Created
September 4, 2023 01:30
-
-
Save anvbis/c8a8c3ba56cc41c2f3c906edf91d71d4 to your computer and use it in GitHub Desktop.
v8_reading.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Fundamentals: | |
| ------------- | |
| https://jayconrod.com/posts/51/a-tour-of-v8--full-compiler | |
| https://jayconrod.com/posts/52/a-tour-of-v8--object-representation | |
| https://jayconrod.com/posts/54/a-tour-of-v8--crankshaft--the-optimizing-compiler | |
| https://jayconrod.com/posts/55/a-tour-of-v8--garbage-collection | |
| https://v8.dev/blog/fast-properties | |
| https://developpaper.com/how-does-v8-run-object-representation-in-v8/ | |
| https://medium.com/@stankoja/v8-bug-hunting-part-2-memory-representation-of-js-types-ea37571276b8 | |
| https://jayconrod.com/posts/44/polymorphic-inline-caches-explained | |
| https://mrale.ph/blog/2012/06/03/explaining-js-vms-in-js-inline-caches.html | |
| http://wingolog.org/archives/2011/06/20/on-stack-replacement-in-v8 | |
| https://v8.dev/blog/pointer-compression | |
| Ignition (Interpreter): | |
| ----------------------- | |
| https://v8.dev/blog/ignition-interpreter | |
| https://medium.com/dailyjs/understanding-v8s-bytecode-317d46c94775 | |
| https://v8.dev/blog/scanner | |
| https://v8.dev/blog/preparser | |
| (Ignition: Jump-starting an Interpreter for V8) https://docs.google.com/presentation/d/1HgDDXBYqCJNasBKBDf9szap1j4q4wnSHhOYpaNy5mHU/ | |
| (Ignition: An Interpreter for V8) https://docs.google.com/presentation/d/1OqjVqRhtwlKeKfvMdX6HaCIu9wpZsrzqpIVIwQSuiXQ/ | |
| (Ignition Design Document) https://docs.google.com/document/d/11T2CRex9hXxoJwbYqVQ32yIPMh0uouUZLdyrtmMoL44/ | |
| (Ignition: Register Equivalence Optimization) https://docs.google.com/document/d/1wW_VkkIwhAAgAxLYM0wvoTEkq8XykibDIikGpWH7l1I/ | |
| Turbofan (Compiler): | |
| -------------------- | |
| https://v8.dev/blog/turbofan-jit | |
| https://darksi.de/4.how-to-start-jitting/ | |
| https://darksi.de/5.allocating-numbers/ | |
| https://darksi.de/6.smis-and-doubles/ | |
| https://darksi.de/a.deoptimize-me-not/ | |
| https://darksi.de/d.sea-of-nodes/ | |
| (Benedikt Meurer: A Tale of TurboFan: Four years that changed V8 forever) https://www.youtube.com/watch?v=cvybnv79Sek | |
| https://benediktmeurer.de/2016/11/25/v8-behind-the-scenes-november-edition | |
| https://benediktmeurer.de/2017/03/01/v8-behind-the-scenes-february-edition | |
| https://benediktmeurer.de/2017/12/13/an-introduction-to-speculative-optimization-in-V8/ | |
| https://v8.dev/blog/lazy-unlinking | |
| (V8: Hooking up the Ignition to the Turbofan) https://docs.google.com/presentation/d/1chhN90uB8yPaIhx_h2M3lPyxPgdPmkADqSNAoXYQiVE/ | |
| (CodeStubAssembler: Redux) https://docs.google.com/presentation/d/1u6bsgRBqyVY3RddMfF1ZaJ1hWmqHZiVMuPRw_iKpHlY/ | |
| (An overview of the TurboFan compiler) https://docs.google.com/presentation/d/1H1lLsbclvzyOF3IUR05ZUaZcqDxo7_-8f4yJoxdMooU/ | |
| (Turbofan IR) https://docs.google.com/presentation/d/1Z9iIHojKDrXvZ27gRX51UxHD-bKf1QcPzSijntpMJBM/ | |
| (TurboFan JIT Design) https://docs.google.com/presentation/d/1sOEF4MlF7LeO7uq-uThJSulJlTh--wgLeaVibsbb3tc/ | |
| (Fast arithmetic for dynamic languages) https://docs.google.com/presentation/d/1wZVIqJMODGFYggueQySdiA3tUYuHNMcyp_PndgXsO1Y/ | |
| (Deoptimization in V8) https://docs.google.com/presentation/d/1Z6oCocRASCfTqGq1GCo1jbULDGS-w-nzxkbVF7Up0u0/ | |
| (TurboFan: A new code generation architecture for V8) https://docs.google.com/presentation/d/1_eLlVzcj94_G4r9j9d_Lj5HRKFnq6jgpuPJtnmIBs88/ | |
| (An Internship on Laziness: Lazy deoptimization without code patching) https://docs.google.com/document/d/1ELgd71B6iBaU6UmZ_lvwxf_OrYYnv0e4nuzZpK05-pg/ | |
| (Function context specialization) https://docs.google.com/document/d/1CJbBtqzKmQxM1Mo4xU0ENA7KXqb1YzI6HQU8qESZ9Ic/ | |
| (Rest Parameters and Arguments Exotic Objects optimization plan) https://docs.google.com/document/d/1DvDx3Xursn1ViV5k4rT4KB8HBfBb2GdUy3wzNfJWcKM/ | |
| (TurboFan Developer Tools Integration) https://docs.google.com/document/d/1zl0IA7dbPffvPPkaCmLVPttq4BYIfAe2Qy8sapkYgRE/ | |
| (TurboFan Inlining) https://docs.google.com/document/d/1l-oZOW3uU4kSAHccaMuUMl_RCwuQC526s0hcNVeAM1E/ | |
| (TurboFan Inlining Heuristics) https://docs.google.com/document/d/1VoYBhpDhJC4VlqMXCKvae-8IGuheBGxy32EOgC2LnT8/ | |
| (TurboFan Redundant Bounds and Overflow Check Elimination) https://docs.google.com/document/d/1R7-BIUnIKFzqki0jR4SfEZb3XmLafa04DLDrqhxgZ9U/ | |
| (V8 Turbofan Register Allocation Design) https://docs.google.com/document/d/1aeUugkWCF1biPB4tTZ2KT3mmRSDV785yWZhwzlJe5xY/ | |
| (Projection Nodes in TurboFan) https://docs.google.com/document/d/1C9P8T98P1T_r2ymuUFz2jFWLUL7gbb6FnAaRjabuOMY/ | |
| Garbage Collection: | |
| ------------------- | |
| https://v8.dev/blog/jank-busters | |
| https://v8.dev/blog/orinoco | |
| https://medium.com/@nikolay.veretelnik/garbage-collection-v8s-orinoco-452b70761f0c | |
| https://v8.dev/blog/trash-talk | |
| https://v8.dev/blog/high-performance-cpp-gc | |
| Exploitation: | |
| ------------- | |
| https://sensepost.com/blog/2020/intro-to-chromes-v8-from-an-exploit-development-angle/ | |
| https://doar-e.github.io/blog/2019/01/28/introduction-to-turbofan/ | |
| https://www.madstacks.dev/posts/V8-Exploitation-Series-Part-1/ | |
| https://www.madstacks.dev/posts/V8-Exploitation-Series-Part-2/ | |
| https://www.madstacks.dev/posts/V8-Exploitation-Series-Part-3/ | |
| https://www.madstacks.dev/posts/V8-Exploitation-Series-Part-4/ | |
| https://www.madstacks.dev/posts/V8-Exploitation-Series-Part-5/ | |
| https://www.madstacks.dev/posts/V8-Exploitation-Series-Part-6/ | |
| https://www.madstacks.dev/posts/V8-Exploitation-Series-Part-7/ | |
| https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/ | |
| https://github.com/vngkv123/aSiagaming/tree/master/Chrome-v8-tutorials | |
| https://blog.infosectcbr.com.au/2020/02/pointer-compression-in-v8.html | |
| https://abiondo.me/2019/01/02/exploiting-math-expm1-v8/ | |
| https://zon8.re/posts/exploiting-an-accidentally-discovered-v8-rce/ | |
| https://doar-e.github.io/blog/2020/11/17/modern-attacks-on-the-chrome-browser-optimizations-and-deoptimizations/ | |
| https://gts3.org/2019/turbofan-BCE-exploit.html | |
| https://tcode2k16.github.io/blog/posts/2020-03-15-confidence-ctf/#chromatic-aberration | |
| https://trenchant.io/permalink-to-modern-attacks-on-the-chrome-browser-optimizations-and-deoptimizations/ | |
| https://anvbis.au/posts/code-execution-in-chromiums-v8-heap-sandbox/ | |
| https://anvbis.au/posts/root-cause-analysis-of-cve-2021-21224/ | |
| https://anvbis.au/posts/exploring-historical-v8-heap-sandbox-escapes-i/ | |
| https://faraz.faith/2021-01-07-cve-2020-16040-analysis/ | |
| https://faraz.faith/2019-12-13-starctf-oob-v8-indepth/ | |
| https://mem2019.github.io/jekyll/update/2022/02/06/DiceCTF-Memory-Hole.html | |
| https://blog.kylebot.net/2022/02/06/DiceCTF-2022-memory-hole/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment