You may notice, there’s no array in the A class below. This calls the B constructor, but indicates that the constructor should return an Array object. There’s another way to call a constructor in JS, something like nstruct(B,, Array). Which works, because the compiler checks to make sure that the constructors match before doing so. Calling new B() results in an attempt to use the constructor from A. Set up a pair of classes, such that B extends A. The trick is to use Maglev’s optimization against it. And of course, because we’re talking about it here, it’s a security vulnerability that results in Remote Code Execution (RCE). And with anything this complicated, there’s the occasional flaw found in the system. With a Just In Time (JIT) system, the time saving of code optimization steps has to be carefully weighed against the time costs, and Maglev is another tool in that endless hunt for speed. Recently, that optimization has one more piece, the Maglev compiler, which sits between Sparkplug and TurboFan, as a mid-tier optimization step. Google Chrome has done a lot of work on JavaScript performance, pushing the V8 engine to more and more impressive feats.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |