We present LeJit, a template-based framework for testing Java just-in-time (JIT) compilers. Like recent template-based frameworks, LeJit executes a template -- a program with holes to be filled -- to generate concrete programs given as inputs to Java JIT compilers. LeJit automatically generates template programs from existing Java code by converting expressions to holes, as well as generating necessary glue code (i.e., code that generates instances of non-primitive types) to make generated templates executable. We have successfully used LeJit to test a range of popular Java JIT compilers, revealing five bugs in HotSpot, nine bugs in OpenJ9, and one bug in GraalVM. All of these bugs have been confirmed by Oracle and IBM developers, and 11 of these bugs were previously unknown, including two CVEs (Common Vulnerabilities and Exposures). Our comparison with several existing approaches shows that LeJit is complementary to them and is a powerful technique for ensuring Java JIT compiler correctness.

翻译：我们提出了LeJit，一个基于模板的Java即时(JIT)编译器测试框架。与近期基于模板的框架类似，LeJit执行包含待填充占位符的模板程序，从而生成供Java JIT编译器处理的完整程序。LeJit通过将表达式转换为占位符，并自动生成必要的胶水代码(即生成非基本类型实例的代码)使生成的模板可执行，从而从现有Java代码自动生成模板程序。我们已成功运用LeJit测试多个主流Java JIT编译器，在HotSpot中发现5个缺陷，在OpenJ9中发现9个缺陷，在GraalVM中发现1个缺陷。所有缺陷均已获得Oracle与IBM开发人员的确认，其中11个为先前未知的缺陷，包含两个CVE(通用漏洞与暴露)。与现有多种方法的对比表明，LeJit与其形成互补关系，是保障Java JIT编译器正确性的强效技术手段。