Bug #57352 valgrind warnings when creating view
Submitted: 10 Oct 2010 9:36 Modified: 6 Jan 2011 1:25
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Views Severity:S1 (Critical)
Version:5.1.53,5.5.7 OS:Linux (FC13 x64)
Assigned to: Sergei Glukhov CPU Architecture:Any
Triage: Triaged: D1 (Critical)

[10 Oct 2010 9:36] Shane Bester
Description:
5.5.7 valgrind output:

Conditional jump or move depends on uninitialised value(s)
at : my_wildcmp_bin (ctype-bin.c:332)
by : Item_func_like::val_int (item_cmpfunc.cc:4668)
by : Item::val_bool (item.cc:199)
by : Item_func_not::val_int (item_cmpfunc.cc:289)
by : Item_int_func::val_real (item_func.cc:643)
by : in_double::set (item_cmpfunc.cc:3512)
by : Item_func_in::fix_length_and_dec (item_cmpfunc.cc:4025)
by : Item_func::fix_fields (item_func.cc:219)
by : Item_func_in::fix_fields (item_cmpfunc.cc:3808)
by : setup_fields (sql_base.cc:7721)
by : JOIN::prepare (sql_select.cc:542)
by : st_select_lex_unit::prepare (sql_union.cc:266)
by : mysql_create_view (sql_view.cc:554)
by : mysql_execute_command (sql_parse.cc:4252)
by : mysql_parse (sql_parse.cc:5594)
by : dispatch_command (sql_parse.cc:1139)
by : do_command (sql_parse.cc:811)
by : do_handle_one_connection (sql_connect.cc:1192)
by : handle_one_connection (sql_connect.cc:1131)
by : start_thread (pthread_create.c:301)
by : ???

How to repeat:
#run mysqld in valgrind:

create or replace view v1 as 
select 1 in (1 like 2,0) as f ;
[11 Oct 2010 6:50] Valeriy Kravchuk
Probably my 5.5.7 is too old:

openxs@ubuntu:/home2/openxs/bzr2/mysql-5.5$ bzr log --show-ids -l1
------------------------------------------------------------
revno: 3088 [merge]
revision-id: alexander.nozdrin@oracle.com-20101002180831-590ka2tuit9qoxbb
parent: alik@sun.com-20100928153459-4nudf4zgzlou4s7q
parent: alik@sun.com-20100928154245-3nsrtpexiew6898r
committer: Alexander Nozdrin <alexander.nozdrin@oracle.com>
branch nick: mysql-5.5
timestamp: Sat 2010-10-02 22:08:31 +0400
message:
  Auto-merge from mysql-5.5-stage (used to be mysql-5.5-bugfixing).

but I can not repeat this.
[11 Oct 2010 10:23] Shane Bester
while (wildstr != wildend)
  {
    while (*wildstr != w_many && *wildstr != w_one)
    {
      if (*wildstr == escape && wildstr+1 != wildend) <------ line 332 !
	wildstr++;
[11 Oct 2010 11:24] Miguel Solorzano
Thank you for the bug report. Verified as described:

101011  8:19:21 [Note] Event Scheduler: Loaded 0 events
101011  8:19:21 [Note] /home/miguel/dbs/5.5mr/bin/mysqld: ready for connections.
Version: '5.6.99-m5-valgrind-max-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
==16547== Thread 17:
==16547== Conditional jump or move depends on uninitialised value(s)
==16547==    at 0xAF5CDB: my_wildcmp_bin (ctype-bin.c:334)
==16547==    by 0x77D308: Item_func_like::val_int() (item_cmpfunc.cc:4770)
==16547==    by 0x7792D7: in_longlong::set(unsigned int, Item*) (item_cmpfunc.cc:3536)
==16547==    by 0x77B16A: Item_func_in::fix_length_and_dec() (item_cmpfunc.cc:4089)
==16547==    by 0x796E09: Item_func::fix_fields(THD*, Item**) (item_func.cc:220)
==16547==    by 0x77A63B: Item_func_in::fix_fields(THD*, Item**) (item_cmpfunc.cc:3872)
==16547==    by 0x58F5A0: setup_fields(THD*, Item**, List<Item>&, enum_mark_columns, List<Item>*, bool) (sql_base.cc:7739)
==16547==    by 0x5FDF3A: JOIN::prepare(Item***, TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) (sql_select.cc:569)
==16547==    by 0x679531: st_select_lex_unit::prepare(THD*, select_result*, unsigned long) (sql_union.cc:287)
==16547==    by 0x683869: mysql_create_view(THD*, TABLE_LIST*, enum_view_create_mode) (sql_view.cc:553)
==16547==    by 0x5DDD87: mysql_execute_command(THD*) (sql_parse.cc:4244)
==16547==    by 0x5E0F8A: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5591)
==16547== 
101011  8:21:02 [Note] Got signal 15 to shutdown mysqld
101011  8:21:02 [Note] /home/miguel/dbs/5.5mr/bin/mysqld: Normal shutdown

101011  8:21:02 [Note] Event Scheduler: Purging the queue. 0 events
101011  8:21:02  InnoDB: Starting shutdown...
101011  8:21:05  InnoDB: Shutdown completed; log sequence number 1595675
101011  8:21:05 [Note] /home/miguel/dbs/5.5mr/bin/mysqld: Shutdown complete

--16547-- Discarding syms at 0x6899d80-0x68aa3c8 in /lib/libgcc_s.so.1 due to munmap()
--16547-- Discarding syms at 0x1975a170-0x19762438 in /lib/libnss_files-2.11.1.so due to munmap()
==16547== 
==16547== HEAP SUMMARY:
==16547==     in use at exit: 272 bytes in 1 blocks
==16547==   total heap usage: 59,843 allocs, 59,842 frees, 70,601,136 bytes allocated
==16547== 
==16547== Searching for pointers to 1 not-freed blocks
==16547== Checked 3,720,984 bytes
==16547== 
==16547== Thread 1:
==16547== 272 bytes in 1 blocks are possibly lost in loss record 1 of 1
==16547==    at 0x4C277CC: calloc (vg_replace_malloc.c:467)
==16547==    by 0x4012495: _dl_allocate_tls (dl-tls.c:300)
==16547==    by 0x4E35728: pthread_create@@GLIBC_2.2.5 (allocatestack.c:561)
==16547==    by 0x54C305: inline_mysql_thread_create (mysql_thread.h:1139)
==16547==    by 0x54FDD3: start_signal_handler() (mysqld.cc:2632)
==16547==    by 0x552D50: mysqld_main(int, char**) (mysqld.cc:4641)
==16547==    by 0x54B903: main (main.cc:24)
==16547== 
==16547== LEAK SUMMARY:
==16547==    definitely lost: 0 bytes in 0 blocks
==16547==    indirectly lost: 0 bytes in 0 blocks
==16547==      possibly lost: 272 bytes in 1 blocks
==16547==    still reachable: 0 bytes in 0 blocks
==16547==         suppressed: 0 bytes in 0 blocks
==16547== 
==16547== Use --track-origins=yes to see where uninitialised values come from
==16547== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 4 from 4)
==16547== 
==16547== 1 errors in context 1 of 2:
==16547== Thread 17:
==16547== Conditional jump or move depends on uninitialised value(s)
==16547==    at 0xAF5CDB: my_wildcmp_bin (ctype-bin.c:334)
==16547==    by 0x77D308: Item_func_like::val_int() (item_cmpfunc.cc:4770)
==16547==    by 0x7792D7: in_longlong::set(unsigned int, Item*) (item_cmpfunc.cc:3536)
==16547==    by 0x77B16A: Item_func_in::fix_length_and_dec() (item_cmpfunc.cc:4089)
==16547==    by 0x796E09: Item_func::fix_fields(THD*, Item**) (item_func.cc:220)
==16547==    by 0x77A63B: Item_func_in::fix_fields(THD*, Item**) (item_cmpfunc.cc:3872)
==16547==    by 0x58F5A0: setup_fields(THD*, Item**, List<Item>&, enum_mark_columns, List<Item>*, bool) (sql_base.cc:7739)
==16547==    by 0x5FDF3A: JOIN::prepare(Item***, TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) (sql_select.cc:569)
==16547==    by 0x679531: st_select_lex_unit::prepare(THD*, select_result*, unsigned long) (sql_union.cc:287)
==16547==    by 0x683869: mysql_create_view(THD*, TABLE_LIST*, enum_view_create_mode) (sql_view.cc:553)
==16547==    by 0x5DDD87: mysql_execute_command(THD*) (sql_parse.cc:4244)
==16547==    by 0x5E0F8A: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5591)
==16547== 
--16547-- 
--16547-- used_suppression:      2 dl-hack3-cond-1
--16547-- used_suppression:      2 glibc-2.5.x-on-SUSE-10.2-(PPC)-2a
==16547== 
==16547== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 4 from 4)
[7 Dec 2010 14:44] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/126218

3514 Sergey Glukhov	2010-12-07
      Fixed following problems:
      --Bug#52157 various crashes and assertions with multi-table update, stored function
      --Bug#54475 improper error handling causes cascading crashing failures in innodb/ndb
      --Bug#57703 create view cause Assertion failed: 0, file .\item_subselect.cc, line 846
      --Bug#57352 valgrind warnings when creating view
      --Recently discovered problem when a nested materialized derived table is used
        before being populated and it leads to incorrect result
      
      We have several modes when we should disable subquery evaluation.
      The reasons for disabling are different. It could be
      uselessness of the evaluation as in case of 'CREATE VIEW'
      or 'PREPARE stmt', or we should disable subquery evaluation
      if tables are not locked yet as it happens in bug#54475, or
      too early evaluation of subqueries can lead to wrong result
      as it happened in Bug#19077.
      Main problem is that if subquery items are treated as const
      they are evaluated in ::fix_fields(), ::fix_length_and_dec()
      of the parental items as a lot of these methods have
      Item::val_...() calls inside.
      We have to make subqueries non-const to prevent unnecessary
      subquery evaluation. At the moment we have different methods
      for this. Here is a list of these modes:
      
      1. PREPARE stmt;
      We use UNCACHEABLE_PREPARE flag.
      It is set during parsing in sql_parse.cc, mysql_new_select() for
      each SELECT_LEX object and cleared at the end of PREPARE in
      sql_prepare.cc, init_stmt_after_parse(). If this flag is set
      subquery becomes non-const and evaluation does not happen.
      
      2. CREATE|ALTER VIEW, SHOW CREATE VIEW, I_S tables which
         process FRM files
      We use LEX::view_prepare_mode field. We set it before
      view preparation and check this flag in
      ::fix_fields(), ::fix_length_and_dec().
      Some of bugs are fixed using this approach,
      some are not(Bug#57352, Bug#57703). The problem here is.
      that we have a lot of ::fix_fields(), ::fix_length_and_dec()
      where we use Item::val_...() calls for const items.
      
      3. Derived tables with subquery = wrong result(Bug19077)
      The reason of this bug is too early subquery evaluation.
      It's fixed by adding Item::with_subselect field
      The check of this field in appropriate places prevents
      const item evaluation if the item have subquery.
      The fix for Bug19077 fixes only the problem with.
      convert_constant_item() function and does not cover
      other places(::fix_fields(), ::fix_length_and_dec() again)
      where subqueries could be evaluated.
      
      Example:
      CREATE TABLE t1 (i INT, j BIGINT);
      INSERT INTO t1 VALUES (1, 2), (2, 2), (3, 2);
      SELECT * FROM (SELECT MIN(i) FROM t1
      WHERE j = SUBSTRING('12', (SELECT * FROM (SELECT MIN(j) FROM t1) t2))) t3;
      DROP TABLE t1;
      
      4. Derived tables with subquery where subquery
         is evaluated before table locking(Bug#54475, Bug#52157)
      
      Suggested solution is following:
      
      -Introduce new field LEX::context_analysis_only with the following
       possible flags:
       #define CONTEXT_ANALYSIS_ONLY_PREPARE 1
       #define CONTEXT_ANALYSIS_ONLY_VIEW    2
       #define CONTEXT_ANALYSIS_ONLY_DERIVED 4
      -Set/clean these flags when we perform
       context analysis operation
      -Item_subselect::const_item() returns
       result depending on LEX::context_analysis_only.
       If context_analysis_only is set then we return
       FALSE that means that subquery is non-const.
       As all subquery types are wrapped by Item_subselect
       it allow as to make subquery non-const when
       it's necessary.
     @ mysql-test/r/derived.result
        test case
     @ mysql-test/r/multi_update.result
        test case
     @ mysql-test/r/view.result
        test case
     @ mysql-test/suite/innodb/r/innodb_multi_update.result
        test case
     @ mysql-test/suite/innodb/t/innodb_multi_update.test
        test case
     @ mysql-test/suite/innodb_plugin/r/innodb_multi_update.result
        test case
     @ mysql-test/suite/innodb_plugin/t/innodb_multi_update.test
        test case
     @ mysql-test/t/derived.test
        test case
     @ mysql-test/t/multi_update.test
        test case
     @ mysql-test/t/view.test
        test case
     @ sql/item.cc
        --removed unnecessary code
     @ sql/item_cmpfunc.cc
        --removed unnecessary checks
        --refactored context analysis checks
     @ sql/item_func.cc
        --refactored context analysis checks
     @ sql/item_row.cc
        --removed unnecessary checks
     @ sql/item_subselect.cc
        --removed unnecessary code
        --added DBUG_ASSERT into Item_subselect::exec()
          which asserts that subquery execution can not happen
          if LEX::context_analysis_only is set, i.e. at context
          analysis stage.
        --Item_subselect::const_item()
          Return FALSE if LEX::context_analysis_only is set.
          It prevents subquery evaluation in ::fix_fields &
          ::fix_length_and_dec at context analysis stage.
     @ sql/item_subselect.h
        --removed unnecessary code
     @ sql/mysql_priv.h
        --Added new set of flags.
     @ sql/sql_class.h
        --removed unnecessary code
     @ sql/sql_derived.cc
        --added LEX::context_analysis_only analysis intialization/cleanup
     @ sql/sql_lex.cc
        --init LEX::context_analysis_only field
     @ sql/sql_lex.h
        --New LEX::context_analysis_only field
     @ sql/sql_parse.cc
        --removed unnecessary code
     @ sql/sql_prepare.cc
        --removed unnecessary code
        --added LEX::context_analysis_only analysis intialization/cleanup
     @ sql/sql_select.cc
        --refactored context analysis checks
     @ sql/sql_show.cc
        --added LEX::context_analysis_only analysis intialization/cleanup
     @ sql/sql_view.cc
        --added LEX::context_analysis_only analysis intialization/cleanup
[14 Dec 2010 9:43] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/126731

3520 Sergey Glukhov	2010-12-14
      Fixed following problems:
      --Bug#52157 various crashes and assertions with multi-table update, stored function
      --Bug#54475 improper error handling causes cascading crashing failures in innodb/ndb
      --Bug#57703 create view cause Assertion failed: 0, file .\item_subselect.cc, line 846
      --Bug#57352 valgrind warnings when creating view
      --Recently discovered problem when a nested materialized derived table is used
        before being populated and it leads to incorrect result
      
      We have several modes when we should disable subquery evaluation.
      The reasons for disabling are different. It could be
      uselessness of the evaluation as in case of 'CREATE VIEW'
      or 'PREPARE stmt', or we should disable subquery evaluation
      if tables are not locked yet as it happens in bug#54475, or
      too early evaluation of subqueries can lead to wrong result
      as it happened in Bug#19077.
      Main problem is that if subquery items are treated as const
      they are evaluated in ::fix_fields(), ::fix_length_and_dec()
      of the parental items as a lot of these methods have
      Item::val_...() calls inside.
      We have to make subqueries non-const to prevent unnecessary
      subquery evaluation. At the moment we have different methods
      for this. Here is a list of these modes:
      
      1. PREPARE stmt;
      We use UNCACHEABLE_PREPARE flag.
      It is set during parsing in sql_parse.cc, mysql_new_select() for
      each SELECT_LEX object and cleared at the end of PREPARE in
      sql_prepare.cc, init_stmt_after_parse(). If this flag is set
      subquery becomes non-const and evaluation does not happen.
      
      2. CREATE|ALTER VIEW, SHOW CREATE VIEW, I_S tables which
         process FRM files
      We use LEX::view_prepare_mode field. We set it before
      view preparation and check this flag in
      ::fix_fields(), ::fix_length_and_dec().
      Some bugs are fixed using this approach,
      some are not(Bug#57352, Bug#57703). The problem here is
      that we have a lot of ::fix_fields(), ::fix_length_and_dec()
      where we use Item::val_...() calls for const items.
      
      3. Derived tables with subquery = wrong result(Bug19077)
      The reason of this bug is too early subquery evaluation.
      It was fixed by adding Item::with_subselect field
      The check of this field in appropriate places prevents
      const item evaluation if the item have subquery.
      The fix for Bug19077 fixes only the problem with
      convert_constant_item() function and does not cover
      other places(::fix_fields(), ::fix_length_and_dec() again)
      where subqueries could be evaluated.
      
      Example:
      CREATE TABLE t1 (i INT, j BIGINT);
      INSERT INTO t1 VALUES (1, 2), (2, 2), (3, 2);
      SELECT * FROM (SELECT MIN(i) FROM t1
      WHERE j = SUBSTRING('12', (SELECT * FROM (SELECT MIN(j) FROM t1) t2))) t3;
      DROP TABLE t1;
      
      4. Derived tables with subquery where subquery
         is evaluated before table locking(Bug#54475, Bug#52157)
      
      Suggested solution is following:
      
      -Introduce new field LEX::context_analysis_only with the following
       possible flags:
       #define CONTEXT_ANALYSIS_ONLY_PREPARE 1
       #define CONTEXT_ANALYSIS_ONLY_VIEW    2
       #define CONTEXT_ANALYSIS_ONLY_DERIVED 4
      -Set/clean these flags when we perform
       context analysis operation
      -Item_subselect::const_item() returns
       result depending on LEX::context_analysis_only.
       If context_analysis_only is set then we return
       FALSE that means that subquery is non-const.
       As all subquery types are wrapped by Item_subselect
       it allow as to make subquery non-const when
       it's necessary.
     @ mysql-test/r/derived.result
        test case
     @ mysql-test/r/multi_update.result
        test case
     @ mysql-test/r/view.result
        test case
     @ mysql-test/suite/innodb/r/innodb_multi_update.result
        test case
     @ mysql-test/suite/innodb/t/innodb_multi_update.test
        test case
     @ mysql-test/suite/innodb_plugin/r/innodb_multi_update.result
        test case
     @ mysql-test/suite/innodb_plugin/t/innodb_multi_update.test
        test case
     @ mysql-test/t/derived.test
        test case
     @ mysql-test/t/multi_update.test
        test case
     @ mysql-test/t/view.test
        test case
     @ sql/item.cc
        --removed unnecessary code
     @ sql/item_cmpfunc.cc
        --removed unnecessary checks
        --THD::is_context_analysis_only() is replaced with LEX::is_ps_or_view_context_analysis()
     @ sql/item_func.cc
        --refactored context analysis checks
     @ sql/item_row.cc
        --removed unnecessary checks
     @ sql/item_subselect.cc
        --removed unnecessary code
        --added DBUG_ASSERT into Item_subselect::exec()
          which asserts that subquery execution can not happen
          if LEX::context_analysis_only is set, i.e. at context
          analysis stage.
        --Item_subselect::const_item()
          Return FALSE if LEX::context_analysis_only is set.
          It prevents subquery evaluation in ::fix_fields &
          ::fix_length_and_dec at context analysis stage.
     @ sql/item_subselect.h
        --removed unnecessary code
     @ sql/mysql_priv.h
        --Added new set of flags.
     @ sql/sql_class.h
        --removed unnecessary code
     @ sql/sql_derived.cc
        --added LEX::context_analysis_only analysis intialization/cleanup
     @ sql/sql_lex.cc
        --init LEX::context_analysis_only field
     @ sql/sql_lex.h
        --New LEX::context_analysis_only field
     @ sql/sql_parse.cc
        --removed unnecessary code
     @ sql/sql_prepare.cc
        --removed unnecessary code
        --added LEX::context_analysis_only analysis intialization/cleanup
     @ sql/sql_select.cc
        --refactored context analysis checks
     @ sql/sql_show.cc
        --added LEX::context_analysis_only analysis intialization/cleanup
     @ sql/sql_view.cc
        --added LEX::context_analysis_only analysis intialization/cleanup
[17 Dec 2010 12:49] Bugs System
Pushed into mysql-5.1 5.1.55 (revid:georgi.kodinov@oracle.com-20101217124435-9imm43geck5u55qw) (version source revid:sergey.glukhov@oracle.com-20101214093303-wmo9mqcb8rz0wv9f) (merge vers: 5.1.55) (pib:24)
[17 Dec 2010 12:52] Bugs System
Pushed into mysql-5.5 5.5.9 (revid:georgi.kodinov@oracle.com-20101217124733-p1ivu6higouawv8l) (version source revid:sergey.glukhov@oracle.com-20101214104600-v0ndu721rf61nbml) (merge vers: 5.5.8) (pib:24)
[17 Dec 2010 12:56] Bugs System
Pushed into mysql-trunk 5.6.1 (revid:georgi.kodinov@oracle.com-20101217125013-y8pb3az32rtbplc9) (version source revid:sergey.glukhov@oracle.com-20101214111513-9j68fg7s48a986ng) (merge vers: 5.6.1) (pib:24)
[6 Jan 2011 1:25] Paul Dubois
Noted in 5.1.55, 5.5.9 changelogs.

View creation could produce Valgrind warnings.