| ▲ | The Mysterious Realm of JavaScriptCore (2021)(cyberark.com) | |||||||||||||
| 35 points by program 7 days ago | 6 comments | ||||||||||||||
| ▲ | epolanski 7 days ago | parent | next [-] | |||||||||||||
I've often thought about the possibility of implementing a language that can compile directly to optimized byte code (either for V8 or JSC), in order to get "hot code" that does not need runtime optimization, has anybody explored this idea? | ||||||||||||||
| ||||||||||||||
| ▲ | pizlonator 2 days ago | parent | prev | next [-] | |||||||||||||
A lot more details here: https://webkit.org/blog/10308/speculation-in-javascriptcore/ | ||||||||||||||
| ▲ | N_Lens 2 days ago | parent | prev | next [-] | |||||||||||||
Author used CodeQL to rediscover a CVE in JSC that was exploited by Pwn2Own in 2018. Very interesting. I guess now with increasing automation we'll see more CVE discovery through such tools. | ||||||||||||||
| ▲ | gsf_emergency_6 2 days ago | parent | prev [-] | |||||||||||||
Author's talk from around that time (Apr 2021) [Finding] JS bugs in JSC with CodeQL | ||||||||||||||