As you point out, scanning V8's C++ code can only provide a very limited, partial picture of V8's runtime behavior: a lot of the "interesting" stuff happens in bytecode, stubs, and jit-compiled code, or in the interaction of those with the C++ world. As a consequence, we rely on testing and fuzzing more than on static analysis. (There's an ongoing effort to get V8 UBSan-clean.)
That said, if you decide to run any static analyzers and find anything interesting, we'd be very interested in hearing about it. If you find any security issues, then responsible disclosures of those (usually) qualify for bug bounties (read more at https://www.google.com/about/appsecurity/chrome-rewards/index.html). On Mon, Dec 3, 2018 at 7:27 AM Patrick Spiegel <[email protected]> wrote: > I am just curious which code checking tools are used for V8, especially > for security code scans? I have seen various code linters but is there any > security code scanner in place? I am aware that scanning the CSA that > generates builtins is probably a special case here. > > Thanks & best, > Patrick > > -- > -- > v8-dev mailing list > [email protected] > http://groups.google.com/group/v8-dev > --- > You received this message because you are subscribed to the Google Groups > "v8-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
