Bug localization techniques for Just-in-Time (JIT) compilers are based on analyzing the execution behaviors of the target JIT compiler on a set of test programs generated for this purpose; characteristics of these test inputs can significantly impact the accuracy of bug localization. However, current approaches for automatic test program generation do not work well for bug localization in JIT compilers. This paper proposes a novel technique for automatic test program generation for JIT compiler bug localization that is based on two key insights: (1) the generated test programs should contain both passing inputs (which do not trigger the bug) and failing inputs (which trigger the bug); and (2) the passing inputs should be as similar as possible to the initial seed input, while the failing programs should be as different as possible from it. We use a structural analysis of the seed program to determine which parts of the code should be mutated for each of the passing and failing cases. Experiments using a prototype implementation indicate that test inputs generated using our approach result in significantly improved bug localization results than existing approaches.

翻译：即时（JIT）编译器的错误定位技术基于分析目标JIT编译器在一组为此生成的测试程序上的执行行为；这些测试输入的特性对错误定位的准确性有显著影响。然而，当前自动生成测试程序的方法并不适用于JIT编译器的错误定位。本文提出了一种针对JIT编译器错误定位的自动测试程序生成新技术，该技术基于两个关键见解：（1）生成的测试程序应同时包含通过输入（即不触发错误的输入）和失败输入（即触发错误的输入）；（2）通过输入应尽可能接近初始种子输入，而失败输入则应尽可能与之不同。我们利用种子程序的结构分析，确定对通过和失败两种情况应修改代码的哪些部分。使用原型实现的实验表明，与现有方法相比，采用我们的方法生成的测试输入能够显著改善错误定位结果。