CrossLangFuzzer

June 24, 2026 ยท View on GitHub

CrossLangFuzzer is an innovative fuzzing tool designed specifically for testing JVM-based language compilers. It currently supports generating structurally valid cross-language programs in Kotlin, Java, Groovy, Scala 2, and Scala 3. Three mutators have been designed to diversify the generated programs.

Quick Run

This quick run section is now only for Kotlin Runner (Other runners for quick run are still in development, see #18 and #20). For more information, please refer to Build Project

First, install docker.

Pull and run image:

docker pull xyzboom123/clf:dev
docker run -it xyzboom123/clf:dev

In docker, run quick_run.sh

./quick_run.sh

Once a compiler bug is found, the quick run script will stop. The bug found by CrossLangFuzzer will be reported at CrossLangFuzzer/out/min.

Build Project

Requirements

  • Git (to clone project)
  • JDK 1.8 (to run kotlin runner)
  • JDK 11 (to build project)
  • JDK 17 (to run kotlin runner)

Other requirements will be installed automatically by gradle.

Note that we may need JDK 1.8 build 1.8.0_432-b06 to reproduce JDK-8352290). Due to the difficulty of installing old JDK builds on Linux, you can use the latest build version, but we cannot guarantee that this issue can be reproduced(Other issues can be guaranteed to be reproduced). Some JDK builds are also available at azul.

Build

First, clone CrossLangFuzzer

git clone https://github.com/XYZboom/CrossLangFuzzer.git

We currently have three Runners, which are used for testing the Kotlin, Scala, and Groovy compilers. In the Scala and Groovy Runners, the Java compiler being tested is provided by the JDK used to run the current Runner. In the Kotlin Runner, it will be the JDK8 and JDK17 installed on the current device. Detailed configuration methods will be explained in the corresponding sections for each Runner.

Download tree-generator which compiled from kotlin compiler into "libs/tree-generator-common.jar". See KT-81261 for more information.

Kotlin Runner

# in CrossLangFuzzer
./gradlew :runners:kotlin-runner:run --args="-s" -Dorg.gradle.java.home=/path/to/jdk_greater_11

Replace /path/to/jdk_over_11 to a JDK whose version greater than 11. Once a bug is detected, the output will be shown in CrossLangFuzzer/out/min

Run ./gradlew :runners:kotlin-runner:run --args="-s" -Dorg.gradle.java.home=/path/to/jdk_greater_11 for full command line usage.

Groovy Runner

# in CrossLangFuzzer
./gradlew :runners:groovy-runner:run --args="--gv 4.0.26,5.0.0-alpha-12" -Dorg.gradle.java.home=/path/to/jdk_greater_11

Replace /path/to/jdk_over_11 to a JDK whose version greater than 11. --gv means the groovy version you want to test. If two versions were given, the runner will run differential testing. Otherwise, the runner will run normal testing. Currently, we only support 4.0.24, 4.0.26, 5.0.0-alpha-11 and 5.0.0-alpha-12. You can add more new versions here Once a bug is detected, the output will be shown in CrossLangFuzzer/runners/groovy-runner/out

Scala Runner

./gradlew :runners:scala-runner:run

This will run the differential testing for Scala 2.13.15 and Scala 3.6.4-RC1-bin-20241231-1f0c576-NIGHTLY. See here for more Scala version information. Once a bug is detected, the output will be shown in CrossLangFuzzer/runners/scala-runner/out

Bugs Found by CrossLangFuzzer

32 compiler bugs are found by CrossLangFuzzer. The details are shown in this repo.

This table shows the bugs we have found.

ProjectBug ID
KotlinKT-74109
KotlinKT-74147
KotlinKT-74148
KotlinKT-74151
KotlinKT-74156
KotlinKT-74160
KotlinKT-74174
KotlinKT-74166
KotlinKT-74202
KotlinKT-74209
KotlinKT-74288
KotlinKT-78819
KotlinKT-79508
KotlinKT-80382
KotlinKT-80387
GroovyGROOVY-11548
GroovyGROOVY-11549
GroovyGROOVY-11550
GroovyGROOVY-11579
Scala3SCALA3-22307
Scala3SCALA3-22308
Scala3SCALA3-22309
Scala3SCALA3-22310
Scala3SCALA3-22311
Scala3SCALA3-22312
Scala3SCALA3-22717
Scala2SCALA2-13074
Scala2SCALA2-13075
JavaJDK-8347330
JavaJDK-8352290
JavaJDK-8361835
JavaJDK-8370716