Bug #115351 page tracking cannot find stop point
Submitted: 17 Jun 4:32 Modified: 17 Jun 11:42
Reporter: gang liu Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server: InnoDB storage engine Severity:S3 (Non-critical)
Version:mysql-8.0.32 OS:Any
Assigned to: CPU Architecture:Any
Tags: page-tracking

[17 Jun 4:32] gang liu
Description:
in function:
```
bool Arch_File_Ctx::find_stop_point(Arch_Group *group, lsn_t check_lsn,
                                    Arch_Point &stop_point,
                                    Arch_Page_Pos last_pos){
...

   while (left_pos.m_block_num <= right_pos.m_block_num) {
        middle_pos.m_block_num = left_pos.m_block_num +
                                 (right_pos.m_block_num - left_pos.m_block_num) / 2;
        ....

        if (block_stop_lsn > check_lsn) {
           right_pos.m_block_num = middle_pos.m_block_num - 1;
        } else {
           left_pos.m_block_num = middle_pos.m_block_num + 1;
        }
   }
...
```
there is one condition is:
left_pos.m_block_num = 0, right_pos.m_block_num =-1,
ince the the type of right_pos.m_block_num is int64_t,
then the condition (left_pos.m_block_num < right_pos.m_block_num) is right,   // the group will open a file which not exist.

How to repeat:
see the description.

Suggested fix:
diff --git a/storage/innobase/arch/arch0page.cc b/storage/innobase/arch/arch0page.cc
index bc07f88c78c..946eefef2b6 100644
--- a/storage/innobase/arch/arch0page.cc
+++ b/storage/innobase/arch/arch0page.cc
@@ -524,7 +524,8 @@ bool Arch_File_Ctx::find_stop_point(Arch_Group *group, lsn_t check_lsn,
   lsn_t block_stop_lsn;
   int err;
 
-  while (left_pos.m_block_num <= right_pos.m_block_num) {
+  while (static_cast<int64_t>(left_pos.m_block_num) <=
+         static_cast<int64_t>(right_pos.m_block_num)) {
     Arch_Page_Pos middle_pos;
     middle_pos.init();
     middle_pos.m_offset = 0;
[17 Jun 9:32] MySQL Verification Team
Hi Mr. liu,

Thank you for your bug report.

However, we do not see why this should be a bug ???

In the latest software releases,  struct Arch_Page_Pos has that variable defined properly:

uint64_t m_block_num;

Hence, we do not see why would we require a cast in that place ????

Not a bug
[17 Jun 10:10] gang liu
if binary search stop condition is right_pos.m_block_num = -1, it will be 18446744073709551615. since, right_pos.m_block_num is uint64_t. then, the binary search will not stop.
[17 Jun 10:24] MySQL Verification Team
Hi Mr. liu,

Can you point us to the code where that assignment:

right_pos.m_block_num = -1

is made ????
[17 Jun 10:27] gang liu
` if middle_pos.m_block_num=0, `right_pos.m_block_num = middle_pos.m_block_num - 1;
[17 Jun 10:34] MySQL Verification Team
Hi,

Can you, please,  name the source file and the line number in 8.0.37 ???
[17 Jun 11:00] gang liu
mysql-8.0.37, storage/innobase/arch/arch0page.cc:559
[17 Jun 11:09] MySQL Verification Team
Hi Mr. Liu,

We see this code around that line number:

    if (block_stop_lsn > check_lsn) {
      right_pos.m_block_num = middle_pos.m_block_num - 1;
    } else {
      left_pos.m_block_num = middle_pos.m_block_num + 1;
    }

right_pos.m_block_num is NOT assigned to -1.

It can be -1 only if middle_pos.m_block_num is 0, which can nothappen at all.
[17 Jun 11:42] gang liu
```
...

   while (left_pos.m_block_num <= right_pos.m_block_num) {
        middle_pos.m_block_num = left_pos.m_block_num +
                                 (right_pos.m_block_num - left_pos.m_block_num) / 2;
        ....

        if (block_stop_lsn > check_lsn) {
           right_pos.m_block_num = middle_pos.m_block_num - 1;
        } else {
           left_pos.m_block_num = middle_pos.m_block_num + 1;
        }
   }
...
```
assum initial condition:  left_pos.m_block_num = 0, right_pos.m_block_num =12

1th loop:
middle_pos.m_block_num = 6,left_pos.m_block_num = 0, right_pos.m_block_num =5
2th loop:
middle_pos.m_block_num = 2,left_pos.m_block_num = 0, right_pos.m_block_num =1
3th loop:
middle_pos.m_block_num = 0,left_pos.m_block_num = 0, right_pos.m_block_num =-1
[17 Jun 14:25] MySQL Verification Team
Hi,

We are afraid that this scenario is not possible, but we shall check it out again ......
[17 Jun 14:26] MySQL Verification Team
Hi,

Even if it is a possible scenario, a patch would be different ....... to prevent the subtraction when the left operand is 0 (zero).