Checking for stack height equality between full codegen and hydrogen.

src/ia32/full-codegen-ia32.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "v8.h"
 
 #if V8_TARGET_ARCH_IA32
 
 #include "code-stubs.h"
 #include "codegen.h"
@@ skipping 147 matching lines @@
 
   info->set_prologue_offset(masm_->pc_offset());
   __ Prologue(info->IsCodePreAgingActive());
   info->AddNoFrameRange(0, masm_->pc_offset());
 
   { Comment cmnt(masm_, "[ Allocate locals");
     int locals_count = info->scope()->num_stack_slots();
     // Generators allocate locals, if any, in context slots.
     ASSERT(!info->function()->is_generator() || locals_count == 0);
     if (locals_count == 1) {
-      __ push(Immediate(isolate()->factory()->undefined_value()));
+      AsmPushHandle(isolate()->factory()->undefined_value());
     } else if (locals_count > 1) {
       if (locals_count >= 128) {
         EmitStackCheck(masm_, locals_count, ecx);
       }
       __ mov(eax, Immediate(isolate()->factory()->undefined_value()));
       const int kMaxPushes = 32;
       if (locals_count >= kMaxPushes) {
         int loop_iterations = locals_count / kMaxPushes;
         __ mov(ecx, loop_iterations);
         Label loop_header;
         __ bind(&loop_header);
         // Do pushes.
         for (int i = 0; i < kMaxPushes; i++) {
           __ push(eax);
         }
         __ dec(ecx);
         __ j(not_zero, &loop_header, Label::kNear);
       }
       int remaining = locals_count % kMaxPushes;
       // Emit the remaining pushes.
       for (int i  = 0; i < remaining; i++) {
         __ push(eax);
       }
+      UpdateStackHeight(locals_count);
     }
   }
 
   bool function_in_register = true;
 
   // Possibly allocate a local context.
   int heap_slots = info->scope()->num_heap_slots() - Context::MIN_CONTEXT_SLOTS;
   if (heap_slots > 0) {
     Comment cmnt(masm_, "[ Allocate context");
     // Argument to NewContext is the function, which is still in edi.
     if (FLAG_harmony_scoping && info->scope()->is_global_scope()) {
-      __ push(edi);
-      __ Push(info->scope()->GetScopeInfo());
-      __ CallRuntime(Runtime::kHiddenNewGlobalContext, 2);
+      AsmPush(edi);
+      AsmPushHandle(info->scope()->GetScopeInfo());
+      AsmCallRuntime(Runtime::kHiddenNewGlobalContext, 2);
     } else if (heap_slots <= FastNewContextStub::kMaximumSlots) {
       FastNewContextStub stub(isolate(), heap_slots);
       __ CallStub(&stub);
     } else {
-      __ push(edi);
-      __ CallRuntime(Runtime::kHiddenNewFunctionContext, 1);
+      AsmPush(edi);
+      AsmCallRuntime(Runtime::kHiddenNewFunctionContext, 1);
     }
     function_in_register = false;
     // Context is returned in eax.  It replaces the context passed to us.
     // It's saved in the stack and kept live in esi.
     __ mov(esi, eax);
     __ mov(Operand(ebp, StandardFrameConstants::kContextOffset), eax);
 
     // Copy parameters into context if necessary.
     int num_parameters = info->scope()->num_parameters();
     for (int i = 0; i < num_parameters; i++) {
@@ skipping 14 matching lines @@
                                   kDontSaveFPRegs);
       }
     }
   }
 
   Variable* arguments = scope()->arguments();
   if (arguments != NULL) {
     // Function uses arguments object.
     Comment cmnt(masm_, "[ Allocate arguments object");
     if (function_in_register) {
-      __ push(edi);
+      AsmPush(edi);
     } else {
-      __ push(Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
+      AsmPush(Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
     }
     // Receiver is just before the parameters on the caller's stack.
     int num_parameters = info->scope()->num_parameters();
     int offset = num_parameters * kPointerSize;
     __ lea(edx,
            Operand(ebp, StandardFrameConstants::kCallerSPOffset + offset));
-    __ push(edx);
-    __ push(Immediate(Smi::FromInt(num_parameters)));
+    AsmPush(edx);
+    AsmPushSmi(Smi::FromInt(num_parameters));
     // Arguments to ArgumentsAccessStub:
     //   function, receiver address, parameter count.
     // The stub will rewrite receiver and parameter count if the previous
     // stack frame was an arguments adapter frame.
     ArgumentsAccessStub::Type type;
     if (strict_mode() == STRICT) {
       type = ArgumentsAccessStub::NEW_STRICT;
     } else if (function()->has_duplicate_parameters()) {
       type = ArgumentsAccessStub::NEW_SLOPPY_SLOW;
     } else {
       type = ArgumentsAccessStub::NEW_SLOPPY_FAST;
     }
     ArgumentsAccessStub stub(isolate(), type);
-    __ CallStub(&stub);
+    AsmCallStub(&stub, 3);
 
     SetVar(arguments, eax, ebx, edx);
   }
 
   if (FLAG_trace) {
-    __ CallRuntime(Runtime::kTraceEnter, 0);
+    AsmCallRuntime(Runtime::kTraceEnter, 0);
   }
 
   // Visit the declarations and body unless there is an illegal
   // redeclaration.
   if (scope()->HasIllegalRedeclaration()) {
     Comment cmnt(masm_, "[ Declarations");
     scope()->VisitIllegalRedeclaration(this);
 
   } else {
     PrepareForBailoutForId(BailoutId::FunctionEntry(), NO_REGISTERS);
@@ skipping 81 matching lines @@
 
 
 void FullCodeGenerator::EmitReturnSequence() {
   Comment cmnt(masm_, "[ Return sequence");
   if (return_label_.is_bound()) {
     __ jmp(&return_label_);
   } else {
     // Common return label
     __ bind(&return_label_);
     if (FLAG_trace) {
-      __ push(eax);
-      __ CallRuntime(Runtime::kTraceExit, 1);
+      AsmPush(eax);
+      AsmCallRuntime(Runtime::kTraceExit, 1);
     }
     // Pretend that the exit is a backwards jump to the entry.
     int weight = 1;
     if (info_->ShouldSelfOptimize()) {
       weight = FLAG_interrupt_budget / FLAG_self_opt_count;
     } else {
       int distance = masm_->pc_offset();
       weight = Min(kMaxBackEdgeWeight,
                    Max(1, distance / kCodeSizeMultiplier));
     }
     EmitProfilingCounterDecrement(weight);
     Label ok;
     __ j(positive, &ok, Label::kNear);
-    __ push(eax);
+    AsmPush(eax);
     __ call(isolate()->builtins()->InterruptCheck(),
             RelocInfo::CODE_TARGET);
-    __ pop(eax);
+    AsmPop(eax);
     EmitProfilingCounterReset();
     __ bind(&ok);
 #ifdef DEBUG
     // Add a label for checking the size of the code used for returning.
     Label check_exit_codesize;
     masm_->bind(&check_exit_codesize);
 #endif
     SetSourcePosition(function()->end_position() - 1);
     __ RecordJSReturn();
     // Do not use the leave instruction here because it is too short to
@@ skipping 21 matching lines @@
 void FullCodeGenerator::AccumulatorValueContext::Plug(Variable* var) const {
   ASSERT(var->IsStackAllocated() || var->IsContextSlot());
   codegen()->GetVar(result_register(), var);
 }
 
 
 void FullCodeGenerator::StackValueContext::Plug(Variable* var) const {
   ASSERT(var->IsStackAllocated() || var->IsContextSlot());
   MemOperand operand = codegen()->VarOperand(var, result_register());
   // Memory operands can be pushed directly.
-  __ push(operand);
+  codegen()->AsmPush(operand);
 }
 
 
 void FullCodeGenerator::TestContext::Plug(Variable* var) const {
   // For simplicity we always test the accumulator register.
   codegen()->GetVar(result_register(), var);
   codegen()->PrepareForBailoutBeforeSplit(condition(), false, NULL, NULL);
   codegen()->DoTest(this);
 }
 
@@ skipping 30 matching lines @@
     __ SafeMove(result_register(), Immediate(lit));
   } else {
     __ Move(result_register(), Immediate(lit));
   }
 }
 
 
 void FullCodeGenerator::StackValueContext::Plug(Handle<Object> lit) const {
   if (lit->IsSmi()) {
     __ SafePush(Immediate(lit));
+    codegen()->UpdateStackHeight(1);
   } else {
-    __ push(Immediate(lit));
+    codegen()->AsmPushHandle(lit);
   }
 }
 
 
 void FullCodeGenerator::TestContext::Plug(Handle<Object> lit) const {
   codegen()->PrepareForBailoutBeforeSplit(condition(),
                                           true,
                                           true_label_,
                                           false_label_);
   ASSERT(!lit->IsUndetectableObject());  // There are no undetectable literals.
@@ skipping 17 matching lines @@
     // For simplicity we always test the accumulator register.
     __ mov(result_register(), lit);
     codegen()->DoTest(this);
   }
 }
 
 
 void FullCodeGenerator::EffectContext::DropAndPlug(int count,
                                                    Register reg) const {
   ASSERT(count > 0);
-  __ Drop(count);
+  codegen()->AsmDrop(count);
 }
 
 
 void FullCodeGenerator::AccumulatorValueContext::DropAndPlug(
     int count,
     Register reg) const {
   ASSERT(count > 0);
-  __ Drop(count);
+  codegen()->AsmDrop(count);
   __ Move(result_register(), reg);
 }
 
 
 void FullCodeGenerator::StackValueContext::DropAndPlug(int count,
                                                        Register reg) const {
   ASSERT(count > 0);
-  if (count > 1) __ Drop(count - 1);
+  if (count > 1) codegen()->AsmDrop(count - 1);
   __ mov(Operand(esp, 0), reg);
 }
 
 
 void FullCodeGenerator::TestContext::DropAndPlug(int count,
                                                  Register reg) const {
   ASSERT(count > 0);
   // For simplicity we always test the accumulator register.
-  __ Drop(count);
+  codegen()->AsmDrop(count);
   __ Move(result_register(), reg);
   codegen()->PrepareForBailoutBeforeSplit(condition(), false, NULL, NULL);
   codegen()->DoTest(this);
 }
 
 
 void FullCodeGenerator::EffectContext::Plug(Label* materialize_true,
                                             Label* materialize_false) const {
   ASSERT(materialize_true == materialize_false);
   __ bind(materialize_true);
 }
 
 
 void FullCodeGenerator::AccumulatorValueContext::Plug(
     Label* materialize_true,
     Label* materialize_false) const {
   Label done;
   __ bind(materialize_true);
   __ mov(result_register(), isolate()->factory()->true_value());
   __ jmp(&done, Label::kNear);
   __ bind(materialize_false);
   __ mov(result_register(), isolate()->factory()->false_value());
   __ bind(&done);
 }
 
 
 void FullCodeGenerator::StackValueContext::Plug(
     Label* materialize_true,
     Label* materialize_false) const {
+  StackHeightWrapper stack_height = codegen()->CurrentStackHeight();
   Label done;
   __ bind(materialize_true);
-  __ push(Immediate(isolate()->factory()->true_value()));
+  codegen()->AsmPushHandle(isolate()->factory()->true_value());
   __ jmp(&done, Label::kNear);
   __ bind(materialize_false);
-  __ push(Immediate(isolate()->factory()->false_value()));
+  codegen()->SetStackHeight(stack_height);
+  codegen()->AsmPushHandle(isolate()->factory()->false_value());
   __ bind(&done);
 }
 
 
 void FullCodeGenerator::TestContext::Plug(Label* materialize_true,
                                           Label* materialize_false) const {
   ASSERT(materialize_true == true_label_);
   ASSERT(materialize_false == false_label_);
 }
 
 
 void FullCodeGenerator::EffectContext::Plug(bool flag) const {
 }
 
 
 void FullCodeGenerator::AccumulatorValueContext::Plug(bool flag) const {
   Handle<Object> value = flag
       ? isolate()->factory()->true_value()
       : isolate()->factory()->false_value();
   __ mov(result_register(), value);
 }
 
 
 void FullCodeGenerator::StackValueContext::Plug(bool flag) const {
   Handle<Object> value = flag
       ? isolate()->factory()->true_value()
       : isolate()->factory()->false_value();
-  __ push(Immediate(value));
+  codegen()->AsmPushHandle(value);
 }
 
 
 void FullCodeGenerator::TestContext::Plug(bool flag) const {
   codegen()->PrepareForBailoutBeforeSplit(condition(),
                                           true,
                                           true_label_,
                                           false_label_);
   if (flag) {
     if (true_label_ != fall_through_) __ jmp(true_label_);
@@ skipping 149 matching lines @@
         EmitDebugCheckDeclarationContext(variable);
         __ mov(ContextOperand(esi, variable->index()),
                Immediate(isolate()->factory()->the_hole_value()));
         // No write barrier since the hole value is in old space.
         PrepareForBailoutForId(proxy->id(), NO_REGISTERS);
       }
       break;
 
     case Variable::LOOKUP: {
       Comment cmnt(masm_, "[ VariableDeclaration");
-      __ push(esi);
-      __ push(Immediate(variable->name()));
+      AsmPush(esi);
+      AsmPushHandle(variable->name());
       // VariableDeclaration nodes are always introduced in one of four modes.
       ASSERT(IsDeclaredVariableMode(mode));
       PropertyAttributes attr =
           IsImmutableVariableMode(mode) ? READ_ONLY : NONE;
-      __ push(Immediate(Smi::FromInt(attr)));
+      AsmPushSmi(Smi::FromInt(attr));
       // Push initial value, if any.
       // Note: For variables we must not push an initial value (such as
       // 'undefined') because we may have a (legal) redeclaration and we
       // must not destroy the current value.
       if (hole_init) {
-        __ push(Immediate(isolate()->factory()->the_hole_value()));
+        AsmPushHandle(isolate()->factory()->the_hole_value());
       } else {
-        __ push(Immediate(Smi::FromInt(0)));  // Indicates no initial value.
+        AsmPushSmi(Smi::FromInt(0));  // Indicates no initial value.
       }
-      __ CallRuntime(Runtime::kHiddenDeclareContextSlot, 4);
+      AsmCallRuntime(Runtime::kHiddenDeclareContextSlot, 4);
       break;
     }
   }
 }
 
 
 void FullCodeGenerator::VisitFunctionDeclaration(
     FunctionDeclaration* declaration) {
   VariableProxy* proxy = declaration->proxy();
   Variable* variable = proxy->var();
@@ skipping 28 matching lines @@
                                 ecx,
                                 kDontSaveFPRegs,
                                 EMIT_REMEMBERED_SET,
                                 OMIT_SMI_CHECK);
       PrepareForBailoutForId(proxy->id(), NO_REGISTERS);
       break;
     }
 
     case Variable::LOOKUP: {
       Comment cmnt(masm_, "[ FunctionDeclaration");
-      __ push(esi);
-      __ push(Immediate(variable->name()));
-      __ push(Immediate(Smi::FromInt(NONE)));
+      AsmPush(esi);
+      AsmPushHandle(variable->name());
+      AsmPushSmi(Smi::FromInt(NONE));
       VisitForStackValue(declaration->fun());
-      __ CallRuntime(Runtime::kHiddenDeclareContextSlot, 4);
+      AsmCallRuntime(Runtime::kHiddenDeclareContextSlot, 4);
       break;
     }
   }
 }
 
 
 void FullCodeGenerator::VisitModuleDeclaration(ModuleDeclaration* declaration) {
   Variable* variable = declaration->proxy()->var();
   ASSERT(variable->location() == Variable::CONTEXT);
   ASSERT(variable->interface()->IsFrozen());
@@ skipping 46 matching lines @@
 }
 
 
 void FullCodeGenerator::VisitExportDeclaration(ExportDeclaration* declaration) {
   // TODO(rossberg)
 }
 
 
 void FullCodeGenerator::DeclareGlobals(Handle<FixedArray> pairs) {
   // Call the runtime to declare the globals.
-  __ push(esi);  // The context is the first argument.
-  __ Push(pairs);
-  __ Push(Smi::FromInt(DeclareGlobalsFlags()));
-  __ CallRuntime(Runtime::kHiddenDeclareGlobals, 3);
+  AsmPush(esi);  // The context is the first argument.
+  AsmPushHandle(pairs);
+  AsmPushSmi(Smi::FromInt(DeclareGlobalsFlags()));
+  AsmCallRuntime(Runtime::kHiddenDeclareGlobals, 3);
   // Return value is ignored.
 }
 
 
 void FullCodeGenerator::DeclareModules(Handle<FixedArray> descriptions) {
   // Call the runtime to declare the modules.
-  __ Push(descriptions);
-  __ CallRuntime(Runtime::kHiddenDeclareModules, 1);
+  AsmPushHandle(descriptions);
+  AsmCallRuntime(Runtime::kHiddenDeclareModules, 1);
   // Return value is ignored.
 }
 
 
 void FullCodeGenerator::VisitSwitchStatement(SwitchStatement* stmt) {
   Comment cmnt(masm_, "[ SwitchStatement");
   Breakable nested_statement(this, stmt);
   SetStatementPosition(stmt);
 
   // Keep the switch value on the stack until a case matches.
   VisitForStackValue(stmt->tag());
   PrepareForBailoutForId(stmt->EntryId(), NO_REGISTERS);
 
   ZoneList<CaseClause*>* clauses = stmt->cases();
   CaseClause* default_clause = NULL;  // Can occur anywhere in the list.
 
+  StackHeightWrapper case_stack_height = CurrentStackHeight();
   Label next_test;  // Recycled for each test.
   // Compile all the tests with branches to their bodies.
   for (int i = 0; i < clauses->length(); i++) {
     CaseClause* clause = clauses->at(i);
     clause->body_target()->Unuse();
 
     // The default is not a test, but remember it as final fall through.
     if (clause->is_default()) {
       default_clause = clause;
       continue;
     }
 
     Comment cmnt(masm_, "[ Case comparison");
     __ bind(&next_test);
+    SetStackHeight(case_stack_height);
     next_test.Unuse();
 
     // Compile the label expression.
     VisitForAccumulatorValue(clause->label());
 
     // Perform the comparison as if via '==='.
     __ mov(edx, Operand(esp, 0));  // Switch value.
     bool inline_smi_code = ShouldInlineSmiCase(Token::EQ_STRICT);
     JumpPatchSite patch_site(masm_);
     if (inline_smi_code) {
       Label slow_case;
       __ mov(ecx, edx);
       __ or_(ecx, eax);
       patch_site.EmitJumpIfNotSmi(ecx, &slow_case, Label::kNear);
 
       __ cmp(edx, eax);
       __ j(not_equal, &next_test);
-      __ Drop(1);  // Switch value is no longer needed.
+      AsmDrop(1);  // Switch value is no longer needed.
       __ jmp(clause->body_target());
       __ bind(&slow_case);
+      SetStackHeight(case_stack_height);
     }
 
     // Record position before stub call for type feedback.
     SetSourcePosition(clause->position());
     Handle<Code> ic = CompareIC::GetUninitialized(isolate(), Token::EQ_STRICT);
     CallIC(ic, clause->CompareId());
     patch_site.EmitPatchInfo();
 
     Label skip;
     __ jmp(&skip, Label::kNear);
     PrepareForBailout(clause, TOS_REG);
+
+    ASSERT(case_stack_height.get() == stack_height_.get());
     __ cmp(eax, isolate()->factory()->true_value());
     __ j(not_equal, &next_test);
-    __ Drop(1);
+    AsmDrop(1);
     __ jmp(clause->body_target());
     __ bind(&skip);
+    SetStackHeight(case_stack_height);
 
     __ test(eax, eax);
     __ j(not_equal, &next_test);
-    __ Drop(1);  // Switch value is no longer needed.
+    AsmDrop(1);  // Switch value is no longer needed.
     __ jmp(clause->body_target());
   }
 
   // Discard the test value and jump to the default if present, otherwise to
   // the end of the statement.
   __ bind(&next_test);
-  __ Drop(1);  // Switch value is no longer needed.
+  SetStackHeight(case_stack_height);
+  AsmDrop(1);  // Switch value is no longer needed.
   if (default_clause == NULL) {
     __ jmp(nested_statement.break_label());
   } else {
     __ jmp(default_clause->body_target());
   }
 
   // Compile all the case bodies.
   for (int i = 0; i < clauses->length(); i++) {
     Comment cmnt(masm_, "[ Case body");
     CaseClause* clause = clauses->at(i);
@@ skipping 26 matching lines @@
   __ j(equal, &exit);
 
   PrepareForBailoutForId(stmt->PrepareId(), TOS_REG);
 
   // Convert the object to a JS object.
   Label convert, done_convert;
   __ JumpIfSmi(eax, &convert, Label::kNear);
   __ CmpObjectType(eax, FIRST_SPEC_OBJECT_TYPE, ecx);
   __ j(above_equal, &done_convert, Label::kNear);
   __ bind(&convert);
-  __ push(eax);
-  __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION);
+  AsmPush(eax);
+  AsmInvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION, 1);
   __ bind(&done_convert);
-  __ push(eax);
+  AsmPush(eax);
 
   // Check for proxies.
   Label call_runtime, use_cache, fixed_array;
   STATIC_ASSERT(FIRST_JS_PROXY_TYPE == FIRST_SPEC_OBJECT_TYPE);
   __ CmpObjectType(eax, LAST_JS_PROXY_TYPE, ecx);
   __ j(below_equal, &call_runtime);
 
   // Check cache validity in generated code. This is a fast case for
   // the JSObject::IsSimpleEnum cache validity checks. If we cannot
   // guarantee cache validity, call the runtime system to check cache
   // validity or get the property names in a fixed array.
   __ CheckEnumCache(&call_runtime);
 
   __ mov(eax, FieldOperand(eax, HeapObject::kMapOffset));
   __ jmp(&use_cache, Label::kNear);
 
   // Get the set of properties to enumerate.
   __ bind(&call_runtime);
-  __ push(eax);
-  __ CallRuntime(Runtime::kGetPropertyNamesFast, 1);
+  AsmPush(eax);
+  AsmCallRuntime(Runtime::kGetPropertyNamesFast, 1);
   __ cmp(FieldOperand(eax, HeapObject::kMapOffset),
          isolate()->factory()->meta_map());
+  StackHeightWrapper top_stack_height = CurrentStackHeight();
   __ j(not_equal, &fixed_array);
 
 
   // We got a map in register eax. Get the enumeration cache from it.
   Label no_descriptors;
   __ bind(&use_cache);
 
   __ EnumLength(edx, eax);
   __ cmp(edx, Immediate(Smi::FromInt(0)));
   __ j(equal, &no_descriptors);
 
   __ LoadInstanceDescriptors(eax, ecx);
   __ mov(ecx, FieldOperand(ecx, DescriptorArray::kEnumCacheOffset));
   __ mov(ecx, FieldOperand(ecx, DescriptorArray::kEnumCacheBridgeCacheOffset));
 
   // Set up the four remaining stack slots.
-  __ push(eax);  // Map.
-  __ push(ecx);  // Enumeration cache.
-  __ push(edx);  // Number of valid entries for the map in the enum cache.
-  __ push(Immediate(Smi::FromInt(0)));  // Initial index.
+  AsmPush(eax);  // Map.
+  AsmPush(ecx);  // Enumeration cache.
+  AsmPush(edx);  // Number of valid entries for the map in the enum cache.
+  AsmPushSmi(Smi::FromInt(0));  // Initial index.
   __ jmp(&loop);
 
   __ bind(&no_descriptors);
-  __ add(esp, Immediate(kPointerSize));
+  SetStackHeight(top_stack_height);
+  AsmDrop(1);
+  StackHeightWrapper exit_stack_height = CurrentStackHeight();
   __ jmp(&exit);
 
   // We got a fixed array in register eax. Iterate through that.
   Label non_proxy;
   __ bind(&fixed_array);
+  SetStackHeight(top_stack_height);
 
   // No need for a write barrier, we are storing a Smi in the feedback vector.
   __ LoadHeapObject(ebx, FeedbackVector());
   __ mov(FieldOperand(ebx, FixedArray::OffsetOfElementAt(slot)),
          Immediate(TypeFeedbackInfo::MegamorphicSentinel(isolate())));
 
   __ mov(ebx, Immediate(Smi::FromInt(1)));  // Smi indicates slow check
   __ mov(ecx, Operand(esp, 0 * kPointerSize));  // Get enumerated object
   STATIC_ASSERT(FIRST_JS_PROXY_TYPE == FIRST_SPEC_OBJECT_TYPE);
   __ CmpObjectType(ecx, LAST_JS_PROXY_TYPE, ecx);
   __ j(above, &non_proxy);
   __ Move(ebx, Immediate(Smi::FromInt(0)));  // Zero indicates proxy
   __ bind(&non_proxy);
-  __ push(ebx);  // Smi
-  __ push(eax);  // Array
+  AsmPush(ebx);  // Smi
+  AsmPush(eax);  // Array
   __ mov(eax, FieldOperand(eax, FixedArray::kLengthOffset));
-  __ push(eax);  // Fixed array length (as smi).
-  __ push(Immediate(Smi::FromInt(0)));  // Initial index.
+  AsmPush(eax);  // Fixed array length (as smi).
+  AsmPushSmi(Smi::FromInt(0));  // Initial index.
 
   // Generate code for doing the condition check.
+  __ bind(&loop);
   PrepareForBailoutForId(stmt->BodyId(), NO_REGISTERS);
-  __ bind(&loop);
   __ mov(eax, Operand(esp, 0 * kPointerSize));  // Get the current index.
   __ cmp(eax, Operand(esp, 1 * kPointerSize));  // Compare to the array length.
   __ j(above_equal, loop_statement.break_label());
 
   // Get the current entry of the array into register ebx.
   __ mov(ebx, Operand(esp, 2 * kPointerSize));
   __ mov(ebx, FieldOperand(ebx, eax, times_2, FixedArray::kHeaderSize));
 
   // Get the expected map from the stack or a smi in the
   // permanent slow case into register edx.
   __ mov(edx, Operand(esp, 3 * kPointerSize));
 
   // Check if the expected map still matches that of the enumerable.
   // If not, we may have to filter the key.
   Label update_each;
   __ mov(ecx, Operand(esp, 4 * kPointerSize));
   __ cmp(edx, FieldOperand(ecx, HeapObject::kMapOffset));
   __ j(equal, &update_each, Label::kNear);
 
   // For proxies, no filtering is done.
   // TODO(rossberg): What if only a prototype is a proxy? Not specified yet.
   ASSERT(Smi::FromInt(0) == 0);
   __ test(edx, edx);
+  StackHeightWrapper update_each_stack_height = CurrentStackHeight();
   __ j(zero, &update_each);
 
   // Convert the entry to a string or null if it isn't a property
   // anymore. If the property has been removed while iterating, we
   // just skip it.
-  __ push(ecx);  // Enumerable.
-  __ push(ebx);  // Current entry.
-  __ InvokeBuiltin(Builtins::FILTER_KEY, CALL_FUNCTION);
+  AsmPush(ecx);  // Enumerable.
+  AsmPush(ebx);  // Current entry.
+  AsmInvokeBuiltin(Builtins::FILTER_KEY, CALL_FUNCTION, 2);
   __ test(eax, eax);
   __ j(equal, loop_statement.continue_label());
   __ mov(ebx, eax);
 
   // Update the 'each' property or variable from the possibly filtered
   // entry in register ebx.
   __ bind(&update_each);
+  USE(update_each_stack_height);
+  ASSERT(update_each_stack_height.get() == stack_height_.get());
   __ mov(result_register(), ebx);
   // Perform the assignment as if via '='.
   { EffectContext context(this);
     EmitAssignment(stmt->each());
   }
 
   // Generate code for the body of the loop.
   Visit(stmt->body());
 
   // Generate code for going to the next element by incrementing the
   // index (smi) stored on top of the stack.
   __ bind(loop_statement.continue_label());
   __ add(Operand(esp, 0 * kPointerSize), Immediate(Smi::FromInt(1)));
 
   EmitBackEdgeBookkeeping(stmt, &loop);
   __ jmp(&loop);
 
   // Remove the pointers stored on the stack.
   __ bind(loop_statement.break_label());
-  __ add(esp, Immediate(5 * kPointerSize));
+  AsmDrop(5);
 
   // Exit and decrement the loop depth.
+  __ bind(&exit);
   PrepareForBailoutForId(stmt->ExitId(), NO_REGISTERS);
-  __ bind(&exit);
   decrement_loop_depth();
+  SetStackHeight(exit_stack_height);
 }
 
 
 void FullCodeGenerator::VisitForOfStatement(ForOfStatement* stmt) {
   Comment cmnt(masm_, "[ ForOfStatement");
   SetStatementPosition(stmt);
 
   Iteration loop_statement(this, stmt);
   increment_loop_depth();
 
   // var iterator = iterable[@@iterator]()
   VisitForAccumulatorValue(stmt->assign_iterator());
 
   // As with for-in, skip the loop if the iterator is null or undefined.
   __ CompareRoot(eax, Heap::kUndefinedValueRootIndex);
   __ j(equal, loop_statement.break_label());
   __ CompareRoot(eax, Heap::kNullValueRootIndex);
   __ j(equal, loop_statement.break_label());
 
   // Convert the iterator to a JS object.
   Label convert, done_convert;
   __ JumpIfSmi(eax, &convert);
   __ CmpObjectType(eax, FIRST_SPEC_OBJECT_TYPE, ecx);
   __ j(above_equal, &done_convert);
   __ bind(&convert);
-  __ push(eax);
-  __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION);
+  AsmPush(eax);
+  AsmInvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION, 1);
   __ bind(&done_convert);
 
   // Loop entry.
   __ bind(loop_statement.continue_label());
 
   // result = iterator.next()
   VisitForEffect(stmt->next_result());
 
   // if (result.done) break;
   Label result_not_done;
@@ skipping 33 matching lines @@
       !FLAG_prepare_always_opt &&
       !pretenure &&
       scope()->is_function_scope() &&
       info->num_literals() == 0) {
     FastNewClosureStub stub(isolate(),
                             info->strict_mode(),
                             info->is_generator());
     __ mov(ebx, Immediate(info));
     __ CallStub(&stub);
   } else {
-    __ push(esi);
-    __ push(Immediate(info));
-    __ push(Immediate(pretenure
-                      ? isolate()->factory()->true_value()
-                      : isolate()->factory()->false_value()));
-    __ CallRuntime(Runtime::kHiddenNewClosure, 3);
+    AsmPush(esi);
+    AsmPushHandle(info);
+    AsmPushHandle(pretenure
+                  ? isolate()->factory()->true_value()
+                  : isolate()->factory()->false_value());
+    AsmCallRuntime(Runtime::kHiddenNewClosure, 3);
   }
   context()->Plug(eax);
 }
 
 
 void FullCodeGenerator::VisitVariableProxy(VariableProxy* expr) {
   Comment cmnt(masm_, "[ VariableProxy");
   EmitVariableLoad(expr);
 }
 
@@ skipping 103 matching lines @@
   } else if (var->mode() == DYNAMIC_LOCAL) {
     Variable* local = var->local_if_not_shadowed();
     __ mov(eax, ContextSlotOperandCheckExtensions(local, slow));
     if (local->mode() == LET || local->mode() == CONST ||
         local->mode() == CONST_LEGACY) {
       __ cmp(eax, isolate()->factory()->the_hole_value());
       __ j(not_equal, done);
       if (local->mode() == CONST_LEGACY) {
         __ mov(eax, isolate()->factory()->undefined_value());
       } else {  // LET || CONST
-        __ push(Immediate(var->name()));
-        __ CallRuntime(Runtime::kHiddenThrowReferenceError, 1);
+        AsmPushHandle(var->name());
+        AsmCallRuntime(Runtime::kHiddenThrowReferenceError, 1);
       }
     }
     __ jmp(done);
   }
 }
 
 
 void FullCodeGenerator::EmitVariableLoad(VariableProxy* proxy) {
   // Record position before possible IC call.
   SetSourcePosition(proxy->position());
@@ skipping 55 matching lines @@
 
         if (!skip_init_check) {
           // Let and const need a read barrier.
           Label done;
           GetVar(eax, var);
           __ cmp(eax, isolate()->factory()->the_hole_value());
           __ j(not_equal, &done, Label::kNear);
           if (var->mode() == LET || var->mode() == CONST) {
             // Throw a reference error when using an uninitialized let/const
             // binding in harmony mode.
-            __ push(Immediate(var->name()));
-            __ CallRuntime(Runtime::kHiddenThrowReferenceError, 1);
+            AsmPushHandle(var->name());
+            AsmCallRuntime(Runtime::kHiddenThrowReferenceError, 1);
           } else {
             // Uninitalized const bindings outside of harmony mode are unholed.
             ASSERT(var->mode() == CONST_LEGACY);
             __ mov(eax, isolate()->factory()->undefined_value());
           }
           __ bind(&done);
           context()->Plug(eax);
           break;
         }
       }
       context()->Plug(var);
       break;
     }
 
     case Variable::LOOKUP: {
       Comment cmnt(masm_, "[ Lookup variable");
       Label done, slow;
       // Generate code for loading from variables potentially shadowed
       // by eval-introduced variables.
       EmitDynamicLookupFastCase(var, NOT_INSIDE_TYPEOF, &slow, &done);
       __ bind(&slow);
-      __ push(esi);  // Context.
-      __ push(Immediate(var->name()));
-      __ CallRuntime(Runtime::kHiddenLoadContextSlot, 2);
+      AsmPush(esi);  // Context.
+      AsmPushHandle(var->name());
+      AsmCallRuntime(Runtime::kHiddenLoadContextSlot, 2);
       __ bind(&done);
       context()->Plug(eax);
       break;
     }
   }
 }
 
 
 void FullCodeGenerator::VisitRegExpLiteral(RegExpLiteral* expr) {
   Comment cmnt(masm_, "[ RegExpLiteral");
   Label materialized;
   // Registers will be used as follows:
   // edi = JS function.
   // ecx = literals array.
   // ebx = regexp literal.
   // eax = regexp literal clone.
   __ mov(edi, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
   __ mov(ecx, FieldOperand(edi, JSFunction::kLiteralsOffset));
   int literal_offset =
       FixedArray::kHeaderSize + expr->literal_index() * kPointerSize;
   __ mov(ebx, FieldOperand(ecx, literal_offset));
   __ cmp(ebx, isolate()->factory()->undefined_value());
   __ j(not_equal, &materialized, Label::kNear);
 
   // Create regexp literal using runtime function
   // Result will be in eax.
-  __ push(ecx);
-  __ push(Immediate(Smi::FromInt(expr->literal_index())));
-  __ push(Immediate(expr->pattern()));
-  __ push(Immediate(expr->flags()));
-  __ CallRuntime(Runtime::kHiddenMaterializeRegExpLiteral, 4);
+  AsmPush(ecx);
+  AsmPushSmi(Smi::FromInt(expr->literal_index()));
+  AsmPushHandle(expr->pattern());
+  AsmPushHandle(expr->flags());
+  AsmCallRuntime(Runtime::kHiddenMaterializeRegExpLiteral, 4);
   __ mov(ebx, eax);
 
   __ bind(&materialized);
   int size = JSRegExp::kSize + JSRegExp::kInObjectFieldCount * kPointerSize;
   Label allocated, runtime_allocate;
   __ Allocate(size, eax, ecx, edx, &runtime_allocate, TAG_OBJECT);
   __ jmp(&allocated);
 
   __ bind(&runtime_allocate);
-  __ push(ebx);
-  __ push(Immediate(Smi::FromInt(size)));
-  __ CallRuntime(Runtime::kHiddenAllocateInNewSpace, 1);
-  __ pop(ebx);
+  AsmPush(ebx);
+  AsmPushSmi(Smi::FromInt(size));
+  AsmCallRuntime(Runtime::kHiddenAllocateInNewSpace, 1);
+  AsmPop(ebx);
 
   __ bind(&allocated);
   // Copy the content into the newly allocated memory.
   // (Unroll copy loop once for better throughput).
   for (int i = 0; i < size - kPointerSize; i += 2 * kPointerSize) {
     __ mov(edx, FieldOperand(ebx, i));
     __ mov(ecx, FieldOperand(ebx, i + kPointerSize));
     __ mov(FieldOperand(eax, i), edx);
     __ mov(FieldOperand(eax, i + kPointerSize), ecx);
   }
   if ((size % (2 * kPointerSize)) != 0) {
     __ mov(edx, FieldOperand(ebx, size - kPointerSize));
     __ mov(FieldOperand(eax, size - kPointerSize), edx);
   }
   context()->Plug(eax);
 }
 
 
 void FullCodeGenerator::EmitAccessor(Expression* expression) {
   if (expression == NULL) {
-    __ push(Immediate(isolate()->factory()->null_value()));
+    AsmPushHandle(isolate()->factory()->null_value());
   } else {
     VisitForStackValue(expression);
   }
 }
 
 
 void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
   Comment cmnt(masm_, "[ ObjectLiteral");
 
   expr->BuildConstantProperties(isolate());
   Handle<FixedArray> constant_properties = expr->constant_properties();
   int flags = expr->fast_elements()
       ? ObjectLiteral::kFastElements
       : ObjectLiteral::kNoFlags;
   flags |= expr->has_function()
       ? ObjectLiteral::kHasFunction
       : ObjectLiteral::kNoFlags;
   int properties_count = constant_properties->length() / 2;
   if (expr->may_store_doubles() || expr->depth() > 1 ||
       masm()->serializer_enabled() ||
       flags != ObjectLiteral::kFastElements ||
       properties_count > FastCloneShallowObjectStub::kMaximumClonedProperties) {
     __ mov(edi, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
-    __ push(FieldOperand(edi, JSFunction::kLiteralsOffset));
-    __ push(Immediate(Smi::FromInt(expr->literal_index())));
-    __ push(Immediate(constant_properties));
-    __ push(Immediate(Smi::FromInt(flags)));
-    __ CallRuntime(Runtime::kHiddenCreateObjectLiteral, 4);
+    AsmPush(FieldOperand(edi, JSFunction::kLiteralsOffset));
+    AsmPushSmi(Smi::FromInt(expr->literal_index()));
+    AsmPushHandle(constant_properties);
+    AsmPushSmi(Smi::FromInt(flags));
+    AsmCallRuntime(Runtime::kHiddenCreateObjectLiteral, 4);
   } else {
     __ mov(edi, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
     __ mov(eax, FieldOperand(edi, JSFunction::kLiteralsOffset));
     __ mov(ebx, Immediate(Smi::FromInt(expr->literal_index())));
     __ mov(ecx, Immediate(constant_properties));
     __ mov(edx, Immediate(Smi::FromInt(flags)));
     FastCloneShallowObjectStub stub(isolate(), properties_count);
     __ CallStub(&stub);
   }
 
   // If result_saved is true the result is on top of the stack.  If
   // result_saved is false the result is in eax.
   bool result_saved = false;
 
   // Mark all computed expressions that are bound to a key that
   // is shadowed by a later occurrence of the same key. For the
   // marked expressions, no store code is emitted.
   expr->CalculateEmitStore(zone());
 
   AccessorTable accessor_table(zone());
   for (int i = 0; i < expr->properties()->length(); i++) {
     ObjectLiteral::Property* property = expr->properties()->at(i);
     if (property->IsCompileTimeValue()) continue;
 
     Literal* key = property->key();
     Expression* value = property->value();
     if (!result_saved) {
-      __ push(eax);  // Save result on the stack
+      AsmPush(eax);  // Save result on the stack
       result_saved = true;
     }
     switch (property->kind()) {
       case ObjectLiteral::Property::CONSTANT:
         UNREACHABLE();
       case ObjectLiteral::Property::MATERIALIZED_LITERAL:
         ASSERT(!CompileTimeValue::IsCompileTimeValue(value));
         // Fall through.
       case ObjectLiteral::Property::COMPUTED:
         if (key->value()->IsInternalizedString()) {
           if (property->emit_store()) {
             VisitForAccumulatorValue(value);
             __ mov(ecx, Immediate(key->value()));
             __ mov(edx, Operand(esp, 0));
             CallStoreIC(key->LiteralFeedbackId());
             PrepareForBailoutForId(key->id(), NO_REGISTERS);
           } else {
             VisitForEffect(value);
           }
           break;
         }
-        __ push(Operand(esp, 0));  // Duplicate receiver.
+        AsmPush(Operand(esp, 0));  // Duplicate receiver.
         VisitForStackValue(key);
         VisitForStackValue(value);
         if (property->emit_store()) {
-          __ push(Immediate(Smi::FromInt(NONE)));  // PropertyAttributes
-          __ CallRuntime(Runtime::kSetProperty, 4);
+          AsmPushSmi(Smi::FromInt(NONE));  // PropertyAttributes
+          AsmCallRuntime(Runtime::kSetProperty, 4);
         } else {
-          __ Drop(3);
+          AsmDrop(3);
         }
         break;
       case ObjectLiteral::Property::PROTOTYPE:
-        __ push(Operand(esp, 0));  // Duplicate receiver.
+        AsmPush(Operand(esp, 0));  // Duplicate receiver.
         VisitForStackValue(value);
         if (property->emit_store()) {
-          __ CallRuntime(Runtime::kSetPrototype, 2);
+          AsmCallRuntime(Runtime::kSetPrototype, 2);
         } else {
-          __ Drop(2);
+          AsmDrop(2);
         }
         break;
       case ObjectLiteral::Property::GETTER:
         accessor_table.lookup(key)->second->getter = value;
         break;
       case ObjectLiteral::Property::SETTER:
         accessor_table.lookup(key)->second->setter = value;
         break;
     }
   }
 
+
   // Emit code to define accessors, using only a single call to the runtime for
   // each pair of corresponding getters and setters.
   for (AccessorTable::Iterator it = accessor_table.begin();
        it != accessor_table.end();
        ++it) {
-    __ push(Operand(esp, 0));  // Duplicate receiver.
+    AsmPush(Operand(esp, 0));  // Duplicate receiver.
     VisitForStackValue(it->first);
     EmitAccessor(it->second->getter);
     EmitAccessor(it->second->setter);
-    __ push(Immediate(Smi::FromInt(NONE)));
-    __ CallRuntime(Runtime::kDefineOrRedefineAccessorProperty, 5);
+    AsmPushSmi(Smi::FromInt(NONE));
+    AsmCallRuntime(Runtime::kDefineOrRedefineAccessorProperty, 5);
   }
 
   if (expr->has_function()) {
     ASSERT(result_saved);
-    __ push(Operand(esp, 0));
-    __ CallRuntime(Runtime::kToFastProperties, 1);
+    AsmPush(Operand(esp, 0));
+    AsmCallRuntime(Runtime::kToFastProperties, 1);
   }
 
   if (result_saved) {
     context()->PlugTOS();
   } else {
     context()->Plug(eax);
   }
 }
 
 
@@ skipping 18 matching lines @@
 
   AllocationSiteMode allocation_site_mode = TRACK_ALLOCATION_SITE;
   if (has_constant_fast_elements && !FLAG_allocation_site_pretenuring) {
     // If the only customer of allocation sites is transitioning, then
     // we can turn it off if we don't have anywhere else to transition to.
     allocation_site_mode = DONT_TRACK_ALLOCATION_SITE;
   }
 
   if (expr->depth() > 1) {
     __ mov(ebx, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
-    __ push(FieldOperand(ebx, JSFunction::kLiteralsOffset));
-    __ push(Immediate(Smi::FromInt(expr->literal_index())));
-    __ push(Immediate(constant_elements));
-    __ push(Immediate(Smi::FromInt(flags)));
-    __ CallRuntime(Runtime::kHiddenCreateArrayLiteral, 4);
+    AsmPush(FieldOperand(ebx, JSFunction::kLiteralsOffset));
+    AsmPushSmi(Smi::FromInt(expr->literal_index()));
+    AsmPushHandle(constant_elements);
+    AsmPushSmi(Smi::FromInt(flags));
+    AsmCallRuntime(Runtime::kHiddenCreateArrayLiteral, 4);
   } else {
     __ mov(ebx, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
     __ mov(eax, FieldOperand(ebx, JSFunction::kLiteralsOffset));
     __ mov(ebx, Immediate(Smi::FromInt(expr->literal_index())));
     __ mov(ecx, Immediate(constant_elements));
     FastCloneShallowArrayStub stub(isolate(), allocation_site_mode);
     __ CallStub(&stub);
   }
 
   bool result_saved = false;  // Is the result saved to the stack?
 
   // Emit code to evaluate all the non-constant subexpressions and to store
   // them into the newly cloned array.
   for (int i = 0; i < length; i++) {
     Expression* subexpr = subexprs->at(i);
     // If the subexpression is a literal or a simple materialized literal it
     // is already set in the cloned array.
     if (CompileTimeValue::IsCompileTimeValue(subexpr)) continue;
 
     if (!result_saved) {
-      __ push(eax);  // array literal.
-      __ push(Immediate(Smi::FromInt(expr->literal_index())));
+      AsmPush(eax);  // array literal.
+      AsmPushSmi(Smi::FromInt(expr->literal_index()));
       result_saved = true;
     }
     VisitForAccumulatorValue(subexpr);
 
     if (IsFastObjectElementsKind(constant_elements_kind)) {
       // Fast-case array literal with ElementsKind of FAST_*_ELEMENTS, they
       // cannot transition and don't need to call the runtime stub.
       int offset = FixedArray::kHeaderSize + (i * kPointerSize);
       __ mov(ebx, Operand(esp, kPointerSize));  // Copy of array literal.
       __ mov(ebx, FieldOperand(ebx, JSObject::kElementsOffset));
       // Store the subexpression value in the array's elements.
       __ mov(FieldOperand(ebx, offset), result_register());
       // Update the write barrier for the array store.
       __ RecordWriteField(ebx, offset, result_register(), ecx,
                           kDontSaveFPRegs,
                           EMIT_REMEMBERED_SET,
                           INLINE_SMI_CHECK);
     } else {
       // Store the subexpression value in the array's elements.
       __ mov(ecx, Immediate(Smi::FromInt(i)));
       StoreArrayLiteralElementStub stub(isolate());
       __ CallStub(&stub);
     }
 
     PrepareForBailoutForId(expr->GetIdForElement(i), NO_REGISTERS);
   }
 
   if (result_saved) {
-    __ add(esp, Immediate(kPointerSize));  // literal index
+    AsmDrop(1);
     context()->PlugTOS();
   } else {
     context()->Plug(eax);
   }
 }
 
 
 void FullCodeGenerator::VisitAssignment(Assignment* expr) {
   ASSERT(expr->target()->IsValidReferenceExpression());
 
@@ skipping 53 matching lines @@
           PrepareForBailoutForId(property->LoadId(), TOS_REG);
           break;
         case KEYED_PROPERTY:
           EmitKeyedPropertyLoad(property);
           PrepareForBailoutForId(property->LoadId(), TOS_REG);
           break;
       }
     }
 
     Token::Value op = expr->binary_op();
-    __ push(eax);  // Left operand goes on the stack.
+    AsmPush(eax);  // Left operand goes on the stack.
     VisitForAccumulatorValue(expr->value());
 
     OverwriteMode mode = expr->value()->ResultOverwriteAllowed()
         ? OVERWRITE_RIGHT
         : NO_OVERWRITE;
     SetSourcePosition(expr->position() + 1);
     if (ShouldInlineSmiCase(op)) {
       EmitInlineSmiBinaryOp(expr->binary_operation(),
                             op,
                             mode,
@@ skipping 33 matching lines @@
 void FullCodeGenerator::VisitYield(Yield* expr) {
   Comment cmnt(masm_, "[ Yield");
   // Evaluate yielded value first; the initial iterator definition depends on
   // this.  It stays on the stack while we update the iterator.
   VisitForStackValue(expr->expression());
 
   switch (expr->yield_kind()) {
     case Yield::SUSPEND:
       // Pop value from top-of-stack slot; box result into result register.
       EmitCreateIteratorResult(false);
-      __ push(result_register());
+      AsmPush(result_register());
       // Fall through.
     case Yield::INITIAL: {
       Label suspend, continuation, post_runtime, resume;
 
       __ jmp(&suspend);
 
       __ bind(&continuation);
       __ jmp(&resume);
 
       __ bind(&suspend);
       VisitForAccumulatorValue(expr->generator_object());
       ASSERT(continuation.pos() > 0 && Smi::IsValid(continuation.pos()));
       __ mov(FieldOperand(eax, JSGeneratorObject::kContinuationOffset),
              Immediate(Smi::FromInt(continuation.pos())));
       __ mov(FieldOperand(eax, JSGeneratorObject::kContextOffset), esi);
       __ mov(ecx, esi);
       __ RecordWriteField(eax, JSGeneratorObject::kContextOffset, ecx, edx,
                           kDontSaveFPRegs);
       __ lea(ebx, Operand(ebp, StandardFrameConstants::kExpressionsOffset));
       __ cmp(esp, ebx);
       __ j(equal, &post_runtime);
-      __ push(eax);  // generator object
-      __ CallRuntime(Runtime::kHiddenSuspendJSGeneratorObject, 1);
+      AsmPush(eax);  // generator object
+      AsmCallRuntime(Runtime::kHiddenSuspendJSGeneratorObject, 1);
       __ mov(context_register(),
              Operand(ebp, StandardFrameConstants::kContextOffset));
       __ bind(&post_runtime);
-      __ pop(result_register());
+      AsmPop(result_register());
       EmitReturnSequence();
 
       __ bind(&resume);
       context()->Plug(result_register());
       break;
     }
 
     case Yield::FINAL: {
       VisitForAccumulatorValue(expr->generator_object());
       __ mov(FieldOperand(result_register(),
                           JSGeneratorObject::kContinuationOffset),
              Immediate(Smi::FromInt(JSGeneratorObject::kGeneratorClosed)));
       // Pop value from top-of-stack slot, box result into result register.
       EmitCreateIteratorResult(true);
+      StackHeightWrapper final_stack_height = CurrentStackHeight();
       EmitUnwindBeforeReturn();
       EmitReturnSequence();
+      SetStackHeight(final_stack_height);
       break;
     }
 
     case Yield::DELEGATING: {
       VisitForStackValue(expr->generator_object());
 
       // Initial stack layout is as follows:
       // [sp + 1 * kPointerSize] iter
       // [sp + 0 * kPointerSize] g
 
       Label l_catch, l_try, l_suspend, l_continuation, l_resume;
       Label l_next, l_call, l_loop;
       // Initial send value is undefined.
       __ mov(eax, isolate()->factory()->undefined_value());
+      StackHeightWrapper next_stack_height = CurrentStackHeight();
       __ jmp(&l_next);
 
       // catch (e) { receiver = iter; f = 'throw'; arg = e; goto l_call; }
       __ bind(&l_catch);
       handler_table()->set(expr->index(), Smi::FromInt(l_catch.pos()));
       __ mov(ecx, isolate()->factory()->throw_string());  // "throw"
-      __ push(ecx);                                      // "throw"
-      __ push(Operand(esp, 2 * kPointerSize));           // iter
-      __ push(eax);                                      // exception
+      AsmPush(ecx);                                      // "throw"
+      AsmPush(Operand(esp, 2 * kPointerSize));           // iter
+      AsmPush(eax);                                      // exception
       __ jmp(&l_call);
 
       // try { received = %yield result }
       // Shuffle the received result above a try handler and yield it without
       // re-boxing.
       __ bind(&l_try);
-      __ pop(eax);                                       // result
-      __ PushTryHandler(StackHandler::CATCH, expr->index());
+      SetStackHeight(next_stack_height);
+      UpdateStackHeight(1);
+      AsmPop(eax);                                       // result
+      AsmPushTryHandler(StackHandler::CATCH, expr->index());
       const int handler_size = StackHandlerConstants::kSize;
-      __ push(eax);                                      // result
+      AsmPush(eax);                                      // result
       __ jmp(&l_suspend);
       __ bind(&l_continuation);
       __ jmp(&l_resume);
       __ bind(&l_suspend);
       const int generator_object_depth = kPointerSize + handler_size;
       __ mov(eax, Operand(esp, generator_object_depth));
-      __ push(eax);                                      // g
+      AsmPush(eax);                                      // g
       ASSERT(l_continuation.pos() > 0 && Smi::IsValid(l_continuation.pos()));
       __ mov(FieldOperand(eax, JSGeneratorObject::kContinuationOffset),
              Immediate(Smi::FromInt(l_continuation.pos())));
       __ mov(FieldOperand(eax, JSGeneratorObject::kContextOffset), esi);
       __ mov(ecx, esi);
       __ RecordWriteField(eax, JSGeneratorObject::kContextOffset, ecx, edx,
                           kDontSaveFPRegs);
-      __ CallRuntime(Runtime::kHiddenSuspendJSGeneratorObject, 1);
+      AsmCallRuntime(Runtime::kHiddenSuspendJSGeneratorObject, 1);
       __ mov(context_register(),
              Operand(ebp, StandardFrameConstants::kContextOffset));
-      __ pop(eax);                                       // result
+      AsmPop(eax);                                       // result
       EmitReturnSequence();
       __ bind(&l_resume);                                // received in eax
-      __ PopTryHandler();
+      AsmPopTryHandler();
 
       // receiver = iter; f = iter.next; arg = received;
       __ bind(&l_next);
+      SetStackHeight(next_stack_height);
       __ mov(ecx, isolate()->factory()->next_string());  // "next"
-      __ push(ecx);
-      __ push(Operand(esp, 2 * kPointerSize));           // iter
-      __ push(eax);                                      // received
+      AsmPush(ecx);
+      AsmPush(Operand(esp, 2 * kPointerSize));           // iter
+      AsmPush(eax);                                      // received
 
       // result = receiver[f](arg);
       __ bind(&l_call);
       __ mov(edx, Operand(esp, kPointerSize));
       Handle<Code> ic = isolate()->builtins()->KeyedLoadIC_Initialize();
       CallIC(ic, TypeFeedbackId::None());
       __ mov(edi, eax);
       __ mov(Operand(esp, 2 * kPointerSize), edi);
       CallFunctionStub stub(isolate(), 1, CALL_AS_METHOD);
-      __ CallStub(&stub);
+      AsmCallStub(&stub, 2);
 
       __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
-      __ Drop(1);  // The function is still on the stack; drop it.
+      AsmDrop(1);  // The key is still on the stack; drop it.
 
       // if (!result.done) goto l_try;
       __ bind(&l_loop);
-      __ push(eax);                                      // save result
+      AsmPush(eax);                                      // save result
       __ mov(edx, eax);                                  // result
       __ mov(ecx, isolate()->factory()->done_string());  // "done"
       CallLoadIC(NOT_CONTEXTUAL);                        // result.done in eax
       Handle<Code> bool_ic = ToBooleanStub::GetUninitialized(isolate());
       CallIC(bool_ic);
       __ test(eax, eax);
       __ j(zero, &l_try);
 
       // result.value
-      __ pop(edx);                                        // result
+      AsmPop(edx);                                        // result
       __ mov(ecx, isolate()->factory()->value_string());  // "value"
       CallLoadIC(NOT_CONTEXTUAL);                         // result.value in eax
       context()->DropAndPlug(2, eax);                     // drop iter and g
       break;
     }
   }
 }
 
 
 void FullCodeGenerator::EmitGeneratorResume(Expression *generator,
     Expression *value,
     JSGeneratorObject::ResumeMode resume_mode) {
   // The value stays in eax, and is ultimately read by the resumed generator, as
   // if CallRuntime(Runtime::kHiddenSuspendJSGeneratorObject) returned it. Or it
   // is read to throw the value when the resumed generator is already closed.
   // ebx will hold the generator object until the activation has been resumed.
   VisitForStackValue(generator);
   VisitForAccumulatorValue(value);
-  __ pop(ebx);
+  AsmPop(ebx);
 
   // Check generator state.
   Label wrong_state, closed_state, done;
   STATIC_ASSERT(JSGeneratorObject::kGeneratorExecuting < 0);
   STATIC_ASSERT(JSGeneratorObject::kGeneratorClosed == 0);
   __ cmp(FieldOperand(ebx, JSGeneratorObject::kContinuationOffset),
          Immediate(Smi::FromInt(0)));
   __ j(equal, &closed_state);
   __ j(less, &wrong_state);
 
@@ skipping 62 matching lines @@
   __ push(result_register());
   __ Push(Smi::FromInt(resume_mode));
   __ CallRuntime(Runtime::kHiddenResumeJSGeneratorObject, 3);
   // Not reached: the runtime call returns elsewhere.
   __ Abort(kGeneratorFailedToResume);
 
   // Reach here when generator is closed.
   __ bind(&closed_state);
   if (resume_mode == JSGeneratorObject::NEXT) {
     // Return completed iterator result when generator is closed.
-    __ push(Immediate(isolate()->factory()->undefined_value()));
+    AsmPushHandle(isolate()->factory()->undefined_value());
     // Pop value from top-of-stack slot; box result into result register.
     EmitCreateIteratorResult(true);
   } else {
     // Throw the provided value.
-    __ push(eax);
-    __ CallRuntime(Runtime::kHiddenThrow, 1);
+    AsmPush(eax);
+    AsmCallRuntime(Runtime::kHiddenThrow, 1);
   }
   __ jmp(&done);
 
   // Throw error if we attempt to operate on a running generator.
   __ bind(&wrong_state);
-  __ push(ebx);
-  __ CallRuntime(Runtime::kHiddenThrowGeneratorStateError, 1);
+  AsmPush(ebx);
+  AsmCallRuntime(Runtime::kHiddenThrowGeneratorStateError, 1);
 
   __ bind(&done);
   context()->Plug(result_register());
 }
 
 
 void FullCodeGenerator::EmitCreateIteratorResult(bool done) {
   Label gc_required;
   Label allocated;
 
   Handle<Map> map(isolate()->native_context()->iterator_result_map());
 
   __ Allocate(map->instance_size(), eax, ecx, edx, &gc_required, TAG_OBJECT);
   __ jmp(&allocated);
 
   __ bind(&gc_required);
-  __ Push(Smi::FromInt(map->instance_size()));
-  __ CallRuntime(Runtime::kHiddenAllocateInNewSpace, 1);
+  AsmPushSmi(Smi::FromInt(map->instance_size()));
+  AsmCallRuntime(Runtime::kHiddenAllocateInNewSpace, 1);
   __ mov(context_register(),
          Operand(ebp, StandardFrameConstants::kContextOffset));
 
   __ bind(&allocated);
   __ mov(ebx, map);
-  __ pop(ecx);
+  AsmPop(ecx);
   __ mov(edx, isolate()->factory()->ToBoolean(done));
   ASSERT_EQ(map->instance_size(), 5 * kPointerSize);
   __ mov(FieldOperand(eax, HeapObject::kMapOffset), ebx);
   __ mov(FieldOperand(eax, JSObject::kPropertiesOffset),
          isolate()->factory()->empty_fixed_array());
   __ mov(FieldOperand(eax, JSObject::kElementsOffset),
          isolate()->factory()->empty_fixed_array());
   __ mov(FieldOperand(eax, JSGeneratorObject::kResultValuePropertyOffset), ecx);
   __ mov(FieldOperand(eax, JSGeneratorObject::kResultDonePropertyOffset), edx);
 
@@ skipping 21 matching lines @@
 
 
 void FullCodeGenerator::EmitInlineSmiBinaryOp(BinaryOperation* expr,
                                               Token::Value op,
                                               OverwriteMode mode,
                                               Expression* left,
                                               Expression* right) {
   // Do combined smi check of the operands. Left operand is on the
   // stack. Right operand is in eax.
   Label smi_case, done, stub_call;
-  __ pop(edx);
+  AsmPop(edx);
   __ mov(ecx, eax);
   __ or_(eax, edx);
   JumpPatchSite patch_site(masm_);
   patch_site.EmitJumpIfSmi(eax, &smi_case, Label::kNear);
 
   __ bind(&stub_call);
   __ mov(eax, ecx);
   BinaryOpICStub stub(isolate(), op, mode);
   CallIC(stub.GetCode(), expr->BinaryOperationFeedbackId());
   patch_site.EmitPatchInfo();
@@ skipping 69 matching lines @@
   }
 
   __ bind(&done);
   context()->Plug(eax);
 }
 
 
 void FullCodeGenerator::EmitBinaryOp(BinaryOperation* expr,
                                      Token::Value op,
                                      OverwriteMode mode) {
-  __ pop(edx);
+  AsmPop(edx);
   BinaryOpICStub stub(isolate(), op, mode);
   JumpPatchSite patch_site(masm_);    // unbound, signals no inlined smi code.
   CallIC(stub.GetCode(), expr->BinaryOperationFeedbackId());
   patch_site.EmitPatchInfo();
   context()->Plug(eax);
 }
 
 
 void FullCodeGenerator::EmitAssignment(Expression* expr) {
   ASSERT(expr->IsValidReferenceExpression());
@@ skipping 10 matching lines @@
   }
 
   switch (assign_type) {
     case VARIABLE: {
       Variable* var = expr->AsVariableProxy()->var();
       EffectContext context(this);
       EmitVariableAssignment(var, Token::ASSIGN);
       break;
     }
     case NAMED_PROPERTY: {
-      __ push(eax);  // Preserve value.
+      AsmPush(eax);  // Preserve value.
       VisitForAccumulatorValue(prop->obj());
       __ mov(edx, eax);
-      __ pop(eax);  // Restore value.
+      AsmPop(eax);  // Restore value.
       __ mov(ecx, prop->key()->AsLiteral()->value());
       CallStoreIC();
       break;
     }
     case KEYED_PROPERTY: {
-      __ push(eax);  // Preserve value.
+      AsmPush(eax);  // Preserve value.
       VisitForStackValue(prop->obj());
       VisitForAccumulatorValue(prop->key());
       __ mov(ecx, eax);
-      __ pop(edx);  // Receiver.
-      __ pop(eax);  // Restore value.
+      AsmPop(edx);  // Receiver.
+      AsmPop(eax);  // Restore value.
       Handle<Code> ic = strict_mode() == SLOPPY
           ? isolate()->builtins()->KeyedStoreIC_Initialize()
           : isolate()->builtins()->KeyedStoreIC_Initialize_Strict();
       CallIC(ic);
       break;
     }
   }
   context()->Plug(eax);
 }
 
@@ skipping 24 matching lines @@
   if (var->IsUnallocated()) {
     // Global var, const, or let.
     __ mov(ecx, var->name());
     __ mov(edx, GlobalObjectOperand());
     CallStoreIC();
 
   } else if (op == Token::INIT_CONST_LEGACY) {
     // Const initializers need a write barrier.
     ASSERT(!var->IsParameter());  // No const parameters.
     if (var->IsLookupSlot()) {
-      __ push(eax);
-      __ push(esi);
-      __ push(Immediate(var->name()));
-      __ CallRuntime(Runtime::kHiddenInitializeConstContextSlot, 3);
+      AsmPush(eax);
+      AsmPush(esi);
+      AsmPushHandle(var->name());
+      AsmCallRuntime(Runtime::kHiddenInitializeConstContextSlot, 3);
     } else {
       ASSERT(var->IsStackLocal() || var->IsContextSlot());
       Label skip;
       MemOperand location = VarOperand(var, ecx);
       __ mov(edx, location);
       __ cmp(edx, isolate()->factory()->the_hole_value());
       __ j(not_equal, &skip, Label::kNear);
       EmitStoreToStackLocalOrContextSlot(var, location);
       __ bind(&skip);
     }
 
   } else if (var->mode() == LET && op != Token::INIT_LET) {
     // Non-initializing assignment to let variable needs a write barrier.
     if (var->IsLookupSlot()) {
       EmitCallStoreContextSlot(var->name(), strict_mode());
     } else {
       ASSERT(var->IsStackAllocated() || var->IsContextSlot());
       Label assign;
       MemOperand location = VarOperand(var, ecx);
       __ mov(edx, location);
       __ cmp(edx, isolate()->factory()->the_hole_value());
       __ j(not_equal, &assign, Label::kNear);
-      __ push(Immediate(var->name()));
-      __ CallRuntime(Runtime::kHiddenThrowReferenceError, 1);
+      AsmPushHandle(var->name());
+      AsmCallRuntime(Runtime::kHiddenThrowReferenceError, 1);
       __ bind(&assign);
       EmitStoreToStackLocalOrContextSlot(var, location);
     }
 
   } else if (!var->is_const_mode() || op == Token::INIT_CONST) {
     // Assignment to var or initializing assignment to let/const
     // in harmony mode.
     if (var->IsLookupSlot()) {
       EmitCallStoreContextSlot(var->name(), strict_mode());
     } else {
@@ skipping 17 matching lines @@
   // eax    : value
   // esp[0] : receiver
 
   Property* prop = expr->target()->AsProperty();
   ASSERT(prop != NULL);
   ASSERT(prop->key()->AsLiteral() != NULL);
 
   // Record source code position before IC call.
   SetSourcePosition(expr->position());
   __ mov(ecx, prop->key()->AsLiteral()->value());
-  __ pop(edx);
+  AsmPop(edx);
   CallStoreIC(expr->AssignmentFeedbackId());
   PrepareForBailoutForId(expr->AssignmentId(), TOS_REG);
   context()->Plug(eax);
 }
 
 
 void FullCodeGenerator::EmitKeyedPropertyAssignment(Assignment* expr) {
   // Assignment to a property, using a keyed store IC.
   // eax               : value
   // esp[0]            : key
   // esp[kPointerSize] : receiver
 
-  __ pop(ecx);  // Key.
-  __ pop(edx);
+  AsmPop(ecx);  // Key.
+  AsmPop(edx);
   // Record source code position before IC call.
   SetSourcePosition(expr->position());
   Handle<Code> ic = strict_mode() == SLOPPY
       ? isolate()->builtins()->KeyedStoreIC_Initialize()
       : isolate()->builtins()->KeyedStoreIC_Initialize_Strict();
   CallIC(ic, expr->AssignmentFeedbackId());
 
   PrepareForBailoutForId(expr->AssignmentId(), TOS_REG);
   context()->Plug(eax);
 }
 
 
 void FullCodeGenerator::VisitProperty(Property* expr) {
   Comment cmnt(masm_, "[ Property");
   Expression* key = expr->key();
 
   if (key->IsPropertyName()) {
     VisitForAccumulatorValue(expr->obj());
     __ mov(edx, result_register());
     EmitNamedPropertyLoad(expr);
     PrepareForBailoutForId(expr->LoadId(), TOS_REG);
     context()->Plug(eax);
   } else {
     VisitForStackValue(expr->obj());
     VisitForAccumulatorValue(expr->key());
-    __ pop(edx);                     // Object.
+    AsmPop(edx);                     // Object.
     __ mov(ecx, result_register());  // Key.
     EmitKeyedPropertyLoad(expr);
     context()->Plug(eax);
   }
 }
 
 
 void FullCodeGenerator::CallIC(Handle<Code> code,
                                TypeFeedbackId ast_id) {
   ic_total_count_++;
   __ call(code, RelocInfo::CODE_TARGET, ast_id);
 }
 
 
 // Code common for calls using the IC.
 void FullCodeGenerator::EmitCallWithLoadIC(Call* expr) {
   Expression* callee = expr->expression();
 
   CallIC::CallType call_type = callee->IsVariableProxy()
       ? CallIC::FUNCTION
       : CallIC::METHOD;
   // Get the target function.
   if (call_type == CallIC::FUNCTION) {
     { StackValueContext context(this);
       EmitVariableLoad(callee->AsVariableProxy());
       PrepareForBailout(callee, NO_REGISTERS);
     }
     // Push undefined as receiver. This is patched in the method prologue if it
     // is a sloppy mode method.
-    __ push(Immediate(isolate()->factory()->undefined_value()));
+    AsmPushHandle(isolate()->factory()->undefined_value());
   } else {
     // Load the function from the receiver.
     ASSERT(callee->IsProperty());
     __ mov(edx, Operand(esp, 0));
     EmitNamedPropertyLoad(callee->AsProperty());
     PrepareForBailoutForId(callee->AsProperty()->LoadId(), TOS_REG);
     // Push the target function under the receiver.
-    __ push(Operand(esp, 0));
+    AsmPush(Operand(esp, 0));
     __ mov(Operand(esp, kPointerSize), eax);
   }
 
   EmitCall(expr, call_type);
 }
 
 
 // Code common for calls using the IC.
 void FullCodeGenerator::EmitKeyedCallWithLoadIC(Call* expr,
                                                 Expression* key) {
   // Load the key.
   VisitForAccumulatorValue(key);
 
   Expression* callee = expr->expression();
 
   // Load the function from the receiver.
   ASSERT(callee->IsProperty());
   __ mov(edx, Operand(esp, 0));
   // Move the key into the right register for the keyed load IC.
   __ mov(ecx, eax);
   EmitKeyedPropertyLoad(callee->AsProperty());
   PrepareForBailoutForId(callee->AsProperty()->LoadId(), TOS_REG);
 
   // Push the target function under the receiver.
-  __ push(Operand(esp, 0));
+  AsmPush(Operand(esp, 0));
   __ mov(Operand(esp, kPointerSize), eax);
 
   EmitCall(expr, CallIC::METHOD);
 }
 
 
 void FullCodeGenerator::EmitCall(Call* expr, CallIC::CallType call_type) {
   // Load the arguments.
   ZoneList<Expression*>* args = expr->arguments();
   int arg_count = args->length();
   { PreservePositionScope scope(masm()->positions_recorder());
     for (int i = 0; i < arg_count; i++) {
       VisitForStackValue(args->at(i));
     }
   }
 
   // Record source position of the IC call.
   SetSourcePosition(expr->position());
   Handle<Code> ic = CallIC::initialize_stub(
       isolate(), arg_count, call_type);
   __ Move(edx, Immediate(Smi::FromInt(expr->CallFeedbackSlot())));
   __ mov(edi, Operand(esp, (arg_count + 1) * kPointerSize));
   // Don't assign a type feedback id to the IC, since type feedback is provided
   // by the vector above.
   CallIC(ic);
+  UpdateStackHeight(-(arg_count + 1));
 
   RecordJSReturnSite(expr);
-
   // Restore context register.
   __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
 
   context()->DropAndPlug(1, eax);
 }
 
 
 void FullCodeGenerator::EmitResolvePossiblyDirectEval(int arg_count) {
   // Push copy of the first argument or undefined if it doesn't exist.
   if (arg_count > 0) {
-    __ push(Operand(esp, arg_count * kPointerSize));
+    AsmPush(Operand(esp, arg_count * kPointerSize));
   } else {
-    __ push(Immediate(isolate()->factory()->undefined_value()));
+    AsmPushHandle(isolate()->factory()->undefined_value());
   }
 
   // Push the receiver of the enclosing function.
-  __ push(Operand(ebp, (2 + info_->scope()->num_parameters()) * kPointerSize));
+  AsmPush(Operand(ebp, (2 + info_->scope()->num_parameters()) * kPointerSize));
   // Push the language mode.
-  __ push(Immediate(Smi::FromInt(strict_mode())));
+  AsmPushSmi(Smi::FromInt(strict_mode()));
 
   // Push the start position of the scope the calls resides in.
-  __ push(Immediate(Smi::FromInt(scope()->start_position())));
+  AsmPushSmi(Smi::FromInt(scope()->start_position()));
 
   // Do the runtime call.
-  __ CallRuntime(Runtime::kHiddenResolvePossiblyDirectEval, 5);
+  AsmCallRuntime(Runtime::kHiddenResolvePossiblyDirectEval, 5);
 }
 
 
 void FullCodeGenerator::VisitCall(Call* expr) {
 #ifdef DEBUG
   // We want to verify that RecordJSReturnSite gets called on all paths
   // through this function.  Avoid early returns.
   expr->return_is_recorded_ = false;
 #endif
 
   Comment cmnt(masm_, "[ Call");
   Expression* callee = expr->expression();
   Call::CallType call_type = expr->GetCallType(isolate());
 
   if (call_type == Call::POSSIBLY_EVAL_CALL) {
     // In a call to eval, we first call RuntimeHidden_ResolvePossiblyDirectEval
     // to resolve the function we need to call and the receiver of the call.
     // Then we call the resolved function using the given arguments.
     ZoneList<Expression*>* args = expr->arguments();
     int arg_count = args->length();
     { PreservePositionScope pos_scope(masm()->positions_recorder());
       VisitForStackValue(callee);
       // Reserved receiver slot.
-      __ push(Immediate(isolate()->factory()->undefined_value()));
+      AsmPushHandle(isolate()->factory()->undefined_value());
       // Push the arguments.
       for (int i = 0; i < arg_count; i++) {
         VisitForStackValue(args->at(i));
       }
 
       // Push a copy of the function (found below the arguments) and
       // resolve eval.
-      __ push(Operand(esp, (arg_count + 1) * kPointerSize));
+      AsmPush(Operand(esp, (arg_count + 1) * kPointerSize));
       EmitResolvePossiblyDirectEval(arg_count);
 
       // The runtime call returns a pair of values in eax (function) and
       // edx (receiver). Touch up the stack with the right values.
       __ mov(Operand(esp, (arg_count + 0) * kPointerSize), edx);
       __ mov(Operand(esp, (arg_count + 1) * kPointerSize), eax);
     }
     // Record source position for debugger.
     SetSourcePosition(expr->position());
     CallFunctionStub stub(isolate(), arg_count, NO_CALL_FUNCTION_FLAGS);
     __ mov(edi, Operand(esp, (arg_count + 1) * kPointerSize));
     __ CallStub(&stub);
+    UpdateStackHeight(-(arg_count + 1));
     RecordJSReturnSite(expr);
     // Restore context register.
     __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
     context()->DropAndPlug(1, eax);
 
   } else if (call_type == Call::GLOBAL_CALL) {
     EmitCallWithLoadIC(expr);
 
   } else if (call_type == Call::LOOKUP_SLOT_CALL) {
     // Call to a lookup slot (dynamically introduced variable).
     VariableProxy* proxy = callee->AsVariableProxy();
     Label slow, done;
     { PreservePositionScope scope(masm()->positions_recorder());
       // Generate code for loading from variables potentially shadowed by
       // eval-introduced variables.
       EmitDynamicLookupFastCase(proxy->var(), NOT_INSIDE_TYPEOF, &slow, &done);
     }
     __ bind(&slow);
+    StackHeightWrapper branch_stack_height = CurrentStackHeight();
     // Call the runtime to find the function to call (returned in eax) and
     // the object holding it (returned in edx).
-    __ push(context_register());
-    __ push(Immediate(proxy->name()));
-    __ CallRuntime(Runtime::kHiddenLoadContextSlot, 2);
-    __ push(eax);  // Function.
-    __ push(edx);  // Receiver.
+    AsmPush(context_register());
+    AsmPushHandle(proxy->name());
+    AsmCallRuntime(Runtime::kHiddenLoadContextSlot, 2);
+    AsmPush(eax);  // Function.
+    AsmPush(edx);  // Receiver.
 
     // If fast case code has been generated, emit code to push the function
     // and receiver and have the slow path jump around this code.
     if (done.is_linked()) {
       Label call;
       __ jmp(&call, Label::kNear);
       __ bind(&done);
+      SetStackHeight(branch_stack_height);
       // Push function.
-      __ push(eax);
+      AsmPush(eax);
       // The receiver is implicitly the global receiver. Indicate this by
       // passing the hole to the call function stub.
-      __ push(Immediate(isolate()->factory()->undefined_value()));
+      AsmPushHandle(isolate()->factory()->undefined_value());
       __ bind(&call);
     }
 
     // The receiver is either the global receiver or an object found by
     // LoadContextSlot.
     EmitCall(expr);
 
   } else if (call_type == Call::PROPERTY_CALL) {
     Property* property = callee->AsProperty();
     { PreservePositionScope scope(masm()->positions_recorder());
       VisitForStackValue(property->obj());
     }
     if (property->key()->IsPropertyName()) {
       EmitCallWithLoadIC(expr);
     } else {
       EmitKeyedCallWithLoadIC(expr, property->key());
     }
 
   } else {
     ASSERT(call_type == Call::OTHER_CALL);
     // Call to an arbitrary expression not handled specially above.
     { PreservePositionScope scope(masm()->positions_recorder());
       VisitForStackValue(callee);
     }
-    __ push(Immediate(isolate()->factory()->undefined_value()));
+    AsmPushHandle(isolate()->factory()->undefined_value());
     // Emit function call.
     EmitCall(expr);
   }
 
 #ifdef DEBUG
   // RecordJSReturnSite should have been called.
   ASSERT(expr->return_is_recorded_);
 #endif
 }
 
@@ skipping 29 matching lines @@
     EnsureSlotContainsAllocationSite(expr->AllocationSiteFeedbackSlot());
     ASSERT(expr->AllocationSiteFeedbackSlot() ==
            expr->CallNewFeedbackSlot() + 1);
   }
 
   __ LoadHeapObject(ebx, FeedbackVector());
   __ mov(edx, Immediate(Smi::FromInt(expr->CallNewFeedbackSlot())));
 
   CallConstructStub stub(isolate(), RECORD_CONSTRUCTOR_TARGET);
   __ call(stub.GetCode(), RelocInfo::CONSTRUCT_CALL);
+  UpdateStackHeight(-(arg_count + 1));
   PrepareForBailoutForId(expr->ReturnId(), TOS_REG);
   context()->Plug(eax);
 }
 
 
 void FullCodeGenerator::EmitIsSmi(CallRuntime* expr) {
   ZoneList<Expression*>* args = expr->arguments();
   ASSERT(args->length() == 1);
 
   VisitForAccumulatorValue(args->at(0));
@@ skipping 337 matching lines @@
   VisitForStackValue(args->at(0));
   VisitForAccumulatorValue(args->at(1));
 
   Label materialize_true, materialize_false;
   Label* if_true = NULL;
   Label* if_false = NULL;
   Label* fall_through = NULL;
   context()->PrepareTest(&materialize_true, &materialize_false,
                          &if_true, &if_false, &fall_through);
 
-  __ pop(ebx);
+  AsmPop(ebx);
   __ cmp(eax, ebx);
   PrepareForBailoutBeforeSplit(expr, true, if_true, if_false);
   Split(equal, if_true, if_false, fall_through);
 
   context()->Plug(if_true, if_false);
 }
 
 
 void FullCodeGenerator::EmitArguments(CallRuntime* expr) {
   ZoneList<Expression*>* args = expr->arguments();
@@ skipping 95 matching lines @@
 
 
 void FullCodeGenerator::EmitSubString(CallRuntime* expr) {
   // Load the arguments on the stack and call the stub.
   SubStringStub stub(isolate());
   ZoneList<Expression*>* args = expr->arguments();
   ASSERT(args->length() == 3);
   VisitForStackValue(args->at(0));
   VisitForStackValue(args->at(1));
   VisitForStackValue(args->at(2));
-  __ CallStub(&stub);
+  AsmCallStub(&stub, 3);
   context()->Plug(eax);
 }
 
 
 void FullCodeGenerator::EmitRegExpExec(CallRuntime* expr) {
   // Load the arguments on the stack and call the stub.
   RegExpExecStub stub(isolate());
   ZoneList<Expression*>* args = expr->arguments();
   ASSERT(args->length() == 4);
   VisitForStackValue(args->at(0));
   VisitForStackValue(args->at(1));
   VisitForStackValue(args->at(2));
   VisitForStackValue(args->at(3));
-  __ CallStub(&stub);
+  AsmCallStub(&stub, 4);
   context()->Plug(eax);
 }
 
 
 void FullCodeGenerator::EmitValueOf(CallRuntime* expr) {
   ZoneList<Expression*>* args = expr->arguments();
   ASSERT(args->length() == 1);
 
   VisitForAccumulatorValue(args->at(0));  // Load the object.
 
@@ skipping 42 matching lines @@
     }
     __ bind(&runtime);
     __ PrepareCallCFunction(2, scratch);
     __ mov(Operand(esp, 0), object);
     __ mov(Operand(esp, 1 * kPointerSize), Immediate(index));
     __ CallCFunction(ExternalReference::get_date_field_function(isolate()), 2);
     __ jmp(&done);
   }
 
   __ bind(&not_date_object);
-  __ CallRuntime(Runtime::kHiddenThrowNotDateError, 0);
+  AsmCallRuntime(Runtime::kHiddenThrowNotDateError, 0);
   __ bind(&done);
   context()->Plug(result);
 }
 
 
 void FullCodeGenerator::EmitOneByteSeqStringSetChar(CallRuntime* expr) {
   ZoneList<Expression*>* args = expr->arguments();
   ASSERT_EQ(3, args->length());
 
   Register string = eax;
   Register index = ebx;
   Register value = ecx;
 
   VisitForStackValue(args->at(1));  // index
   VisitForStackValue(args->at(2));  // value
   VisitForAccumulatorValue(args->at(0));  // string
 
-  __ pop(value);
-  __ pop(index);
+  AsmPop(value);
+  AsmPop(index);
 
   if (FLAG_debug_code) {
     __ test(value, Immediate(kSmiTagMask));
     __ Check(zero, kNonSmiValue);
     __ test(index, Immediate(kSmiTagMask));
     __ Check(zero, kNonSmiValue);
   }
 
   __ SmiUntag(value);
   __ SmiUntag(index);
@@ skipping 13 matching lines @@
   ZoneList<Expression*>* args = expr->arguments();
   ASSERT_EQ(3, args->length());
 
   Register string = eax;
   Register index = ebx;
   Register value = ecx;
 
   VisitForStackValue(args->at(1));  // index
   VisitForStackValue(args->at(2));  // value
   VisitForAccumulatorValue(args->at(0));  // string
-  __ pop(value);
-  __ pop(index);
+  AsmPop(value);
+  AsmPop(index);
 
   if (FLAG_debug_code) {
     __ test(value, Immediate(kSmiTagMask));
     __ Check(zero, kNonSmiValue);
     __ test(index, Immediate(kSmiTagMask));
     __ Check(zero, kNonSmiValue);
     __ SmiUntag(index);
     static const uint32_t two_byte_seq_type = kSeqStringTag | kTwoByteStringTag;
     __ EmitSeqStringSetCharCheck(string, index, value, two_byte_seq_type);
     __ SmiTag(index);
   }
 
   __ SmiUntag(value);
   // No need to untag a smi for two-byte addressing.
   __ mov_w(FieldOperand(string, index, times_1, SeqTwoByteString::kHeaderSize),
            value);
   context()->Plug(string);
 }
 
 
 void FullCodeGenerator::EmitMathPow(CallRuntime* expr) {
   // Load the arguments on the stack and call the runtime function.
   ZoneList<Expression*>* args = expr->arguments();
   ASSERT(args->length() == 2);
   VisitForStackValue(args->at(0));
   VisitForStackValue(args->at(1));
 
   MathPowStub stub(isolate(), MathPowStub::ON_STACK);
-  __ CallStub(&stub);
+  AsmCallStub(&stub, 2);
   context()->Plug(eax);
 }
 
 
 void FullCodeGenerator::EmitSetValueOf(CallRuntime* expr) {
   ZoneList<Expression*>* args = expr->arguments();
   ASSERT(args->length() == 2);
 
   VisitForStackValue(args->at(0));  // Load the object.
   VisitForAccumulatorValue(args->at(1));  // Load the value.
-  __ pop(ebx);  // eax = value. ebx = object.
+  AsmPop(ebx);  // eax = value. ebx = object.
 
   Label done;
   // If the object is a smi, return the value.
   __ JumpIfSmi(ebx, &done, Label::kNear);
 
   // If the object is not a value type, return the value.
   __ CmpObjectType(ebx, JS_VALUE_TYPE, ecx);
   __ j(not_equal, &done, Label::kNear);
 
   // Store the value.
@@ skipping 45 matching lines @@
   ZoneList<Expression*>* args = expr->arguments();
   ASSERT(args->length() == 2);
 
   VisitForStackValue(args->at(0));
   VisitForAccumulatorValue(args->at(1));
 
   Register object = ebx;
   Register index = eax;
   Register result = edx;
 
-  __ pop(object);
+  AsmPop(object);
 
   Label need_conversion;
   Label index_out_of_range;
   Label done;
   StringCharCodeAtGenerator generator(object,
                                       index,
                                       result,
                                       &need_conversion,
                                       &need_conversion,
                                       &index_out_of_range,
@@ skipping 26 matching lines @@
   ASSERT(args->length() == 2);
 
   VisitForStackValue(args->at(0));
   VisitForAccumulatorValue(args->at(1));
 
   Register object = ebx;
   Register index = eax;
   Register scratch = edx;
   Register result = eax;
 
-  __ pop(object);
+  AsmPop(object);
 
   Label need_conversion;
   Label index_out_of_range;
   Label done;
   StringCharAtGenerator generator(object,
                                   index,
                                   scratch,
                                   result,
                                   &need_conversion,
                                   &need_conversion,
@@ skipping 21 matching lines @@
   context()->Plug(result);
 }
 
 
 void FullCodeGenerator::EmitStringAdd(CallRuntime* expr) {
   ZoneList<Expression*>* args = expr->arguments();
   ASSERT_EQ(2, args->length());
   VisitForStackValue(args->at(0));
   VisitForAccumulatorValue(args->at(1));
 
-  __ pop(edx);
+  AsmPop(edx);
   StringAddStub stub(isolate(), STRING_ADD_CHECK_BOTH, NOT_TENURED);
   __ CallStub(&stub);
   context()->Plug(eax);
 }
 
 
 void FullCodeGenerator::EmitStringCompare(CallRuntime* expr) {
   ZoneList<Expression*>* args = expr->arguments();
   ASSERT_EQ(2, args->length());
 
   VisitForStackValue(args->at(0));
   VisitForStackValue(args->at(1));
 
   StringCompareStub stub(isolate());
-  __ CallStub(&stub);
+  AsmCallStub(&stub, 2);
   context()->Plug(eax);
 }
 
 
 void FullCodeGenerator::EmitCallFunction(CallRuntime* expr) {
   ZoneList<Expression*>* args = expr->arguments();
   ASSERT(args->length() >= 2);
 
   int arg_count = args->length() - 2;  // 2 ~ receiver and function.
   for (int i = 0; i < arg_count + 1; ++i) {
     VisitForStackValue(args->at(i));
   }
   VisitForAccumulatorValue(args->last());  // Function.
 
   Label runtime, done;
   // Check for non-function argument (including proxy).
   __ JumpIfSmi(eax, &runtime);
   __ CmpObjectType(eax, JS_FUNCTION_TYPE, ebx);
+  StackHeightWrapper branch_stack_height = CurrentStackHeight();
   __ j(not_equal, &runtime);
 
   // InvokeFunction requires the function in edi. Move it in there.
   __ mov(edi, result_register());
   ParameterCount count(arg_count);
   __ InvokeFunction(edi, count, CALL_FUNCTION, NullCallWrapper());
+  UpdateStackHeight(-(arg_count + 1));
   __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
   __ jmp(&done);
 
   __ bind(&runtime);
-  __ push(eax);
-  __ CallRuntime(Runtime::kCall, args->length());
+  SetStackHeight(branch_stack_height);
+  AsmPush(eax);
+  AsmCallRuntime(Runtime::kCall, args->length());
   __ bind(&done);
 
   context()->Plug(eax);
 }
 
 
 void FullCodeGenerator::EmitRegExpConstructResult(CallRuntime* expr) {
   // Load the arguments on the stack and call the stub.
   RegExpConstructResultStub stub(isolate());
   ZoneList<Expression*>* args = expr->arguments();
   ASSERT(args->length() == 3);
   VisitForStackValue(args->at(0));
   VisitForStackValue(args->at(1));
   VisitForAccumulatorValue(args->at(2));
-  __ pop(ebx);
-  __ pop(ecx);
+  AsmPop(ebx);
+  AsmPop(ecx);
   __ CallStub(&stub);
   context()->Plug(eax);
 }
 
 
 void FullCodeGenerator::EmitGetFromCache(CallRuntime* expr) {
   ZoneList<Expression*>* args = expr->arguments();
   ASSERT_EQ(2, args->length());
 
   ASSERT_NE(NULL, args->at(0)->AsLiteral());
@@ skipping 25 matching lines @@
   __ mov(tmp, FieldOperand(cache, JSFunctionResultCache::kFingerOffset));
   // tmp now holds finger offset as a smi.
   __ cmp(key, FixedArrayElementOperand(cache, tmp));
   __ j(not_equal, &not_found);
 
   __ mov(eax, FixedArrayElementOperand(cache, tmp, 1));
   __ jmp(&done);
 
   __ bind(&not_found);
   // Call runtime to perform the lookup.
-  __ push(cache);
-  __ push(key);
-  __ CallRuntime(Runtime::kHiddenGetFromCache, 2);
+  AsmPush(cache);
+  AsmPush(key);
+  AsmCallRuntime(Runtime::kHiddenGetFromCache, 2);
 
   __ bind(&done);
   context()->Plug(eax);
 }
 
 
 void FullCodeGenerator::EmitHasCachedArrayIndex(CallRuntime* expr) {
   ZoneList<Expression*>* args = expr->arguments();
   ASSERT(args->length() == 1);
 
@@ skipping 55 matching lines @@
   Register scratch = ebx;
 
   Register array_length = edi;
   Register result_pos = no_reg;  // Will be edi.
 
   // Separator operand is already pushed.
   Operand separator_operand = Operand(esp, 2 * kPointerSize);
   Operand result_operand = Operand(esp, 1 * kPointerSize);
   Operand array_length_operand = Operand(esp, 0);
   __ sub(esp, Immediate(2 * kPointerSize));
+  UpdateStackHeight(2);
   __ cld();
   // Check that the array is a JSArray
   __ JumpIfSmi(array, &bailout);
   __ CmpObjectType(array, JS_ARRAY_TYPE, scratch);
   __ j(not_equal, &bailout);
 
   // Check that the array has fast elements.
   __ CheckFastElements(scratch, &bailout);
 
   // If the array has length zero, return the empty string.
@@ skipping 206 matching lines @@
   __ cmp(index, array_length_operand);
   __ j(less, &loop_3);  // End while (index < length).
   __ jmp(&done);
 
 
   __ bind(&bailout);
   __ mov(result_operand, isolate()->factory()->undefined_value());
   __ bind(&done);
   __ mov(eax, result_operand);
   // Drop temp values from the stack, and restore context register.
-  __ add(esp, Immediate(3 * kPointerSize));
+  AsmDrop(3);
 
   __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
   context()->Plug(eax);
 }
 
 
 void FullCodeGenerator::VisitCallRuntime(CallRuntime* expr) {
   if (expr->function() != NULL &&
       expr->function()->intrinsic_type == Runtime::INLINE) {
     Comment cmnt(masm_, "[ InlineRuntimeCall");
     EmitInlineRuntimeCall(expr);
     return;
   }
 
   Comment cmnt(masm_, "[ CallRuntime");
   ZoneList<Expression*>* args = expr->arguments();
 
   if (expr->is_jsruntime()) {
     // Push the builtins object as receiver.
     __ mov(eax, GlobalObjectOperand());
-    __ push(FieldOperand(eax, GlobalObject::kBuiltinsOffset));
+    AsmPush(FieldOperand(eax, GlobalObject::kBuiltinsOffset));
 
     // Load the function from the receiver.
     __ mov(edx, Operand(esp, 0));
     __ mov(ecx, Immediate(expr->name()));
     CallLoadIC(NOT_CONTEXTUAL, expr->CallRuntimeFeedbackId());
 
     // Push the target function under the receiver.
-    __ push(Operand(esp, 0));
+    AsmPush(Operand(esp, 0));
     __ mov(Operand(esp, kPointerSize), eax);
 
     // Code common for calls using the IC.
     ZoneList<Expression*>* args = expr->arguments();
     int arg_count = args->length();
     for (int i = 0; i < arg_count; i++) {
       VisitForStackValue(args->at(i));
     }
 
     // Record source position of the IC call.
     SetSourcePosition(expr->position());
     CallFunctionStub stub(isolate(), arg_count, NO_CALL_FUNCTION_FLAGS);
     __ mov(edi, Operand(esp, (arg_count + 1) * kPointerSize));
-    __ CallStub(&stub);
+    AsmCallStub(&stub, arg_count + 1);
     // Restore context register.
     __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
     context()->DropAndPlug(1, eax);
 
   } else {
     // Push the arguments ("left-to-right").
     int arg_count = args->length();
     for (int i = 0; i < arg_count; i++) {
       VisitForStackValue(args->at(i));
     }
 
     // Call the C runtime function.
-    __ CallRuntime(expr->function(), arg_count);
+    AsmCallRuntime(expr->function(), arg_count);
 
     context()->Plug(eax);
   }
 }
 
 
 void FullCodeGenerator::VisitUnaryOperation(UnaryOperation* expr) {
   switch (expr->op()) {
     case Token::DELETE: {
       Comment cmnt(masm_, "[ UnaryOperation (DELETE)");
       Property* property = expr->expression()->AsProperty();
       VariableProxy* proxy = expr->expression()->AsVariableProxy();
 
       if (property != NULL) {
         VisitForStackValue(property->obj());
         VisitForStackValue(property->key());
-        __ push(Immediate(Smi::FromInt(strict_mode())));
-        __ InvokeBuiltin(Builtins::DELETE, CALL_FUNCTION);
+        AsmPushSmi(Smi::FromInt(strict_mode()));
+        AsmInvokeBuiltin(Builtins::DELETE, CALL_FUNCTION, 3);
         context()->Plug(eax);
       } else if (proxy != NULL) {
         Variable* var = proxy->var();
         // Delete of an unqualified identifier is disallowed in strict mode
         // but "delete this" is allowed.
         ASSERT(strict_mode() == SLOPPY || var->is_this());
         if (var->IsUnallocated()) {
-          __ push(GlobalObjectOperand());
-          __ push(Immediate(var->name()));
-          __ push(Immediate(Smi::FromInt(SLOPPY)));
-          __ InvokeBuiltin(Builtins::DELETE, CALL_FUNCTION);
+          AsmPush(GlobalObjectOperand());
+          AsmPushHandle(var->name());
+          AsmPushSmi(Smi::FromInt(SLOPPY));
+          AsmInvokeBuiltin(Builtins::DELETE, CALL_FUNCTION, 3);
           context()->Plug(eax);
         } else if (var->IsStackAllocated() || var->IsContextSlot()) {
           // Result of deleting non-global variables is false.  'this' is
           // not really a variable, though we implement it as one.  The
           // subexpression does not have side effects.
           context()->Plug(var->is_this());
         } else {
           // Non-global variable.  Call the runtime to try to delete from the
           // context where the variable was introduced.
-          __ push(context_register());
-          __ push(Immediate(var->name()));
-          __ CallRuntime(Runtime::kHiddenDeleteContextSlot, 2);
+          AsmPush(context_register());
+          AsmPushHandle(var->name());
+          AsmCallRuntime(Runtime::kHiddenDeleteContextSlot, 2);
           context()->Plug(eax);
         }
       } else {
         // Result of deleting non-property, non-variable reference is true.
         // The subexpression may have side effects.
         VisitForEffect(expr->expression());
         context()->Plug(true);
       }
       break;
     }
@@ skipping 23 matching lines @@
         // We handle value contexts explicitly rather than simply visiting
         // for control and plugging the control flow into the context,
         // because we need to prepare a pair of extra administrative AST ids
         // for the optimizing compiler.
         ASSERT(context()->IsAccumulatorValue() || context()->IsStackValue());
         Label materialize_true, materialize_false, done;
         VisitForControl(expr->expression(),
                         &materialize_false,
                         &materialize_true,
                         &materialize_true);
+        StackHeightWrapper branch_stack_height = CurrentStackHeight();
         __ bind(&materialize_true);
         PrepareForBailoutForId(expr->MaterializeTrueId(), NO_REGISTERS);
         if (context()->IsAccumulatorValue()) {
           __ mov(eax, isolate()->factory()->true_value());
         } else {
-          __ Push(isolate()->factory()->true_value());
+          AsmPushHandle(isolate()->factory()->true_value());
         }
         __ jmp(&done, Label::kNear);
         __ bind(&materialize_false);
+        SetStackHeight(branch_stack_height);
         PrepareForBailoutForId(expr->MaterializeFalseId(), NO_REGISTERS);
         if (context()->IsAccumulatorValue()) {
           __ mov(eax, isolate()->factory()->false_value());
         } else {
-          __ Push(isolate()->factory()->false_value());
+          AsmPushHandle(isolate()->factory()->false_value());
         }
         __ bind(&done);
       }
       break;
     }
 
     case Token::TYPEOF: {
       Comment cmnt(masm_, "[ UnaryOperation (TYPEOF)");
       { StackValueContext context(this);
         VisitForTypeofValue(expr->expression());
       }
-      __ CallRuntime(Runtime::kTypeof, 1);
+      AsmCallRuntime(Runtime::kTypeof, 1);
       context()->Plug(eax);
       break;
     }
 
     default:
       UNREACHABLE();
   }
 }
 
 
@@ skipping 16 matching lines @@
   }
 
   // Evaluate expression and get value.
   if (assign_type == VARIABLE) {
     ASSERT(expr->expression()->AsVariableProxy()->var() != NULL);
     AccumulatorValueContext context(this);
     EmitVariableLoad(expr->expression()->AsVariableProxy());
   } else {
     // Reserve space for result of postfix operation.
     if (expr->is_postfix() && !context()->IsEffect()) {
-      __ push(Immediate(Smi::FromInt(0)));
+      AsmPushSmi(Smi::FromInt(0));
     }
     if (assign_type == NAMED_PROPERTY) {
       // Put the object both on the stack and in edx.
       VisitForAccumulatorValue(prop->obj());
-      __ push(eax);
+      AsmPush(eax);
       __ mov(edx, eax);
       EmitNamedPropertyLoad(prop);
     } else {
       VisitForStackValue(prop->obj());
       VisitForStackValue(prop->key());
       __ mov(edx, Operand(esp, kPointerSize));  // Object.
       __ mov(ecx, Operand(esp, 0));             // Key.
       EmitKeyedPropertyLoad(prop);
     }
   }
 
   // We need a second deoptimization point after loading the value
   // in case evaluating the property load my have a side effect.
   if (assign_type == VARIABLE) {
     PrepareForBailout(expr->expression(), TOS_REG);
   } else {
     PrepareForBailoutForId(prop->LoadId(), TOS_REG);
   }
 
   // Inline smi case if we are in a loop.
   Label done, stub_call;
   JumpPatchSite patch_site(masm_);
   if (ShouldInlineSmiCase(expr->op())) {
     Label slow;
     patch_site.EmitJumpIfNotSmi(eax, &slow, Label::kNear);
 
+    StackHeightWrapper smi_stack_height = CurrentStackHeight();
+
     // Save result for postfix expressions.
     if (expr->is_postfix()) {
       if (!context()->IsEffect()) {
         // Save the result on the stack. If we have a named or keyed property
         // we store the result under the receiver that is currently on top
         // of the stack.
         switch (assign_type) {
           case VARIABLE:
-            __ push(eax);
+            AsmPush(eax);
             break;
           case NAMED_PROPERTY:
             __ mov(Operand(esp, kPointerSize), eax);
             break;
           case KEYED_PROPERTY:
             __ mov(Operand(esp, 2 * kPointerSize), eax);
             break;
         }
       }
     }
 
     if (expr->op() == Token::INC) {
       __ add(eax, Immediate(Smi::FromInt(1)));
     } else {
       __ sub(eax, Immediate(Smi::FromInt(1)));
     }
     __ j(no_overflow, &done, Label::kNear);
     // Call stub. Undo operation first.
     if (expr->op() == Token::INC) {
       __ sub(eax, Immediate(Smi::FromInt(1)));
     } else {
       __ add(eax, Immediate(Smi::FromInt(1)));
     }
     __ jmp(&stub_call, Label::kNear);
     __ bind(&slow);
+    SetStackHeight(smi_stack_height);
   }
   ToNumberStub convert_stub(isolate());
   __ CallStub(&convert_stub);
 
   // Save result for postfix expressions.
   if (expr->is_postfix()) {
     if (!context()->IsEffect()) {
       // Save the result on the stack. If we have a named or keyed property
       // we store the result under the receiver that is currently on top
       // of the stack.
       switch (assign_type) {
         case VARIABLE:
-          __ push(eax);
+          AsmPush(eax);
           break;
         case NAMED_PROPERTY:
           __ mov(Operand(esp, kPointerSize), eax);
           break;
         case KEYED_PROPERTY:
           __ mov(Operand(esp, 2 * kPointerSize), eax);
           break;
       }
     }
   }
@@ skipping 29 matching lines @@
       } else {
         // Perform the assignment as if via '='.
         EmitVariableAssignment(expr->expression()->AsVariableProxy()->var(),
                                Token::ASSIGN);
         PrepareForBailoutForId(expr->AssignmentId(), TOS_REG);
         context()->Plug(eax);
       }
       break;
     case NAMED_PROPERTY: {
       __ mov(ecx, prop->key()->AsLiteral()->value());
-      __ pop(edx);
+      AsmPop(edx);
       CallStoreIC(expr->CountStoreFeedbackId());
       PrepareForBailoutForId(expr->AssignmentId(), TOS_REG);
       if (expr->is_postfix()) {
         if (!context()->IsEffect()) {
           context()->PlugTOS();
         }
       } else {
         context()->Plug(eax);
       }
       break;
     }
     case KEYED_PROPERTY: {
-      __ pop(ecx);
-      __ pop(edx);
+      AsmPop(ecx);
+      AsmPop(edx);
       Handle<Code> ic = strict_mode() == SLOPPY
           ? isolate()->builtins()->KeyedStoreIC_Initialize()
           : isolate()->builtins()->KeyedStoreIC_Initialize_Strict();
       CallIC(ic, expr->CountStoreFeedbackId());
       PrepareForBailoutForId(expr->AssignmentId(), TOS_REG);
       if (expr->is_postfix()) {
         // Result is on the stack
         if (!context()->IsEffect()) {
           context()->PlugTOS();
         }
@@ skipping 22 matching lines @@
     context()->Plug(eax);
   } else if (proxy != NULL && proxy->var()->IsLookupSlot()) {
     Comment cmnt(masm_, "[ Lookup slot");
     Label done, slow;
 
     // Generate code for loading from variables potentially shadowed
     // by eval-introduced variables.
     EmitDynamicLookupFastCase(proxy->var(), INSIDE_TYPEOF, &slow, &done);
 
     __ bind(&slow);
-    __ push(esi);
-    __ push(Immediate(proxy->name()));
-    __ CallRuntime(Runtime::kHiddenLoadContextSlotNoReferenceError, 2);
+    AsmPush(esi);
+    AsmPushHandle(proxy->name());
+    AsmCallRuntime(Runtime::kHiddenLoadContextSlotNoReferenceError, 2);
     PrepareForBailout(expr, TOS_REG);
     __ bind(&done);
 
     context()->Plug(eax);
   } else {
     // This expression cannot throw a reference error at the top level.
     VisitInDuplicateContext(expr);
   }
 }
 
@@ skipping 92 matching lines @@
   Label* if_false = NULL;
   Label* fall_through = NULL;
   context()->PrepareTest(&materialize_true, &materialize_false,
                          &if_true, &if_false, &fall_through);
 
   Token::Value op = expr->op();
   VisitForStackValue(expr->left());
   switch (op) {
     case Token::IN:
       VisitForStackValue(expr->right());
-      __ InvokeBuiltin(Builtins::IN, CALL_FUNCTION);
+      AsmInvokeBuiltin(Builtins::IN, CALL_FUNCTION, 2);
       PrepareForBailoutBeforeSplit(expr, false, NULL, NULL);
       __ cmp(eax, isolate()->factory()->true_value());
       Split(equal, if_true, if_false, fall_through);
       break;
 
     case Token::INSTANCEOF: {
       VisitForStackValue(expr->right());
       InstanceofStub stub(isolate(), InstanceofStub::kNoFlags);
-      __ CallStub(&stub);
+      AsmCallStub(&stub, 2);
       PrepareForBailoutBeforeSplit(expr, true, if_true, if_false);
       __ test(eax, eax);
       // The stub returns 0 for true.
       Split(zero, if_true, if_false, fall_through);
       break;
     }
 
     default: {
       VisitForAccumulatorValue(expr->right());
       Condition cc = CompareIC::ComputeCondition(op);
-      __ pop(edx);
+      AsmPop(edx);
 
       bool inline_smi_code = ShouldInlineSmiCase(op);
       JumpPatchSite patch_site(masm_);
       if (inline_smi_code) {
         Label slow_case;
         __ mov(ecx, edx);
         __ or_(ecx, eax);
         patch_site.EmitJumpIfNotSmi(ecx, &slow_case, Label::kNear);
         __ cmp(edx, eax);
         Split(cc, if_true, if_false, NULL);
@@ skipping 75 matching lines @@
 
 
 void FullCodeGenerator::PushFunctionArgumentForContextAllocation() {
   Scope* declaration_scope = scope()->DeclarationScope();
   if (declaration_scope->is_global_scope() ||
       declaration_scope->is_module_scope()) {
     // Contexts nested in the native context have a canonical empty function
     // as their closure, not the anonymous closure containing the global
     // code.  Pass a smi sentinel and let the runtime look up the empty
     // function.
-    __ push(Immediate(Smi::FromInt(0)));
+    AsmPushSmi(Smi::FromInt(0));
   } else if (declaration_scope->is_eval_scope()) {
     // Contexts nested inside eval code have the same closure as the context
     // calling eval, not the anonymous closure containing the eval code.
     // Fetch it from the context.
-    __ push(ContextOperand(esi, Context::CLOSURE_INDEX));
+    AsmPush(ContextOperand(esi, Context::CLOSURE_INDEX));
   } else {
     ASSERT(declaration_scope->is_function_scope());
-    __ push(Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
+    AsmPush(Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
   }
 }
 
 
 // ----------------------------------------------------------------------------
 // Non-local control flow support.
 
 void FullCodeGenerator::EnterFinallyBlock() {
   // Cook return address on top of stack (smi encoded Code* delta)
   ASSERT(!result_register().is(edx));
-  __ pop(edx);
+  AsmPop(edx);
   __ sub(edx, Immediate(masm_->CodeObject()));
   STATIC_ASSERT(kSmiTagSize + kSmiShiftSize == 1);
   STATIC_ASSERT(kSmiTag == 0);
   __ SmiTag(edx);
-  __ push(edx);
+  AsmPush(edx);
 
   // Store result register while executing finally block.
-  __ push(result_register());
+  AsmPush(result_register());
 
   // Store pending message while executing finally block.
   ExternalReference pending_message_obj =
       ExternalReference::address_of_pending_message_obj(isolate());
   __ mov(edx, Operand::StaticVariable(pending_message_obj));
-  __ push(edx);
+  AsmPush(edx);
 
   ExternalReference has_pending_message =
       ExternalReference::address_of_has_pending_message(isolate());
   __ mov(edx, Operand::StaticVariable(has_pending_message));
   __ SmiTag(edx);
-  __ push(edx);
+  AsmPush(edx);
 
   ExternalReference pending_message_script =
       ExternalReference::address_of_pending_message_script(isolate());
   __ mov(edx, Operand::StaticVariable(pending_message_script));
-  __ push(edx);
+  AsmPush(edx);
 }
 
 
 void FullCodeGenerator::ExitFinallyBlock() {
   ASSERT(!result_register().is(edx));
   // Restore pending message from stack.
-  __ pop(edx);
+  AsmPop(edx);
   ExternalReference pending_message_script =
       ExternalReference::address_of_pending_message_script(isolate());
   __ mov(Operand::StaticVariable(pending_message_script), edx);
 
-  __ pop(edx);
+  AsmPop(edx);
   __ SmiUntag(edx);
   ExternalReference has_pending_message =
       ExternalReference::address_of_has_pending_message(isolate());
   __ mov(Operand::StaticVariable(has_pending_message), edx);
 
-  __ pop(edx);
+  AsmPop(edx);
   ExternalReference pending_message_obj =
       ExternalReference::address_of_pending_message_obj(isolate());
   __ mov(Operand::StaticVariable(pending_message_obj), edx);
 
   // Restore result register from stack.
-  __ pop(result_register());
+  AsmPop(result_register());
 
   // Uncook return address.
-  __ pop(edx);
+  AsmPop(edx);
   __ SmiUntag(edx);
   __ add(edx, Immediate(masm_->CodeObject()));
   __ jmp(edx);
 }
 
 
+#if defined(VERIFY_STACK_HEIGHT)
+void FullCodeGenerator::AddStackHeightVerifier() {
+  // Insert code that verifies at runtime that our stack height calculation
+  // is correct
+  Label L;
+  __ push(eax);
+  __ pushfd();
+  __ mov(eax, ebp);
+  __ sub(eax, esp);
+  const int stack_diff = 4;  // We need to account for the pushed stuff
+  __ cmp(eax, (stack_height_.get() + stack_diff) * kPointerSize);
+  __ j(equal, &L);
+  __ int3();
+  __ bind(&L);
+  __ popfd();
+  __ pop(eax);
+}
+#endif  // defined(VERIFY_STACK_HEIGHT)
+
+void FullCodeGenerator::AsmPush(const Operand& op) {
+  masm()->push(op);
+  UpdateStackHeight(1);
+}
+
+
 #undef __
 
 #define __ ACCESS_MASM(masm())
 
 FullCodeGenerator::NestedStatement* FullCodeGenerator::TryFinally::Exit(
     int* stack_depth,
     int* context_length) {
   // The macros used here must preserve the result register.
 
   // Because the handler block contains the context of the finally
   // code, we can restore it directly from there for the finally code
   // rather than iteratively unwinding contexts via their previous
   // links.
-  __ Drop(*stack_depth);  // Down to the handler block.
+  codegen()->AsmDrop(*stack_depth);  // Down to the handler block.
   if (*context_length > 0) {
     // Restore the context to its dedicated register and the stack.
     __ mov(esi, Operand(esp, StackHandlerConstants::kContextOffset));
     __ mov(Operand(ebp, StandardFrameConstants::kContextOffset), esi);
   }
-  __ PopTryHandler();
+  codegen()->AsmPopTryHandler();
   __ call(finally_entry_);
 
   *stack_depth = 0;
   *context_length = 0;
   return previous_;
 }
 
 #undef __
 
-
 static const byte kJnsInstruction = 0x79;
 static const byte kJnsOffset = 0x11;
 static const byte kNopByteOne = 0x66;
 static const byte kNopByteTwo = 0x90;
 #ifdef DEBUG
 static const byte kCallInstruction = 0xe8;
 #endif
 
 
 void BackEdgeTable::PatchAt(Code* unoptimized_code,
@@ skipping 60 matching lines @@
   ASSERT_EQ(isolate->builtins()->OsrAfterStackCheck()->entry(),
             Assembler::target_address_at(call_target_address,
                                          unoptimized_code));
   return OSR_AFTER_STACK_CHECK;
 }
 
 
 } }  // namespace v8::internal
 
 #endif  // V8_TARGET_ARCH_IA32