We present LeJit, a template-based framework for testing Java just-in-time (JIT) compilers. Like recent template-based frameworks, LeJit executes a template -- a program with holes to be filled -- to generate concrete programs given as inputs to Java JIT compilers. LeJit automatically generates template programs from existing Java code by converting expressions to holes, as well as generating necessary glue code (i.e., code that generates instances of non-primitive types) to make generated templates executable. We have successfully used LeJit to test a range of popular Java JIT compilers, revealing five bugs in HotSpot, nine bugs in OpenJ9, and one bug in GraalVM. All of these bugs have been confirmed by Oracle and IBM developers, and 11 of these bugs were previously unknown, including two CVEs (Common Vulnerabilities and Exposures). Our comparison with several existing approaches shows that LeJit is complementary to them and is a powerful technique for ensuring Java JIT compiler correctness.

翻译：本文提出LeJit——一种基于模板的Java即时编译器测试框架。与近期基于模板的测试框架类似，LeJit通过执行模板程序（包含待填充空位的程序）来生成具体程序，并将其作为输入提供给Java即时编译器。LeJit能够自动从现有Java代码生成模板程序，其方法是将表达式转换为空位，并生成必要的粘合代码（即生成非基本类型实例的代码）以确保生成的模板可执行。我们已成功运用LeJit对多款主流Java即时编译器进行测试，在HotSpot中发现5个错误，在OpenJ9中发现9个错误，在GraalVM中发现1个错误。这些错误均已获得Oracle和IBM开发者的确认，其中11个为先前未知的错误，包含2个CVE（通用漏洞披露）。与现有多种测试方法的对比表明，LeJit与这些方法具有互补性，是确保Java即时编译器正确性的有效技术。