Finish porting jump target changes to the ARM platform. The v8 test...

src/codegen-arm.cc

 // Copyright 2006-2008 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 14 matching lines @@
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 #include "v8.h"
 
 #include "bootstrapper.h"
 #include "codegen-inl.h"
 #include "debug.h"
 #include "scopes.h"
 #include "runtime.h"
-#include "virtual-frame-arm-inl.h"
 
 namespace v8 { namespace internal {
 
 #define __ masm_->
 
 // -------------------------------------------------------------------------
 // CodeGenState implementation.
 
 CodeGenState::CodeGenState(CodeGenerator* owner)
     : owner_(owner),
@@ skipping 48 matching lines @@
 // pp: caller's parameter pointer
 // cp: callee's context
 
 void CodeGenerator::GenCode(FunctionLiteral* fun) {
   ZoneList<Statement*>* body = fun->body();
 
   // Initialize state.
   ASSERT(scope_ == NULL);
   scope_ = fun->scope();
   ASSERT(frame_ == NULL);
-  VirtualFrame virtual_frame(this);
-  frame_ = &virtual_frame;
+  set_frame(new VirtualFrame(this));
   cc_reg_ = al;
   function_return_.set_code_generator(this);
   {
     CodeGenState state(this);
 
     // Entry
     // stack: function, receiver, arguments, return address
     // r0: number of arguments
     // sp: stack pointer
     // fp: frame pointer
     // pp: caller's parameter pointer
     // cp: callee's context
 
     frame_->Enter();
     // tos: code slot
 #ifdef DEBUG
     if (strlen(FLAG_stop_at) > 0 &&
         fun->name()->IsEqualTo(CStrVector(FLAG_stop_at))) {
       __ stop("stop-at");
     }
 #endif
 
     // Allocate space for locals and initialize them.
-    frame_->AllocateLocals();
+    frame_->AllocateStackSlots(scope_->num_stack_slots());
 
     if (scope_->num_heap_slots() > 0) {
       // Allocate local context.
       // Get outer context and create a new context based on it.
       __ ldr(r0, frame_->Function());
       frame_->Push(r0);
-      __ CallRuntime(Runtime::kNewContext, 1);  // r0 holds the result
+      frame_->CallRuntime(Runtime::kNewContext, 1);  // r0 holds the result
 
       if (kDebug) {
-        Label verified_true;
+        JumpTarget verified_true(this);
         __ cmp(r0, Operand(cp));
-        __ b(eq, &verified_true);
+        verified_true.Branch(eq);
         __ stop("NewContext: r0 is expected to be the same as cp");
-        __ bind(&verified_true);
+        verified_true.Bind();
       }
       // Update context local.
       __ str(cp, frame_->Context());
     }
 
     // TODO(1241774): Improve this code:
     // 1) only needed if we have a context
     // 2) no need to recompute context ptr every single time
     // 3) don't copy parameter operand code from SlotOperand!
     {
       Comment cmnt2(masm_, "[ copy context parameters into .context");
 
       // Note that iteration order is relevant here! If we have the same
       // parameter twice (e.g., function (x, y, x)), and that parameter
       // needs to be copied into the context, it must be the last argument
       // passed to the parameter that needs to be copied. This is a rare
       // case so we don't check for it, instead we rely on the copying
       // order: such a parameter is copied repeatedly into the same
       // context location and thus the last value is what is seen inside
       // the function.
       for (int i = 0; i < scope_->num_parameters(); i++) {
         Variable* par = scope_->parameter(i);
         Slot* slot = par->slot();
         if (slot != NULL && slot->type() == Slot::CONTEXT) {
           ASSERT(!scope_->is_global_scope());  // no parameters in global scope
-          __ ldr(r1, frame_->Parameter(i));
+          __ ldr(r1, frame_->ParameterAt(i));
           // Loads r2 with context; used below in RecordWrite.
           __ str(r1, SlotOperand(slot, r2));
           // Load the offset into r3.
           int slot_offset =
               FixedArray::kHeaderSize + slot->index() * kPointerSize;
           __ mov(r3, Operand(slot_offset));
           __ RecordWrite(r2, r3, r1);
         }
       }
     }
 
     // Store the arguments object.  This must happen after context
     // initialization because the arguments object may be stored in the
     // context.
     if (scope_->arguments() != NULL) {
       ASSERT(scope_->arguments_shadow() != NULL);
       Comment cmnt(masm_, "[ allocate arguments object");
       { Reference shadow_ref(this, scope_->arguments_shadow());
         { Reference arguments_ref(this, scope_->arguments());
           ArgumentsAccessStub stub(ArgumentsAccessStub::NEW_OBJECT);
           __ ldr(r2, frame_->Function());
           // The receiver is below the arguments, the return address,
           // and the frame pointer on the stack.
           const int kReceiverDisplacement = 2 + scope_->num_parameters();
           __ add(r1, fp, Operand(kReceiverDisplacement * kPointerSize));
           __ mov(r0, Operand(Smi::FromInt(scope_->num_parameters())));
+          frame_->Adjust(3);
           __ stm(db_w, sp, r0.bit() | r1.bit() | r2.bit());
-          __ CallStub(&stub);
+          frame_->CallStub(&stub, 3);
           frame_->Push(r0);
           arguments_ref.SetValue(NOT_CONST_INIT);
         }
         shadow_ref.SetValue(NOT_CONST_INIT);
       }
-      frame_->Pop();  // Value is no longer needed.
+      frame_->Drop();  // Value is no longer needed.
     }
 
     // Generate code to 'execute' declarations and initialize functions
     // (source elements). In case of an illegal redeclaration we need to
     // handle that instead of processing the declarations.
     if (scope_->HasIllegalRedeclaration()) {
       Comment cmnt(masm_, "[ illegal redeclarations");
       scope_->VisitIllegalRedeclaration(this);
     } else {
       Comment cmnt(masm_, "[ declarations");
       ProcessDeclarations(scope_->declarations());
       // Bail out if a stack-overflow exception occurred when processing
       // declarations.
       if (HasStackOverflow()) return;
     }
 
     if (FLAG_trace) {
-      __ CallRuntime(Runtime::kTraceEnter, 0);
+      frame_->CallRuntime(Runtime::kTraceEnter, 0);
       // Ignore the return value.
     }
     CheckStack();
 
     // Compile the body of the function in a vanilla state. Don't
     // bother compiling all the code if the scope has an illegal
     // redeclaration.
     if (!scope_->HasIllegalRedeclaration()) {
       Comment cmnt(masm_, "[ function body");
 #ifdef DEBUG
       bool is_builtin = Bootstrapper::IsActive();
       bool should_trace =
           is_builtin ? FLAG_trace_builtin_calls : FLAG_trace_calls;
       if (should_trace) {
-        __ CallRuntime(Runtime::kDebugTrace, 0);
+        frame_->CallRuntime(Runtime::kDebugTrace, 0);
         // Ignore the return value.
       }
 #endif
       VisitStatements(body);
     }
   }
 
-  // exit
-  // r0: result
-  // sp: stack pointer
-  // fp: frame pointer
-  // pp: parameter pointer
-  // cp: callee's context
-  __ mov(r0, Operand(Factory::undefined_value()));
+  // Generate the return sequence if necessary.
+  if (frame_ != NULL || function_return_.is_linked()) {
+    // exit
+    // r0: result
+    // sp: stack pointer
+    // fp: frame pointer
+    // pp: parameter pointer
+    // cp: callee's context
+    __ mov(r0, Operand(Factory::undefined_value()));
 
-  function_return_.Bind();
-  if (FLAG_trace) {
-    // Push the return value on the stack as the parameter.
-    // Runtime::TraceExit returns the parameter as it is.
-    frame_->Push(r0);
-    __ CallRuntime(Runtime::kTraceExit, 1);
+    function_return_.Bind();
+    if (FLAG_trace) {
+      // Push the return value on the stack as the parameter.
+      // Runtime::TraceExit returns the parameter as it is.
+      frame_->Push(r0);
+      frame_->CallRuntime(Runtime::kTraceExit, 1);
+    }
+
+    // Tear down the frame which will restore the caller's frame pointer and
+    // the link register.
+    frame_->Exit();
+
+    __ add(sp, sp, Operand((scope_->num_parameters() + 1) * kPointerSize));
+    __ mov(pc, lr);
   }
 
-  // Tear down the frame which will restore the caller's frame pointer and the
-  // link register.
-  frame_->Exit();
-
-  __ add(sp, sp, Operand((scope_->num_parameters() + 1) * kPointerSize));
-  __ mov(pc, lr);
-
   // Code generation state must be reset.
   scope_ = NULL;
   frame_ = NULL;
   ASSERT(!has_cc());
   ASSERT(state_ == NULL);
 }
 
 
 MemOperand CodeGenerator::SlotOperand(Slot* slot, Register tmp) {
   // Currently, this assertion will fail if we try to assign to
   // a constant variable that is constant because it is read-only
   // (such as the variable referring to a named function expression).
   // We need to implement assignments to read-only variables.
   // Ideally, we should do this during AST generation (by converting
   // such assignments into expression statements); however, in general
   // we may not be able to make the decision until past AST generation,
   // that is when the entire program is known.
   ASSERT(slot != NULL);
   int index = slot->index();
   switch (slot->type()) {
     case Slot::PARAMETER:
-      return frame_->Parameter(index);
+      return frame_->ParameterAt(index);
 
     case Slot::LOCAL:
-      return frame_->Local(index);
+      return frame_->LocalAt(index);
 
     case Slot::CONTEXT: {
       // Follow the context chain if necessary.
       ASSERT(!tmp.is(cp));  // do not overwrite context register
       Register context = cp;
       int chain_length = scope()->ContextChainLength(slot->var()->scope());
       for (int i = chain_length; i-- > 0;) {
         // Load the closure.
         // (All contexts, even 'with' contexts, have a closure,
         // and it is the same for all contexts inside a function.
@@ skipping 30 matching lines @@
 void CodeGenerator::LoadCondition(Expression* x,
                                   TypeofState typeof_state,
                                   JumpTarget* true_target,
                                   JumpTarget* false_target,
                                   bool force_cc) {
   ASSERT(!has_cc());
 
   { CodeGenState new_state(this, typeof_state, true_target, false_target);
     Visit(x);
   }
-  if (force_cc && !has_cc()) {
+  if (force_cc && frame_ != NULL && !has_cc()) {
     // Convert the TOS value to a boolean in the condition code register.
-    // Visiting an expression may possibly choose neither (a) to leave a
-    // value in the condition code register nor (b) to leave a value in TOS
-    // (eg, by compiling to only jumps to the targets).  In that case the
-    // code generated by ToBoolean is wrong because it assumes the value of
-    // the expression in TOS.  So long as there is always a value in TOS or
-    // the condition code register when control falls through to here (there
-    // is), the code generated by ToBoolean is dead and therefore safe.
     ToBoolean(true_target, false_target);
   }
-  ASSERT(has_cc() || !force_cc);
+  ASSERT(!force_cc || frame_ == NULL || has_cc());
 }
 
 
 void CodeGenerator::Load(Expression* x, TypeofState typeof_state) {
   JumpTarget true_target(this);
   JumpTarget false_target(this);
   LoadCondition(x, typeof_state, &true_target, &false_target, false);
 
   if (has_cc()) {
-    // convert cc_reg_ into a bool
-    Label loaded, materialize_true;
-    __ b(cc_reg_, &materialize_true);
+    // Convert cc_reg_ into a boolean value.
+    JumpTarget loaded(this);
+    JumpTarget materialize_true(this);
+    materialize_true.Branch(cc_reg_);
     __ mov(r0, Operand(Factory::false_value()));
     frame_->Push(r0);
-    __ b(&loaded);
-    __ bind(&materialize_true);
+    loaded.Jump();
+    materialize_true.Bind();
     __ mov(r0, Operand(Factory::true_value()));
     frame_->Push(r0);
-    __ bind(&loaded);
+    loaded.Bind();
     cc_reg_ = al;
   }
 
   if (true_target.is_linked() || false_target.is_linked()) {
-    // we have at least one condition value
-    // that has been "translated" into a branch,
-    // thus it needs to be loaded explicitly again
-    Label loaded;
-    __ b(&loaded);  // don't lose current TOS
+    // We have at least one condition value that has been "translated"
+    // into a branch, thus it needs to be loaded explicitly.
+    JumpTarget loaded(this);
+    if (frame_ != NULL) {
+      loaded.Jump();  // Don't lose the current TOS.
+    }
     bool both = true_target.is_linked() && false_target.is_linked();
-    // reincarnate "true", if necessary
+    // Load "true" if necessary.
     if (true_target.is_linked()) {
       true_target.Bind();
       __ mov(r0, Operand(Factory::true_value()));
       frame_->Push(r0);
     }
-    // if both "true" and "false" need to be reincarnated,
-    // jump across code for "false"
-    if (both)
-      __ b(&loaded);
-    // reincarnate "false", if necessary
+    // If both "true" and "false" need to be loaded jump across the code for
+    // "false".
+    if (both) {
+      loaded.Jump();
+    }
+    // Load "false" if necessary.
     if (false_target.is_linked()) {
       false_target.Bind();
       __ mov(r0, Operand(Factory::false_value()));
       frame_->Push(r0);
     }
-    // everything is loaded at this point
-    __ bind(&loaded);
+    // A value is loaded on all paths reaching this point.
+    loaded.Bind();
   }
+  ASSERT(frame_ != NULL);
   ASSERT(!has_cc());
 }
 
 
 void CodeGenerator::LoadGlobal() {
   __ ldr(r0, GlobalObject());
   frame_->Push(r0);
 }
 
 
@@ skipping 67 matching lines @@
     if (var->is_global()) {
       LoadGlobal();
       ref->set_type(Reference::NAMED);
     } else {
       ASSERT(var->slot() != NULL);
       ref->set_type(Reference::SLOT);
     }
   } else {
     // Anything else is a runtime error.
     Load(e);
-    __ CallRuntime(Runtime::kThrowReferenceError, 1);
+    frame_->CallRuntime(Runtime::kThrowReferenceError, 1);
   }
 }
 
 
 void CodeGenerator::UnloadReference(Reference* ref) {
   // Pop a reference from the stack while preserving TOS.
   Comment cmnt(masm_, "[ UnloadReference");
   int size = ref->size();
   if (size > 0) {
     frame_->Pop(r0);
@@ skipping 27 matching lines @@
   false_target->Branch(eq);
 
   // Check if the value is a smi.
   __ cmp(r0, Operand(Smi::FromInt(0)));
   false_target->Branch(eq);
   __ tst(r0, Operand(kSmiTagMask));
   true_target->Branch(eq);
 
   // Slow case: call the runtime.
   frame_->Push(r0);
-  __ CallRuntime(Runtime::kToBool, 1);
+  frame_->CallRuntime(Runtime::kToBool, 1);
   // Convert the result (r0) to a condition code.
   __ cmp(r0, Operand(Factory::false_value()));
 
   cc_reg_ = ne;
 }
 
 
 class GetPropertyStub : public CodeStub {
  public:
   GetPropertyStub() { }
@@ skipping 84 matching lines @@
     case Token::MUL:
     case Token::BIT_OR:
     case Token::BIT_AND:
     case Token::BIT_XOR:
     case Token::SHL:
     case Token::SHR:
     case Token::SAR: {
       frame_->Pop(r0);  // r0 : y
       frame_->Pop(r1);  // r1 : x
       GenericBinaryOpStub stub(op);
-      __ CallStub(&stub);
+      frame_->CallStub(&stub, 0);
       break;
     }
 
     case Token::DIV: {
       __ mov(r0, Operand(1));
-      __ InvokeBuiltin(Builtins::DIV, CALL_JS);
+      frame_->InvokeBuiltin(Builtins::DIV, CALL_JS, 2);
       break;
     }
 
     case Token::MOD: {
       __ mov(r0, Operand(1));
-      __ InvokeBuiltin(Builtins::MOD, CALL_JS);
+      frame_->InvokeBuiltin(Builtins::MOD, CALL_JS, 2);
       break;
     }
 
     case Token::COMMA:
       frame_->Pop(r0);
       // simply discard left value
-      frame_->Pop();
+      frame_->Drop();
       break;
 
     default:
       // Other cases should have been handled before this point.
       UNREACHABLE();
       break;
   }
 }
 
 
@@ skipping 80 matching lines @@
   // some possible smi operations (like + and -) when (at least) one
   // of the operands is a literal smi. With this optimization, the
   // performance of the system is increased by ~15%, and the generated
   // code size is increased by ~1% (measured on a combination of
   // different benchmarks).
 
   // sp[0] : operand
 
   int int_value = Smi::cast(*value)->value();
 
-  Label exit;
+  JumpTarget exit(this);
   frame_->Pop(r0);
 
   switch (op) {
     case Token::ADD: {
       DeferredCode* deferred =
         new DeferredInlinedSmiOperation(this, op, int_value, reversed);
 
       __ add(r0, r0, Operand(value), SetCC);
       __ b(vs, deferred->enter());
       __ tst(r0, Operand(kSmiTagMask));
@@ skipping 96 matching lines @@
         frame_->Push(r0);
       } else {
         __ mov(ip, Operand(value));
         frame_->Push(ip);
         frame_->Push(r0);
       }
       GenericBinaryOperation(op);
       break;
   }
 
-  __ bind(&exit);
+  exit.Bind();
 }
 
 
 void CodeGenerator::Comparison(Condition cc, bool strict) {
   // sp[0] : y
   // sp[1] : x
   // result : cc register
 
   // Strict only makes sense for equality comparisons.
   ASSERT(!strict || cc == eq);
 
-  Label exit, smi;
+  JumpTarget exit(this);
+  JumpTarget smi(this);
   // Implement '>' and '<=' by reversal to obtain ECMA-262 conversion order.
   if (cc == gt || cc == le) {
     cc = ReverseCondition(cc);
     frame_->Pop(r1);
     frame_->Pop(r0);
   } else {
     frame_->Pop(r0);
     frame_->Pop(r1);
   }
   __ orr(r2, r0, Operand(r1));
   __ tst(r2, Operand(kSmiTagMask));
-  __ b(eq, &smi);
+  smi.Branch(eq);
 
   // Perform non-smi comparison by runtime call.
   frame_->Push(r1);
 
   // Figure out which native to call and setup the arguments.
   Builtins::JavaScript native;
-  int argc;
+  int arg_count = 1;
   if (cc == eq) {
     native = strict ? Builtins::STRICT_EQUALS : Builtins::EQUALS;
-    argc = 1;
   } else {
     native = Builtins::COMPARE;
     int ncr;  // NaN compare result
     if (cc == lt || cc == le) {
       ncr = GREATER;
     } else {
       ASSERT(cc == gt || cc == ge);  // remaining cases
       ncr = LESS;
     }
     frame_->Push(r0);
+    arg_count++;
     __ mov(r0, Operand(Smi::FromInt(ncr)));
-    argc = 2;
   }
 
   // Call the native; it returns -1 (less), 0 (equal), or 1 (greater)
   // tagged as a small integer.
   frame_->Push(r0);
-  __ mov(r0, Operand(argc));
-  __ InvokeBuiltin(native, CALL_JS);
+  __ mov(r0, Operand(arg_count));
+  frame_->InvokeBuiltin(native, CALL_JS, arg_count + 1);
   __ cmp(r0, Operand(0));
-  __ b(&exit);
+  exit.Jump();
 
   // test smi equality by pointer comparison.
-  __ bind(&smi);
+  smi.Bind();
   __ cmp(r1, Operand(r0));
 
-  __ bind(&exit);
+  exit.Bind();
   cc_reg_ = cc;
 }
 
 
 class CallFunctionStub: public CodeStub {
  public:
   explicit CallFunctionStub(int argc) : argc_(argc) {}
 
   void Generate(MacroAssembler* masm);
 
  private:
   int argc_;
 
 #if defined(DEBUG)
   void Print() { PrintF("CallFunctionStub (argc %d)\n", argc_); }
 #endif  // defined(DEBUG)
 
   Major MajorKey() { return CallFunction; }
   int MinorKey() { return argc_; }
 };
 
 
 // Call the function on the stack with the given arguments.
 void CodeGenerator::CallWithArguments(ZoneList<Expression*>* args,
                                          int position) {
   // Push the arguments ("left-to-right") on the stack.
-  for (int i = 0; i < args->length(); i++) {
+  int arg_count = args->length();
+  for (int i = 0; i < arg_count; i++) {
     Load(args->at(i));
   }
 
   // Record the position for debugging purposes.
   __ RecordPosition(position);
 
   // Use the shared code stub to call the function.
-  CallFunctionStub call_function(args->length());
-  __ CallStub(&call_function);
+  CallFunctionStub call_function(arg_count);
+  frame_->CallStub(&call_function, arg_count + 1);
 
   // Restore context and pop function from the stack.
   __ ldr(cp, frame_->Context());
-  frame_->Pop();  // discard the TOS
+  frame_->Drop();  // discard the TOS
 }
 
 
 void CodeGenerator::Branch(bool if_true, JumpTarget* target) {
   ASSERT(has_cc());
   Condition cc = if_true ? cc_reg_ : NegateCondition(cc_reg_);
   target->Branch(cc);
   cc_reg_ = al;
 }
 
 
 void CodeGenerator::CheckStack() {
   if (FLAG_check_stack) {
     Comment cmnt(masm_, "[ check stack");
     StackCheckStub stub;
-    __ CallStub(&stub);
+    frame_->CallStub(&stub, 0);
+  }
+}
+
+
+void CodeGenerator::VisitStatements(ZoneList<Statement*>* statements) {
+  for (int i = 0; frame_ != NULL && i < statements->length(); i++) {
+    Visit(statements->at(i));
   }
 }
 
 
 void CodeGenerator::VisitBlock(Block* node) {
   Comment cmnt(masm_, "[ Block");
   if (FLAG_debug_info) RecordStatementPosition(node);
   node->set_break_stack_height(break_stack_height_);
   node->break_target()->set_code_generator(this);
   VisitStatements(node->statements());
-  node->break_target()->Bind();
+  if (node->break_target()->is_linked()) {
+    node->break_target()->Bind();
+  }
 }
 
 
 void CodeGenerator::DeclareGlobals(Handle<FixedArray> pairs) {
   __ mov(r0, Operand(pairs));
   frame_->Push(r0);
   frame_->Push(cp);
   __ mov(r0, Operand(Smi::FromInt(is_eval() ? 1 : 0)));
   frame_->Push(r0);
-  __ CallRuntime(Runtime::kDeclareGlobals, 3);
+  frame_->CallRuntime(Runtime::kDeclareGlobals, 3);
   // The result is discarded.
 }
 
 
 void CodeGenerator::VisitDeclaration(Declaration* node) {
   Comment cmnt(masm_, "[ Declaration");
   Variable* var = node->proxy()->var();
   ASSERT(var != NULL);  // must have been resolved
   Slot* slot = var->slot();
 
@@ skipping 19 matching lines @@
     // must not destroy the current value.
     if (node->mode() == Variable::CONST) {
       __ mov(r0, Operand(Factory::the_hole_value()));
       frame_->Push(r0);
     } else if (node->fun() != NULL) {
       Load(node->fun());
     } else {
       __ mov(r0, Operand(0));  // no initial value!
       frame_->Push(r0);
     }
-    __ CallRuntime(Runtime::kDeclareContextSlot, 4);
+    frame_->CallRuntime(Runtime::kDeclareContextSlot, 4);
     // Ignore the return value (declarations are statements).
     return;
   }
 
   ASSERT(!var->is_global());
 
   // If we have a function or a constant, we need to initialize the variable.
   Expression* val = NULL;
   if (node->mode() == Variable::CONST) {
     val = new Literal(Factory::the_hole_value());
   } else {
     val = node->fun();  // NULL if we don't have a function
   }
 
   if (val != NULL) {
     // Set initial value.
     Reference target(this, node->proxy());
     ASSERT(target.is_slot());
     Load(val);
     target.SetValue(NOT_CONST_INIT);
     // Get rid of the assigned value (declarations are statements).  It's
     // safe to pop the value lying on top of the reference before unloading
     // the reference itself (which preserves the top of stack) because we
     // know it is a zero-sized reference.
-    frame_->Pop();
+    frame_->Drop();
   }
 }
 
 
 void CodeGenerator::VisitExpressionStatement(ExpressionStatement* node) {
   Comment cmnt(masm_, "[ ExpressionStatement");
   if (FLAG_debug_info) RecordStatementPosition(node);
   Expression* expression = node->expression();
   expression->MarkAsStatement();
   Load(expression);
-  frame_->Pop();
+  frame_->Drop();
 }
 
 
 void CodeGenerator::VisitEmptyStatement(EmptyStatement* node) {
   Comment cmnt(masm_, "// EmptyStatement");
   // nothing to do
 }
 
 
 void CodeGenerator::VisitIfStatement(IfStatement* node) {
   Comment cmnt(masm_, "[ IfStatement");
-  // Generate different code depending on which
-  // parts of the if statement are present or not.
+  // Generate different code depending on which parts of the if statement
+  // are present or not.
   bool has_then_stm = node->HasThenStatement();
   bool has_else_stm = node->HasElseStatement();
 
   if (FLAG_debug_info) RecordStatementPosition(node);
 
   JumpTarget exit(this);
   if (has_then_stm && has_else_stm) {
     Comment cmnt(masm_, "[ IfThenElse");
     JumpTarget then(this);
     JumpTarget else_(this);
     // if (cond)
     LoadCondition(node->condition(), NOT_INSIDE_TYPEOF, &then, &else_, true);
-    Branch(false, &else_);
+    if (frame_ != NULL) {
+      Branch(false, &else_);
+    }
     // then
-    then.Bind();
-    Visit(node->then_statement());
-    exit.Jump();
+    if (frame_ != NULL || then.is_linked()) {
+      then.Bind();
+      Visit(node->then_statement());
+    }
+    if (frame_ != NULL) {
+      exit.Jump();
+    }
     // else
-    else_.Bind();
-    Visit(node->else_statement());
+    if (else_.is_linked()) {
+      else_.Bind();
+      Visit(node->else_statement());
+    }
 
   } else if (has_then_stm) {
     Comment cmnt(masm_, "[ IfThen");
     ASSERT(!has_else_stm);
     JumpTarget then(this);
     // if (cond)
     LoadCondition(node->condition(), NOT_INSIDE_TYPEOF, &then, &exit, true);
-    Branch(false, &exit);
+    if (frame_ != NULL) {
+      Branch(false, &exit);
+    }
     // then
-    then.Bind();
-    Visit(node->then_statement());
+    if (frame_ != NULL || then.is_linked()) {
+      then.Bind();
+      Visit(node->then_statement());
+    }
 
   } else if (has_else_stm) {
     Comment cmnt(masm_, "[ IfElse");
     ASSERT(!has_then_stm);
     JumpTarget else_(this);
     // if (!cond)
     LoadCondition(node->condition(), NOT_INSIDE_TYPEOF, &exit, &else_, true);
-    Branch(true, &exit);
+    if (frame_ != NULL) {
+      Branch(true, &exit);
+    }
     // else
-    else_.Bind();
-    Visit(node->else_statement());
+    if (frame_ != NULL || else_.is_linked()) {
+      else_.Bind();
+      Visit(node->else_statement());
+    }
 
   } else {
     Comment cmnt(masm_, "[ If");
     ASSERT(!has_then_stm && !has_else_stm);
     // if (cond)
     LoadCondition(node->condition(), NOT_INSIDE_TYPEOF, &exit, &exit, false);
-    if (has_cc()) {
-      cc_reg_ = al;
-    } else {
-      frame_->Pop();
+    if (frame_ != NULL) {
+      if (has_cc()) {
+        cc_reg_ = al;
+      } else {
+        frame_->Drop();
+      }
     }
   }
 
   // end
-  exit.Bind();
+  if (exit.is_linked()) {
+    exit.Bind();
+  }
 }
 
 
 void CodeGenerator::CleanStack(int num_bytes) {
   ASSERT(num_bytes % kPointerSize == 0);
   frame_->Drop(num_bytes / kPointerSize);
 }
 
 
 void CodeGenerator::VisitContinueStatement(ContinueStatement* node) {
@@ skipping 20 matching lines @@
   frame_->Pop(r0);
 
   function_return_.Jump();
 }
 
 
 void CodeGenerator::VisitWithEnterStatement(WithEnterStatement* node) {
   Comment cmnt(masm_, "[ WithEnterStatement");
   if (FLAG_debug_info) RecordStatementPosition(node);
   Load(node->expression());
-  __ CallRuntime(Runtime::kPushContext, 1);
+  frame_->CallRuntime(Runtime::kPushContext, 1);
   if (kDebug) {
-    Label verified_true;
+    JumpTarget verified_true(this);
     __ cmp(r0, Operand(cp));
-    __ b(eq, &verified_true);
+    verified_true.Branch(eq);
     __ stop("PushContext: r0 is expected to be the same as cp");
-    __ bind(&verified_true);
+    verified_true.Bind();
   }
   // Update context local.
   __ str(cp, frame_->Context());
 }
 
 
 void CodeGenerator::VisitWithExitStatement(WithExitStatement* node) {
   Comment cmnt(masm_, "[ WithExitStatement");
   // Pop context.
   __ ldr(cp, ContextOperand(cp, Context::PREVIOUS_INDEX));
@@ skipping 17 matching lines @@
     int range,
     JumpTarget* fail_label,
     Vector<JumpTarget*> case_targets,
     Vector<JumpTarget> case_labels) {
 
   ASSERT(kSmiTag == 0 && kSmiTagSize <= 2);
 
   frame_->Pop(r0);
 
   // Test for a Smi value in a HeapNumber.
-  Label is_smi;
+  JumpTarget is_smi(this);
   __ tst(r0, Operand(kSmiTagMask));
-  __ b(eq, &is_smi);
+  is_smi.Branch(eq);
   __ ldr(r1, MemOperand(r0, HeapObject::kMapOffset - kHeapObjectTag));
   __ ldrb(r1, MemOperand(r1, Map::kInstanceTypeOffset - kHeapObjectTag));
   __ cmp(r1, Operand(HEAP_NUMBER_TYPE));
   fail_label->Branch(ne);
   frame_->Push(r0);
-  __ CallRuntime(Runtime::kNumberToSmi, 1);
-  __ bind(&is_smi);
+  frame_->CallRuntime(Runtime::kNumberToSmi, 1);
+  is_smi.Bind();
 
   if (min_index != 0) {
     // Small positive numbers can be immediate operands.
     if (min_index < 0) {
       // If min_index is Smi::kMinValue, -min_index is not a Smi.
       if (Smi::IsValid(-min_index)) {
         __ add(r0, r0, Operand(Smi::FromInt(-min_index)));
       } else {
         __ add(r0, r0, Operand(Smi::FromInt(-min_index - 1)));
         __ add(r0, r0, Operand(Smi::FromInt(1)));
       }
     } else {
       __ sub(r0, r0, Operand(Smi::FromInt(min_index)));
     }
   }
   __ tst(r0, Operand(0x80000000 | kSmiTagMask));
   fail_label->Branch(ne);
   __ cmp(r0, Operand(Smi::FromInt(range)));
   fail_label->Branch(ge);
   __ add(pc, pc, Operand(r0, LSL, 2 - kSmiTagSize));
   // One extra instruction offsets the table, so the table's start address is
   // the pc-register at the above add.
   __ stop("Unreachable: Switch table alignment");
 
   JumpTarget table_start(this);
   table_start.Bind();
   // Table containing branch operations.
   for (int i = 0; i < range; i++) {
     case_targets[i]->Jump();
+    frame_ = new VirtualFrame(table_start.expected_frame());
   }
 
   GenerateFastCaseSwitchCases(node, case_labels, &table_start);
 }
 
 
 void CodeGenerator::VisitSwitchStatement(SwitchStatement* node) {
   Comment cmnt(masm_, "[ SwitchStatement");
   if (FLAG_debug_info) RecordStatementPosition(node);
   node->set_break_stack_height(break_stack_height_);
   node->break_target()->set_code_generator(this);
 
   Load(node->tag());
 
   if (TryGenerateFastCaseSwitchStatement(node)) {
       return;
   }
 
-  JumpTarget next(this);
-  Label fall_through, default_case;
+  JumpTarget next_test(this);
+  JumpTarget fall_through(this);
+  JumpTarget default_entry(this);
+  JumpTarget default_exit(this);
   ZoneList<CaseClause*>* cases = node->cases();
   int length = cases->length();
+  CaseClause* default_clause = NULL;
 
   for (int i = 0; i < length; i++) {
     CaseClause* clause = cases->at(i);
-
-    Comment cmnt(masm_, "[ case clause");
-
     if (clause->is_default()) {
-      // Continue matching cases. The program will execute the default case's
-      // statements if it does not match any of the cases.
-      next.Jump();
-
-      // Bind the default case label, so we can branch to it when we
-      // have compared against all other cases.
-      ASSERT(default_case.is_unused());  // at most one default clause
-      __ bind(&default_case);
-    } else {
-      next.Bind();
-      next.Unuse();
-      __ ldr(r0, frame_->Top());
-      frame_->Push(r0);  // duplicate TOS
-      Load(clause->label());
-      Comparison(eq, true);
-      Branch(false, &next);
+      // Remember the default clause and compile it at the end.
+      default_clause = clause;
+      continue;
     }
 
-    // Entering the case statement for the first time. Remove the switch value
-    // from the stack.
-    frame_->Pop();
+    Comment cmnt(masm_, "[ Case clause");
+    // Compile the test.
+    next_test.Bind();
+    next_test.Unuse();
+    // Duplicate TOS.
+    __ ldr(r0, frame_->Top());
+    frame_->Push(r0);
+    Load(clause->label());
+    Comparison(eq, true);
+    Branch(false, &next_test);
 
-    // Generate code for the body.
-    // This is also the target for the fall through from the previous case's
-    // statements which has to skip over the matching code and the popping of
-    // the switch value.
-    __ bind(&fall_through);
-    fall_through.Unuse();
+    // Before entering the body from the test, remove the switch value from
+    // the stack.
+    frame_->Drop();
+
+    // Label the body so that fall through is enabled.
+    if (i > 0 && cases->at(i - 1)->is_default()) {
+      default_exit.Bind();
+    } else {
+      fall_through.Bind();
+      fall_through.Unuse();
+    }
     VisitStatements(clause->statements());
-    __ b(&fall_through);
+
+    // If control flow can fall through from the body, jump to the next body
+    // or the end of the statement.
+    if (frame_ != NULL) {
+      if (i < length - 1 && cases->at(i + 1)->is_default()) {
+        default_entry.Jump();
+      } else {
+        fall_through.Jump();
+      }
+    }
   }
 
-  next.Bind();
-  // Reached the end of the case statements without matching any of the cases.
-  if (default_case.is_bound()) {
-    // A default case exists -> execute its statements.
-    __ b(&default_case);
-  } else {
-    // Remove the switch value from the stack.
-    frame_->Pop();
+  // The final "test" removes the switch value.
+  next_test.Bind();
+  frame_->Drop();
+
+  // If there is a default clause, compile it.
+  if (default_clause != NULL) {
+    Comment cmnt(masm_, "[ Default clause");
+    default_entry.Bind();
+    VisitStatements(default_clause->statements());
+    // If control flow can fall out of the default and there is a case after
+    // it, jup to that case's body.
+    if (frame_ != NULL && default_exit.is_bound()) {
+      default_exit.Jump();
+    }
   }
 
-  __ bind(&fall_through);
-  node->break_target()->Bind();
+  if (fall_through.is_linked()) {
+    fall_through.Bind();
+  }
+
+  if (node->break_target()->is_linked()) {
+    node->break_target()->Bind();
+  }
 }
 
 
 void CodeGenerator::VisitLoopStatement(LoopStatement* node) {
   Comment cmnt(masm_, "[ LoopStatement");
   if (FLAG_debug_info) RecordStatementPosition(node);
   node->set_break_stack_height(break_stack_height_);
   node->break_target()->set_code_generator(this);
   node->continue_target()->set_code_generator(this);
 
-  // simple condition analysis
+  // Simple condition analysis.  ALWAYS_TRUE and ALWAYS_FALSE represent a
+  // known result for the test expression, with no side effects.
   enum { ALWAYS_TRUE, ALWAYS_FALSE, DONT_KNOW } info = DONT_KNOW;
   if (node->cond() == NULL) {
     ASSERT(node->type() == LoopStatement::FOR_LOOP);
     info = ALWAYS_TRUE;
   } else {
     Literal* lit = node->cond()->AsLiteral();
     if (lit != NULL) {
       if (lit->IsTrue()) {
         info = ALWAYS_TRUE;
       } else if (lit->IsFalse()) {
         info = ALWAYS_FALSE;
       }
     }
   }
 
-  JumpTarget loop(this);
-  Label entry;
+  switch (node->type()) {
+    case LoopStatement::DO_LOOP: {
+      JumpTarget body(this);
+      // Label the body.
+      if (info == ALWAYS_TRUE) {
+        node->continue_target()->Bind();
+      } else if (info == ALWAYS_FALSE) {
+        // There is no need, we will never jump back.
+      } else {
+        ASSERT(info == DONT_KNOW);
+        body.Bind();
+      }
+      CheckStack();  // TODO(1222600): ignore if body contains calls.
+      Visit(node->body());
 
-  // init
-  if (node->init() != NULL) {
-    ASSERT(node->type() == LoopStatement::FOR_LOOP);
-    Visit(node->init());
-  }
-  if (node->type() != LoopStatement::DO_LOOP && info != ALWAYS_TRUE) {
-    __ b(&entry);
+      // Compile the "test".
+      if (info == ALWAYS_TRUE) {
+        if (frame_ != NULL) {
+          // If control can fall off the end of the body, jump back to the
+          // top.
+          node->continue_target()->Jump();
+        }
+      } else if (info == ALWAYS_FALSE) {
+        // If we have a continue in the body, we only have to bind its jump
+        // target.
+        if (node->continue_target()->is_linked()) {
+          node->continue_target()->Bind();
+        }
+      } else {
+        ASSERT(info == DONT_KNOW);
+        // We have to compile the test expression if it can be reached by
+        // control flow falling out of the body or via continue.
+        if (frame_ != NULL || node->continue_target()->is_linked()) {
+          node->continue_target()->Bind();
+          LoadCondition(node->cond(), NOT_INSIDE_TYPEOF,
+                        &body, node->break_target(), true);
+          if (frame_ != NULL) {
+            // A NULL frame here indicates that control did not fall out of
+            // the test expression.
+            Branch(true, &body);
+          }
+        }
+      }
+      break;
+    }
+
+    case LoopStatement::WHILE_LOOP: {
+      JumpTarget body(this);
+      // Generate the loop header.
+      if (info == ALWAYS_TRUE) {
+        // Merely label the body with the continue target.
+        node->continue_target()->Bind();
+      } else if (info == ALWAYS_FALSE) {
+        // There is no need to even compile the test or body.
+        break;
+      } else {
+        // Compile the test labeled with the continue target and label the
+        // body with the body target.
+        ASSERT(info == DONT_KNOW);
+        node->continue_target()->Bind();
+        LoadCondition(node->cond(), NOT_INSIDE_TYPEOF,
+                      &body, node->break_target(), true);
+        if (frame_ != NULL) {
+          // A NULL frame indicates that control did not fall out of the
+          // test expression.
+          Branch(false, node->break_target());
+        }
+        if (frame_ != NULL || body.is_linked()) {
+          body.Bind();
+        }
+      }
+      if (frame_ != NULL) {
+        CheckStack();  // TODO(1222600): ignore if body contains calls.
+        Visit(node->body());
+
+        // If control flow can fall out of the body, jump back to the top.
+        if (frame_ != NULL) {
+          node->continue_target()->Jump();
+        }
+      }
+      break;
+    }
+
+    case LoopStatement::FOR_LOOP: {
+      JumpTarget loop(this);
+      JumpTarget body(this);
+      if (node->init() != NULL) {
+        Visit(node->init());
+      }
+
+      // There is no need to compile the test or body.
+      if (info == ALWAYS_FALSE) break;
+
+      // If there is no update statement, label the top of the loop with the
+      // continue target, otherwise with the loop target.
+      if (node->next() == NULL) {
+        node->continue_target()->Bind();
+      } else {
+        loop.Bind();
+      }
+
+      // If the test is always true, there is no need to compile it.
+      if (info == DONT_KNOW) {
+        LoadCondition(node->cond(), NOT_INSIDE_TYPEOF,
+                      &body, node->break_target(), true);
+        if (frame_ != NULL) {
+          Branch(false, node->break_target());
+        }
+        if (frame_ != NULL || body.is_linked()) {
+          body.Bind();
+        }
+      }
+
+      if (frame_ != NULL) {
+        CheckStack();  // TODO(1222600): ignore if body contains calls.
+        Visit(node->body());
+
+        if (node->next() == NULL) {
+          // If there is no update statement and control flow can fall out
+          // of the loop, jump directly to the continue label.
+          if (frame_ != NULL) {
+            node->continue_target()->Jump();
+          }
+        } else {
+          // If there is an update statement and control flow can reach it
+          // via falling out of the body of the loop or continuing, we
+          // compile the update statement.
+          if (frame_ != NULL || node->continue_target()->is_linked()) {
+            node->continue_target()->Bind();
+            // Record source position of the statement as this code which is
+            // after the code for the body actually belongs to the loop
+            // statement and not the body.
+            RecordStatementPosition(node);
+            __ RecordPosition(node->statement_pos());
+            ASSERT(node->type() == LoopStatement::FOR_LOOP);
+            Visit(node->next());
+            loop.Jump();
+          }
+        }
+      }
+      break;
+    }
   }
 
-  // body
-  loop.Bind();
-  Visit(node->body());
-
-  // next
-  node->continue_target()->Bind();
-  if (node->next() != NULL) {
-    // Record source position of the statement as this code which is after the
-    // code for the body actually belongs to the loop statement and not the
-    // body.
-    if (FLAG_debug_info) __ RecordPosition(node->statement_pos());
-    ASSERT(node->type() == LoopStatement::FOR_LOOP);
-    Visit(node->next());
+  if (node->break_target()->is_linked()) {
+    node->break_target()->Bind();
   }
-
-  // cond
-  __ bind(&entry);
-  switch (info) {
-    case ALWAYS_TRUE:
-      CheckStack();  // TODO(1222600): ignore if body contains calls.
-      loop.Jump();
-      break;
-    case ALWAYS_FALSE:
-      break;
-    case DONT_KNOW:
-      CheckStack();  // TODO(1222600): ignore if body contains calls.
-      LoadCondition(node->cond(),
-                    NOT_INSIDE_TYPEOF,
-                    &loop,
-                    node->break_target(),
-                    true);
-      Branch(true, &loop);
-      break;
-  }
-
-  // exit
-  node->break_target()->Bind();
 }
 
 
 void CodeGenerator::VisitForInStatement(ForInStatement* node) {
   Comment cmnt(masm_, "[ ForInStatement");
   if (FLAG_debug_info) RecordStatementPosition(node);
 
   // We keep stuff on the stack while the body is executing.
   // Record it, so that a break/continue crossing this statement
   // can restore the stack.
   const int kForInStackSize = 5 * kPointerSize;
   break_stack_height_ += kForInStackSize;
   node->set_break_stack_height(break_stack_height_);
   node->break_target()->set_code_generator(this);
   node->continue_target()->set_code_generator(this);
 
-  Label loop, next, entry, cleanup, exit, primitive, jsobject;
-  Label filter_key, end_del_check, fixed_array, non_string;
+  JumpTarget primitive(this);
+  JumpTarget jsobject(this);
+  JumpTarget fixed_array(this);
+  JumpTarget entry(this);
+  JumpTarget end_del_check(this);
+  JumpTarget cleanup(this);
+  JumpTarget exit(this);
 
   // Get the object to enumerate over (converted to JSObject).
   Load(node->enumerable());
-  frame_->Pop(r0);
 
   // Both SpiderMonkey and kjs ignore null and undefined in contrast
   // to the specification.  12.6.4 mandates a call to ToObject.
+  frame_->Pop(r0);
   __ cmp(r0, Operand(Factory::undefined_value()));
-  __ b(eq, &exit);
+  exit.Branch(eq);
   __ cmp(r0, Operand(Factory::null_value()));
-  __ b(eq, &exit);
+  exit.Branch(eq);
 
   // Stack layout in body:
   // [iteration counter (Smi)]
   // [length of array]
   // [FixedArray]
   // [Map or 0]
   // [Object]
 
   // Check if enumerable is already a JSObject
   __ tst(r0, Operand(kSmiTagMask));
-  __ b(eq, &primitive);
+  primitive.Branch(eq);
   __ ldr(r1, FieldMemOperand(r0, HeapObject::kMapOffset));
   __ ldrb(r1, FieldMemOperand(r1, Map::kInstanceTypeOffset));
   __ cmp(r1, Operand(FIRST_JS_OBJECT_TYPE));
-  __ b(hs, &jsobject);
+  jsobject.Branch(hs);
 
-  __ bind(&primitive);
+  primitive.Bind();
   frame_->Push(r0);
   __ mov(r0, Operand(0));
-  __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_JS);
+  frame_->InvokeBuiltin(Builtins::TO_OBJECT, CALL_JS, 1);
 
 
-  __ bind(&jsobject);
+  jsobject.Bind();
 
   // Get the set of properties (as a FixedArray or Map).
   frame_->Push(r0);  // duplicate the object being enumerated
   frame_->Push(r0);
-  __ CallRuntime(Runtime::kGetPropertyNamesFast, 1);
+  frame_->CallRuntime(Runtime::kGetPropertyNamesFast, 1);
 
   // If we got a Map, we can do a fast modification check.
   // Otherwise, we got a FixedArray, and we have to do a slow check.
   __ mov(r2, Operand(r0));
   __ ldr(r1, FieldMemOperand(r2, HeapObject::kMapOffset));
   __ cmp(r1, Operand(Factory::meta_map()));
-  __ b(ne, &fixed_array);
+  fixed_array.Branch(ne);
 
   // Get enum cache
   __ mov(r1, Operand(r0));
   __ ldr(r1, FieldMemOperand(r1, Map::kInstanceDescriptorsOffset));
   __ ldr(r1, FieldMemOperand(r1, DescriptorArray::kEnumerationIndexOffset));
   __ ldr(r2,
          FieldMemOperand(r1, DescriptorArray::kEnumCacheBridgeCacheOffset));
 
   frame_->Push(r0);  // map
   frame_->Push(r2);  // enum cache bridge cache
   __ ldr(r0, FieldMemOperand(r2, FixedArray::kLengthOffset));
   __ mov(r0, Operand(r0, LSL, kSmiTagSize));
   frame_->Push(r0);
   __ mov(r0, Operand(Smi::FromInt(0)));
   frame_->Push(r0);
-  __ b(&entry);
+  entry.Jump();
 
 
-  __ bind(&fixed_array);
+  fixed_array.Bind();
 
   __ mov(r1, Operand(Smi::FromInt(0)));
   frame_->Push(r1);  // insert 0 in place of Map
   frame_->Push(r0);
 
   // Push the length of the array and the initial index onto the stack.
   __ ldr(r0, FieldMemOperand(r0, FixedArray::kLengthOffset));
   __ mov(r0, Operand(r0, LSL, kSmiTagSize));
   frame_->Push(r0);
   __ mov(r0, Operand(Smi::FromInt(0)));  // init index
   frame_->Push(r0);
 
-  __ b(&entry);
-
-  // Body.
-  __ bind(&loop);
-  Visit(node->body());
-
-  // Next.
-  node->continue_target()->Bind();
-  __ bind(&next);
-  frame_->Pop(r0);
-  __ add(r0, r0, Operand(Smi::FromInt(1)));
-  frame_->Push(r0);
-
   // Condition.
-  __ bind(&entry);
+  entry.Bind();
 
   // sp[0] : index
   // sp[1] : array/enum cache length
   // sp[2] : array or enum cache
   // sp[3] : 0 or map
   // sp[4] : enumerable
-  __ ldr(r0, frame_->Element(0));  // load the current count
-  __ ldr(r1, frame_->Element(1));  // load the length
+  __ ldr(r0, frame_->ElementAt(0));  // load the current count
+  __ ldr(r1, frame_->ElementAt(1));  // load the length
   __ cmp(r0, Operand(r1));  // compare to the array length
-  __ b(hs, &cleanup);
+  cleanup.Branch(hs);
 
-  __ ldr(r0, frame_->Element(0));
+  __ ldr(r0, frame_->ElementAt(0));
 
   // Get the i'th entry of the array.
-  __ ldr(r2, frame_->Element(2));
+  __ ldr(r2, frame_->ElementAt(2));
   __ add(r2, r2, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
   __ ldr(r3, MemOperand(r2, r0, LSL, kPointerSizeLog2 - kSmiTagSize));
 
   // Get Map or 0.
-  __ ldr(r2, frame_->Element(3));
+  __ ldr(r2, frame_->ElementAt(3));
   // Check if this (still) matches the map of the enumerable.
   // If not, we have to filter the key.
-  __ ldr(r1, frame_->Element(4));
+  __ ldr(r1, frame_->ElementAt(4));
   __ ldr(r1, FieldMemOperand(r1, HeapObject::kMapOffset));
   __ cmp(r1, Operand(r2));
-  __ b(eq, &end_del_check);
+  end_del_check.Branch(eq);
 
   // Convert the entry to a string (or null if it isn't a property anymore).
-  __ ldr(r0, frame_->Element(4));  // push enumerable
+  __ ldr(r0, frame_->ElementAt(4));  // push enumerable
   frame_->Push(r0);
   frame_->Push(r3);  // push entry
   __ mov(r0, Operand(1));
-  __ InvokeBuiltin(Builtins::FILTER_KEY, CALL_JS);
+  frame_->InvokeBuiltin(Builtins::FILTER_KEY, CALL_JS, 2);
   __ mov(r3, Operand(r0));
 
   // If the property has been removed while iterating, we just skip it.
   __ cmp(r3, Operand(Factory::null_value()));
-  __ b(eq, &next);
+  node->continue_target()->Branch(eq);
 
-
-  __ bind(&end_del_check);
-
-  // Store the entry in the 'each' expression and take another spin in the loop.
-  // r3: i'th entry of the enum cache (or string there of)
+  end_del_check.Bind();
+  // Store the entry in the 'each' expression and take another spin in the
+  // loop.  r3: i'th entry of the enum cache (or string there of)
   frame_->Push(r3);  // push entry
   { Reference each(this, node->each());
     if (!each.is_illegal()) {
       if (each.size() > 0) {
-        __ ldr(r0, frame_->Element(each.size()));
+        __ ldr(r0, frame_->ElementAt(each.size()));
         frame_->Push(r0);
       }
       // If the reference was to a slot we rely on the convenient property
       // that it doesn't matter whether a value (eg, r3 pushed above) is
       // right on top of or right underneath a zero-sized reference.
       each.SetValue(NOT_CONST_INIT);
       if (each.size() > 0) {
         // It's safe to pop the value lying on top of the reference before
         // unloading the reference itself (which preserves the top of stack,
         // ie, now the topmost value of the non-zero sized reference), since
         // we will discard the top of stack after unloading the reference
         // anyway.
         frame_->Pop(r0);
       }
     }
   }
   // Discard the i'th entry pushed above or else the remainder of the
   // reference, whichever is currently on top of the stack.
-  frame_->Pop();
+  frame_->Drop();
+
+  // Body.
   CheckStack();  // TODO(1222600): ignore if body contains calls.
-  __ jmp(&loop);
+  Visit(node->body());
+
+  // Next.
+  node->continue_target()->Bind();
+  frame_->Pop(r0);
+  __ add(r0, r0, Operand(Smi::FromInt(1)));
+  frame_->Push(r0);
+  entry.Jump();
 
   // Cleanup.
-  __ bind(&cleanup);
+  cleanup.Bind();
   node->break_target()->Bind();
   frame_->Drop(5);
 
   // Exit.
-  __ bind(&exit);
+  exit.Bind();
 
   break_stack_height_ -= kForInStackSize;
 }
 
 
 void CodeGenerator::VisitTryCatch(TryCatch* node) {
   Comment cmnt(masm_, "[ TryCatch");
 
-  Label try_block, exit;
+  JumpTarget try_block(this);
+  JumpTarget exit(this);
 
-  __ bl(&try_block);
+  try_block.Call();
   // --- Catch block ---
   frame_->Push(r0);
 
   // Store the caught exception in the catch variable.
   { Reference ref(this, node->catch_var());
     ASSERT(ref.is_slot());
     // Here we make use of the convenient property that it doesn't matter
     // whether a value is immediately on top of or underneath a zero-sized
     // reference.
     ref.SetValue(NOT_CONST_INIT);
   }
 
   // Remove the exception from the stack.
-  frame_->Pop();
+  frame_->Drop();
 
   VisitStatements(node->catch_block()->statements());
-  __ b(&exit);
+  if (frame_ != NULL) {
+    exit.Jump();
+  }
 
 
   // --- Try block ---
-  __ bind(&try_block);
+  try_block.Bind();
 
-  __ PushTryHandler(IN_JAVASCRIPT, TRY_CATCH_HANDLER);
+  frame_->PushTryHandler(TRY_CATCH_HANDLER);
+  int handler_height = frame_->height();
 
   // Shadow the labels for all escapes from the try block, including
   // returns. During shadowing, the original label is hidden as the
   // LabelShadow and operations on the original actually affect the
   // shadowing label.
   //
   // We should probably try to unify the escaping labels and the return
   // label.
   int nof_escapes = node->escaping_targets()->length();
   List<ShadowTarget*> shadows(1 + nof_escapes);
   shadows.Add(new ShadowTarget(&function_return_));
   for (int i = 0; i < nof_escapes; i++) {
     shadows.Add(new ShadowTarget(node->escaping_targets()->at(i)));
   }
 
   // Generate code for the statements in the try block.
   VisitStatements(node->try_block()->statements());
-  frame_->Pop();  // Discard the result.
+  if (frame_ != NULL) {
+    frame_->Drop();  // Discard the result.
+  }
 
   // Stop the introduced shadowing and count the number of required unlinks.
   // After shadowing stops, the original labels are unshadowed and the
   // LabelShadows represent the formerly shadowing labels.
   int nof_unlinks = 0;
   for (int i = 0; i <= nof_escapes; i++) {
     shadows[i]->StopShadowing();
     if (shadows[i]->is_linked()) nof_unlinks++;
   }
 
-  // Unlink from try chain.
-  // TOS contains code slot
   const int kNextIndex = (StackHandlerConstants::kNextOffset
                           + StackHandlerConstants::kAddressDisplacement)
                        / kPointerSize;
-  __ ldr(r1, frame_->Element(kNextIndex));  // read next_sp
-  __ mov(r3, Operand(ExternalReference(Top::k_handler_address)));
-  __ str(r1, MemOperand(r3));
-  ASSERT(StackHandlerConstants::kCodeOffset == 0);  // first field is code
-  frame_->Drop(StackHandlerConstants::kSize / kPointerSize - 1);
-  // Code slot popped.
-  if (nof_unlinks > 0) __ b(&exit);
+  // If we can fall off the end of the try block, unlink from try chain.
+  if (frame_ != NULL) {
+    __ ldr(r1, frame_->ElementAt(kNextIndex));  // read next_sp
+    __ mov(r3, Operand(ExternalReference(Top::k_handler_address)));
+    __ str(r1, MemOperand(r3));
+    ASSERT(StackHandlerConstants::kCodeOffset == 0);  // first field is code
+    frame_->Drop(StackHandlerConstants::kSize / kPointerSize - 1);
+    // Code slot popped.
+    if (nof_unlinks > 0) {
+      exit.Jump();
+    }
+  }
 
   // Generate unlink code for the (formerly) shadowing labels that have been
   // jumped to.
   for (int i = 0; i <= nof_escapes; i++) {
     if (shadows[i]->is_linked()) {
       // Unlink from try chain;
       shadows[i]->Bind();
 
       // Reload sp from the top handler, because some statements that we
       // break from (eg, for...in) may have left stuff on the stack.
       __ mov(r3, Operand(ExternalReference(Top::k_handler_address)));
       __ ldr(sp, MemOperand(r3));
+      frame_->Forget(frame_->height() - handler_height);
 
-      __ ldr(r1, frame_->Element(kNextIndex));
+      __ ldr(r1, frame_->ElementAt(kNextIndex));
       __ str(r1, MemOperand(r3));
       ASSERT(StackHandlerConstants::kCodeOffset == 0);  // first field is code
       frame_->Drop(StackHandlerConstants::kSize / kPointerSize - 1);
       // Code slot popped.
-
+      frame_->Forget(1);
       shadows[i]->original_target()->Jump();
     }
   }
 
-  __ bind(&exit);
+  exit.Bind();
 }
 
 
 void CodeGenerator::VisitTryFinally(TryFinally* node) {
   Comment cmnt(masm_, "[ TryFinally");
 
   // State: Used to keep track of reason for entering the finally
   // block. Should probably be extended to hold information for
   // break/continue from within the try block.
   enum { FALLING, THROWING, JUMPING };
 
-  Label exit, unlink, try_block, finally_block;
+  JumpTarget unlink(this);
+  JumpTarget try_block(this);
+  JumpTarget finally_block(this);
 
-  __ bl(&try_block);
+  try_block.Call();
 
   frame_->Push(r0);  // save exception object on the stack
   // In case of thrown exceptions, this is where we continue.
   __ mov(r2, Operand(Smi::FromInt(THROWING)));
-  __ b(&finally_block);
+  finally_block.Jump();
 
 
   // --- Try block ---
-  __ bind(&try_block);
+  try_block.Bind();
 
-  __ PushTryHandler(IN_JAVASCRIPT, TRY_FINALLY_HANDLER);
+  frame_->PushTryHandler(TRY_FINALLY_HANDLER);
+  int handler_height = frame_->height();
 
   // Shadow the labels for all escapes from the try block, including
   // returns.  Shadowing hides the original label as the LabelShadow and
   // operations on the original actually affect the shadowing label.
   //
   // We should probably try to unify the escaping labels and the return
   // label.
   int nof_escapes = node->escaping_targets()->length();
   List<ShadowTarget*> shadows(1 + nof_escapes);
   shadows.Add(new ShadowTarget(&function_return_));
   for (int i = 0; i < nof_escapes; i++) {
     shadows.Add(new ShadowTarget(node->escaping_targets()->at(i)));
   }
 
   // Generate code for the statements in the try block.
   VisitStatements(node->try_block()->statements());
 
   // Stop the introduced shadowing and count the number of required unlinks.
   // After shadowing stops, the original labels are unshadowed and the
   // LabelShadows represent the formerly shadowing labels.
   int nof_unlinks = 0;
   for (int i = 0; i <= nof_escapes; i++) {
     shadows[i]->StopShadowing();
     if (shadows[i]->is_linked()) nof_unlinks++;
   }
 
-  // Set the state on the stack to FALLING.
-  __ mov(r0, Operand(Factory::undefined_value()));  // fake TOS
-  frame_->Push(r0);
-  __ mov(r2, Operand(Smi::FromInt(FALLING)));
-  if (nof_unlinks > 0) __ b(&unlink);
+  // If we can fall off the end of the try block, set the state on the stack
+  // to FALLING.
+  if (frame_ != NULL) {
+    __ mov(r0, Operand(Factory::undefined_value()));  // fake TOS
+    frame_->Push(r0);
+    __ mov(r2, Operand(Smi::FromInt(FALLING)));
+    if (nof_unlinks > 0) {
+      unlink.Jump();
+    }
+  }
 
   // Generate code to set the state for the (formerly) shadowing labels that
   // have been jumped to.
   for (int i = 0; i <= nof_escapes; i++) {
     if (shadows[i]->is_linked()) {
       shadows[i]->Bind();
       if (shadows[i]->original_target() == &function_return_) {
         // If this label shadowed the function return, materialize the
         // return value on the stack.
         frame_->Push(r0);
       } else {
         // Fake TOS for labels that shadowed breaks and continues.
         __ mov(r0, Operand(Factory::undefined_value()));
         frame_->Push(r0);
       }
       __ mov(r2, Operand(Smi::FromInt(JUMPING + i)));
-      __ b(&unlink);
+      unlink.Jump();
     }
   }
 
   // Unlink from try chain;
-  __ bind(&unlink);
+  unlink.Bind();
 
   frame_->Pop(r0);  // Store TOS in r0 across stack manipulation
   // Reload sp from the top handler, because some statements that we
   // break from (eg, for...in) may have left stuff on the stack.
   __ mov(r3, Operand(ExternalReference(Top::k_handler_address)));
   __ ldr(sp, MemOperand(r3));
+  frame_->Forget(frame_->height() - handler_height);
   const int kNextIndex = (StackHandlerConstants::kNextOffset
                           + StackHandlerConstants::kAddressDisplacement)
                        / kPointerSize;
-  __ ldr(r1, frame_->Element(kNextIndex));
+  __ ldr(r1, frame_->ElementAt(kNextIndex));
   __ str(r1, MemOperand(r3));
   ASSERT(StackHandlerConstants::kCodeOffset == 0);  // first field is code
   frame_->Drop(StackHandlerConstants::kSize / kPointerSize - 1);
   // Code slot popped.
+  frame_->Forget(1);
   frame_->Push(r0);
 
   // --- Finally block ---
-  __ bind(&finally_block);
+  finally_block.Bind();
 
   // Push the state on the stack.
   frame_->Push(r2);
 
   // We keep two elements on the stack - the (possibly faked) result
   // and the state - while evaluating the finally block. Record it, so
   // that a break/continue crossing this statement can restore the
   // stack.
   const int kFinallyStackSize = 2 * kPointerSize;
   break_stack_height_ += kFinallyStackSize;
 
   // Generate code for the statements in the finally block.
   VisitStatements(node->finally_block()->statements());
 
-  // Restore state and return value or faked TOS.
-  frame_->Pop(r2);
-  frame_->Pop(r0);
   break_stack_height_ -= kFinallyStackSize;
+  if (frame_ != NULL) {
+    JumpTarget exit(this);
+    // Restore state and return value or faked TOS.
+    frame_->Pop(r2);
+    frame_->Pop(r0);
 
-  // Generate code to jump to the right destination for all used (formerly)
-  // shadowing labels.
-  for (int i = 0; i <= nof_escapes; i++) {
-    if (shadows[i]->is_bound()) {
-      __ cmp(r2, Operand(Smi::FromInt(JUMPING + i)));
-      if (shadows[i]->original_target() != &function_return_) {
-        Label next;
-        __ b(ne, &next);
-        shadows[i]->original_target()->Jump();
-        __ bind(&next);
-      } else {
-        shadows[i]->original_target()->Branch(eq);
+    // Generate code to jump to the right destination for all used (formerly)
+    // shadowing labels.
+    for (int i = 0; i <= nof_escapes; i++) {
+      if (shadows[i]->is_bound()) {
+        __ cmp(r2, Operand(Smi::FromInt(JUMPING + i)));
+        if (shadows[i]->original_target() != &function_return_) {
+          JumpTarget next(this);
+          next.Branch(ne);
+          shadows[i]->original_target()->Jump();
+          next.Bind();
+        } else {
+          shadows[i]->original_target()->Branch(eq);
+        }
       }
     }
+
+    // Check if we need to rethrow the exception.
+    __ cmp(r2, Operand(Smi::FromInt(THROWING)));
+    exit.Branch(ne);
+
+    // Rethrow exception.
+    frame_->Push(r0);
+    frame_->CallRuntime(Runtime::kReThrow, 1);
+
+    // Done.
+    exit.Bind();
   }
-
-  // Check if we need to rethrow the exception.
-  __ cmp(r2, Operand(Smi::FromInt(THROWING)));
-  __ b(ne, &exit);
-
-  // Rethrow exception.
-  frame_->Push(r0);
-  __ CallRuntime(Runtime::kReThrow, 1);
-
-  // Done.
-  __ bind(&exit);
 }
 
 
 void CodeGenerator::VisitDebuggerStatement(DebuggerStatement* node) {
   Comment cmnt(masm_, "[ DebuggerStatament");
   if (FLAG_debug_info) RecordStatementPosition(node);
-  __ CallRuntime(Runtime::kDebugBreak, 0);
+  frame_->CallRuntime(Runtime::kDebugBreak, 0);
   // Ignore the return value.
 }
 
 
 void CodeGenerator::InstantiateBoilerplate(Handle<JSFunction> boilerplate) {
   ASSERT(boilerplate->IsBoilerplate());
 
   // Push the boilerplate on the stack.
   __ mov(r0, Operand(boilerplate));
   frame_->Push(r0);
 
   // Create a new closure.
   frame_->Push(cp);
-  __ CallRuntime(Runtime::kNewClosure, 2);
+  frame_->CallRuntime(Runtime::kNewClosure, 2);
   frame_->Push(r0);
 }
 
 
 void CodeGenerator::VisitFunctionLiteral(FunctionLiteral* node) {
   Comment cmnt(masm_, "[ FunctionLiteral");
 
   // Build the function boilerplate and instantiate it.
   Handle<JSFunction> boilerplate = BuildBoilerplate(node);
   // Check for stack-overflow exception.
   if (HasStackOverflow()) return;
   InstantiateBoilerplate(boilerplate);
 }
 
 
 void CodeGenerator::VisitFunctionBoilerplateLiteral(
     FunctionBoilerplateLiteral* node) {
   Comment cmnt(masm_, "[ FunctionBoilerplateLiteral");
   InstantiateBoilerplate(node->boilerplate());
 }
 
 
 void CodeGenerator::VisitConditional(Conditional* node) {
   Comment cmnt(masm_, "[ Conditional");
   JumpTarget then(this);
   JumpTarget else_(this);
-  Label exit;
+  JumpTarget exit(this);
   LoadCondition(node->condition(), NOT_INSIDE_TYPEOF, &then, &else_, true);
   Branch(false, &else_);
   then.Bind();
   Load(node->then_expression(), typeof_state());
-  __ b(&exit);
+  exit.Jump();
   else_.Bind();
   Load(node->else_expression(), typeof_state());
-  __ bind(&exit);
+  exit.Bind();
 }
 
 
 void CodeGenerator::LoadFromSlot(Slot* slot, TypeofState typeof_state) {
   if (slot->type() == Slot::LOOKUP) {
     ASSERT(slot->var()->mode() == Variable::DYNAMIC);
 
     // For now, just do a runtime call.
     frame_->Push(cp);
     __ mov(r0, Operand(slot->var()->name()));
     frame_->Push(r0);
 
     if (typeof_state == INSIDE_TYPEOF) {
-      __ CallRuntime(Runtime::kLoadContextSlotNoReferenceError, 2);
+      frame_->CallRuntime(Runtime::kLoadContextSlotNoReferenceError, 2);
     } else {
-      __ CallRuntime(Runtime::kLoadContextSlot, 2);
+      frame_->CallRuntime(Runtime::kLoadContextSlot, 2);
     }
     frame_->Push(r0);
 
   } else {
     // Note: We would like to keep the assert below, but it fires because of
     // some nasty code in LoadTypeofExpression() which should be removed...
     // ASSERT(slot->var()->mode() != Variable::DYNAMIC);
 
     // Special handling for locals allocated in registers.
     __ ldr(r0, SlotOperand(slot, r2));
@@ skipping 49 matching lines @@
   __ ldr(r1, frame_->Function());
 
   // Load the literals array of the function.
   __ ldr(r1, FieldMemOperand(r1, JSFunction::kLiteralsOffset));
 
   // Load the literal at the ast saved index.
   int literal_offset =
       FixedArray::kHeaderSize + node->literal_index() * kPointerSize;
   __ ldr(r2, FieldMemOperand(r1, literal_offset));
 
-  Label done;
+  JumpTarget done(this);
   __ cmp(r2, Operand(Factory::undefined_value()));
-  __ b(ne, &done);
+  done.Branch(ne);
 
   // If the entry is undefined we call the runtime system to computed
   // the literal.
   frame_->Push(r1);  // literal array  (0)
   __ mov(r0, Operand(Smi::FromInt(node->literal_index())));
   frame_->Push(r0);  // literal index  (1)
   __ mov(r0, Operand(node->pattern()));  // RegExp pattern (2)
   frame_->Push(r0);
   __ mov(r0, Operand(node->flags()));  // RegExp flags   (3)
   frame_->Push(r0);
-  __ CallRuntime(Runtime::kMaterializeRegExpLiteral, 4);
+  frame_->CallRuntime(Runtime::kMaterializeRegExpLiteral, 4);
   __ mov(r2, Operand(r0));
 
-  __ bind(&done);
+  done.Bind();
   // Push the literal.
   frame_->Push(r2);
 }
 
 
 // This deferred code stub will be used for creating the boilerplate
 // by calling Runtime_CreateObjectLiteral.
 // Each created boilerplate is stored in the JSFunction and they are
 // therefore context dependent.
 class ObjectLiteralDeferred: public DeferredCode {
@@ skipping 46 matching lines @@
   // Check whether we need to materialize the object literal boilerplate.
   // If so, jump to the deferred code.
   __ cmp(r2, Operand(Factory::undefined_value()));
   __ b(eq, deferred->enter());
   __ bind(deferred->exit());
 
   // Push the object literal boilerplate.
   frame_->Push(r2);
 
   // Clone the boilerplate object.
-  __ CallRuntime(Runtime::kCloneObjectLiteralBoilerplate, 1);
+  frame_->CallRuntime(Runtime::kCloneObjectLiteralBoilerplate, 1);
   frame_->Push(r0);  // save the result
   // r0: cloned object literal
 
   for (int i = 0; i < node->properties()->length(); i++) {
     ObjectLiteral::Property* property = node->properties()->at(i);
     Literal* key = property->key();
     Expression* value = property->value();
     switch (property->kind()) {
       case ObjectLiteral::Property::CONSTANT: break;
       case ObjectLiteral::Property::COMPUTED:  // fall through
       case ObjectLiteral::Property::PROTOTYPE: {
         frame_->Push(r0);  // dup the result
         Load(key);
         Load(value);
-        __ CallRuntime(Runtime::kSetProperty, 3);
+        frame_->CallRuntime(Runtime::kSetProperty, 3);
         // restore r0
         __ ldr(r0, frame_->Top());
         break;
       }
       case ObjectLiteral::Property::SETTER: {
         frame_->Push(r0);
         Load(key);
         __ mov(r0, Operand(Smi::FromInt(1)));
         frame_->Push(r0);
         Load(value);
-        __ CallRuntime(Runtime::kDefineAccessor, 4);
+        frame_->CallRuntime(Runtime::kDefineAccessor, 4);
         __ ldr(r0, frame_->Top());
         break;
       }
       case ObjectLiteral::Property::GETTER: {
         frame_->Push(r0);
         Load(key);
         __ mov(r0, Operand(Smi::FromInt(0)));
         frame_->Push(r0);
         Load(value);
-        __ CallRuntime(Runtime::kDefineAccessor, 4);
+        frame_->CallRuntime(Runtime::kDefineAccessor, 4);
         __ ldr(r0, frame_->Top());
         break;
       }
     }
   }
 }
 
 
 void CodeGenerator::VisitArrayLiteral(ArrayLiteral* node) {
   Comment cmnt(masm_, "[ ArrayLiteral");
 
   // Call runtime to create the array literal.
   __ mov(r0, Operand(node->literals()));
   frame_->Push(r0);
   // Load the function of this frame.
   __ ldr(r0, frame_->Function());
   __ ldr(r0, FieldMemOperand(r0, JSFunction::kLiteralsOffset));
   frame_->Push(r0);
-  __ CallRuntime(Runtime::kCreateArrayLiteral, 2);
+  frame_->CallRuntime(Runtime::kCreateArrayLiteral, 2);
 
   // Push the resulting array literal on the stack.
   frame_->Push(r0);
 
   // Generate code to set the elements in the array that are not
   // literals.
   for (int i = 0; i < node->values()->length(); i++) {
     Expression* value = node->values()->at(i);
 
     // If value is literal the property value is already
@@ skipping 18 matching lines @@
     }
   }
 }
 
 
 void CodeGenerator::VisitAssignment(Assignment* node) {
   Comment cmnt(masm_, "[ Assignment");
   if (FLAG_debug_info) RecordStatementPosition(node);
 
   Reference target(this, node->target());
-  if (target.is_illegal()) return;
+  if (target.is_illegal()) {
+    // Fool the virtual frame into thinking that we left the assignment's
+    // value on the frame.
+    __ mov(r0, Operand(Smi::FromInt(0)));
+    frame_->Push(r0);
+    return;
+  }
 
   if (node->op() == Token::ASSIGN ||
       node->op() == Token::INIT_VAR ||
       node->op() == Token::INIT_CONST) {
     Load(node->value());
 
   } else {
     target.GetValue(NOT_INSIDE_TYPEOF);
     Literal* literal = node->value()->AsLiteral();
     if (literal != NULL && literal->handle()->IsSmi()) {
@@ skipping 25 matching lines @@
     }
   }
 }
 
 
 void CodeGenerator::VisitThrow(Throw* node) {
   Comment cmnt(masm_, "[ Throw");
 
   Load(node->exception());
   __ RecordPosition(node->position());
-  __ CallRuntime(Runtime::kThrow, 1);
+  frame_->CallRuntime(Runtime::kThrow, 1);
   frame_->Push(r0);
 }
 
 
 void CodeGenerator::VisitProperty(Property* node) {
   Comment cmnt(masm_, "[ Property");
 
   Reference property(this, node);
   property.GetValue(typeof_state());
 }
@@ skipping 29 matching lines @@
     // Push the name of the function and the receiver onto the stack.
     __ mov(r0, Operand(var->name()));
     frame_->Push(r0);
 
     // Pass the global object as the receiver and let the IC stub
     // patch the stack to use the global proxy as 'this' in the
     // invoked function.
     LoadGlobal();
 
     // Load the arguments.
-    for (int i = 0; i < args->length(); i++) Load(args->at(i));
+    int arg_count = args->length();
+    for (int i = 0; i < arg_count; i++) {
+      Load(args->at(i));
+    }
 
     // Setup the receiver register and call the IC initialization code.
-    Handle<Code> stub = ComputeCallInitialize(args->length());
+    Handle<Code> stub = ComputeCallInitialize(arg_count);
     __ RecordPosition(node->position());
-    __ Call(stub, RelocInfo::CODE_TARGET_CONTEXT);
+    frame_->CallCodeObject(stub, RelocInfo::CODE_TARGET_CONTEXT,
+                           arg_count + 1);
     __ ldr(cp, frame_->Context());
     // Remove the function from the stack.
-    frame_->Pop();
+    frame_->Drop();
     frame_->Push(r0);
 
   } else if (var != NULL && var->slot() != NULL &&
              var->slot()->type() == Slot::LOOKUP) {
     // ----------------------------------
     // JavaScript example: 'with (obj) foo(1, 2, 3)'  // foo is in obj
     // ----------------------------------
 
     // Load the function
     frame_->Push(cp);
     __ mov(r0, Operand(var->name()));
     frame_->Push(r0);
-    __ CallRuntime(Runtime::kLoadContextSlot, 2);
+    frame_->CallRuntime(Runtime::kLoadContextSlot, 2);
     // r0: slot value; r1: receiver
 
     // Load the receiver.
     frame_->Push(r0);  // function
     frame_->Push(r1);  // receiver
 
     // Call the function.
     CallWithArguments(args, node->position());
     frame_->Push(r0);
 
   } else if (property != NULL) {
     // Check if the key is a literal string.
     Literal* literal = property->key()->AsLiteral();
 
     if (literal != NULL && literal->handle()->IsSymbol()) {
       // ------------------------------------------------------------------
       // JavaScript example: 'object.foo(1, 2, 3)' or 'map["key"](1, 2, 3)'
       // ------------------------------------------------------------------
 
       // Push the name of the function and the receiver onto the stack.
       __ mov(r0, Operand(literal->handle()));
       frame_->Push(r0);
       Load(property->obj());
 
       // Load the arguments.
-      for (int i = 0; i < args->length(); i++) Load(args->at(i));
+      int arg_count = args->length();
+      for (int i = 0; i < arg_count; i++) {
+        Load(args->at(i));
+      }
 
       // Set the receiver register and call the IC initialization code.
-      Handle<Code> stub = ComputeCallInitialize(args->length());
+      Handle<Code> stub = ComputeCallInitialize(arg_count);
       __ RecordPosition(node->position());
-      __ Call(stub, RelocInfo::CODE_TARGET);
+      frame_->CallCodeObject(stub, RelocInfo::CODE_TARGET, arg_count + 1);
       __ ldr(cp, frame_->Context());
 
       // Remove the function from the stack.
-      frame_->Pop();
+      frame_->Drop();
 
       frame_->Push(r0);  // push after get rid of function from the stack
 
     } else {
       // -------------------------------------------
       // JavaScript example: 'array[index](1, 2, 3)'
       // -------------------------------------------
 
       // Load the function to call from the property through a reference.
       Reference ref(this, property);
       ref.GetValue(NOT_INSIDE_TYPEOF);  // receiver
 
       // Pass receiver to called function.
-      __ ldr(r0, frame_->Element(ref.size()));
+      __ ldr(r0, frame_->ElementAt(ref.size()));
       frame_->Push(r0);
       // Call the function.
       CallWithArguments(args, node->position());
       frame_->Push(r0);
     }
 
   } else {
     // ----------------------------------
     // JavaScript example: 'foo(1, 2, 3)'  // foo is not global
     // ----------------------------------
@@ skipping 21 matching lines @@
   // evaluated.
 
   // Compute function to call and use the global object as the
   // receiver. There is no need to use the global proxy here because
   // it will always be replaced with a newly allocated object.
   Load(node->expression());
   LoadGlobal();
 
   // Push the arguments ("left-to-right") on the stack.
   ZoneList<Expression*>* args = node->arguments();
-  for (int i = 0; i < args->length(); i++) Load(args->at(i));
+  int arg_count = args->length();
+  for (int i = 0; i < arg_count; i++) {
+    Load(args->at(i));
+  }
 
   // r0: the number of arguments.
-  __ mov(r0, Operand(args->length()));
+  __ mov(r0, Operand(arg_count));
 
   // Load the function into r1 as per calling convention.
-  __ ldr(r1, frame_->Element(args->length() + 1));
+  __ ldr(r1, frame_->ElementAt(arg_count + 1));
 
   // Call the construct call builtin that handles allocation and
   // constructor invocation.
   __ RecordPosition(RelocInfo::POSITION);
-  __ Call(Handle<Code>(Builtins::builtin(Builtins::JSConstructCall)),
-          RelocInfo::CONSTRUCT_CALL);
+  Handle<Code> ic(Builtins::builtin(Builtins::JSConstructCall));
+  frame_->CallCodeObject(ic, RelocInfo::CONSTRUCT_CALL, arg_count + 1);
 
   // Discard old TOS value and push r0 on the stack (same as Pop(), push(r0)).
   __ str(r0, frame_->Top());
 }
 
 
 void CodeGenerator::GenerateValueOf(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 1);
-  Label leave;
+  JumpTarget leave(this);
   Load(args->at(0));
   frame_->Pop(r0);  // r0 contains object.
   // if (object->IsSmi()) return the object.
   __ tst(r0, Operand(kSmiTagMask));
-  __ b(eq, &leave);
+  leave.Branch(eq);
   // It is a heap object - get map.
   __ ldr(r1, FieldMemOperand(r0, HeapObject::kMapOffset));
   __ ldrb(r1, FieldMemOperand(r1, Map::kInstanceTypeOffset));
   // if (!object->IsJSValue()) return the object.
   __ cmp(r1, Operand(JS_VALUE_TYPE));
-  __ b(ne, &leave);
+  leave.Branch(ne);
   // Load the value.
   __ ldr(r0, FieldMemOperand(r0, JSValue::kValueOffset));
-  __ bind(&leave);
+  leave.Bind();
   frame_->Push(r0);
 }
 
 
 void CodeGenerator::GenerateSetValueOf(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 2);
-  Label leave;
+  JumpTarget leave(this);
   Load(args->at(0));  // Load the object.
   Load(args->at(1));  // Load the value.
   frame_->Pop(r0);  // r0 contains value
   frame_->Pop(r1);  // r1 contains object
   // if (object->IsSmi()) return object.
   __ tst(r1, Operand(kSmiTagMask));
-  __ b(eq, &leave);
+  leave.Branch(eq);
   // It is a heap object - get map.
   __ ldr(r2, FieldMemOperand(r1, HeapObject::kMapOffset));
   __ ldrb(r2, FieldMemOperand(r2, Map::kInstanceTypeOffset));
   // if (!object->IsJSValue()) return object.
   __ cmp(r2, Operand(JS_VALUE_TYPE));
-  __ b(ne, &leave);
+  leave.Branch(ne);
   // Store the value.
   __ str(r0, FieldMemOperand(r1, JSValue::kValueOffset));
   // Update the write barrier.
   __ mov(r2, Operand(JSValue::kValueOffset - kHeapObjectTag));
   __ RecordWrite(r1, r2, r3);
   // Leave.
-  __ bind(&leave);
+  leave.Bind();
   frame_->Push(r0);
 }
 
 
 void CodeGenerator::GenerateIsSmi(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 1);
   Load(args->at(0));
   frame_->Pop(r0);
   __ tst(r0, Operand(kSmiTagMask));
   cc_reg_ = eq;
@@ skipping 15 matching lines @@
 void CodeGenerator::GenerateFastCharCodeAt(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 2);
   __ mov(r0, Operand(Factory::undefined_value()));
   frame_->Push(r0);
 }
 
 
 void CodeGenerator::GenerateIsArray(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 1);
   Load(args->at(0));
-  Label answer;
+  JumpTarget answer(this);
   // We need the CC bits to come out as not_equal in the case where the
   // object is a smi.  This can't be done with the usual test opcode so
   // we use XOR to get the right CC bits.
   frame_->Pop(r0);
   __ and_(r1, r0, Operand(kSmiTagMask));
   __ eor(r1, r1, Operand(kSmiTagMask), SetCC);
-  __ b(ne, &answer);
+  answer.Branch(ne);
   // It is a heap object - get the map.
   __ ldr(r1, FieldMemOperand(r0, HeapObject::kMapOffset));
   __ ldrb(r1, FieldMemOperand(r1, Map::kInstanceTypeOffset));
   // Check if the object is a JS array or not.
   __ cmp(r1, Operand(JS_ARRAY_TYPE));
-  __ bind(&answer);
+  answer.Bind();
   cc_reg_ = eq;
 }
 
 
 void CodeGenerator::GenerateArgumentsLength(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 0);
 
   // Seed the result with the formal parameters count, which will be used
   // in case no arguments adaptor frame is found below the current frame.
   __ mov(r0, Operand(Smi::FromInt(scope_->num_parameters())));
 
   // Call the shared stub to get to the arguments.length.
   ArgumentsAccessStub stub(ArgumentsAccessStub::READ_LENGTH);
-  __ CallStub(&stub);
+  frame_->CallStub(&stub, 0);
   frame_->Push(r0);
 }
 
 
 void CodeGenerator::GenerateArgumentsAccess(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 1);
 
   // Satisfy contract with ArgumentsAccessStub:
   // Load the key into r1 and the formal parameters count into r0.
   Load(args->at(0));
   frame_->Pop(r1);
   __ mov(r0, Operand(Smi::FromInt(scope_->num_parameters())));
 
   // Call the shared stub to get to arguments[key].
   ArgumentsAccessStub stub(ArgumentsAccessStub::READ_ELEMENT);
-  __ CallStub(&stub);
+  frame_->CallStub(&stub, 0);
   frame_->Push(r0);
 }
 
 
 void CodeGenerator::GenerateObjectEquals(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 2);
 
   // Load the two objects into registers and perform the comparison.
   Load(args->at(0));
   Load(args->at(1));
   frame_->Pop(r0);
   frame_->Pop(r1);
   __ cmp(r0, Operand(r1));
   cc_reg_ = eq;
 }
 
 
 void CodeGenerator::VisitCallRuntime(CallRuntime* node) {
-  if (CheckForInlineRuntimeCall(node)) return;
+  if (CheckForInlineRuntimeCall(node)) {
+    return;
+  }
 
   ZoneList<Expression*>* args = node->arguments();
   Comment cmnt(masm_, "[ CallRuntime");
   Runtime::Function* function = node->function();
 
   if (function != NULL) {
     // Push the arguments ("left-to-right").
-    for (int i = 0; i < args->length(); i++) Load(args->at(i));
+    int arg_count = args->length();
+    for (int i = 0; i < arg_count; i++) {
+      Load(args->at(i));
+    }
 
     // Call the C runtime function.
-    __ CallRuntime(function, args->length());
+    frame_->CallRuntime(function, arg_count);
     frame_->Push(r0);
 
   } else {
     // Prepare stack for calling JS runtime function.
     __ mov(r0, Operand(node->name()));
     frame_->Push(r0);
     // Push the builtins object found in the current global object.
     __ ldr(r1, GlobalObject());
     __ ldr(r0, FieldMemOperand(r1, GlobalObject::kBuiltinsOffset));
     frame_->Push(r0);
 
-    for (int i = 0; i < args->length(); i++) Load(args->at(i));
+    int arg_count = args->length();
+    for (int i = 0; i < arg_count; i++) {
+      Load(args->at(i));
+    }
 
     // Call the JS runtime function.
     Handle<Code> stub = ComputeCallInitialize(args->length());
-    __ Call(stub, RelocInfo::CODE_TARGET);
+    frame_->CallCodeObject(stub, RelocInfo::CODE_TARGET, arg_count + 1);
     __ ldr(cp, frame_->Context());
-    frame_->Pop();
+    frame_->Drop();
     frame_->Push(r0);
   }
 }
 
 
 void CodeGenerator::VisitUnaryOperation(UnaryOperation* node) {
   Comment cmnt(masm_, "[ UnaryOperation");
 
   Token::Value op = node->op();
 
   if (op == Token::NOT) {
     LoadCondition(node->expression(),
                   NOT_INSIDE_TYPEOF,
                   false_target(),
                   true_target(),
                   true);
     cc_reg_ = NegateCondition(cc_reg_);
 
   } else if (op == Token::DELETE) {
     Property* property = node->expression()->AsProperty();
     Variable* variable = node->expression()->AsVariableProxy()->AsVariable();
     if (property != NULL) {
       Load(property->obj());
       Load(property->key());
       __ mov(r0, Operand(1));  // not counting receiver
-      __ InvokeBuiltin(Builtins::DELETE, CALL_JS);
+      frame_->InvokeBuiltin(Builtins::DELETE, CALL_JS, 2);
 
     } else if (variable != NULL) {
       Slot* slot = variable->slot();
       if (variable->is_global()) {
         LoadGlobal();
         __ mov(r0, Operand(variable->name()));
         frame_->Push(r0);
         __ mov(r0, Operand(1));  // not counting receiver
-        __ InvokeBuiltin(Builtins::DELETE, CALL_JS);
+        frame_->InvokeBuiltin(Builtins::DELETE, CALL_JS, 2);
 
       } else if (slot != NULL && slot->type() == Slot::LOOKUP) {
         // lookup the context holding the named variable
         frame_->Push(cp);
         __ mov(r0, Operand(variable->name()));
         frame_->Push(r0);
-        __ CallRuntime(Runtime::kLookupContext, 2);
+        frame_->CallRuntime(Runtime::kLookupContext, 2);
         // r0: context
         frame_->Push(r0);
         __ mov(r0, Operand(variable->name()));
         frame_->Push(r0);
         __ mov(r0, Operand(1));  // not counting receiver
-        __ InvokeBuiltin(Builtins::DELETE, CALL_JS);
+        frame_->InvokeBuiltin(Builtins::DELETE, CALL_JS, 2);
 
       } else {
         // Default: Result of deleting non-global, not dynamically
         // introduced variables is false.
         __ mov(r0, Operand(Factory::false_value()));
       }
 
     } else {
       // Default: Result of deleting expressions is true.
       Load(node->expression());  // may have side-effects
-      frame_->Pop();
+      frame_->Drop();
       __ mov(r0, Operand(Factory::true_value()));
     }
     frame_->Push(r0);
 
   } else if (op == Token::TYPEOF) {
     // Special case for loading the typeof expression; see comment on
     // LoadTypeofExpression().
     LoadTypeofExpression(node->expression());
-    __ CallRuntime(Runtime::kTypeof, 1);
+    frame_->CallRuntime(Runtime::kTypeof, 1);
     frame_->Push(r0);  // r0 has result
 
   } else {
     Load(node->expression());
     frame_->Pop(r0);
     switch (op) {
       case Token::NOT:
       case Token::DELETE:
       case Token::TYPEOF:
         UNREACHABLE();  // handled above
         break;
 
       case Token::SUB: {
         UnarySubStub stub;
-        __ CallStub(&stub);
+        frame_->CallStub(&stub, 0);
         break;
       }
 
       case Token::BIT_NOT: {
         // smi check
-        Label smi_label;
-        Label continue_label;
+        JumpTarget smi_label(this);
+        JumpTarget continue_label(this);
         __ tst(r0, Operand(kSmiTagMask));
-        __ b(eq, &smi_label);
+        smi_label.Branch(eq);
 
         frame_->Push(r0);
         __ mov(r0, Operand(0));  // not counting receiver
-        __ InvokeBuiltin(Builtins::BIT_NOT, CALL_JS);
+        frame_->InvokeBuiltin(Builtins::BIT_NOT, CALL_JS, 1);
 
-        __ b(&continue_label);
-        __ bind(&smi_label);
+        continue_label.Jump();
+        smi_label.Bind();
         __ mvn(r0, Operand(r0));
         __ bic(r0, r0, Operand(kSmiTagMask));  // bit-clear inverted smi-tag
-        __ bind(&continue_label);
+        continue_label.Bind();
         break;
       }
 
       case Token::VOID:
         // since the stack top is cached in r0, popping and then
         // pushing a value can be done by just writing to r0.
         __ mov(r0, Operand(Factory::undefined_value()));
         break;
 
       case Token::ADD: {
         // Smi check.
-        Label continue_label;
+        JumpTarget continue_label(this);
         __ tst(r0, Operand(kSmiTagMask));
-        __ b(eq, &continue_label);
+        continue_label.Branch(eq);
         frame_->Push(r0);
         __ mov(r0, Operand(0));  // not counting receiver
-        __ InvokeBuiltin(Builtins::TO_NUMBER, CALL_JS);
-        __ bind(&continue_label);
+        frame_->InvokeBuiltin(Builtins::TO_NUMBER, CALL_JS, 1);
+        continue_label.Bind();
         break;
       }
       default:
         UNREACHABLE();
     }
     frame_->Push(r0);  // r0 has result
   }
 }
 
 
 void CodeGenerator::VisitCountOperation(CountOperation* node) {
   Comment cmnt(masm_, "[ CountOperation");
 
   bool is_postfix = node->is_postfix();
   bool is_increment = node->op() == Token::INC;
 
   Variable* var = node->expression()->AsVariableProxy()->AsVariable();
   bool is_const = (var != NULL && var->mode() == Variable::CONST);
 
   // Postfix: Make room for the result.
   if (is_postfix) {
      __ mov(r0, Operand(0));
      frame_->Push(r0);
   }
 
   { Reference target(this, node->expression());
-    if (target.is_illegal()) return;
+    if (target.is_illegal()) {
+      // Spoof the virtual frame to have the expected height (one higher
+      // than on entry).
+      if (!is_postfix) {
+        __ mov(r0, Operand(Smi::FromInt(0)));
+        frame_->Push(r0);
+      }
+      return;
+    }
     target.GetValue(NOT_INSIDE_TYPEOF);
     frame_->Pop(r0);
 
-    Label slow, exit;
+    JumpTarget slow(this);
+    JumpTarget exit(this);
 
     // Load the value (1) into register r1.
     __ mov(r1, Operand(Smi::FromInt(1)));
 
     // Check for smi operand.
     __ tst(r0, Operand(kSmiTagMask));
-    __ b(ne, &slow);
+    slow.Branch(ne);
 
     // Postfix: Store the old value as the result.
     if (is_postfix) {
-      __ str(r0, frame_->Element(target.size()));
+      __ str(r0, frame_->ElementAt(target.size()));
     }
 
     // Perform optimistic increment/decrement.
     if (is_increment) {
       __ add(r0, r0, Operand(r1), SetCC);
     } else {
       __ sub(r0, r0, Operand(r1), SetCC);
     }
 
     // If the increment/decrement didn't overflow, we're done.
-    __ b(vc, &exit);
+    exit.Branch(vc);
 
     // Revert optimistic increment/decrement.
     if (is_increment) {
       __ sub(r0, r0, Operand(r1));
     } else {
       __ add(r0, r0, Operand(r1));
     }
 
     // Slow case: Convert to number.
-    __ bind(&slow);
+    slow.Bind();
 
     // Postfix: Convert the operand to a number and store it as the result.
     if (is_postfix) {
       InvokeBuiltinStub stub(InvokeBuiltinStub::ToNumber, 2);
-      __ CallStub(&stub);
+      frame_->CallStub(&stub, 0);
       // Store to result (on the stack).
-      __ str(r0, frame_->Element(target.size()));
+      __ str(r0, frame_->ElementAt(target.size()));
     }
 
     // Compute the new value by calling the right JavaScript native.
     if (is_increment) {
       InvokeBuiltinStub stub(InvokeBuiltinStub::Inc, 1);
-      __ CallStub(&stub);
+      frame_->CallStub(&stub, 0);
     } else {
       InvokeBuiltinStub stub(InvokeBuiltinStub::Dec, 1);
-      __ CallStub(&stub);
+      frame_->CallStub(&stub, 0);
     }
 
     // Store the new value in the target if not const.
-    __ bind(&exit);
+    exit.Bind();
     frame_->Push(r0);
     if (!is_const) target.SetValue(NOT_CONST_INIT);
   }
 
   // Postfix: Discard the new value and use the old.
   if (is_postfix) frame_->Pop(r0);
 }
 
 
 void CodeGenerator::VisitBinaryOperation(BinaryOperation* node) {
@@ skipping 140 matching lines @@
   // runtime routine for checking equality.
 
   if (op == Token::EQ || op == Token::EQ_STRICT) {
     bool left_is_null =
       left->AsLiteral() != NULL && left->AsLiteral()->IsNull();
     bool right_is_null =
       right->AsLiteral() != NULL && right->AsLiteral()->IsNull();
     // The 'null' value is only equal to 'null' or 'undefined'.
     if (left_is_null || right_is_null) {
       Load(left_is_null ? right : left);
-      Label exit, undetectable;
+      JumpTarget exit(this);
+      JumpTarget undetectable(this);
       frame_->Pop(r0);
       __ cmp(r0, Operand(Factory::null_value()));
 
       // The 'null' value is only equal to 'undefined' if using
       // non-strict comparisons.
       if (op != Token::EQ_STRICT) {
-        __ b(eq, &exit);
+        exit.Branch(eq);
         __ cmp(r0, Operand(Factory::undefined_value()));
 
         // NOTE: it can be undetectable object.
-        __ b(eq, &exit);
+        exit.Branch(eq);
         __ tst(r0, Operand(kSmiTagMask));
 
-        __ b(ne, &undetectable);
+        undetectable.Branch(ne);
         false_target()->Jump();
 
-        __ bind(&undetectable);
+        undetectable.Bind();
         __ ldr(r1, FieldMemOperand(r0, HeapObject::kMapOffset));
         __ ldrb(r2, FieldMemOperand(r1, Map::kBitFieldOffset));
         __ and_(r2, r2, Operand(1 << Map::kIsUndetectable));
         __ cmp(r2, Operand(1 << Map::kIsUndetectable));
       }
 
-      __ bind(&exit);
+      exit.Bind();
 
       cc_reg_ = eq;
       return;
     }
   }
 
 
   // NOTE: To make typeof testing for natives implemented in
   // JavaScript really efficient, we generate special code for
   // expressions of the form: 'typeof <expression> == <string>'.
@@ skipping 111 matching lines @@
     case Token::GTE:
       Comparison(ge);
       break;
 
     case Token::EQ_STRICT:
       Comparison(eq, true);
       break;
 
     case Token::IN:
       __ mov(r0, Operand(1));  // not counting receiver
-      __ InvokeBuiltin(Builtins::IN, CALL_JS);
+      frame_->InvokeBuiltin(Builtins::IN, CALL_JS, 2);
       frame_->Push(r0);
       break;
 
     case Token::INSTANCEOF:
       __ mov(r0, Operand(1));  // not counting receiver
-      __ InvokeBuiltin(Builtins::INSTANCE_OF, CALL_JS);
+      frame_->InvokeBuiltin(Builtins::INSTANCE_OF, CALL_JS, 2);
       __ tst(r0, Operand(r0));
       cc_reg_ = eq;
       break;
 
     default:
       UNREACHABLE();
   }
 }
 
 
@@ skipping 53 matching lines @@
       // loads must not throw a reference error).
       Comment cmnt(masm, "[ Load from named Property");
       // Setup the name register.
       Handle<String> name(GetName());
       __ mov(r2, Operand(name));
       Handle<Code> ic(Builtins::builtin(Builtins::LoadIC_Initialize));
 
       Variable* var = expression_->AsVariableProxy()->AsVariable();
       if (var != NULL) {
         ASSERT(var->is_global());
-        __ Call(ic, RelocInfo::CODE_TARGET_CONTEXT);
+        frame->CallCodeObject(ic, RelocInfo::CODE_TARGET_CONTEXT, 0);
       } else {
-        __ Call(ic, RelocInfo::CODE_TARGET);
+        frame->CallCodeObject(ic, RelocInfo::CODE_TARGET, 0);
       }
       frame->Push(r0);
       break;
     }
 
     case KEYED: {
       // TODO(1241834): Make sure that this it is safe to ignore the
       // distinction between expressions in a typeof and not in a typeof.
       Comment cmnt(masm, "[ Load from keyed Property");
       ASSERT(property != NULL);
       // TODO(1224671): Implement inline caching for keyed loads as on ia32.
       GetPropertyStub stub;
-      __ CallStub(&stub);
+      frame->CallStub(&stub, 0);
       frame->Push(r0);
       break;
     }
 
     default:
       UNREACHABLE();
   }
 }
 
 
@@ skipping 29 matching lines @@
           //
           // Note that we must declare the foo upon entry of eval(), via a
           // context slot declaration, but we cannot initialize it at the
           // same time, because the const declaration may be at the end of
           // the eval code (sigh...) and the const variable may have been
           // used before (where its value is 'undefined'). Thus, we can only
           // do the initialization when we actually encounter the expression
           // and when the expression operands are defined and valid, and
           // thus we need the split into 2 operations: declaration of the
           // context slot followed by initialization.
-          __ CallRuntime(Runtime::kInitializeConstContextSlot, 3);
+          frame->CallRuntime(Runtime::kInitializeConstContextSlot, 3);
         } else {
-          __ CallRuntime(Runtime::kStoreContextSlot, 3);
+          frame->CallRuntime(Runtime::kStoreContextSlot, 3);
         }
         // Storing a variable must keep the (new) value on the expression
         // stack. This is necessary for compiling assignment expressions.
         frame->Push(r0);
 
       } else {
         ASSERT(slot->var()->mode() != Variable::DYNAMIC);
 
-        Label exit;
+        JumpTarget exit(cgen_);
         if (init_state == CONST_INIT) {
           ASSERT(slot->var()->mode() == Variable::CONST);
           // Only the first const initialization must be executed (the slot
           // still contains 'the hole' value). When the assignment is
           // executed, the code is identical to a normal store (see below).
           Comment cmnt(masm, "[ Init const");
           __ ldr(r2, cgen_->SlotOperand(slot, r2));
           __ cmp(r2, Operand(Factory::the_hole_value()));
-          __ b(ne, &exit);
+          exit.Branch(ne);
         }
 
         // We must execute the store.  Storing a variable must keep the
         // (new) value on the stack. This is necessary for compiling
         // assignment expressions.
         //
         // Note: We will reach here even with slot->var()->mode() ==
         // Variable::CONST because of const declarations which will
         // initialize consts to 'the hole' value and by doing so, end up
         // calling this code.  r2 may be loaded with context; used below in
         // RecordWrite.
         frame->Pop(r0);
         __ str(r0, cgen_->SlotOperand(slot, r2));
         frame->Push(r0);
         if (slot->type() == Slot::CONTEXT) {
           // Skip write barrier if the written value is a smi.
           __ tst(r0, Operand(kSmiTagMask));
-          __ b(eq, &exit);
+          exit.Branch(eq);
           // r2 is loaded with context when calling SlotOperand above.
           int offset = FixedArray::kHeaderSize + slot->index() * kPointerSize;
           __ mov(r3, Operand(offset));
           __ RecordWrite(r2, r3, r1);
         }
         // If we definitely did not jump over the assignment, we do not need
         // to bind the exit label.  Doing so can defeat peephole
         // optimization.
         if (init_state == CONST_INIT || slot->type() == Slot::CONTEXT) {
-          __ bind(&exit);
+          exit.Bind();
         }
       }
       break;
     }
 
     case NAMED: {
       Comment cmnt(masm, "[ Store to named Property");
       // Call the appropriate IC code.
       frame->Pop(r0);  // value
       // Setup the name register.
       Handle<String> name(GetName());
       __ mov(r2, Operand(name));
       Handle<Code> ic(Builtins::builtin(Builtins::StoreIC_Initialize));
-      __ Call(ic, RelocInfo::CODE_TARGET);
+      frame->CallCodeObject(ic, RelocInfo::CODE_TARGET, 0);
       frame->Push(r0);
       break;
     }
 
     case KEYED: {
       Comment cmnt(masm, "[ Store to keyed Property");
       Property* property = expression_->AsProperty();
       ASSERT(property != NULL);
       __ RecordPosition(property->position());
       frame->Pop(r0);  // value
       SetPropertyStub stub;
-      __ CallStub(&stub);
+      frame->CallStub(&stub, 0);
       frame->Push(r0);
       break;
     }
 
     default:
       UNREACHABLE();
   }
 }
 
 
@@ skipping 899 matching lines @@
   __ mov(r2, Operand(0));
   __ GetBuiltinEntry(r3, Builtins::CALL_NON_FUNCTION);
   __ Jump(Handle<Code>(Builtins::builtin(Builtins::ArgumentsAdaptorTrampoline)),
           RelocInfo::CODE_TARGET);
 }
 
 
 #undef __
 
 } }  // namespace v8::internal