How can i run a fuzz for v8 in local

[3em0]

When I use the following commands to test V8 fuzzing locally, the program exits immediately:

python infra/helper.py build_fuzzers --sanitizer coverage --engine none v8
python infra/helper.py run_fuzzer --sanitizer coverage --engine none v8 d8

and then this is the output

python infra/helper.py run_fuzzer v8 --sanitizer undefined --engine libfuzzer d8
INFO:__main__:Running: docker run --privileged --shm-size=2g --platform linux/amd64 --rm -i -e FUZZING_ENGINE=libfuzzer -e SANITIZER=undefined -e RUN_FUZZER_MODE=interactive -e HELPER=True -v /home/kali/Desktop/experiments/oss-fuzz/build/out/v8:/out -t gcr.io/oss-fuzz-base/base-runner:latest run_fuzzer d8.
vm.mmap_rnd_bits = 28
/out/d8 -- -rss_limit_mb=2560 -timeout=25 /tmp/d8_corpus < /dev/null
V8 version 14.5.0 (candidate)
d8> 

The program is end.

[AbhishekGiri04]

The issue occurs because V8's d8 is an interactive JavaScript shell, not a libFuzzer target. The project configuration uses fuzzing_engine: none and requires a different approach.

Root Cause:
Looking at projects/v8/project.yaml, V8 only supports engine: none with sanitizer: address. The d8 binary is built as a standalone executable, not a libFuzzer target.

Solution:

For V8 fuzzing with coverage/none engine:

# Build with correct configuration
python infra/helper.py build_fuzzers --sanitizer address --engine none v8

# Run d8 with JavaScript test files
mkdir -p /tmp/d8_corpus
echo "console.log('test');" > /tmp/d8_corpus/test1.js
echo "function f() { return 42; } f();" > /tmp/d8_corpus/test2.js

# Execute d8 with test files
docker run --rm -v $(pwd)/build/out/v8:/out \
  gcr.io/oss-fuzz-base/base-runner:latest \
  /out/d8 /tmp/d8_corpus/test1.js