The Mysterious Realm of JavaScriptCore (2021)

A lot more details here: https://webkit.org/blog/10308/speculation-in-javascriptcore/

I've often thought about the possibility of implementing a language that can compile directly to optimized byte code (either for V8 or JSC), in order to get "hot code" that does not need runtime optimization, has anybody explored this idea?

Author used CodeQL to rediscover a CVE in JSC that was exploited by Pwn2Own in 2018. Very interesting. I guess now with increasing automation we'll see more CVE discovery through such tools.

Author's talk from around that time (Apr 2021)

https://youtu.be/7qyKZOjhg94

[Finding] JS bugs in JSC with CodeQL