Core Concepts
LeJit is a template-based framework for testing Java JIT compilers, revealing bugs in popular compilers and ensuring correctness.
Abstract
LeJit introduces a novel approach to testing Java JIT compilers by automatically generating template programs from existing code. It successfully uncovered multiple bugs in HotSpot, OpenJ9, and GraalVM, including previously unknown vulnerabilities. By leveraging templates extracted from open-source projects, LeJit demonstrates its effectiveness in detecting compiler bugs. The framework enhances JAttack's capabilities and provides valuable insights into the impact of various Java language features on bug detection. Through differential testing with different JVM implementations, LeJit proves to be complementary to existing techniques for ensuring compiler correctness.
Stats
LeJit revealed five bugs in HotSpot, nine bugs in OpenJ9, and one bug in GraalVM.
11 out of the 15 bugs discovered were previously unknown, including two CVEs.
LeJit increased code coverage of C1 compiler by 8.0% and C2 compiler by 8.2% compared to JITfuzz.