Well, as you said, that article is talking about a bug, so the answer to the question "why did that happen?" is "because there was a bug".
Elements kind transitions are regular map transitions (the article seems to be a bit confused about that), and do cause inline cache misses (and other map check failures) just like every other map transition. The bug (as far as I understand) had to do with compiler optimizations, not inline cache misses. On Tue, Sep 5, 2017 at 4:30 PM, cyril <hit.liushenr...@gmail.com> wrote: > I have read an article about V8's bug , the author wrote > >> What happens is this: First, a function is reduced in a way that makes it >> change the elements kind of a stable map. Next, a second function is >> reduced in a way that simply stores / loads a property in the same stable >> map. Now, an object of that map is created. The first function is called >> with that object as the argument, and the elements kind is changed. >> The second function is called, and the inline cache does not miss (since, >> remember, an elements kind transition is not a regular transition into a >> different map type that would cause the cache to miss). > > So How to understand this sentence?* (since, remember, an elements kind > transition is not a regular transition into a different map type that would > cause the cache to miss).* > > the link : https://blogs.securiteam.com/index.php/archives/3379 > > Jakob Kummerow wrote: >> >> What cache are you talking about? >> >> Different elements kinds do cause inline cache misses. >> >> On Tue, Sep 5, 2017 at 3:08 AM, cyril <hit.liu...@gmail.com> wrote: >> >>> Hi all, >>> >>> Why element kind transition can't cause the cache to miss? >>> >>> >>> -- >>> -- >>> v8-users mailing list >>> v8-u...@googlegroups.com >>> http://groups.google.com/group/v8-users >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "v8-users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to v8-users+u...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > -- > v8-users mailing list > v8-users@googlegroups.com > http://groups.google.com/group/v8-users > --- > You received this message because you are subscribed to the Google Groups > "v8-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to v8-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- -- v8-users mailing list v8-users@googlegroups.com http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
