https://firefox-source-docs.mozilla.org/js/HazardAnalysis/in... though I really ought to update that page.
It's for detecting a specific situation: you grab a pointer to a GC-managed object, call something that might possibly trigger a GC even if it probably won't, and then use the pointer. (The GC might collect that object, or it might move it somewhere else.)
Claude is pretty good at weaponizing these UAFs.
