[MDEV-277] CHEAP SQ: Server crashes in st_join_table::get_examined_rows with semijoin+materialization, IN and = subqueries - JIRA

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 5.5.25
Component/s: None
Labels:
None

Description

#3  <signal handler called>
#4  0x000000000067366f in st_join_table::get_examined_rows (this=0x1f81798)
    at /home/elenst/5.5-timour/sql/sql_select.cc:10260
#5  0x000000000066ad65 in JOIN::get_examined_rows (this=0x1f7dd30)
    at /home/elenst/5.5-timour/sql/sql_select.cc:6630
#6  0x0000000000867ee1 in Item_subselect::is_expensive (this=0x1f79bd0)
    at /home/elenst/5.5-timour/sql/item_subselect.cc:560
#7  0x000000000067566c in check_simple_equality (left_item=0x1f588a8, 
    right_item=0x1f79bd0, item=0x1f79d48, cond_equal=0x7f9bf69b0560)
    at /home/elenst/5.5-timour/sql/sql_select.cc:11247
#8  0x0000000000675d78 in check_equality (thd=0x1e66ac0, item=0x1f79d48, 
    cond_equal=0x7f9bf69b0560, eq_list=0x7f9bf69b05e0)
    at /home/elenst/5.5-timour/sql/sql_select.cc:11428
#9  0x00000000006761c8 in build_equal_items_for_cond (thd=0x1e66ac0, cond=0x1f79d48, 
    inherited=0x0) at /home/elenst/5.5-timour/sql/sql_select.cc:11594
#10 0x00000000006765cc in build_equal_items (thd=0x1e66ac0, cond=0x1f79d48, 
    inherited=0x0, join_list=0x1e69688, cond_equal_ref=0x1f7a390)
    at /home/elenst/5.5-timour/sql/sql_select.cc:11726
#11 0x00000000006797c3 in optimize_cond (join=0x1f79f88, conds=0x1f79d48, 
    join_list=0x1e69688, cond_value=0x1f7a270, cond_equal=0x1f7a390)
    at /home/elenst/5.5-timour/sql/sql_select.cc:13195
#12 0x000000000065ab36 in JOIN::optimize (this=0x1f79f88)
    at /home/elenst/5.5-timour/sql/sql_select.cc:1060
#13 0x0000000000661a94 in mysql_select (thd=0x1e66ac0, rref_pointer_array=0x1e69770, 
    tables=0x1f582c0, wild_num=1, fields=..., conds=0x1f79d48, og_num=0, order=0x0, 
    group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x1f79f68, 
    unit=0x1e68e40, select_lex=0x1e69518)
    at /home/elenst/5.5-timour/sql/sql_select.cc:3004
#14 0x0000000000658902 in handle_select (thd=0x1e66ac0, lex=0x1e68d90, result=0x1f79f68, 
    setup_tables_done_option=0) at /home/elenst/5.5-timour/sql/sql_select.cc:310
#15 0x0000000000632258 in execute_sqlcom_select (thd=0x1e66ac0, all_tables=0x1f582c0)
    at /home/elenst/5.5-timour/sql/sql_parse.cc:4616
#16 0x000000000062b2bb in mysql_execute_command (thd=0x1e66ac0)
    at /home/elenst/5.5-timour/sql/sql_parse.cc:2184
#17 0x0000000000634a7b in mysql_parse (thd=0x1e66ac0, 
    rawbuf=0x1f58048 "SELECT * FROM A \nWHERE a1 = ( \nSELECT COUNT(*) FROM A \nWHERE a1 IN ( SELECT a1 FROM A, B )\n)", length=92, parser_state=0x7f9bf69b1600)
    at /home/elenst/5.5-timour/sql/sql_parse.cc:5731
#18 0x0000000000628929 in dispatch_command (command=COM_QUERY, thd=0x1e66ac0, 
    packet=0x1fe7cc1 "SELECT * FROM A \nWHERE a1 = ( \nSELECT COUNT(*) FROM A \nWHERE a1 IN ( SELECT a1 FROM A, B )\n)", packet_length=92)
    at /home/elenst/5.5-timour/sql/sql_parse.cc:1055
#19 0x0000000000627bfc in do_command (thd=0x1e66ac0)
    at /home/elenst/5.5-timour/sql/sql_parse.cc:794
#20 0x0000000000723eed in do_handle_one_connection (thd_arg=0x1e66ac0)
    at /home/elenst/5.5-timour/sql/sql_connect.cc:1253
#21 0x00000000007239b0 in handle_one_connection (arg=0x1e66ac0)
    at /home/elenst/5.5-timour/sql/sql_connect.cc:1168

bzr version-info

revision-id: timour@askmonty.org-20120517104605-5s2rh8r8840gvgs4
date: 2012-05-17 13:46:05 +0300
revno: 3403

EXPLAIN also crashes.

Test case:

SET optimizer_switch = 'materialization=on,semijoin=on';

CREATE TABLE A (a1 INT);
INSERT INTO A VALUES (4),(6);
CREATE TABLE B (b1 INT);
INSERT INTO B VALUES (1),(7);

SELECT * FROM A
WHERE a1 = ( 
  SELECT COUNT(*) FROM A 
  WHERE a1 IN ( SELECT a1 FROM A, B )
);

Gliffy Diagrams

Attachments

Issue Links

relates to

MDEV-193 LP:944706 - Query with impossible or constant subquery in WHERE or HAVING is not precomputed and thus not part of optimization

Closed

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Timour Katchaounov added a comment - 2012-05-17 16:49

The cause for this bug is that the method JOIN::get_examined_rows iterates over all JOIN_TABs of the join assuming they are just a sequence.
In the query above, the innermost subquery is merged into its parent query. When we call JOIN::get_examined_rows for the second-level subquery, the iteration that assumes sequential order of join tabs goes outside the join_tab array and calls the method JOIN_TAB::get_examined_rows on uninitialized memory.

The fix is to properly take into account the fact that a subquery itself may have changed its structure due to semi-join flattening of inner subqueries.

I will need Sergey Petrunia for this.

Show

Timour Katchaounov added a comment - 2012-05-17 16:49 The cause for this bug is that the method JOIN::get_examined_rows iterates over all JOIN_TABs of the join assuming they are just a sequence. In the query above, the innermost subquery is merged into its parent query. When we call JOIN::get_examined_rows for the second-level subquery, the iteration that assumes sequential order of join tabs goes outside the join_tab array and calls the method JOIN_TAB::get_examined_rows on uninitialized memory. The fix is to properly take into account the fact that a subquery itself may have changed its structure due to semi-join flattening of inner subqueries. I will need Sergey Petrunia for this.

Hide

Permalink

Timour Katchaounov added a comment - 2012-05-17 22:54

Fix pushed to lp:~maria-captains/maria/5.5-timour

Show

Timour Katchaounov added a comment - 2012-05-17 22:54 Fix pushed to lp:~maria-captains/maria/5.5-timour

People

Assignee:

Timour Katchaounov

Reporter:

Elena Stepanova

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2012-05-17 15:40

Updated:

2012-05-17 22:54

Resolved:

2012-05-17 22:54

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

Agile

View on Board