[Turbofan] Disable JSFrameSpecialization for interpreted frames.

[Turbofan] Disable JSFrameSpecialization for interpreted frames.

JSFrameSpecialization depends on the layout of the frame and doesn't work
with interpreted frames. Disable it since it is only used for OSR from asmjs code, which shouldn't go through the bytecode graph builder in many cases.

BUG=669517
Committed: https://crrev.com/6d90507a7ca6b3d77fc5dd5a355b382b1fed4286
Cr-Commit-Position: refs/heads/master@{#41387}

[rmcilroy, 2016-11-29 18:26:38]

The CQ bit was checked by rmcilroy@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-29 18:26:43]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[rmcilroy, 2016-11-29 18:29:24]

rmcilroy@chromium.org changed reviewers:
+ mstarzinger@chromium.org

[rmcilroy, 2016-11-29 18:29:24]

Michi: this fixes the immediate issue, but we might want to instead change
linkage()->GetOsrValueLocation() instead so that we can use the same index in
BytecodeGraphBuilder as AstGraphBuilder and avoid further issues like this,
WDYT?

Also, I'm still not sure about what happens if try and visit an OSRValue with
kOsrAccumulatorRegisterIndex? Presumably we should never see this as an input on
a JumpLoop backedge - if so maybe we should DCHECK we don't see it in
instruction-selector?

[Benedikt Meurer, 2016-11-29 19:16:58]

bmeurer@chromium.org changed reviewers:
+ bmeurer@chromium.org, tebbi@chromium.org

[Benedikt Meurer, 2016-11-29 19:16:58]

Tobias noticed this issue before (independently while looking into the OSR
typer), and I think he had figured the proper indices, so adding him for review.

[commit-bot: I haz the power, 2016-11-29 19:31:00]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-29 19:31:01]

Dry run: This issue passed the CQ dry run.

[Michael Starzinger, 2016-11-30 09:36:39]

Thanks for the fix, I do think the fix is sound and would address the issue.
However running JSFrameSpecialization together with the BytecodeGraphBuilder has
really meager test coverage and I am really scared about more hidden bugs. How
would you feel about only running frame specialization when we are not compiling
from bytecode? This could be done in {PipelineCompilationJob::PrepareJobImpl}
where we call {MarkAsFrameSpecializing}. Then we could just leave a [D]CHECK in
JSFrameSpecialization that makes sure we never apply it on an InterpretedFrame.
WDYT?

[Tobias Tebbi, 2016-11-30 10:07:45]

On 2016/11/29 19:16:58, Benedikt Meurer wrote:
> Tobias noticed this issue before (independently while looking into the OSR
> typer), and I think he had figured the proper indices, so adding him for
review.

Yes, this CL is a strict improvement compared to my partially wrong guesses.

[Benedikt Meurer, 2016-11-30 10:35:07]

I'd also vote for not running it.

[rmcilroy, 2016-11-30 11:38:13]

Description was changed from

==========
[Turbofan] Fix JSFrameSpecialization::ReduceOsrValue for interpreted frames.

BUG=669517
==========

to

==========
[Turbofan] Disable JSFrameSpecialization for interpreted frames.

JSFrameSpecialization depends on the layout of the frame and doesn't work
with interpreted frames. Disable it since it is only used for OSR from asmjs
code, which shouldn't go through the bytecode graph builder in many cases.

BUG=669517
==========

[rmcilroy, 2016-11-30 11:38:36]

On 2016/11/30 09:36:39, Michael Starzinger wrote:
> Thanks for the fix, I do think the fix is sound and would address the issue.
> However running JSFrameSpecialization together with the BytecodeGraphBuilder
has
> really meager test coverage and I am really scared about more hidden bugs. How
> would you feel about only running frame specialization when we are not
compiling
> from bytecode? This could be done in {PipelineCompilationJob::PrepareJobImpl}
> where we call {MarkAsFrameSpecializing}. Then we could just leave a [D]CHECK
in
> JSFrameSpecialization that makes sure we never apply it on an
InterpretedFrame.
> WDYT?

Sounds good, done. PTAL.

[Michael Starzinger, 2016-11-30 11:48:46]

LGTM. Thanks!

[Benedikt Meurer, 2016-11-30 12:02:29]

lgtm

[rmcilroy, 2016-11-30 12:04:49]

The CQ bit was checked by rmcilroy@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-30 12:04:55]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-30 12:29:25]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-30 12:29:26]

Dry run: This issue passed the CQ dry run.

[rmcilroy, 2016-11-30 14:01:38]

The CQ bit was checked by rmcilroy@chromium.org

[commit-bot: I haz the power, 2016-11-30 14:01:45]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-30 14:03:25]

CQ is committing da patch.

Bot data: {"patchset_id": 20001, "attempt_start_ts": 1480514498770660,
"parent_rev": "770abeb4dcd042eecc8b9471e20ee331141d0435", "commit_rev":
"f5621952e464a0efee1118dd78f6cd7886ac62ad"}

[commit-bot: I haz the power, 2016-11-30 14:03:31]

Description was changed from

==========
[Turbofan] Disable JSFrameSpecialization for interpreted frames.

JSFrameSpecialization depends on the layout of the frame and doesn't work
with interpreted frames. Disable it since it is only used for OSR from asmjs
code, which shouldn't go through the bytecode graph builder in many cases.

BUG=669517
==========

to

==========
[Turbofan] Disable JSFrameSpecialization for interpreted frames.

JSFrameSpecialization depends on the layout of the frame and doesn't work
with interpreted frames. Disable it since it is only used for OSR from asmjs
code, which shouldn't go through the bytecode graph builder in many cases.

BUG=669517
==========

[commit-bot: I haz the power, 2016-11-30 14:03:32]

Committed patchset #2 (id:20001)

[commit-bot: I haz the power, 2016-11-30 14:03:59]

Description was changed from

==========
[Turbofan] Disable JSFrameSpecialization for interpreted frames.

JSFrameSpecialization depends on the layout of the frame and doesn't work
with interpreted frames. Disable it since it is only used for OSR from asmjs
code, which shouldn't go through the bytecode graph builder in many cases.

BUG=669517
==========

to

==========
[Turbofan] Disable JSFrameSpecialization for interpreted frames.

JSFrameSpecialization depends on the layout of the frame and doesn't work
with interpreted frames. Disable it since it is only used for OSR from asmjs
code, which shouldn't go through the bytecode graph builder in many cases.

BUG=669517

Committed: https://crrev.com/6d90507a7ca6b3d77fc5dd5a355b382b1fed4286
Cr-Commit-Position: refs/heads/master@{#41387}
==========

[commit-bot: I haz the power, 2016-11-30 14:03:59]

Patchset 2 (id:??) landed as
https://crrev.com/6d90507a7ca6b3d77fc5dd5a355b382b1fed4286
Cr-Commit-Position: refs/heads/master@{#41387}