Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-6323

‘explain_node’ may be used uninitialized in this function

        Details

        • Type: Bug
        • Status: Closed
        • Priority: Major
        • Resolution: Fixed
        • Affects Version/s: 10.0.11
        • Fix Version/s: 10.1.3
        • Component/s: Optimizer
        • Labels:

          Description

          Compiling MariaDB with ASAN gives:
          cmake -DWITH_ASAN=ON -DCMAKE_BUILD_TYPE=Debug -DMYSQL_MAINTAINER_MODE=ON

          [ 51%] Building CXX object sql/CMakeFiles/sql.dir/sql_select.cc.o
In file included from /home/svoj/devel/maria/10.0/sql/handler.h:34:0,
                 from /home/svoj/devel/maria/10.0/sql/datadict.h:18,
                 from /home/svoj/devel/maria/10.0/sql/table.h:23,
                 from /home/svoj/devel/maria/10.0/sql/field.h:29,
                 from /home/svoj/devel/maria/10.0/sql/unireg.h:172,
                 from /home/svoj/devel/maria/10.0/sql/sql_select.cc:33:
/home/svoj/devel/maria/10.0/sql/sql_array.h: In member function ‘int JOIN::save_explain_data_intern(Explain_query*, bool, bool, bool, const char*)’:
/home/svoj/devel/maria/10.0/sql/sql_array.h:159:38: warning: ‘explain_node’ may be used uninitialized in this function [-Wmaybe-uninitialized]
     return insert_dynamic(&array, &el);
                                      ^
/home/svoj/devel/maria/10.0/sql/sql_select.cc:23218:17: note: ‘explain_node’ was declared here
   Explain_node *explain_node;
                 ^

          Please check if there is a real bug here.

            Gliffy Diagrams

              Attachments

                Issue Links

                relates to

                Bug - A problem which impairs or prevents the functions of the product. MDEV-6314 Compile/run MariaDB with ASan

                • Major - Major loss of function.
                • Closed

                  Activity

                  Ascending order - Click to sort in descending order
                  4 older comments
                  Hide
                  Permalink
                  psergey Sergei Petrunia added a comment -

                  It happens here:

                    #0  JOIN::optimize (this=this@entry=0x607200225f60) at /home/psergey/dev-git/10.0/sql/sql_select.cc:1022
  #1  0x00000000007d050b in mysql_select (thd=thd@entry=0x608600037270, rref_pointer_array=rref_pointer_array@entry=0x6072002087b8, tables=<optimized out>, wild_num=<optimized out>, fields=..., conds=<optimized out>, og_num=<optimized out>, og_num@entry=0, order=<optimized out>, group=<optimized out>, having=<optimized out>, proc_param=<optimized out>, proc_param@entry=0x0, select_options=<optimized out>, select_options@entry=2147748612, result=<optimized out>, result@entry=0x607200210600, unit=<optimized out>, unit@entry=0x607200207e50, select_lex=<optimized out>, select_lex@entry=0x607200208540) at /home/psergey/dev-git/10.0/sql/sql_select.cc:3296
  #2  0x00000000007d171d in mysql_explain_union (thd=thd@entry=0x608600037270, unit=unit@entry=0x607200207e50, result=result@entry=0x607200210600) at /home/psergey/dev-git/10.0/sql/sql_select.cc:23995
  #3  0x00000000007d1ade in select_describe (join=join@entry=0x607200209178, need_tmp_table=<optimized out>, need_order=<optimized out>, distinct=<optimized out>, message=<optimized out>) at /home/psergey/dev-git/10.0/sql/sql_select.cc:23952
  #4  0x00000000007d3570 in JOIN::exec_inner (this=this@entry=0x607200209178) at /home/psergey/dev-git/10.0/sql/sql_select.cc:2568
  #5  0x00000000007da8a3 in JOIN::exec (this=this@entry=0x607200209178) at /home/psergey/dev-git/10.0/sql/sql_select.cc:2370
  #6  0x00000000007d068e in mysql_select (thd=thd@entry=0x608600037270, rref_pointer_array=rref_pointer_array@entry=0x60860003b8e8, tables=<optimized out>, wild_num=<optimized out>, fields=..., conds=<optimized out>, og_num=<optimized out>, order=<optimized out>, order@entry=0x0, group=<optimized out>, having=<optimized out>, proc_param=<optimized out>, proc_param@entry=0x0, select_options=<optimized out>, select_options@entry=3489925892, result=<optimized out>, result@entry=0x607200210600, unit=<optimized out>, unit@entry=0x60860003af80, select_lex=<optimized out>, select_lex@entry=0x60860003b670) at /home/psergey/dev-git/10.0/sql/sql_select.cc:3310
  #7  0x00000000007d0c84 in handle_select (thd=thd@entry=0x608600037270, lex=lex@entry=0x60860003aeb8, result=result@entry=0x607200210600, setup_tables_done_option=setup_tables_done_option@entry=1073741824) at /home/psergey/dev-git/10.0/sql/sql_select.cc:373

                  Going up, we see that select_describe() calls mysql_explain_union for the VIEW here:

                      /* 
      Display subqueries only if they are not parts of eliminated WHERE/ON
      clauses.
    */
    if (!(unit->item && unit->item->eliminated))
    {
      if (mysql_explain_union(thd, unit, result))
        DBUG_VOID_RETURN;
    }

                  I think we should not try to run JOIN::optimize() on a VIEW that has been merged.

                  I suppose, it is important that the statement is INSERT ... SELECT. This is a case of special kind of VIEW merging. Need to discuss this with Oleksandr Byelkin.

                  Show
                  psergey Sergei Petrunia added a comment - It happens here: #0 JOIN::optimize (this=this@entry=0x607200225f60) at /home/psergey/dev-git/10.0/sql/sql_select.cc:1022 #1 0x00000000007d050b in mysql_select (thd=thd@entry=0x608600037270, rref_pointer_array=rref_pointer_array@entry=0x6072002087b8, tables=<optimized out>, wild_num=<optimized out>, fields=..., conds=<optimized out>, og_num=<optimized out>, og_num@entry=0, order=<optimized out>, group=<optimized out>, having=<optimized out>, proc_param=<optimized out>, proc_param@entry=0x0, select_options=<optimized out>, select_options@entry=2147748612, result=<optimized out>, result@entry=0x607200210600, unit=<optimized out>, unit@entry=0x607200207e50, select_lex=<optimized out>, select_lex@entry=0x607200208540) at /home/psergey/dev-git/10.0/sql/sql_select.cc:3296 #2 0x00000000007d171d in mysql_explain_union (thd=thd@entry=0x608600037270, unit=unit@entry=0x607200207e50, result=result@entry=0x607200210600) at /home/psergey/dev-git/10.0/sql/sql_select.cc:23995 #3 0x00000000007d1ade in select_describe (join=join@entry=0x607200209178, need_tmp_table=<optimized out>, need_order=<optimized out>, distinct=<optimized out>, message=<optimized out>) at /home/psergey/dev-git/10.0/sql/sql_select.cc:23952 #4 0x00000000007d3570 in JOIN::exec_inner (this=this@entry=0x607200209178) at /home/psergey/dev-git/10.0/sql/sql_select.cc:2568 #5 0x00000000007da8a3 in JOIN::exec (this=this@entry=0x607200209178) at /home/psergey/dev-git/10.0/sql/sql_select.cc:2370 #6 0x00000000007d068e in mysql_select (thd=thd@entry=0x608600037270, rref_pointer_array=rref_pointer_array@entry=0x60860003b8e8, tables=<optimized out>, wild_num=<optimized out>, fields=..., conds=<optimized out>, og_num=<optimized out>, order=<optimized out>, order@entry=0x0, group=<optimized out>, having=<optimized out>, proc_param=<optimized out>, proc_param@entry=0x0, select_options=<optimized out>, select_options@entry=3489925892, result=<optimized out>, result@entry=0x607200210600, unit=<optimized out>, unit@entry=0x60860003af80, select_lex=<optimized out>, select_lex@entry=0x60860003b670) at /home/psergey/dev-git/10.0/sql/sql_select.cc:3310 #7 0x00000000007d0c84 in handle_select (thd=thd@entry=0x608600037270, lex=lex@entry=0x60860003aeb8, result=result@entry=0x607200210600, setup_tables_done_option=setup_tables_done_option@entry=1073741824) at /home/psergey/dev-git/10.0/sql/sql_select.cc:373 Going up, we see that select_describe() calls mysql_explain_union for the VIEW here: /* Display subqueries only if they are not parts of eliminated WHERE/ON clauses. */ if (!(unit->item && unit->item->eliminated)) { if (mysql_explain_union(thd, unit, result)) DBUG_VOID_RETURN; } I think we should not try to run JOIN::optimize() on a VIEW that has been merged. I suppose, it is important that the statement is INSERT ... SELECT. This is a case of special kind of VIEW merging. Need to discuss this with Oleksandr Byelkin .
                  Hide
                  Permalink
                  psergey Sergei Petrunia added a comment -

                  Btw, the problem is only with EXPLAIN, the statement

                  INSERT INTO v1 SELECT * FROM t1;

                  does not call JOIN::optimize for the VIEW's select.

                  Show
                  psergey Sergei Petrunia added a comment - Btw, the problem is only with EXPLAIN, the statement INSERT INTO v1 SELECT * FROM t1; does not call JOIN::optimize for the VIEW's select.
                  Hide
                  Permalink
                  psergey Sergei Petrunia added a comment -

                  How to tell if this is a derived table that's "merged for INSERT":

                    Breakpoint 1, select_describe (join=0x7fffb4057ee8, need_tmp_table=false, need_order=false, distinct=false, message=0x0) at /home/psergey/dev-git/10.0/sql/sql_select.cc:23962

(gdb) p unit->derived
  $1 = (TABLE_LIST *) 0x7fffb4004f60
(gdb) p unit->derived->alias
  $2 = 0x7fffb4004f58 "v1"
(gdb) p unit->derived->merged_for_insert
  $3 = true
                  Show
                  psergey Sergei Petrunia added a comment - How to tell if this is a derived table that's "merged for INSERT": Breakpoint 1, select_describe (join=0x7fffb4057ee8, need_tmp_table=false, need_order=false, distinct=false, message=0x0) at /home/psergey/dev-git/10.0/sql/sql_select.cc:23962 (gdb) p unit->derived $1 = (TABLE_LIST *) 0x7fffb4004f60 (gdb) p unit->derived->alias $2 = 0x7fffb4004f58 "v1" (gdb) p unit->derived->merged_for_insert $3 = true
                  Hide
                  Permalink
                  psergey Sergei Petrunia added a comment -

                  Developed a fix, against 10.0 tree. I am hesitant to push it into 10.0, though, as the fix doesn't fix any user-visible effect. It only makes the compiler warning go away, and makes the code cleaner.

                  Interestingly, 10.1 has the same code, but ASAN doesn't produce the warning there. It doesn't produce it even if I take the g++ command line from 10.0 and compile sql_select.cc in 10.1 with it. Instead, it produces warnings in LooseScan code (which is most likely the same between 10.0 and 10.1, too. And I dont get the warnings in LooseScan code in 10.0).

                  Show
                  psergey Sergei Petrunia added a comment - Developed a fix, against 10.0 tree. I am hesitant to push it into 10.0, though, as the fix doesn't fix any user-visible effect. It only makes the compiler warning go away, and makes the code cleaner. Interestingly, 10.1 has the same code, but ASAN doesn't produce the warning there. It doesn't produce it even if I take the g++ command line from 10.0 and compile sql_select.cc in 10.1 with it. Instead, it produces warnings in LooseScan code (which is most likely the same between 10.0 and 10.1, too. And I dont get the warnings in LooseScan code in 10.0).
                  Hide
                  Permalink
                  psergey Sergei Petrunia added a comment -

                  Considering the above, I will still push the fix into 10.1 but not into 10.0

                  Show
                  psergey Sergei Petrunia added a comment - Considering the above, I will still push the fix into 10.1 but not into 10.0

                    People

                    • Assignee:
                      psergey Sergei Petrunia
                      Reporter:
                      svoj Sergey Vojtovich
                    • Votes:
                      0 Vote for this issue
                      Watchers:
                      2 Start watching this issue

                      Dates

                      • Created:
                        Updated:
                        Resolved: