Experimental: introduce a helper class to delmite a scope where the...

src/codegen-ia32.cc

 // Copyright 2006-2008 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 68 matching lines @@
       deferred_(8),
       masm_(new MacroAssembler(NULL, buffer_size)),
       scope_(NULL),
       frame_(NULL),
       allocator_(NULL),
       cc_reg_(no_condition),
       state_(NULL),
       is_inside_try_(false),
       break_stack_height_(0),
       loop_nesting_(0),
-      function_return_is_shadowed_(false) {
+      function_return_is_shadowed_(false),
+      in_spilled_code_(false) {
 }
 
 
 void CodeGenerator::SetFrame(VirtualFrame* new_frame) {
   if (frame_ != NULL) {
     frame_->DetachFromCodeGenerator();
   }
   if (new_frame != NULL) {
     new_frame->AttachToCodeGenerator();
   }
@@ skipping 26 matching lines @@
   ASSERT(scope_ == NULL);
   scope_ = fun->scope();
   ASSERT(allocator_ == NULL);
   RegisterAllocator register_allocator(this);
   allocator_ = &register_allocator;
   ASSERT(frame_ == NULL);
   SetFrame(new VirtualFrame(this));
   cc_reg_ = no_condition;
   function_return_.set_code_generator(this);
   function_return_is_shadowed_ = false;
+  set_in_spilled_code(false);
 
   // Adjust for function-level loop nesting.
   loop_nesting_ += fun->loop_nesting();
 
   {
     CodeGenState state(this);
 
     // Entry
     // stack: function, receiver, arguments, return address
     // esp: stack pointer
@@ skipping 13 matching lines @@
 #endif
 
     // Allocate space for locals and initialize them.
     frame_->AllocateStackSlots(scope_->num_stack_slots());
 
     // Allocate the arguments object and copy the parameters into it.
     if (scope_->arguments() != NULL) {
       ASSERT(scope_->arguments_shadow() != NULL);
       Comment cmnt(masm_, "[ Allocate arguments object");
       ArgumentsAccessStub stub(ArgumentsAccessStub::NEW_OBJECT);
-      frame_->SpillAll();
+      VirtualFrame::SpilledScope spilled_scope(this);
       __ lea(eax, frame_->Receiver());
       frame_->EmitPush(frame_->Function());
       frame_->EmitPush(eax);
       frame_->EmitPush(Immediate(Smi::FromInt(scope_->num_parameters())));
       frame_->CallStub(&stub, 3);
       frame_->Push(eax);
     }
 
     if (scope_->num_heap_slots() > 0) {
       Comment cmnt(masm_, "[ allocate local context");
       // Allocate local context.
       // Get outer context and create a new context based on it.
-      frame_->SpillAll();
+      VirtualFrame::SpilledScope spilled_scope(this);
       frame_->EmitPush(frame_->Function());
       frame_->CallRuntime(Runtime::kNewContext, 1);  // eax holds the result
 
       if (kDebug) {
         JumpTarget verified_true(this);
         // Verify eax and esi are the same in debug mode
         __ cmp(eax, Operand(esi));
         verified_true.Branch(equal);
         __ int3();
         verified_true.Bind();
@@ skipping 14 matching lines @@
       // needs to be copied into the context, it must be the last argument
       // passed to the parameter that needs to be copied. This is a rare
       // case so we don't check for it, instead we rely on the copying
       // order: such a parameter is copied repeatedly into the same
       // context location and thus the last value is what is seen inside
       // the function.
       for (int i = 0; i < scope_->num_parameters(); i++) {
         Variable* par = scope_->parameter(i);
         Slot* slot = par->slot();
         if (slot != NULL && slot->type() == Slot::CONTEXT) {
-          frame_->SpillAll();
+          VirtualFrame::SpilledScope spilled_scope(this);
           ASSERT(!scope_->is_global_scope());  // no parameters in global scope
           __ mov(eax, frame_->ParameterAt(i));
           // Loads ecx with context; used below in RecordWrite.
           __ mov(SlotOperand(slot, edx), eax);
           int offset = FixedArray::kHeaderSize + slot->index() * kPointerSize;
           __ RecordWrite(edx, offset, eax, ebx);
         }
       }
     }
 
     // This section stores the pointer to the arguments object that
     // was allocated and copied into above. If the address was not
     // saved to TOS, we push ecx onto the stack.
     //
     // Store the arguments object.  This must happen after context
     // initialization because the arguments object may be stored in the
     // context.
     if (scope_->arguments() != NULL) {
-      frame_->SpillAll();
+      VirtualFrame::SpilledScope spilled_scope(this);
       Comment cmnt(masm_, "[ store arguments object");
       { Reference shadow_ref(this, scope_->arguments_shadow());
         ASSERT(shadow_ref.is_slot());
         { Reference arguments_ref(this, scope_->arguments());
           ASSERT(arguments_ref.is_slot());
           // Here we rely on the convenient property that references to slot
           // take up zero space in the frame (ie, it doesn't matter that the
           // stored value is actually below the reference on the frame).
           arguments_ref.SetValue(NOT_CONST_INIT);
         }
@@ skipping 126 matching lines @@
 // (partially) translated into branches, or it may have set the condition
 // code register. If force_cc is set, the value is forced to set the
 // condition code register and no value is pushed. If the condition code
 // register was set, has_cc() is true and cc_reg_ contains the condition to
 // test for 'true'.
 void CodeGenerator::LoadCondition(Expression* x,
                                   TypeofState typeof_state,
                                   JumpTarget* true_target,
                                   JumpTarget* false_target,
                                   bool force_cc) {
+  ASSERT(!in_spilled_code());
   ASSERT(!has_cc());
 
   { CodeGenState new_state(this, typeof_state, true_target, false_target);
     Visit(x);
   }
 
   if (force_cc && frame_ != NULL && !has_cc()) {
     // Convert the TOS value to a boolean in the condition code register.
-    frame_->SpillAll();
+    VirtualFrame::SpilledScope spilled_scope(this);
     ToBoolean(true_target, false_target);
   }
 
   ASSERT(!force_cc || frame_ == NULL || has_cc());
 }
 
 
 void CodeGenerator::Load(Expression* x, TypeofState typeof_state) {
+  ASSERT(!in_spilled_code());
   JumpTarget true_target(this);
   JumpTarget false_target(this);
   LoadCondition(x, typeof_state, &true_target, &false_target, false);
 
   if (has_cc()) {
     ASSERT(frame_ != NULL);
-    frame_->SpillAll();
+    VirtualFrame::SpilledScope spilled_scope(this);
     // Convert cc_reg_ into a boolean value.
     JumpTarget loaded(this);
     JumpTarget materialize_true(this);
     materialize_true.Branch(cc_reg_);
     frame_->EmitPush(Immediate(Factory::false_value()));
     loaded.Jump();
     materialize_true.Bind();
     frame_->EmitPush(Immediate(Factory::true_value()));
     loaded.Bind();
     cc_reg_ = no_condition;
   }
 
   if (true_target.is_linked() || false_target.is_linked()) {
     // We have at least one condition value that has been "translated" into
     // a branch, thus it needs to be loaded explicitly.
     JumpTarget loaded(this);
     if (frame_ != NULL) {
       loaded.Jump();  // Don't lose the current TOS.
     }
     bool both = true_target.is_linked() && false_target.is_linked();
     // Load "true" if necessary.
     if (true_target.is_linked()) {
       true_target.Bind();
-      frame_->SpillAll();
+      VirtualFrame::SpilledScope spilled_scope(this);
       frame_->EmitPush(Immediate(Factory::true_value()));
     }
     // If both "true" and "false" need to be reincarnated jump across the
     // code for "false".
     if (both) {
       loaded.Jump();
     }
     // Load "false" if necessary.
     if (false_target.is_linked()) {
       false_target.Bind();
-      frame_->SpillAll();
+      VirtualFrame::SpilledScope spilled_scope(this);
       frame_->EmitPush(Immediate(Factory::false_value()));
     }
     // A value is loaded on all paths reaching this point.
     loaded.Bind();
   }
   ASSERT(frame_ != NULL);
   ASSERT(!has_cc());
 }
 
 
@@ skipping 15 matching lines @@
   Variable* variable = x->AsVariableProxy()->AsVariable();
   if (variable != NULL && !variable->is_this() && variable->is_global()) {
     // NOTE: This is somewhat nasty. We force the compiler to load
     // the variable as if through '<global>.<variable>' to make sure we
     // do not get reference errors.
     Slot global(variable, Slot::CONTEXT, Context::GLOBAL_INDEX);
     Literal key(variable->name());
     // TODO(1241834): Fetch the position from the variable instead of using
     // no position.
     Property property(&global, &key, RelocInfo::kNoPosition);
-    Load(&property);
-    frame_->SpillAll();
+    LoadAndSpill(&property);
   } else {
-    Load(x, INSIDE_TYPEOF);
-    frame_->SpillAll();
+    LoadAndSpill(x, INSIDE_TYPEOF);
   }
 }
 
 
 Reference::Reference(CodeGenerator* cgen, Expression* expression)
     : cgen_(cgen), expression_(expression), type_(ILLEGAL) {
   cgen->LoadReference(this);
 }
 
 
 Reference::~Reference() {
   cgen_->UnloadReference(this);
 }
 
 
 void CodeGenerator::LoadReference(Reference* ref) {
   Comment cmnt(masm_, "[ LoadReference");
   Expression* e = ref->expression();
   Property* property = e->AsProperty();
   Variable* var = e->AsVariableProxy()->AsVariable();
 
   if (property != NULL) {
+    VirtualFrame::SpilledScope spilled_scope(this);
     // The expression is either a property or a variable proxy that rewrites
     // to a property.
-    Load(property->obj());
-    frame_->SpillAll();
+    LoadAndSpill(property->obj());
     // We use a named reference if the key is a literal symbol, unless it is
     // a string that can be legally parsed as an integer.  This is because
     // otherwise we will not get into the slow case code that handles [] on
     // String objects.
     Literal* literal = property->key()->AsLiteral();
     uint32_t dummy;
     if (literal != NULL &&
         literal->handle()->IsSymbol() &&
         !String::cast(*(literal->handle()))->AsArrayIndex(&dummy)) {
       ref->set_type(Reference::NAMED);
     } else {
-      Load(property->key());
-      frame_->SpillAll();
+      LoadAndSpill(property->key());
       ref->set_type(Reference::KEYED);
     }
   } else if (var != NULL) {
     // The expression is a variable proxy that does not rewrite to a
     // property.  Global variables are treated as named property references.
     if (var->is_global()) {
-      frame_->SpillAll();
+      VirtualFrame::SpilledScope spilled_scope(this);
       LoadGlobal();
       ref->set_type(Reference::NAMED);
     } else {
       ASSERT(var->slot() != NULL);
       ref->set_type(Reference::SLOT);
     }
   } else {
+    VirtualFrame::SpilledScope spilled_scope(this);
     // Anything else is a runtime error.
-    Load(e);
-    frame_->SpillAll();
+    LoadAndSpill(e);
     frame_->CallRuntime(Runtime::kThrowReferenceError, 1);
   }
 }
 
 
 void CodeGenerator::UnloadReference(Reference* ref) {
   // Pop a reference from the stack while preserving TOS.
   Comment cmnt(masm_, "[ UnloadReference");
   int size = ref->size();
   if (size == 1) {
@@ skipping 714 matching lines @@
 };
 
 
 // Call the function just below TOS on the stack with the given
 // arguments. The receiver is the TOS.
 void CodeGenerator::CallWithArguments(ZoneList<Expression*>* args,
                                       int position) {
   // Push the arguments ("left-to-right") on the stack.
   int arg_count = args->length();
   for (int i = 0; i < arg_count; i++) {
-    Load(args->at(i));
-    frame_->SpillAll();
+    LoadAndSpill(args->at(i));
   }
 
   // Record the position for debugging purposes.
   __ RecordPosition(position);
 
   // Use the shared code stub to call the function.
   CallFunctionStub call_function(arg_count);
   frame_->CallStub(&call_function, arg_count + 1);
 
   // Restore context and pop function from the stack.
@@ skipping 21 matching lines @@
     // The stack check can trigger the debugger.  Before calling it, all
     // values including constants must be spilled to the frame.
     frame_->SpillAll();
     frame_->CallStub(&stub, 0);
     stack_is_ok.Bind();
   }
 }
 
 
 void CodeGenerator::VisitStatements(ZoneList<Statement*>* statements) {
+  ASSERT(!in_spilled_code());
   for (int i = 0; frame_ != NULL && i < statements->length(); i++) {
     Visit(statements->at(i));
   }
 }
 
 
 void CodeGenerator::VisitBlock(Block* node) {
+  ASSERT(!in_spilled_code());
   Comment cmnt(masm_, "[ Block");
   RecordStatementPosition(node);
   node->set_break_stack_height(break_stack_height_);
   node->break_target()->set_code_generator(this);
   VisitStatements(node->statements());
   if (node->break_target()->is_linked()) {
     node->break_target()->Bind();
   }
 }
 
 
 void CodeGenerator::DeclareGlobals(Handle<FixedArray> pairs) {
-  frame_->SpillAll();
+  VirtualFrame::SpilledScope spilled_scope(this);
   frame_->EmitPush(Immediate(pairs));
   frame_->EmitPush(esi);
   frame_->EmitPush(Immediate(Smi::FromInt(is_eval() ? 1 : 0)));
   frame_->CallRuntime(Runtime::kDeclareGlobals, 3);
   // Return value is ignored.
 }
 
 
 void CodeGenerator::VisitDeclaration(Declaration* node) {
   Comment cmnt(masm_, "[ Declaration");
   Variable* var = node->proxy()->var();
   ASSERT(var != NULL);  // must have been resolved
   Slot* slot = var->slot();
 
   // If it was not possible to allocate the variable at compile time,
   // we need to "declare" it at runtime to make sure it actually
   // exists in the local context.
   if (slot != NULL && slot->type() == Slot::LOOKUP) {
     // Variables with a "LOOKUP" slot were introduced as non-locals
     // during variable resolution and must have mode DYNAMIC.
     ASSERT(var->mode() == Variable::DYNAMIC);
     // For now, just do a runtime call.
-    frame_->SpillAll();
+    VirtualFrame::SpilledScope spilled_scope(this);
     frame_->EmitPush(esi);
     frame_->EmitPush(Immediate(var->name()));
     // Declaration nodes are always introduced in one of two modes.
     ASSERT(node->mode() == Variable::VAR || node->mode() == Variable::CONST);
     PropertyAttributes attr = node->mode() == Variable::VAR ? NONE : READ_ONLY;
     frame_->EmitPush(Immediate(Smi::FromInt(attr)));
     // Push initial value, if any.
     // Note: For variables we must not push an initial value (such as
     // 'undefined') because we may have a (legal) redeclaration and we
     // must not destroy the current value.
     if (node->mode() == Variable::CONST) {
       frame_->EmitPush(Immediate(Factory::the_hole_value()));
     } else if (node->fun() != NULL) {
-      Load(node->fun());
-      frame_->SpillAll();
+      LoadAndSpill(node->fun());
     } else {
       frame_->EmitPush(Immediate(0));  // no initial value!
     }
     frame_->CallRuntime(Runtime::kDeclareContextSlot, 4);
     // Ignore the return value (declarations are statements).
     return;
   }
 
   ASSERT(!var->is_global());
 
   // If we have a function or a constant, we need to initialize the variable.
   Expression* val = NULL;
   if (node->mode() == Variable::CONST) {
     val = new Literal(Factory::the_hole_value());
   } else {
     val = node->fun();  // NULL if we don't have a function
   }
 
   if (val != NULL) {
-    frame_->SpillAll();
+    VirtualFrame::SpilledScope spilled_scope(this);
     // Set initial value.
     Reference target(this, node->proxy());
     ASSERT(target.is_slot());
-    Load(val);
-    frame_->SpillAll();
+    LoadAndSpill(val);
     target.SetValue(NOT_CONST_INIT);
     // Get rid of the assigned value (declarations are statements).  It's
     // safe to pop the value lying on top of the reference before unloading
     // the reference itself (which preserves the top of stack) because we
     // know that it is a zero-sized reference.
     frame_->Drop();
   }
 }
 
 
 void CodeGenerator::VisitExpressionStatement(ExpressionStatement* node) {
+  ASSERT(!in_spilled_code());
   Comment cmnt(masm_, "[ ExpressionStatement");
   RecordStatementPosition(node);
   Expression* expression = node->expression();
   expression->MarkAsStatement();
   Load(expression);
   // Remove the lingering expression result from the top of stack.
   frame_->Drop();
 }
 
 
 void CodeGenerator::VisitEmptyStatement(EmptyStatement* node) {
-  frame_->SpillAll();
+  ASSERT(!in_spilled_code());
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "// EmptyStatement");
   // nothing to do
 }
 
 
 void CodeGenerator::VisitIfStatement(IfStatement* node) {
-  frame_->SpillAll();
+  ASSERT(!in_spilled_code());
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ IfStatement");
   // Generate different code depending on which parts of the if statement
   // are present or not.
   bool has_then_stm = node->HasThenStatement();
   bool has_else_stm = node->HasElseStatement();
 
   RecordStatementPosition(node);
   JumpTarget exit(this);
   if (has_then_stm && has_else_stm) {
     JumpTarget then(this);
     JumpTarget else_(this);
     // if (cond)
-    LoadCondition(node->condition(), NOT_INSIDE_TYPEOF, &then, &else_, true);
+    LoadConditionAndSpill(node->condition(), NOT_INSIDE_TYPEOF,
+                          &then, &else_, true);
     if (frame_ != NULL) {
       // A NULL frame here indicates that the code for the condition cannot
       // fall-through, i.e. it causes unconditional branchs to targets.
       Branch(false, &else_);
     }
     // then
     if (frame_ != NULL || then.is_linked()) {
       // If control flow can reach the then part via fall-through from the
       // test or a branch to the target, compile it.
       then.Bind();
-      Visit(node->then_statement());
+      VisitAndSpill(node->then_statement());
     }
     if (frame_ != NULL) {
       // A NULL frame here indicates that control did not fall out of the
       // then statement, it escaped on all branches.  In that case, a jump
       // to the exit label would be dead code (and impossible, because we
       // don't have a current virtual frame to set at the exit label).
-      frame_->SpillAll();
       exit.Jump();
     }
     // else
     if (else_.is_linked()) {
       // Control flow for if-then-else does not fall-through to the else
       // part, it can only reach here via jump if at all.
       else_.Bind();
-      Visit(node->else_statement());
+      VisitAndSpill(node->else_statement());
     }
 
   } else if (has_then_stm) {
     ASSERT(!has_else_stm);
     JumpTarget then(this);
     // if (cond)
-    LoadCondition(node->condition(), NOT_INSIDE_TYPEOF, &then, &exit, true);
+    LoadConditionAndSpill(node->condition(), NOT_INSIDE_TYPEOF,
+                          &then, &exit, true);
     if (frame_ != NULL) {
       Branch(false, &exit);
     }
     // then
     if (frame_ != NULL || then.is_linked()) {
       then.Bind();
-      Visit(node->then_statement());
+      VisitAndSpill(node->then_statement());
     }
 
   } else if (has_else_stm) {
     ASSERT(!has_then_stm);
     JumpTarget else_(this);
     // if (!cond)
-    LoadCondition(node->condition(), NOT_INSIDE_TYPEOF, &exit, &else_, true);
+    LoadConditionAndSpill(node->condition(), NOT_INSIDE_TYPEOF,
+                          &exit, &else_, true);
     if (frame_ != NULL) {
       Branch(true, &exit);
     }
     // else
     if (frame_ != NULL || else_.is_linked()) {
       else_.Bind();
-      Visit(node->else_statement());
+      VisitAndSpill(node->else_statement());
     }
 
   } else {
     ASSERT(!has_then_stm && !has_else_stm);
     // if (cond)
-    LoadCondition(node->condition(), NOT_INSIDE_TYPEOF, &exit, &exit, false);
+    LoadConditionAndSpill(node->condition(), NOT_INSIDE_TYPEOF,
+                          &exit, &exit, false);
     if (frame_ != NULL) {
-      frame_->SpillAll();
       if (has_cc()) {
         cc_reg_ = no_condition;
       } else {
         // No cc value set up, that means the boolean was pushed.
         // Pop it again, since it is not going to be used.
         frame_->Drop();
       }
     }
   }
 
   // end
   if (exit.is_linked()) {
     exit.Bind();
   }
 }
 
 
 void CodeGenerator::CleanStack(int num_bytes) {
   ASSERT(num_bytes % kPointerSize == 0);
   frame_->Drop(num_bytes / kPointerSize);
 }
 
 
 void CodeGenerator::VisitContinueStatement(ContinueStatement* node) {
-  frame_->SpillAll();
+  ASSERT(!in_spilled_code());
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ ContinueStatement");
   RecordStatementPosition(node);
   CleanStack(break_stack_height_ - node->target()->break_stack_height());
   node->target()->continue_target()->Jump();
 }
 
 
 void CodeGenerator::VisitBreakStatement(BreakStatement* node) {
-  frame_->SpillAll();
+  ASSERT(!in_spilled_code());
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ BreakStatement");
   RecordStatementPosition(node);
   CleanStack(break_stack_height_ - node->target()->break_stack_height());
   node->target()->break_target()->Jump();
 }
 
 
 void CodeGenerator::VisitReturnStatement(ReturnStatement* node) {
-  frame_->SpillAll();
+  ASSERT(!in_spilled_code());
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ ReturnStatement");
   RecordStatementPosition(node);
-  Load(node->expression());
-  frame_->SpillAll();
+  LoadAndSpill(node->expression());
 
   // Move the function result into eax
   frame_->EmitPop(eax);
 
   // If we're inside a try statement or the return instruction
   // sequence has been generated, we just jump to that
   // point. Otherwise, we generate the return instruction sequence and
   // bind the function return label.
   if (is_inside_try_ || function_return_.is_bound()) {
     function_return_.Jump();
@@ skipping 16 matching lines @@
 
     // Check that the size of the code used for returning matches what is
     // expected by the debugger.
     ASSERT_EQ(Debug::kIa32JSReturnSequenceLength,
               __ SizeOfCodeGeneratedSince(&check_exit_codesize));
   }
 }
 
 
 void CodeGenerator::VisitWithEnterStatement(WithEnterStatement* node) {
-  frame_->SpillAll();
+  ASSERT(!in_spilled_code());
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ WithEnterStatement");
   RecordStatementPosition(node);
-  Load(node->expression());
-  frame_->SpillAll();
+  LoadAndSpill(node->expression());
   frame_->CallRuntime(Runtime::kPushContext, 1);
 
   if (kDebug) {
     JumpTarget verified_true(this);
     // Verify eax and esi are the same in debug mode
     __ cmp(eax, Operand(esi));
     verified_true.Branch(equal);
     __ int3();
     verified_true.Bind();
   }
 
   // Update context local.
   __ mov(frame_->Context(), esi);
 }
 
 
 void CodeGenerator::VisitWithExitStatement(WithExitStatement* node) {
-  frame_->SpillAll();
+  ASSERT(!in_spilled_code());
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ WithExitStatement");
   // Pop context.
   __ mov(esi, ContextOperand(esi, Context::PREVIOUS_INDEX));
   // Update context local.
   __ mov(frame_->Context(), esi);
 }
 
 
 int CodeGenerator::FastCaseSwitchMaxOverheadFactor() {
     return kFastSwitchMaxOverheadFactor;
@@ skipping 66 matching lines @@
 
   for (int i = 0, entry_pos = table_start.label()->pos();
        i < range;
        i++, entry_pos += sizeof(uint32_t)) {
     __ WriteInternalReference(entry_pos, *case_targets[i]->label());
   }
 }
 
 
 void CodeGenerator::VisitSwitchStatement(SwitchStatement* node) {
-  frame_->SpillAll();
+  ASSERT(!in_spilled_code());
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ SwitchStatement");
   RecordStatementPosition(node);
   node->set_break_stack_height(break_stack_height_);
   node->break_target()->set_code_generator(this);
 
-  Load(node->tag());
-  frame_->SpillAll();
+  LoadAndSpill(node->tag());
 
   if (TryGenerateFastCaseSwitchStatement(node)) {
     return;
   }
 
   JumpTarget next_test(this);
   JumpTarget fall_through(this);
   JumpTarget default_entry(this);
   JumpTarget default_exit(this);
   ZoneList<CaseClause*>* cases = node->cases();
   int length = cases->length();
   CaseClause* default_clause = NULL;
 
   for (int i = 0; i < length; i++) {
     CaseClause* clause = cases->at(i);
     if (clause->is_default()) {
       // Remember the default clause and compile it at the end.
       default_clause = clause;
       continue;
     }
 
     Comment cmnt(masm_, "[ Case clause");
     // Compile the test.
     next_test.Bind();
     next_test.Unuse();
     // Duplicate TOS.
     __ mov(eax, frame_->Top());
     frame_->EmitPush(eax);
-    Load(clause->label());
-    frame_->SpillAll();
+    LoadAndSpill(clause->label());
     Comparison(equal, true);
     Branch(false, &next_test);
 
     // Before entering the body from the test, remove the switch value from
     // the stack.
     frame_->Drop();
 
     // Label the body so that fall through is enabled.
     if (i > 0 && cases->at(i - 1)->is_default()) {
       default_exit.Bind();
     } else {
       fall_through.Bind();
       fall_through.Unuse();
     }
-    VisitStatements(clause->statements());
+    VisitStatementsAndSpill(clause->statements());
 
     // If control flow can fall through from the body, jump to the next body
     // or the end of the statement.
     if (frame_ != NULL) {
-      frame_->SpillAll();
       if (i < length - 1 && cases->at(i + 1)->is_default()) {
         default_entry.Jump();
       } else {
         fall_through.Jump();
       }
     }
   }
 
   // The final "test" removes the switch value.
   next_test.Bind();
   frame_->Drop();
 
   // If there is a default clause, compile it.
   if (default_clause != NULL) {
     Comment cmnt(masm_, "[ Default clause");
     default_entry.Bind();
-    VisitStatements(default_clause->statements());
+    VisitStatementsAndSpill(default_clause->statements());
     if (frame_ != NULL) {
-      frame_->SpillAll();
     }
     // If control flow can fall out of the default and there is a case after
     // it, jump to that case's body.
     if (frame_ != NULL && default_exit.is_bound()) {
       default_exit.Jump();
     }
   }
 
   if (fall_through.is_linked()) {
     fall_through.Bind();
   }
 
   if (node->break_target()->is_linked()) {
     node->break_target()->Bind();
   }
 }
 
 
 void CodeGenerator::VisitLoopStatement(LoopStatement* node) {
+  ASSERT(!in_spilled_code());
   Comment cmnt(masm_, "[ LoopStatement");
   RecordStatementPosition(node);
   node->set_break_stack_height(break_stack_height_);
   node->break_target()->set_code_generator(this);
   node->continue_target()->set_code_generator(this);
 
   // Simple condition analysis.  ALWAYS_TRUE and ALWAYS_FALSE represent a
   // known result for the test expression, with no side effects.
   enum { ALWAYS_TRUE, ALWAYS_FALSE, DONT_KNOW } info = DONT_KNOW;
   if (node->cond() == NULL) {
     ASSERT(node->type() == LoopStatement::FOR_LOOP);
     info = ALWAYS_TRUE;
   } else {
     Literal* lit = node->cond()->AsLiteral();
     if (lit != NULL) {
       if (lit->IsTrue()) {
         info = ALWAYS_TRUE;
       } else if (lit->IsFalse()) {
         info = ALWAYS_FALSE;
       }
     }
   }
 
   switch (node->type()) {
     case LoopStatement::DO_LOOP: {
       // The new code generator does not yet compile do loops.
-      frame_->SpillAll();
+      VirtualFrame::SpilledScope spilled_scope(this);
       JumpTarget body(this);
       IncrementLoopNesting();
       // Label the body.
       if (info == ALWAYS_TRUE) {
         node->continue_target()->Bind();
       } else if (info == ALWAYS_FALSE) {
         // There is no need, we will never jump back.
       } else {
         ASSERT(info == DONT_KNOW);
         body.Bind();
       }
       CheckStack();  // TODO(1222600): ignore if body contains calls.
-      Visit(node->body());
-      if (frame_ != NULL) {
-        frame_->SpillAll();
-      }
+      VisitAndSpill(node->body());
 
       // Compile the "test".
       if (info == ALWAYS_TRUE) {
         if (frame_ != NULL) {
           // If control flow can fall off the end of the body, jump back to
           // the top.
           node->continue_target()->Jump();
         }
       } else if (info == ALWAYS_FALSE) {
         // If we have a continue in the body, we only have to bind its jump
         // target.
         if (node->continue_target()->is_linked()) {
           node->continue_target()->Bind();
         }
       } else {
         ASSERT(info == DONT_KNOW);
         // We have to compile the test expression if it can be reached by
         // control flow falling out of the body or via continue.
         if (frame_ != NULL || node->continue_target()->is_linked()) {
           node->continue_target()->Bind();
-          LoadCondition(node->cond(), NOT_INSIDE_TYPEOF,
-                        &body, node->break_target(), true);
+          LoadConditionAndSpill(node->cond(), NOT_INSIDE_TYPEOF,
+                                &body, node->break_target(), true);
           if (frame_ != NULL) {
             // A NULL frame here indicates that control flow did not fall
             // out of the test expression.
             Branch(true, &body);
           }
         }
       }
       break;
     }
 
     case LoopStatement::WHILE_LOOP: {
       // The new code generator does not yet compile while loops.
-      frame_->SpillAll();
+      VirtualFrame::SpilledScope spilled_scope(this);
       JumpTarget body(this);
       IncrementLoopNesting();
       // Generate the loop header.
       if (info == ALWAYS_TRUE) {
         // Merely label the body with the continue target.
         node->continue_target()->Bind();
       } else if (info == ALWAYS_FALSE) {
         // There is no need to even compile the test or body.
         break;
       } else {
         // Compile the test labeled with the continue target and label the
         // body with the body target.
         ASSERT(info == DONT_KNOW);
         node->continue_target()->Bind();
-        LoadCondition(node->cond(), NOT_INSIDE_TYPEOF,
-                      &body, node->break_target(), true);
+        LoadConditionAndSpill(node->cond(), NOT_INSIDE_TYPEOF,
+                              &body, node->break_target(), true);
         if (frame_ != NULL) {
           // A NULL frame indicates that control did not fall out of the
           // test expression.
           Branch(false, node->break_target());
         }
         if (frame_ != NULL || body.is_linked()) {
           body.Bind();
         }
       }
       if (frame_ != NULL) {
         CheckStack();  // TODO(1222600): ignore if body contains calls.
-        Visit(node->body());
+        VisitAndSpill(node->body());
 
         // If control flow can fall out of the body, jump back to the top.
         if (frame_ != NULL) {
-          frame_->SpillAll();
           node->continue_target()->Jump();
         }
       }
       break;
     }
 
     case LoopStatement::FOR_LOOP: {
       JumpTarget loop(this);
       JumpTarget body(this);
       if (node->init() != NULL) {
@@ skipping 57 matching lines @@
   }
 
   DecrementLoopNesting();
   if (node->break_target()->is_linked()) {
     node->break_target()->Bind();
   }
 }
 
 
 void CodeGenerator::VisitForInStatement(ForInStatement* node) {
-  frame_->SpillAll();
+  ASSERT(!in_spilled_code());
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ ForInStatement");
   RecordStatementPosition(node);
 
   // We keep stuff on the stack while the body is executing.
   // Record it, so that a break/continue crossing this statement
   // can restore the stack.
   const int kForInStackSize = 5 * kPointerSize;
   break_stack_height_ += kForInStackSize;
   node->set_break_stack_height(break_stack_height_);
   node->break_target()->set_code_generator(this);
   node->continue_target()->set_code_generator(this);
 
   JumpTarget primitive(this);
   JumpTarget jsobject(this);
   JumpTarget fixed_array(this);
   JumpTarget entry(this);
   JumpTarget end_del_check(this);
   JumpTarget cleanup(this);
   JumpTarget exit(this);
 
   // Get the object to enumerate over (converted to JSObject).
-  Load(node->enumerable());
-  frame_->SpillAll();
+  LoadAndSpill(node->enumerable());
 
   // Both SpiderMonkey and kjs ignore null and undefined in contrast
   // to the specification.  12.6.4 mandates a call to ToObject.
   frame_->EmitPop(eax);
 
   // eax: value to be iterated over
   __ cmp(eax, Factory::undefined_value());
   exit.Branch(equal);
   __ cmp(eax, Factory::null_value());
   exit.Branch(equal);
@@ skipping 121 matching lines @@
         frame_->Drop();
       }
     }
   }
   // Discard the i'th entry pushed above or else the remainder of the
   // reference, whichever is currently on top of the stack.
   frame_->Drop();
 
   // Body.
   CheckStack();  // TODO(1222600): ignore if body contains calls.
-  Visit(node->body());
-  if (frame_ != NULL) {
-    frame_->SpillAll();
-  }
+  VisitAndSpill(node->body());
 
   // Next.
   node->continue_target()->Bind();
   frame_->EmitPop(eax);
   __ add(Operand(eax), Immediate(Smi::FromInt(1)));
   frame_->EmitPush(eax);
   entry.Jump();
 
   // Cleanup.
   cleanup.Bind();
   node->break_target()->Bind();
   frame_->Drop(5);
 
   // Exit.
   exit.Bind();
 
   break_stack_height_ -= kForInStackSize;
 }
 
 
 void CodeGenerator::VisitTryCatch(TryCatch* node) {
-  frame_->SpillAll();
+  ASSERT(!in_spilled_code());
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ TryCatch");
 
   JumpTarget try_block(this);
   JumpTarget exit(this);
 
   try_block.Call();
   // --- Catch block ---
   frame_->EmitPush(eax);
 
   // Store the caught exception in the catch variable.
   { Reference ref(this, node->catch_var());
     ASSERT(ref.is_slot());
     // Load the exception to the top of the stack.  Here we make use of the
     // convenient property that it doesn't matter whether a value is
     // immediately on top of or underneath a zero-sized reference.
     ref.SetValue(NOT_CONST_INIT);
   }
 
   // Remove the exception from the stack.
   frame_->Drop();
 
-  VisitStatements(node->catch_block()->statements());
+  VisitStatementsAndSpill(node->catch_block()->statements());
   if (frame_ != NULL) {
-    frame_->SpillAll();
     exit.Jump();
   }
 
 
   // --- Try block ---
   try_block.Bind();
 
   frame_->PushTryHandler(TRY_CATCH_HANDLER);
   int handler_height = frame_->height();
 
   // Shadow the jump targets for all escapes from the try block, including
   // returns.  During shadowing, the original target is hidden as the
   // ShadowTarget and operations on the original actually affect the
   // shadowing target.
   //
   // We should probably try to unify the escaping targets and the return
   // target.
   int nof_escapes = node->escaping_targets()->length();
   List<ShadowTarget*> shadows(1 + nof_escapes);
   shadows.Add(new ShadowTarget(&function_return_));
   for (int i = 0; i < nof_escapes; i++) {
     shadows.Add(new ShadowTarget(node->escaping_targets()->at(i)));
   }
   bool function_return_was_shadowed = function_return_is_shadowed_;
   function_return_is_shadowed_ = true;
 
   // Generate code for the statements in the try block.
   bool was_inside_try = is_inside_try_;
   is_inside_try_ = true;
-  VisitStatements(node->try_block()->statements());
-  if (frame_ != NULL) {
-    frame_->SpillAll();
-  }
+  VisitStatementsAndSpill(node->try_block()->statements());
   is_inside_try_ = was_inside_try;
 
   // Stop the introduced shadowing and count the number of required unlinks.
   // After shadowing stops, the original targets are unshadowed and the
   // ShadowTargets represent the formerly shadowing targets.
   int nof_unlinks = 0;
   for (int i = 0; i <= nof_escapes; i++) {
     shadows[i]->StopShadowing();
     if (shadows[i]->is_linked()) nof_unlinks++;
   }
@@ skipping 42 matching lines @@
       // next_sp popped.
       shadows[i]->original_target()->Jump();
     }
   }
 
   exit.Bind();
 }
 
 
 void CodeGenerator::VisitTryFinally(TryFinally* node) {
-  frame_->SpillAll();
+  ASSERT(!in_spilled_code());
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ TryFinally");
 
   // State: Used to keep track of reason for entering the finally
   // block. Should probably be extended to hold information for
   // break/continue from within the try block.
   enum { FALLING, THROWING, JUMPING };
 
   JumpTarget unlink(this);
   JumpTarget try_block(this);
   JumpTarget finally_block(this);
@@ skipping 24 matching lines @@
   shadows.Add(new ShadowTarget(&function_return_));
   for (int i = 0; i < nof_escapes; i++) {
     shadows.Add(new ShadowTarget(node->escaping_targets()->at(i)));
   }
   bool function_return_was_shadowed = function_return_is_shadowed_;
   function_return_is_shadowed_ = true;
 
   // Generate code for the statements in the try block.
   bool was_inside_try = is_inside_try_;
   is_inside_try_ = true;
-  VisitStatements(node->try_block()->statements());
-  if (frame_ != NULL) {
-    frame_->SpillAll();
-  }
+  VisitStatementsAndSpill(node->try_block()->statements());
   is_inside_try_ = was_inside_try;
 
   // Stop the introduced shadowing and count the number of required unlinks.
   // After shadowing stops, the original targets are unshadowed and the
   // ShadowTargets represent the formerly shadowing targets.
   int nof_unlinks = 0;
   for (int i = 0; i <= nof_escapes; i++) {
     shadows[i]->StopShadowing();
     if (shadows[i]->is_linked()) nof_unlinks++;
   }
@@ skipping 52 matching lines @@
   frame_->EmitPush(ecx);
 
   // We keep two elements on the stack - the (possibly faked) result
   // and the state - while evaluating the finally block. Record it, so
   // that a break/continue crossing this statement can restore the
   // stack.
   const int kFinallyStackSize = 2 * kPointerSize;
   break_stack_height_ += kFinallyStackSize;
 
   // Generate code for the statements in the finally block.
-  VisitStatements(node->finally_block()->statements());
+  VisitStatementsAndSpill(node->finally_block()->statements());
 
   break_stack_height_ -= kFinallyStackSize;
   if (frame_ != NULL) {
-    frame_->SpillAll();
     JumpTarget exit(this);
     // Restore state and return value or faked TOS.
     frame_->EmitPop(ecx);
     frame_->EmitPop(eax);
 
     // Generate code to jump to the right destination for all used
     // (formerly) shadowing targets.
     for (int i = 0; i <= nof_escapes; i++) {
       if (shadows[i]->is_bound()) {
         __ cmp(Operand(ecx), Immediate(Smi::FromInt(JUMPING + i)));
         shadows[i]->original_target()->Branch(equal);
       }
     }
 
     // Check if we need to rethrow the exception.
     __ cmp(Operand(ecx), Immediate(Smi::FromInt(THROWING)));
     exit.Branch(not_equal);
 
     // Rethrow exception.
     frame_->EmitPush(eax);  // undo pop from above
     frame_->CallRuntime(Runtime::kReThrow, 1);
 
     // Done.
     exit.Bind();
   }
 }
 
 
 void CodeGenerator::VisitDebuggerStatement(DebuggerStatement* node) {
-  frame_->SpillAll();
+  ASSERT(!in_spilled_code());
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ DebuggerStatement");
   RecordStatementPosition(node);
   frame_->CallRuntime(Runtime::kDebugBreak, 0);
   // Ignore the return value.
 }
 
 
 void CodeGenerator::InstantiateBoilerplate(Handle<JSFunction> boilerplate) {
   ASSERT(boilerplate->IsBoilerplate());
 
   // Push the boilerplate on the stack.
   frame_->EmitPush(Immediate(boilerplate));
 
   // Create a new closure.
   frame_->EmitPush(esi);
   frame_->CallRuntime(Runtime::kNewClosure, 2);
   frame_->EmitPush(eax);
 }
 
 
 void CodeGenerator::VisitFunctionLiteral(FunctionLiteral* node) {
-  frame_->SpillAll();
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ FunctionLiteral");
 
   // Build the function boilerplate and instantiate it.
   Handle<JSFunction> boilerplate = BuildBoilerplate(node);
   // Check for stack-overflow exception.
   if (HasStackOverflow()) return;
   InstantiateBoilerplate(boilerplate);
 }
 
 
 void CodeGenerator::VisitFunctionBoilerplateLiteral(
     FunctionBoilerplateLiteral* node) {
-  frame_->SpillAll();
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ FunctionBoilerplateLiteral");
   InstantiateBoilerplate(node->boilerplate());
 }
 
 
 void CodeGenerator::VisitConditional(Conditional* node) {
-  frame_->SpillAll();
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ Conditional");
   JumpTarget then(this);
   JumpTarget else_(this);
   JumpTarget exit(this);
-  LoadCondition(node->condition(), NOT_INSIDE_TYPEOF, &then, &else_, true);
+  LoadConditionAndSpill(node->condition(), NOT_INSIDE_TYPEOF,
+                        &then, &else_, true);
   if (frame_ != NULL) {
     Branch(false, &else_);
   }
   if (frame_ != NULL || then.is_linked()) {
     then.Bind();
-    Load(node->then_expression(), typeof_state());
-    frame_->SpillAll();
+    LoadAndSpill(node->then_expression(), typeof_state());
     exit.Jump();
   }
   if (else_.is_linked()) {
     else_.Bind();
-    Load(node->else_expression(), typeof_state());
-    frame_->SpillAll();
+    LoadAndSpill(node->else_expression(), typeof_state());
   }
   exit.Bind();
 }
 
 
 void CodeGenerator::LoadFromSlot(Slot* slot, TypeofState typeof_state) {
   if (slot->type() == Slot::LOOKUP) {
     ASSERT(slot->var()->mode() == Variable::DYNAMIC);
 
     // For now, just do a runtime call.
-    frame_->SpillAll();
+    VirtualFrame::SpilledScope spilled_scope(this);
     frame_->EmitPush(esi);
     frame_->EmitPush(Immediate(slot->var()->name()));
 
     if (typeof_state == INSIDE_TYPEOF) {
       frame_->CallRuntime(Runtime::kLoadContextSlotNoReferenceError, 2);
     } else {
       frame_->CallRuntime(Runtime::kLoadContextSlot, 2);
     }
     frame_->EmitPush(eax);
 
   } else {
     // Note: We would like to keep the assert below, but it fires because of
     // some nasty code in LoadTypeofExpression() which should be removed...
     // ASSERT(slot->var()->mode() != Variable::DYNAMIC);
     if (slot->var()->mode() == Variable::CONST) {
       // Const slots may contain 'the hole' value (the constant hasn't been
       // initialized yet) which needs to be converted into the 'undefined'
       // value.
-      frame_->SpillAll();
+      VirtualFrame::SpilledScope spilled_scope(this);
       Comment cmnt(masm_, "[ Load const");
       JumpTarget exit(this);
       __ mov(eax, SlotOperand(slot, ecx));
       __ cmp(eax, Factory::the_hole_value());
       exit.Branch(not_equal);
       __ mov(eax, Factory::undefined_value());
       exit.Bind();
       frame_->EmitPush(eax);
     } else {
       if (slot->type() == Slot::PARAMETER) {
         frame_->LoadParameterAt(slot->index());
       } else if (slot->type() == Slot::LOCAL) {
         frame_->LoadLocalAt(slot->index());
       } else {
         // The other remaining slot types (LOOKUP and GLOBAL) cannot reach
         // here.
         ASSERT(slot->type() == Slot::CONTEXT);
-        frame_->SpillAll();
+        VirtualFrame::SpilledScope spilled_scope(this);
         frame_->EmitPush(SlotOperand(slot, ecx));
       }
     }
   }
 }
 
 
 void CodeGenerator::StoreToSlot(Slot* slot, InitState init_state) {
   if (slot->type() == Slot::LOOKUP) {
     ASSERT(slot->var()->mode() == Variable::DYNAMIC);
 
     // For now, just do a runtime call.
-    frame_->SpillAll();
+    VirtualFrame::SpilledScope spilled_scope(this);
     frame_->EmitPush(frame_->Context());
     frame_->EmitPush(Immediate(slot->var()->name()));
 
     if (init_state == CONST_INIT) {
       // Same as the case for a normal store, but ignores attribute
       // (e.g. READ_ONLY) of context slot so that we can initialize const
       // properties (introduced via eval("const foo = (some expr);")). Also,
       // uses the current function context instead of the top context.
       //
       // Note that we must declare the foo upon entry of eval(), via a
@@ skipping 17 matching lines @@
   } else {
     ASSERT(slot->var()->mode() != Variable::DYNAMIC);
 
     JumpTarget exit(this);
     if (init_state == CONST_INIT) {
       ASSERT(slot->var()->mode() == Variable::CONST);
       // Only the first const initialization must be executed (the slot
       // still contains 'the hole' value). When the assignment is executed,
       // the code is identical to a normal store (see below).
       Comment cmnt(masm_, "[ Init const");
-      frame_->SpillAll();
+      VirtualFrame::SpilledScope spilled_scope(this);
       __ mov(eax, SlotOperand(slot, ecx));
       __ cmp(eax, Factory::the_hole_value());
       exit.Branch(not_equal);
     }
 
     // We must execute the store.  Storing a variable must keep the (new)
     // value on the stack. This is necessary for compiling assignment
     // expressions.
     //
     // Note: We will reach here even with slot->var()->mode() ==
     // Variable::CONST because of const declarations which will initialize
     // consts to 'the hole' value and by doing so, end up calling this code.
     if (slot->type() == Slot::PARAMETER) {
       frame_->StoreToParameterAt(slot->index());
     } else if (slot->type() == Slot::LOCAL) {
       frame_->StoreToLocalAt(slot->index());
     } else {
       // The other slot types (LOOKUP and GLOBAL) cannot reach here.
       ASSERT(slot->type() == Slot::CONTEXT);
-      frame_->SpillAll();
+      VirtualFrame::SpilledScope spilled_scope(this);
       frame_->EmitPop(eax);
       __ mov(SlotOperand(slot, ecx), eax);
       frame_->EmitPush(eax);  // RecordWrite may destroy the value in eax.
       int offset = FixedArray::kHeaderSize + slot->index() * kPointerSize;
       __ RecordWrite(ecx, offset, eax, ebx);
     }
 
     // If we definitely did not jump over the assignment, we do not need
     // to bind the exit label.  Doing so can defeat peephole
     // optimization.
@@ skipping 73 matching lines @@
   // RegExp pattern (2).
   __ push(Immediate(node_->pattern()));
   // RegExp flags (3).
   __ push(Immediate(node_->flags()));
   __ CallRuntime(Runtime::kMaterializeRegExpLiteral, 4);
   __ mov(ebx, Operand(eax));  // "caller" expects result in ebx
 }
 
 
 void CodeGenerator::VisitRegExpLiteral(RegExpLiteral* node) {
-  frame_->SpillAll();
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ RegExp Literal");
   RegExpDeferred* deferred = new RegExpDeferred(this, node);
 
   // Retrieve the literal array and check the allocated entry.
 
   // Load the function of this activation.
   __ mov(ecx, frame_->Function());
 
   // Load the literals array of the function.
   __ mov(ecx, FieldOperand(ecx, JSFunction::kLiteralsOffset));
@@ skipping 40 matching lines @@
   // Literal index (1).
   __ push(Immediate(Smi::FromInt(node_->literal_index())));
   // Constant properties (2).
   __ push(Immediate(node_->constant_properties()));
   __ CallRuntime(Runtime::kCreateObjectLiteralBoilerplate, 3);
   __ mov(ebx, Operand(eax));
 }
 
 
 void CodeGenerator::VisitObjectLiteral(ObjectLiteral* node) {
-  frame_->SpillAll();
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ ObjectLiteral");
   ObjectLiteralDeferred* deferred = new ObjectLiteralDeferred(this, node);
 
   // Retrieve the literal array and check the allocated entry.
 
   // Load the function of this activation.
   __ mov(ecx, frame_->Function());
 
   // Load the literals array of the function.
   __ mov(ecx, FieldOperand(ecx, JSFunction::kLiteralsOffset));
@@ skipping 20 matching lines @@
   for (int i = 0; i < node->properties()->length(); i++) {
     ObjectLiteral::Property* property  = node->properties()->at(i);
     switch (property->kind()) {
       case ObjectLiteral::Property::CONSTANT: break;
       case ObjectLiteral::Property::COMPUTED: {
         Handle<Object> key(property->key()->handle());
         Handle<Code> ic(Builtins::builtin(Builtins::StoreIC_Initialize));
         if (key->IsSymbol()) {
           __ mov(eax, frame_->Top());
           frame_->EmitPush(eax);
-          Load(property->value());
-          frame_->SpillAll();
+          LoadAndSpill(property->value());
           frame_->EmitPop(eax);
           __ Set(ecx, Immediate(key));
           frame_->CallCodeObject(ic, RelocInfo::CODE_TARGET, 0);
           frame_->Drop();
           // Ignore result.
           break;
         }
         // Fall through
       }
       case ObjectLiteral::Property::PROTOTYPE: {
         __ mov(eax, frame_->Top());
         frame_->EmitPush(eax);
-        Load(property->key());
-        frame_->SpillAll();
-        Load(property->value());
-        frame_->SpillAll();
+        LoadAndSpill(property->key());
+        LoadAndSpill(property->value());
         frame_->CallRuntime(Runtime::kSetProperty, 3);
         // Ignore result.
         break;
       }
       case ObjectLiteral::Property::SETTER: {
         // Duplicate the resulting object on the stack. The runtime
         // function will pop the three arguments passed in.
         __ mov(eax, frame_->Top());
         frame_->EmitPush(eax);
-        Load(property->key());
-        frame_->SpillAll();
+        LoadAndSpill(property->key());
         frame_->EmitPush(Immediate(Smi::FromInt(1)));
-        Load(property->value());
-        frame_->SpillAll();
+        LoadAndSpill(property->value());
         frame_->CallRuntime(Runtime::kDefineAccessor, 4);
         // Ignore result.
         break;
       }
       case ObjectLiteral::Property::GETTER: {
         // Duplicate the resulting object on the stack. The runtime
         // function will pop the three arguments passed in.
         __ mov(eax, frame_->Top());
         frame_->EmitPush(eax);
-        Load(property->key());
-        frame_->SpillAll();
+        LoadAndSpill(property->key());
         frame_->EmitPush(Immediate(Smi::FromInt(0)));
-        Load(property->value());
-        frame_->SpillAll();
+        LoadAndSpill(property->value());
         frame_->CallRuntime(Runtime::kDefineAccessor, 4);
         // Ignore result.
         break;
       }
       default: UNREACHABLE();
     }
   }
 }
 
 
 void CodeGenerator::VisitArrayLiteral(ArrayLiteral* node) {
-  frame_->SpillAll();
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ ArrayLiteral");
 
   // Call runtime to create the array literal.
   frame_->EmitPush(Immediate(node->literals()));
   // Load the function of this frame.
   __ mov(ecx, frame_->Function());
   // Load the literals array of the function.
   __ mov(ecx, FieldOperand(ecx, JSFunction::kLiteralsOffset));
   frame_->EmitPush(ecx);
   frame_->CallRuntime(Runtime::kCreateArrayLiteral, 2);
 
   // Push the resulting array literal on the stack.
   frame_->EmitPush(eax);
 
   // Generate code to set the elements in the array that are not
   // literals.
   for (int i = 0; i < node->values()->length(); i++) {
     Expression* value = node->values()->at(i);
 
     // If value is literal the property value is already
     // set in the boilerplate object.
     if (value->AsLiteral() == NULL) {
       // The property must be set by generated code.
-      Load(value);
-      frame_->SpillAll();
+      LoadAndSpill(value);
 
       // Get the value off the stack.
       frame_->EmitPop(eax);
       // Fetch the object literal while leaving on the stack.
       __ mov(ecx, frame_->Top());
       // Get the elements array.
       __ mov(ecx, FieldOperand(ecx, JSObject::kElementsOffset));
 
       // Write to the indexed properties array.
       int offset = i * kPointerSize + Array::kHeaderSize;
@@ skipping 24 matching lines @@
       frame_->EmitPush(Immediate(Smi::FromInt(0)));
       return;
     }
 
     if (node->op() == Token::ASSIGN ||
         node->op() == Token::INIT_VAR ||
         node->op() == Token::INIT_CONST) {
       Load(node->value());
 
     } else {
-      frame_->SpillAll();
-      target.GetValue(NOT_INSIDE_TYPEOF);
-      frame_->SpillAll();
+      VirtualFrame::SpilledScope spilled_scope(this);
+      target.GetValueAndSpill(NOT_INSIDE_TYPEOF);
       Literal* literal = node->value()->AsLiteral();
       if (IsInlineSmi(literal)) {
         SmiOperation(node->binary_op(), node->type(), literal->handle(), false,
                      NO_OVERWRITE);
       } else {
-        Load(node->value());
-        frame_->SpillAll();
+        LoadAndSpill(node->value());
         GenericBinaryOperation(node->binary_op(), node->type());
       }
     }
 
     Variable* var = node->target()->AsVariableProxy()->AsVariable();
     if (var != NULL &&
         var->mode() == Variable::CONST &&
         node->op() != Token::INIT_VAR && node->op() != Token::INIT_CONST) {
       // Assignment ignored - leave the value on the stack.
   } else {
       __ RecordPosition(node->position());
       if (node->op() == Token::INIT_CONST) {
         // Dynamic constant initializations must use the function context
         // and initialize the actual constant declared. Dynamic variable
         // initializations are simply assignments and use SetValue.
         target.SetValue(CONST_INIT);
       } else {
         target.SetValue(NOT_CONST_INIT);
       }
     }
   }
 }
 
 
 void CodeGenerator::VisitThrow(Throw* node) {
-  frame_->SpillAll();
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ Throw");
 
-  Load(node->exception());
-  frame_->SpillAll();
+  LoadAndSpill(node->exception());
   __ RecordPosition(node->position());
   frame_->CallRuntime(Runtime::kThrow, 1);
   frame_->EmitPush(eax);
 }
 
 
 void CodeGenerator::VisitProperty(Property* node) {
-  frame_->SpillAll();
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ Property");
   Reference property(this, node);
-  property.GetValue(typeof_state());
+  property.GetValueAndSpill(typeof_state());
 }
 
 
 void CodeGenerator::VisitCall(Call* node) {
-  frame_->SpillAll();
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ Call");
 
   ZoneList<Expression*>* args = node->arguments();
 
   RecordStatementPosition(node);
 
   // Check if the function is a variable or a property.
   Expression* function = node->expression();
   Variable* var = function->AsVariableProxy()->AsVariable();
   Property* property = function->AsProperty();
@@ skipping 15 matching lines @@
     // Push the name of the function and the receiver onto the stack.
     frame_->EmitPush(Immediate(var->name()));
 
     // Pass the global object as the receiver and let the IC stub
     // patch the stack to use the global proxy as 'this' in the
     // invoked function.
     LoadGlobal();
     // Load the arguments.
     int arg_count = args->length();
     for (int i = 0; i < arg_count; i++) {
-      Load(args->at(i));
-      frame_->SpillAll();
+      LoadAndSpill(args->at(i));
     }
 
     // Setup the receiver register and call the IC initialization code.
     Handle<Code> stub = (loop_nesting() > 0)
         ? ComputeCallInitializeInLoop(arg_count)
         : ComputeCallInitialize(arg_count);
     __ RecordPosition(node->position());
     frame_->CallCodeObject(stub, RelocInfo::CODE_TARGET_CONTEXT,
                            arg_count + 1);
     __ mov(esi, frame_->Context());
@@ skipping 24 matching lines @@
     // Check if the key is a literal string.
     Literal* literal = property->key()->AsLiteral();
 
     if (literal != NULL && literal->handle()->IsSymbol()) {
       // ------------------------------------------------------------------
       // JavaScript example: 'object.foo(1, 2, 3)' or 'map["key"](1, 2, 3)'
       // ------------------------------------------------------------------
 
       // Push the name of the function and the receiver onto the stack.
       frame_->EmitPush(Immediate(literal->handle()));
-      Load(property->obj());
-      frame_->SpillAll();
+      LoadAndSpill(property->obj());
 
       // Load the arguments.
       int arg_count = args->length();
       for (int i = 0; i < arg_count; i++) {
-        Load(args->at(i));
-        frame_->SpillAll();
+        LoadAndSpill(args->at(i));
       }
 
       // Call the IC initialization code.
       Handle<Code> stub = (loop_nesting() > 0)
         ? ComputeCallInitializeInLoop(arg_count)
         : ComputeCallInitialize(arg_count);
       __ RecordPosition(node->position());
       frame_->CallCodeObject(stub, RelocInfo::CODE_TARGET, arg_count + 1);
       __ mov(esi, frame_->Context());
 
       // Overwrite the function on the stack with the result.
       __ mov(frame_->Top(), eax);
 
     } else {
       // -------------------------------------------
       // JavaScript example: 'array[index](1, 2, 3)'
       // -------------------------------------------
 
       // Load the function to call from the property through a reference.
       Reference ref(this, property);
-      ref.GetValue(NOT_INSIDE_TYPEOF);
-      frame_->SpillAll();
+      ref.GetValueAndSpill(NOT_INSIDE_TYPEOF);
 
       // Pass receiver to called function.
       // The reference's size is non-negative.
       frame_->EmitPush(frame_->ElementAt(ref.size()));
 
       // Call the function.
       CallWithArguments(args, node->position());
     }
 
   } else {
     // ----------------------------------
     // JavaScript example: 'foo(1, 2, 3)'  // foo is not global
     // ----------------------------------
 
     // Load the function.
-    Load(function);
-    frame_->SpillAll();
+    LoadAndSpill(function);
 
     // Pass the global proxy as the receiver.
     LoadGlobalReceiver(eax);
 
     // Call the function.
     CallWithArguments(args, node->position());
   }
 }
 
 
 void CodeGenerator::VisitCallNew(CallNew* node) {
-  frame_->SpillAll();
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ CallNew");
 
   // According to ECMA-262, section 11.2.2, page 44, the function
   // expression in new calls must be evaluated before the
   // arguments. This is different from ordinary calls, where the
   // actual function to call is resolved after the arguments have been
   // evaluated.
 
   // Compute function to call and use the global object as the
   // receiver. There is no need to use the global proxy here because
   // it will always be replaced with a newly allocated object.
-  Load(node->expression());
-  frame_->SpillAll();
+  LoadAndSpill(node->expression());
   LoadGlobal();
 
   // Push the arguments ("left-to-right") on the stack.
   ZoneList<Expression*>* args = node->arguments();
   int arg_count = args->length();
   for (int i = 0; i < arg_count; i++) {
-    Load(args->at(i));
-    frame_->SpillAll();
+    LoadAndSpill(args->at(i));
   }
 
   // Constructors are called with the number of arguments in register
   // eax for now. Another option would be to have separate construct
   // call trampolines per different arguments counts encountered.
   __ Set(eax, Immediate(arg_count));
 
   // Load the function into temporary function slot as per calling
   // convention.
   __ mov(edi, frame_->ElementAt(arg_count + 1));
 
   // Call the construct call builtin that handles allocation and
   // constructor invocation.
   __ RecordPosition(node->position());
   Handle<Code> ic(Builtins::builtin(Builtins::JSConstructCall));
   frame_->CallCodeObject(ic, RelocInfo::CONSTRUCT_CALL, args->length() + 1);
   // Discard the function and "push" the newly created object.
   __ mov(frame_->Top(), eax);
 }
 
 
 void CodeGenerator::VisitCallEval(CallEval* node) {
-  frame_->SpillAll();
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ CallEval");
 
   // In a call to eval, we first call %ResolvePossiblyDirectEval to resolve
   // the function we need to call and the receiver of the call.
   // Then we call the resolved function using the given arguments.
 
   ZoneList<Expression*>* args = node->arguments();
   Expression* function = node->expression();
 
   RecordStatementPosition(node);
 
   // Prepare stack for call to resolved function.
-  Load(function);
-  frame_->SpillAll();
+  LoadAndSpill(function);
   // Allocate a frame slot for the receiver.
   frame_->EmitPush(Immediate(Factory::undefined_value()));
   int arg_count = args->length();
   for (int i = 0; i < arg_count; i++) {
-    Load(args->at(i));
-    frame_->SpillAll();
+    LoadAndSpill(args->at(i));
   }
 
   // Prepare stack for call to ResolvePossiblyDirectEval.
   frame_->EmitPush(frame_->ElementAt(arg_count + 1));
   if (arg_count > 0) {
     frame_->EmitPush(frame_->ElementAt(arg_count));
   } else {
     frame_->EmitPush(Immediate(Factory::undefined_value()));
   }
 
@@ skipping 13 matching lines @@
   frame_->CallStub(&call_function, arg_count + 1);
 
   // Restore context and pop function from the stack.
   __ mov(esi, frame_->Context());
   __ mov(frame_->Top(), eax);
 }
 
 
 void CodeGenerator::GenerateIsSmi(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 1);
-  Load(args->at(0));
-  frame_->SpillAll();
+  LoadAndSpill(args->at(0));
   frame_->EmitPop(eax);
   __ test(eax, Immediate(kSmiTagMask));
   cc_reg_ = zero;
 }
 
 
 void CodeGenerator::GenerateIsNonNegativeSmi(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 1);
-  Load(args->at(0));
-  frame_->SpillAll();
+  LoadAndSpill(args->at(0));
   frame_->EmitPop(eax);
   __ test(eax, Immediate(kSmiTagMask | 0x80000000));
   cc_reg_ = zero;
 }
 
 
 // This generates code that performs a charCodeAt() call or returns
 // undefined in order to trigger the slow case, Runtime_StringCharCodeAt.
 // It can handle flat and sliced strings, 8 and 16 bit characters and
 // cons strings where the answer is found in the left hand branch of the
 // cons.  The slow case will flatten the string, which will ensure that
 // the answer is in the left hand side the next time around.
 void CodeGenerator::GenerateFastCharCodeAt(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 2);
 
   JumpTarget slow_case(this);
   JumpTarget end(this);
   JumpTarget not_a_flat_string(this);
   JumpTarget not_a_cons_string_either(this);
   JumpTarget try_again_with_new_string(this);
   JumpTarget ascii_string(this);
   JumpTarget got_char_code(this);
 
   // Load the string into eax and the index into ebx.
-  Load(args->at(0));
-  frame_->SpillAll();
-  Load(args->at(1));
-  frame_->SpillAll();
+  LoadAndSpill(args->at(0));
+  LoadAndSpill(args->at(1));
   frame_->EmitPop(ebx);
   frame_->EmitPop(eax);
   // If the receiver is a smi return undefined.
   ASSERT(kSmiTag == 0);
   __ test(eax, Immediate(kSmiTagMask));
   slow_case.Branch(zero, not_taken);
 
   // Check for negative or non-smi index.
   ASSERT(kSmiTag == 0);
   __ test(ebx, Immediate(kSmiTagMask | 0x80000000));
@@ skipping 79 matching lines @@
 
   slow_case.Bind();
   frame_->EmitPush(Immediate(Factory::undefined_value()));
 
   end.Bind();
 }
 
 
 void CodeGenerator::GenerateIsArray(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 1);
-  Load(args->at(0));
-  frame_->SpillAll();
+  LoadAndSpill(args->at(0));
   JumpTarget answer(this);
   // We need the CC bits to come out as not_equal in the case where the
   // object is a smi.  This can't be done with the usual test opcode so
   // we copy the object to ecx and do some destructive ops on it that
   // result in the right CC bits.
   frame_->EmitPop(eax);
   __ mov(ecx, Operand(eax));
   __ and_(ecx, kSmiTagMask);
   __ xor_(ecx, kSmiTagMask);
   answer.Branch(not_equal, not_taken);
@@ skipping 18 matching lines @@
   // Call the shared stub to get to the arguments.length.
   ArgumentsAccessStub stub(ArgumentsAccessStub::READ_LENGTH);
   frame_->CallStub(&stub, 0);
   frame_->EmitPush(eax);
 }
 
 
 void CodeGenerator::GenerateValueOf(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 1);
   JumpTarget leave(this);
-  Load(args->at(0));  // Load the object.
-  frame_->SpillAll();
+  LoadAndSpill(args->at(0));  // Load the object.
   __ mov(eax, frame_->Top());
   // if (object->IsSmi()) return object.
   __ test(eax, Immediate(kSmiTagMask));
   leave.Branch(zero, taken);
   // It is a heap object - get map.
   __ mov(ecx, FieldOperand(eax, HeapObject::kMapOffset));
   __ movzx_b(ecx, FieldOperand(ecx, Map::kInstanceTypeOffset));
   // if (!object->IsJSValue()) return object.
   __ cmp(ecx, JS_VALUE_TYPE);
   leave.Branch(not_equal, not_taken);
   __ mov(eax, FieldOperand(eax, JSValue::kValueOffset));
   __ mov(frame_->Top(), eax);
   leave.Bind();
 }
 
 
 void CodeGenerator::GenerateSetValueOf(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 2);
   JumpTarget leave(this);
-  Load(args->at(0));  // Load the object.
-  frame_->SpillAll();
-  Load(args->at(1));  // Load the value.
-  frame_->SpillAll();
+  LoadAndSpill(args->at(0));  // Load the object.
+  LoadAndSpill(args->at(1));  // Load the value.
   __ mov(eax, frame_->ElementAt(1));
   __ mov(ecx, frame_->Top());
   // if (object->IsSmi()) return object.
   __ test(eax, Immediate(kSmiTagMask));
   leave.Branch(zero, taken);
   // It is a heap object - get map.
   __ mov(ebx, FieldOperand(eax, HeapObject::kMapOffset));
   __ movzx_b(ebx, FieldOperand(ebx, Map::kInstanceTypeOffset));
   // if (!object->IsJSValue()) return object.
   __ cmp(ebx, JS_VALUE_TYPE);
   leave.Branch(not_equal, not_taken);
   // Store the value.
   __ mov(FieldOperand(eax, JSValue::kValueOffset), ecx);
   // Update the write barrier.
   __ RecordWrite(eax, JSValue::kValueOffset, ecx, ebx);
   // Leave.
   leave.Bind();
   __ mov(ecx, frame_->Top());
   frame_->Drop();
   __ mov(frame_->Top(), ecx);
 }
 
 
 void CodeGenerator::GenerateArgumentsAccess(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 1);
 
   // Load the key onto the stack and set register eax to the formal
   // parameters count for the currently executing function.
-  Load(args->at(0));
-  frame_->SpillAll();
+  LoadAndSpill(args->at(0));
   __ Set(eax, Immediate(Smi::FromInt(scope_->num_parameters())));
 
   // Call the shared stub to get to arguments[key].
   ArgumentsAccessStub stub(ArgumentsAccessStub::READ_ELEMENT);
   frame_->CallStub(&stub, 0);
   __ mov(frame_->Top(), eax);
 }
 
 
 void CodeGenerator::GenerateObjectEquals(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 2);
 
   // Load the two objects into registers and perform the comparison.
-  Load(args->at(0));
-  frame_->SpillAll();
-  Load(args->at(1));
-  frame_->SpillAll();
+  LoadAndSpill(args->at(0));
+  LoadAndSpill(args->at(1));
   frame_->EmitPop(eax);
   frame_->EmitPop(ecx);
   __ cmp(eax, Operand(ecx));
   cc_reg_ = equal;
 }
 
 
 void CodeGenerator::VisitCallRuntime(CallRuntime* node) {
-  frame_->SpillAll();
+  VirtualFrame::SpilledScope spilled_scope(this);
   if (CheckForInlineRuntimeCall(node)) {
     return;
   }
 
   ZoneList<Expression*>* args = node->arguments();
   Comment cmnt(masm_, "[ CallRuntime");
   Runtime::Function* function = node->function();
 
   if (function == NULL) {
     // Prepare stack for calling JS runtime function.
     frame_->EmitPush(Immediate(node->name()));
     // Push the builtins object found in the current global object.
     __ mov(edx, GlobalObject());
     frame_->EmitPush(FieldOperand(edx, GlobalObject::kBuiltinsOffset));
   }
 
   // Push the arguments ("left-to-right").
   int arg_count = args->length();
   for (int i = 0; i < arg_count; i++) {
-    Load(args->at(i));
-    frame_->SpillAll();
+    LoadAndSpill(args->at(i));
   }
 
   if (function == NULL) {
     // Call the JS runtime function.
     Handle<Code> stub = ComputeCallInitialize(arg_count);
     __ Set(eax, Immediate(args->length()));
     frame_->CallCodeObject(stub, RelocInfo::CODE_TARGET, arg_count + 1);
     __ mov(esi, frame_->Context());
     __ mov(frame_->Top(), eax);
   } else {
     // Call the C runtime function.
     frame_->CallRuntime(function, arg_count);
     frame_->EmitPush(eax);
   }
 }
 
 
 void CodeGenerator::VisitUnaryOperation(UnaryOperation* node) {
-  frame_->SpillAll();
+  VirtualFrame::SpilledScope spilled_scope(this);
   // Note that because of NOT and an optimization in comparison of a typeof
   // expression to a literal string, this function can fail to leave a value
   // on top of the frame or in the cc register.
   Comment cmnt(masm_, "[ UnaryOperation");
 
   Token::Value op = node->op();
 
   if (op == Token::NOT) {
-    LoadCondition(node->expression(), NOT_INSIDE_TYPEOF,
-                  false_target(), true_target(), true);
+    LoadConditionAndSpill(node->expression(), NOT_INSIDE_TYPEOF,
+                          false_target(), true_target(), true);
     cc_reg_ = NegateCondition(cc_reg_);
 
   } else if (op == Token::DELETE) {
     Property* property = node->expression()->AsProperty();
     if (property != NULL) {
-      Load(property->obj());
-      frame_->SpillAll();
-      Load(property->key());
-      frame_->SpillAll();
+      LoadAndSpill(property->obj());
+      LoadAndSpill(property->key());
       frame_->InvokeBuiltin(Builtins::DELETE, CALL_FUNCTION, 2);
       frame_->EmitPush(eax);
       return;
     }
 
     Variable* variable = node->expression()->AsVariableProxy()->AsVariable();
     if (variable != NULL) {
       Slot* slot = variable->slot();
       if (variable->is_global()) {
         LoadGlobal();
@@ skipping 14 matching lines @@
         frame_->EmitPush(eax);
         return;
       }
 
       // Default: Result of deleting non-global, not dynamically
       // introduced variables is false.
       frame_->EmitPush(Immediate(Factory::false_value()));
 
     } else {
       // Default: Result of deleting expressions is true.
-      Load(node->expression());  // may have side-effects
-      frame_->SpillAll();
+      LoadAndSpill(node->expression());  // may have side-effects
       __ Set(frame_->Top(), Immediate(Factory::true_value()));
     }
 
   } else if (op == Token::TYPEOF) {
     // Special case for loading the typeof expression; see comment on
     // LoadTypeofExpression().
     LoadTypeofExpression(node->expression());
     frame_->CallRuntime(Runtime::kTypeof, 1);
     frame_->EmitPush(eax);
 
   } else {
-    Load(node->expression());
-    frame_->SpillAll();
+    LoadAndSpill(node->expression());
     switch (op) {
       case Token::NOT:
       case Token::DELETE:
       case Token::TYPEOF:
         UNREACHABLE();  // handled above
         break;
 
       case Token::SUB: {
         UnarySubStub stub;
         // TODO(1222589): remove dependency of TOS being cached inside stub
@@ skipping 128 matching lines @@
   if (is_postfix_) {
     RevertToNumberStub to_number_stub(is_increment_);
     __ CallStub(&to_number_stub);
   }
   CounterOpStub stub(result_offset_, is_postfix_, is_increment_);
   __ CallStub(&stub);
 }
 
 
 void CodeGenerator::VisitCountOperation(CountOperation* node) {
-  frame_->SpillAll();
+  VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ CountOperation");
 
   bool is_postfix = node->is_postfix();
   bool is_increment = node->op() == Token::INC;
 
   Variable* var = node->expression()->AsVariableProxy()->AsVariable();
   bool is_const = (var != NULL && var->mode() == Variable::CONST);
 
   // Postfix: Make room for the result.
   if (is_postfix) {
     frame_->EmitPush(Immediate(0));
   }
 
   { Reference target(this, node->expression());
     if (target.is_illegal()) {
       // Spoof the virtual frame to have the expected height (one higher
       // than on entry).
       if (!is_postfix) {
         frame_->EmitPush(Immediate(Smi::FromInt(0)));
       }
       return;
     }
-    target.GetValue(NOT_INSIDE_TYPEOF);
-    frame_->SpillAll();
+    target.GetValueAndSpill(NOT_INSIDE_TYPEOF);
 
     CountOperationDeferred* deferred =
         new CountOperationDeferred(this, is_postfix, is_increment,
                                    target.size() * kPointerSize);
 
     frame_->EmitPop(eax);  // Load TOS into eax for calculations below
 
     // Postfix: Store the old value as the result.
     if (is_postfix) {
       __ mov(frame_->ElementAt(target.size()), eax);
@@ skipping 20 matching lines @@
   }
 
   // Postfix: Discard the new value and use the old.
   if (is_postfix) {
     frame_->Drop();
   }
 }
 
 
 void CodeGenerator::VisitBinaryOperation(BinaryOperation* node) {
-  frame_->SpillAll();
+  VirtualFrame::SpilledScope spilled_scope(this);
   // Note that due to an optimization in comparison operations (typeof
   // compared to a string literal), we can evaluate a binary expression such
   // as AND or OR and not leave a value on the frame or in the cc register.
   Comment cmnt(masm_, "[ BinaryOperation");
   Token::Value op = node->op();
 
   // According to ECMA-262 section 11.11, page 58, the binary logical
   // operators must yield the result of one of the two expressions
   // before any ToBoolean() conversions. This means that the value
   // produced by a && or || operator is not necessarily a boolean.
 
   // NOTE: If the left hand side produces a materialized value (not in
   // the CC register), we force the right hand side to do the
   // same. This is necessary because we may have to branch to the exit
   // after evaluating the left hand side (due to the shortcut
   // semantics), but the compiler must (statically) know if the result
   // of compiling the binary operation is materialized or not.
 
   if (op == Token::AND) {
     JumpTarget is_true(this);
-    LoadCondition(node->left(), NOT_INSIDE_TYPEOF, &is_true,
-                  false_target(), false);
+    LoadConditionAndSpill(node->left(), NOT_INSIDE_TYPEOF,
+                          &is_true, false_target(), false);
     if (has_cc() || frame_ == NULL) {
       if (has_cc()) {
         ASSERT(frame_ != NULL);
         Branch(false, false_target());
       }
 
       if (frame_ != NULL || is_true.is_linked()) {
         // Evaluate right side expression.
         is_true.Bind();
-        LoadCondition(node->right(), NOT_INSIDE_TYPEOF, true_target(),
-                      false_target(), false);
+        LoadConditionAndSpill(node->right(), NOT_INSIDE_TYPEOF,
+                              true_target(), false_target(), false);
       }
     } else {
-      frame_->SpillAll();
       // We have a materialized value on the frame.
       JumpTarget pop_and_continue(this);
       JumpTarget exit(this);
 
       // Avoid popping the result if it converts to 'false' using the
       // standard ToBoolean() conversion as described in ECMA-262, section
       // 9.2, page 30.
       //
       // Duplicate the TOS value. The duplicate will be popped by ToBoolean.
       __ mov(eax, frame_->Top());
       frame_->EmitPush(eax);
       ToBoolean(&pop_and_continue, &exit);
       Branch(false, &exit);
 
       // Pop the result of evaluating the first part.
       pop_and_continue.Bind();
       frame_->Drop();
 
       // Evaluate right side expression.
       is_true.Bind();
-      Load(node->right());
-      frame_->SpillAll();
+      LoadAndSpill(node->right());
 
       // Exit (always with a materialized value).
       exit.Bind();
     }
 
   } else if (op == Token::OR) {
     JumpTarget is_false(this);
-    LoadCondition(node->left(), NOT_INSIDE_TYPEOF, true_target(),
-                  &is_false, false);
+    LoadConditionAndSpill(node->left(), NOT_INSIDE_TYPEOF,
+                          true_target(), &is_false, false);
     if (has_cc() || frame_ == NULL) {
       if (has_cc()) {
         ASSERT(frame_ != NULL);
         Branch(true, true_target());
       }
 
       if (frame_ != NULL || is_false.is_linked()) {
         // Evaluate right side expression.
         is_false.Bind();
-        LoadCondition(node->right(), NOT_INSIDE_TYPEOF, true_target(),
-                      false_target(), false);
+        LoadConditionAndSpill(node->right(), NOT_INSIDE_TYPEOF,
+                              true_target(), false_target(), false);
       }
 
     } else {
-      frame_->SpillAll();
       // We have a materialized value on the frame.
       JumpTarget pop_and_continue(this);
       JumpTarget exit(this);
 
       // Avoid popping the result if it converts to 'true' using the
       // standard ToBoolean() conversion as described in ECMA-262,
       // section 9.2, page 30.
       // Duplicate the TOS value. The duplicate will be popped by ToBoolean.
       __ mov(eax, frame_->Top());
       frame_->EmitPush(eax);
       ToBoolean(&exit, &pop_and_continue);
       Branch(true, &exit);
 
       // Pop the result of evaluating the first part.
       pop_and_continue.Bind();
       frame_->Drop();
 
       // Evaluate right side expression.
       is_false.Bind();
-      Load(node->right());
-      frame_->SpillAll();
+      LoadAndSpill(node->right());
 
       // Exit (always with a materialized value).
       exit.Bind();
     }
 
   } else {
     // NOTE: The code below assumes that the slow cases (calls to runtime)
     // never return a constant/immutable object.
     OverwriteMode overwrite_mode = NO_OVERWRITE;
     if (node->left()->AsBinaryOperation() != NULL &&
         node->left()->AsBinaryOperation()->ResultOverwriteAllowed()) {
       overwrite_mode = OVERWRITE_LEFT;
     } else if (node->right()->AsBinaryOperation() != NULL &&
                node->right()->AsBinaryOperation()->ResultOverwriteAllowed()) {
       overwrite_mode = OVERWRITE_RIGHT;
     }
 
     // Optimize for the case where (at least) one of the expressions
     // is a literal small integer.
     Literal* lliteral = node->left()->AsLiteral();
     Literal* rliteral = node->right()->AsLiteral();
 
     if (IsInlineSmi(rliteral)) {
-      Load(node->left());
-      frame_->SpillAll();
+      LoadAndSpill(node->left());
       SmiOperation(node->op(), node->type(), rliteral->handle(), false,
                    overwrite_mode);
     } else if (IsInlineSmi(lliteral)) {
-      Load(node->right());
-      frame_->SpillAll();
+      LoadAndSpill(node->right());
       SmiOperation(node->op(), node->type(), lliteral->handle(), true,
                    overwrite_mode);
     } else {
-      Load(node->left());
-      frame_->SpillAll();
-      Load(node->right());
-      frame_->SpillAll();
+      LoadAndSpill(node->left());
+      LoadAndSpill(node->right());
       GenericBinaryOperation(node->op(), node->type(), overwrite_mode);
     }
   }
 }
 
 
 void CodeGenerator::VisitThisFunction(ThisFunction* node) {
-  frame_->SpillAll();
+  VirtualFrame::SpilledScope spilled_scope(this);
   frame_->EmitPush(frame_->Function());
 }
 
 
 class InstanceofStub: public CodeStub {
  public:
   InstanceofStub() { }
 
   void Generate(MacroAssembler* masm);
 
@@ skipping 15 matching lines @@
   // literal 'null'. If so, we optimize the code by inlining a null check
   // instead of calling the (very) general runtime routine for checking
   // equality.
   if (op == Token::EQ || op == Token::EQ_STRICT) {
     bool left_is_null =
         left->AsLiteral() != NULL && left->AsLiteral()->IsNull();
     bool right_is_null =
         right->AsLiteral() != NULL && right->AsLiteral()->IsNull();
     // The 'null' value can only be equal to 'null' or 'undefined'.
     if (left_is_null || right_is_null) {
-      frame_->SpillAll();
-      Load(left_is_null ? right : left);
-      frame_->SpillAll();
+      VirtualFrame::SpilledScope spilled_scope(this);
+      LoadAndSpill(left_is_null ? right : left);
       frame_->EmitPop(eax);
       __ cmp(eax, Factory::null_value());
 
       // The 'null' value is only equal to 'undefined' if using non-strict
       // comparisons.
       if (op != Token::EQ_STRICT) {
         true_target()->Branch(equal);
 
         __ cmp(eax, Factory::undefined_value());
         true_target()->Branch(equal);
@@ skipping 16 matching lines @@
   // To make typeof testing for natives implemented in JavaScript really
   // efficient, we generate special code for expressions of the form:
   // 'typeof <expression> == <string>'.
   UnaryOperation* operation = left->AsUnaryOperation();
   if ((op == Token::EQ || op == Token::EQ_STRICT) &&
       (operation != NULL && operation->op() == Token::TYPEOF) &&
       (right->AsLiteral() != NULL &&
        right->AsLiteral()->handle()->IsString())) {
     Handle<String> check(String::cast(*right->AsLiteral()->handle()));
 
-    frame_->SpillAll();
+    VirtualFrame::SpilledScope spilled_scope(this);
     // Load the operand and move it to register edx.
     LoadTypeofExpression(operation->expression());
-    frame_->SpillAll();
     frame_->EmitPop(edx);
 
     if (check->Equals(Heap::number_symbol())) {
       __ test(edx, Immediate(kSmiTagMask));
       true_target()->Branch(zero);
       __ mov(edx, FieldOperand(edx, HeapObject::kMapOffset));
       __ cmp(edx, Factory::heap_number_map());
       cc_reg_ = equal;
 
     } else if (check->Equals(Heap::string_symbol())) {
@@ skipping 86 matching lines @@
     case Token::GT:
       cc = greater;
       break;
     case Token::LTE:
       cc = less_equal;
       break;
     case Token::GTE:
       cc = greater_equal;
       break;
     case Token::IN: {
-      frame_->SpillAll();
-      Load(left);
-      frame_->SpillAll();
-      Load(right);
-      frame_->SpillAll();
+      VirtualFrame::SpilledScope spilled_scope(this);
+      LoadAndSpill(left);
+      LoadAndSpill(right);
       frame_->InvokeBuiltin(Builtins::IN, CALL_FUNCTION, 2);
       frame_->EmitPush(eax);  // push the result
       return;
     }
     case Token::INSTANCEOF: {
-      frame_->SpillAll();
-      Load(left);
-      frame_->SpillAll();
-      Load(right);
-      frame_->SpillAll();
+      VirtualFrame::SpilledScope spilled_scope(this);
+      LoadAndSpill(left);
+      LoadAndSpill(right);
       InstanceofStub stub;
       frame_->CallStub(&stub, 2);
       __ test(eax, Operand(eax));
       cc_reg_ = zero;
       return;
     }
     default:
       UNREACHABLE();
   }
 
   // Optimize for the case where (at least) one of the expressions
   // is a literal small integer.
   if (IsInlineSmi(left->AsLiteral())) {
-    frame_->SpillAll();
     Load(right);
-    frame_->SpillAll();
     SmiComparison(ReverseCondition(cc), left->AsLiteral()->handle(), strict);
     return;
   }
   if (IsInlineSmi(right->AsLiteral())) {
     Load(left);
     SmiComparison(cc, right->AsLiteral()->handle(), strict);
     return;
   }
 
-  frame_->SpillAll();
-  Load(left);
-  frame_->SpillAll();
-  Load(right);
-  frame_->SpillAll();
+  VirtualFrame::SpilledScope spilled_scope(this);
+  LoadAndSpill(left);
+  LoadAndSpill(right);
   Comparison(cc, strict);
 }
 
 
 void CodeGenerator::RecordStatementPosition(Node* node) {
   if (FLAG_debug_info) {
     int pos = node->statement_pos();
     if (pos != RelocInfo::kNoPosition) {
       __ RecordStatementPosition(pos);
     }
@@ skipping 22 matching lines @@
     MacroAssembler* masm = cgen_->masm();
     __ RecordPosition(property->position());
     Literal* raw_name = property->key()->AsLiteral();
     ASSERT(raw_name != NULL);
     return Handle<String>(String::cast(*raw_name->handle()));
   }
 }
 
 
 void Reference::GetValue(TypeofState typeof_state) {
+  ASSERT(!cgen_->in_spilled_code());
   ASSERT(!is_illegal());
   ASSERT(!cgen_->has_cc());
   MacroAssembler* masm = cgen_->masm();
   VirtualFrame* frame = cgen_->frame();
   switch (type_) {
     case SLOT: {
       Comment cmnt(masm, "[ Load from Slot");
       Slot* slot = expression_->AsVariableProxy()->AsVariable()->slot();
       ASSERT(slot != NULL);
       cgen_->LoadFromSlot(slot, typeof_state);
       break;
     }
 
     case NAMED: {
       // TODO(1241834): Make sure that this it is safe to ignore the
       // distinction between expressions in a typeof and not in a typeof. If
       // there is a chance that reference errors can be thrown below, we
       // must distinguish between the two kinds of loads (typeof expression
       // loads must not throw a reference error).
-      frame->SpillAll();
+      VirtualFrame::SpilledScope spilled_scope(cgen_);
       Comment cmnt(masm, "[ Load from named Property");
       Handle<String> name(GetName());
       Handle<Code> ic(Builtins::builtin(Builtins::LoadIC_Initialize));
       // Setup the name register.
       __ mov(ecx, name);
 
       Variable* var = expression_->AsVariableProxy()->AsVariable();
       if (var != NULL) {
         ASSERT(var->is_global());
         frame->CallCodeObject(ic, RelocInfo::CODE_TARGET_CONTEXT, 0);
       } else {
         frame->CallCodeObject(ic, RelocInfo::CODE_TARGET, 0);
       }
       frame->EmitPush(eax);  // IC call leaves result in eax, push it out
       break;
     }
 
     case KEYED: {
       // TODO(1241834): Make sure that this it is safe to ignore the
       // distinction between expressions in a typeof and not in a typeof.
-      frame->SpillAll();
+      VirtualFrame::SpilledScope spilled_scope(cgen_);
       Comment cmnt(masm, "[ Load from keyed Property");
       Property* property = expression_->AsProperty();
       ASSERT(property != NULL);
       __ RecordPosition(property->position());
       Handle<Code> ic(Builtins::builtin(Builtins::KeyedLoadIC_Initialize));
 
       Variable* var = expression_->AsVariableProxy()->AsVariable();
       if (var != NULL) {
         ASSERT(var->is_global());
         frame->CallCodeObject(ic, RelocInfo::CODE_TARGET_CONTEXT, 0);
@@ skipping 18 matching lines @@
   switch (type_) {
     case SLOT: {
       Comment cmnt(masm, "[ Store to Slot");
       Slot* slot = expression_->AsVariableProxy()->AsVariable()->slot();
       ASSERT(slot != NULL);
       cgen_->StoreToSlot(slot, init_state);
       break;
     }
 
     case NAMED: {
-      frame->SpillAll();
+      VirtualFrame::SpilledScope spilled_scope(cgen_);
       Comment cmnt(masm, "[ Store to named Property");
       // Call the appropriate IC code.
       Handle<String> name(GetName());
       Handle<Code> ic(Builtins::builtin(Builtins::StoreIC_Initialize));
       // TODO(1222589): Make the IC grab the values from the stack.
       frame->EmitPop(eax);
       // Setup the name register.
       __ mov(ecx, name);
       frame->CallCodeObject(ic, RelocInfo::CODE_TARGET, 0);
       frame->EmitPush(eax);  // IC call leaves result in eax, push it out
       break;
     }
 
     case KEYED: {
-      frame->SpillAll();
+      VirtualFrame::SpilledScope spilled_scope(cgen_);
       Comment cmnt(masm, "[ Store to keyed Property");
       Property* property = expression_->AsProperty();
       ASSERT(property != NULL);
       __ RecordPosition(property->position());
       // Call IC code.
       Handle<Code> ic(Builtins::builtin(Builtins::KeyedStoreIC_Initialize));
       // TODO(1222589): Make the IC grab the values from the stack.
       frame->EmitPop(eax);
       frame->CallCodeObject(ic, RelocInfo::CODE_TARGET, 0);
       frame->EmitPush(eax);  // IC call leaves result in eax, push it out
@@ skipping 1380 matching lines @@
 
   // Slow-case: Go through the JavaScript implementation.
   __ bind(&slow);
   __ InvokeBuiltin(Builtins::INSTANCE_OF, JUMP_FUNCTION);
 }
 
 
 #undef __
 
 } }  // namespace v8::internal