Bug #74842 Incorrect attribute((nonnull)) for btr_cur_ins_lock_and_undo callees
Submitted: 13 Nov 2014 19:31 Modified: 1 Jul 2015 3:58
Reporter: Laurynas Biveinis (OCA) Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: InnoDB storage engine Severity:S1 (Critical)
Version:5.6 OS:Any
Assigned to: CPU Architecture:Any
Tags: gcc

[13 Nov 2014 19:31] Laurynas Biveinis
Description:
lock_rec_insert_check_and_lock is attribute((nonnull)). But its thr arg might be NULL legitimately, inspect btr_insert_on_non_leaf_level_func calling btr_cur_pessimistic_insert.

This might be a potential cause for a too-aggressive compiler optimization. We might have seen this on Percona Server 5.6 built with GCC 4.9 on Ubuntu Utopic, 32 bits, still working to confirm this, but this is a bug in any case.

This also might be related to a change in 5.7.6 that documented to remove nonnull attributes altogether.

How to repeat:
Code inspection as described above. Or, add ut_ad(thr) to lock_rec_insert_check_and_lock, remove the nonnull attribute from its prototype so that the ut_ad is not compiled away, run MTR innodb.innodb test, observe the stacktrace where this function is called with a legal NULL arg.

Suggested fix:
Make the nonnull attribute not apply to the thr arg.
[13 Nov 2014 19:35] Laurynas Biveinis
Bug 74842 patch for 5.6

(*) I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.

Contribution: bug74842.patch (application/octet-stream, text), 1.03 KiB.

[14 Nov 2014 6:11] Laurynas Biveinis
The same applies to trx_undo_report_row_operation.
[14 Nov 2014 6:19] Laurynas Biveinis
Bug 74842 patch for 5.6, including trx_undo_report_row_operation

(*) I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.

Contribution: bug74842.patch (application/octet-stream, text), 1.60 KiB.

[14 Nov 2014 9:41] Laurynas Biveinis
Confirmed that fixing this bug fixed the too-aggressive optimisation we encountered.
[14 Jan 2015 19:01] Laurynas Biveinis
I wonder why this bug is not verified yet? The thing that needs verifying is not a miscompilation (which is a potential consequence of this bug), but simply an incorrect attribute((nonnull)) in the source code.
[1 Jul 2015 3:58] Umesh Shastry
Hello Laurynas,

Thank you for the report and contribution.

Thanks,
Umesh