While applying JIT-Picker to v8 engine, I see that when we use a built-in or native function fuzzilli_hash to calculate hash of a variable inside an optimized function, the engine will bailout of optimization due to code dependency
Is it intended behavior? Or do we need to implement a transparent probe function like your paper mentioned for SpiderMonkey engine?
The transparent probing is implemented for SpiderMonkey only. Hence having less aggressively optimized code in v8 is expected. This is not on purpose, but a limitation of the current implementation.
While applying JIT-Picker to v8 engine, I see that when we use a built-in or native function
fuzzilli_hash
to calculate hash of a variable inside an optimized function, the engine will bailout of optimization due tocode dependency
Is it intended behavior? Or do we need to implement a transparent probe function like your paper mentioned for SpiderMonkey engine?