以下为引用内容:
This fuzzer constructs random strings with JavaScript statements andexpressions (sometimes with syntax errors), and asks the JavaScript engine to
treat them as functions.
If there isn’t a syntax error, one of the additional things it checks is
whether the function can survive a round-trip through the decompiler — that
is, whether uneval(f) is exactly the same string as uneval(eval(uneval(f)).
Note that it doesn’t check whether f and eval(uneval(f)) have the same meaning,
because that would be a lot harder. It does catch bugs where the decompiled
function makes no sense (which is always a bug) or is not canonical (which
usually, but not always, indicates a bug).