List:Commits« Previous MessageNext Message »
From:Guilhem Bichot Date:January 21 2011 3:14pm
Subject:[Resend] bzr commit into mysql-next-mr-bugfixing branch
(guilhem.bichot:3262)
View as plain text  
[This commit e-mail is a repeat.]

#At file:///home/mysql_src/bzrrepos_new/mysql-next-mr-opt-backporting-wl4800/ based on
revid:guilhem.bichot@stripped

 3262 Guilhem Bichot	2011-01-21
      Fix for optimizer trace bug (in fact, the same as EXPLAIN EXTENDED had: BUG 28728):
      crash when printing the expanded_query of a query containing a materialized
      FROM-clause derived table.
     @ include/my_sys.h
        In debug builds, make TRASH() overwrite memory so that it will segfault
        if dereferenced (we used to have this in safemalloc builds but they're gone).
        This is useful as without it, the bug (dereferencing a pointer in memory
        freed by free_root()) was not always repeatable (it maybe depended on
        whether the freed memory had already been reallocated+rewritten or not).
     @ mysql-test/t/optimizer_trace2.test
        test for bug
     @ mysys/my_alloc.c
        In free_root(), when we free() a block, TRASH() it first.
     @ sql/opt_trace.cc
        work around for BUG 57928 fixed in trunk but not yet merged
        in feature tree.
     @ sql/sql_select.cc
        extend the fix of EXPLAIN EXTENDED to apply to the optimizer trace

    modified:
      WL4800_TODO.txt
      include/my_sys.h
      mysql-test/r/optimizer_trace2.result
      mysql-test/t/optimizer_trace2.test
      mysys/my_alloc.c
      sql/opt_trace.cc
      sql/sql_select.cc
=== modified file 'WL4800_TODO.txt'
--- a/WL4800_TODO.txt	2011-01-20 21:13:56 +0000
+++ b/WL4800_TODO.txt	2011-01-21 15:11:00 +0000
@@ -49,6 +49,3 @@ should the debug binary really assert(0)
 good idea at the customer's? On the other hand, how to make sure a
 developer notices a syntax error when running tests?
 sql_print_warning() is an idea.
-
-Fix crashes: in test profiling.test with --valgrind, +- --ps-protocol,
-with --opt-trace-protocol; see BUG#28728.

=== modified file 'include/my_sys.h'
--- a/include/my_sys.h	2010-08-06 08:54:01 +0000
+++ b/include/my_sys.h	2011-01-21 15:11:00 +0000
@@ -162,7 +162,13 @@ extern void *my_memdup(const void *from,
 extern char *my_strdup(const char *from,myf MyFlags);
 extern char *my_strndup(const char *from, size_t length,
 				   myf MyFlags);
-#define TRASH(A,B) do{MEM_CHECK_ADDRESSABLE(A,B);MEM_UNDEFINED(A,B);} while (0)
+#ifndef DBUG_OFF
+/* Put bad content in memory to be sure it will segfault if dereferenced */
+#define TRASH_SUB(A,B) do{memset(A,0x8F,B);} while (0);
+#else
+#define TRASH_SUB(A,B)
+#endif
+#define TRASH(A,B) do{TRASH_SUB(A,B); MEM_CHECK_ADDRESSABLE(A,B);MEM_UNDEFINED(A,B);}
while (0)
 #if defined(ENABLED_DEBUG_SYNC)
 extern void (*debug_sync_C_callback_ptr)(const char *, size_t);
 #define DEBUG_SYNC_C(_sync_point_name_) do {                            \

=== modified file 'mysql-test/r/optimizer_trace2.result'
--- a/mysql-test/r/optimizer_trace2.result	2011-01-20 21:13:56 +0000
+++ b/mysql-test/r/optimizer_trace2.result	2011-01-21 15:11:00 +0000
@@ -1,4 +1,7 @@
 set optimizer_trace="enabled=on,end_marker=on";
+# check that if a sub-statement should not be traced,
+# it is not traced even if inside a traced top statement
+
 set optimizer_trace_offset=0, optimizer_trace_limit=100;
 create function f1(arg char(1)) returns int
 begin
@@ -20,6 +23,9 @@ select 1 into res from dual
 select 2 into res from dual
 set optimizer_trace_offset=default, optimizer_trace_limit=default;
 drop function f1;
+
+# check of crash with I_S.VIEWS (TABLE_LIST::alias==NULL)
+
 create table t1(a int, b int);
 create view v1 as select a from t1;
 select VIEW_DEFINITION from information_schema.VIEWS
@@ -32,6 +38,9 @@ locate("\"view\": \"v1\"", TRACE) != 0
 1
 drop table t1;
 drop view v1;
+
+# check for readable display of BIT values
+
 create table t1 (a bit(5), key(a));
 insert into t1 values(b'00000'),(b'01101');
 select cast(a as unsigned) from t1 where a > b'01100';
@@ -191,6 +200,9 @@ TRACE
   ] /* steps */
 }
 drop table t1;
+
+# check that trace lists all pushed down ON conditions
+
 create table t1 (i int not null);
 insert into t1 values (0),    (2),(3),(4);
 create table t2 (i int not null);
@@ -393,6 +405,10 @@ TRACE
   ] /* steps */
 }
 drop table t1,t2,t3;
+
+# test of tracing a query with an HAVING condition, in
+# ps-protocol, does not crash
+
 CREATE TABLE t1 (f1 INT, f2 VARCHAR(1));
 INSERT INTO t1 VALUES (16,'f');
 INSERT INTO t1 VALUES (16,'f');
@@ -411,3 +427,13 @@ f
 f
 f
 DROP TABLES t1,t2,t3;
+
+# Test that tracing a query with a materialized FROM-clause
+# derived table using a GROUP BY, does not crash
+
+create table t1 (a int, b int);
+insert into t1 values (1,1), (2,null), (3, 4);
+select max(x) from (select sum(a) as x from t1 group by b) as teeone;
+max(x)
+3
+drop table t1;

=== modified file 'mysql-test/t/optimizer_trace2.test'
--- a/mysql-test/t/optimizer_trace2.test	2011-01-20 21:13:56 +0000
+++ b/mysql-test/t/optimizer_trace2.test	2011-01-21 15:11:00 +0000
@@ -4,9 +4,10 @@
 
 set optimizer_trace="enabled=on,end_marker=on";
 
-# check that if a sub-statement should not be traced,
-# it is not traced even if inside a traced top statement
 
+--echo # check that if a sub-statement should not be traced,
+--echo # it is not traced even if inside a traced top statement
+--echo
 set optimizer_trace_offset=0, optimizer_trace_limit=100;
 delimiter |;
 create function f1(arg char(1)) returns int
@@ -30,7 +31,9 @@ delimiter ;|
 set optimizer_trace_offset=default, optimizer_trace_limit=default;
 drop function f1;
 
-# check of crash with I_S.VIEWS (TABLE_LIST::alias==NULL)
+--echo
+--echo # check of crash with I_S.VIEWS (TABLE_LIST::alias==NULL)
+--echo
 create table t1(a int, b int);
 create view v1 as select a from t1;
 select VIEW_DEFINITION from information_schema.VIEWS
@@ -40,7 +43,9 @@ from information_schema.OPTIMIZER_TRACE;
 drop table t1;
 drop view v1;
 
-# check for readable display of BIT values
+--echo
+--echo # check for readable display of BIT values
+--echo
 create table t1 (a bit(5), key(a));
 insert into t1 values(b'00000'),(b'01101');
 select cast(a as unsigned) from t1 where a > b'01100';
@@ -48,7 +53,9 @@ select cast(a as unsigned) from t1 where
 select TRACE from information_schema.OPTIMIZER_TRACE;
 drop table t1;
 
-# check that trace lists all pushed down ON conditions
+--echo
+--echo # check that trace lists all pushed down ON conditions
+--echo
 create table t1 (i int not null);
 insert into t1 values (0),    (2),(3),(4);
 create table t2 (i int not null);
@@ -68,7 +75,10 @@ select * from
 select TRACE from information_schema.OPTIMIZER_TRACE;
 drop table t1,t2,t3;
 
-# test of printing HAVING condition in ps-protocol (used to crash)
+--echo
+--echo # test of tracing a query with an HAVING condition, in
+--echo # ps-protocol, does not crash
+--echo
 # Comes from having.test
 
 CREATE TABLE t1 (f1 INT, f2 VARCHAR(1));
@@ -86,3 +96,13 @@ HAVING ('v', 'i') NOT IN (SELECT f2, MIN
 ORDER BY f2;
 
 DROP TABLES t1,t2,t3;
+
+--echo
+--echo # Test that tracing a query with a materialized FROM-clause
+--echo # derived table using a GROUP BY, does not crash
+--echo
+# Comes from profiling.test
+create table t1 (a int, b int);
+insert into t1 values (1,1), (2,null), (3, 4);
+select max(x) from (select sum(a) as x from t1 group by b) as teeone;
+drop table t1;

=== modified file 'mysys/my_alloc.c'
--- a/mysys/my_alloc.c	2010-07-08 21:20:08 +0000
+++ b/mysys/my_alloc.c	2011-01-21 15:11:00 +0000
@@ -73,6 +73,9 @@ void init_alloc_root(MEM_ROOT *mem_root,
 }
 
 
+#define TRASH_MEM(X) TRASH(((char*)(X) + ((X)->size-(X)->left)), (X)->left)
+
+
 /*
   SYNOPSIS
     reset_root_defaults()
@@ -120,7 +123,11 @@ void reset_root_defaults(MEM_ROOT *mem_r
         {
           /* remove block from the list and free it */
           *prev= mem->next;
-          my_free(mem);
+          {
+            mem->left= mem->size;
+            TRASH_MEM(mem);
+            my_free(mem);
+          }
         }
         else
           prev= &mem->next;
@@ -292,8 +299,6 @@ void *multi_alloc_root(MEM_ROOT *root, .
   DBUG_RETURN((void*) start);
 }
 
-#define TRASH_MEM(X) TRASH(((char*)(X) + ((X)->size-(X)->left)), (X)->left)
-
 /* Mark all data in blocks free for reusage */
 
 static inline void mark_blocks_free(MEM_ROOT* root)
@@ -362,13 +367,21 @@ void free_root(MEM_ROOT *root, myf MyFla
   {
     old=next; next= next->next ;
     if (old != root->pre_alloc)
+    {
+      old->left= old->size;
+      TRASH_MEM(old);
       my_free(old);
+    }
   }
   for (next=root->free ; next ;)
   {
     old=next; next= next->next;
     if (old != root->pre_alloc)
+    {
+      old->left= old->size;
+      TRASH_MEM(old);
       my_free(old);
+    }
   }
   root->used=root->free=0;
   if (root->pre_alloc)

=== modified file 'sql/opt_trace.cc'
--- a/sql/opt_trace.cc	2011-01-14 15:53:48 +0000
+++ b/sql/opt_trace.cc	2011-01-21 15:11:00 +0000
@@ -292,7 +292,7 @@ Opt_trace_struct& Opt_trace_struct::do_a
   add_key_name(key);
   LEX_CSTRING readables[]= { { STRING_WITH_LEN("false") },
                              { STRING_WITH_LEN("true") } };
-  const LEX_CSTRING *readable= &readables[(int)val];
+  const LEX_CSTRING *readable= &readables[test(val)];
   stmt->buffer.append(readable->str, readable->length);
   return *this;
 }

=== modified file 'sql/sql_select.cc'
--- a/sql/sql_select.cc	2011-01-20 21:13:56 +0000
+++ b/sql/sql_select.cc	2011-01-21 15:11:00 +0000
@@ -3379,11 +3379,20 @@ JOIN::exec()
     for a derived table which is always materialized.
     We also need to do this when we have temp table(s).
     Otherwise we would not be able to print the query correctly.
-  */ 
-  if (items0 && (thd->lex->describe & DESCRIBE_EXTENDED) &&
+    Same applies to the optimizer trace.
+  */
+  if (items0 && ((thd->lex->describe & DESCRIBE_EXTENDED)
+#ifdef OPTIMIZER_TRACE
+                 || (thd->opt_trace != NULL &&
+                     thd->opt_trace->is_started())
+#endif
+                 ) &&
       (select_lex->linkage == DERIVED_TABLE_TYPE ||
        exec_tmp_table1 || exec_tmp_table2))
+  {
+    DBUG_PRINT("info", ("restoring ref array for EXPLAIN EXTENDED, opt trace"));
     set_items_ref_array(items0);
+  }
 
   DBUG_VOID_RETURN;
 }


Attachment: [text/bzr-bundle] bzr/guilhem.bichot@oracle.com-20110121151100-52rms0bpipgflut1.bundle
Thread
[Resend] bzr commit into mysql-next-mr-bugfixing branch(guilhem.bichot:3262) Guilhem Bichot21 Jan