Bug #59843 using uninitialised value in uses_index_fields_only
Submitted: 31 Jan 2011 13:26 Modified: 7 Dec 2011 3:17
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
Category:MySQL Server: Optimizer Severity:S2 (Serious)
Version:mysql-trunk OS:Any
Assigned to: Tor Didriksen CPU Architecture:Any
Tags: index_condition_pushdown, optimizer_switch, regression, valgrind

[31 Jan 2011 13:26] Shane Bester
Version: '5.6.2-m5-valgrind-max-debug'  socket: 'sock'  port: 3306  Source distribution             

==16731== Thread 20:                                      
Conditional jump or move depends on uninitialised value(s)
at: uses_index_fields_only (sql_select.cc:9960)           
by: uses_index_fields_only (sql_select.cc:9962)           
by: make_cond_for_index (sql_select.cc:10100)             
by: make_cond_for_index (sql_select.cc:10054)             
by: push_index_cond (sql_select.cc:10217)                 
by: make_join_readinfo (sql_select.cc:11161)              
by: JOIN::optimize (sql_select.cc:2301)                   
by: mysql_select (sql_select.cc:3570)                     
by: mysql_explain_union (sql_select.cc:23205)             
by: execute_sqlcom_select (sql_parse.cc:4487)             
by: mysql_execute_command (sql_parse.cc:2096)             
by: mysql_parse (sql_parse.cc:5550)                       
by: dispatch_command(sql_parse.cc:1078)                   
by: do_command (sql_parse.cc:815)                         
by: do_handle_one_connection (sql_connect.cc:748)         
by: handle_one_connection (sql_connect.cc:684)            
by: start_thread (pthread_create.c:301)                   
 Uninitialised value was created by a heap allocation     
at: malloc (vg_replace_malloc.c:195)                      
by: my_malloc (my_malloc.c:38)                            
by: alloc_root (my_alloc.c:166)                           
by: Item::operator new (item.h:518)                       
by: MYSQLparse (sql_yacc.yy:8460)                         
by: parse_sql (sql_parse.cc:7275)                         
by: mysql_parse (sql_parse.cc:5505)                       
by: dispatch_command (sql_parse.cc:1078)                  
by: do_command (sql_parse.cc:815)                         
by: do_handle_one_connection (sql_connect.cc:748)         
by: handle_one_connection (sql_connect.cc:684)            
by: start_thread (pthread_create.c:301)                   
(gdb) list                                                                            
9955 {                                                                         
9956 /* This is a function, apply condition recursively to arguments */      
9957 Item_func *item_func= (Item_func*)item;                                 
9958 Item **child;                                                           
9959 Item **item_end= (item_func->arguments()) + item_func->argument_count();
9960 for (child= item_func->arguments(); child != item_end; child++)         
9961 {                                                                       
9962    if (!uses_index_fields_only(*child, tbl, keyno, other_tbls_ok))       
9963      return FALSE;                                                       
9964 }                                                                       

How to repeat:
#build a valgrind debug build of mysql-trunk and run in valgrind, then:

drop table if exists `g78`;
create table `g78` (
  `col999` float not null,
  `col1000` varbinary(179) not null,
  `col1003` date default null,
  key `idx4267` (`col1000`,`col1003`)
) engine=innodb default charset=latin1 ;
insert into g78 values (),();
select `col999` from g78 where `col1000` = "3" and `col1003` <=> sysdate();
[31 Jan 2011 13:27] MySQL Verification Team
some infos

Attachment: bug59843_info.txt (text/plain), 7.95 KiB.

[1 Feb 2011 9:22] Valeriy Kravchuk
I can confirm that this is not repeatable with valgrind build of current mysql-5.1 tree on 32-but Ubuntu 10.04.
[1 Feb 2011 13:25] Valeriy Kravchuk
Actually, uses_index_fields_only() is a new function in mysql-trunk. Not present even in 5.5.

Verified by code review.
[1 Feb 2011 13:54] Olav Sandstå
This valgrind error is in the code for Index Condition Pushdown (which is new code for 5.6). The error goes away if disabling index condition pushdown by adding the following to the test case:

  set optimizer_switch='index_condition_pushdown=off';
[7 Dec 2011 3:17] Paul DuBois
Noted in 5.6.3 changelog.

Index condition pushdown code accessed an uninitialized variable.