[CALCITE-7436] Test: Add high-coverage Jazzer fuzzing for Avatica core modules

[vishalcoc44]

Added Jazzer fuzzing to hit the actually important parts that had 0% OSS-Fuzz coverage:

JsonService + Jackson (nested/garbage JSON in & out)
ProtobufTranslationImpl (corrupted/truncated protobuf → POJO)
TypedValue factory (nasty type codes, overflows, nulls, scales)
AvaticaSite.get(...) (15+ JDBC/SQL types: DECIMAL precisions, timestamps, etc.)

Changes:

Added com.code_intelligence:jazzer-api to testImplementation (core/build.gradle.kts)
New fuzzers in core/src/test/java/org/apache/calcite/avatica/fuzz/

Results so far:

Coverage in RPC + type layers went from ~0% → thousands of lines
Catches bad payloads that could previously OOM, CPU spike, or throw ugly exceptions

[mihaibudiu]

Is there a JIRA issue for this feature?
The recommended workflow is to have any non-trivial change be first filed as an issue, with a description of the design for the review of the community. It's not too late, maybe you can explain how the fuzzer works and how it's supposed to be used (e.g., does it run in CI as a test?)

[mihaibudiu]

https://issues.apache.org/jira is the JIRA

[vishalcoc44]

Is there a JIRA issue for this feature? The recommended workflow is to have any non-trivial change be first filed as an issue, with a description of the design for the review of the community. It's not too late, maybe you can explain how the fuzzer works and how it's supposed to be used (e.g., does it run in CI as a test?)

Alright, I'll file a ticket!

[vishalcoc44]

Is there a JIRA issue for this feature? The recommended workflow is to have any non-trivial change be first filed as an issue, with a description of the design for the review of the community. It's not too late, maybe you can explain how the fuzzer works and how it's supposed to be used (e.g., does it run in CI as a test?)

CALCITE-7436
Ive raised a issue

[vishalcoc44]

@julianhyde could you re trigger the workflow

[F21]

@vishalcoc44 , I've approved and trigged the workflows.

[vishalcoc44]

@vishalcoc44 , I've approved and trigged the workflows.

the checks are good, once this PR is merged, I plan to submit a follow-up PR to the google/oss-fuzz repository to update the Avatica project configuration. This will enable the OSS-Fuzz infrastructure to build and run these new fuzzers directly from the upstream source, is that okay? Could I coordinate with you @F21 ?

[F21]

I am not familiar with OSS-Fuzz or Avatica internals, so I will defer the code review to other committers who have more knowledge in this area. I am, however, happy to coordinate and assist in any way to get this contribution merged.

[F21]

As a starter, can you please subscribe to the dev mailing list and start a discussion around these changes? See https://calcite.apache.org/community/#mailing-lists for instructions.

It will bring more visibility to your proposed changes and allow input from community members.

[vishalcoc44]

As a starter, can you please subscribe to the dev mailing list and start a discussion around these changes? See https://calcite.apache.org/community/#mailing-lists for instructions.

It will bring more visibility to your proposed changes and allow input from community members.

Hey, thanks for the info, i have raised a

As a starter, can you please subscribe to the dev mailing list and start a discussion around these changes? See https://calcite.apache.org/community/#mailing-lists for instructions.

It will bring more visibility to your proposed changes and allow input from community members.

alright, i subscribed to the mailing list.
The task i'm describing is such that there were not enough fuzzers in this repo ( fuzzing is to test the code for more coverage). There were two more fuzzers in the google oss fuzz repo apart from the 4 fuzzers i have committed here earlier, so im adding those 2 orphan fuzzers here.

Since we are gonna have all the fuzzers in this repo, we should have a clfuzz workflow over here which will run fuzzers everytime someone pushes changes to this repo automatically.

so the three new additions i've ,made to this existing commit are the two new fuzzer files and the workflow script.
I would appreicate if you could again run the tests here so that i can proceed with the google oss fuzz corrections.

[vishalcoc44]

As a starter, can you please subscribe to the dev mailing list and start a discussion around these changes? See https://calcite.apache.org/community/#mailing-lists for instructions.

It will bring more visibility to your proposed changes and allow input from community members.

also i would like to add that the yaml file will fail for the time being until the changes i proposed are pushed to the google oss fuzz repo.