mariadb/mysql-test/r/sp-code.result

973 lines
20 KiB
Text
Raw Normal View History

drop procedure if exists empty;
drop procedure if exists code_sample;
create procedure empty()
begin
end;
show procedure code empty;
Pos Instruction
drop procedure empty;
create function almost_empty()
returns int
return 0;
show function code almost_empty;
Pos Instruction
0 freturn 3 0
drop function almost_empty;
create procedure code_sample(x int, out err int, out nulls int)
begin
declare count int default 0;
set nulls = 0;
begin
declare c cursor for select name from t1;
declare exit handler for not found close c;
open c;
loop
begin
declare n varchar(20);
declare continue handler for sqlexception set err=1;
fetch c into n;
if isnull(n) then
set nulls = nulls + 1;
else
set count = count + 1;
update t2 set idx = count where name=n;
end if;
end;
end loop;
end;
select t.name, t.idx from t2 t order by idx asc;
end//
show procedure code code_sample;
Pos Instruction
0 set count@3 0
1 set nulls@2 0
2 cpush c@0
3 hpush_jump 6 4 EXIT
4 cclose c@0
5 hreturn 0 19
6 copen c@0
7 set n@4 NULL
8 hpush_jump 11 5 CONTINUE
9 set err@1 1
10 hreturn 5
11 cfetch c@0 n@4
12 jump_if_not 15(17) isnull(n@4)
13 set nulls@2 (nulls@2 + 1)
14 jump 17
15 set count@3 (count@3 + 1)
16 stmt 4 "update t2 set idx = count where name=n"
17 hpop 1
18 jump 7
19 hpop 1
20 cpop 1
21 stmt 0 "select t.name, t.idx from t2 t order ..."
drop procedure code_sample;
drop procedure if exists sudoku_solve;
create procedure sudoku_solve(p_naive boolean, p_all boolean)
deterministic
modifies sql data
begin
drop temporary table if exists sudoku_work, sudoku_schedule;
create temporary table sudoku_work
(
row smallint not null,
col smallint not null,
dig smallint not null,
cnt smallint,
key using btree (cnt),
key using btree (row),
key using btree (col),
unique key using hash (row,col)
);
create temporary table sudoku_schedule
(
idx int not null auto_increment primary key,
row smallint not null,
col smallint not null
);
call sudoku_init();
if p_naive then
update sudoku_work set cnt = 0 where dig = 0;
else
call sudoku_count();
end if;
insert into sudoku_schedule (row,col)
select row,col from sudoku_work where cnt is not null order by cnt desc;
begin
declare v_scounter bigint default 0;
declare v_i smallint default 1;
declare v_dig smallint;
declare v_schedmax smallint;
select count(*) into v_schedmax from sudoku_schedule;
more:
loop
begin
declare v_tcounter bigint default 0;
sched:
while v_i <= v_schedmax do
begin
declare v_row, v_col smallint;
select row,col into v_row,v_col from sudoku_schedule where v_i = idx;
select dig into v_dig from sudoku_work
where v_row = row and v_col = col;
case v_dig
when 0 then
set v_dig = 1;
update sudoku_work set dig = 1
where v_row = row and v_col = col;
when 9 then
if v_i > 0 then
update sudoku_work set dig = 0
where v_row = row and v_col = col;
set v_i = v_i - 1;
iterate sched;
else
select v_scounter as 'Solutions';
leave more;
end if;
else
set v_dig = v_dig + 1;
update sudoku_work set dig = v_dig
where v_row = row and v_col = col;
end case;
set v_tcounter = v_tcounter + 1;
if not sudoku_digit_ok(v_row, v_col, v_dig) then
iterate sched;
end if;
set v_i = v_i + 1;
end;
end while sched;
select dig from sudoku_work;
select v_tcounter as 'Tests';
set v_scounter = v_scounter + 1;
if p_all and v_i > 0 then
set v_i = v_i - 1;
else
leave more;
end if;
end;
end loop more;
end;
drop temporary table sudoku_work, sudoku_schedule;
end//
show procedure code sudoku_solve;
Pos Instruction
0 stmt 9 "drop temporary table if exists sudoku..."
1 stmt 1 "create temporary table sudoku_work ( ..."
2 stmt 1 "create temporary table sudoku_schedul..."
WL#5670: Proposal: Remove SHOW NEW MASTER statement Removes SHOW NEW MASTER statement and all related code. Also removes the unused function update_slave_list from repl_failsafe.cc. mysql-test/r/signal_code.result: Updated result file. The output of SHOW PROCEDURE CODE has changed, because the numerical values of some SQLCOM_ commands have changes. This is not a problem, because SHOW PROCEDURE CODE only exists in debug builds and the numerical values of SQLCOM_ constants are not exposed elsewhere. mysql-test/r/sp-code.result: Updated result file. The output of SHOW PROCEDURE CODE has changed, because the numerical values of some SQLCOM_ commands have changes. This is not a problem, because SHOW PROCEDURE CODE only exists in debug builds and the numerical values of SQLCOM_ constants are not exposed elsewhere. sql/mysqld.cc: Remove SQLCOM_SHOW_NEW_MASTER. sql/repl_failsafe.cc: Remove show_new_master, which was only used by the removed SHOW NEW MASTER statement. Remove translate_master, which was only used by show_new_master. Remove find_slave_event, which was only used by translate_master. Remove find_target_pos, which was only used by translate_master. Remove cmp_master_pos, which was only used by translate_master. Remove update_slave_list, which was not used at all. sql/repl_failsafe.h: Remove declarations of functions removed by this patch: update_slave_list, show_new_master, translate_master, update_slave_list Remove declarations of functions that did not exist before this patch: handle_failsafe_rpl, load_master_data Remove declaration of function that is static in slave.cc: connect_to_master sql/sp_head.cc: Removed SQLCOM_SHOW_NEW_MASTER sql/sql_lex.h: Removed SQLCOM_SHOW_NEW_MASTER sql/sql_parse.cc: Removed SQLCOM_SHOW_NEW_MASTER sql/sql_repl.cc: Removed cmp_master_pos(char*,ulonglong,char*,ulonglong), which was only used by cmp_master_pos*Slave_log_event* sev, LEX_MASTER_INFO* mi) in repl_failsafe.cc, which has been removed. sql/sql_repl.h: removed cmp_master_pos sql/sql_yacc.yy: removed syntax SHOW NEW MASTER.
2011-02-16 17:27:35 +01:00
3 stmt 88 "call sudoku_init()"
4 jump_if_not 7(8) p_naive@0
5 stmt 4 "update sudoku_work set cnt = 0 where ..."
6 jump 8
WL#5670: Proposal: Remove SHOW NEW MASTER statement Removes SHOW NEW MASTER statement and all related code. Also removes the unused function update_slave_list from repl_failsafe.cc. mysql-test/r/signal_code.result: Updated result file. The output of SHOW PROCEDURE CODE has changed, because the numerical values of some SQLCOM_ commands have changes. This is not a problem, because SHOW PROCEDURE CODE only exists in debug builds and the numerical values of SQLCOM_ constants are not exposed elsewhere. mysql-test/r/sp-code.result: Updated result file. The output of SHOW PROCEDURE CODE has changed, because the numerical values of some SQLCOM_ commands have changes. This is not a problem, because SHOW PROCEDURE CODE only exists in debug builds and the numerical values of SQLCOM_ constants are not exposed elsewhere. sql/mysqld.cc: Remove SQLCOM_SHOW_NEW_MASTER. sql/repl_failsafe.cc: Remove show_new_master, which was only used by the removed SHOW NEW MASTER statement. Remove translate_master, which was only used by show_new_master. Remove find_slave_event, which was only used by translate_master. Remove find_target_pos, which was only used by translate_master. Remove cmp_master_pos, which was only used by translate_master. Remove update_slave_list, which was not used at all. sql/repl_failsafe.h: Remove declarations of functions removed by this patch: update_slave_list, show_new_master, translate_master, update_slave_list Remove declarations of functions that did not exist before this patch: handle_failsafe_rpl, load_master_data Remove declaration of function that is static in slave.cc: connect_to_master sql/sp_head.cc: Removed SQLCOM_SHOW_NEW_MASTER sql/sql_lex.h: Removed SQLCOM_SHOW_NEW_MASTER sql/sql_parse.cc: Removed SQLCOM_SHOW_NEW_MASTER sql/sql_repl.cc: Removed cmp_master_pos(char*,ulonglong,char*,ulonglong), which was only used by cmp_master_pos*Slave_log_event* sev, LEX_MASTER_INFO* mi) in repl_failsafe.cc, which has been removed. sql/sql_repl.h: removed cmp_master_pos sql/sql_yacc.yy: removed syntax SHOW NEW MASTER.
2011-02-16 17:27:35 +01:00
7 stmt 88 "call sudoku_count()"
8 stmt 6 "insert into sudoku_schedule (row,col)..."
9 set v_scounter@2 0
10 set v_i@3 1
11 set v_dig@4 NULL
12 set v_schedmax@5 NULL
13 stmt 0 "select count(*) into v_schedmax from ..."
14 set v_tcounter@6 0
15 jump_if_not 39(39) (v_i@3 <= v_schedmax@5)
16 set v_row@7 NULL
17 set v_col@8 NULL
18 stmt 0 "select row,col into v_row,v_col from ..."
19 stmt 0 "select dig into v_dig from sudoku_wor..."
20 set_case_expr (34) 0 v_dig@4
21 jump_if_not 25(34) (case_expr@0 = 0)
22 set v_dig@4 1
23 stmt 4 "update sudoku_work set dig = 1 where ..."
24 jump 34
25 jump_if_not 32(34) (case_expr@0 = 9)
26 jump_if_not 30(34) (v_i@3 > 0)
27 stmt 4 "update sudoku_work set dig = 0 where ..."
28 set v_i@3 (v_i@3 - 1)
29 jump 15
30 stmt 0 "select v_scounter as 'Solutions'"
31 jump 45
32 set v_dig@4 (v_dig@4 + 1)
33 stmt 4 "update sudoku_work set dig = v_dig wh..."
34 set v_tcounter@6 (v_tcounter@6 + 1)
Bug#23491 MySQLDump prefix function call in a view by database name - mysqldump executes a SHOW CREATE VIEW statement to generate the text that it outputs. When the function name is retrieved it's database name is unconditionally prepended. This change causes the function's database name to be prepended only when it was used to define the function. mysql-test/r/information_schema.result: Bug#23491 MySQLDump prefix function call in a view by database name - Updated Results. mysql-test/r/mysqldump.result: Bug#23491 MySQLDump prefix function call in a view by database name - Added new results. mysql-test/r/sp-code.result: Bug#23491 MySQLDump prefix function call in a view by database name - Updated Results. mysql-test/r/udf.result: Bug#23491 MySQLDump prefix function call in a view by database name - Updated Results. mysql-test/t/mysqldump.test: Bug#23491 MySQLDump prefix function call in a view by database name - Added new testcase. sql/item_func.cc: Bug#23491 MySQLDump prefix function call in a view by database name - Use new m_explicit_name member when deciding whether or not to prepend the db name while building the function name. sql/sp.cc: Bug#23491 MySQLDump prefix function call in a view by database name - Use new sp_name constructor. sql/sp_head.h: Bug#23491 MySQLDump prefix function call in a view by database name - Add m_explicit_name member to sp_name object. - Redefined sp_name constructor to include new member. sql/sql_yacc.yy: Bug#23491 MySQLDump prefix function call in a view by database name - Use new sp_name constructors.
2007-03-27 12:31:44 -04:00
35 jump_if_not 37(37) (not(`sudoku_digit_ok`(v_row@7,v_col@8,v_dig@4)))
36 jump 15
37 set v_i@3 (v_i@3 + 1)
38 jump 15
39 stmt 0 "select dig from sudoku_work"
40 stmt 0 "select v_tcounter as 'Tests'"
41 set v_scounter@2 (v_scounter@2 + 1)
42 jump_if_not 45(14) (p_all@1 and (v_i@3 > 0))
43 set v_i@3 (v_i@3 - 1)
44 jump 14
45 stmt 9 "drop temporary table sudoku_work, sud..."
drop procedure sudoku_solve;
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
DROP PROCEDURE IF EXISTS proc_19194_simple;
DROP PROCEDURE IF EXISTS proc_19194_searched;
DROP PROCEDURE IF EXISTS proc_19194_nested_1;
DROP PROCEDURE IF EXISTS proc_19194_nested_2;
DROP PROCEDURE IF EXISTS proc_19194_nested_3;
DROP PROCEDURE IF EXISTS proc_19194_nested_4;
CREATE PROCEDURE proc_19194_simple(i int)
BEGIN
DECLARE str CHAR(10);
CASE i
WHEN 1 THEN SET str="1";
WHEN 2 THEN SET str="2";
WHEN 3 THEN SET str="3";
ELSE SET str="unknown";
END CASE;
SELECT str;
END|
CREATE PROCEDURE proc_19194_searched(i int)
BEGIN
DECLARE str CHAR(10);
CASE
WHEN i=1 THEN SET str="1";
WHEN i=2 THEN SET str="2";
WHEN i=3 THEN SET str="3";
ELSE SET str="unknown";
END CASE;
SELECT str;
END|
CREATE PROCEDURE proc_19194_nested_1(i int, j int)
BEGIN
DECLARE str_i CHAR(10);
DECLARE str_j CHAR(10);
CASE i
WHEN 10 THEN SET str_i="10";
WHEN 20 THEN
BEGIN
set str_i="20";
CASE
WHEN j=1 THEN SET str_j="1";
WHEN j=2 THEN SET str_j="2";
WHEN j=3 THEN SET str_j="3";
ELSE SET str_j="unknown";
END CASE;
select "i was 20";
END;
WHEN 30 THEN SET str_i="30";
WHEN 40 THEN SET str_i="40";
ELSE SET str_i="unknown";
END CASE;
SELECT str_i, str_j;
END|
CREATE PROCEDURE proc_19194_nested_2(i int, j int)
BEGIN
DECLARE str_i CHAR(10);
DECLARE str_j CHAR(10);
CASE
WHEN i=10 THEN SET str_i="10";
WHEN i=20 THEN
BEGIN
set str_i="20";
CASE j
WHEN 1 THEN SET str_j="1";
WHEN 2 THEN SET str_j="2";
WHEN 3 THEN SET str_j="3";
ELSE SET str_j="unknown";
END CASE;
select "i was 20";
END;
WHEN i=30 THEN SET str_i="30";
WHEN i=40 THEN SET str_i="40";
ELSE SET str_i="unknown";
END CASE;
SELECT str_i, str_j;
END|
CREATE PROCEDURE proc_19194_nested_3(i int, j int)
BEGIN
DECLARE str_i CHAR(10);
DECLARE str_j CHAR(10);
CASE i
WHEN 10 THEN SET str_i="10";
WHEN 20 THEN
BEGIN
set str_i="20";
CASE j
WHEN 1 THEN SET str_j="1";
WHEN 2 THEN SET str_j="2";
WHEN 3 THEN SET str_j="3";
ELSE SET str_j="unknown";
END CASE;
select "i was 20";
END;
WHEN 30 THEN SET str_i="30";
WHEN 40 THEN SET str_i="40";
ELSE SET str_i="unknown";
END CASE;
SELECT str_i, str_j;
END|
CREATE PROCEDURE proc_19194_nested_4(i int, j int)
BEGIN
DECLARE str_i CHAR(10);
DECLARE str_j CHAR(10);
CASE
WHEN i=10 THEN SET str_i="10";
WHEN i=20 THEN
BEGIN
set str_i="20";
CASE
WHEN j=1 THEN SET str_j="1";
WHEN j=2 THEN SET str_j="2";
WHEN j=3 THEN SET str_j="3";
ELSE SET str_j="unknown";
END CASE;
select "i was 20";
END;
WHEN i=30 THEN SET str_i="30";
WHEN i=40 THEN SET str_i="40";
ELSE SET str_i="unknown";
END CASE;
SELECT str_i, str_j;
END|
SHOW PROCEDURE CODE proc_19194_simple;
Pos Instruction
0 set str@1 NULL
1 set_case_expr (12) 0 i@0
2 jump_if_not 5(12) (case_expr@0 = 1)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
3 set str@1 '1'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
4 jump 12
5 jump_if_not 8(12) (case_expr@0 = 2)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
6 set str@1 '2'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
7 jump 12
8 jump_if_not 11(12) (case_expr@0 = 3)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
9 set str@1 '3'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
10 jump 12
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
11 set str@1 'unknown'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
12 stmt 0 "SELECT str"
SHOW PROCEDURE CODE proc_19194_searched;
Pos Instruction
0 set str@1 NULL
1 jump_if_not 4(11) (i@0 = 1)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
2 set str@1 '1'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
3 jump 11
4 jump_if_not 7(11) (i@0 = 2)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
5 set str@1 '2'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
6 jump 11
7 jump_if_not 10(11) (i@0 = 3)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
8 set str@1 '3'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
9 jump 11
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
10 set str@1 'unknown'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
11 stmt 0 "SELECT str"
SHOW PROCEDURE CODE proc_19194_nested_1;
Pos Instruction
0 set str_i@2 NULL
1 set str_j@3 NULL
2 set_case_expr (27) 0 i@0
3 jump_if_not 6(27) (case_expr@0 = 10)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
4 set str_i@2 '10'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
5 jump 27
6 jump_if_not 20(27) (case_expr@0 = 20)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
7 set str_i@2 '20'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
8 jump_if_not 11(18) (j@1 = 1)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
9 set str_j@3 '1'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
10 jump 18
11 jump_if_not 14(18) (j@1 = 2)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
12 set str_j@3 '2'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
13 jump 18
14 jump_if_not 17(18) (j@1 = 3)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
15 set str_j@3 '3'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
16 jump 18
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
17 set str_j@3 'unknown'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
18 stmt 0 "select "i was 20""
19 jump 27
20 jump_if_not 23(27) (case_expr@0 = 30)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
21 set str_i@2 '30'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
22 jump 27
23 jump_if_not 26(27) (case_expr@0 = 40)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
24 set str_i@2 '40'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
25 jump 27
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
26 set str_i@2 'unknown'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
27 stmt 0 "SELECT str_i, str_j"
SHOW PROCEDURE CODE proc_19194_nested_2;
Pos Instruction
0 set str_i@2 NULL
1 set str_j@3 NULL
2 jump_if_not 5(27) (i@0 = 10)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
3 set str_i@2 '10'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
4 jump 27
5 jump_if_not 20(27) (i@0 = 20)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
6 set str_i@2 '20'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
7 set_case_expr (18) 0 j@1
8 jump_if_not 11(18) (case_expr@0 = 1)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
9 set str_j@3 '1'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
10 jump 18
11 jump_if_not 14(18) (case_expr@0 = 2)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
12 set str_j@3 '2'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
13 jump 18
14 jump_if_not 17(18) (case_expr@0 = 3)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
15 set str_j@3 '3'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
16 jump 18
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
17 set str_j@3 'unknown'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
18 stmt 0 "select "i was 20""
19 jump 27
20 jump_if_not 23(27) (i@0 = 30)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
21 set str_i@2 '30'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
22 jump 27
23 jump_if_not 26(27) (i@0 = 40)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
24 set str_i@2 '40'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
25 jump 27
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
26 set str_i@2 'unknown'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
27 stmt 0 "SELECT str_i, str_j"
SHOW PROCEDURE CODE proc_19194_nested_3;
Pos Instruction
0 set str_i@2 NULL
1 set str_j@3 NULL
2 set_case_expr (28) 0 i@0
3 jump_if_not 6(28) (case_expr@0 = 10)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
4 set str_i@2 '10'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
5 jump 28
6 jump_if_not 21(28) (case_expr@0 = 20)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
7 set str_i@2 '20'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
8 set_case_expr (19) 1 j@1
9 jump_if_not 12(19) (case_expr@1 = 1)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
10 set str_j@3 '1'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
11 jump 19
12 jump_if_not 15(19) (case_expr@1 = 2)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
13 set str_j@3 '2'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
14 jump 19
15 jump_if_not 18(19) (case_expr@1 = 3)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
16 set str_j@3 '3'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
17 jump 19
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
18 set str_j@3 'unknown'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
19 stmt 0 "select "i was 20""
20 jump 28
21 jump_if_not 24(28) (case_expr@0 = 30)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
22 set str_i@2 '30'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
23 jump 28
24 jump_if_not 27(28) (case_expr@0 = 40)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
25 set str_i@2 '40'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
26 jump 28
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
27 set str_i@2 'unknown'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
28 stmt 0 "SELECT str_i, str_j"
SHOW PROCEDURE CODE proc_19194_nested_4;
Pos Instruction
0 set str_i@2 NULL
1 set str_j@3 NULL
2 jump_if_not 5(26) (i@0 = 10)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
3 set str_i@2 '10'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
4 jump 26
5 jump_if_not 19(26) (i@0 = 20)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
6 set str_i@2 '20'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
7 jump_if_not 10(17) (j@1 = 1)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
8 set str_j@3 '1'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
9 jump 17
10 jump_if_not 13(17) (j@1 = 2)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
11 set str_j@3 '2'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
12 jump 17
13 jump_if_not 16(17) (j@1 = 3)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
14 set str_j@3 '3'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
15 jump 17
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
16 set str_j@3 'unknown'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
17 stmt 0 "select "i was 20""
18 jump 26
19 jump_if_not 22(26) (i@0 = 30)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
20 set str_i@2 '30'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
21 jump 26
22 jump_if_not 25(26) (i@0 = 40)
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
23 set str_i@2 '40'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
24 jump 26
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
25 set str_i@2 'unknown'
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage, limitation) Note to the reviewer ==================== Warning: reviewing this patch is somewhat involved. Due to the nature of several issues all affecting the same area, fixing separately each issue is not practical, since each fix can not be implemented and tested independently. In particular, the issues with - rule recursion - nested case statements - forward jump resolution (backpatch list) are tightly coupled (see below). Definitions =========== The expression CASE expr WHEN expr THEN expr WHEN expr THEN expr ... END is a "Simple Case Expression". The expression CASE WHEN expr THEN expr WHEN expr THEN expr ... END is a "Searched Case Expression". The statement CASE expr WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Simple Case Statement". The statement CASE WHEN expr THEN stmts WHEN expr THEN stmts ... END CASE is a "Searched Case Statement". A "Left Recursive" rule is like list: element | list element ; A "Right Recursive" rule is like list: element | element list ; Left and right recursion produces the same language, the difference only affects the *order* in which the text is parsed. In a descendant parser (usually written manually), right recursion works very well, and is typically implemented with a while loop. In an ascendant parser (yacc/bison) left recursion works very well, and is implemented naturally by the parser stack. In both cases, using the wrong type or recursion is very bad and should be avoided, as it causes technical issues with the parser implementation. Before this change ================== The "Simple Case Expression" and "Searched Case Expression" were both implemented by the "when_list" and "when_list2" rules, which are left recursive (ok). These rules, however, used lex->when_list instead of using the parser stack, which is more complex that necessary, and potentially dangerous because of other rules using THD::reset_lex. The "Simple Case Statement" and "Searched Case Statements" were implemented by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules. Both cases were right recursive (bad). The grammar involved was convoluted, and is assumed to be the results of tweaks to get the code generation to work, but is not what someone would naturally write. In addition, using a common rule for both "Simple" and "Searched" case statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE, which is a flag and not a stack, and therefore does not take into account *nested* case statements. This leads to incorrect generated code, and either a server crash or an incorrect result. With regards to the backpatch mechanism, a *different* backpatch list was created for each jump from "WHEN expr THEN stmt" to "END CASE", which relied on the grammar to be right recursive. This is a mis-use of the backpatch list, since this list can resolve multiple references to the same target at once. The optimizer algorithm used to detect dead code in the "assembly" SQL instructions, implemented by sp_head::opt_mark(uint ip), was recursive in some cases (a conditional jump pointing forward to another conditional jump). In case of specially crafted code, like - a long list of "IF expr THEN stmt END IF" - a long CASE statement this would actually cause a server crash with a stack overflow. In general, having a stack that grows proportionally with user data (the SQL code given by the client in a CREATE PROCEDURE) is to be avoided. In debug builds only, creating a SP / SF / Trigger which had a significant amount of code would spend --literally-- several minutes in sp_head::create, because of the debug code involved with DBUG_PRINT("info", ("Code %s ... There are several issues with this code: - in a CASE with 5 000 WHEN, there are 15 000 instructions generated, which create a sting representation of the code which is 500 000 bytes long, - using a String instead of an io stream causes performances to degrade to a total server freeze, as time is spent doing realloc of a buffer always too short, - Printing a 500 000 long string in the debug log is too verbose, - Generating this string even when DBUG_PRINT is off is useless, - Having code that potentially can affect the server behavior, used with #ifdef / #endif is useful in some cases, but is also a bad practice. After this change ================= "Case Expressions" (both simple and searched) have been simplified to not use LEX::when_list, which has been removed. Considering all the issues affecting case statements, the grammar for these has been totally re written. The existing actions, used to generate "assembly" sp_inst* code, have been preserved but moved in the new grammar, with the following changes: a) Bison rules are no longer shared between "Simple" and "Searched" case statements, because a stack instead of a flag is required to handle them. Nested statements are handled naturally by the parser stack, which by definition uses the correct rule in the correct context. Nested statements of the opposite type (simple vs searched) works correctly. The flag sp_head::IN_SIMPLE_CASE is no longer used. This is a step towards resolution of WL#2999, which correctly identified that temporary parsing flags do not belong to sp_head. The code in the action is shared by mean of the case_stmt_action_xxx() helpers. b) The backpatch mechanism, used to resolve forward jumps in the generated code, has been changed to: - create a label for the instruction following 'END CASE', - register each jump at the end of a "WHEN expr THEN stmt" in a *unique* backpatch list associated with the 'END CASE' label - resolve all the forward jumps for this label at once. In addition, the code involving backpatch has been commented, so that a reader can now understand by reading matching "Registering" and "Resolving" comments how the forward jumps are resolved and what target they resolve to, as this is far from evident when reading the code alone. The implementation of sp_head::opt_mark() has been revised to avoid recursive calls from jump instructions, and instead add the jump location to the list of paths to explore during the flow analysis of the instruction graph, with a call to sp_head::add_mark_lead(). In addition, the flow analysis will stop if an instruction has already been marked as reachable, which the previous code failed to do in the recursive case. sp_head::opt_mark() is now private, to prevent new calls to this method from being introduced. The debug code present in sp_head::create() has been removed. Considering that SHOW PROCEDURE CODE is also available in debug builds, and can be used anytime regardless of the trace level, as opposed to "CREATE PROCEDURE" time and only if the trace was on, removing the code actually makes debugging easier (usable trace). Tests have been written to cover the parser overflow (big CASE), and to cover nested CASE statements. mysql-test/r/sp-code.result: Test cases for nested CASE statements. mysql-test/t/sp-code.test: Test cases for nested CASE statements. sql/sp_head.cc: Re factored opt_mark() to avoid recursion, clean up. sql/sp_head.h: Re factored opt_mark() to avoid recursion, clean up. sql/sql_lex.cc: Removed when_list. sql/sql_lex.h: Removed when_list. sql/sql_yacc.yy: Minor clean up for case expressions, Major re write for case statements (Bug#19194). mysql-test/r/sp_stress_case.result: New test for massive CASE statements. mysql-test/t/sp_stress_case.sh: New test for massive CASE statements. mysql-test/t/sp_stress_case.test: New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
26 stmt 0 "SELECT str_i, str_j"
CALL proc_19194_nested_1(10, 1);
str_i str_j
10 NULL
CALL proc_19194_nested_1(25, 1);
str_i str_j
unknown NULL
CALL proc_19194_nested_1(20, 1);
i was 20
i was 20
str_i str_j
20 1
CALL proc_19194_nested_1(20, 2);
i was 20
i was 20
str_i str_j
20 2
CALL proc_19194_nested_1(20, 3);
i was 20
i was 20
str_i str_j
20 3
CALL proc_19194_nested_1(20, 4);
i was 20
i was 20
str_i str_j
20 unknown
CALL proc_19194_nested_1(30, 1);
str_i str_j
30 NULL
CALL proc_19194_nested_1(40, 1);
str_i str_j
40 NULL
CALL proc_19194_nested_1(0, 0);
str_i str_j
unknown NULL
CALL proc_19194_nested_2(10, 1);
str_i str_j
10 NULL
CALL proc_19194_nested_2(25, 1);
str_i str_j
unknown NULL
CALL proc_19194_nested_2(20, 1);
i was 20
i was 20
str_i str_j
20 1
CALL proc_19194_nested_2(20, 2);
i was 20
i was 20
str_i str_j
20 2
CALL proc_19194_nested_2(20, 3);
i was 20
i was 20
str_i str_j
20 3
CALL proc_19194_nested_2(20, 4);
i was 20
i was 20
str_i str_j
20 unknown
CALL proc_19194_nested_2(30, 1);
str_i str_j
30 NULL
CALL proc_19194_nested_2(40, 1);
str_i str_j
40 NULL
CALL proc_19194_nested_2(0, 0);
str_i str_j
unknown NULL
CALL proc_19194_nested_3(10, 1);
str_i str_j
10 NULL
CALL proc_19194_nested_3(25, 1);
str_i str_j
unknown NULL
CALL proc_19194_nested_3(20, 1);
i was 20
i was 20
str_i str_j
20 1
CALL proc_19194_nested_3(20, 2);
i was 20
i was 20
str_i str_j
20 2
CALL proc_19194_nested_3(20, 3);
i was 20
i was 20
str_i str_j
20 3
CALL proc_19194_nested_3(20, 4);
i was 20
i was 20
str_i str_j
20 unknown
CALL proc_19194_nested_3(30, 1);
str_i str_j
30 NULL
CALL proc_19194_nested_3(40, 1);
str_i str_j
40 NULL
CALL proc_19194_nested_3(0, 0);
str_i str_j
unknown NULL
CALL proc_19194_nested_4(10, 1);
str_i str_j
10 NULL
CALL proc_19194_nested_4(25, 1);
str_i str_j
unknown NULL
CALL proc_19194_nested_4(20, 1);
i was 20
i was 20
str_i str_j
20 1
CALL proc_19194_nested_4(20, 2);
i was 20
i was 20
str_i str_j
20 2
CALL proc_19194_nested_4(20, 3);
i was 20
i was 20
str_i str_j
20 3
CALL proc_19194_nested_4(20, 4);
i was 20
i was 20
str_i str_j
20 unknown
CALL proc_19194_nested_4(30, 1);
str_i str_j
30 NULL
CALL proc_19194_nested_4(40, 1);
str_i str_j
40 NULL
CALL proc_19194_nested_4(0, 0);
str_i str_j
unknown NULL
DROP PROCEDURE proc_19194_simple;
DROP PROCEDURE proc_19194_searched;
DROP PROCEDURE proc_19194_nested_1;
DROP PROCEDURE proc_19194_nested_2;
DROP PROCEDURE proc_19194_nested_3;
DROP PROCEDURE proc_19194_nested_4;
DROP PROCEDURE IF EXISTS p1;
CREATE PROCEDURE p1() CREATE INDEX idx ON t1 (c1);
SHOW PROCEDURE CODE p1;
Pos Instruction
0 stmt 2 "CREATE INDEX idx ON t1 (c1)"
DROP PROCEDURE p1;
drop table if exists t1;
drop procedure if exists proc_26977_broken;
drop procedure if exists proc_26977_works;
create table t1(a int unique);
create procedure proc_26977_broken(v int)
begin
declare i int default 5;
declare continue handler for sqlexception
begin
select 'caught something';
retry:
while i > 0 do
begin
set i = i - 1;
select 'looping', i;
end;
end while retry;
end;
select 'do something';
insert into t1 values (v);
select 'do something again';
insert into t1 values (v);
end//
create procedure proc_26977_works(v int)
begin
declare i int default 5;
declare continue handler for sqlexception
begin
select 'caught something';
retry:
while i > 0 do
begin
set i = i - 1;
select 'looping', i;
end;
end while retry;
select 'optimizer: keep hreturn';
end;
select 'do something';
insert into t1 values (v);
select 'do something again';
insert into t1 values (v);
end//
show procedure code proc_26977_broken;
Pos Instruction
0 set i@1 5
1 hpush_jump 8 2 CONTINUE
2 stmt 0 "select 'caught something'"
3 jump_if_not 7(7) (i@1 > 0)
4 set i@1 (i@1 - 1)
5 stmt 0 "select 'looping', i"
6 jump 3
7 hreturn 2
8 stmt 0 "select 'do something'"
9 stmt 5 "insert into t1 values (v)"
10 stmt 0 "select 'do something again'"
11 stmt 5 "insert into t1 values (v)"
12 hpop 1
show procedure code proc_26977_works;
Pos Instruction
0 set i@1 5
1 hpush_jump 9 2 CONTINUE
2 stmt 0 "select 'caught something'"
3 jump_if_not 7(7) (i@1 > 0)
4 set i@1 (i@1 - 1)
5 stmt 0 "select 'looping', i"
6 jump 3
7 stmt 0 "select 'optimizer: keep hreturn'"
8 hreturn 2
9 stmt 0 "select 'do something'"
10 stmt 5 "insert into t1 values (v)"
11 stmt 0 "select 'do something again'"
12 stmt 5 "insert into t1 values (v)"
13 hpop 1
call proc_26977_broken(1);
do something
do something
do something again
do something again
caught something
caught something
looping i
looping 4
looping i
looping 3
looping i
looping 2
looping i
looping 1
looping i
looping 0
call proc_26977_works(2);
do something
do something
do something again
do something again
caught something
caught something
looping i
looping 4
looping i
looping 3
looping i
looping 2
looping i
looping 1
looping i
looping 0
optimizer: keep hreturn
optimizer: keep hreturn
drop table t1;
drop procedure proc_26977_broken;
drop procedure proc_26977_works;
drop procedure if exists proc_33618_h;
drop procedure if exists proc_33618_c;
create procedure proc_33618_h(num int)
begin
declare count1 int default '0';
declare vb varchar(30);
declare last_row int;
while(num>=1) do
set num=num-1;
begin
declare cur1 cursor for select `a` from t_33618;
declare continue handler for not found set last_row = 1;
set last_row:=0;
open cur1;
rep1:
repeat
begin
declare exit handler for 1062 begin end;
fetch cur1 into vb;
if (last_row = 1) then
## should generate a hpop instruction here
leave rep1;
end if;
end;
until last_row=1
end repeat;
close cur1;
end;
end while;
end//
create procedure proc_33618_c(num int)
begin
declare count1 int default '0';
declare vb varchar(30);
declare last_row int;
while(num>=1) do
set num=num-1;
begin
declare cur1 cursor for select `a` from t_33618;
declare continue handler for not found set last_row = 1;
set last_row:=0;
open cur1;
rep1:
repeat
begin
declare cur2 cursor for select `b` from t_33618;
fetch cur1 into vb;
if (last_row = 1) then
## should generate a cpop instruction here
leave rep1;
end if;
end;
until last_row=1
end repeat;
close cur1;
end;
end while;
end//
show procedure code proc_33618_h;
Pos Instruction
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
0 set count1@1 '0'
1 set vb@2 NULL
2 set last_row@3 NULL
3 jump_if_not 24(24) (num@0 >= 1)
4 set num@0 (num@0 - 1)
5 cpush cur1@0
6 hpush_jump 9 4 CONTINUE
7 set last_row@3 1
8 hreturn 4
9 set last_row@3 0
10 copen cur1@0
11 hpush_jump 13 4 EXIT
12 hreturn 0 17
13 cfetch cur1@0 vb@2
14 jump_if_not 17(17) (last_row@3 = 1)
15 hpop 1
16 jump 19
17 hpop 1
18 jump_if_not 11(19) (last_row@3 = 1)
19 cclose cur1@0
20 hpop 1
21 cpop 1
22 jump 3
show procedure code proc_33618_c;
Pos Instruction
Fix for Bug#32538: View definition picks up character set, but not collation. The problem here was that text literals in a view were always dumped with character set introducer. That lead to loosing collation information. The fix is to dump character set introducer only if it was in the original query. That is now possible because there is no problem any more of loss of character set of string literals in views -- after WL#4052 the view is dumped in the original character set. mysql-test/r/case.result: Update result file. mysql-test/r/compress.result: Update result file. mysql-test/r/ctype_collate.result: Update result file. mysql-test/r/date_formats.result: Update result file. mysql-test/r/ddl_i18n_koi8r.result: Update result file. mysql-test/r/ddl_i18n_utf8.result: Update result file. mysql-test/r/fulltext.result: Update result file. mysql-test/r/func_crypt.result: Update result file. mysql-test/r/func_encrypt.result: Update result file. mysql-test/r/func_if.result: Update result file. mysql-test/r/func_in.result: Update result file. mysql-test/r/func_like.result: Update result file. mysql-test/r/func_regexp.result: Update result file. mysql-test/r/func_set.result: Update result file. mysql-test/r/func_str.result: Update result file. mysql-test/r/func_time.result: Update result file. mysql-test/r/gis.result: Update result file. mysql-test/r/group_min_max.result: Update result file. mysql-test/r/mysqldump.result: Update result file. mysql-test/r/negation_elimination.result: Update result file. mysql-test/r/null.result: Update result file. mysql-test/r/select.result: Update result file. mysql-test/r/show_check.result: Update result file. mysql-test/r/sp-code.result: Update result file. mysql-test/r/ssl.result: Update result file. mysql-test/r/ssl_compress.result: Update result file. mysql-test/r/subselect.result: Update result file. mysql-test/r/temp_table.result: Update result file. mysql-test/r/type_blob.result: Update result file. mysql-test/r/view.result: Update result file. mysql-test/suite/binlog/r/binlog_stm_blackhole.result: Update result file. mysql-test/suite/rpl/r/rpl_get_lock.result: Update result file. mysql-test/suite/rpl/r/rpl_master_pos_wait.result: Update result file. mysql-test/t/view.test: Add a test case for Bug#32538. sql/item.cc: Do not dump character set introducer if it was not specified explicitly in the original query. sql/item.h: Add 'cs_specified' property to Item_string. sql/sql_yacc.yy: Set Item_string::cs_specified property to TRUE when character set introducer is explicitly specified.
2008-02-12 22:09:16 +03:00
0 set count1@1 '0'
1 set vb@2 NULL
2 set last_row@3 NULL
3 jump_if_not 23(23) (num@0 >= 1)
4 set num@0 (num@0 - 1)
5 cpush cur1@0
6 hpush_jump 9 4 CONTINUE
7 set last_row@3 1
8 hreturn 4
9 set last_row@3 0
10 copen cur1@0
11 cpush cur2@1
12 cfetch cur1@0 vb@2
13 jump_if_not 16(16) (last_row@3 = 1)
14 cpop 1
15 jump 18
16 cpop 1
17 jump_if_not 11(18) (last_row@3 = 1)
18 cclose cur1@0
19 hpop 1
20 cpop 1
21 jump 3
drop procedure proc_33618_h;
drop procedure proc_33618_c;
drop procedure if exists p_20906_a;
drop procedure if exists p_20906_b;
create procedure p_20906_a() SET @a=@a+1, @b=@b+1;
show procedure code p_20906_a;
Pos Instruction
fixes for test failures and small collateral changes mysql-test/lib/My/Test.pm: somehow with "print" we get truncated writes sometimes mysql-test/suite/perfschema/r/digest_table_full.result: md5 hashes of statement digests differ, because yacc token codes are different in mariadb mysql-test/suite/perfschema/r/dml_handler.result: host table is not ported over yet mysql-test/suite/perfschema/r/information_schema.result: host table is not ported over yet mysql-test/suite/perfschema/r/nesting.result: this differs, because we don't rewrite general log queries, and multi-statement packets are logged as a one entry. this result file is identical to what mysql-5.6.5 produces with the --log-raw option. mysql-test/suite/perfschema/r/relaylog.result: MariaDB modifies the binlog index file directly, while MySQL 5.6 has a feature "crash-safe binlog index" and modifies a special "crash-safe" shadow copy of the index file and then moves it over. That's why this test shows "NONE" index file writes in MySQL and "MANY" in MariaDB. mysql-test/suite/perfschema/r/server_init.result: MariaDB initializes the "manager" resources from the "manager" thread, and starts this thread only when --flush-time is not 0. MySQL 5.6 initializes "manager" resources unconditionally on server startup. mysql-test/suite/perfschema/r/stage_mdl_global.result: this differs, because MariaDB disables query cache when query_cache_size=0. MySQL does not do that, and this causes useless mutex locks and waits. mysql-test/suite/perfschema/r/statement_digest.result: md5 hashes of statement digests differ, because yacc token codes are different in mariadb mysql-test/suite/perfschema/r/statement_digest_consumers.result: md5 hashes of statement digests differ, because yacc token codes are different in mariadb mysql-test/suite/perfschema/r/statement_digest_long_query.result: md5 hashes of statement digests differ, because yacc token codes are different in mariadb mysql-test/suite/rpl/r/rpl_mixed_drop_create_temp_table.result: will be updated to match 5.6 when alfranio.correia@oracle.com-20110512172919-c1b5kmum4h52g0ni and anders.song@greatopensource.com-20110105052107-zoab0bsf5a6xxk2y are merged mysql-test/suite/rpl/r/rpl_non_direct_mixed_mixing_engines.result: will be updated to match 5.6 when anders.song@greatopensource.com-20110105052107-zoab0bsf5a6xxk2y is merged
2012-09-27 20:09:46 +02:00
0 stmt 31 "SET @a=@a+1"
1 stmt 31 "SET @b=@b+1"
set @a=1;
set @b=1;
call p_20906_a();
select @a, @b;
@a @b
2 2
create procedure p_20906_b() SET @a=@a+1, @b=@b+1, @c=@c+1;
show procedure code p_20906_b;
Pos Instruction
fixes for test failures and small collateral changes mysql-test/lib/My/Test.pm: somehow with "print" we get truncated writes sometimes mysql-test/suite/perfschema/r/digest_table_full.result: md5 hashes of statement digests differ, because yacc token codes are different in mariadb mysql-test/suite/perfschema/r/dml_handler.result: host table is not ported over yet mysql-test/suite/perfschema/r/information_schema.result: host table is not ported over yet mysql-test/suite/perfschema/r/nesting.result: this differs, because we don't rewrite general log queries, and multi-statement packets are logged as a one entry. this result file is identical to what mysql-5.6.5 produces with the --log-raw option. mysql-test/suite/perfschema/r/relaylog.result: MariaDB modifies the binlog index file directly, while MySQL 5.6 has a feature "crash-safe binlog index" and modifies a special "crash-safe" shadow copy of the index file and then moves it over. That's why this test shows "NONE" index file writes in MySQL and "MANY" in MariaDB. mysql-test/suite/perfschema/r/server_init.result: MariaDB initializes the "manager" resources from the "manager" thread, and starts this thread only when --flush-time is not 0. MySQL 5.6 initializes "manager" resources unconditionally on server startup. mysql-test/suite/perfschema/r/stage_mdl_global.result: this differs, because MariaDB disables query cache when query_cache_size=0. MySQL does not do that, and this causes useless mutex locks and waits. mysql-test/suite/perfschema/r/statement_digest.result: md5 hashes of statement digests differ, because yacc token codes are different in mariadb mysql-test/suite/perfschema/r/statement_digest_consumers.result: md5 hashes of statement digests differ, because yacc token codes are different in mariadb mysql-test/suite/perfschema/r/statement_digest_long_query.result: md5 hashes of statement digests differ, because yacc token codes are different in mariadb mysql-test/suite/rpl/r/rpl_mixed_drop_create_temp_table.result: will be updated to match 5.6 when alfranio.correia@oracle.com-20110512172919-c1b5kmum4h52g0ni and anders.song@greatopensource.com-20110105052107-zoab0bsf5a6xxk2y are merged mysql-test/suite/rpl/r/rpl_non_direct_mixed_mixing_engines.result: will be updated to match 5.6 when anders.song@greatopensource.com-20110105052107-zoab0bsf5a6xxk2y is merged
2012-09-27 20:09:46 +02:00
0 stmt 31 "SET @a=@a+1"
1 stmt 31 "SET @b=@b+1"
2 stmt 31 "SET @c=@c+1"
set @a=1;
set @b=1;
set @c=1;
call p_20906_b();
select @a, @b, @c;
@a @b @c
2 2 2
drop procedure p_20906_a;
drop procedure p_20906_b;
End of 5.0 tests.
CREATE PROCEDURE p1()
BEGIN
DECLARE dummy int default 0;
CASE 12
WHEN 12
THEN SET dummy = 0;
END CASE;
END//
SHOW PROCEDURE CODE p1;
Pos Instruction
0 set dummy@0 0
1 set_case_expr (6) 0 12
2 jump_if_not 5(6) (case_expr@0 = 12)
3 set dummy@0 0
4 jump 6
5 error 1339
DROP PROCEDURE p1;
Auto-merge from mysql-trunk-bugfixing. ****** This patch fixes the following bugs: - Bug#5889: Exit handler for a warning doesn't hide the warning in trigger - Bug#9857: Stored procedures: handler for sqlwarning ignored - Bug#23032: Handlers declared in a SP do not handle warnings generated in sub-SP - Bug#36185: Incorrect precedence for warning and exception handlers The problem was in the way warnings/errors during stored routine execution were handled. Prior to this patch the logic was as follows: - when a warning/an error happens: if we're executing a stored routine, and there is a handler for that warning/error, remember the handler, ignore the warning/error and continue execution. - after a stored routine instruction is executed: check for a remembered handler and activate one (if any). This logic caused several problems: - if one instruction generates several warnings (errors) it's impossible to choose the right handler -- a handler for the first generated condition was chosen and remembered for activation. - mess with handling conditions in scopes different from the current one. - not putting generated warnings/errors into Warning Info (Diagnostic Area) is against The Standard. The patch changes the logic as follows: - Diagnostic Area is cleared on the beginning of each statement that either is able to generate warnings, or is able to work with tables. - at the end of a stored routine instruction, Diagnostic Area is left intact. - Diagnostic Area is checked after each stored routine instruction. If an instruction generates several condition, it's now possible to take a look at all of them and determine an appropriate handler. mysql-test/r/signal.result: Update result file: 1. handled conditions are not cleared any more; 2. reflect changes in signal.test mysql-test/r/signal_demo3.result: Update result file: handled conditions are not cleared any more. Due to playing with max_error_count, resulting warning lists have changed. mysql-test/r/sp-big.result: Update result file: handled conditions are not cleared any more. mysql-test/r/sp-bugs.result: Update result file: handled conditions are not cleared any more. mysql-test/r/sp-code.result: Update result file: 1. handled conditions are not cleared any more. 2. add result for a new test case in sp-code.test. mysql-test/r/sp-error.result: Update result file: 1. handled conditions are not cleared any more. 2. add result for a new test case in sp-error.test. mysql-test/r/sp.result: Update result file: handled conditions are not cleared any more. mysql-test/r/sp_trans.result: Update result file: handled conditions are not cleared any more. mysql-test/r/strict.result: Update result file: handled conditions are not cleared any more. mysql-test/r/view.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/funcs_1/r/innodb_storedproc_02.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/funcs_1/r/memory_storedproc_02.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/funcs_1/r/myisam_storedproc_02.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/funcs_1/r/storedproc.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/rpl/r/rpl_row_sp005.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/rpl/r/rpl_row_sp006_InnoDB.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/rpl/r/rpl_row_trig003.result: Update result file: handled conditions are not cleared any more. mysql-test/t/signal.test: Make a test case more readable in the result file. mysql-test/t/sp-code.test: Add a test case for Bug#23032 checking that No Data takes precedence on Warning. mysql-test/t/sp-error.test: Adding test cases for: - Bug#23032 - Bug#36185 - Bug#5889 - Bug#9857 mysql-test/t/sp.test: Fixing test case to reflect behavioral changes made by the patch. sql/sp_head.cc: Reset the per-statement warning count before executing a stored procedure instruction. Move to a separate function code which checks the completion status of the executed statement and searches for a handler. Remove redundant code now that search for a handler is done after execution, errors are always pushed. sql/sp_pcontext.h: Remove unused code. sql/sp_rcontext.cc: - Polish sp_rcontext::find_handler(): use sp_rcontext::m_hfound instead of an extra local variable; - Remove sp_rcontext::handle_condition(); - Introduce sp_rcontext::activate_handler(), which prepares previously found handler for execution. - Move sp_rcontext::enter_handler() code into activate_handler(), because enter_handler() is used only from there; - Cleanups; - Introduce DBUG_EXECUTE_IF() for a test case in sp-code.test sql/sp_rcontext.h: - Remove unused code - Cleanups sql/sql_class.cc: Merge THD::raise_condition_no_handler() into THD::raise_condition(). After the patch raise_condition_no_handler() was called in raise_condition() only. sql/sql_class.h: Remove raise_condition_no_handler(). sql/sql_error.cc: Remove Warning_info::reserve_space() -- handled conditions are not cleared any more, so there is no need for RESIGNAL to re-push them. sql/sql_error.h: Remove Warning_info::reserve_space(). sql/sql_signal.cc: Handled conditions are not cleared any more, so there is no need for RESIGNAL to re-push them.
2010-07-30 19:28:36 +04:00
#
# Bug#23032: Handlers declared in a SP do not handle warnings generated in sub-SP
#
# - Case 4: check that "No Data trumps Warning".
CREATE TABLE t1(a INT);
INSERT INTO t1 VALUES (1), (2), (3);
CREATE PROCEDURE p1()
BEGIN
DECLARE c CURSOR FOR SELECT a FROM t1;
OPEN c;
BEGIN
DECLARE v INT;
DECLARE CONTINUE HANDLER FOR SQLWARNING
BEGIN
SELECT "Warning found!";
SHOW WARNINGS;
END;
DECLARE EXIT HANDLER FOR NOT FOUND
BEGIN
SELECT "End of Result Set found!";
SHOW WARNINGS;
END;
WHILE TRUE DO
FETCH c INTO v;
END WHILE;
END;
CLOSE c;
SELECT a INTO @foo FROM t1 LIMIT 1; # Clear warning stack
END|
SET SESSION debug_dbug="+d,bug23032_emit_warning";
Auto-merge from mysql-trunk-bugfixing. ****** This patch fixes the following bugs: - Bug#5889: Exit handler for a warning doesn't hide the warning in trigger - Bug#9857: Stored procedures: handler for sqlwarning ignored - Bug#23032: Handlers declared in a SP do not handle warnings generated in sub-SP - Bug#36185: Incorrect precedence for warning and exception handlers The problem was in the way warnings/errors during stored routine execution were handled. Prior to this patch the logic was as follows: - when a warning/an error happens: if we're executing a stored routine, and there is a handler for that warning/error, remember the handler, ignore the warning/error and continue execution. - after a stored routine instruction is executed: check for a remembered handler and activate one (if any). This logic caused several problems: - if one instruction generates several warnings (errors) it's impossible to choose the right handler -- a handler for the first generated condition was chosen and remembered for activation. - mess with handling conditions in scopes different from the current one. - not putting generated warnings/errors into Warning Info (Diagnostic Area) is against The Standard. The patch changes the logic as follows: - Diagnostic Area is cleared on the beginning of each statement that either is able to generate warnings, or is able to work with tables. - at the end of a stored routine instruction, Diagnostic Area is left intact. - Diagnostic Area is checked after each stored routine instruction. If an instruction generates several condition, it's now possible to take a look at all of them and determine an appropriate handler. mysql-test/r/signal.result: Update result file: 1. handled conditions are not cleared any more; 2. reflect changes in signal.test mysql-test/r/signal_demo3.result: Update result file: handled conditions are not cleared any more. Due to playing with max_error_count, resulting warning lists have changed. mysql-test/r/sp-big.result: Update result file: handled conditions are not cleared any more. mysql-test/r/sp-bugs.result: Update result file: handled conditions are not cleared any more. mysql-test/r/sp-code.result: Update result file: 1. handled conditions are not cleared any more. 2. add result for a new test case in sp-code.test. mysql-test/r/sp-error.result: Update result file: 1. handled conditions are not cleared any more. 2. add result for a new test case in sp-error.test. mysql-test/r/sp.result: Update result file: handled conditions are not cleared any more. mysql-test/r/sp_trans.result: Update result file: handled conditions are not cleared any more. mysql-test/r/strict.result: Update result file: handled conditions are not cleared any more. mysql-test/r/view.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/funcs_1/r/innodb_storedproc_02.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/funcs_1/r/memory_storedproc_02.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/funcs_1/r/myisam_storedproc_02.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/funcs_1/r/storedproc.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/rpl/r/rpl_row_sp005.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/rpl/r/rpl_row_sp006_InnoDB.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/rpl/r/rpl_row_trig003.result: Update result file: handled conditions are not cleared any more. mysql-test/t/signal.test: Make a test case more readable in the result file. mysql-test/t/sp-code.test: Add a test case for Bug#23032 checking that No Data takes precedence on Warning. mysql-test/t/sp-error.test: Adding test cases for: - Bug#23032 - Bug#36185 - Bug#5889 - Bug#9857 mysql-test/t/sp.test: Fixing test case to reflect behavioral changes made by the patch. sql/sp_head.cc: Reset the per-statement warning count before executing a stored procedure instruction. Move to a separate function code which checks the completion status of the executed statement and searches for a handler. Remove redundant code now that search for a handler is done after execution, errors are always pushed. sql/sp_pcontext.h: Remove unused code. sql/sp_rcontext.cc: - Polish sp_rcontext::find_handler(): use sp_rcontext::m_hfound instead of an extra local variable; - Remove sp_rcontext::handle_condition(); - Introduce sp_rcontext::activate_handler(), which prepares previously found handler for execution. - Move sp_rcontext::enter_handler() code into activate_handler(), because enter_handler() is used only from there; - Cleanups; - Introduce DBUG_EXECUTE_IF() for a test case in sp-code.test sql/sp_rcontext.h: - Remove unused code - Cleanups sql/sql_class.cc: Merge THD::raise_condition_no_handler() into THD::raise_condition(). After the patch raise_condition_no_handler() was called in raise_condition() only. sql/sql_class.h: Remove raise_condition_no_handler(). sql/sql_error.cc: Remove Warning_info::reserve_space() -- handled conditions are not cleared any more, so there is no need for RESIGNAL to re-push them. sql/sql_error.h: Remove Warning_info::reserve_space(). sql/sql_signal.cc: Handled conditions are not cleared any more, so there is no need for RESIGNAL to re-push them.
2010-07-30 19:28:36 +04:00
CALL p1();
Warning found!
Warning found!
Level Code Message
Warning 1105 Unknown error
Warning found!
Warning found!
Level Code Message
Warning 1105 Unknown error
Warning found!
Warning found!
Level Code Message
Warning 1105 Unknown error
End of Result Set found!
End of Result Set found!
Level Code Message
Warning 1105 Unknown error
Error 1329 No data - zero rows fetched, selected, or processed
SET SESSION debug_dbug="-d,bug23032_emit_warning";
Auto-merge from mysql-trunk-bugfixing. ****** This patch fixes the following bugs: - Bug#5889: Exit handler for a warning doesn't hide the warning in trigger - Bug#9857: Stored procedures: handler for sqlwarning ignored - Bug#23032: Handlers declared in a SP do not handle warnings generated in sub-SP - Bug#36185: Incorrect precedence for warning and exception handlers The problem was in the way warnings/errors during stored routine execution were handled. Prior to this patch the logic was as follows: - when a warning/an error happens: if we're executing a stored routine, and there is a handler for that warning/error, remember the handler, ignore the warning/error and continue execution. - after a stored routine instruction is executed: check for a remembered handler and activate one (if any). This logic caused several problems: - if one instruction generates several warnings (errors) it's impossible to choose the right handler -- a handler for the first generated condition was chosen and remembered for activation. - mess with handling conditions in scopes different from the current one. - not putting generated warnings/errors into Warning Info (Diagnostic Area) is against The Standard. The patch changes the logic as follows: - Diagnostic Area is cleared on the beginning of each statement that either is able to generate warnings, or is able to work with tables. - at the end of a stored routine instruction, Diagnostic Area is left intact. - Diagnostic Area is checked after each stored routine instruction. If an instruction generates several condition, it's now possible to take a look at all of them and determine an appropriate handler. mysql-test/r/signal.result: Update result file: 1. handled conditions are not cleared any more; 2. reflect changes in signal.test mysql-test/r/signal_demo3.result: Update result file: handled conditions are not cleared any more. Due to playing with max_error_count, resulting warning lists have changed. mysql-test/r/sp-big.result: Update result file: handled conditions are not cleared any more. mysql-test/r/sp-bugs.result: Update result file: handled conditions are not cleared any more. mysql-test/r/sp-code.result: Update result file: 1. handled conditions are not cleared any more. 2. add result for a new test case in sp-code.test. mysql-test/r/sp-error.result: Update result file: 1. handled conditions are not cleared any more. 2. add result for a new test case in sp-error.test. mysql-test/r/sp.result: Update result file: handled conditions are not cleared any more. mysql-test/r/sp_trans.result: Update result file: handled conditions are not cleared any more. mysql-test/r/strict.result: Update result file: handled conditions are not cleared any more. mysql-test/r/view.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/funcs_1/r/innodb_storedproc_02.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/funcs_1/r/memory_storedproc_02.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/funcs_1/r/myisam_storedproc_02.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/funcs_1/r/storedproc.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/rpl/r/rpl_row_sp005.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/rpl/r/rpl_row_sp006_InnoDB.result: Update result file: handled conditions are not cleared any more. mysql-test/suite/rpl/r/rpl_row_trig003.result: Update result file: handled conditions are not cleared any more. mysql-test/t/signal.test: Make a test case more readable in the result file. mysql-test/t/sp-code.test: Add a test case for Bug#23032 checking that No Data takes precedence on Warning. mysql-test/t/sp-error.test: Adding test cases for: - Bug#23032 - Bug#36185 - Bug#5889 - Bug#9857 mysql-test/t/sp.test: Fixing test case to reflect behavioral changes made by the patch. sql/sp_head.cc: Reset the per-statement warning count before executing a stored procedure instruction. Move to a separate function code which checks the completion status of the executed statement and searches for a handler. Remove redundant code now that search for a handler is done after execution, errors are always pushed. sql/sp_pcontext.h: Remove unused code. sql/sp_rcontext.cc: - Polish sp_rcontext::find_handler(): use sp_rcontext::m_hfound instead of an extra local variable; - Remove sp_rcontext::handle_condition(); - Introduce sp_rcontext::activate_handler(), which prepares previously found handler for execution. - Move sp_rcontext::enter_handler() code into activate_handler(), because enter_handler() is used only from there; - Cleanups; - Introduce DBUG_EXECUTE_IF() for a test case in sp-code.test sql/sp_rcontext.h: - Remove unused code - Cleanups sql/sql_class.cc: Merge THD::raise_condition_no_handler() into THD::raise_condition(). After the patch raise_condition_no_handler() was called in raise_condition() only. sql/sql_class.h: Remove raise_condition_no_handler(). sql/sql_error.cc: Remove Warning_info::reserve_space() -- handled conditions are not cleared any more, so there is no need for RESIGNAL to re-push them. sql/sql_error.h: Remove Warning_info::reserve_space(). sql/sql_signal.cc: Handled conditions are not cleared any more, so there is no need for RESIGNAL to re-push them.
2010-07-30 19:28:36 +04:00
DROP PROCEDURE p1;
DROP TABLE t1;
2012-03-28 13:35:08 +05:30
#
# Bug#11763507 - 56224: FUNCTION NAME IS CASE-SENSITIVE
#
SET @@SQL_MODE = '';
CREATE FUNCTION testf_bug11763507() RETURNS INT
BEGIN
RETURN 0;
END
$
CREATE PROCEDURE testp_bug11763507()
BEGIN
SELECT "PROCEDURE testp_bug11763507";
END
$
SHOW FUNCTION CODE testf_bug11763507;
Pos Instruction
0 freturn 3 0
SHOW FUNCTION CODE TESTF_bug11763507;
Pos Instruction
0 freturn 3 0
SHOW PROCEDURE CODE testp_bug11763507;
Pos Instruction
0 stmt 0 "SELECT "PROCEDURE testp_bug11763507""
SHOW PROCEDURE CODE TESTP_bug11763507;
Pos Instruction
0 stmt 0 "SELECT "PROCEDURE testp_bug11763507""
DROP PROCEDURE testp_bug11763507;
DROP FUNCTION testf_bug11763507;
#END OF BUG#11763507 test.