Extensibility to JavaScript engines

Not so much an issue but an inquiry.

Can QBDI perform creation of 100s of test points within a browser’s JavaScript engine (the part about processing AST of WASM/JavaScript-source-JITed such that it would pass these TP events to other AST analyzers?

I'm not sure to understand your use-case.

QBDI allows to instrument binary at an instruction level. The current supported architectures are x86 and x86-64. QBDI can provide you a trace of the execution and a list of memory access.