Bug #54474 valgrind warnings for partition_innodb_plugin
Submitted: 14 Jun 2010 6:27 Modified: 17 Jun 2010 14:11
Reporter: Mark Callaghan Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server: InnoDB Plugin storage engine Severity:S1 (Critical)
Version:5.1.47 OS:Any
Assigned to: Marko Mäkelä CPU Architecture:Any
Tags: innodb, mtr, plugin, valgrind

[14 Jun 2010 6:27] Mark Callaghan
Description:
After applying fixes from bugs 53306 and 53307 and editing mysql-test/t/disabled.def to enable partition_innodb_plugin, I still get valgrind warnings for MySQL 5.1.47

==21316== Thread 17:
==21316== Conditional jump or move depends on uninitialised value(s)
==21316==    at 0x58A21B0: mach_write_to_1 (mach0data.ic:39)
==21316==    by 0x58CCD31: rec_set_info_and_status_bits (rem0rec.ic:672)
==21316==    by 0x58CF436: rec_convert_dtuple_to_rec (rem0rec.c:1229)
==21316==    by 0x58AFC29: page_cur_tuple_insert (page0cur.ic:259)
==21316==    by 0x583BD03: btr_cur_optimistic_insert (btr0cur.c:1194)
==21316==    by 0x58D0EEE: row_ins_index_entry_low (row0ins.c:2082)
==21316==    by 0x58D347F: row_ins_index_entry (row0ins.c:2162)
==21316==    by 0x58D37C1: row_ins_step (row0ins.c:2247)
==21316==    by 0x58DD7CC: row_insert_for_mysql (row0mysql.c:1137)
==21316==    by 0x5885178: ha_innodb::write_row(unsigned char*) (ha_innodb.cc:4714)
==21316==    by 0x6AAADC: handler::ha_write_row(unsigned char*) (handler.cc:4654)
==21316==    by 0x6B1619: ha_partition::write_row(unsigned char*) (ha_partition.cc:3080)
==21316==    by 0x6AAADC: handler::ha_write_row(unsigned char*) (handler.cc:4654)
==21316==    by 0x630BB4: write_record(THD*, st_table*, st_copy_info*) (sql_insert.cc:1606)
==21316==    by 0x6341CC: mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicat
es, bool) (sql_insert.cc:835)
==21316==    by 0x5B6835: mysql_execute_command(THD*) (sql_parse.cc:3198)
==21316==
==21316== Conditional jump or move depends on uninitialised value(s)
==21316==    at 0x58A21B0: mach_write_to_1 (mach0data.ic:39)
==21316==    by 0x58CF436: rec_convert_dtuple_to_rec (rem0rec.c:1229)
==21316==    by 0x58AFC29: page_cur_tuple_insert (page0cur.ic:259)
==21316==    by 0x583BD03: btr_cur_optimistic_insert (btr0cur.c:1194)
==21316==    by 0x58D0EEE: row_ins_index_entry_low (row0ins.c:2082)
==21316==    by 0x58D347F: row_ins_index_entry (row0ins.c:2162)
==21316==    by 0x58D37C1: row_ins_step (row0ins.c:2247)
==21316==    by 0x58DD7CC: row_insert_for_mysql (row0mysql.c:1137)
==21316==    by 0x5885178: ha_innodb::write_row(unsigned char*) (ha_innodb.cc:4714)
==21316==    by 0x6AAADC: handler::ha_write_row(unsigned char*) (handler.cc:4654)
==21316==    by 0x6B1619: ha_partition::write_row(unsigned char*) (ha_partition.cc:3080)
==21316==    by 0x6AAADC: handler::ha_write_row(unsigned char*) (handler.cc:4654)
==21316==    by 0x630BB4: write_record(THD*, st_table*, st_copy_info*) (sql_insert.cc:1606)
==21316==    by 0x6341CC: mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicat
es, bool) (sql_insert.cc:835)
==21316==    by 0x5B6835: mysql_execute_command(THD*) (sql_parse.cc:3198)
==21316==    by 0x5B709F: mysql_parse(THD*, char const*, unsigned, char const**) (sql_parse.cc:5986)
==21316==
==21316== Conditional jump or move depends on uninitialised value(s)
==21316==    at 0x58A1F00: mach_write_to_2 (mach0data.ic:68)
==21316==    by 0x58AD85B: page_cur_insert_rec_low (page0cur.c:1076)
==21316==    by 0x58AFC73: page_cur_tuple_insert (page0cur.ic:267)
==21316==    by 0x583BD03: btr_cur_optimistic_insert (btr0cur.c:1194)
==21316==    by 0x58D0EEE: row_ins_index_entry_low (row0ins.c:2082)
==21316==    by 0x58D347F: row_ins_index_entry (row0ins.c:2162)
==21316==    by 0x58D37C1: row_ins_step (row0ins.c:2247)
==21316==    by 0x58DD7CC: row_insert_for_mysql (row0mysql.c:1137)
==21316==    by 0x5885178: ha_innodb::write_row(unsigned char*) (ha_innodb.cc:4714)
==21316==    by 0x6AAADC: handler::ha_write_row(unsigned char*) (handler.cc:4654)
==21316==    by 0x6B1619: ha_partition::write_row(unsigned char*) (ha_partition.cc:3080)
==21316==    by 0x6AAADC: handler::ha_write_row(unsigned char*) (handler.cc:4654)
==21316==    by 0x630BB4: write_record(THD*, st_table*, st_copy_info*) (sql_insert.cc:1606)
==21316==    by 0x6341CC: mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicat
es, bool) (sql_insert.cc:835)
==21316==    by 0x5B6835: mysql_execute_command(THD*) (sql_parse.cc:3198)
==21316==    by 0x5B709F: mysql_parse(THD*, char const*, unsigned, char const**) (sql_parse.cc:5986)

How to repeat:
configure 5.1.47:

./configure --enable-thread-safe-client --with-plugins=partition,csv,blackhole,myisam,heap,innodb_plugin --without-plugin-innobase --with-fast-mutexes --with-extra-charsets=all --with-debug C_EXTRA_FLAGS="-fno-omit-frame-pointer -fno-strict-aliasing -DHAVE_purify -DNO_ALARM -DSIGNAL_WITH_VIO_CLOSE -Wall -DUNIV_DEBUG"

make

 ./mysql-test-run.pl --mtr-port-base=15000 --valgrind partition_innodb_plugin

My server has:
* 64-bit x86
* CentOS 5.2
* valgrind 3.2.1
* gcc 4.1.2
[14 Jun 2010 20:26] Mark Callaghan
The interesting call stack is:

page_cur_tuple_insert:
* calls mem_heap_create, mem_heap_alloc to allocate buffer
* calls rec_convert_dtuple_to_rec

rec_convert_dtuple_to_rec calls rec_convert_dtuple_to_rec_new

rec_convert_dtuple_to_rec_new:
* calls rec_convert_dtuple_to_rec_comp
* calls rec_set_info_and_status_bits

Note that rec_set_info_and_status_bits does a read-modify-write to set bits in a byte. But nothing prior to it set those bytes. The bytes are at offset: REC_NEW_STATUS, REC_NEW_INFO_BITS

rec_convert_dtuple_to_rec_old has this code:

#ifdef UNIV_DEBUG
        /* Suppress Valgrind warnings of ut_ad()
        in mach_write_to_1(), mach_write_to_2() et al. */
        memset(buf, 0xff, rec - buf + data_size);
#endif /* UNIV_DEBUG */

Maybe rec_convert_dtuple_to_rec_new needs that. And adding this to rec_covert_dtuple_to_rec_new makes the warnings go away:

#ifdef UNIV_DEBUG_VALGRIND
        /* See http://bugs.mysql.com/bug.php?id=54474 */
        *(((byte*)rec) - REC_NEW_STATUS) = 0;
        *(((byte*)rec) - REC_NEW_INFO_BITS) = 0;
        *(((byte*)rec) - REC_NEW_HEAP_NO) = 0;
        *(((byte*)rec) - REC_NEW_HEAP_NO + 1) = 0;
#endif
[17 Jun 2010 8:39] MySQL Verification Team
this is not repeatabled using revno: 3410 from bk-internal, 5.1.49-debug. logs attached.

Attachment: bug54474_5.1.49_debug.zip (application/x-zip-compressed, text), 6.25 KiB.

[17 Jun 2010 14:00] MySQL Verification Team
Some more info from me.. I built standard source .tar.gz:
Each test is the same:

edit univ.i s/#if 0/#if 1/ to enable all the debug defs, then:
./BUILD/compile-pentium-debug-max-no-ndb
edit disabled.def to comment out partition_innodb_plugin
./mysql-test-run.pl --mtr-port-base=15000 --valgrind partition_innodb_plugin

5.1.47 failed the test.
5.1.48 passed the test.
5.1.49 from bk-internal passed.

All tests on same machine:

valgrind-3.5.0
gcc (GCC) 4.1.2 20061115 (prerelease) (SUSE Linux)
openSUSE 10.2 (X86-64)
Linux box2 2.6.18.2-34-default #1 SMP Mon Nov 27 11:46:27 UTC 2006 x86_64 x86_64 x86_64 GNU/Linux
[17 Jun 2010 14:11] Mark Callaghan
I missed that you were able to repro on 5.1.47. We can stop spending time on this then if it appears to be fixed. There have been a lot of commits after 5.1.47 to fix valgrind problems in innodb.