Details
-
Bug
-
Status: Closed (View Workflow)
-
Blocker
-
Resolution: Fixed
-
10.5, 10.6, 10.11, 11.2(EOL), 11.4
Description
The failure is similar to MDEV-31007, except that this one started happening fairly recently. I cannot say when exactly because for a while it was hidden by the family of "Item::build_clone" problems, I only know that it wasn't failing on 10.5.25, it was failing with "Item::build_clone" assertions/crashes on 10.5.26, and now when some of them are fixed, it fails like below.
Thus I am filing it as a blocker, feel free to demote if you choose so.
CREATE VIEW v AS select 0 AS f; |
SELECT * FROM v WHERE f = DEFAULT(f); |
|
|
# Cleanup
|
DROP VIEW v; |
|
10.5 284593413f73cbaf4723f1e230bc7eb178774ba3 |
mariadbd: /data/bld/10.5-asan/sql/item.cc:7873: Item* find_producing_item(Item*, st_select_lex*): Assertion `item->type() == Item::FIELD_ITEM || item->type() == Item::TRIGGER_FIELD_ITEM || (item->type() == Item::REF_ITEM && ((Item_ref *) item)->ref_type() == Item_ref::VIEW_REF)' failed.
|
241028 21:52:06 [ERROR] mysqld got signal 6 ;
|
|
|
#9 0x00007f8bdbe53e32 in __GI___assert_fail (assertion=0x562550c3bde0 "item->type() == Item::FIELD_ITEM || item->type() == Item::TRIGGER_FIELD_ITEM || (item->type() == Item::REF_ITEM && ((Item_ref *) item)->ref_type() == Item_ref::VIEW_REF)", file=0x562550c35f60 "/data/bld/10.5-asan/sql/item.cc", line=7873, function=0x562550c3bec0 "Item* find_producing_item(Item*, st_select_lex*)") at ./assert/assert.c:101
|
#10 0x000056254ee242f1 in find_producing_item (item=0x62900023a768, sel=0x62b00003bd30) at /data/bld/10.5-asan/sql/item.cc:7873
|
#11 0x000056254ee247dd in Item_field::derived_field_transformer_for_where (this=0x62900023a768, thd=0x62b000069218, arg=0x62b00003bd30 "") at /data/bld/10.5-asan/sql/item.cc:7910
|
#12 0x000056254ee387c8 in Item_default_value::transform (this=0x62900023a768, thd=0x62b000069218, transformer=&virtual Item::derived_field_transformer_for_where(THD*, unsigned char*), args=0x62b00003bd30 "") at /data/bld/10.5-asan/sql/item.cc:9842
|
#13 0x000056254eeea55f in Item_args::transform_args (this=0x62900023a948, thd=0x62b000069218, transformer=&virtual table offset 1344, arg=0x62b00003bd30 "") at /data/bld/10.5-asan/sql/item_func.cc:503
|
#14 0x000056254eeea7f0 in Item_func::transform (this=0x62900023a8b8, thd=0x62b000069218, transformer=&virtual table offset 1344, argument=0x62b00003bd30 "") at /data/bld/10.5-asan/sql/item_func.cc:539
|
#15 0x000056254e464ac6 in transform_condition_or_part (thd=0x62b000069218, cond=0x62900023a8b8, transformer=&virtual table offset 1344, arg=0x62b00003bd30 "") at /data/bld/10.5-asan/sql/sql_derived.cc:1390
|
#16 0x000056254e4f9fdd in st_select_lex::pushdown_cond_into_where_clause (this=0x62b00003bd30, thd=0x62b000069218, cond=0x62900023a8b8, remaining_cond=0x7f8bd29bb190, transformer=&virtual table offset 1344, arg=0x62b00003bd30 "") at /data/bld/10.5-asan/sql/sql_lex.cc:10776
|
#17 0x000056254e46584c in pushdown_cond_for_derived (thd=0x62b000069218, cond=0x62900023a438, derived=0x62b000038980) at /data/bld/10.5-asan/sql/sql_derived.cc:1583
|
#18 0x000056254e60419a in JOIN::optimize_inner (this=0x62b00003d140) at /data/bld/10.5-asan/sql/sql_select.cc:2231
|
#19 0x000056254e5fefc1 in JOIN::optimize (this=0x62b00003d140) at /data/bld/10.5-asan/sql/sql_select.cc:1765
|
#20 0x000056254e620188 in mysql_select (thd=0x62b000069218, tables=0x62b000038980, fields=..., conds=0x62b0000394b0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x62b00003d110, unit=0x62b00006d3d0, select_lex=0x62b0000382f0) at /data/bld/10.5-asan/sql/sql_select.cc:4904
|
#21 0x000056254e5f0574 in handle_select (thd=0x62b000069218, lex=0x62b00006d308, result=0x62b00003d110, setup_tables_done_option=0) at /data/bld/10.5-asan/sql/sql_select.cc:449
|
#22 0x000056254e55719d in execute_sqlcom_select (thd=0x62b000069218, all_tables=0x62b000038980) at /data/bld/10.5-asan/sql/sql_parse.cc:6437
|
#23 0x000056254e5455df in mysql_execute_command (thd=0x62b000069218) at /data/bld/10.5-asan/sql/sql_parse.cc:4029
|
#24 0x000056254e561fab in mysql_parse (thd=0x62b000069218, rawbuf=0x62b000038238 "SELECT * FROM v WHERE f = DEFAULT(f)", length=36, parser_state=0x7f8bd29bcc70, is_com_multi=false, is_next_command=false) at /data/bld/10.5-asan/sql/sql_parse.cc:8237
|
#25 0x000056254e537291 in dispatch_command (command=COM_QUERY, thd=0x62b000069218, packet=0x629000235219 "SELECT * FROM v WHERE f = DEFAULT(f)", packet_length=36, is_com_multi=false, is_next_command=false) at /data/bld/10.5-asan/sql/sql_parse.cc:1891
|
#26 0x000056254e533c24 in do_command (thd=0x62b000069218) at /data/bld/10.5-asan/sql/sql_parse.cc:1375
|
#27 0x000056254e98d83b in do_handle_one_connection (connect=0x608000002ab8, put_in_cache=true) at /data/bld/10.5-asan/sql/sql_connect.cc:1407
|
#28 0x000056254e98d3a1 in handle_one_connection (arg=0x608000002a38) at /data/bld/10.5-asan/sql/sql_connect.cc:1319
|
#29 0x000056254f5eaa08 in pfs_spawn_thread (arg=0x615000006c18) at /data/bld/10.5-asan/storage/perfschema/pfs.cc:2201
|
#30 0x00007f8bdbea8044 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
|
#31 0x00007f8bdbf2861c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
Attachments
Issue Links
- relates to
-
-
- Confirmed
-
Activity
| Field | Original Value | New Value |
|---|---|---|
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Comment | [ 405613ebb5f2f66e6c0d3f6ff4059b63170dfd11 fixed clone Item, and befor it it cloned as Item_field and worked as a field, so f = DEFAULT(f) turned to f = f ] |
t looks like goal of all that derived_field_transformer_for_having is turn Item_field to Item_ref for HAVING + some magic about equal field, DEFAULT(field) should be a constant so have to represent itself... except case if we have expression in default...this should be though how to handle...
The reported test case started failing after the commit:
commit cf202decde475933dfa6b0aadfa5e04e667bfab7
|
Author: Oleg Smirnov <olernov@gmail.com> Fri Aug 2 04:48:29 2024
|
Committer: Oleg Smirnov <olernov@gmail.com> Sat Aug 3 02:08:29 2024
|
|
|
MDEV-34683 Types mismatch when cloning items causes debug assertion
|
The commit rightly added the methods do_get_copy() and do_build_clone() to correctly building clones for expressions containing default(...). Before this commit (and the commit for MDEV-34490 that introduced do_get_copy and do_build_clone ) the expression to be pushed was 'f=f' that was transformed into 0=0 when being added to the where condition of the view. As a result the select query returned the expected result.
However if we consider a more general test case:
CREATE TABLE t1 (c int DEFAULT 0); |
SELECT * FROM v,t1 WHERE f = DEFAULT(c); |
the condition to be pushed becomes v.f=default(t1.c) and there is no way how default(t1.c) could be resolved in v because v does not have column c (eg. see MDEV-34695).
So I hardly can consider MDEV-35276 as a blocker. It was a pure chance that some queries with DEFAULT expressions returned expected results. The query with pushable condition containing such expressions failed before commits for MDEV-34490 and for MDEV-34683.
Before it was harmless efficience due to cloning bug, now it can crash server traying to transform default() as a field so it is regression.
even with this fix i try to access freed memory of the field so this should be prohibited for DEFAULT()
--- a/sql/item.h
|
+++ b/sql/item.h
|
@@ -6717,6 +6717,10 @@ class Item_default_value : public Item_field
|
|
Item *transform(THD *thd, Item_transformer transformer, uchar *args)
|
override;
|
+ Item *derived_field_transformer_for_having(THD *thd, uchar *arg) override
|
+ { return this; }
|
+ Item *derived_field_transformer_for_where(THD *thd, uchar *arg) override
|
+ { return this; }
|
Field *create_tmp_field_ex(MEM_ROOT *root, TABLE *table, Tmp_field_src *src,
|
const Tmp_field_param *param) override;
|
and above put DBUG_ASSERT(0) indicating it should never be called
Something like this should be used to prevent the DEFAULT be pushed
diff --git a/sql/item.h b/sql/item.h
|
index 3e1e9b25c71..4cd001ab620 100644
|
--- a/sql/item.h
|
+++ b/sql/item.h
|
@@ -6717,6 +6717,10 @@ class Item_default_value : public Item_field
|
|
Item *transform(THD *thd, Item_transformer transformer, uchar *args)
|
override;
|
+ Item *derived_field_transformer_for_having(THD *thd, uchar *arg) override
|
+ { cleanup(); return NULL; }
|
+ Item *derived_field_transformer_for_where(THD *thd, uchar *arg) override
|
+ { cleanup(); return NULL; }
|
Field *create_tmp_field_ex(MEM_ROOT *root, TABLE *table, Tmp_field_src *src,
|
const Tmp_field_param *param) override;
|
|
OK cleanup() can not be used becouse this Item_default_value share the same Field with original one and it can't be deleted
Problem with deleted Field is "sharing" Field object by copy and try to delete it so probably simple default can be pushed
commit 6aa47fae304bd1f3efc0ebd2035bc1481ded73a3 (HEAD -> bb-10.5-release, origin/bb-10.5-release)
|
Author: Oleksandr Byelkin <sanja@mariadb.com>
|
Date: Tue Oct 29 11:39:17 2024 +0100
|
|
|
MDEV-35276 Assertion failure in find_producing_item upon a query from a view
|
|
Two problem solved:
|
|
1) Item_default_value makes a shallow copy so the copy
|
should not delete field belong to the Item
|
|
2) Item_default_value should not inherit
|
derived_field_transformer_for_having and
|
derived_field_transformer_for_where (in this variant
|
pushing DEFAULT(f) is prohibited (return NULL) but
|
if return "this" it will be allowed (should go with
|
a lot of tests))
|
| Assignee | Oleksandr Byelkin [ sanja ] | Sergei Golubchik [ serg ] |
| Status | In Progress [ 3 ] | In Review [ 10002 ] |
| Assignee | Sergei Golubchik [ serg ] | Oleksandr Byelkin [ sanja ] |
| Status | In Review [ 10002 ] | Stalled [ 10000 ] |
| Fix Version/s | 10.5.27 [ 29902 ] | |
| Fix Version/s | 10.5 [ 23123 ] | |
| Fix Version/s | 10.6 [ 24028 ] | |
| Fix Version/s | 10.11 [ 27614 ] | |
| Fix Version/s | 11.2 [ 28603 ] | |
| Fix Version/s | 11.4 [ 29301 ] | |
| Resolution | Fixed [ 1 ] | |
| Status | Stalled [ 10000 ] | Closed [ 6 ] |
| Fix Version/s | 10.6.20 [ 29903 ] | |
| Fix Version/s | 10.11.10 [ 29904 ] | |
| Fix Version/s | 11.2.6 [ 29906 ] | |
| Fix Version/s | 11.4.4 [ 29907 ] |
| Link | This issue relates to MDEV-32695 [ MDEV-32695 ] |
DEFAULT also inherited from Item_field so it looks like one of two 1) the Item_default_value should get its own derived_field_transformer_for_having or 2) such expression should be prohibited to be pushed down in derived (which I doubts)