I built v8 to run fuzzing in AFL.
First, install depot_tools
using the link below.
And then download the v8
source code.
https://v8.dev/docs/source-code
Next, create an afl
directory in the v8/third_party
directory and download the contents of the following link.
https://chromium.googlesource.com/chromium/src/+/refs/heads/master/third_party/afl/
Next, go to the v8
directory and execute the following command.
gn gen out/libfuzzer '--args=use_afl=true is_asan=true optimize_for_fuzzing = true ' --check
ninja -C out/libfuzzer d8
afl-fuzz -D -i third_party/afl/src/testcases/others/js/ -o fuzzout -M fuzz1 ./out/libfuzzer/d8
This was a afl-g++
based fuzzing method.
You can probably use clang
for faster fuzzing.
You can also use fuzzilli
or Dharma
for fuzzing.
Regards