Translation Validation for JIT Compiler in the V8 JavaScript Engine

We present TURBOTV, a translation validator for the JavaScript (JS) just-in-time (JIT) compiler of V8. WhileJS engines have become a crucial part of various software systems, their emerging adaption of JIT compilation makes it increasingly challenging to ensure their correctness. We tackle this prob...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Proceedings / International Conference on Software Engineering s. 2195 - 2206
Hlavní autoři: Kwon, Seungwan, Kwon, Jaeseong, Kang, Wooseok, Lee, Juneyoung, Heo, Kihong
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: ACM 14.04.2024
Témata:
Encoding
Engines
Fuzzing
Javascript Engine
JIT Compiler
Optimization
Semantics
Software systems
Translation Validation
ISSN:1558-1225
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:We present TURBOTV, a translation validator for the JavaScript (JS) just-in-time (JIT) compiler of V8. WhileJS engines have become a crucial part of various software systems, their emerging adaption of JIT compilation makes it increasingly challenging to ensure their correctness. We tackle this problem with an SMT-based translation validation (TV) that checks whether a specific compilation is semantically correct. We formally define the semantics of IR of Turbofan (jit compiler of V8) as SMT encoding. For efficient validation, we design a staged strategy for JS JIT compilers. This allows us to decompose the whole correctness checking into simpler ones. Furthermore, we utilize fuzzing to achieve practical TV. We generate a large number of JS functions using a fuzzer to trigger various optimization passes of Turbofan and validate their compilation using TURBOTV. Lastly, we demonstrate that TURBOTV can also be used for cross-language TV. We show that TURBOTV can validate the translation chain from LLVM IR to Turbofan Ir, collaborating with an off-the-shelf TV tool for LLVM. We evaluated Turbotv on various sets of JS and LLVM programs. Turbotv effectively validated a large number of compilations of Turbofan with a low false positive rate and discovered a new miscompilation in LLVM.
ISSN:1558-1225
DOI:10.1145/3597503.3639189