First step toward allowing constants to appear in the virtual frame...

src/codegen-ia32.cc

 // Copyright 2006-2008 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 140 matching lines @@
       frame_->EmitPush(Immediate(Smi::FromInt(scope_->num_parameters())));
       frame_->CallStub(&stub, 3);
       __ mov(ecx, Operand(eax));
       arguments_object_allocated = true;
     }
 
     // Allocate space for locals and initialize them.
     frame_->AllocateStackSlots(scope_->num_stack_slots());
 
     if (scope_->num_heap_slots() > 0) {
+      frame_->SpillAll();
       Comment cmnt(masm_, "[ allocate local context");
       // Save the arguments object pointer, if any.
       if (arguments_object_allocated && !arguments_object_saved) {
         frame_->EmitPush(ecx);
         arguments_object_saved = true;
       }
       // Allocate local context.
       // Get outer context and create a new context based on it.
       frame_->EmitPush(frame_->Function());
       frame_->CallRuntime(Runtime::kNewContext, 1);  // eax holds the result
@@ skipping 22 matching lines @@
       // needs to be copied into the context, it must be the last argument
       // passed to the parameter that needs to be copied. This is a rare
       // case so we don't check for it, instead we rely on the copying
       // order: such a parameter is copied repeatedly into the same
       // context location and thus the last value is what is seen inside
       // the function.
       for (int i = 0; i < scope_->num_parameters(); i++) {
         Variable* par = scope_->parameter(i);
         Slot* slot = par->slot();
         if (slot != NULL && slot->type() == Slot::CONTEXT) {
-          // Save the arguments object pointer, if any.

[William Hesse, 2008/11/18 16:37:34]

What is this change?

[Kevin Millikin (Chromium), 2008/11/18 19:12:06]

As far as I can tell, the only reason to save ecx here is because it will be
clobbered by SlotOperand and RecordWrite.  All the gymnastics with saving ecx
will go away as soon as we can support registers in the virtual frame, anyway.

-          if (arguments_object_allocated && !arguments_object_saved) {
-            frame_->EmitPush(ecx);
-            arguments_object_saved = true;
-          }
           ASSERT(!scope_->is_global_scope());  // no parameters in global scope
           __ mov(eax, frame_->ParameterAt(i));
           // Loads ecx with context; used below in RecordWrite.
-          __ mov(SlotOperand(slot, ecx), eax);
+          __ mov(SlotOperand(slot, edx), eax);
           int offset = FixedArray::kHeaderSize + slot->index() * kPointerSize;
-          __ RecordWrite(ecx, offset, eax, ebx);
+          __ RecordWrite(edx, offset, eax, ebx);
         }
       }
     }
 
     // This section stores the pointer to the arguments object that
     // was allocated and copied into above. If the address was not
     // saved to TOS, we push ecx onto the stack.
     //
     // Store the arguments object.  This must happen after context
     // initialization because the arguments object may be stored in the
     // context.
     if (arguments_object_allocated) {
       ASSERT(scope_->arguments() != NULL);
       ASSERT(scope_->arguments_shadow() != NULL);
       Comment cmnt(masm_, "[ store arguments object");
       { Reference shadow_ref(this, scope_->arguments_shadow());
         ASSERT(shadow_ref.is_slot());
         { Reference arguments_ref(this, scope_->arguments());
           ASSERT(arguments_ref.is_slot());
           // If the newly-allocated arguments object is already on the
           // stack, we make use of the convenient property that references
           // representing slots take up no space on the expression stack
           // (ie, it doesn't matter that the stored value is actually below
           // the reference).
           //
           // If the newly-allocated argument object is not already on
           // the stack, we rely on the property that loading a
           // zero-sized reference will not clobber the ecx register.
           if (!arguments_object_saved) {
+            frame_->SpillAll();
             frame_->EmitPush(ecx);
           }
           arguments_ref.SetValue(NOT_CONST_INIT);
         }
         shadow_ref.SetValue(NOT_CONST_INIT);
       }
       frame_->Drop();  // Value is no longer needed.
     }
 
     // Generate code to 'execute' declarations and initialize functions
@@ skipping 264 matching lines @@
     frame_->CallRuntime(Runtime::kThrowReferenceError, 1);
   }
 }
 
 
 void CodeGenerator::UnloadReference(Reference* ref) {
   // Pop a reference from the stack while preserving TOS.
   Comment cmnt(masm_, "[ UnloadReference");
   int size = ref->size();
   if (size == 1) {
-    frame_->Pop(eax);
+    frame_->EmitPop(eax);
     __ mov(frame_->Top(), eax);
   } else if (size > 1) {
-    frame_->Pop(eax);
+    frame_->EmitPop(eax);
     frame_->Drop(size);
     frame_->EmitPush(eax);
   }
 }
 
 
 class ToBooleanStub: public CodeStub {
  public:
   ToBooleanStub() { }
 
   void Generate(MacroAssembler* masm);
 
  private:
   Major MajorKey() { return ToBoolean; }
   int MinorKey() { return 0; }
 };
 
 
 // ECMA-262, section 9.2, page 30: ToBoolean(). Pop the top of stack and
 // convert it to a boolean in the condition code register or jump to
 // 'false_target'/'true_target' as appropriate.
 void CodeGenerator::ToBoolean(JumpTarget* true_target, JumpTarget* false_target) {
   Comment cmnt(masm_, "[ ToBoolean");
 
   // The value to convert should be popped from the stack.
-  frame_->Pop(eax);
+  frame_->EmitPop(eax);
 
   // Fast case checks.
 
   // 'false' => false.
   __ cmp(eax, Factory::false_value());
   false_target->Branch(equal);
 
   // 'true' => true.
   __ cmp(eax, Factory::true_value());
   true_target->Branch(equal);
@@ skipping 137 matching lines @@
 
 
 void CodeGenerator::GenericBinaryOperation(Token::Value op,
                                            StaticType* type,
                                            OverwriteMode overwrite_mode) {
   Comment cmnt(masm_, "[ BinaryOperation");
   Comment cmnt_token(masm_, Token::String(op));
 
   if (op == Token::COMMA) {
     // Simply discard left value.
-    frame_->Pop(eax);
+    frame_->EmitPop(eax);
     frame_->Drop();
     frame_->EmitPush(eax);
     return;
   }
 
   // Set the flags based on the operation, type and loop nesting level.
   GenericBinaryFlags flags;
   switch (op) {
     case Token::BIT_OR:
     case Token::BIT_AND:
@@ skipping 15 matching lines @@
               ? SMI_CODE_INLINED
               : SMI_CODE_IN_STUB;
       break;
   }
 
   if (flags == SMI_CODE_INLINED) {
     // Create a new deferred code for the slow-case part.
     DeferredInlineBinaryOperation* deferred =
         new DeferredInlineBinaryOperation(this, op, overwrite_mode, flags);
     // Fetch the operands from the stack.
-    frame_->Pop(ebx);  // get y
+    frame_->EmitPop(ebx);  // get y
     __ mov(eax, frame_->Top());  // get x
     // Generate the inline part of the code.
     deferred->GenerateInlineCode();
     // Put result back on the stack. It seems somewhat weird to let
     // the deferred code jump back before the assignment to the frame
     // top, but this is just to let the peephole optimizer get rid of
     // more code.
     __ bind(deferred->exit());
     __ mov(frame_->Top(), eax);
   } else {
@@ skipping 170 matching lines @@
 
   switch (op) {
     case Token::ADD: {
       DeferredCode* deferred = NULL;
       if (!reversed) {
         deferred = new DeferredInlinedSmiAdd(this, int_value, overwrite_mode);
       } else {
         deferred = new DeferredInlinedSmiAddReversed(this, int_value,
                                                      overwrite_mode);
       }
-      frame_->Pop(eax);
+      frame_->EmitPop(eax);
       __ add(Operand(eax), Immediate(value));
       __ j(overflow, deferred->enter(), not_taken);
       __ test(eax, Immediate(kSmiTagMask));
       __ j(not_zero, deferred->enter(), not_taken);
       __ bind(deferred->exit());
       frame_->EmitPush(eax);
       break;
     }
 
     case Token::SUB: {
       DeferredCode* deferred = NULL;
-      frame_->Pop(eax);
+      frame_->EmitPop(eax);
       if (!reversed) {
         deferred = new DeferredInlinedSmiSub(this, int_value, overwrite_mode);
         __ sub(Operand(eax), Immediate(value));
       } else {
         deferred = new DeferredInlinedSmiSubReversed(this, edx, overwrite_mode);
         __ mov(edx, Operand(eax));
         __ mov(eax, Immediate(value));
         __ sub(eax, Operand(edx));
       }
       __ j(overflow, deferred->enter(), not_taken);
       __ test(eax, Immediate(kSmiTagMask));
       __ j(not_zero, deferred->enter(), not_taken);
       __ bind(deferred->exit());
       frame_->EmitPush(eax);
       break;
     }
 
     case Token::SAR: {
       if (reversed) {
-        frame_->Pop(eax);
+        frame_->EmitPop(eax);
         frame_->EmitPush(Immediate(value));
         frame_->EmitPush(eax);
         GenericBinaryOperation(op, type, overwrite_mode);
       } else {
         int shift_value = int_value & 0x1f;  // only least significant 5 bits
         DeferredCode* deferred =
           new DeferredInlinedSmiOperation(this, Token::SAR, shift_value,
                                           overwrite_mode);
-        frame_->Pop(eax);
+        frame_->EmitPop(eax);
         __ test(eax, Immediate(kSmiTagMask));
         __ j(not_zero, deferred->enter(), not_taken);
         __ sar(eax, shift_value);
         __ and_(eax, ~kSmiTagMask);
         __ bind(deferred->exit());
         frame_->EmitPush(eax);
       }
       break;
     }
 
     case Token::SHR: {
       if (reversed) {
-        frame_->Pop(eax);
+        frame_->EmitPop(eax);
         frame_->EmitPush(Immediate(value));
         frame_->EmitPush(eax);
         GenericBinaryOperation(op, type, overwrite_mode);
       } else {
         int shift_value = int_value & 0x1f;  // only least significant 5 bits
         DeferredCode* deferred =
         new DeferredInlinedSmiOperation(this, Token::SHR, shift_value,
                                         overwrite_mode);
-        frame_->Pop(eax);
+        frame_->EmitPop(eax);
         __ test(eax, Immediate(kSmiTagMask));
         __ mov(ebx, Operand(eax));
         __ j(not_zero, deferred->enter(), not_taken);
         __ sar(ebx, kSmiTagSize);
         __ shr(ebx, shift_value);
         __ test(ebx, Immediate(0xc0000000));
         __ j(not_zero, deferred->enter(), not_taken);
         // tag result and store it in TOS (eax)
         ASSERT(kSmiTagSize == times_2);  // adjust code if not the case
         __ lea(eax, Operand(ebx, ebx, times_1, kSmiTag));
         __ bind(deferred->exit());
         frame_->EmitPush(eax);
       }
       break;
     }
 
     case Token::SHL: {
       if (reversed) {
-        frame_->Pop(eax);
+        frame_->EmitPop(eax);
         frame_->EmitPush(Immediate(value));
         frame_->EmitPush(eax);
         GenericBinaryOperation(op, type, overwrite_mode);
       } else {
         int shift_value = int_value & 0x1f;  // only least significant 5 bits
         DeferredCode* deferred =
         new DeferredInlinedSmiOperation(this, Token::SHL, shift_value,
                                         overwrite_mode);
-        frame_->Pop(eax);
+        frame_->EmitPop(eax);
         __ test(eax, Immediate(kSmiTagMask));
         __ mov(ebx, Operand(eax));
         __ j(not_zero, deferred->enter(), not_taken);
         __ sar(ebx, kSmiTagSize);
         __ shl(ebx, shift_value);
         __ lea(ecx, Operand(ebx, 0x40000000));
         __ test(ecx, Immediate(0x80000000));
         __ j(not_zero, deferred->enter(), not_taken);
         // tag result and store it in TOS (eax)
         ASSERT(kSmiTagSize == times_2);  // adjust code if not the case
         __ lea(eax, Operand(ebx, ebx, times_1, kSmiTag));
         __ bind(deferred->exit());
         frame_->EmitPush(eax);
       }
       break;
     }
 
     case Token::BIT_OR:
     case Token::BIT_XOR:
     case Token::BIT_AND: {
       DeferredCode* deferred = NULL;
       if (!reversed) {
         deferred =  new DeferredInlinedSmiOperation(this, op, int_value,
                                                     overwrite_mode);
       } else {
         deferred = new DeferredInlinedSmiOperationReversed(this, op, int_value,
                                                            overwrite_mode);
       }
-      frame_->Pop(eax);
+      frame_->EmitPop(eax);
       __ test(eax, Immediate(kSmiTagMask));
       __ j(not_zero, deferred->enter(), not_taken);
       if (op == Token::BIT_AND) {
         __ and_(Operand(eax), Immediate(value));
       } else if (op == Token::BIT_XOR) {
         __ xor_(Operand(eax), Immediate(value));
       } else {
         ASSERT(op == Token::BIT_OR);
         __ or_(Operand(eax), Immediate(value));
       }
       __ bind(deferred->exit());
       frame_->EmitPush(eax);
       break;
     }
 
     default: {
       if (!reversed) {
         frame_->EmitPush(Immediate(value));
       } else {
-        frame_->Pop(eax);
+        frame_->EmitPop(eax);
         frame_->EmitPush(Immediate(value));
         frame_->EmitPush(eax);
       }
       GenericBinaryOperation(op, type, overwrite_mode);
       break;
     }
   }
 }
 
 
@@ skipping 25 matching lines @@
 };
 
 
 void CodeGenerator::Comparison(Condition cc, bool strict) {
   // Strict only makes sense for equality comparisons.
   ASSERT(!strict || cc == equal);
 
   // Implement '>' and '<=' by reversal to obtain ECMA-262 conversion order.
   if (cc == greater || cc == less_equal) {
     cc = ReverseCondition(cc);
-    frame_->Pop(edx);
-    frame_->Pop(eax);
+    frame_->EmitPop(edx);
+    frame_->EmitPop(eax);
   } else {
-    frame_->Pop(eax);
-    frame_->Pop(edx);
+    frame_->EmitPop(eax);
+    frame_->EmitPop(edx);
   }
 
   // Check for the smi case.
   JumpTarget is_smi(this);
   JumpTarget done(this);
   __ mov(ecx, Operand(eax));
   __ or_(ecx, Operand(edx));
   __ test(ecx, Immediate(kSmiTagMask));
   is_smi.Branch(zero, taken);
 
@@ skipping 51 matching lines @@
                                       Handle<Object> value,
                                       bool strict) {
   // Strict only makes sense for equality comparisons.
   ASSERT(!strict || cc == equal);
 
   int int_value = Smi::cast(*value)->value();
   ASSERT(is_intn(int_value, kMaxSmiInlinedBits));
 
   SmiComparisonDeferred* deferred =
       new SmiComparisonDeferred(this, cc, strict, int_value);
-  frame_->Pop(eax);
+  frame_->EmitPop(eax);
   __ test(eax, Immediate(kSmiTagMask));
   __ j(not_zero, deferred->enter(), not_taken);
   // Test smi equality by pointer comparison.
   __ cmp(Operand(eax), Immediate(value));
   __ bind(deferred->exit());
   cc_reg_ = cc;
 }
 
 
 class CallFunctionStub: public CodeStub {
@@ skipping 60 matching lines @@
 
 
 void CodeGenerator::VisitStatements(ZoneList<Statement*>* statements) {
   for (int i = 0; frame_ != NULL && i < statements->length(); i++) {
     Visit(statements->at(i));
   }
 }
 
 
 void CodeGenerator::VisitBlock(Block* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ Block");
   RecordStatementPosition(node);
   node->set_break_stack_height(break_stack_height_);
   node->break_target()->set_code_generator(this);
   VisitStatements(node->statements());
   if (node->break_target()->is_linked()) {
     node->break_target()->Bind();
   }
 }
 
 
 void CodeGenerator::DeclareGlobals(Handle<FixedArray> pairs) {
+  frame_->SpillAll();
   frame_->EmitPush(Immediate(pairs));
   frame_->EmitPush(esi);
   frame_->EmitPush(Immediate(Smi::FromInt(is_eval() ? 1 : 0)));
   frame_->CallRuntime(Runtime::kDeclareGlobals, 3);
   // Return value is ignored.
 }
 
 
 void CodeGenerator::VisitDeclaration(Declaration* node) {
+  frame_->SpillAll();
+
   Comment cmnt(masm_, "[ Declaration");
   Variable* var = node->proxy()->var();
   ASSERT(var != NULL);  // must have been resolved
   Slot* slot = var->slot();
 
   // If it was not possible to allocate the variable at compile time,
   // we need to "declare" it at runtime to make sure it actually
   // exists in the local context.
   if (slot != NULL && slot->type() == Slot::LOOKUP) {
     // Variables with a "LOOKUP" slot were introduced as non-locals
@@ skipping 41 matching lines @@
     // Get rid of the assigned value (declarations are statements).  It's
     // safe to pop the value lying on top of the reference before unloading
     // the reference itself (which preserves the top of stack) because we
     // know that it is a zero-sized reference.
     frame_->Drop();
   }
 }
 
 
 void CodeGenerator::VisitExpressionStatement(ExpressionStatement* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ ExpressionStatement");
   RecordStatementPosition(node);
   Expression* expression = node->expression();
   expression->MarkAsStatement();
   Load(expression);
   // Remove the lingering expression result from the top of stack.
   frame_->Drop();
 }
 
 
 void CodeGenerator::VisitEmptyStatement(EmptyStatement* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "// EmptyStatement");
   // nothing to do
 }
 
 
 void CodeGenerator::VisitIfStatement(IfStatement* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ IfStatement");
   // Generate different code depending on which parts of the if statement
   // are present or not.
   bool has_then_stm = node->HasThenStatement();
   bool has_else_stm = node->HasElseStatement();
 
   RecordStatementPosition(node);
   JumpTarget exit(this);
   if (has_then_stm && has_else_stm) {
     JumpTarget then(this);
@@ skipping 77 matching lines @@
 }
 
 
 void CodeGenerator::CleanStack(int num_bytes) {
   ASSERT(num_bytes % kPointerSize == 0);
   frame_->Drop(num_bytes / kPointerSize);
 }
 
 
 void CodeGenerator::VisitContinueStatement(ContinueStatement* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ ContinueStatement");
   RecordStatementPosition(node);
   CleanStack(break_stack_height_ - node->target()->break_stack_height());
   node->target()->continue_target()->Jump();
 }
 
 
 void CodeGenerator::VisitBreakStatement(BreakStatement* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ BreakStatement");
   RecordStatementPosition(node);
   CleanStack(break_stack_height_ - node->target()->break_stack_height());
   node->target()->break_target()->Jump();
 }
 
 
 void CodeGenerator::VisitReturnStatement(ReturnStatement* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ ReturnStatement");
   RecordStatementPosition(node);
   Load(node->expression());
 
   // Move the function result into eax
-  frame_->Pop(eax);
+  frame_->EmitPop(eax);
 
   // If we're inside a try statement or the return instruction
   // sequence has been generated, we just jump to that
   // point. Otherwise, we generate the return instruction sequence and
   // bind the function return label.
   if (is_inside_try_ || function_return_.is_bound()) {
     function_return_.Jump();
   } else {
     function_return_.Bind();
     if (FLAG_trace) {
@@ skipping 13 matching lines @@
 
     // Check that the size of the code used for returning matches what is
     // expected by the debugger.
     ASSERT_EQ(Debug::kIa32JSReturnSequenceLength,
               __ SizeOfCodeGeneratedSince(&check_exit_codesize));
   }
 }
 
 
 void CodeGenerator::VisitWithEnterStatement(WithEnterStatement* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ WithEnterStatement");
   RecordStatementPosition(node);
   Load(node->expression());
   frame_->CallRuntime(Runtime::kPushContext, 1);
 
   if (kDebug) {
     JumpTarget verified_true(this);
     // Verify eax and esi are the same in debug mode
     __ cmp(eax, Operand(esi));
     verified_true.Branch(equal);
     __ int3();
     verified_true.Bind();
   }
 
   // Update context local.
   __ mov(frame_->Context(), esi);
 }
 
 
 void CodeGenerator::VisitWithExitStatement(WithExitStatement* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ WithExitStatement");
   // Pop context.
   __ mov(esi, ContextOperand(esi, Context::PREVIOUS_INDEX));
   // Update context local.
   __ mov(frame_->Context(), esi);
 }
 
 
 int CodeGenerator::FastCaseSwitchMaxOverheadFactor() {
     return kFastSwitchMaxOverheadFactor;
@@ skipping 14 matching lines @@
     Vector<JumpTarget*> case_targets,
     Vector<JumpTarget> case_labels) {
   // Notice: Internal references, used by both the jmp instruction and
   // the table entries, need to be relocated if the buffer grows. This
   // prevents the forward use of Labels, since a displacement cannot
   // survive relocation, and it also cannot safely be distinguished
   // from a real address.  Instead we put in zero-values as
   // placeholders, and fill in the addresses after the labels have been
   // bound.
 
-  frame_->Pop(eax);  // supposed Smi
+  frame_->EmitPop(eax);  // supposed Smi
   // check range of value, if outside [0..length-1] jump to default/end label.
   ASSERT(kSmiTagSize == 1 && kSmiTag == 0);
 
   // Test whether input is a HeapNumber that is really a Smi
   JumpTarget is_smi(this);
   __ test(eax, Immediate(kSmiTagMask));
   is_smi.Branch(equal);
   // It's a heap object, not a Smi or a Failure
   __ mov(ebx, FieldOperand(eax, HeapObject::kMapOffset));
   __ movzx_b(ebx, FieldOperand(ebx, Map::kInstanceTypeOffset));
@@ skipping 31 matching lines @@
 
   for (int i = 0, entry_pos = table_start.label()->pos();
        i < range;
        i++, entry_pos += sizeof(uint32_t)) {
     __ WriteInternalReference(entry_pos, *case_targets[i]->label());
   }
 }
 
 
 void CodeGenerator::VisitSwitchStatement(SwitchStatement* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ SwitchStatement");
   RecordStatementPosition(node);
   node->set_break_stack_height(break_stack_height_);
   node->break_target()->set_code_generator(this);
 
   Load(node->tag());
 
   if (TryGenerateFastCaseSwitchStatement(node)) {
     return;
   }
@@ skipping 69 matching lines @@
     fall_through.Bind();
   }
 
   if (node->break_target()->is_linked()) {
     node->break_target()->Bind();
   }
 }
 
 
 void CodeGenerator::VisitLoopStatement(LoopStatement* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ LoopStatement");
   RecordStatementPosition(node);
   node->set_break_stack_height(break_stack_height_);
   node->break_target()->set_code_generator(this);
   node->continue_target()->set_code_generator(this);
 
   // Simple condition analysis.  ALWAYS_TRUE and ALWAYS_FALSE represent a
   // known result for the test expression, with no side effects.
   enum { ALWAYS_TRUE, ALWAYS_FALSE, DONT_KNOW } info = DONT_KNOW;
   if (node->cond() == NULL) {
@@ skipping 158 matching lines @@
   }
 
   DecrementLoopNesting();
   if (node->break_target()->is_linked()) {
     node->break_target()->Bind();
   }
 }
 
 
 void CodeGenerator::VisitForInStatement(ForInStatement* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ ForInStatement");
   RecordStatementPosition(node);
 
   // We keep stuff on the stack while the body is executing.
   // Record it, so that a break/continue crossing this statement
   // can restore the stack.
   const int kForInStackSize = 5 * kPointerSize;
   break_stack_height_ += kForInStackSize;
   node->set_break_stack_height(break_stack_height_);
   node->break_target()->set_code_generator(this);
   node->continue_target()->set_code_generator(this);
 
   JumpTarget primitive(this);
   JumpTarget jsobject(this);
   JumpTarget fixed_array(this);
   JumpTarget entry(this);
   JumpTarget end_del_check(this);
   JumpTarget cleanup(this);
   JumpTarget exit(this);
 
   // Get the object to enumerate over (converted to JSObject).
   Load(node->enumerable());
 
   // Both SpiderMonkey and kjs ignore null and undefined in contrast
   // to the specification.  12.6.4 mandates a call to ToObject.
-  frame_->Pop(eax);
+  frame_->EmitPop(eax);
 
   // eax: value to be iterated over
   __ cmp(eax, Factory::undefined_value());
   exit.Branch(equal);
   __ cmp(eax, Factory::null_value());
   exit.Branch(equal);
 
   // Stack layout in body:
   // [iteration counter (smi)] <- slot 0
   // [length of array]         <- slot 1
@@ skipping 121 matching lines @@
   // Discard the i'th entry pushed above or else the remainder of the
   // reference, whichever is currently on top of the stack.
   frame_->Drop();
 
   // Body.
   CheckStack();  // TODO(1222600): ignore if body contains calls.
   Visit(node->body());
 
   // Next.
   node->continue_target()->Bind();
-  frame_->Pop(eax);
+  frame_->EmitPop(eax);
   __ add(Operand(eax), Immediate(Smi::FromInt(1)));
   frame_->EmitPush(eax);
   entry.Jump();
 
   // Cleanup.
   cleanup.Bind();
   node->break_target()->Bind();
   frame_->Drop(5);
 
   // Exit.
   exit.Bind();
 
   break_stack_height_ -= kForInStackSize;
 }
 
 
 void CodeGenerator::VisitTryCatch(TryCatch* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ TryCatch");
 
   JumpTarget try_block(this);
   JumpTarget exit(this);
 
   try_block.Call();
   // --- Catch block ---
   frame_->EmitPush(eax);
 
   // Store the caught exception in the catch variable.
@@ skipping 59 matching lines @@
   // handler structure.
   if (FLAG_debug_code) {
     __ mov(eax, Operand::StaticVariable(handler_address));
     __ lea(eax, Operand(eax, StackHandlerConstants::kAddressDisplacement));
     __ cmp(esp, Operand(eax));
     __ Assert(equal, "stack pointer should point to top handler");
   }
 
   // If we can fall off the end of the try block, unlink from try chain.
   if (frame_ != NULL) {
-    frame_->Pop(eax);
+    frame_->EmitPop(eax);
     __ mov(Operand::StaticVariable(handler_address), eax);  // TOS == next_sp
     frame_->Drop(StackHandlerConstants::kSize / kPointerSize - 1);
     // next_sp popped.
     if (nof_unlinks > 0) {
       exit.Jump();
     }
   }
 
   // Generate unlink code for the (formerly) shadowing targets that have been
   // jumped to.
   for (int i = 0; i <= nof_escapes; i++) {
     if (shadows[i]->is_linked()) {
       // Unlink from try chain; be careful not to destroy the TOS.
       shadows[i]->Bind();
 
       // Reload sp from the top handler, because some statements that we
       // break from (eg, for...in) may have left stuff on the stack.
       __ mov(edx, Operand::StaticVariable(handler_address));
       const int kNextOffset = StackHandlerConstants::kNextOffset +
           StackHandlerConstants::kAddressDisplacement;
       __ lea(esp, Operand(edx, kNextOffset));
       frame_->Forget(frame_->height() - handler_height);
 
-      frame_->Pop(Operand::StaticVariable(handler_address));
+      frame_->EmitPop(Operand::StaticVariable(handler_address));
       frame_->Drop(StackHandlerConstants::kSize / kPointerSize - 1);
       // next_sp popped.
       shadows[i]->original_target()->Jump();
     }
   }
 
   exit.Bind();
 }
 
 
 void CodeGenerator::VisitTryFinally(TryFinally* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ TryFinally");
 
   // State: Used to keep track of reason for entering the finally
   // block. Should probably be extended to hold information for
   // break/continue from within the try block.
   enum { FALLING, THROWING, JUMPING };
 
   JumpTarget unlink(this);
   JumpTarget try_block(this);
   JumpTarget finally_block(this);
@@ skipping 70 matching lines @@
       __ Set(ecx, Immediate(Smi::FromInt(JUMPING + i)));
       unlink.Jump();
     }
   }
 
   // Unlink from try chain; be careful not to destroy the TOS.
   unlink.Bind();
   // Reload sp from the top handler, because some statements that we
   // break from (eg, for...in) may have left stuff on the stack.
   // Preserve the TOS in a register across stack manipulation.
-  frame_->Pop(eax);
+  frame_->EmitPop(eax);
   ExternalReference handler_address(Top::k_handler_address);
   __ mov(edx, Operand::StaticVariable(handler_address));
   const int kNextOffset = StackHandlerConstants::kNextOffset +
       StackHandlerConstants::kAddressDisplacement;
   __ lea(esp, Operand(edx, kNextOffset));
   frame_->Forget(frame_->height() - handler_height);
 
-  frame_->Pop(Operand::StaticVariable(handler_address));
+  frame_->EmitPop(Operand::StaticVariable(handler_address));
   frame_->Drop(StackHandlerConstants::kSize / kPointerSize - 1);
   // Next_sp popped.
   frame_->EmitPush(eax);
 
   // --- Finally block ---
   finally_block.Bind();
 
   // Push the state on the stack.
   frame_->EmitPush(ecx);
 
   // We keep two elements on the stack - the (possibly faked) result
   // and the state - while evaluating the finally block. Record it, so
   // that a break/continue crossing this statement can restore the
   // stack.
   const int kFinallyStackSize = 2 * kPointerSize;
   break_stack_height_ += kFinallyStackSize;
 
   // Generate code for the statements in the finally block.
   VisitStatements(node->finally_block()->statements());
 
   break_stack_height_ -= kFinallyStackSize;
   if (frame_ != NULL) {
     JumpTarget exit(this);
     // Restore state and return value or faked TOS.
-    frame_->Pop(ecx);
-    frame_->Pop(eax);
+    frame_->EmitPop(ecx);
+    frame_->EmitPop(eax);
 
     // Generate code to jump to the right destination for all used
     // (formerly) shadowing targets.
     for (int i = 0; i <= nof_escapes; i++) {
       if (shadows[i]->is_bound()) {
         __ cmp(Operand(ecx), Immediate(Smi::FromInt(JUMPING + i)));
         shadows[i]->original_target()->Branch(equal);
       }
     }
 
     // Check if we need to rethrow the exception.
     __ cmp(Operand(ecx), Immediate(Smi::FromInt(THROWING)));
     exit.Branch(not_equal);
 
     // Rethrow exception.
     frame_->EmitPush(eax);  // undo pop from above
     frame_->CallRuntime(Runtime::kReThrow, 1);
 
     // Done.
     exit.Bind();
   }
 }
 
 
 void CodeGenerator::VisitDebuggerStatement(DebuggerStatement* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ DebuggerStatement");
   RecordStatementPosition(node);
   frame_->CallRuntime(Runtime::kDebugBreak, 0);
   // Ignore the return value.
 }
 
 
 void CodeGenerator::InstantiateBoilerplate(Handle<JSFunction> boilerplate) {
   ASSERT(boilerplate->IsBoilerplate());
 
   // Push the boilerplate on the stack.
   frame_->EmitPush(Immediate(boilerplate));
 
   // Create a new closure.
   frame_->EmitPush(esi);
   frame_->CallRuntime(Runtime::kNewClosure, 2);
   frame_->EmitPush(eax);
 }
 
 
 void CodeGenerator::VisitFunctionLiteral(FunctionLiteral* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ FunctionLiteral");
 
   // Build the function boilerplate and instantiate it.
   Handle<JSFunction> boilerplate = BuildBoilerplate(node);
   // Check for stack-overflow exception.
   if (HasStackOverflow()) return;
   InstantiateBoilerplate(boilerplate);
 }
 
 
 void CodeGenerator::VisitFunctionBoilerplateLiteral(
     FunctionBoilerplateLiteral* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ FunctionBoilerplateLiteral");
   InstantiateBoilerplate(node->boilerplate());
 }
 
 
 void CodeGenerator::VisitConditional(Conditional* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ Conditional");
   JumpTarget then(this);
   JumpTarget else_(this);
   JumpTarget exit(this);
   LoadCondition(node->condition(), NOT_INSIDE_TYPEOF, &then, &else_, true);
   if (frame_ != NULL) {
     Branch(false, &else_);
   }
   if (frame_ != NULL || then.is_linked()) {
     then.Bind();
@@ skipping 40 matching lines @@
       exit.Bind();
       frame_->EmitPush(eax);
     } else {
       frame_->EmitPush(SlotOperand(slot, ecx));
     }
   }
 }
 
 
 void CodeGenerator::VisitSlot(Slot* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ Slot");
   LoadFromSlot(node, typeof_state());
 }
 
 
 void CodeGenerator::VisitVariableProxy(VariableProxy* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ VariableProxy");
   Variable* var = node->var();
   Expression* expr = var->rewrite();
   if (expr != NULL) {
     // We have to be wary of calling Visit directly on expressions.  Because
     // of special casing comparisons of the form typeof<expr> === "string",
     // we can return from a call from Visit (to a comparison or a unary
     // operation) without a virtual frame; which will probably crash if we
     // try to emit frame code before reestablishing a frame.  Here we're
     // safe as long as variable proxies can't rewrite into typeof
     // comparisons or unary logical not expressions.
     Visit(expr);
     ASSERT(frame_ != NULL);
   } else {
     ASSERT(var->is_global());
     Reference ref(this, node);
     ref.GetValue(typeof_state());
   }
 }
 
 
 void CodeGenerator::VisitLiteral(Literal* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ Literal");
   if (node->handle()->IsSmi() && !IsInlineSmi(node)) {
     // To prevent long attacker-controlled byte sequences in code, larger
     // Smis are loaded in two steps.
     int bits = reinterpret_cast<int>(*node->handle());
     __ mov(eax, bits & 0x0000FFFF);
     __ xor_(eax, bits & 0xFFFF0000);
     frame_->EmitPush(eax);
   } else {
     frame_->EmitPush(Immediate(node->handle()));
@@ skipping 24 matching lines @@
   // RegExp pattern (2).
   __ push(Immediate(node_->pattern()));
   // RegExp flags (3).
   __ push(Immediate(node_->flags()));
   __ CallRuntime(Runtime::kMaterializeRegExpLiteral, 4);
   __ mov(ebx, Operand(eax));  // "caller" expects result in ebx
 }
 
 
 void CodeGenerator::VisitRegExpLiteral(RegExpLiteral* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ RegExp Literal");
   RegExpDeferred* deferred = new RegExpDeferred(this, node);
 
   // Retrieve the literal array and check the allocated entry.
 
   // Load the function of this activation.
   __ mov(ecx, frame_->Function());
 
   // Load the literals array of the function.
   __ mov(ecx, FieldOperand(ecx, JSFunction::kLiteralsOffset));
@@ skipping 40 matching lines @@
   // Literal index (1).
   __ push(Immediate(Smi::FromInt(node_->literal_index())));
   // Constant properties (2).
   __ push(Immediate(node_->constant_properties()));
   __ CallRuntime(Runtime::kCreateObjectLiteralBoilerplate, 3);
   __ mov(ebx, Operand(eax));
 }
 
 
 void CodeGenerator::VisitObjectLiteral(ObjectLiteral* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ ObjectLiteral");
   ObjectLiteralDeferred* deferred = new ObjectLiteralDeferred(this, node);
 
   // Retrieve the literal array and check the allocated entry.
 
   // Load the function of this activation.
   __ mov(ecx, frame_->Function());
 
   // Load the literals array of the function.
   __ mov(ecx, FieldOperand(ecx, JSFunction::kLiteralsOffset));
@@ skipping 21 matching lines @@
     ObjectLiteral::Property* property  = node->properties()->at(i);
     switch (property->kind()) {
       case ObjectLiteral::Property::CONSTANT: break;
       case ObjectLiteral::Property::COMPUTED: {
         Handle<Object> key(property->key()->handle());
         Handle<Code> ic(Builtins::builtin(Builtins::StoreIC_Initialize));
         if (key->IsSymbol()) {
           __ mov(eax, frame_->Top());
           frame_->EmitPush(eax);
           Load(property->value());
-          frame_->Pop(eax);
+          frame_->EmitPop(eax);
           __ Set(ecx, Immediate(key));
           frame_->CallCodeObject(ic, RelocInfo::CODE_TARGET, 0);
           frame_->Drop();
           // Ignore result.
           break;
         }
         // Fall through
       }
       case ObjectLiteral::Property::PROTOTYPE: {
         __ mov(eax, frame_->Top());
@@ skipping 28 matching lines @@
         // Ignore result.
         break;
       }
       default: UNREACHABLE();
     }
   }
 }
 
 
 void CodeGenerator::VisitArrayLiteral(ArrayLiteral* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ ArrayLiteral");
 
   // Call runtime to create the array literal.
   frame_->EmitPush(Immediate(node->literals()));
   // Load the function of this frame.
   __ mov(ecx, frame_->Function());
   // Load the literals array of the function.
   __ mov(ecx, FieldOperand(ecx, JSFunction::kLiteralsOffset));
   frame_->EmitPush(ecx);
   frame_->CallRuntime(Runtime::kCreateArrayLiteral, 2);
 
   // Push the resulting array literal on the stack.
   frame_->EmitPush(eax);
 
   // Generate code to set the elements in the array that are not
   // literals.
   for (int i = 0; i < node->values()->length(); i++) {
     Expression* value = node->values()->at(i);
 
     // If value is literal the property value is already
     // set in the boilerplate object.
     if (value->AsLiteral() == NULL) {
       // The property must be set by generated code.
       Load(value);
 
       // Get the value off the stack.
-      frame_->Pop(eax);
+      frame_->EmitPop(eax);
       // Fetch the object literal while leaving on the stack.
       __ mov(ecx, frame_->Top());
       // Get the elements array.
       __ mov(ecx, FieldOperand(ecx, JSObject::kElementsOffset));
 
       // Write to the indexed properties array.
       int offset = i * kPointerSize + Array::kHeaderSize;
       __ mov(FieldOperand(ecx, offset), eax);
 
       // Update the write barrier for the array address.
       __ RecordWrite(ecx, offset, eax, ebx);
     }
   }
 }
 
 
 bool CodeGenerator::IsInlineSmi(Literal* literal) {
   if (literal == NULL || !literal->handle()->IsSmi()) return false;
   int int_value = Smi::cast(*literal->handle())->value();
   return is_intn(int_value, kMaxSmiInlinedBits);
 }
 
 
 void CodeGenerator::VisitAssignment(Assignment* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ Assignment");
 
   RecordStatementPosition(node);
   { Reference target(this, node->target());
     if (target.is_illegal()) {
       // Fool the virtual frame into thinking that we left the assignment's
       // value on the frame.
       frame_->EmitPush(Immediate(Smi::FromInt(0)));
       return;
     }
@@ skipping 29 matching lines @@
         target.SetValue(CONST_INIT);
       } else {
         target.SetValue(NOT_CONST_INIT);
       }
     }
   }
 }
 
 
 void CodeGenerator::VisitThrow(Throw* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ Throw");
 
   Load(node->exception());
   __ RecordPosition(node->position());
   frame_->CallRuntime(Runtime::kThrow, 1);
   frame_->EmitPush(eax);
 }
 
 
 void CodeGenerator::VisitProperty(Property* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ Property");
   Reference property(this, node);
   property.GetValue(typeof_state());
 }
 
 
 void CodeGenerator::VisitCall(Call* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ Call");
 
   ZoneList<Expression*>* args = node->arguments();
 
   RecordStatementPosition(node);
 
   // Check if the function is a variable or a property.
   Expression* function = node->expression();
   Variable* var = function->AsVariableProxy()->AsVariable();
   Property* property = function->AsProperty();
@@ skipping 111 matching lines @@
     // Pass the global proxy as the receiver.
     LoadGlobalReceiver(eax);
 
     // Call the function.
     CallWithArguments(args, node->position());
   }
 }
 
 
 void CodeGenerator::VisitCallNew(CallNew* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ CallNew");
 
   // According to ECMA-262, section 11.2.2, page 44, the function
   // expression in new calls must be evaluated before the
   // arguments. This is different from ordinary calls, where the
   // actual function to call is resolved after the arguments have been
   // evaluated.
 
   // Compute function to call and use the global object as the
   // receiver. There is no need to use the global proxy here because
@@ skipping 23 matching lines @@
   Handle<Code> ic(Builtins::builtin(Builtins::JSConstructCall));
   frame_->CallCodeObject(ic, RelocInfo::CONSTRUCT_CALL, args->length() + 1);
   // Discard the function and "push" the newly created object.
   __ mov(frame_->Top(), eax);
 }
 
 
 void CodeGenerator::GenerateIsSmi(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 1);
   Load(args->at(0));
-  frame_->Pop(eax);
+  frame_->EmitPop(eax);
   __ test(eax, Immediate(kSmiTagMask));
   cc_reg_ = zero;
 }
 
 
 void CodeGenerator::GenerateIsNonNegativeSmi(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 1);
   Load(args->at(0));
-  frame_->Pop(eax);
+  frame_->EmitPop(eax);
   __ test(eax, Immediate(kSmiTagMask | 0x80000000));
   cc_reg_ = zero;
 }
 
 
 // This generates code that performs a charCodeAt() call or returns
 // undefined in order to trigger the slow case, Runtime_StringCharCodeAt.
 // It can handle flat and sliced strings, 8 and 16 bit characters and
 // cons strings where the answer is found in the left hand branch of the
 // cons.  The slow case will flatten the string, which will ensure that
 // the answer is in the left hand side the next time around.
 void CodeGenerator::GenerateFastCharCodeAt(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 2);
 
   JumpTarget slow_case(this);
   JumpTarget end(this);
   JumpTarget not_a_flat_string(this);
   JumpTarget not_a_cons_string_either(this);
   JumpTarget try_again_with_new_string(this);
   JumpTarget ascii_string(this);
   JumpTarget got_char_code(this);
 
   // Load the string into eax.
   Load(args->at(0));
-  frame_->Pop(eax);
+  frame_->EmitPop(eax);
   // If the receiver is a smi return undefined.
   ASSERT(kSmiTag == 0);
   __ test(eax, Immediate(kSmiTagMask));
   slow_case.Branch(zero, not_taken);
 
   // Load the index into ebx.
   Load(args->at(1));
-  frame_->Pop(ebx);
+  frame_->EmitPop(ebx);
 
   // Check for negative or non-smi index.
   ASSERT(kSmiTag == 0);
   __ test(ebx, Immediate(kSmiTagMask | 0x80000000));
   slow_case.Branch(not_zero, not_taken);
   // Get rid of the smi tag on the index.
   __ sar(ebx, kSmiTagSize);
 
   try_again_with_new_string.Bind();
   // Get the type of the heap object into edi.
@@ skipping 79 matching lines @@
 
 
 void CodeGenerator::GenerateIsArray(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 1);
   Load(args->at(0));
   JumpTarget answer(this);
   // We need the CC bits to come out as not_equal in the case where the
   // object is a smi.  This can't be done with the usual test opcode so
   // we copy the object to ecx and do some destructive ops on it that
   // result in the right CC bits.
-  frame_->Pop(eax);
+  frame_->EmitPop(eax);
   __ mov(ecx, Operand(eax));
   __ and_(ecx, kSmiTagMask);
   __ xor_(ecx, kSmiTagMask);
   answer.Branch(not_equal, not_taken);
   // It is a heap object - get map.
   __ mov(eax, FieldOperand(eax, HeapObject::kMapOffset));
   __ movzx_b(eax, FieldOperand(eax, Map::kInstanceTypeOffset));
   // Check if the object is a JS array or not.
   __ cmp(eax, JS_ARRAY_TYPE);
   answer.Bind();
@@ skipping 78 matching lines @@
   __ mov(frame_->Top(), eax);
 }
 
 
 void CodeGenerator::GenerateObjectEquals(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 2);
 
   // Load the two objects into registers and perform the comparison.
   Load(args->at(0));
   Load(args->at(1));
-  frame_->Pop(eax);
-  frame_->Pop(ecx);
+  frame_->EmitPop(eax);
+  frame_->EmitPop(ecx);
   __ cmp(eax, Operand(ecx));
   cc_reg_ = equal;
 }
 
 
 void CodeGenerator::VisitCallRuntime(CallRuntime* node) {
+  frame_->SpillAll();
   if (CheckForInlineRuntimeCall(node)) {
     return;
   }
 
   ZoneList<Expression*>* args = node->arguments();
   Comment cmnt(masm_, "[ CallRuntime");
   Runtime::Function* function = node->function();
 
   if (function == NULL) {
     // Prepare stack for calling JS runtime function.
@@ skipping 18 matching lines @@
     __ mov(frame_->Top(), eax);
   } else {
     // Call the C runtime function.
     frame_->CallRuntime(function, arg_count);
     frame_->EmitPush(eax);
   }
 }
 
 
 void CodeGenerator::VisitUnaryOperation(UnaryOperation* node) {
+  frame_->SpillAll();
   // Note that because of NOT and an optimization in comparison of a typeof
   // expression to a literal string, this function can fail to leave a value
   // on top of the frame or in the cc register.
   Comment cmnt(masm_, "[ UnaryOperation");
 
   Token::Value op = node->op();
 
   if (op == Token::NOT) {
     LoadCondition(node->expression(), NOT_INSIDE_TYPEOF,
                   false_target(), true_target(), true);
@@ skipping 54 matching lines @@
     switch (op) {
       case Token::NOT:
       case Token::DELETE:
       case Token::TYPEOF:
         UNREACHABLE();  // handled above
         break;
 
       case Token::SUB: {
         UnarySubStub stub;
         // TODO(1222589): remove dependency of TOS being cached inside stub
-        frame_->Pop(eax);
+        frame_->EmitPop(eax);
         frame_->CallStub(&stub, 0);
         frame_->EmitPush(eax);
         break;
       }
 
       case Token::BIT_NOT: {
         // Smi check.
         JumpTarget smi_label(this);
         JumpTarget continue_label(this);
-        frame_->Pop(eax);
+        frame_->EmitPop(eax);
         __ test(eax, Immediate(kSmiTagMask));
         smi_label.Branch(zero, taken);
 
         frame_->EmitPush(eax);  // undo popping of TOS
         frame_->InvokeBuiltin(Builtins::BIT_NOT, CALL_FUNCTION, 1);
 
         continue_label.Jump();
         smi_label.Bind();
         __ not_(eax);
         __ and_(eax, ~kSmiTagMask);  // Remove inverted smi-tag.
         continue_label.Bind();
         frame_->EmitPush(eax);
         break;
       }
 
       case Token::VOID:
         __ mov(frame_->Top(), Factory::undefined_value());
         break;
 
       case Token::ADD: {
         // Smi check.
         JumpTarget continue_label(this);
-        frame_->Pop(eax);
+        frame_->EmitPop(eax);
         __ test(eax, Immediate(kSmiTagMask));
         continue_label.Branch(zero);
 
         frame_->EmitPush(eax);
         frame_->InvokeBuiltin(Builtins::TO_NUMBER, CALL_FUNCTION, 1);
 
         continue_label.Bind();
         frame_->EmitPush(eax);
         break;
       }
@@ skipping 84 matching lines @@
   if (is_postfix_) {
     RevertToNumberStub to_number_stub(is_increment_);
     __ CallStub(&to_number_stub);
   }
   CounterOpStub stub(result_offset_, is_postfix_, is_increment_);
   __ CallStub(&stub);
 }
 
 
 void CodeGenerator::VisitCountOperation(CountOperation* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ CountOperation");
 
   bool is_postfix = node->is_postfix();
   bool is_increment = node->op() == Token::INC;
 
   Variable* var = node->expression()->AsVariableProxy()->AsVariable();
   bool is_const = (var != NULL && var->mode() == Variable::CONST);
 
   // Postfix: Make room for the result.
   if (is_postfix) {
     frame_->EmitPush(Immediate(0));
   }
 
   { Reference target(this, node->expression());
     if (target.is_illegal()) {
       // Spoof the virtual frame to have the expected height (one higher
       // than on entry).
       if (!is_postfix) {
         frame_->EmitPush(Immediate(Smi::FromInt(0)));
       }
       return;
     }
     target.GetValue(NOT_INSIDE_TYPEOF);
 
     CountOperationDeferred* deferred =
         new CountOperationDeferred(this, is_postfix, is_increment,
                                    target.size() * kPointerSize);
 
-    frame_->Pop(eax);  // Load TOS into eax for calculations below
+    frame_->EmitPop(eax);  // Load TOS into eax for calculations below
 
     // Postfix: Store the old value as the result.
     if (is_postfix) {
       __ mov(frame_->ElementAt(target.size()), eax);
     }
 
     // Perform optimistic increment/decrement.
     if (is_increment) {
       __ add(Operand(eax), Immediate(Smi::FromInt(1)));
     } else {
@@ skipping 14 matching lines @@
   }
 
   // Postfix: Discard the new value and use the old.
   if (is_postfix) {
     frame_->Drop();
   }
 }
 
 
 void CodeGenerator::VisitBinaryOperation(BinaryOperation* node) {
+  frame_->SpillAll();
   // Note that due to an optimization in comparison operations (typeof
   // compared to a string literal), we can evaluate a binary expression such
   // as AND or OR and not leave a value on the frame or in the cc register.
   Comment cmnt(masm_, "[ BinaryOperation");
   Token::Value op = node->op();
 
   // According to ECMA-262 section 11.11, page 58, the binary logical
   // operators must yield the result of one of the two expressions
   // before any ToBoolean() conversions. This means that the value
   // produced by a && or || operator is not necessarily a boolean.
@@ skipping 119 matching lines @@
     } else {
       Load(node->left());
       Load(node->right());
       GenericBinaryOperation(node->op(), node->type(), overwrite_mode);
     }
   }
 }
 
 
 void CodeGenerator::VisitThisFunction(ThisFunction* node) {
+  frame_->SpillAll();
   frame_->EmitPush(frame_->Function());
 }
 
 
 class InstanceofStub: public CodeStub {
  public:
   InstanceofStub() { }
 
   void Generate(MacroAssembler* masm);
 
  private:
   Major MajorKey() { return Instanceof; }
   int MinorKey() { return 0; }
 };
 
 
 void CodeGenerator::VisitCompareOperation(CompareOperation* node) {
+  frame_->SpillAll();
   Comment cmnt(masm_, "[ CompareOperation");
 
   // Get the expressions from the node.
   Expression* left = node->left();
   Expression* right = node->right();
   Token::Value op = node->op();
 
   // To make null checks efficient, we check if either left or right is the
   // literal 'null'. If so, we optimize the code by inlining a null check
   // instead of calling the (very) general runtime routine for checking
   // equality.
   if (op == Token::EQ || op == Token::EQ_STRICT) {
     bool left_is_null =
         left->AsLiteral() != NULL && left->AsLiteral()->IsNull();
     bool right_is_null =
         right->AsLiteral() != NULL && right->AsLiteral()->IsNull();
     // The 'null' value can only be equal to 'null' or 'undefined'.
     if (left_is_null || right_is_null) {
       Load(left_is_null ? right : left);
-      frame_->Pop(eax);
+      frame_->EmitPop(eax);
       __ cmp(eax, Factory::null_value());
 
       // The 'null' value is only equal to 'undefined' if using non-strict
       // comparisons.
       if (op != Token::EQ_STRICT) {
         true_target()->Branch(equal);
 
         __ cmp(eax, Factory::undefined_value());
         true_target()->Branch(equal);
 
@@ skipping 17 matching lines @@
   // 'typeof <expression> == <string>'.
   UnaryOperation* operation = left->AsUnaryOperation();
   if ((op == Token::EQ || op == Token::EQ_STRICT) &&
       (operation != NULL && operation->op() == Token::TYPEOF) &&
       (right->AsLiteral() != NULL &&
        right->AsLiteral()->handle()->IsString())) {
     Handle<String> check(String::cast(*right->AsLiteral()->handle()));
 
     // Load the operand and move it to register edx.
     LoadTypeofExpression(operation->expression());
-    frame_->Pop(edx);
+    frame_->EmitPop(edx);
 
     if (check->Equals(Heap::number_symbol())) {
       __ test(edx, Immediate(kSmiTagMask));
       true_target()->Branch(zero);
       __ mov(edx, FieldOperand(edx, HeapObject::kMapOffset));
       __ cmp(edx, Factory::heap_number_map());
       cc_reg_ = equal;
 
     } else if (check->Equals(Heap::string_symbol())) {
       __ test(edx, Immediate(kSmiTagMask));
@@ skipping 288 matching lines @@
         }
 
         // We must execute the store.  Storing a variable must keep the
         // (new) value on the stack. This is necessary for compiling
         // assignment expressions.
         //
         // Note: We will reach here even with slot->var()->mode() ==
         // Variable::CONST because of const declarations which will
         // initialize consts to 'the hole' value and by doing so, end up
         // calling this code.
-        frame->Pop(eax);
+        frame->EmitPop(eax);
         __ mov(cgen_->SlotOperand(slot, ecx), eax);
         frame->EmitPush(eax);  // RecordWrite may destroy the value in eax.
         if (slot->type() == Slot::CONTEXT) {
           // ecx is loaded with context when calling SlotOperand above.
           int offset = FixedArray::kHeaderSize + slot->index() * kPointerSize;
           __ RecordWrite(ecx, offset, eax, ebx);
         }
         // If we definitely did not jump over the assignment, we do not need
         // to bind the exit label.  Doing so can defeat peephole
         // optimization.
         if (init_state == CONST_INIT) {
           exit.Bind();
         }
       }
       break;
     }
 
     case NAMED: {
       Comment cmnt(masm, "[ Store to named Property");
       // Call the appropriate IC code.
       Handle<String> name(GetName());
       Handle<Code> ic(Builtins::builtin(Builtins::StoreIC_Initialize));
       // TODO(1222589): Make the IC grab the values from the stack.
-      frame->Pop(eax);
+      frame->EmitPop(eax);
       // Setup the name register.
       __ mov(ecx, name);
       frame->CallCodeObject(ic, RelocInfo::CODE_TARGET, 0);
       frame->EmitPush(eax);  // IC call leaves result in eax, push it out
       break;
     }
 
     case KEYED: {
       Comment cmnt(masm, "[ Store to keyed Property");
       Property* property = expression_->AsProperty();
       ASSERT(property != NULL);
       __ RecordPosition(property->position());
       // Call IC code.
       Handle<Code> ic(Builtins::builtin(Builtins::KeyedStoreIC_Initialize));
       // TODO(1222589): Make the IC grab the values from the stack.
-      frame->Pop(eax);
+      frame->EmitPop(eax);
       frame->CallCodeObject(ic, RelocInfo::CODE_TARGET, 0);
       frame->EmitPush(eax);  // IC call leaves result in eax, push it out
       break;
     }
 
     default:
       UNREACHABLE();
   }
 }
 
@@ skipping 1216 matching lines @@
 
   // Slow-case: Go through the JavaScript implementation.
   __ bind(&slow);
   __ InvokeBuiltin(Builtins::INSTANCE_OF, JUMP_FUNCTION);
 }
 
 
 #undef __
 
 } }  // namespace v8::internal