This is a supplementary repository for paper submission Detecting JVM JIT Compiler Bugs via Exploring Two-Dimensional Input Spaces.
Since unconfirmed bugs cannot be shown in Java Bug System(JBS), we only show the bugs that are confirmed by developers. Also, since the information of the reporter cannot be found in JBS, there are several screenshots of the confirmation email sent by Oracle under the directory Confirmed.
We provide the raw data and the results in our whole study. Raw data contains two parts: bug reports and bug triggering test cases. We store the bug reports in Google Drive (JDK_data), and bug triggering test cases in directory Bug_triggering_test_cases.
We use the tool in the directory Scripts to extract the result in the empirical study. Users should download the JDK_data and Compiler_data and run the process.py with a proper option.
Users can pull the docker image from the docker hub. All the necessary evaluation environments have been set up.
# docker pull hustcamel/jopfuzzer:latest
# docker import JOpFuzzer-docker.tar # This process may take a few minutes depending on the machine performance. When the process finishes, the image ID will show on the screen.
# docker run -it [image ID] /bin/bash
# cd root/JOpFuzzer-demo
Users can execute JOpFuzzer.jar directly with four arguments:
-jdkPath the jdk under test (e.g., /Library/Java/JavaVirtualMachines/jdk-11.jdk/Contents/Home)
-seedPath the seed for learning correlation (e.g., ./compiler, the regression test for compiler)
-testNumber the number of tests generated by JavaFuzzer (e.g., 1000)
-mutationRound the number of mutation round (e.g., 1000)
We write the two scripts (run-jdk11.sh, run-jdk17.sh) to aid users in reproducing the evaluation in the paper. Users can run these scripts directly. Be noted that the two following commands cannot be executed simultaneously. Users must wait until the execution of one instruction has finished before executing another.
# bash run-jdk11.sh
# bash run-jdk17.sh
Step 1: Enviroment Setup
JOpFuzzer needs the debug build of JVM, so users should download the source code of JVM and set the debug flag. Here we take the OpenJDK11 as an example.
# git clone https://github.com/openjdk/jdk11u.git
# cd jdk11u
# bash configure --enable-debug
# make images
If users want to collect the JVM coverage information, users have to set the coverage flag.
# git clone https://github.com/openjdk/jdk11u.git
# cd jdk11u
# bash configure --enable-debug --enable-native-coverage --disable-warnings-as-errors
# make images
Users can use Gcov and Lcov to collect the JVM coverage information.
# cd jdk11u
# lcov -c -i -d ./ -o init.info
... # execute JOpFuzzer
# lcov -c -d ./ -o cover.info
# lcov -a init.info -a cover.info -o total.info
# lcov -e total.info /absolute/path/to/target/jdk/src/hotspot/* -o hotspot.info
# lcov -l hotspot.info
Step 2: Run the Tool
JOpFuzzer is developed as a maven project, so to configure and run JOpFuzzer, you can import it directly into your IntelliJ IDEA workspace as a maven project. Execute MainEntry under src/main where the arguments are set as shown below:
-jdkPath the jdk under test (e.g., /Library/Java/JavaVirtualMachines/jdk-11.jdk/Contents/Home)
-seedPath the seed for learning correlation (e.g., ./compiler, the regression test for compiler)
-testNumber the number of tests generated by JavaFuzzer (e.g., 1000)
-mutationRound the number of mutation round (e.g., 1000)
Note that we use spoon for java source code structure analysis, but there is a dependency conflict with the relevant code in tbar, and the package name where the conflict occurs is the same. So pre-generate the adapted tbar as JavaMutator.jar to avoid conflicts.
AlwaysIncrementalInline
ArrayCopyLoadStoreMaxElem
ArrayOperationPartialInlineSize
C1InlineStackLimit
C1MaxInlineLevel
C1MaxInlineSize
C1MaxRecursiveInlineLevel
C1MaxTrivialSize
C1ProfileInlinedCalls
ClipInlining
DebugInlinedCalls
FreqInlineSize
IncrementalInline
IncrementalInlineForceCleanup
IncrementalInlineMH
IncrementalInlineVirtual
Inline
InlineAccessors
InlineArrayCopy
InlineClassNatives
InlineIntrinsics
InlineMathNatives
InlineMethodsWithExceptionHandlers
InlineNatives
InlineNIOCheckIndex
InlineObjectCopy
InlineObjectHash
InlineReflectionGetCallerClass
InlineSmallCode
InlineSynchronizedMethods
InlineThreadNatives
InlineUnsafeOps
InlineWarmCalls
LiveNodeCountInliningCutoff
MultiArrayExpandLimit
NestedInliningSizeRatio
NodeCountInliningCutoff
NodeCountInliningStep
EliminateAutoBox
AggressiveUnboxing
AutoBoxCacheMax
EliminateLocks
EliminateNestedLocks
EliminateAllocationArraySizeLimit
EliminateAllocationFieldsLimit
EliminateAllocations
DoEscapeAnalysis
OptimizeFill
EliminateBlocks
CanonicalizeNodes
DoCEE
EliminateNullChecks
UseGlobalValueNumbering
UseLocalValueNumbering
PrintOptimizeStringConcat
AlignVector
BlockLayoutRotateLoops
LoopMaxUnroll
LoopOptsCount
LoopPercentProfileLimit
LoopStripMiningIter
LoopStripMiningIterShortLoop
LoopUnrollLimit
LoopUnrollMin
MaxLoopPad
NumberOfLoopInstrToAlign
UseLoopPredicate
LoopUnswitching
PartialPeelLoop
PartialPeelNewPhiDelta
UseSuperWord
SuperWordLoopUnrollAnalysis
RangeCheckElimination
OptoPeephole
DominatorSearchLimit
OptimizePtrCompare
OptimizeUnsafes
TieredCompilation
SplitIfBlocks