| Bug #57352 | valgrind warnings when creating view | ||
|---|---|---|---|
| Submitted: | 10 Oct 2010 9:36 | Modified: | 6 Jan 2011 1:25 |
| Reporter: | Shane Bester (Platinum Quality Contributor) | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server: Views | Severity: | S1 (Critical) |
| Version: | 5.1.53,5.5.7 | OS: | Linux (FC13 x64) |
| Assigned to: | Sergei Glukhov | CPU Architecture: | Any |
[10 Oct 2010 9:36]
Shane Bester
[11 Oct 2010 6:50]
Valeriy Kravchuk
Probably my 5.5.7 is too old: openxs@ubuntu:/home2/openxs/bzr2/mysql-5.5$ bzr log --show-ids -l1 ------------------------------------------------------------ revno: 3088 [merge] revision-id: alexander.nozdrin@oracle.com-20101002180831-590ka2tuit9qoxbb parent: alik@sun.com-20100928153459-4nudf4zgzlou4s7q parent: alik@sun.com-20100928154245-3nsrtpexiew6898r committer: Alexander Nozdrin <alexander.nozdrin@oracle.com> branch nick: mysql-5.5 timestamp: Sat 2010-10-02 22:08:31 +0400 message: Auto-merge from mysql-5.5-stage (used to be mysql-5.5-bugfixing). but I can not repeat this.
[11 Oct 2010 10:23]
MySQL Verification Team
while (wildstr != wildend)
{
while (*wildstr != w_many && *wildstr != w_one)
{
if (*wildstr == escape && wildstr+1 != wildend) <------ line 332 !
wildstr++;
[11 Oct 2010 11:24]
MySQL Verification Team
Thank you for the bug report. Verified as described: 101011 8:19:21 [Note] Event Scheduler: Loaded 0 events 101011 8:19:21 [Note] /home/miguel/dbs/5.5mr/bin/mysqld: ready for connections. Version: '5.6.99-m5-valgrind-max-debug' socket: '/tmp/mysql.sock' port: 3306 Source distribution ==16547== Thread 17: ==16547== Conditional jump or move depends on uninitialised value(s) ==16547== at 0xAF5CDB: my_wildcmp_bin (ctype-bin.c:334) ==16547== by 0x77D308: Item_func_like::val_int() (item_cmpfunc.cc:4770) ==16547== by 0x7792D7: in_longlong::set(unsigned int, Item*) (item_cmpfunc.cc:3536) ==16547== by 0x77B16A: Item_func_in::fix_length_and_dec() (item_cmpfunc.cc:4089) ==16547== by 0x796E09: Item_func::fix_fields(THD*, Item**) (item_func.cc:220) ==16547== by 0x77A63B: Item_func_in::fix_fields(THD*, Item**) (item_cmpfunc.cc:3872) ==16547== by 0x58F5A0: setup_fields(THD*, Item**, List<Item>&, enum_mark_columns, List<Item>*, bool) (sql_base.cc:7739) ==16547== by 0x5FDF3A: JOIN::prepare(Item***, TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) (sql_select.cc:569) ==16547== by 0x679531: st_select_lex_unit::prepare(THD*, select_result*, unsigned long) (sql_union.cc:287) ==16547== by 0x683869: mysql_create_view(THD*, TABLE_LIST*, enum_view_create_mode) (sql_view.cc:553) ==16547== by 0x5DDD87: mysql_execute_command(THD*) (sql_parse.cc:4244) ==16547== by 0x5E0F8A: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5591) ==16547== 101011 8:21:02 [Note] Got signal 15 to shutdown mysqld 101011 8:21:02 [Note] /home/miguel/dbs/5.5mr/bin/mysqld: Normal shutdown 101011 8:21:02 [Note] Event Scheduler: Purging the queue. 0 events 101011 8:21:02 InnoDB: Starting shutdown... 101011 8:21:05 InnoDB: Shutdown completed; log sequence number 1595675 101011 8:21:05 [Note] /home/miguel/dbs/5.5mr/bin/mysqld: Shutdown complete --16547-- Discarding syms at 0x6899d80-0x68aa3c8 in /lib/libgcc_s.so.1 due to munmap() --16547-- Discarding syms at 0x1975a170-0x19762438 in /lib/libnss_files-2.11.1.so due to munmap() ==16547== ==16547== HEAP SUMMARY: ==16547== in use at exit: 272 bytes in 1 blocks ==16547== total heap usage: 59,843 allocs, 59,842 frees, 70,601,136 bytes allocated ==16547== ==16547== Searching for pointers to 1 not-freed blocks ==16547== Checked 3,720,984 bytes ==16547== ==16547== Thread 1: ==16547== 272 bytes in 1 blocks are possibly lost in loss record 1 of 1 ==16547== at 0x4C277CC: calloc (vg_replace_malloc.c:467) ==16547== by 0x4012495: _dl_allocate_tls (dl-tls.c:300) ==16547== by 0x4E35728: pthread_create@@GLIBC_2.2.5 (allocatestack.c:561) ==16547== by 0x54C305: inline_mysql_thread_create (mysql_thread.h:1139) ==16547== by 0x54FDD3: start_signal_handler() (mysqld.cc:2632) ==16547== by 0x552D50: mysqld_main(int, char**) (mysqld.cc:4641) ==16547== by 0x54B903: main (main.cc:24) ==16547== ==16547== LEAK SUMMARY: ==16547== definitely lost: 0 bytes in 0 blocks ==16547== indirectly lost: 0 bytes in 0 blocks ==16547== possibly lost: 272 bytes in 1 blocks ==16547== still reachable: 0 bytes in 0 blocks ==16547== suppressed: 0 bytes in 0 blocks ==16547== ==16547== Use --track-origins=yes to see where uninitialised values come from ==16547== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 4 from 4) ==16547== ==16547== 1 errors in context 1 of 2: ==16547== Thread 17: ==16547== Conditional jump or move depends on uninitialised value(s) ==16547== at 0xAF5CDB: my_wildcmp_bin (ctype-bin.c:334) ==16547== by 0x77D308: Item_func_like::val_int() (item_cmpfunc.cc:4770) ==16547== by 0x7792D7: in_longlong::set(unsigned int, Item*) (item_cmpfunc.cc:3536) ==16547== by 0x77B16A: Item_func_in::fix_length_and_dec() (item_cmpfunc.cc:4089) ==16547== by 0x796E09: Item_func::fix_fields(THD*, Item**) (item_func.cc:220) ==16547== by 0x77A63B: Item_func_in::fix_fields(THD*, Item**) (item_cmpfunc.cc:3872) ==16547== by 0x58F5A0: setup_fields(THD*, Item**, List<Item>&, enum_mark_columns, List<Item>*, bool) (sql_base.cc:7739) ==16547== by 0x5FDF3A: JOIN::prepare(Item***, TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) (sql_select.cc:569) ==16547== by 0x679531: st_select_lex_unit::prepare(THD*, select_result*, unsigned long) (sql_union.cc:287) ==16547== by 0x683869: mysql_create_view(THD*, TABLE_LIST*, enum_view_create_mode) (sql_view.cc:553) ==16547== by 0x5DDD87: mysql_execute_command(THD*) (sql_parse.cc:4244) ==16547== by 0x5E0F8A: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5591) ==16547== --16547-- --16547-- used_suppression: 2 dl-hack3-cond-1 --16547-- used_suppression: 2 glibc-2.5.x-on-SUSE-10.2-(PPC)-2a ==16547== ==16547== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 4 from 4)
[7 Dec 2010 14:44]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/126218 3514 Sergey Glukhov 2010-12-07 Fixed following problems: --Bug#52157 various crashes and assertions with multi-table update, stored function --Bug#54475 improper error handling causes cascading crashing failures in innodb/ndb --Bug#57703 create view cause Assertion failed: 0, file .\item_subselect.cc, line 846 --Bug#57352 valgrind warnings when creating view --Recently discovered problem when a nested materialized derived table is used before being populated and it leads to incorrect result We have several modes when we should disable subquery evaluation. The reasons for disabling are different. It could be uselessness of the evaluation as in case of 'CREATE VIEW' or 'PREPARE stmt', or we should disable subquery evaluation if tables are not locked yet as it happens in bug#54475, or too early evaluation of subqueries can lead to wrong result as it happened in Bug#19077. Main problem is that if subquery items are treated as const they are evaluated in ::fix_fields(), ::fix_length_and_dec() of the parental items as a lot of these methods have Item::val_...() calls inside. We have to make subqueries non-const to prevent unnecessary subquery evaluation. At the moment we have different methods for this. Here is a list of these modes: 1. PREPARE stmt; We use UNCACHEABLE_PREPARE flag. It is set during parsing in sql_parse.cc, mysql_new_select() for each SELECT_LEX object and cleared at the end of PREPARE in sql_prepare.cc, init_stmt_after_parse(). If this flag is set subquery becomes non-const and evaluation does not happen. 2. CREATE|ALTER VIEW, SHOW CREATE VIEW, I_S tables which process FRM files We use LEX::view_prepare_mode field. We set it before view preparation and check this flag in ::fix_fields(), ::fix_length_and_dec(). Some of bugs are fixed using this approach, some are not(Bug#57352, Bug#57703). The problem here is. that we have a lot of ::fix_fields(), ::fix_length_and_dec() where we use Item::val_...() calls for const items. 3. Derived tables with subquery = wrong result(Bug19077) The reason of this bug is too early subquery evaluation. It's fixed by adding Item::with_subselect field The check of this field in appropriate places prevents const item evaluation if the item have subquery. The fix for Bug19077 fixes only the problem with. convert_constant_item() function and does not cover other places(::fix_fields(), ::fix_length_and_dec() again) where subqueries could be evaluated. Example: CREATE TABLE t1 (i INT, j BIGINT); INSERT INTO t1 VALUES (1, 2), (2, 2), (3, 2); SELECT * FROM (SELECT MIN(i) FROM t1 WHERE j = SUBSTRING('12', (SELECT * FROM (SELECT MIN(j) FROM t1) t2))) t3; DROP TABLE t1; 4. Derived tables with subquery where subquery is evaluated before table locking(Bug#54475, Bug#52157) Suggested solution is following: -Introduce new field LEX::context_analysis_only with the following possible flags: #define CONTEXT_ANALYSIS_ONLY_PREPARE 1 #define CONTEXT_ANALYSIS_ONLY_VIEW 2 #define CONTEXT_ANALYSIS_ONLY_DERIVED 4 -Set/clean these flags when we perform context analysis operation -Item_subselect::const_item() returns result depending on LEX::context_analysis_only. If context_analysis_only is set then we return FALSE that means that subquery is non-const. As all subquery types are wrapped by Item_subselect it allow as to make subquery non-const when it's necessary. @ mysql-test/r/derived.result test case @ mysql-test/r/multi_update.result test case @ mysql-test/r/view.result test case @ mysql-test/suite/innodb/r/innodb_multi_update.result test case @ mysql-test/suite/innodb/t/innodb_multi_update.test test case @ mysql-test/suite/innodb_plugin/r/innodb_multi_update.result test case @ mysql-test/suite/innodb_plugin/t/innodb_multi_update.test test case @ mysql-test/t/derived.test test case @ mysql-test/t/multi_update.test test case @ mysql-test/t/view.test test case @ sql/item.cc --removed unnecessary code @ sql/item_cmpfunc.cc --removed unnecessary checks --refactored context analysis checks @ sql/item_func.cc --refactored context analysis checks @ sql/item_row.cc --removed unnecessary checks @ sql/item_subselect.cc --removed unnecessary code --added DBUG_ASSERT into Item_subselect::exec() which asserts that subquery execution can not happen if LEX::context_analysis_only is set, i.e. at context analysis stage. --Item_subselect::const_item() Return FALSE if LEX::context_analysis_only is set. It prevents subquery evaluation in ::fix_fields & ::fix_length_and_dec at context analysis stage. @ sql/item_subselect.h --removed unnecessary code @ sql/mysql_priv.h --Added new set of flags. @ sql/sql_class.h --removed unnecessary code @ sql/sql_derived.cc --added LEX::context_analysis_only analysis intialization/cleanup @ sql/sql_lex.cc --init LEX::context_analysis_only field @ sql/sql_lex.h --New LEX::context_analysis_only field @ sql/sql_parse.cc --removed unnecessary code @ sql/sql_prepare.cc --removed unnecessary code --added LEX::context_analysis_only analysis intialization/cleanup @ sql/sql_select.cc --refactored context analysis checks @ sql/sql_show.cc --added LEX::context_analysis_only analysis intialization/cleanup @ sql/sql_view.cc --added LEX::context_analysis_only analysis intialization/cleanup
[14 Dec 2010 9:43]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/126731 3520 Sergey Glukhov 2010-12-14 Fixed following problems: --Bug#52157 various crashes and assertions with multi-table update, stored function --Bug#54475 improper error handling causes cascading crashing failures in innodb/ndb --Bug#57703 create view cause Assertion failed: 0, file .\item_subselect.cc, line 846 --Bug#57352 valgrind warnings when creating view --Recently discovered problem when a nested materialized derived table is used before being populated and it leads to incorrect result We have several modes when we should disable subquery evaluation. The reasons for disabling are different. It could be uselessness of the evaluation as in case of 'CREATE VIEW' or 'PREPARE stmt', or we should disable subquery evaluation if tables are not locked yet as it happens in bug#54475, or too early evaluation of subqueries can lead to wrong result as it happened in Bug#19077. Main problem is that if subquery items are treated as const they are evaluated in ::fix_fields(), ::fix_length_and_dec() of the parental items as a lot of these methods have Item::val_...() calls inside. We have to make subqueries non-const to prevent unnecessary subquery evaluation. At the moment we have different methods for this. Here is a list of these modes: 1. PREPARE stmt; We use UNCACHEABLE_PREPARE flag. It is set during parsing in sql_parse.cc, mysql_new_select() for each SELECT_LEX object and cleared at the end of PREPARE in sql_prepare.cc, init_stmt_after_parse(). If this flag is set subquery becomes non-const and evaluation does not happen. 2. CREATE|ALTER VIEW, SHOW CREATE VIEW, I_S tables which process FRM files We use LEX::view_prepare_mode field. We set it before view preparation and check this flag in ::fix_fields(), ::fix_length_and_dec(). Some bugs are fixed using this approach, some are not(Bug#57352, Bug#57703). The problem here is that we have a lot of ::fix_fields(), ::fix_length_and_dec() where we use Item::val_...() calls for const items. 3. Derived tables with subquery = wrong result(Bug19077) The reason of this bug is too early subquery evaluation. It was fixed by adding Item::with_subselect field The check of this field in appropriate places prevents const item evaluation if the item have subquery. The fix for Bug19077 fixes only the problem with convert_constant_item() function and does not cover other places(::fix_fields(), ::fix_length_and_dec() again) where subqueries could be evaluated. Example: CREATE TABLE t1 (i INT, j BIGINT); INSERT INTO t1 VALUES (1, 2), (2, 2), (3, 2); SELECT * FROM (SELECT MIN(i) FROM t1 WHERE j = SUBSTRING('12', (SELECT * FROM (SELECT MIN(j) FROM t1) t2))) t3; DROP TABLE t1; 4. Derived tables with subquery where subquery is evaluated before table locking(Bug#54475, Bug#52157) Suggested solution is following: -Introduce new field LEX::context_analysis_only with the following possible flags: #define CONTEXT_ANALYSIS_ONLY_PREPARE 1 #define CONTEXT_ANALYSIS_ONLY_VIEW 2 #define CONTEXT_ANALYSIS_ONLY_DERIVED 4 -Set/clean these flags when we perform context analysis operation -Item_subselect::const_item() returns result depending on LEX::context_analysis_only. If context_analysis_only is set then we return FALSE that means that subquery is non-const. As all subquery types are wrapped by Item_subselect it allow as to make subquery non-const when it's necessary. @ mysql-test/r/derived.result test case @ mysql-test/r/multi_update.result test case @ mysql-test/r/view.result test case @ mysql-test/suite/innodb/r/innodb_multi_update.result test case @ mysql-test/suite/innodb/t/innodb_multi_update.test test case @ mysql-test/suite/innodb_plugin/r/innodb_multi_update.result test case @ mysql-test/suite/innodb_plugin/t/innodb_multi_update.test test case @ mysql-test/t/derived.test test case @ mysql-test/t/multi_update.test test case @ mysql-test/t/view.test test case @ sql/item.cc --removed unnecessary code @ sql/item_cmpfunc.cc --removed unnecessary checks --THD::is_context_analysis_only() is replaced with LEX::is_ps_or_view_context_analysis() @ sql/item_func.cc --refactored context analysis checks @ sql/item_row.cc --removed unnecessary checks @ sql/item_subselect.cc --removed unnecessary code --added DBUG_ASSERT into Item_subselect::exec() which asserts that subquery execution can not happen if LEX::context_analysis_only is set, i.e. at context analysis stage. --Item_subselect::const_item() Return FALSE if LEX::context_analysis_only is set. It prevents subquery evaluation in ::fix_fields & ::fix_length_and_dec at context analysis stage. @ sql/item_subselect.h --removed unnecessary code @ sql/mysql_priv.h --Added new set of flags. @ sql/sql_class.h --removed unnecessary code @ sql/sql_derived.cc --added LEX::context_analysis_only analysis intialization/cleanup @ sql/sql_lex.cc --init LEX::context_analysis_only field @ sql/sql_lex.h --New LEX::context_analysis_only field @ sql/sql_parse.cc --removed unnecessary code @ sql/sql_prepare.cc --removed unnecessary code --added LEX::context_analysis_only analysis intialization/cleanup @ sql/sql_select.cc --refactored context analysis checks @ sql/sql_show.cc --added LEX::context_analysis_only analysis intialization/cleanup @ sql/sql_view.cc --added LEX::context_analysis_only analysis intialization/cleanup
[17 Dec 2010 12:49]
Bugs System
Pushed into mysql-5.1 5.1.55 (revid:georgi.kodinov@oracle.com-20101217124435-9imm43geck5u55qw) (version source revid:sergey.glukhov@oracle.com-20101214093303-wmo9mqcb8rz0wv9f) (merge vers: 5.1.55) (pib:24)
[17 Dec 2010 12:52]
Bugs System
Pushed into mysql-5.5 5.5.9 (revid:georgi.kodinov@oracle.com-20101217124733-p1ivu6higouawv8l) (version source revid:sergey.glukhov@oracle.com-20101214104600-v0ndu721rf61nbml) (merge vers: 5.5.8) (pib:24)
[17 Dec 2010 12:56]
Bugs System
Pushed into mysql-trunk 5.6.1 (revid:georgi.kodinov@oracle.com-20101217125013-y8pb3az32rtbplc9) (version source revid:sergey.glukhov@oracle.com-20101214111513-9j68fg7s48a986ng) (merge vers: 5.6.1) (pib:24)
[6 Jan 2011 1:25]
Paul DuBois
Noted in 5.1.55, 5.5.9 changelogs. View creation could produce Valgrind warnings.
