Skip to content

SbxBrk/V8

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

92,404 Commits
.github
.github
 
 
bazel
bazel
 
 
build_overrides
build_overrides
 
 
custom_deps
custom_deps
 
 
docs
docs
 
 
gni
gni
 
 
heap_sandbox_fuzzing_pass
heap_sandbox_fuzzing_pass
 
 
include
include
 
 
infra
infra
 
 
samples
samples
 
 
src
src
 
 
test
test
 
 
testing
testing
 
 
third_party
third_party
 
 
tools
tools
 
 
.bazelrc
.bazelrc
 
 
.clang-format
.clang-format
 
 
.clang-tidy
.clang-tidy
 
 
.editorconfig
.editorconfig
 
 
.flake8
.flake8
 
 
.gclient
.gclient
 
 
.git-blame-ignore-revs
.git-blame-ignore-revs
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.gn
.gn
 
 
.mailmap
.mailmap
 
 
.style.yapf
.style.yapf
 
 
.vpython3
.vpython3
 
 
.ycm_extra_conf.py
.ycm_extra_conf.py
 
 
AUTHORS
AUTHORS
 
 
BUILD.bazel
BUILD.bazel
 
 
BUILD.gn
BUILD.gn
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
COMMON_OWNERS
COMMON_OWNERS
 
 
DEPS
DEPS
 
 
DIR_METADATA
DIR_METADATA
 
 
ENG_REVIEW_OWNERS
ENG_REVIEW_OWNERS
 
 
INFRA_OWNERS
INFRA_OWNERS
 
 
INTL_OWNERS
INTL_OWNERS
 
 
LICENSE
LICENSE
 
 
LICENSE.fdlibm
LICENSE.fdlibm
 
 
LICENSE.strongtalk
LICENSE.strongtalk
 
 
LICENSE.v8
LICENSE.v8
 
 
LOONG_OWNERS
LOONG_OWNERS
 
 
MIPS_OWNERS
MIPS_OWNERS
 
 
OWNERS
OWNERS
 
 
PPC_OWNERS
PPC_OWNERS
 
 
PRESUBMIT.py
PRESUBMIT.py
 
 
README.md
README.md
 
 
RISCV_OWNERS
RISCV_OWNERS
 
 
S390_OWNERS
S390_OWNERS
 
 
WATCHLISTS
WATCHLISTS
 
 
WORKSPACE
WORKSPACE
 
 
build.sh
build.sh
 
 
codereview.settings
codereview.settings
 
 
pyrightconfig.json
pyrightconfig.json
 
 

Repository files navigation

V8 (SbxBrk)

This repository contains a fork of V8 used by SbxBrk for heap sandbox fuzzing. It includes a custom LLVM pass and build configuration for compiling V8 with fault-injection instrumentation.

Heap Sandbox Fuzzing Pass

The heap_sandbox_fuzzing_pass is a custom LLVM pass that instruments all memory loads whose target may reside inside the V8 heap sandbox. For each such load, the pass inserts a call to __fuzzer_before_heap_sandbox_load, which allows the fuzzer runtime to inject faults (via bitmasks) before the loaded data reaches trusted code.

Loads from local variables and globals are statically filtered out to reduce overhead. The pass is compiled as a shared object and loaded into the compilation pipeline via -fpass-plugin.

Building

V8 must be compiled inside the Docker environment provided by the main repository. AFL++ and the fuzzer runtime must be built first.

cd /work/v8-build
./build.sh

The build.sh script handles building the LLVM pass, pulling V8 dependencies, and compiling V8 with ASan, sandbox support, and the fuzzing instrumentation. The resulting d8 shell is placed at out/fuzzing-build/d8.

For full setup instructions, see the main repository.

About

No description, website, or topics provided.

Resources

Readme

License

Unknown and 3 other licenses found

Licenses found

Unknown
LICENSE
Unknown
LICENSE.fdlibm
BSD-3-Clause
LICENSE.strongtalk
BSD-3-Clause
LICENSE.v8

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages