The Mysterious Realm of JavaScriptCore (2021)
cyberark.comI've often thought about the possibility of implementing a language that can compile directly to optimized byte code (either for V8 or JSC), in order to get "hot code" that does not need runtime optimization, has anybody explored this idea?
That's WebAssembly / asm.js. Well, that's the target, you could still design a language for it.
That won't work for JS because you need runtime profiling to be able to do any meaningful optimizations
A lot more details here: https://webkit.org/blog/10308/speculation-in-javascriptcore/
Author used CodeQL to rediscover a CVE in JSC that was exploited by Pwn2Own in 2018. Very interesting. I guess now with increasing automation we'll see more CVE discovery through such tools.
Author's talk from around that time (Apr 2021)
[Finding] JS bugs in JSC with CodeQL