Modeling Code Manipulation in JIT Compilers
HeuiChan Lim
Xiyu Kang
Saumya Debray
Department of Computer Science
University of Arizona
Tucson, AZ 85721, U.S.A.
Abstract
Just-in-Time (JIT) compilers are widely used to improve the
performance of interpreter-based language implementations
by creating optimized code at runtime. However, bugs in
the JIT compiler’s code manipulation and optimization can
result in the generation of incorrect code. Such bugs can be
difficult to diagnose and fix, and can result in exploitable
vulnerabilities. Unfortunately, existing approaches to
automatic bug localization do not carry over well to such bugs.
This paper discusses a different approach to analyzing JIT
compiler optimization behaviors, based on using dynamic
analysis to construct abstract models of the JIT compiler’s
optimizer and back end. By comparing the models obtained
for buggy and non-buggy executions of the JIT compiler, we
can pinpoint the components of the JIT compiler’s internal
representation that have been affected by the bug; this can
then be mapped back to identify the buggy code. Our
experiments with two real bugs for Google V8 JIT compiler,
TurboFan, show the utility and practicality of our approach.