We present LeJit, a template-based framework for testing Java just-in-time (JIT) compilers. Like recent template-based frameworks, LeJit executes a template -- a program with holes to be filled -- to generate concrete programs given as inputs to Java JIT compilers. LeJit automatically generates template programs from existing Java code by converting expressions to holes, as well as generating necessary glue code (i.e., code that generates instances of non-primitive types) to make generated templates executable. We have successfully used LeJit to test a range of popular Java JIT compilers, revealing five bugs in HotSpot, nine bugs in OpenJ9, and one bug in GraalVM. All of these bugs have been confirmed by Oracle and IBM developers, and 11 of these bugs were previously unknown, including two CVEs (Common Vulnerabilities and Exposures). Our comparison with several existing approaches shows that LeJit is complementary to them and is a powerful technique for ensuring Java JIT compiler correctness.

翻译：我们提出LeJit，一个基于模板的Java即时（JIT）编译器测试框架。与近年来基于模板的框架类似，LeJit通过执行包含待填充占位符的模板程序，生成具体程序作为Java JIT编译器的输入。LeJit能够从现有Java代码中自动生成模板程序：通过将表达式转换为占位符，并生成必要的粘合代码（即生成非原始类型实例的代码）以确保所生成模板的可执行性。我们已成功运用LeJit测试了多个主流Java JIT编译器，在HotSpot中发现5个缺陷、OpenJ9中发现9个缺陷、GraalVM中发现1个缺陷。所有这些缺陷均已获得Oracle和IBM开发人员的确认，其中15个为先前未知的缺陷，包括两个通用漏洞披露（CVE）。与现有多种方法的对比表明，LeJit与之互补，是确保Java JIT编译器正确性的有力技术。