这篇文章是基于已有的单元测试,以及POC exploits来找JS引擎中的bug(主要是JIT的bug)。它假设了一个前提,如果程序在一种input下出了bug,那么它会很有可能在相似的input下出现新的bug(文中特意拿黑客举例,黑客特别喜欢去找和已有的缺陷类似的缺陷)。
啥是POC exploit:
- A proof of concept (PoC) exploit is a non-harmful attack against a computer or network. PoC exploits are not meant to cause harm, but to show security weaknesses within software.
- 就是说它是一段程序,这段程序能暴露出软件的安全性漏洞。感觉类似于导致bug的test case。
啥是JIT:
- Wiki: Just-in-time (JIT) compilation (also dynamic translation or run-time compilations) is a way of executing computer code that involves compilation during execution of a program – at run time – rather than before execution.
- Stackoverflow: A JIT compiler runs after the program has started and compiles the code (usually bytecode or some kind of VM instructions) on the fly (or just-i