| 题名 | JITfuzz: Coverage-guided Fuzzing for JVM Just-in-Time Compilers |
| 作者 | |
| 通讯作者 | Yuqun Zhang |
| DOI | |
| 发表日期 | 2023
|
| 会议名称 | 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)
|
| ISSN | 0270-5257
|
| ISBN | 978-1-6654-5702-6
|
| 会议录名称 | |
| 页码 | 56-68
|
| 会议日期 | 14-20 May 2023
|
| 会议地点 | Melbourne, Australia
|
| 摘要 | As a widely-used platform to support various Java-bytecode-based applications, Java Virtual Machine (JVM) incurs severe performance loss caused by its real-time program interpretation mechanism. To tackle this issue, the Just-in- Time compiler (JIT) has been widely adopted to strengthen the efficacy of JVM. Therefore, how to effectively and efficiently detect JIT bugs becomes critical to ensure the correctness of JVM. In this paper, we propose a coverage-guided fuzzing framework, namely JITfuzz, to automatically detect JIT bugs. In particular, JITfuzz adopts a set of optimization-activating mutators to trigger the usage of typical JIT optimizations, e.g., function inlining and simplification. Meanwhile, given JIT optimizations are closely coupled with program control flows, JITfuzz also adopts mutators to enrich the control flows of target programs. Moreover, JITfuzz also proposes a mutator scheduler which iteratively schedules mutators according to the coverage updates to maximize the code coverage of JIT. To evaluate the effectiveness of JITfuzz, we conduct a set of experiments based on a benchmark suite with 16 popular JVM-based projects from GitHub. The experimental results suggest that JITfuzz outperforms the state-of-the-art mutation-based and generation-based JVM fuzzers by 27.9 % and 18.6 % respectively in terms of edge coverage on average. Furthermore, JITfuzz also successfully detects 36 previously unknown bugs (including 23 JIT bugs) and 27 bugs (including 18 JIT bugs) have been confirmed by the developers. |
| 关键词 | |
| 学校署名 | 第一
; 通讯
|
| 相关链接 | [IEEE记录] |
| 收录类别 | |
| WOS记录号 | WOS:001032629800008
|
| EI入藏号 | 20233914775107
|
| EI主题词 | Application programs
; Java programming language
; Program compilers
|
| EI分类号 | Computer Software, Data Handling and Applications:723
; Computer Programming Languages:723.1.1
|
| 来源库 | IEEE
|
| 全文链接 | https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10172743 |
| 引用统计 |
被引频次[WOS]:12
|
| 成果类型 | 会议论文 |
| 条目标识符 | http://sustech.caswiz.com/handle/2SGJ60CL/553203 |
| 专题 | 南方科技大学 |
| 作者单位 | 1.Southern University of Science and Technology, Shenzhen, China 2.The University of Hong Kong, Hong Kong, China 3.Tianjin University, Tianjin, China 4.University of Illinois Urbana-Champaign, Champaign, USA |
| 第一作者单位 | 南方科技大学 |
| 通讯作者单位 | 南方科技大学 |
| 第一作者的第一单位 | 南方科技大学 |
| 推荐引用方式 GB/T 7714 |
Mingyuan Wu,Minghai Lu,Heming Cui,et al. JITfuzz: Coverage-guided Fuzzing for JVM Just-in-Time Compilers[C],2023:56-68.
|
| 条目包含的文件 | 条目无相关文件。 | |||||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
;
修改评论