For example if arrays were implemented like this (they're not) struct js_array {... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

		PhilipRoman 5 days ago \| parent \| context \| favorite \| on: War story: the hardest bug I ever debugged For example if arrays were implemented like this (they're not) `struct js_array { uint64_t length; js_value *values[]; }` Because after bound checks have been taken care of, loading an element of a JS array probably compiles to a simple assembly-level load like mov. If you bypass the bounds checks, that mov can read or write any mapped address.

saghm 4 days ago [–]

Yeah, I understand all of that. I think my surprise was that you can access arbitrary parts of this struct from within JavaScript at all; I guess I really just haven't delved deeply enough into what JIT compiling actually is doing at runtime, because I wouldn't have expected that to be possible.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact