NHacker Next
  • new
  • past
  • show
  • ask
  • show
  • jobs
  • submit
The Mysterious Realm of JavaScriptCore (2021) (cyberark.com)
35 points by program 8 days ago | 6 comments
epolanski 8 days ago [-]
I've often thought about the possibility of implementing a language that can compile directly to optimized byte code (either for V8 or JSC), in order to get "hot code" that does not need runtime optimization, has anybody explored this idea?
astrange 2 days ago [-]
That's WebAssembly / asm.js. Well, that's the target, you could still design a language for it.
pizlonator 3 days ago [-]
That won't work for JS because you need runtime profiling to be able to do any meaningful optimizations
pizlonator 3 days ago [-]
A lot more details here: https://webkit.org/blog/10308/speculation-in-javascriptcore/
N_Lens 3 days ago [-]
Author used CodeQL to rediscover a CVE in JSC that was exploited by Pwn2Own in 2018. Very interesting. I guess now with increasing automation we'll see more CVE discovery through such tools.
gsf_emergency_6 3 days ago [-]
Author's talk from around that time (Apr 2021)

https://youtu.be/7qyKZOjhg94

[Finding] JS bugs in JSC with CodeQL

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact
Rendered at 12:59:14 GMT+0000 (Coordinated Universal Time) with Vercel.