Bug #17405 Valgrind: conditional jump or move depends on unititialised values
Submitted: 15 Feb 2006 0:45 Modified: 19 Jun 2010 17:57
Reporter: Stewart Smith Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: InnoDB storage engine Severity:S2 (Serious)
Version:4.0, 4.1, 5.0.19 bk OS:Any (all)
Assigned to: Marko Mäkelä CPU Architecture:Any

[15 Feb 2006 0:45] Stewart Smith 
Description:
==32361== Thread 17:
==32361== Conditional jump or move depends on uninitialised value(s)
==32361==    at 0x849C289: buf_get_latched_pages_number (buf0buf.c:2184)
==32361==    by 0x844127E: srv_export_innodb_status (srv0srv.c:1806)
==32361==    by 0x82EB290: innodb_export_status() (ha_innodb.cc:6499)
==32361==    by 0x82CF143: ha_update_statistics() (handler.cc:1155)
==32361==    by 0x832A3BF: fill_status(THD*, st_table_list*, Item*) (sql_show.cc:3393)
==32361==    by 0x832B9F4: get_schema_tables_result(JOIN*) (sql_show.cc:3867)
==32361==    by 0x8264699: JOIN::exec() (sql_select.cc:1333)
==32361==    by 0x82660B3: mysql_select(THD*, Item***, st_table_list*, unsigned, List<Item>&, Item*, unsigned, st_order*, st_order*, Item*, st_order*, unsigned long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:1900)
==32361==    by 0x8266392: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:250)
==32361==    by 0x8204EFD: mysql_execute_command(THD*) (sql_parse.cc:2503)
==32361==    by 0x820D658: mysql_parse(THD*, char*, unsigned) (sql_parse.cc:5641)
==32361==    by 0x820E0BA: dispatch_command(enum_server_command, THD*, char*, unsigned) (sql_parse.cc:1719)
==32361==
==32361== Conditional jump or move depends on uninitialised value(s)
==32361==    at 0x849C296: buf_get_latched_pages_number (buf0buf.c:2184)
==32361==    by 0x844127E: srv_export_innodb_status (srv0srv.c:1806)
==32361==    by 0x82EB290: innodb_export_status() (ha_innodb.cc:6499)
==32361==    by 0x82CF143: ha_update_statistics() (handler.cc:1155)
==32361==    by 0x832A3BF: fill_status(THD*, st_table_list*, Item*) (sql_show.cc:3393)
==32361==    by 0x832B9F4: get_schema_tables_result(JOIN*) (sql_show.cc:3867)
==32361==    by 0x8264699: JOIN::exec() (sql_select.cc:1333)
==32361==    by 0x82660B3: mysql_select(THD*, Item***, st_table_list*, unsigned, List<Item>&, Item*, unsigned, st_order*, st_order*, Item*, st_order*, unsigned long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:1900)
==32361==    by 0x8266392: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:250)
==32361==    by 0x8204EFD: mysql_execute_command(THD*) (sql_parse.cc:2503)
==32361==    by 0x820D658: mysql_parse(THD*, char*, unsigned) (sql_parse.cc:5641)
==32361==    by 0x820E0BA: dispatch_command(enum_server_command, THD*, char*, unsigned) (sql_parse.cc:1719)

How to repeat:
start up ndb under valgrind
start up mysqld under valgrind
./mysql-test-run.pl --extern ndb_autodiscover

will get warnings.

Suggested fix:
don't have valgrind complain.
[15 Feb 2006 8:37] Heikki Tuuri 
Assigning this to Marko.

Fix: in buf_block_init(), set:

block->buf_fix_count = 0;
block->io_fix = 0;
block->magic_n = 0;

Enough to fix this in 5.0 and 5.1.

Regards,

Heikki

/*************************************************************************
Returns the number of latched pages in the buffer pool. */

ulint
buf_get_latched_pages_number(void)
{
        buf_block_t* block;
        ulint i;
        ulint fixed_pages_number = 0;

        mutex_enter(&(buf_pool->mutex));

        for (i = 0; i < buf_pool->curr_size; i++) {

               block = buf_pool_get_nth_block(buf_pool, i);

               if (((block->buf_fix_count != 0) || (block->io_fix != 0)) &&
                    block->magic_n == BUF_BLOCK_MAGIC_N )
                       fixed_pages_number++;
        }

        mutex_exit(&(buf_pool->mutex));
        return fixed_pages_number;
}
[15 Feb 2006 10:09] Marko Mäkelä 
I plugged this particular one with Heikki's directions. There still are similar cases, which I'm working on:

==24960== Conditional jump or move depends on uninitialised value(s)
==24960==    at 0x83350E3: trx_sys_create_doublewrite_buf (trx0sys.c:198)
==24960==    by 0x82F2547: innobase_start_or_create_for_mysql (srv0start.c:1574)
==24960==    by 0x82E4E0B: innobase_init() (ha_innodb.cc:1433)
==24960==    by 0x8259F11: ha_initialize_handlerton(handlerton*) (handler.cc:414)
==24960==    by 0x8259F99: init_handlerton(THD*, st_plugin_int*, void*) (handler.cc:433)
==24960==    by 0x82E224E: plugin_foreach(THD*, char (*)(THD*, st_plugin_int*, void*), int, void*) (sql_plugin.cc:891)
==24960==    by 0x825A1D3: ha_init() (handler.cc:450)
==24960==    by 0x8187336: init_server_components() (mysqld.cc:3284)
==24960==    by 0x818BA97: main (mysqld.cc:3623)
[16 Feb 2006 7:33] Marko Mäkelä 
The patch suggested by Heikki has been committed to the InnoDB 5.0 and 5.1 source code repositories.

Heikki says that eliminating uninitialized data in the first system tablespace pages (such as FIL_PAGE_TYPE, FIL_PAGE_PREV, FIL_PAGE_NEXT) has low priority. Thus, the warning about trx_sys_create_doublewrite_buf (trx0sys.c:198) testing uninitialized data and warnings about InnoDB writing uninitialized data will remain for the time being.
[5 Apr 2006 19:15] Elliot Murphy 
Fixed in InnoDB snapshot368; fixes are in 5.0.20.
[9 Apr 2006 4:49] Paul DuBois 
No changelog entry needed.
[5 May 2010 15:06] Bugs System 
Pushed into 5.1.47 (revid:joro@sun.com-20100505145753-ivlt4hclbrjy8eye) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[6 May 2010 1:57] Paul DuBois 
Push resulted from incorporation of InnoDB tree. No changes pertinent to this bug. Re-closing.
[28 May 2010 6:00] Bugs System 
Pushed into mysql-next-mr (revid:alik@sun.com-20100524190136-egaq7e8zgkwb9aqi) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (pib:16)
[28 May 2010 6:29] Bugs System 
Pushed into 6.0.14-alpha (revid:alik@sun.com-20100524190941-nuudpx60if25wsvx) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[28 May 2010 6:56] Bugs System 
Pushed into 5.5.5-m3 (revid:alik@sun.com-20100524185725-c8k5q7v60i5nix3t) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[29 May 2010 22:43] Paul DuBois 
Push resulted from incorporation of InnoDB tree. No changes pertinent to this bug.
Re-closing.
[17 Jun 2010 12:03] Bugs System 
Pushed into 5.1.47-ndb-7.0.16 (revid:martin.skold@mysql.com-20100617114014-bva0dy24yyd67697) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[17 Jun 2010 12:46] Bugs System 
Pushed into 5.1.47-ndb-6.2.19 (revid:martin.skold@mysql.com-20100617115448-idrbic6gbki37h1c) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[17 Jun 2010 13:30] Bugs System 
Pushed into 5.1.47-ndb-6.3.35 (revid:martin.skold@mysql.com-20100617114611-61aqbb52j752y116) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)