A DESCRIPTION OF THE PROBLEM :
Hi OpenJDK developers,
I recently reviewed your new Template-Based Testing Framework for JIT compiler (https://bugs.openjdk.org/browse/JDK-8344942) and noticed it closely aligns with the core ideas and methodology of JAttack, our prior work on template-based testing for Java JIT compilers. JAttack was published in 2022 and has led to several impactful bug reports. You can find more about it here:
Paper: https://dl.acm.org/doi/10.1145/3551349.3556958
Open source code: https://github.com/EngineeringSoftware/jattack
Bug reports (including 4 CVEs for OpenJDK JIT):
https://bugs.openjdk.java.net/browse/JDK-8239244
https://bugs.openjdk.java.net/browse/JDK-8258981
https://bugs.openjdk.java.net/browse/JDK-8271130
https://bugs.openjdk.java.net/browse/JDK-8271276
https://bugs.openjdk.java.net/browse/JDK-8271459
https://bugs.openjdk.java.net/browse/JDK-8271926
https://bugs.openjdk.java.net/browse/JDK-8297730
https://bugs.openjdk.java.net/browse/JDK-8301663
https://bugs.openjdk.java.net/browse/JDK-8303946
https://bugs.openjdk.java.net/browse/JDK-8304336
https://bugs.openjdk.java.net/browse/JDK-8305946
https://bugs.openjdk.java.net/browse/JDK-8325216
https://github.com/eclipse-openj9/openj9/issues/17066
https://github.com/eclipse-openj9/openj9/issues/17129
https://github.com/eclipse-openj9/openj9/issues/17139
https://github.com/eclipse-openj9/openj9/issues/17171
https://github.com/eclipse-openj9/openj9/issues/17212
https://github.com/eclipse-openj9/openj9/issues/17249
https://github.com/eclipse-openj9/openj9/issues/17250
https://github.com/eclipse-openj9/openj9/issues/18802
https://github.com/eclipse-openj9/openj9/issues/18803
https://github.com/oracle/graal/issues/6403
CVEs:
CVE-2020-14792 https://www.oracle.com/security-alerts/cpuoct2020.html
CVE-2022-21305 https://www.oracle.com/security-alerts/cpujan2022.html
CVE-2023-22044, CVE-2023-22045 https://www.oracle.com/security-alerts/cpujul2023.html
Given the similarity, we believe JAttack has influenced this direction and would appreciate it if you could acknowledge our work and link to it in your documentation.
I also attached a pull request https://github.com/openjdk/jdk/pull/26492
Hi OpenJDK developers,
I recently reviewed your new Template-Based Testing Framework for JIT compiler (https://bugs.openjdk.org/browse/JDK-8344942) and noticed it closely aligns with the core ideas and methodology of JAttack, our prior work on template-based testing for Java JIT compilers. JAttack was published in 2022 and has led to several impactful bug reports. You can find more about it here:
Paper: https://dl.acm.org/doi/10.1145/3551349.3556958
Open source code: https://github.com/EngineeringSoftware/jattack
Bug reports (including 4 CVEs for OpenJDK JIT):
https://bugs.openjdk.java.net/browse/JDK-8239244
https://bugs.openjdk.java.net/browse/JDK-8258981
https://bugs.openjdk.java.net/browse/JDK-8271130
https://bugs.openjdk.java.net/browse/JDK-8271276
https://bugs.openjdk.java.net/browse/JDK-8271459
https://bugs.openjdk.java.net/browse/JDK-8271926
https://bugs.openjdk.java.net/browse/JDK-8297730
https://bugs.openjdk.java.net/browse/JDK-8301663
https://bugs.openjdk.java.net/browse/JDK-8303946
https://bugs.openjdk.java.net/browse/JDK-8304336
https://bugs.openjdk.java.net/browse/JDK-8305946
https://bugs.openjdk.java.net/browse/JDK-8325216
https://github.com/eclipse-openj9/openj9/issues/17066
https://github.com/eclipse-openj9/openj9/issues/17129
https://github.com/eclipse-openj9/openj9/issues/17139
https://github.com/eclipse-openj9/openj9/issues/17171
https://github.com/eclipse-openj9/openj9/issues/17212
https://github.com/eclipse-openj9/openj9/issues/17249
https://github.com/eclipse-openj9/openj9/issues/17250
https://github.com/eclipse-openj9/openj9/issues/18802
https://github.com/eclipse-openj9/openj9/issues/18803
https://github.com/oracle/graal/issues/6403
CVEs:
CVE-2020-14792 https://www.oracle.com/security-alerts/cpuoct2020.html
CVE-2022-21305 https://www.oracle.com/security-alerts/cpujan2022.html
CVE-2023-22044, CVE-2023-22045 https://www.oracle.com/security-alerts/cpujul2023.html
Given the similarity, we believe JAttack has influenced this direction and would appreciate it if you could acknowledge our work and link to it in your documentation.
I also attached a pull request https://github.com/openjdk/jdk/pull/26492
- duplicates
-
JDK-8364206 Include acknowledgement to JAttack in README.md
-
- Closed
-