TY - GEN
T1 - Automatically Localizing Dynamic Code Generation Bugs in JIT Compiler Back-End
AU - Lim, Heui Chan
AU - Debray, Saumya
N1 - Funding Information: This research was supported in part by the National Science Foundation under grant no. 1908313. Publisher Copyright: © 2023 Owner/Author.
PY - 2023/2/17
Y1 - 2023/2/17
N2 - Just-in-Time (JIT) compilers are ubiquitous in modern computing systems and are used in a wide variety of software. Dynamic code generation bugs, where the JIT compiler silently emits incorrect code, can result in exploitable vulnerabilities. They, therefore, pose serious security concerns and make quick mitigation essential. However, due to the size and complexity of JIT compilers, quickly locating and fixing bugs is often challenging. In addition, the unique characteristics of JIT compilers make existing bug localization approaches inapplicable. Therefore, this paper proposes a new approach to automatic bug localization, explicitly targeting the JIT compiler back-end. The approach is based on explicitly modeling architecture-independent back-end representation and architecture-specific code-generation. Experiments using a prototype implementation on a widely used JIT compiler (Turbofan) indicate that it can successfully localize dynamic code generation bugs in the back-end with high accuracy.
AB - Just-in-Time (JIT) compilers are ubiquitous in modern computing systems and are used in a wide variety of software. Dynamic code generation bugs, where the JIT compiler silently emits incorrect code, can result in exploitable vulnerabilities. They, therefore, pose serious security concerns and make quick mitigation essential. However, due to the size and complexity of JIT compilers, quickly locating and fixing bugs is often challenging. In addition, the unique characteristics of JIT compilers make existing bug localization approaches inapplicable. Therefore, this paper proposes a new approach to automatic bug localization, explicitly targeting the JIT compiler back-end. The approach is based on explicitly modeling architecture-independent back-end representation and architecture-specific code-generation. Experiments using a prototype implementation on a widely used JIT compiler (Turbofan) indicate that it can successfully localize dynamic code generation bugs in the back-end with high accuracy.
KW - Automatic Bug Localization
KW - Back-End
KW - Dynamic Code Generation
KW - Dynamic Program Analysis
KW - JIT Compiler
UR - http://www.scopus.com/inward/record.url?scp=85149176589&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85149176589&partnerID=8YFLogxK
U2 - https://doi.org/10.1145/3578360.3580260
DO - https://doi.org/10.1145/3578360.3580260
M3 - Conference contribution
T3 - CC 2023 - Proceedings of the 32nd ACM SIGPLAN International Conference on Compiler Construction
SP - 145
EP - 155
BT - CC 2023 - Proceedings of the 32nd ACM SIGPLAN International Conference on Compiler Construction
A2 - Verbrugge, Clark
A2 - Lhotak, Ondrej
A2 - Shen, Xipeng
PB - Association for Computing Machinery, Inc
T2 - 32nd ACM SIGPLAN International Conference on Compiler Construction, CC 2023
Y2 - 25 February 2023 through 26 February 2023
ER -