Skip to content

[SPARK-54571][CORE][SQL] Use LZ4 safeDecompressor #53454

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
pan3793 wants to merge 6 commits into
base: master
Choose a base branch
from
Open

[SPARK-54571][CORE][SQL] Use LZ4 safeDecompressor #53454

pan3793 wants to merge 6 commits into from
+16 −12

Conversation

@pan3793
Copy link
Member

@pan3793 pan3793 commented Dec 12, 2025
edited
Loading

What changes were proposed in this pull request?

Previously, lz4-java was upgraded to 1.10.1 to address CVEs,

while this casues significant performance drop, see the benchmark report at

this PR follows the suggestion to migrate to safeDecompressor.

This PR also upgrades DB2 JDBC driver to a special version 12.1.3.0_special_74723 provided by DB2 team that bundles lz4-java 1.10.1 which addresses NoSuchMethodError issue (it only affects test).

Why are the changes needed?

Mitigate performance regression.

Does this PR introduce any user-facing change?

No, except for performance.

How was this patch tested?

GHA for functionality, benchmark for performance.

TL;DR - my test results show lz4-java 1.10.1 is about 10~15% slower on lz4 compression than 1.8.0, and is about ~5% slower on lz4 decompression even with migrating to suggested safeDecompressor

Was this patch authored or co-authored using generative AI tooling?

No.

@github-actions github-actions bot added the CORE label Dec 12, 2025
This was referenced Dec 12, 2025
Closed
Draft
@pan3793 pan3793 changed the title WIP [SPARK-54571] Use safeDecompressor WIP [SPARK-54571] Use LZ4 safeDecompressor Dec 12, 2025
@pan3793
Copy link
Member Author

pan3793 commented Dec 14, 2025

the test failure is caused by com.ibm.db2:jcc includes unshaded old lz4 classes

@pan3793
Copy link
Member Author

pan3793 commented Dec 15, 2025
edited
Loading

cc @dbtsai @huaxingao, com.ibm.db2:jcc includes unshaded old lz4 classes, which causes sql/hive/docker-it modules test failure after this patch

java.lang.NoSuchMethodError: 'net.jpountz.lz4.LZ4BlockInputStream$Builder net.jpountz.lz4.LZ4BlockInputStream.newBuilder()'
 	at org.apache.spark.io.LZ4CompressionCodec.compressedInputStream(CompressionCodec.scala:156)
 	...

I checked all versions available in Maven Central, all of them have the same issue.
https://mvnrepository.com/artifact/com.ibm.db2/jcc

I don't find the public contact info of the IBM DB2 JDBC driver team, not sure what's the next step, temporarily purge the dependency and disable DB2 tests? Or any better ideas?

Update: contacted the DB2 JDBC driver's author, new release that bundles the latest lz4-java is working in progress

Update: DB2 team provides a special JDBC driver 12.1.3.0_special_74723 that bundles lz4-java 1.10.1 which addressed NoSuchMethodError issue.

@github-actions github-actions bot added the SQL label Dec 17, 2025
@pan3793 pan3793 changed the title WIP [SPARK-54571] Use LZ4 safeDecompressor [WIP][SPARK-54571] Use LZ4 safeDecompressor Jan 22, 2026
@github-actions github-actions bot added the BUILD label Jan 22, 2026
@github-actions
Copy link

github-actions bot commented Jan 22, 2026

JIRA Issue Information

=== Improvement SPARK-54571 ===
Summary: Use LZ4 safeDecompressor
Assignee: None
Status: Open
Affected: ["4.2.0"]

This comment was automatically generated by GitHub Actions

@pan3793 pan3793 changed the title [WIP][SPARK-54571] Use LZ4 safeDecompressor [SPARK-54571] Use LZ4 safeDecompressor Jan 22, 2026
@pan3793 pan3793 changed the title [SPARK-54571] Use LZ4 safeDecompressor [SPARK-54571][CORE][SQL] Use LZ4 safeDecompressor Jan 22, 2026
pan3793
pan3793 commented Jan 22, 2026
View reviewed changes
pom.xml
<postgresql.version>42.7.7</postgresql.version>
<db2.jcc.version>11.5.9.0</db2.jcc.version>
<!-- A special version that bundles lz4-java 1.10.1 -->
<db2.jcc.version>12.1.3.0_special_74723</db2.jcc.version>
Copy link
Member Author

@pan3793 pan3793 Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this dep is only used for testing

@pan3793 pan3793 marked this pull request as ready for review January 22, 2026 08:00
@pan3793
Copy link
Member Author

pan3793 commented Jan 22, 2026

cc @dbtsai @mridulm @dongjoon-hyun @LuciferYang

LuciferYang
LuciferYang reviewed Jan 22, 2026
View reviewed changes
pom.xml
<postgresql.version>42.7.7</postgresql.version>
<db2.jcc.version>11.5.9.0</db2.jcc.version>
<!-- A special version that bundles lz4-java 1.10.1 -->
<db2.jcc.version>12.1.3.0_special_74723</db2.jcc.version>
Copy link
Contributor

@LuciferYang LuciferYang Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we upgrade it first in a separate pr?

Copy link
Member Author

@pan3793 pan3793 Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay, let me upgrade it first

Copy link
Member Author

@pan3793 pan3793 Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@LuciferYang FYI, I opened SPARK-55136 (#53920) for it

@pan3793 pan3793 mentioned this pull request Jan 22, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LuciferYang LuciferYang LuciferYang left review comments

Assignees

No one assigned

Labels

BUILD CORE SQL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pan3793 @LuciferYang