string);
 
   __ bind(&not_a_cons_string_either);
   __ cmp(ecx, kSlicedStringTag);
   __ j(not_equal, &slow_case, not_taken);
 
   // SlicedString.
   // Add the offset to the index.
   __ add(ebx, FieldOperand(eax, SlicedString::kStartOffset));
   __ j(overflow, &slow_case);
   // Get the underlying string.
   __ mov(eax, FieldOperand(eax, SlicedString::kBufferOffset));
   __ jmp(&try_again_with_new_string);
 
   __ bind(&slow_case);
-  __ push(Immediate(Factory::undefined_value()));
+  frame_->Push(Immediate(Factory::undefined_value()));
 
   __ bind(&end);
 }
 
 
 void CodeGenerator::GenerateIsArray(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 1);
   Load(args->at(0));
   Label answer;
   // We need the CC bits to come out as not_equal in the case where the
   // object is a smi.  This can't be done with the usual test opcode so
   // we copy the object to ecx and do some destructive ops on it that
   // result in the right CC bits.
-  __ pop(eax);
+  frame_->Pop(eax);
   __ mov(ecx, Operand(eax));
   __ and_(ecx, kSmiTagMask);
   __ xor_(ecx, kSmiTagMask);
   __ j(not_equal, &answer, not_taken);
   // It is a heap object - get map.
   __ mov(eax, FieldOperand(eax, HeapObject::kMapOffset));
   __ movzx_b(eax, FieldOperand(eax, Map::kInstanceTypeOffset));
   // Check if the object is a JS array or not.
   __ cmp(eax, JS_ARRAY_TYPE);
   __ bind(&answer);
   cc_reg_ = equal;
 }
 
 
 void CodeGenerator::GenerateArgumentsLength(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 0);
 
   // Seed the result with the formal parameters count, which will be
   // used in case no arguments adaptor frame is found below the
   // current frame.
   __ Set(eax, Immediate(Smi::FromInt(scope_->num_parameters())));
 
   // Call the shared stub to get to the arguments.length.
   ArgumentsAccessStub stub(ArgumentsAccessStub::READ_LENGTH);
   __ CallStub(&stub);
-  __ push(eax);
+  frame_->Push(eax);
 }
 
 
 void CodeGenerator::GenerateValueOf(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 1);
   Label leave;
   Load(args->at(0));  // Load the object.
-  __ mov(eax, TOS);
+  __ mov(eax, frame_->Top());
   // if (object->IsSmi()) return object.
   __ test(eax, Immediate(kSmiTagMask));
   __ j(zero, &leave, taken);
   // It is a heap object - get map.
   __ mov(ecx, FieldOperand(eax, HeapObject::kMapOffset));
   __ movzx_b(ecx, FieldOperand(ecx, Map::kInstanceTypeOffset));
   // if (!object->IsJSValue()) return object.
   __ cmp(ecx, JS_VALUE_TYPE);
   __ j(not_equal, &leave, not_taken);
   __ mov(eax, FieldOperand(eax, JSValue::kValueOffset));
-  __ mov(TOS, eax);
+  __ mov(frame_->Top(), eax);
   __ bind(&leave);
 }
 
 
 void CodeGenerator::GenerateSetValueOf(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 2);
   Label leave;
   Load(args->at(0));  // Load the object.
   Load(args->at(1));  // Load the value.
-  __ mov(eax, (Operand(esp, kPointerSize)));
-  __ mov(ecx, TOS);
+  __ mov(eax, frame_->Element(1));
+  __ mov(ecx, frame_->Top());
   // if (object->IsSmi()) return object.
   __ test(eax, Immediate(kSmiTagMask));
   __ j(zero, &leave, taken);
   // It is a heap object - get map.
   __ mov(ebx, FieldOperand(eax, HeapObject::kMapOffset));
   __ movzx_b(ebx, FieldOperand(ebx, Map::kInstanceTypeOffset));
   // if (!object->IsJSValue()) return object.
   __ cmp(ebx, JS_VALUE_TYPE);
   __ j(not_equal, &leave, not_taken);
   // Store the value.
   __ mov(FieldOperand(eax, JSValue::kValueOffset), ecx);
   // Update the write barrier.
   __ RecordWrite(eax, JSValue::kValueOffset, ecx, ebx);
   // Leave.
   __ bind(&leave);
-  __ mov(ecx, TOS);
-  __ pop(eax);
-  __ mov(TOS, ecx);
+  __ mov(ecx, frame_->Top());
+  frame_->Pop(eax);
+  __ mov(frame_->Top(), ecx);
 }
 
 
 void CodeGenerator::GenerateArgumentsAccess(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 1);
 
   // Load the key onto the stack and set register eax to the formal
   // parameters count for the currently executing function.
   Load(args->at(0));
   __ Set(eax, Immediate(Smi::FromInt(scope_->num_parameters())));
 
   // Call the shared stub to get to arguments[key].
   ArgumentsAccessStub stub(ArgumentsAccessStub::READ_ELEMENT);
   __ CallStub(&stub);
-  __ mov(TOS, eax);
+  __ mov(frame_->Top(), eax);
 }
 
 
 void CodeGenerator::GenerateObjectEquals(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 2);
 
   // Load the two objects into registers and perform the comparison.
   Load(args->at(0));
   Load(args->at(1));
-  __ pop(eax);
-  __ pop(ecx);
+  frame_->Pop(eax);
+  frame_->Pop(ecx);
   __ cmp(eax, Operand(ecx));
   cc_reg_ = equal;
 }
 
 
 void CodeGenerator::VisitCallRuntime(CallRuntime* node) {
   if (CheckForInlineRuntimeCall(node)) return;
 
   ZoneList<Expression*>* args = node->arguments();
   Comment cmnt(masm_, "[ CallRuntime");
   Runtime::Function* function = node->function();
 
   if (function == NULL) {
     // Prepare stack for calling JS runtime function.
-    __ push(Immediate(node->name()));
+    frame_->Push(Immediate(node->name()));
     // Push the builtins object found in the current global object.
     __ mov(edx, GlobalObject());
-    __ push(FieldOperand(edx, GlobalObject::kBuiltinsOffset));
+    frame_->Push(FieldOperand(edx, GlobalObject::kBuiltinsOffset));
   }
 
   // Push the arguments ("left-to-right").
   for (int i = 0; i < args->length(); i++)
     Load(args->at(i));
 
   if (function != NULL) {
     // Call the C runtime function.
     __ CallRuntime(function, args->length());
-    __ push(eax);
+    frame_->Push(eax);
   } else {
     // Call the JS runtime function.
     Handle<Code> stub = ComputeCallInitialize(args->length());
     __ Set(eax, Immediate(args->length()));
     __ call(stub, RelocInfo::CODE_TARGET);
-    __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
-    __ mov(TOS, eax);
+    __ mov(esi, frame_->Context());
+    __ mov(frame_->Top(), eax);
   }
 }
 
 
 void CodeGenerator::VisitUnaryOperation(UnaryOperation* node) {
   Comment cmnt(masm_, "[ UnaryOperation");
 
   Token::Value op = node->op();
 
   if (op == Token::NOT) {
     LoadCondition(node->expression(), NOT_INSIDE_TYPEOF,
                   false_target(), true_target(), true);
     cc_reg_ = NegateCondition(cc_reg_);
 
   } else if (op == Token::DELETE) {
     Property* property = node->expression()->AsProperty();
     if (property != NULL) {
       Load(property->obj());
       Load(property->key());
       __ InvokeBuiltin(Builtins::DELETE, CALL_FUNCTION);
-      __ push(eax);
+      frame_->Push(eax);
       return;
     }
 
     Variable* variable = node->expression()->AsVariableProxy()->AsVariable();
     if (variable != NULL) {
       Slot* slot = variable->slot();
       if (variable->is_global()) {
         LoadGlobal();
-        __ push(Immediate(variable->name()));
+        frame_->Push(Immediate(variable->name()));
         __ InvokeBuiltin(Builtins::DELETE, CALL_FUNCTION);
-        __ push(eax);
+        frame_->Push(eax);
         return;
 
       } else if (slot != NULL && slot->type() == Slot::LOOKUP) {
         // lookup the context holding the named variable
-        __ push(Operand(esi));
-        __ push(Immediate(variable->name()));
+        frame_->Push(esi);
+        frame_->Push(Immediate(variable->name()));
         __ CallRuntime(Runtime::kLookupContext, 2);
         // eax: context
-        __ push(eax);
-        __ push(Immediate(variable->name()));
+        frame_->Push(eax);
+        frame_->Push(Immediate(variable->name()));
         __ InvokeBuiltin(Builtins::DELETE, CALL_FUNCTION);
-        __ push(eax);
+        frame_->Push(eax);
         return;
       }
 
       // Default: Result of deleting non-global, not dynamically
       // introduced variables is false.
-      __ push(Immediate(Factory::false_value()));
+      frame_->Push(Immediate(Factory::false_value()));
 
     } else {
       // Default: Result of deleting expressions is true.
       Load(node->expression());  // may have side-effects
-      __ Set(TOS, Immediate(Factory::true_value()));
+      __ Set(frame_->Top(), Immediate(Factory::true_value()));
     }
 
   } else if (op == Token::TYPEOF) {
     // Special case for loading the typeof expression; see comment on
     // LoadTypeofExpression().
     LoadTypeofExpression(node->expression());
     __ CallRuntime(Runtime::kTypeof, 1);
-    __ push(eax);
+    frame_->Push(eax);
 
   } else {
     Load(node->expression());
     switch (op) {
       case Token::NOT:
       case Token::DELETE:
       case Token::TYPEOF:
         UNREACHABLE();  // handled above
         break;
 
       case Token::SUB: {
         UnarySubStub stub;
         // TODO(1222589): remove dependency of TOS being cached inside stub
-        __ pop(eax);
+        frame_->Pop(eax);
         __ CallStub(&stub);
-        __ push(eax);
+        frame_->Push(eax);
         break;
       }
 
       case Token::BIT_NOT: {
         // Smi check.
         Label smi_label;
         Label continue_label;
-        __ pop(eax);
+        frame_->Pop(eax);
         __ test(eax, Immediate(kSmiTagMask));
         __ j(zero, &smi_label, taken);
 
-        __ push(eax);  // undo popping of TOS
+        frame_->Push(eax);  // undo popping of TOS
         __ InvokeBuiltin(Builtins::BIT_NOT, CALL_FUNCTION);
 
         __ jmp(&continue_label);
         __ bind(&smi_label);
         __ not_(eax);
         __ and_(eax, ~kSmiTagMask);  // Remove inverted smi-tag.
         __ bind(&continue_label);
-        __ push(eax);
+        frame_->Push(eax);
         break;
       }
 
       case Token::VOID:
-        __ mov(TOS, Factory::undefined_value());
+        __ mov(frame_->Top(), Factory::undefined_value());
         break;
 
       case Token::ADD: {
         // Smi check.
         Label continue_label;
-        __ pop(eax);
+        frame_->Pop(eax);
         __ test(eax, Immediate(kSmiTagMask));
         __ j(zero, &continue_label);
 
-        __ push(eax);
+        frame_->Push(eax);
         __ InvokeBuiltin(Builtins::TO_NUMBER, CALL_FUNCTION);
 
         __ bind(&continue_label);
-        __ push(eax);
+        frame_->Push(eax);
         break;
       }
 
       default:
         UNREACHABLE();
     }
   }
 }
 
 
@@ skipping 85 matching lines @@
 void CodeGenerator::VisitCountOperation(CountOperation* node) {
   Comment cmnt(masm_, "[ CountOperation");
 
   bool is_postfix = node->is_postfix();
   bool is_increment = node->op() == Token::INC;
 
   Variable* var = node->expression()->AsVariableProxy()->AsVariable();
   bool is_const = (var != NULL && var->mode() == Variable::CONST);
 
   // Postfix: Make room for the result.
-  if (is_postfix) __ push(Immediate(0));
+  if (is_postfix) {
+    frame_->Push(Immediate(0));
+  }
 
   { Reference target(this, node->expression());
     if (target.is_illegal()) return;
     target.GetValue(NOT_INSIDE_TYPEOF);
 
-    int result_offset = target.size() * kPointerSize;
     CountOperationDeferred* deferred =
-        new CountOperationDeferred(this, is_postfix,
-                                   is_increment, result_offset);
+        new CountOperationDeferred(this, is_postfix, is_increment,
+                                   target.size() * kPointerSize);
 
-    __ pop(eax);  // Load TOS into eax for calculations below
+    frame_->Pop(eax);  // Load TOS into eax for calculations below
 
     // Postfix: Store the old value as the result.
-    if (is_postfix) __ mov(Operand(esp, result_offset), eax);
+    if (is_postfix) {
+      __ mov(frame_->Element(target.size()), eax);
+    }
 
     // Perform optimistic increment/decrement.
     if (is_increment) {
       __ add(Operand(eax), Immediate(Smi::FromInt(1)));
     } else {
       __ sub(Operand(eax), Immediate(Smi::FromInt(1)));
     }
 
     // If the count operation didn't overflow and the result is a
     // valid smi, we're done. Otherwise, we jump to the deferred
     // slow-case code.
     __ j(overflow, deferred->enter(), not_taken);
     __ test(eax, Immediate(kSmiTagMask));
     __ j(not_zero, deferred->enter(), not_taken);
 
     // Store the new value in the target if not const.
     __ bind(deferred->exit());
-    __ push(eax);  // Push the new value to TOS
+    frame_->Push(eax);  // Push the new value to TOS
     if (!is_const) target.SetValue(NOT_CONST_INIT);
   }
 
   // Postfix: Discard the new value and use the old.
-  if (is_postfix) __ pop(eax);
+  if (is_postfix) {
+    frame_->Pop(eax);
+  }
 }
 
 
 void CodeGenerator::VisitBinaryOperation(BinaryOperation* node) {
   Comment cmnt(masm_, "[ BinaryOperation");
   Token::Value op = node->op();
 
   // According to ECMA-262 section 11.11, page 58, the binary logical
   // operators must yield the result of one of the two expressions
   // before any ToBoolean() conversions. This means that the value
@@ skipping 18 matching lines @@
       LoadCondition(node->right(), NOT_INSIDE_TYPEOF, true_target(),
                     false_target(), false);
 
     } else {
       Label pop_and_continue, exit;
 
       // Avoid popping the result if it converts to 'false' using the
       // standard ToBoolean() conversion as described in ECMA-262,
       // section 9.2, page 30.
        // Duplicate the TOS value. The duplicate will be popped by ToBoolean.
-      __ mov(eax, TOS);
-      __ push(eax);
+      __ mov(eax, frame_->Top());
+      frame_->Push(eax);
       ToBoolean(&pop_and_continue, &exit);
       Branch(false, &exit);
 
       // Pop the result of evaluating the first part.
       __ bind(&pop_and_continue);
-      __ pop(eax);
+      frame_->Pop(eax);
 
       // Evaluate right side expression.
       __ bind(&is_true);
       Load(node->right());
 
       // Exit (always with a materialized value).
       __ bind(&exit);
     }
 
   } else if (op == Token::OR) {
     Label is_false;
     LoadCondition(node->left(), NOT_INSIDE_TYPEOF, true_target(),
                   &is_false, false);
     if (has_cc()) {
       Branch(true, true_target());
 
       // Evaluate right side expression.
       __ bind(&is_false);
       LoadCondition(node->right(), NOT_INSIDE_TYPEOF, true_target(),
                     false_target(), false);
 
     } else {
       Label pop_and_continue, exit;
 
       // Avoid popping the result if it converts to 'true' using the
       // standard ToBoolean() conversion as described in ECMA-262,
       // section 9.2, page 30.
       // Duplicate the TOS value. The duplicate will be popped by ToBoolean.
-      __ mov(eax, TOS);
-      __ push(eax);
+      __ mov(eax, frame_->Top());
+      frame_->Push(eax);
       ToBoolean(&exit, &pop_and_continue);
       Branch(true, &exit);
 
       // Pop the result of evaluating the first part.
       __ bind(&pop_and_continue);
-      __ pop(eax);
+      frame_->Pop(eax);
 
       // Evaluate right side expression.
       __ bind(&is_false);
       Load(node->right());
 
       // Exit (always with a materialized value).
       __ bind(&exit);
     }
 
   } else {
@@ skipping 24 matching lines @@
     } else {
       Load(node->left());
       Load(node->right());
       GenericBinaryOperation(node->op(), overwrite_mode);
     }
   }
 }
 
 
 void CodeGenerator::VisitThisFunction(ThisFunction* node) {
-  __ push(FunctionOperand());
+  frame_->Push(frame_->Function());
 }
 
 
 class InstanceofStub: public CodeStub {
  public:
   InstanceofStub() { }
 
   void Generate(MacroAssembler* masm);
 
  private:
@@ skipping 18 matching lines @@
   bool left_is_null =
     left->AsLiteral() != NULL && left->AsLiteral()->IsNull();
   bool right_is_null =
     right->AsLiteral() != NULL && right->AsLiteral()->IsNull();
 
   if (op == Token::EQ || op == Token::EQ_STRICT) {
     // The 'null' value is only equal to 'null' or 'undefined'.
     if (left_is_null || right_is_null) {
       Load(left_is_null ? right : left);
       Label exit, undetectable;
-      __ pop(eax);
+      frame_->Pop(eax);
       __ cmp(eax, Factory::null_value());
 
       // The 'null' value is only equal to 'undefined' if using
       // non-strict comparisons.
       if (op != Token::EQ_STRICT) {
         __ j(equal, &exit);
         __ cmp(eax, Factory::undefined_value());
 
         // NOTE: it can be an undetectable object.
         __ j(equal, &exit);
@@ skipping 23 matching lines @@
 
   UnaryOperation* operation = left->AsUnaryOperation();
   if ((op == Token::EQ || op == Token::EQ_STRICT) &&
       (operation != NULL && operation->op() == Token::TYPEOF) &&
       (right->AsLiteral() != NULL &&
        right->AsLiteral()->handle()->IsString())) {
     Handle<String> check(String::cast(*right->AsLiteral()->handle()));
 
     // Load the operand, move it to register edx, and restore TOS.
     LoadTypeofExpression(operation->expression());
-    __ pop(edx);
+    frame_->Pop(edx);
 
     if (check->Equals(Heap::number_symbol())) {
       __ test(edx, Immediate(kSmiTagMask));
       __ j(zero, true_target());
       __ mov(edx, FieldOperand(edx, HeapObject::kMapOffset));
       __ cmp(edx, Factory::heap_number_map());
       cc_reg_ = equal;
 
     } else if (check->Equals(Heap::string_symbol())) {
       __ test(edx, Immediate(kSmiTagMask));
@@ skipping 86 matching lines @@
     case Token::LTE:
       cc = less_equal;
       break;
     case Token::GTE:
       cc = greater_equal;
       break;
     case Token::IN: {
       Load(left);
       Load(right);
       __ InvokeBuiltin(Builtins::IN, CALL_FUNCTION);
-      __ push(eax);  // push the result
+      frame_->Push(eax);  // push the result
       return;
     }
     case Token::INSTANCEOF: {
       Load(left);
       Load(right);
       InstanceofStub stub;
       __ CallStub(&stub);
       __ test(eax, Operand(eax));
       cc_reg_ = zero;
       return;
@@ skipping 24 matching lines @@
 void CodeGenerator::RecordStatementPosition(Node* node) {
   if (FLAG_debug_info) {
     int pos = node->statement_pos();
     if (pos != RelocInfo::kNoPosition) {
       __ RecordStatementPosition(pos);
     }
   }
 }
 
 
-void CodeGenerator::EnterJSFrame() {
+void VirtualFrame::Enter() {
+  Comment cmnt(masm_, "[ Enter JS frame");
   __ push(ebp);
   __ mov(ebp, Operand(esp));
 
   // Store the context and the function in the frame.
   __ push(esi);
   __ push(edi);
 
   // Clear the function slot when generating debug code.
   if (FLAG_debug_code) {
     __ Set(edi, Immediate(reinterpret_cast<int>(kZapValue)));
   }
 }
 
 
-void CodeGenerator::ExitJSFrame() {
+void VirtualFrame::Exit() {
+  Comment cmnt(masm_, "[ Exit JS frame");
   // Record the location of the JS exit code for patching when setting
   // break point.
   __ RecordJSReturn();
 
   // Avoid using the leave instruction here, because it is too
   // short. We need the return sequence to be a least the size of a
   // call instruction to support patching the exit code in the
   // debugger. See VisitReturnStatement for the full return sequence.
   __ mov(esp, Operand(ebp));
   __ pop(ebp);
@@ skipping 19 matching lines @@
     ASSERT(raw_name != NULL);
     return Handle<String>(String::cast(*raw_name->handle()));
   }
 }
 
 
 void Reference::GetValue(TypeofState typeof_state) {
   ASSERT(!is_illegal());
   ASSERT(!cgen_->has_cc());
   MacroAssembler* masm = cgen_->masm();
+  VirtualFrame* frame = cgen_->frame();
   switch (type_) {
     case SLOT: {
       Comment cmnt(masm, "[ Load from Slot");
       Slot* slot = expression_->AsVariableProxy()->AsVariable()->slot();
       ASSERT(slot != NULL);
       cgen_->LoadFromSlot(slot, typeof_state);
       break;
     }
 
     case NAMED: {
       // TODO(1241834): Make sure that this it is safe to ignore the
       // distinction between expressions in a typeof and not in a typeof. If
       // there is a chance that reference errors can be thrown below, we
       // must distinguish between the two kinds of loads (typeof expression
       // loads must not throw a reference error).
       Comment cmnt(masm, "[ Load from named Property");
       Handle<String> name(GetName());
       Handle<Code> ic(Builtins::builtin(Builtins::LoadIC_Initialize));
       // Setup the name register.
       __ mov(ecx, name);
 
       Variable* var = expression_->AsVariableProxy()->AsVariable();
       if (var != NULL) {
         ASSERT(var->is_global());
         __ call(ic, RelocInfo::CODE_TARGET_CONTEXT);
       } else {
         __ call(ic, RelocInfo::CODE_TARGET);
       }
-      __ push(eax);  // IC call leaves result in eax, push it out
+      frame->Push(eax);  // IC call leaves result in eax, push it out
       break;
     }
 
     case KEYED: {
       // TODO(1241834): Make sure that this it is safe to ignore the
       // distinction between expressions in a typeof and not in a typeof.
       Comment cmnt(masm, "[ Load from keyed Property");
       Property* property = expression_->AsProperty();
       ASSERT(property != NULL);
       __ RecordPosition(property->position());
       Handle<Code> ic(Builtins::builtin(Builtins::KeyedLoadIC_Initialize));
 
       Variable* var = expression_->AsVariableProxy()->AsVariable();
       if (var != NULL) {
         ASSERT(var->is_global());
         __ call(ic, RelocInfo::CODE_TARGET_CONTEXT);
       } else {
         __ call(ic, RelocInfo::CODE_TARGET);
       }
-      __ push(eax);  // IC call leaves result in eax, push it out
+      frame->Push(eax);  // IC call leaves result in eax, push it out
       break;
     }
 
     default:
       UNREACHABLE();
   }
 }
 
 
 void Reference::SetValue(InitState init_state) {
   ASSERT(!is_illegal());
   ASSERT(!cgen_->has_cc());
   MacroAssembler* masm = cgen_->masm();
+  VirtualFrame* frame = cgen_->frame();
   switch (type_) {
     case SLOT: {
       Comment cmnt(masm, "[ Store to Slot");
       Slot* slot = expression_->AsVariableProxy()->AsVariable()->slot();
       ASSERT(slot != NULL);
       if (slot->type() == Slot::LOOKUP) {
         ASSERT(slot->var()->mode() == Variable::DYNAMIC);
 
         // For now, just do a runtime call.
-        __ push(esi);
-        __ push(Immediate(slot->var()->name()));
+        frame->Push(esi);
+        frame->Push(Immediate(slot->var()->name()));
 
         if (init_state == CONST_INIT) {
           // Same as the case for a normal store, but ignores attribute
           // (e.g. READ_ONLY) of context slot so that we can initialize
           // const properties (introduced via eval("const foo = (some
           // expr);")). Also, uses the current function context instead of
           // the top context.
           //
           // Note that we must declare the foo upon entry of eval(), via a
           // context slot declaration, but we cannot initialize it at the
           // same time, because the const declaration may be at the end of
           // the eval code (sigh...) and the const variable may have been
           // used before (where its value is 'undefined'). Thus, we can only
           // do the initialization when we actually encounter the expression
           // and when the expression operands are defined and valid, and
           // thus we need the split into 2 operations: declaration of the
           // context slot followed by initialization.
           __ CallRuntime(Runtime::kInitializeConstContextSlot, 3);
         } else {
           __ CallRuntime(Runtime::kStoreContextSlot, 3);
         }
         // Storing a variable must keep the (new) value on the expression
         // stack. This is necessary for compiling chained assignment
         // expressions.
-        __ push(eax);
+        frame->Push(eax);
 
       } else {
         ASSERT(slot->var()->mode() != Variable::DYNAMIC);
 
         Label exit;
         if (init_state == CONST_INIT) {
           ASSERT(slot->var()->mode() == Variable::CONST);
           // Only the first const initialization must be executed (the slot
           // still contains 'the hole' value). When the assignment is
           // executed, the code is identical to a normal store (see below).
           Comment cmnt(masm, "[ Init const");
           __ mov(eax, cgen_->SlotOperand(slot, ecx));
           __ cmp(eax, Factory::the_hole_value());
           __ j(not_equal, &exit);
         }
 
         // We must execute the store.  Storing a variable must keep the
         // (new) value on the stack. This is necessary for compiling
         // assignment expressions.
         //
         // Note: We will reach here even with slot->var()->mode() ==
         // Variable::CONST because of const declarations which will
         // initialize consts to 'the hole' value and by doing so, end up
         // calling this code.
         __ pop(eax);
         __ mov(cgen_->SlotOperand(slot, ecx), eax);
-        __ push(eax);  // RecordWrite may destroy the value in eax.
+        frame->Push(eax);  // RecordWrite may destroy the value in eax.
         if (slot->type() == Slot::CONTEXT) {
           // ecx is loaded with context when calling SlotOperand above.
           int offset = FixedArray::kHeaderSize + slot->index() * kPointerSize;
           __ RecordWrite(ecx, offset, eax, ebx);
         }
         // If we definitely did not jump over the assignment, we do not need
         // to bind the exit label.  Doing so can defeat peephole
         // optimization.
         if (init_state == CONST_INIT) __ bind(&exit);
       }
       break;
     }
 
     case NAMED: {
       Comment cmnt(masm, "[ Store to named Property");
       // Call the appropriate IC code.
       Handle<String> name(GetName());
       Handle<Code> ic(Builtins::builtin(Builtins::StoreIC_Initialize));
       // TODO(1222589): Make the IC grab the values from the stack.
       __ pop(eax);
       // Setup the name register.
       __ mov(ecx, name);
       __ call(ic, RelocInfo::CODE_TARGET);
-      __ push(eax);  // IC call leaves result in eax, push it out
+      frame->Push(eax);  // IC call leaves result in eax, push it out
       break;
     }
 
     case KEYED: {
       Comment cmnt(masm, "[ Store to keyed Property");
       Property* property = expression_->AsProperty();
       ASSERT(property != NULL);
       __ RecordPosition(property->position());
       // Call IC code.
       Handle<Code> ic(Builtins::builtin(Builtins::KeyedStoreIC_Initialize));
       // TODO(1222589): Make the IC grab the values from the stack.
       __ pop(eax);
       __ call(ic, RelocInfo::CODE_TARGET);
-      __ push(eax);  // IC call leaves result in eax, push it out
+      frame->Push(eax);  // IC call leaves result in eax, push it out
       break;
     }
 
     default:
       UNREACHABLE();
   }
 }
 
 
 // NOTE: The stub does not handle the inlined cases (Smis, Booleans, undefined).
@@ skipping 1205 matching lines @@
 
   // Slow-case: Go through the JavaScript implementation.
   __ bind(&slow);
   __ InvokeBuiltin(Builtins::INSTANCE_OF, JUMP_FUNCTION);
 }
 
 
 #undef __
 
 } }  // namespace v8::internal