Experimental: fix a frame-height issue with eval on ARM.

src/codegen-arm.cc

 // Copyright 2006-2008 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 364 matching lines @@
 // (partially) translated into branches, or it may have set the condition
 // code register. If force_cc is set, the value is forced to set the
 // condition code register and no value is pushed. If the condition code
 // register was set, has_cc() is true and cc_reg_ contains the condition to
 // test for 'true'.
 void CodeGenerator::LoadCondition(Expression* x,
                                   TypeofState typeof_state,
                                   JumpTarget* true_target,
                                   JumpTarget* false_target,
                                   bool force_cc) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   ASSERT(!in_spilled_code());
   ASSERT(!has_cc());
 
   { CodeGenState new_state(this, typeof_state, true_target, false_target);
     Visit(x);
   }
   if (force_cc && frame_ != NULL && !has_cc()) {
     // Convert the TOS value to a boolean in the condition code register.
     ToBoolean(true_target, false_target);
   }
-  ASSERT(!force_cc || frame_ == NULL || has_cc());
+  ASSERT(!force_cc || !has_valid_frame() || has_cc());
+  ASSERT(!has_valid_frame() ||
+         (has_cc() && frame_->height() == original_height) ||
+         (!has_cc() && frame_->height() == original_height + 1));
 }
 
 
 void CodeGenerator::Load(Expression* x, TypeofState typeof_state) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   ASSERT(!in_spilled_code());
   JumpTarget true_target(this);
   JumpTarget false_target(this);
   LoadCondition(x, typeof_state, &true_target, &false_target, false);
 
   if (has_cc()) {
     // Convert cc_reg_ into a boolean value.
     JumpTarget loaded(this);
     JumpTarget materialize_true(this);
     materialize_true.Branch(cc_reg_);
@@ skipping 28 matching lines @@
     }
     // Load "false" if necessary.
     if (false_target.is_linked()) {
       false_target.Bind();
       __ mov(r0, Operand(Factory::false_value()));
       frame_->EmitPush(r0);
     }
     // A value is loaded on all paths reaching this point.
     loaded.Bind();
   }
-  ASSERT(frame_ != NULL);
+  ASSERT(has_valid_frame());
   ASSERT(!has_cc());
+  ASSERT(frame_->height() == original_height + 1);
 }
 
 
 void CodeGenerator::LoadGlobal() {
   VirtualFrame::SpilledScope spilled_scope(this);
   __ ldr(r0, GlobalObject());
   frame_->EmitPush(r0);
 }
 
 
@@ skipping 618 matching lines @@
   VirtualFrame::SpilledScope spilled_scope(this);
   if (FLAG_check_stack) {
     Comment cmnt(masm_, "[ check stack");
     StackCheckStub stub;
     frame_->CallStub(&stub, 0);
   }
 }
 
 
 void CodeGenerator::VisitStatements(ZoneList<Statement*>* statements) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   for (int i = 0; frame_ != NULL && i < statements->length(); i++) {
     VisitAndSpill(statements->at(i));
   }
+  ASSERT(!has_valid_frame() || frame_->height() == original_height);
 }
 
 
 void CodeGenerator::VisitBlock(Block* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ Block");
   CodeForStatementPosition(node);
   node->set_break_stack_height(break_stack_height_);
   node->break_target()->Initialize(this);
   VisitStatementsAndSpill(node->statements());
   if (node->break_target()->is_linked()) {
     node->break_target()->Bind();
   }
+  ASSERT(!has_valid_frame() || frame_->height() == original_height);
 }
 
 
 void CodeGenerator::DeclareGlobals(Handle<FixedArray> pairs) {
   VirtualFrame::SpilledScope spilled_scope(this);
   __ mov(r0, Operand(pairs));
   frame_->EmitPush(r0);
   frame_->EmitPush(cp);
   __ mov(r0, Operand(Smi::FromInt(is_eval() ? 1 : 0)));
   frame_->EmitPush(r0);
   frame_->CallRuntime(Runtime::kDeclareGlobals, 3);
   // The result is discarded.
 }
 
 
 void CodeGenerator::VisitDeclaration(Declaration* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ Declaration");
   CodeForStatementPosition(node);
   Variable* var = node->proxy()->var();
   ASSERT(var != NULL);  // must have been resolved
   Slot* slot = var->slot();
 
   // If it was not possible to allocate the variable at compile time,
   // we need to "declare" it at runtime to make sure it actually
   // exists in the local context.
@@ skipping 18 matching lines @@
       __ mov(r0, Operand(Factory::the_hole_value()));
       frame_->EmitPush(r0);
     } else if (node->fun() != NULL) {
       LoadAndSpill(node->fun());
     } else {
       __ mov(r0, Operand(0));  // no initial value!
       frame_->EmitPush(r0);
     }
     frame_->CallRuntime(Runtime::kDeclareContextSlot, 4);
     // Ignore the return value (declarations are statements).
+    ASSERT(frame_->height() == original_height);
     return;
   }
 
   ASSERT(!var->is_global());
 
   // If we have a function or a constant, we need to initialize the variable.
   Expression* val = NULL;
   if (node->mode() == Variable::CONST) {
     val = new Literal(Factory::the_hole_value());
   } else {
     val = node->fun();  // NULL if we don't have a function
   }
 
   if (val != NULL) {
     {
       // Set initial value.
       Reference target(this, node->proxy());
       LoadAndSpill(val);
       target.SetValue(NOT_CONST_INIT);
       // The reference is removed from the stack (preserving TOS) when
       // it goes out of scope.
     }
     // Get rid of the assigned value (declarations are statements).
     frame_->Drop();
   }
+  ASSERT(frame_->height() == original_height);
 }
 
 
 void CodeGenerator::VisitExpressionStatement(ExpressionStatement* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ ExpressionStatement");
   CodeForStatementPosition(node);
   Expression* expression = node->expression();
   expression->MarkAsStatement();
   LoadAndSpill(expression);
   frame_->Drop();
+  ASSERT(frame_->height() == original_height);
 }
 
 
 void CodeGenerator::VisitEmptyStatement(EmptyStatement* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "// EmptyStatement");
   CodeForStatementPosition(node);
   // nothing to do
+  ASSERT(frame_->height() == original_height);
 }
 
 
 void CodeGenerator::VisitIfStatement(IfStatement* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ IfStatement");
   // Generate different code depending on which parts of the if statement
   // are present or not.
   bool has_then_stm = node->HasThenStatement();
   bool has_else_stm = node->HasElseStatement();
 
   CodeForStatementPosition(node);
 
   JumpTarget exit(this);
@@ skipping 65 matching lines @@
       } else {
         frame_->Drop();
       }
     }
   }
 
   // end
   if (exit.is_linked()) {
     exit.Bind();
   }
+  ASSERT(!has_valid_frame() || frame_->height() == original_height);
 }
 
 
 void CodeGenerator::CleanStack(int num_bytes) {
   VirtualFrame::SpilledScope spilled_scope(this);
   ASSERT(num_bytes % kPointerSize == 0);
   frame_->Drop(num_bytes / kPointerSize);
 }
 
 
@@ skipping 33 matching lines @@
     // returning thus making it easier to merge.
     frame_->EmitPop(r0);
     frame_->PrepareForReturn();
 
     function_return_.Jump();
   }
 }
 
 
 void CodeGenerator::VisitWithEnterStatement(WithEnterStatement* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ WithEnterStatement");
   CodeForStatementPosition(node);
   LoadAndSpill(node->expression());
   if (node->is_catch_block()) {
     frame_->CallRuntime(Runtime::kPushCatchContext, 1);
   } else {
     frame_->CallRuntime(Runtime::kPushContext, 1);
   }
   if (kDebug) {
     JumpTarget verified_true(this);
     __ cmp(r0, Operand(cp));
     verified_true.Branch(eq);
     __ stop("PushContext: r0 is expected to be the same as cp");
     verified_true.Bind();
   }
   // Update context local.
   __ str(cp, frame_->Context());
+  ASSERT(frame_->height() == original_height);
 }
 
 
 void CodeGenerator::VisitWithExitStatement(WithExitStatement* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ WithExitStatement");
   CodeForStatementPosition(node);
   // Pop context.
   __ ldr(cp, ContextOperand(cp, Context::PREVIOUS_INDEX));
   // Update context local.
   __ str(cp, frame_->Context());
+  ASSERT(frame_->height() == original_height);
 }
 
 
 int CodeGenerator::FastCaseSwitchMaxOverheadFactor() {
   return kFastSwitchMaxOverheadFactor;
 }
 
 int CodeGenerator::FastCaseSwitchMinCaseCount() {
   return kFastSwitchMinCaseCount;
 }
@@ skipping 47 matching lines @@
   // Table containing branch operations.
   for (int i = 0; i < range; i++) {
     __ jmp(case_targets[i]);
   }
   GenerateFastCaseSwitchCases(node, case_labels, start_frame);
   delete start_frame;
 }
 
 
 void CodeGenerator::VisitSwitchStatement(SwitchStatement* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ SwitchStatement");
   CodeForStatementPosition(node);
   node->set_break_stack_height(break_stack_height_);
   node->break_target()->Initialize(this);
 
   LoadAndSpill(node->tag());
   if (TryGenerateFastCaseSwitchStatement(node)) {
+    ASSERT(frame_->height() == original_height);
     return;
   }
 
   JumpTarget next_test(this);
   JumpTarget fall_through(this);
   JumpTarget default_entry(this);
   JumpTarget default_exit(this);
   ZoneList<CaseClause*>* cases = node->cases();
   int length = cases->length();
   CaseClause* default_clause = NULL;
@@ skipping 57 matching lines @@
     }
   }
 
   if (fall_through.is_linked()) {
     fall_through.Bind();
   }
 
   if (node->break_target()->is_linked()) {
     node->break_target()->Bind();
   }
+  ASSERT(!has_valid_frame() || frame_->height() == original_height);

[William Hesse, 2009/02/20 13:06:20]

How could there not be a valid frame here, if the function is called with a
valid frame?  Doesn't control flow have to exit the switch statement at the end?

[Kevin Millikin (Chromium), 2009/02/20 13:12:48]

If the last case we compile returns and none of the other ones break, then there
is no frame at the end.

 }
 
 
 void CodeGenerator::VisitLoopStatement(LoopStatement* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ LoopStatement");
   CodeForStatementPosition(node);
   node->set_break_stack_height(break_stack_height_);
   node->break_target()->Initialize(this);
 
   // Simple condition analysis.  ALWAYS_TRUE and ALWAYS_FALSE represent a
   // known result for the test expression, with no side effects.
   enum { ALWAYS_TRUE, ALWAYS_FALSE, DONT_KNOW } info = DONT_KNOW;
   if (node->cond() == NULL) {
@@ skipping 160 matching lines @@
           }
         }
       }
       break;
     }
   }
 
   if (node->break_target()->is_linked()) {
     node->break_target()->Bind();
   }
+  ASSERT(!has_valid_frame() || frame_->height() == original_height);
 }
 
 
 void CodeGenerator::VisitForInStatement(ForInStatement* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   ASSERT(!in_spilled_code());
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ ForInStatement");
   CodeForStatementPosition(node);
 
   // We keep stuff on the stack while the body is executing.
   // Record it, so that a break/continue crossing this statement
   // can restore the stack.
   const int kForInStackSize = 5 * kPointerSize;
   break_stack_height_ += kForInStackSize;
@@ skipping 173 matching lines @@
   entry.Jump();
 
   // Cleanup.
   node->break_target()->Bind();
   frame_->Drop(5);
 
   // Exit.
   exit.Bind();
 
   break_stack_height_ -= kForInStackSize;
+  ASSERT(frame_->height() == original_height);
 }
 
 
 void CodeGenerator::VisitTryCatch(TryCatch* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ TryCatch");
   CodeForStatementPosition(node);
 
   JumpTarget try_block(this);
   JumpTarget exit(this);
 
   try_block.Call();
   // --- Catch block ---
   frame_->EmitPush(r0);
@@ skipping 87 matching lines @@
       __ str(r1, MemOperand(r3));
       ASSERT(StackHandlerConstants::kCodeOffset == 0);  // first field is code
       frame_->Drop(StackHandlerConstants::kSize / kPointerSize - 1);
       // Code slot popped.
       frame_->Forget(1);
       shadows[i]->other_target()->Jump();
     }
   }
 
   exit.Bind();
+  ASSERT(!has_valid_frame() || frame_->height() == original_height);
 }
 
 
 void CodeGenerator::VisitTryFinally(TryFinally* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ TryFinally");
   CodeForStatementPosition(node);
 
   // State: Used to keep track of reason for entering the finally
   // block. Should probably be extended to hold information for
   // break/continue from within the try block.
   enum { FALLING, THROWING, JUMPING };
 
   JumpTarget unlink(this);
@@ skipping 135 matching lines @@
     __ cmp(r2, Operand(Smi::FromInt(THROWING)));
     exit.Branch(ne);
 
     // Rethrow exception.
     frame_->EmitPush(r0);
     frame_->CallRuntime(Runtime::kReThrow, 1);
 
     // Done.
     exit.Bind();
   }
+  ASSERT(!has_valid_frame() || frame_->height() == original_height);
 }
 
 
 void CodeGenerator::VisitDebuggerStatement(DebuggerStatement* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ DebuggerStatament");
   CodeForStatementPosition(node);
   frame_->CallRuntime(Runtime::kDebugBreak, 0);
   // Ignore the return value.
+  ASSERT(frame_->height() == original_height);
 }
 
 
 void CodeGenerator::InstantiateBoilerplate(Handle<JSFunction> boilerplate) {
   VirtualFrame::SpilledScope spilled_scope(this);
   ASSERT(boilerplate->IsBoilerplate());
 
   // Push the boilerplate on the stack.
   __ mov(r0, Operand(boilerplate));
   frame_->EmitPush(r0);
 
   // Create a new closure.
   frame_->EmitPush(cp);
   frame_->CallRuntime(Runtime::kNewClosure, 2);
   frame_->EmitPush(r0);
 }
 
 
 void CodeGenerator::VisitFunctionLiteral(FunctionLiteral* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ FunctionLiteral");
 
   // Build the function boilerplate and instantiate it.
   Handle<JSFunction> boilerplate = BuildBoilerplate(node);
   // Check for stack-overflow exception.
-  if (HasStackOverflow()) return;
+  if (HasStackOverflow()) {
+    ASSERT(frame_->height() == original_height);
+    return;
+  }
   InstantiateBoilerplate(boilerplate);
+  ASSERT(frame_->height() == original_height + 1);
 }
 
 
 void CodeGenerator::VisitFunctionBoilerplateLiteral(
     FunctionBoilerplateLiteral* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ FunctionBoilerplateLiteral");
   InstantiateBoilerplate(node->boilerplate());
+  ASSERT(frame_->height() == original_height + 1);
 }
 
 
 void CodeGenerator::VisitConditional(Conditional* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ Conditional");
   JumpTarget then(this);
   JumpTarget else_(this);
   JumpTarget exit(this);
   LoadConditionAndSpill(node->condition(), NOT_INSIDE_TYPEOF,
                         &then, &else_, true);
   Branch(false, &else_);
   then.Bind();
   LoadAndSpill(node->then_expression(), typeof_state());
   exit.Jump();
   else_.Bind();
   LoadAndSpill(node->else_expression(), typeof_state());
   exit.Bind();
+  ASSERT(frame_->height() == original_height + 1);
 }
 
 
 void CodeGenerator::LoadFromSlot(Slot* slot, TypeofState typeof_state) {
   VirtualFrame::SpilledScope spilled_scope(this);
   if (slot->type() == Slot::LOOKUP) {
     ASSERT(slot->var()->is_dynamic());
 
     JumpTarget slow(this);
     JumpTarget done(this);
@@ skipping 102 matching lines @@
   } else {
     frame_->CallCodeObject(ic, RelocInfo::CODE_TARGET_CONTEXT, &name, 0);
   }
 
   // Drop the global object. The result is in r0.
   frame_->Drop();
 }
 
 
 void CodeGenerator::VisitSlot(Slot* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ Slot");
   LoadFromSlot(node, typeof_state());
+  ASSERT(frame_->height() == original_height + 1);
 }
 
 
 void CodeGenerator::VisitVariableProxy(VariableProxy* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ VariableProxy");
 
   Variable* var = node->var();
   Expression* expr = var->rewrite();
   if (expr != NULL) {
     Visit(expr);
   } else {
     ASSERT(var->is_global());
     Reference ref(this, node);
     ref.GetValueAndSpill(typeof_state());
   }
+  ASSERT(frame_->height() == original_height + 1);
 }
 
 
 void CodeGenerator::VisitLiteral(Literal* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ Literal");
   __ mov(r0, Operand(node->handle()));
   frame_->EmitPush(r0);
+  ASSERT(frame_->height() == original_height + 1);
 }
 
 
 void CodeGenerator::VisitRegExpLiteral(RegExpLiteral* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ RexExp Literal");
 
   // Retrieve the literal array and check the allocated entry.
 
   // Load the function of this activation.
   __ ldr(r1, frame_->Function());
 
   // Load the literals array of the function.
   __ ldr(r1, FieldMemOperand(r1, JSFunction::kLiteralsOffset));
@@ skipping 15 matching lines @@
   __ mov(r0, Operand(node->pattern()));  // RegExp pattern (2)
   frame_->EmitPush(r0);
   __ mov(r0, Operand(node->flags()));  // RegExp flags   (3)
   frame_->EmitPush(r0);
   frame_->CallRuntime(Runtime::kMaterializeRegExpLiteral, 4);
   __ mov(r2, Operand(r0));
 
   done.Bind();
   // Push the literal.
   frame_->EmitPush(r2);
+  ASSERT(frame_->height() == original_height + 1);
 }
 
 
 // This deferred code stub will be used for creating the boilerplate
 // by calling Runtime_CreateObjectLiteral.
 // Each created boilerplate is stored in the JSFunction and they are
 // therefore context dependent.
 class DeferredObjectLiteral: public DeferredCode {
  public:
   DeferredObjectLiteral(CodeGenerator* generator, ObjectLiteral* node)
@@ skipping 27 matching lines @@
   frame->EmitPush(r0);
   Result boilerplate =
       frame->CallRuntime(Runtime::kCreateObjectLiteralBoilerplate, 3);
   __ mov(r2, Operand(boilerplate.reg()));
   // Result is returned in r2.
   exit_.Jump();
 }
 
 
 void CodeGenerator::VisitObjectLiteral(ObjectLiteral* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ ObjectLiteral");
 
   DeferredObjectLiteral* deferred = new DeferredObjectLiteral(this, node);
 
   // Retrieve the literal array and check the allocated entry.
 
   // Load the function of this activation.
   __ ldr(r1, frame_->Function());
 
@@ skipping 50 matching lines @@
         LoadAndSpill(key);
         __ mov(r0, Operand(Smi::FromInt(0)));
         frame_->EmitPush(r0);
         LoadAndSpill(value);
         frame_->CallRuntime(Runtime::kDefineAccessor, 4);
         __ ldr(r0, frame_->Top());
         break;
       }
     }
   }
+  ASSERT(frame_->height() == original_height + 1);
 }
 
 
 void CodeGenerator::VisitArrayLiteral(ArrayLiteral* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ ArrayLiteral");
 
   // Call runtime to create the array literal.
   __ mov(r0, Operand(node->literals()));
   frame_->EmitPush(r0);
   // Load the function of this frame.
   __ ldr(r0, frame_->Function());
   __ ldr(r0, FieldMemOperand(r0, JSFunction::kLiteralsOffset));
   frame_->EmitPush(r0);
@@ skipping 21 matching lines @@
 
       // Write to the indexed properties array.
       int offset = i * kPointerSize + Array::kHeaderSize;
       __ str(r0, FieldMemOperand(r1, offset));
 
       // Update the write barrier for the array address.
       __ mov(r3, Operand(offset));
       __ RecordWrite(r1, r3, r2);
     }
   }
+  ASSERT(frame_->height() == original_height + 1);
 }
 
 
 void CodeGenerator::VisitCatchExtensionObject(CatchExtensionObject* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   ASSERT(!in_spilled_code());
   VirtualFrame::SpilledScope spilled_scope(this);
   // Call runtime routine to allocate the catch extension object and
   // assign the exception value to the catch variable.
   Comment cmnt(masm_, "[ CatchExtensionObject");
   LoadAndSpill(node->key());
   LoadAndSpill(node->value());
   Result result =
       frame_->CallRuntime(Runtime::kCreateCatchExtensionObject, 2);
   frame_->EmitPush(result.reg());
+  ASSERT(frame_->height() == original_height + 1);
 }
 
 
 void CodeGenerator::VisitAssignment(Assignment* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ Assignment");
   CodeForStatementPosition(node);
 
-  Reference target(this, node->target());
-  if (target.is_illegal()) {
-    // Fool the virtual frame into thinking that we left the assignment's
-    // value on the frame.
-    __ mov(r0, Operand(Smi::FromInt(0)));
-    frame_->EmitPush(r0);
-    return;
-  }
+  { Reference target(this, node->target());
+    if (target.is_illegal()) {
+      // Fool the virtual frame into thinking that we left the assignment's
+      // value on the frame.
+      __ mov(r0, Operand(Smi::FromInt(0)));
+      frame_->EmitPush(r0);
+      ASSERT(frame_->height() == original_height + 1);
+      return;
+    }
 
-  if (node->op() == Token::ASSIGN ||
-      node->op() == Token::INIT_VAR ||
-      node->op() == Token::INIT_CONST) {
-    LoadAndSpill(node->value());
-
-  } else {
-    target.GetValueAndSpill(NOT_INSIDE_TYPEOF);
-    Literal* literal = node->value()->AsLiteral();
-    if (literal != NULL && literal->handle()->IsSmi()) {
-      SmiOperation(node->binary_op(), literal->handle(), false);
-      frame_->EmitPush(r0);
+    if (node->op() == Token::ASSIGN ||
+        node->op() == Token::INIT_VAR ||
+        node->op() == Token::INIT_CONST) {
+      LoadAndSpill(node->value());
 
     } else {
-      LoadAndSpill(node->value());
-      GenericBinaryOperation(node->binary_op());
-      frame_->EmitPush(r0);
+      target.GetValueAndSpill(NOT_INSIDE_TYPEOF);
+      Literal* literal = node->value()->AsLiteral();
+      if (literal != NULL && literal->handle()->IsSmi()) {
+        SmiOperation(node->binary_op(), literal->handle(), false);
+        frame_->EmitPush(r0);
+
+      } else {
+        LoadAndSpill(node->value());
+        GenericBinaryOperation(node->binary_op());
+        frame_->EmitPush(r0);
+      }
+    }
+
+    Variable* var = node->target()->AsVariableProxy()->AsVariable();
+    if (var != NULL &&
+        (var->mode() == Variable::CONST) &&
+        node->op() != Token::INIT_VAR && node->op() != Token::INIT_CONST) {
+      // Assignment ignored - leave the value on the stack.
+
+    } else {
+      CodeForSourcePosition(node->position());
+      if (node->op() == Token::INIT_CONST) {
+        // Dynamic constant initializations must use the function context
+        // and initialize the actual constant declared. Dynamic variable
+        // initializations are simply assignments and use SetValue.
+        target.SetValue(CONST_INIT);
+      } else {
+        target.SetValue(NOT_CONST_INIT);
+      }
     }
   }
-
-  Variable* var = node->target()->AsVariableProxy()->AsVariable();
-  if (var != NULL &&
-      (var->mode() == Variable::CONST) &&
-      node->op() != Token::INIT_VAR && node->op() != Token::INIT_CONST) {
-    // Assignment ignored - leave the value on the stack.
-
-  } else {
-    CodeForSourcePosition(node->position());
-    if (node->op() == Token::INIT_CONST) {
-      // Dynamic constant initializations must use the function context
-      // and initialize the actual constant declared. Dynamic variable
-      // initializations are simply assignments and use SetValue.
-      target.SetValue(CONST_INIT);
-    } else {
-      target.SetValue(NOT_CONST_INIT);
-    }
-  }
+  ASSERT(frame_->height() == original_height + 1);
 }
 
 
 void CodeGenerator::VisitThrow(Throw* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ Throw");
 
   LoadAndSpill(node->exception());
   CodeForSourcePosition(node->position());
   frame_->CallRuntime(Runtime::kThrow, 1);
   frame_->EmitPush(r0);
+  ASSERT(frame_->height() == original_height + 1);
 }
 
 
 void CodeGenerator::VisitProperty(Property* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ Property");
 
-  Reference property(this, node);
-  property.GetValueAndSpill(typeof_state());
+  { Reference property(this, node);
+    property.GetValueAndSpill(typeof_state());
+  }
+  ASSERT(frame_->height() == original_height + 1);
 }
 
 
 void CodeGenerator::VisitCall(Call* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ Call");
 
   ZoneList<Expression*>* args = node->arguments();
 
   CodeForStatementPosition(node);
   // Standard function call.
 
   // Check if the function is a variable or a property.
   Expression* function = node->expression();
@@ skipping 116 matching lines @@
     // Load the function.
     LoadAndSpill(function);
 
     // Pass the global proxy as the receiver.
     LoadGlobalReceiver(r0);
 
     // Call the function.
     CallWithArguments(args, node->position());
     frame_->EmitPush(r0);
   }
+  ASSERT(frame_->height() == original_height + 1);
 }
 
 
 void CodeGenerator::VisitCallEval(CallEval* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ CallEval");
 
   // In a call to eval, we first call %ResolvePossiblyDirectEval to resolve
   // the function we need to call and the receiver of the call.
   // Then we call the resolved function using the given arguments.
 
   ZoneList<Expression*>* args = node->arguments();
   Expression* function = node->expression();
 
   CodeForStatementPosition(node);
 
   // Prepare stack for call to resolved function.
   LoadAndSpill(function);
   __ mov(r2, Operand(Factory::undefined_value()));
-  __ push(r2);  // Slot for receiver
-  for (int i = 0; i < args->length(); i++) {
+  frame_->EmitPush(r2);  // Slot for receiver
+  int arg_count = args->length();
+  for (int i = 0; i < arg_count; i++) {
     LoadAndSpill(args->at(i));
   }
 
   // Prepare stack for call to ResolvePossiblyDirectEval.
-  __ ldr(r1, MemOperand(sp, args->length() * kPointerSize + kPointerSize));
-  __ push(r1);
-  if (args->length() > 0) {
-    __ ldr(r1, MemOperand(sp, args->length() * kPointerSize));
-    __ push(r1);
+  __ ldr(r1, MemOperand(sp, arg_count * kPointerSize + kPointerSize));
+  frame_->EmitPush(r1);
+  if (arg_count > 0) {
+    __ ldr(r1, MemOperand(sp, arg_count * kPointerSize));
+    frame_->EmitPush(r1);
   } else {
-    __ push(r2);
+    frame_->EmitPush(r2);
   }
 
   // Resolve the call.
-  __ CallRuntime(Runtime::kResolvePossiblyDirectEval, 2);
+  frame_->CallRuntime(Runtime::kResolvePossiblyDirectEval, 2);
 
   // Touch up stack with the right values for the function and the receiver.
   __ ldr(r1, FieldMemOperand(r0, FixedArray::kHeaderSize));
-  __ str(r1, MemOperand(sp, (args->length() + 1) * kPointerSize));
+  __ str(r1, MemOperand(sp, (arg_count + 1) * kPointerSize));
   __ ldr(r1, FieldMemOperand(r0, FixedArray::kHeaderSize + kPointerSize));
-  __ str(r1, MemOperand(sp, args->length() * kPointerSize));
+  __ str(r1, MemOperand(sp, arg_count * kPointerSize));
 
   // Call the function.
   CodeForSourcePosition(node->position());
 
-  CallFunctionStub call_function(args->length());
-  __ CallStub(&call_function);
+  CallFunctionStub call_function(arg_count);
+  frame_->CallStub(&call_function, arg_count + 1);
 
   __ ldr(cp, frame_->Context());
   // Remove the function from the stack.
   frame_->Drop();
   frame_->EmitPush(r0);
+  ASSERT(frame_->height() == original_height + 1);
 }
 
 
 void CodeGenerator::VisitCallNew(CallNew* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ CallNew");
   CodeForStatementPosition(node);
 
   // According to ECMA-262, section 11.2.2, page 44, the function
   // expression in new calls must be evaluated before the
   // arguments. This is different from ordinary calls, where the
   // actual function to call is resolved after the arguments have been
   // evaluated.
 
@@ skipping 25 matching lines @@
   CodeForSourcePosition(node->position());
   Handle<Code> ic(Builtins::builtin(Builtins::JSConstructCall));
   Result result = frame_->CallCodeObject(ic,
                                          RelocInfo::CONSTRUCT_CALL,
                                          &num_args,
                                          &function,
                                          arg_count + 1);
 
   // Discard old TOS value and push r0 on the stack (same as Pop(), push(r0)).
   __ str(r0, frame_->Top());
+  ASSERT(frame_->height() == original_height + 1);
 }
 
 
 void CodeGenerator::GenerateValueOf(ZoneList<Expression*>* args) {
   VirtualFrame::SpilledScope spilled_scope(this);
   ASSERT(args->length() == 1);
   JumpTarget leave(this);
   LoadAndSpill(args->at(0));
   frame_->EmitPop(r0);  // r0 contains object.
   // if (object->IsSmi()) return the object.
@@ skipping 149 matching lines @@
   LoadAndSpill(args->at(0));
   LoadAndSpill(args->at(1));
   frame_->EmitPop(r0);
   frame_->EmitPop(r1);
   __ cmp(r0, Operand(r1));
   cc_reg_ = eq;
 }
 
 
 void CodeGenerator::VisitCallRuntime(CallRuntime* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   if (CheckForInlineRuntimeCall(node)) {
+    ASSERT((has_cc() && frame_->height() == original_height) ||
+           (!has_cc() && frame_->height() == original_height + 1));
     return;
   }
 
   ZoneList<Expression*>* args = node->arguments();
   Comment cmnt(masm_, "[ CallRuntime");
   Runtime::Function* function = node->function();
 
   if (function != NULL) {
     // Push the arguments ("left-to-right").
     int arg_count = args->length();
@@ skipping 19 matching lines @@
       LoadAndSpill(args->at(i));
     }
 
     // Call the JS runtime function.
     Handle<Code> stub = ComputeCallInitialize(args->length());
     frame_->CallCodeObject(stub, RelocInfo::CODE_TARGET, arg_count + 1);
     __ ldr(cp, frame_->Context());
     frame_->Drop();
     frame_->EmitPush(r0);
   }
+  ASSERT(frame_->height() == original_height + 1);
 }
 
 
 void CodeGenerator::VisitUnaryOperation(UnaryOperation* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ UnaryOperation");
 
   Token::Value op = node->op();
 
   if (op == Token::NOT) {
     LoadConditionAndSpill(node->expression(),
                           NOT_INSIDE_TYPEOF,
                           false_target(),
                           true_target(),
@@ skipping 112 matching lines @@
         __ mov(arg_count.reg(), Operand(0));  // not counting receiver
         frame_->InvokeBuiltin(Builtins::TO_NUMBER, CALL_JS, &arg_count, 1);
         continue_label.Bind();
         break;
       }
       default:
         UNREACHABLE();
     }
     frame_->EmitPush(r0);  // r0 has result
   }
+  ASSERT((has_cc() && frame_->height() == original_height) ||
+         (!has_cc() && frame_->height() == original_height + 1));
 }
 
 
 void CodeGenerator::VisitCountOperation(CountOperation* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ CountOperation");
 
   bool is_postfix = node->is_postfix();
   bool is_increment = node->op() == Token::INC;
 
   Variable* var = node->expression()->AsVariableProxy()->AsVariable();
   bool is_const = (var != NULL && var->mode() == Variable::CONST);
 
   // Postfix: Make room for the result.
   if (is_postfix) {
      __ mov(r0, Operand(0));
      frame_->EmitPush(r0);
   }
 
   { Reference target(this, node->expression());
     if (target.is_illegal()) {
       // Spoof the virtual frame to have the expected height (one higher
       // than on entry).
       if (!is_postfix) {
         __ mov(r0, Operand(Smi::FromInt(0)));
         frame_->EmitPush(r0);
       }
+      ASSERT(frame_->height() == original_height + 1);
       return;
     }
     target.GetValueAndSpill(NOT_INSIDE_TYPEOF);
     frame_->EmitPop(r0);
 
     JumpTarget slow(this);
     JumpTarget exit(this);
 
     // Load the value (1) into register r1.
     __ mov(r1, Operand(Smi::FromInt(1)));
@@ skipping 45 matching lines @@
     }
 
     // Store the new value in the target if not const.
     exit.Bind();
     frame_->EmitPush(r0);
     if (!is_const) target.SetValue(NOT_CONST_INIT);
   }
 
   // Postfix: Discard the new value and use the old.
   if (is_postfix) frame_->EmitPop(r0);
+  ASSERT(frame_->height() == original_height + 1);
 }
 
 
 void CodeGenerator::VisitBinaryOperation(BinaryOperation* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ BinaryOperation");
   Token::Value op = node->op();
 
   // According to ECMA-262 section 11.11, page 58, the binary logical
   // operators must yield the result of one of the two expressions
   // before any ToBoolean() conversions. This means that the value
   // produced by a && or || operator is not necessarily a boolean.
 
   // NOTE: If the left hand side produces a materialized value (not in
@@ skipping 101 matching lines @@
       LoadAndSpill(node->right());
       SmiOperation(node->op(), lliteral->handle(), true);
 
     } else {
       LoadAndSpill(node->left());
       LoadAndSpill(node->right());
       GenericBinaryOperation(node->op());
     }
     frame_->EmitPush(r0);
   }
+  ASSERT((has_cc() && frame_->height() == original_height) ||
+         (!has_cc() && frame_->height() == original_height + 1));
 }
 
 
 void CodeGenerator::VisitThisFunction(ThisFunction* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   __ ldr(r0, frame_->Function());
   frame_->EmitPush(r0);
+  ASSERT(frame_->height() == original_height + 1);
 }
 
 
 void CodeGenerator::VisitCompareOperation(CompareOperation* node) {
+#ifdef DEBUG
+  int original_height = frame_->height();
+#endif
   VirtualFrame::SpilledScope spilled_scope(this);
   Comment cmnt(masm_, "[ CompareOperation");
 
   // Get the expressions from the node.
   Expression* left = node->left();
   Expression* right = node->right();
   Token::Value op = node->op();
 
   // To make null checks efficient, we check if either left or right is the
   // literal 'null'. If so, we optimize the code by inlining a null check
@@ skipping 22 matching lines @@
         false_target()->Branch(eq);
 
         // It can be an undetectable object.
         __ ldr(r0, FieldMemOperand(r0, HeapObject::kMapOffset));
         __ ldrb(r0, FieldMemOperand(r0, Map::kBitFieldOffset));
         __ and_(r0, r0, Operand(1 << Map::kIsUndetectable));
         __ cmp(r0, Operand(1 << Map::kIsUndetectable));
       }
 
       cc_reg_ = eq;
+      ASSERT(has_cc() && frame_->height() == original_height);
       return;
     }
   }
 
   // To make typeof testing for natives implemented in JavaScript really
   // efficient, we generate special code for expressions of the form:
   // 'typeof <expression> == <string>'.
   UnaryOperation* operation = left->AsUnaryOperation();
   if ((op == Token::EQ || op == Token::EQ_STRICT) &&
       (operation != NULL && operation->op() == Token::TYPEOF) &&
@@ skipping 75 matching lines @@
       __ cmp(r2, Operand(FIRST_JS_OBJECT_TYPE));
       false_target()->Branch(lt);
       __ cmp(r2, Operand(LAST_JS_OBJECT_TYPE));
       cc_reg_ = le;
 
     } else {
       // Uncommon case: typeof testing against a string literal that is
       // never returned from the typeof operator.
       false_target()->Jump();
     }
+    ASSERT(!has_valid_frame() ||
+           (has_cc() && frame_->height() == original_height));
     return;
   }
 
   LoadAndSpill(left);
   LoadAndSpill(right);
   switch (op) {
     case Token::EQ:
       Comparison(eq, false);
       break;
 
@@ skipping 38 matching lines @@
                                             &arg_count,
                                             2);
       __ tst(result.reg(), Operand(result.reg()));
       cc_reg_ = eq;
       break;
     }
 
     default:
       UNREACHABLE();
   }
+  ASSERT((has_cc() && frame_->height() == original_height) ||
+         (!has_cc() && frame_->height() == original_height + 1));
 }
 
 
 #ifdef DEBUG
 bool CodeGenerator::HasValidEntryRegisters() { return true; }
 #endif
 
 
 bool CodeGenerator::IsActualFunctionReturn(JumpTarget* target) {
   return (target == &function_return_ && !function_return_is_shadowed_);
@@ skipping 1132 matching lines @@
   __ mov(r2, Operand(0));
   __ GetBuiltinEntry(r3, Builtins::CALL_NON_FUNCTION);
   __ Jump(Handle<Code>(Builtins::builtin(Builtins::ArgumentsAdaptorTrampoline)),
           RelocInfo::CODE_TARGET);
 }
 
 
 #undef __
 
 } }  // namespace v8::internal