Details
Blocker Description
On one hand, it's a non-debug crash of a bad kind (usually when similar stack traces come from the real world, they are poorly resolved and the failures are not easily reproducible). On the other hand, the test case is very unrealistic. So, I don't expect it to be fixed soon, but it's good to have it filed, so that we can match similar observations with it.
UPD: The test case in the description is for 10.2 only. See comments for a test case for higher versions.
CREATE TABLE t1 (a INT); |
INSERT INTO t1 VALUES (1),(2); |
SELECT DISTINCT CASE CONVERT(EXPORT_SET(0, COLLATION(BENCHMARK(1, BIT_OR(0))),0),TIME) WHEN a THEN 1 END AS f FROM t1; |
|
|
# Cleanup
|
DROP TABLE t1; |
|
10.2 debug 7c5519c1 |
#3 <signal handler called>
|
#4 0x0000563edc4a97a2 in JOIN_CACHE::free (this=0x8f8f8f8f8f8f8f8f) at /data/src/10.2/sql/sql_join_cache.h:673
|
#5 0x0000563edc47dd4c in st_join_table::cleanup (this=0x7f14100159a8) at /data/src/10.2/sql/sql_select.cc:11943
|
#6 0x0000563edc47ed5a in JOIN::cleanup (this=0x7f1410013d28, full=true) at /data/src/10.2/sql/sql_select.cc:12364
|
#7 0x0000563edc467c2d in JOIN::destroy (this=0x7f1410013d28) at /data/src/10.2/sql/sql_select.cc:3664
|
#8 0x0000563edc50ec7e in st_select_lex::cleanup (this=0x7f14100050c8) at /data/src/10.2/sql/sql_union.cc:1558
|
#9 0x0000563edc468201 in mysql_select (thd=0x7f1410000d90, tables=0x7f1410013610, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748609, result=0x7f1410013d08, unit=0x7f1410004988, select_lex=0x7f14100050c8) at /data/src/10.2/sql/sql_select.cc:3845
|
#10 0x0000563edc45c31a in handle_select (thd=0x7f1410000d90, lex=0x7f14100048c8, result=0x7f1410013d08, setup_tables_done_option=0) at /data/src/10.2/sql/sql_select.cc:361
|
#11 0x0000563edc426eb8 in execute_sqlcom_select (thd=0x7f1410000d90, all_tables=0x7f1410013610) at /data/src/10.2/sql/sql_parse.cc:6218
|
#12 0x0000563edc41d77a in mysql_execute_command (thd=0x7f1410000d90) at /data/src/10.2/sql/sql_parse.cc:3524
|
#13 0x0000563edc42ac47 in mysql_parse (thd=0x7f1410000d90, rawbuf=0x7f14100126f8 "SELECT DISTINCT CASE CONVERT(EXPORT_SET(0, COLLATION(BENCHMARK(1, BIT_OR(0))),0),TIME) WHEN a THEN 1 END AS f FROM t1", length=117, parser_state=0x7f1421eb75f0, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7733
|
#14 0x0000563edc418f56 in dispatch_command (command=COM_QUERY, thd=0x7f1410000d90, packet=0x7f1410008b51 "", packet_length=117, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1823
|
#15 0x0000563edc417a51 in do_command (thd=0x7f1410000d90) at /data/src/10.2/sql/sql_parse.cc:1377
|
#16 0x0000563edc571695 in do_handle_one_connection (connect=0x563edfffc9d0) at /data/src/10.2/sql/sql_connect.cc:1336
|
#17 0x0000563edc5713fa in handle_one_connection (arg=0x563edfffc9d0) at /data/src/10.2/sql/sql_connect.cc:1241
|
#18 0x0000563edcd95a6c in pfs_spawn_thread (arg=0x563ee00055a0) at /data/src/10.2/storage/perfschema/pfs.cc:1869
|
#19 0x00007f142826e609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#20 0x00007f1427e48103 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
|
10.2 ASAN 7c5519c1 |
==1843582==ERROR: AddressSanitizer: use-after-poison on address 0x62b000003760 at pc 0x7f0f4aba4f2d bp 0x7f0f3fce6b80 sp 0x7f0f3fce6328
|
WRITE of size 944 at 0x62b000003760 thread T5
|
#0 0x7f0f4aba4f2c (/lib/x86_64-linux-gnu/libasan.so.5+0x67f2c)
|
#1 0x5644d9edf101 in JOIN::make_aggr_tables_info() /data/src/10.2/sql/sql_select.cc:2680
|
#2 0x5644d9ed9e5b in JOIN::optimize_inner() /data/src/10.2/sql/sql_select.cc:2246
|
#3 0x5644d9ece69b in JOIN::optimize() /data/src/10.2/sql/sql_select.cc:1114
|
#4 0x5644d9ee9cb1 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.2/sql/sql_select.cc:3819
|
#5 0x5644d9ec6aa1 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:361
|
#6 0x5644d9e3ecaf in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6218
|
#7 0x5644d9e2bab7 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3524
|
#8 0x5644d9e48165 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7733
|
#9 0x5644d9e21460 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1823
|
#10 0x5644d9e1e23c in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1377
|
#11 0x5644da1a1e99 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
|
#12 0x5644da1a175c in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
|
#13 0x5644db521b3b in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869
|
#14 0x7f0f4aa4c608 in start_thread /build/glibc-YYA7BZ/glibc-2.31/nptl/pthread_create.c:477
|
#15 0x7f0f4a628102 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122102)
|
|
|
0x62b000003760 is located 13664 bytes inside of 24716-byte region [0x62b000000200,0x62b00000628c)
|
allocated by thread T5 here:
|
#0 0x7f0f4ac4abc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
|
#1 0x5644db704ce9 in sf_malloc /data/src/10.2/mysys/safemalloc.c:118
|
#2 0x5644db6d109e in my_malloc /data/src/10.2/mysys/my_malloc.c:101
|
#3 0x5644db6ae139 in reset_root_defaults /data/src/10.2/mysys/my_alloc.c:147
|
#4 0x5644d9d68c27 in THD::init_for_queries() /data/src/10.2/sql/sql_class.cc:1313
|
#5 0x5644da1a10da in prepare_new_connection_state(THD*) /data/src/10.2/sql/sql_connect.cc:1172
|
#6 0x5644da1a17a6 in thd_prepare_connection(THD*) /data/src/10.2/sql/sql_connect.cc:1256
|
#7 0x5644da1a1dc4 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1326
|
#8 0x5644da1a175c in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
|
#9 0x5644db521b3b in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869
|
#10 0x7f0f4aa4c608 in start_thread /build/glibc-YYA7BZ/glibc-2.31/nptl/pthread_create.c:477
|
|
|
Thread T5 created by T0 here:
|
#0 0x7f0f4ab77805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
|
#1 0x5644db521f2c in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1919
|
#2 0x5644d9bc6177 in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1246
|
#3 0x5644d9bddb07 in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6518
|
#4 0x5644d9bde298 in create_new_thread /data/src/10.2/sql/mysqld.cc:6588
|
#5 0x5644d9bdf423 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6846
|
#6 0x5644d9bdce79 in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6137
|
#7 0x5644d9bc4a5c in main /data/src/10.2/sql/main.cc:25
|
#8 0x7f0f4a52d0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
|
|
|
SUMMARY: AddressSanitizer: use-after-poison (/lib/x86_64-linux-gnu/libasan.so.5+0x67f2c)
|
Shadow bytes around the buggy address:
|
0x0c567fff8690: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c567fff86a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c567fff86b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c567fff86c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c567fff86d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
=>0x0c567fff86e0: 00 00 00 00 00 00 00 00 00 00 00 00[f7]00 00 f7
|
0x0c567fff86f0: 00 00 f7 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c567fff8700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c567fff8710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c567fff8720: 00 00 00 00 00 00 00 00 00 00 00 00 00 f7 00 00
|
0x0c567fff8730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
Shadow gap: cc
|
==1843582==ABORTING
|
|
10.2 rel 7c5519c1 |
#5 <signal handler called>
|
#6 0x0000000000000002 in ?? ()
|
#7 0x00005653f7c1cf0e in copy_fields (param=0x7f90080128c0) at /data/src/10.2/sql/sql_select.cc:23502
|
#8 0x00005653f7c1d492 in end_write (join=0x7f9008010980, join_tab=0x7f9008012250, end_of_records=<optimized out>) at /data/src/10.2/sql/sql_select.cc:20259
|
#9 0x00005653f7c2b59a in AGGR_OP::put_record (this=<optimized out>) at /data/src/10.2/sql/sql_select.h:973
|
#10 sub_select_postjoin_aggr (join=0x7f9008010980, join_tab=<optimized out>, end_of_records=<optimized out>) at /data/src/10.2/sql/sql_select.cc:18577
|
#11 0x00005653f7bfddaf in evaluate_join_record (join=join@entry=0x7f9008010980, join_tab=join_tab@entry=0x7f9008011ea0, error=<optimized out>) at /data/src/10.2/sql/sql_select.cc:19076
|
#12 0x00005653f7c07b23 in sub_select (end_of_records=false, join_tab=0x7f9008011ea0, join=0x7f9008010980) at /data/src/10.2/sql/sql_select.cc:18856
|
#13 sub_select (join=0x7f9008010980, join_tab=0x7f9008011ea0, end_of_records=<optimized out>) at /data/src/10.2/sql/sql_select.cc:18791
|
#14 0x00005653f7c30757 in do_select (procedure=<optimized out>, join=0x7f9008010980) at /data/src/10.2/sql/sql_select.cc:18400
|
#15 JOIN::exec_inner (this=this@entry=0x7f9008010980) at /data/src/10.2/sql/sql_select.cc:3638
|
#16 0x00005653f7c309f7 in JOIN::exec (this=this@entry=0x7f9008010980) at /data/src/10.2/sql/sql_select.cc:3433
|
#17 0x00005653f7c30b3a in mysql_select (thd=0x7f9008000c48, tables=0x7f9008010268, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748609, result=0x7f9008010960, unit=0x7f9008004680, select_lex=0x7f9008004dc0) at /data/src/10.2/sql/sql_select.cc:3833
|
#18 0x00005653f7c314af in handle_select (thd=thd@entry=0x7f9008000c48, lex=lex@entry=0x7f90080045c0, result=result@entry=0x7f9008010960, setup_tables_done_option=setup_tables_done_option@entry=0) at /data/src/10.2/sql/sql_select.cc:361
|
#19 0x00005653f7bc6b91 in execute_sqlcom_select (thd=0x7f9008000c48, all_tables=0x7f9008010268) at /data/src/10.2/sql/sql_parse.cc:6218
|
#20 0x00005653f7bd41f2 in mysql_execute_command (thd=0x7f9008000c48) at /data/src/10.2/sql/sql_parse.cc:3524
|
#21 0x00005653f7bd70eb in mysql_parse (thd=thd@entry=0x7f9008000c48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7f9019ffb5b0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.2/sql/sql_parse.cc:7733
|
#22 0x00005653f7bda39d in dispatch_command (command=COM_QUERY, thd=0x7f9008000c48, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.2/sql/sql_class.h:1095
|
#23 0x00005653f7bdb527 in do_command (thd=0x7f9008000c48) at /data/src/10.2/sql/sql_parse.cc:1377
|
#24 0x00005653f7cb3876 in do_handle_one_connection (connect=connect@entry=0x5653f96996f8) at /data/src/10.2/sql/sql_connect.cc:1336
|
#25 0x00005653f7cb39ef in handle_one_connection (arg=arg@entry=0x5653f96996f8) at /data/src/10.2/sql/sql_connect.cc:1241
|
#26 0x00005653f824a9b6 in pfs_spawn_thread (arg=0x5653f96a4e38) at /data/src/10.2/storage/perfschema/pfs.cc:1869
|
#27 0x00007f90203b3609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#28 0x00007f901ffa8103 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Reproducible with at least MyISAM, InnoDB, Aria, on release, debug and ASAN builds as shown above.
Not reproducible on 10.1 or 10.3+.
Attachments
Issue Links
- is duplicated by
-
MDEV-26431 MariaDB Server use-after-poison
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Open
-
-
-
- Open
-
Activity
Trying a similar example that works:
create table t1 (a int, b int);
|
insert into t1 select seq, seq from seq_1_to_10;
|
explain select distinct a, avg(1)+1 from t10;
|
+------+-------------+-------+------+---------------+------+---------+------+------+-------+
|
| id | select_type | table | type | possible_keys | key | key_len | ref | rows | Extra |
|
+------+-------------+-------+------+---------------+------+---------+------+------+-------+
|
| 1 | SIMPLE | t10 | ALL | NULL | NULL | NULL | NULL | 6 | |
|
+------+-------------+-------+------+---------------+------+---------+------+------+-------+
|
Note that this doesn't use temp.table. This is correct: implicit grouping operation doesn't require a temp table; after that we have just one row and do not need to remove duplicates.
Debugging this query:
In JOIN::get_best_combination(), select_distinct=true.
This causes aggr_tables=1.
Then, this code in JOIN::optimize_stage2(): (Denote as DISTINCT-REMOVAL)
if (group || tmp_table_param.sum_func_count)
|
{
|
if (! hidden_group_fields && rollup.state == ROLLUP::STATE_NONE
|
&& !select_lex->have_window_funcs())
|
select_distinct=0;
|
}
|
sets select_distinct to 0.
(Here group=false, sum_func_count=1, hidden_group_fields=false)
Then we reach this line:
need_tmp= test_if_need_tmp_table();
|
and get need_tmp=false.
Also, implicit_grouping=true for this query. It is set to true in JOIN::prepare(), JOIN::prepare_stage2():
if (tmp_table_param.sum_func_count && !group_list) |
{
|
implicit_grouping= TRUE;
|
// Result will contain zero or one row - ordering is meaningless |
order= NULL;
|
}
|
Now, debugging the failing query.
DISTINCT-REMOVAL doesn't fire because tmp_table_param.sum_func_count=0.
If I set select_distinct=0 manually, I get no grouping:
+-------------------------------+
|
| a IN ( COLLATION (AVG ('x'))) |
|
+-------------------------------+
|
| NULL |
|
| NULL |
|
+-------------------------------+
|
Ok, the description of the failure using this example query:
SELECT DISTINCT a IN ( COLLATION (AVG ('x'))) FROM t1 ;
|
The first component is: COLLATION(AVG('x')) is replaced with a constant here:
(gdb) wher
|
#0 convert_const_to_int (thd=0x7fff7c000d50, field_item=0x7fff7c013978, item=0x7fff7c013eb8) at /home/psergey/dev-git/10.3-r3/sql/item_cmpfunc.cc:345
|
#1 0x0000555555fbcea3 in Item_func::convert_const_compared_to_int_field (this=0x7fff7c013e20, thd=0x7fff7c000d50) at /home/psergey/dev-git/10.3-r3/sql/item_cmpfunc.cc:421
|
#2 0x0000555555fbd073 in Item_func::setup_args_and_comparator (this=0x7fff7c013e20, thd=0x7fff7c000d50, cmp=0x7fff7c013ee0) at /home/psergey/dev-git/10.3-r3/sql/item_cmpfunc.cc:441
|
#3 0x0000555555fbd239 in Item_bool_rowready_func2::fix_length_and_dec (this=0x7fff7c013e20) at /home/psergey/dev-git/10.3-r3/sql/item_cmpfunc.cc:474
|
#4 0x0000555555ffcaff in Item_func::fix_fields (this=0x7fff7c013e20, thd=0x7fff7c000d50, ref=0x7fff7c013f90) at /home/psergey/dev-git/10.3-r3/sql/item_func.cc:370
|
#5 0x0000555555b4a46c in Item::fix_fields_if_needed (this=0x7fff7c013e20, thd=0x7fff7c000d50, ref=0x7fff7c013f90) at /home/psergey/dev-git/10.3-r3/sql/item.h:829
|
#6 0x0000555555b4a499 in Item::fix_fields_if_needed_for_scalar (this=0x7fff7c013e20, thd=0x7fff7c000d50, ref=0x7fff7c013f90) at /home/psergey/dev-git/10.3-r3/sql/item.h:833
|
#7 0x0000555555bc473e in setup_fields (thd=0x7fff7c000d50, ref_pointer_array=..., fields=..., column_usage=MARK_COLUMNS_READ, sum_func_list=0x7fff7c014aa0, pre_fix=0x7fff7c0054d8, allow_sum_func=true) at /home/psergey/dev-git/10.3-r3/sql/sql_base.cc:7542
|
#8 0x0000555555c9768f in JOIN::prepare (this=0x7fff7c014788, tables_init=0x7fff7c014028, wild_num=0, conds_init=0x0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fff7c005398, unit_arg=0x7fff7c004c00) at /home/psergey/dev-git/10.3-r3/sql/sql_select.cc:1167
|
#9 0x0000555555ca2fa9 in mysql_select (thd=0x7fff7c000d50, tables=0x7fff7c014028, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748609, result=0x7fff7c014760, unit=0x7fff7c004c00, select_lex=0x7fff7c005398) at /home/psergey/dev-git/10.3-r3/sql/sql_select.cc:4346
|
Note that COLLATION() is important as its value is a constant regardless of whether its argument is a constant.
Because AVG('x') is removed from the select list, split_sum_func() is not called for it. And we have:
join->tmp_table_param.sum_func_count=0
Then, this if-branch is not taken in JOIN::prepare_stage2():
if (tmp_table_param.sum_func_count && !group_list) |
{
|
implicit_grouping= TRUE;
|
// Result will contain zero or one row - ordering is meaningless |
order= NULL;
|
}
|
We should have had implicit_grouping=TRUE.
Then, in JOIN::get_best_combination() we get aggr_tables=1.
Then, this branch in JOIN::optimize_stage2 is not taken:
if (group || tmp_table_param.sum_func_count) |
{
|
if (! hidden_group_fields && rollup.state == ROLLUP::STATE_NONE |
&& !select_lex->have_window_funcs())
|
select_distinct=0;
|
}
|
We have select_distinct=true even if we should have had select_distinct=false.
Because of this, when we reach this code
need_tmp= test_if_need_tmp_table();
|
we get need_tmp=true even if we should have gotten false.
Then, in JOIN::make_aggr_tables_info() we get into the "if (need_tmp)" branch
and into create_postjoin_aggr_table().
create_tmp_table() encounters an Item_func_eq representing "t1.a=0"
which however still has item->with_sum_func=true. It sets param->using_outer_summary_function:
/*
|
Mark that the we have ignored an item that refers to a summary
|
function. We need to know this if someone is going to use
|
DISTINCT on the result.
|
*/
|
param->using_outer_summary_function=1;
|
which is then copied to join->tmp_table_param.using_outer_summary_function.
Then, we get into this branch:
/* |
If we have different sort & group then we must sort the data by group
|
and copy it to another tmp table
|
This code is also used if we are using distinct something
|
we haven't been able to store in the temporary table yet
|
like SEC_TO_TIME(SUM(...)).
|
*/
|
if ((group_list && |
(!test_if_subpart(group_list, order) || select_distinct)) ||
|
(select_distinct && tmp_table_param.using_outer_summary_function))
|
{ /* Must copy to another table */ |
DBUG_PRINT("info",("Creating group table")); |
which causes a crash.
Filed MDEV-29237 about possible issues in the code in JOIN::get_best_combination().
.. it's false, because the query actually has no aggregate functions:
SELECT DISTINCT a IN ( COLLATION (AVG ('x'))) FROM t1Note AVG('X'). It's a constant, and the code in fix_fields() replaces it with a constant.
$159 = 0x555557aff3c0 <dbug_item_print_buf> "t1.a = 0"(the "a IN (b)" is replaced with a=b at parser level. Then, numeric comparison is used for the equality, and COLLATION(AVG('X')) is replaced with "0".)
Then, we have this:
(gdb) p item->args[0]$160 = (Item_aggregate_ref *) 0x7fff9c018d38(gdb) p item->args[1]->with_sum_func()$161 = false(gdb) p item->args[1]$162 = (Item_int_with_ref *) 0x7fff9c018cb8(gdb) p item->args[1]->with_sum_func()$163 = false(gdb) p item->args[0]->ref[0]$165 = (Item_field *) 0x7fff9c016dd8