Detecting JVM JIT Compiler Bugs via Exploring Two-Dimensional Input Spaces
Java Virtual Machine (JVM) is the fundamental software system to support the interpretation and execution of Java bytecode, which has been widely used in practice. As the programs running on top of JVM become larger and more sophisticated, the efficiency and performance of JVM systems become significant concerns. Driven by such practical needs, Just-In-Time (JIT) compiler was proposed aiming to improve the performance of Java applications via performing complex optimizations during runtime. However, JVM JIT compilers inevitably contain various bugs, which are becoming more pervasive over the decades and can often cause significant consequences. Unfortunately, existing JVM testing approaches are ineffective in detecting such JIT compiler bugs. In this study, we present JOpFuzzer, a new JVM testing approach with a specific focus on JIT compiler bugs. The major novelty of JOpFuzzer embodies in three aspects. First, besides generating new seeds, JOpFuzzer also searches for diverse configurations along the new dimension of optimization options. Second, JOpFuzzer learns the correlations between various code features and different optimization options to guide the process of seed mutation and options exploration. Third, it leverages the profile data, which can reveal the information of program execution, to guide the fuzzing process. Such novelties enable JOpFuzzer to effectively and efficiently explore the two-dimensional input spaces. Extensive evaluation shows that JOpFuzzer outperforms the state-of-the-art approaches in terms of achieved code coverages. More importantly, it has detected 41 bugs in OpenJDK, and 25 of them have already been confirmed or fixed by the corresponding developers.